@cloud-copilot/iam-data 0.15.202511141 → 0.15.202511201

package/data/actions/action-recommendations.json

@@ -1,7 +1,7 @@
 {
   "listrecommendedactions": {
     "name": "ListRecommendedActions",
-    "description": "Grants permission to list recommended actions in the AWS Management Console",
+    "description": "Grants permission to list recommended actions in the the console",
     "accessLevel": "List",
     "resourceTypes": [],
     "conditionKeys": [],

package/data/actions/airflow-serverless.json

@@ -0,0 +1,225 @@
+{
+  "createworkflow": {
+    "name": "CreateWorkflow",
+    "description": "Grants permission to create a new workflow",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "aws:TagKeys",
+      "aws:RequestTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "deleteworkflow": {
+    "name": "DeleteWorkflow",
+    "description": "Grants permission to delete a workflow",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "Workflow",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "gettaskinstance": {
+    "name": "GetTaskInstance",
+    "description": "Grants permission to retrieve the task details for a workflow run",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "Workflow",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getworkflow": {
+    "name": "GetWorkflow",
+    "description": "Grants permission to retrieve details about a workflow",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "Workflow",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getworkflowrun": {
+    "name": "GetWorkflowRun",
+    "description": "Grants permission to retrieve details about a workflow run",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "Workflow",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listtagsforresource": {
+    "name": "ListTagsForResource",
+    "description": "Grants permission to list the tags for the specified resource",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "Workflow",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "listtaskinstances": {
+    "name": "ListTaskInstances",
+    "description": "Grants permission to list the tasks for a workflow run",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "Workflow",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listworkflowruns": {
+    "name": "ListWorkflowRuns",
+    "description": "Grants permission to list the workflow runs of a workflow",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "Workflow",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listworkflowversions": {
+    "name": "ListWorkflowVersions",
+    "description": "Grants permission to list the workflow versions",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "Workflow",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listworkflows": {
+    "name": "ListWorkflows",
+    "description": "Grants permission to list the workflows",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "startworkflowrun": {
+    "name": "StartWorkflowRun",
+    "description": "Grants permission to start an on-demand workflow run for the workflow",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "Workflow",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "stopworkflowrun": {
+    "name": "StopWorkflowRun",
+    "description": "Grants permission to stop a workflow run",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "Workflow",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "tagresource": {
+    "name": "TagResource",
+    "description": "Grants permission to tag the specified resource",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "Workflow",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:TagKeys",
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "untagresource": {
+    "name": "UntagResource",
+    "description": "Grants permission to untag the specified resource",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "Workflow",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:TagKeys",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "updateworkflow": {
+    "name": "UpdateWorkflow",
+    "description": "Grants permission to update an existing workflow",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "Workflow",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  }
+}

