@cloud-copilot/iam-data 0.15.202509241 → 0.15.202509301

package/data/actions/application-signals.json

@@ -40,6 +40,14 @@
     ],
     "dependentActions": []
   },
+  "deletegroupingconfiguration": {
+    "name": "DeleteGroupingConfiguration",
+    "description": "Grants permission to delete a grouping configuration",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "deleteservicelevelobjective": {
     "name": "DeleteServiceLevelObjective",
     "description": "Grants permission to delete a service level objective",
@@ -87,6 +95,22 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "listauditfindings": {
+    "name": "ListAuditFindings",
+    "description": "Grants permission to list service auditing results",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listgroupingattributedefinitions": {
+    "name": "ListGroupingAttributeDefinitions",
+    "description": "Grants permission to list grouping attribute configurations",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listobservedentities": {
     "name": "ListObservedEntities",
     "description": "Grants permission to list entities associated with other entities",
@@ -142,6 +166,14 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "listservicestates": {
+    "name": "ListServiceStates",
+    "description": "Grants permission to list service states",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listservices": {
     "name": "ListServices",
     "description": "Grants permission to list services",
@@ -165,6 +197,14 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "putgroupingconfiguration": {
+    "name": "PutGroupingConfiguration",
+    "description": "Grants permission to create or update a grouping configuration",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "startdiscovery": {
     "name": "StartDiscovery",
     "description": "Grants permission to enable CloudWatch discovery",

package/data/actions/billing.json

@@ -1,4 +1,24 @@
 {
+  "associatesourceviews": {
+    "name": "AssociateSourceViews",
+    "description": "Grants permission to associate source views to a billing view",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "billingview",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": [
+          "billing:UseSourceView",
+          "iam:CreateServiceLinkedRole"
+        ]
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "createbillingview": {
     "name": "CreateBillingView",
     "description": "Grants permission to create a billing view",
@@ -8,7 +28,10 @@
         "name": "billingview",
         "required": true,
         "conditionKeys": [],
-        "dependentActions": []
+        "dependentActions": [
+          "billing:UseSourceView",
+          "iam:CreateServiceLinkedRole"
+        ]
       }
     ],
     "conditionKeys": [
@@ -52,6 +75,23 @@
     ],
     "dependentActions": []
   },
+  "disassociatesourceviews": {
+    "name": "DisassociateSourceViews",
+    "description": "Grants permission to disassociate source views from a billing view",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "billingview",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "getbillingdata": {
     "name": "GetBillingData",
     "isPermissionOnly": true,
@@ -323,5 +363,14 @@
     "resourceTypes": [],
     "conditionKeys": [],
     "dependentActions": []
+  },
+  "usesourceview": {
+    "name": "UseSourceView",
+    "isPermissionOnly": true,
+    "description": "Grants permission to use a billing view as a data source for other billing views",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
   }
 }

package/data/actions/connect.json

@@ -94,6 +94,37 @@
     ],
     "dependentActions": []
   },
+  "associatecontactwithuser": {
+    "name": "AssociateContactWithUser",
+    "description": "Grants permission to associate a contact with a user using the Amazon Connect API",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "contact",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "instance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "user",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "connect:PreferredUserArn",
+      "aws:ResourceTag/${TagKey}",
+      "connect:InstanceId"
+    ],
+    "dependentActions": []
+  },
   "associatecustomerprofilesdomain": {
     "name": "AssociateCustomerProfilesDomain",
     "isPermissionOnly": true,
@@ -3457,6 +3488,24 @@
     ],
     "dependentActions": []
   },
+  "listroutingprofilemanualassignmentqueues": {
+    "name": "ListRoutingProfileManualAssignmentQueues",
+    "description": "Grants permission to list manual assignment queue resources in a routing profile in an Amazon Connect instance",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "routing-profile",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}",
+      "connect:InstanceId"
+    ],
+    "dependentActions": []
+  },
   "listroutingprofilequeues": {
     "name": "ListRoutingProfileQueues",
     "description": "Grants permission to list queue resources in a routing profile in an Amazon Connect instance",
@@ -4149,7 +4198,9 @@
     ],
     "conditionKeys": [
       "connect:InstanceId",
-      "connect:SearchContactsByContactAnalysis"
+      "connect:SearchContactsByContactAnalysis",
+      "connect:Channel",
+      "connect:PreferredUserArn"
     ],
     "dependentActions": []
   },

package/data/actions/ecs.json

@@ -695,6 +695,33 @@
     ],
     "dependentActions": []
   },
+  "putsystemlogevents": {
+    "name": "PutSystemLogEvents",
+    "description": "Grants permission to collect system logs from the container instances",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "cluster",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "container-instance",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ecs:cluster",
+          "ecs:capacity-provider"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "registercontainerinstance": {
     "name": "RegisterContainerInstance",
     "description": "Grants permission to register an EC2 instance into the specified cluster",

package/data/actions/one.json

@@ -287,6 +287,14 @@
     ],
     "dependentActions": []
   },
+  "listusers": {
+    "name": "ListUsers",
+    "description": "Grants permission to view list of Users",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listusersv1": {
     "name": "ListUsersV1",
     "description": "Grants permission to view list of Users",

package/data/actions/organizations.json

@@ -717,7 +717,9 @@
         "dependentActions": []
       }
     ],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "organizations:PolicyType"
+    ],
     "dependentActions": []
   },
   "listtargetsforpolicy": {
@@ -854,7 +856,8 @@
     ],
     "conditionKeys": [
       "aws:TagKeys",
-      "aws:RequestTag/${TagKey}"
+      "aws:RequestTag/${TagKey}",
+      "organizations:PolicyType"
     ],
     "dependentActions": []
   },
@@ -895,7 +898,8 @@
       }
     ],
     "conditionKeys": [
-      "aws:TagKeys"
+      "aws:TagKeys",
+      "organizations:PolicyType"
     ],
     "dependentActions": []
   },

package/data/actions/osis.json

@@ -16,6 +16,26 @@
       "logs:CreateLogDelivery"
     ]
   },
+  "createpipelineendpoint": {
+    "name": "CreatePipelineEndpoint",
+    "description": "Grants permission to create an OpenSearch Ingestion pipeline endpoint",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "pipeline",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": [
+          "iam:CreateServiceLinkedRole"
+        ]
+      }
+    ],
+    "conditionKeys": [
+      "aws:TagKeys",
+      "aws:RequestTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "deletepipeline": {
     "name": "DeletePipeline",
     "description": "Grants permission to delete an OpenSearch Ingestion pipeline",
@@ -35,6 +55,36 @@
       "logs:ListLogDeliveries"
     ]
   },
+  "deletepipelineendpoint": {
+    "name": "DeletePipelineEndpoint",
+    "description": "Grants permission to delete an OpenSearch Ingestion pipeline endpoint in the current account",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "pipeline-endpoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "deleteresourcepolicy": {
+    "name": "DeleteResourcePolicy",
+    "description": "Grants permission to delete a resource policy for an OpenSearch Ingestion resource",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "pipeline",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getpipeline": {
     "name": "GetPipeline",
     "description": "Grants permission to retrieve configuration information for an OpenSearch Ingestion pipeline",
@@ -80,6 +130,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getresourcepolicy": {
+    "name": "GetResourcePolicy",
+    "description": "Grants permission to get a resource policy for an OpenSearch Ingestion resource",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "pipeline",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "ingest": {
     "name": "Ingest",
     "description": "Grants permission to ingest data through an OpenSearch Ingestion pipeline",
@@ -103,6 +168,22 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "listpipelineendpointconnections": {
+    "name": "ListPipelineEndpointConnections",
+    "description": "Grants permission to list OpenSearch Ingestion pipeline endpoint connections to pipelines in the current account",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listpipelineendpoints": {
+    "name": "ListPipelineEndpoints",
+    "description": "Grants permission to list OpenSearch Ingestion pipeline endpoints in the current account",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listpipelines": {
     "name": "ListPipelines",
     "description": "Grants permission to list basic configuration for each OpenSearch Ingestion pipeline in the current account and Region",
@@ -126,6 +207,36 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "putresourcepolicy": {
+    "name": "PutResourcePolicy",
+    "description": "Grants permission to put a resource policy for an OpenSearch Ingestion resource",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "pipeline",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "revokepipelineendpointconnections": {
+    "name": "RevokePipelineEndpointConnections",
+    "description": "Grants permission to revoke an OpenSearch Ingestion pipeline endpoint connection from a pipeline in the current account",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "pipeline",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "startpipeline": {
     "name": "StartPipeline",
     "description": "Grants permission to start an OpenSearch Ingestion pipeline",

package/data/actions/sso-oauth.json

@@ -15,5 +15,41 @@
     "dependentActions": [
       "kms:Decrypt"
     ]
+  },
+  "introspecttokenwithiam": {
+    "name": "IntrospectTokenWithIAM",
+    "isPermissionOnly": true,
+    "description": "Grants permission to validate and retrieve information about active OAuth 2.0 access tokens and refresh tokens, including their associated scopes and permissions. This permission is used only by AWS managed applications and is not documented in the IAM Identity Center OIDC API Reference",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "Application",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": [
+      "kms:Decrypt"
+    ]
+  },
+  "revoketokenwithiam": {
+    "name": "RevokeTokenWithIAM",
+    "isPermissionOnly": true,
+    "description": "Grants permission to revoke OAuth 2.0 access tokens and refresh tokens, invalidating them before their normal expiration. This permission is used only by AWS managed applications and is not documented in the IAM Identity Center OIDC API Reference",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "Application",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": [
+      "kms:Decrypt"
+    ]
   }
 }