package/data/actions/appstream.json

@@ -83,6 +83,23 @@
     ],
     "dependentActions": []
   },
+  "associatesoftwaretoimagebuilder": {
+    "name": "AssociateSoftwareToImageBuilder",
+    "description": "Grants permission to associate license included application(s) with an existing image builder instance",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "image-builder",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "batchassociateuserstack": {
     "name": "BatchAssociateUserStack",
     "description": "Grants permission to associate the specified users with the specified stacks. Users in a user pool cannot be assigned to stacks with fleets that are joined to an Active Directory domain",
@@ -223,6 +240,16 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "createexportimagetask": {
+    "name": "CreateExportImageTask",
+    "description": "Grants permission to create an export task for an AppStream 2.0 image",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "createfleet": {
     "name": "CreateFleet",
     "description": "Grants permission to create a fleet. A fleet is a group of streaming instances from which applications are launched and streamed to users",
@@ -288,6 +315,17 @@
     ],
     "dependentActions": []
   },
+  "createimportedimage": {
+    "name": "CreateImportedImage",
+    "description": "Grants permission to create an AppStream 2.0 image from an imported AMI",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys"
+    ],
+    "dependentActions": []
+  },
   "createstack": {
     "name": "CreateStack",
     "description": "Grants permission to create a stack to start streaming applications to users. A stack consists of an associated fleet, user access policies, and storage configurations",
@@ -573,20 +611,7 @@
     "name": "DescribeAppBlockBuilderAppBlockAssociations",
     "description": "Grants permission to retrieve the associations that are associated with the specified app block builder or app block",
     "accessLevel": "List",
-    "resourceTypes": [
-      {
-        "name": "app-block",
-        "required": false,
-        "conditionKeys": [],
-        "dependentActions": []
-      },
-      {
-        "name": "app-block-builder",
-        "required": false,
-        "conditionKeys": [],
-        "dependentActions": []
-      }
-    ],
+    "resourceTypes": [],
     "conditionKeys": [],
     "dependentActions": []
   },
@@ -606,24 +631,19 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "describeapplicenseusage": {
+    "name": "DescribeAppLicenseUsage",
+    "description": "Grants permission to retrieve license included application usage information",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "describeapplicationfleetassociations": {
     "name": "DescribeApplicationFleetAssociations",
     "description": "Grants permission to retrieve the associations that are associated with the specified application or fleet",
     "accessLevel": "List",
-    "resourceTypes": [
-      {
-        "name": "application",
-        "required": false,
-        "conditionKeys": [],
-        "dependentActions": []
-      },
-      {
-        "name": "fleet",
-        "required": false,
-        "conditionKeys": [],
-        "dependentActions": []
-      }
-    ],
+    "resourceTypes": [],
     "conditionKeys": [],
     "dependentActions": []
   },
@@ -718,6 +738,27 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "describesoftwareassociations": {
+    "name": "DescribeSoftwareAssociations",
+    "description": "Grants permission to retrieve license included application associations for a specified resource",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "image",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "image-builder",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "describestacks": {
     "name": "DescribeStacks",
     "description": "Grants permission to retrieve a list that describes one or more specified stacks, if the stack names are provided. Otherwise, all stacks in the account are described",
@@ -753,14 +794,7 @@
     "name": "DescribeUserStackAssociations",
     "description": "Grants permission to retrieve a list that describes the UserStackAssociation objects",
     "accessLevel": "List",
-    "resourceTypes": [
-      {
-        "name": "stack",
-        "required": false,
-        "conditionKeys": [],
-        "dependentActions": []
-      }
-    ],
+    "resourceTypes": [],
     "conditionKeys": [],
     "dependentActions": []
   },
@@ -864,6 +898,23 @@
     ],
     "dependentActions": []
   },
+  "disassociatesoftwarefromimagebuilder": {
+    "name": "DisassociateSoftwareFromImageBuilder",
+    "description": "Grants permission to remove license included application(s) association(s) from an image builder instance",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "image-builder",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "enableuser": {
     "name": "EnableUser",
     "description": "Grants permission to enable a user in the user pool",
@@ -880,6 +931,14 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getexportimagetask": {
+    "name": "GetExportImageTask",
+    "description": "Grants permission to retrieve details of a specific export image task",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listassociatedfleets": {
     "name": "ListAssociatedFleets",
     "description": "Grants permission to retrieve the name of the fleet that is associated with the specified stack",
@@ -925,6 +984,14 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "listexportimagetasks": {
+    "name": "ListExportImageTasks",
+    "description": "Grants permission to list export image tasks",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listtagsforresource": {
     "name": "ListTagsForResource",
     "description": "Grants permission to retrieve a list of all tags for the specified AppStream 2.0 resource. The following resources can be tagged: Image builders, images, fleets, and stacks",
@@ -984,6 +1051,23 @@
     ],
     "dependentActions": []
   },
+  "startsoftwaredeploymenttoimagebuilder": {
+    "name": "StartSoftwareDeploymentToImageBuilder",
+    "description": "Grants permission to initiate license included applications deployment to an image builder instance",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "image-builder",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "stopappblockbuilder": {
     "name": "StopAppBlockBuilder",
     "description": "Grants permission to stop the specified app block builder",

package/data/actions/athena.json

@@ -551,6 +551,27 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getresourcedashboard": {
+    "name": "GetResourceDashboard",
+    "description": "Grants permission to get a Live UI/Persistence UI for a session",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "workgroup",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "session",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getsession": {
     "name": "GetSession",
     "description": "Grants permission to get a session",
@@ -561,6 +582,33 @@
         "required": true,
         "conditionKeys": [],
         "dependentActions": []
+      },
+      {
+        "name": "session",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getsessionendpoint": {
+    "name": "GetSessionEndpoint",
+    "description": "Grants permission to get a connection endpoint and authentication token for a given session Id",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "workgroup",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "session",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
       }
     ],
     "conditionKeys": [],
@@ -576,6 +624,12 @@
         "required": true,
         "conditionKeys": [],
         "dependentActions": []
+      },
+      {
+        "name": "session",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
       }
     ],
     "conditionKeys": [],
@@ -834,6 +888,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "session",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "workgroup",
         "required": true,
@@ -921,9 +981,18 @@
         "required": true,
         "conditionKeys": [],
         "dependentActions": []
+      },
+      {
+        "name": "session",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
       }
     ],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys"
+    ],
     "dependentActions": []
   },
   "stopcalculationexecution": {
@@ -973,6 +1042,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "session",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "workgroup",
         "required": true,
@@ -996,6 +1071,12 @@
         "required": true,
         "conditionKeys": [],
         "dependentActions": []
+      },
+      {
+        "name": "session",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
       }
     ],
     "conditionKeys": [],
@@ -1018,6 +1099,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "session",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "workgroup",
         "required": true,