package/data/actions/transfer.json

@@ -32,7 +32,8 @@
     ],
     "conditionKeys": [
       "aws:TagKeys",
-      "aws:RequestTag/${TagKey}"
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}"
     ],
     "dependentActions": []
   },
@@ -43,7 +44,9 @@
     "resourceTypes": [],
     "conditionKeys": [
       "aws:TagKeys",
-      "aws:RequestTag/${TagKey}"
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "transfer:RequestConnectorProtocol"
     ],
     "dependentActions": [
       "iam:PassRole"
@@ -56,7 +59,8 @@
     "resourceTypes": [],
     "conditionKeys": [
       "aws:TagKeys",
-      "aws:RequestTag/${TagKey}"
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}"
     ],
     "dependentActions": []
   },
@@ -67,7 +71,11 @@
     "resourceTypes": [],
     "conditionKeys": [
       "aws:TagKeys",
-      "aws:RequestTag/${TagKey}"
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "transfer:RequestServerEndpointType",
+      "transfer:RequestServerDomain",
+      "transfer:RequestServerProtocols"
     ],
     "dependentActions": [
       "iam:PassRole"
@@ -89,7 +97,8 @@
     ],
     "conditionKeys": [
       "aws:TagKeys",
-      "aws:RequestTag/${TagKey}"
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}"
     ],
     "dependentActions": []
   },
@@ -100,7 +109,8 @@
     "resourceTypes": [],
     "conditionKeys": [
       "aws:TagKeys",
-      "aws:RequestTag/${TagKey}"
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}"
     ],
     "dependentActions": [
       "iam:PassRole"
@@ -113,7 +123,8 @@
     "resourceTypes": [],
     "conditionKeys": [
       "aws:TagKeys",
-      "aws:RequestTag/${TagKey}"
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}"
     ],
     "dependentActions": []
   },
@@ -492,7 +503,8 @@
     "resourceTypes": [],
     "conditionKeys": [
       "aws:TagKeys",
-      "aws:RequestTag/${TagKey}"
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}"
     ],
     "dependentActions": []
   },
@@ -510,7 +522,8 @@
     ],
     "conditionKeys": [
       "aws:TagKeys",
-      "aws:RequestTag/${TagKey}"
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}"
     ],
     "dependentActions": []
   },
@@ -1096,13 +1109,16 @@
         "name": "server",
         "required": true,
         "conditionKeys": [],
-        "dependentActions": []
+        "dependentActions": [
+          "iam:PassRole"
+        ]
       }
     ],
-    "conditionKeys": [],
-    "dependentActions": [
-      "iam:PassRole"
-    ]
+    "conditionKeys": [
+      "transfer:RequestServerEndpointType",
+      "transfer:RequestServerProtocols"
+    ],
+    "dependentActions": []
   },
   "updateuser": {
     "name": "UpdateUser",

package/data/conditionKeys/connect.json

@@ -64,6 +64,11 @@
     "description": "Filters access by restricting the monitor capabilities of the user in the request",
     "type": "ArrayOfString"
   },
+  "connect:preferreduserarn": {
+    "key": "connect:PreferredUserArn",
+    "description": "Filters access by PreferredUserArn",
+    "type": "ARN"
+  },
   "connect:searchcontactsbycontactanalysis": {
     "key": "connect:SearchContactsByContactAnalysis",
     "description": "Filters access by restricting searches using analysis outputs from Amazon Connect Contact Lens",

package/data/conditionKeys/transfer.json

@@ -13,5 +13,25 @@
     "key": "aws:TagKeys",
     "description": "Filters access by the tag keys that are passed in the request",
     "type": "ArrayOfString"
+  },
+  "transfer:requestconnectorprotocol": {
+    "key": "transfer:RequestConnectorProtocol",
+    "description": "Filters access by the connector protocol that is passed in the request",
+    "type": "String"
+  },
+  "transfer:requestserverdomain": {
+    "key": "transfer:RequestServerDomain",
+    "description": "Filters access by the storage domain that is passed in the request",
+    "type": "String"
+  },
+  "transfer:requestserverendpointtype": {
+    "key": "transfer:RequestServerEndpointType",
+    "description": "Filters access by the endpoint type that is passed in the request",
+    "type": "String"
+  },
+  "transfer:requestserverprotocols": {
+    "key": "transfer:RequestServerProtocols",
+    "description": "Filters access by the server protocols that are passed in the request",
+    "type": "ArrayOfString"
   }
 }

package/data/resourceTypes/osis.json

@@ -6,6 +6,13 @@
       "aws:ResourceTag/${TagKey}"
     ]
   },
+  "pipeline-endpoint": {
+    "key": "pipeline-endpoint",
+    "arn": "arn:${Partition}:osis:${Region}:${Account}:endpoint/${EndpointId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
   "pipeline-blueprint": {
     "key": "pipeline-blueprint",
     "arn": "arn:${Partition}:osis:${Region}:${Account}:blueprint/${BlueprintName}"

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@cloud-copilot/iam-data",
-  "version": "0.15.202509241",
+  "version": "0.15.202509301",
   "description": "AWS IAM Data",
   "repository": "github:cloud-copilot/iam-data",
-  "updatedAt": "2025-09-24T04:46:42.554Z",
+  "updatedAt": "2025-09-30T04:46:41.080Z",
   "exports": {
     ".": {
       "import": "./dist/esm/index.js",