package/data/actions/billing.json

@@ -97,8 +97,17 @@
     "isPermissionOnly": true,
     "description": "Grants permission to perform queries on billing information",
     "accessLevel": "Read",
-    "resourceTypes": [],
-    "conditionKeys": [],
+    "resourceTypes": [
+      {
+        "name": "billingview",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
     "dependentActions": []
   },
   "getbillingdetails": {
@@ -106,8 +115,17 @@
     "isPermissionOnly": true,
     "description": "Grants permission to view detailed line item billing information",
     "accessLevel": "Read",
-    "resourceTypes": [],
-    "conditionKeys": [],
+    "resourceTypes": [
+      {
+        "name": "billingview",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
     "dependentActions": []
   },
   "getbillingnotifications": {

package/data/actions/cloudformation.json

@@ -680,6 +680,18 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "gethookresult": {
+    "name": "GetHookResult",
+    "description": "Grants permission to return detailed information about a specific hook invocation result",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "cloudformation:TypeArn"
+    ],
+    "dependentActions": [
+      "kms:Decrypt"
+    ]
+  },
   "getstackpolicy": {
     "name": "GetStackPolicy",
     "description": "Grants permission to return the stack policy for a specified stack",

package/data/actions/cloudshell.json

@@ -31,7 +31,7 @@
   "createsession": {
     "name": "CreateSession",
     "isPermissionOnly": true,
-    "description": "Grants permissions to connect to a CloudShell environment from the AWS Management Console",
+    "description": "Grants permissions to connect to a CloudShell environment from the the console",
     "accessLevel": "Write",
     "resourceTypes": [
       {

package/data/actions/ds.json

@@ -748,7 +748,7 @@
   "disableroleaccess": {
     "name": "DisableRoleAccess",
     "isPermissionOnly": true,
-    "description": "Grants permission to disable AWS Management Console access for identity in your AWS Directory",
+    "description": "Grants permission to disable the console access for identity in your AWS Directory",
     "accessLevel": "Write",
     "resourceTypes": [
       {
@@ -857,7 +857,7 @@
   "enableroleaccess": {
     "name": "EnableRoleAccess",
     "isPermissionOnly": true,
-    "description": "Grants permission to enable AWS Management Console access for identity in your AWS Directory",
+    "description": "Grants permission to enable the console access for identity in your AWS Directory",
     "accessLevel": "Write",
     "resourceTypes": [
       {

package/data/actions/eks-mcp.json

@@ -0,0 +1,26 @@
+{
+  "callprivilegedtool": {
+    "name": "CallPrivilegedTool",
+    "description": "Grants permission to call privileged tools in MCP service",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "callreadonlytool": {
+    "name": "CallReadOnlyTool",
+    "description": "Grants permission to call read-only tools in MCP service",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "invokemcp": {
+    "name": "InvokeMcp",
+    "description": "Grants permission to use MCP service",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  }
+}

package/data/actions/es.json

@@ -216,6 +216,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "createindex": {
+    "name": "CreateIndex",
+    "description": "Grants permission to create index for the OpenSearch Service domain",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "domain",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "createoutboundconnection": {
     "name": "CreateOutboundConnection",
     "description": "Grants permission to create a new cross-cluster search connection from a source domain to a destination domain",
@@ -369,6 +384,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "deleteindex": {
+    "name": "DeleteIndex",
+    "description": "Grants permission to delete Index for the OpenSearch Service domain",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "domain",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "deleteoutboundconnection": {
     "name": "DeleteOutboundConnection",
     "description": "Grants permission to the source domain owner to delete an existing outbound cross-cluster search connection",
@@ -887,6 +917,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getindex": {
+    "name": "GetIndex",
+    "description": "Grants permission to get index for the OpenSearch Service domain",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "domain",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getpackageversionhistory": {
     "name": "GetPackageVersionHistory",
     "description": "Grants permission to fetch the version history for a package",
@@ -1311,6 +1356,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "updateindex": {
+    "name": "UpdateIndex",
+    "description": "Grants permission to update index for the OpenSearch Service domain",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "domain",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "updatepackage": {
     "name": "UpdatePackage",
     "description": "Grants permission to update a package for use with OpenSearch Service domains",

package/data/actions/glue.json

@@ -503,7 +503,8 @@
       }
     ],
     "conditionKeys": [
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -619,7 +620,8 @@
       }
     ],
     "conditionKeys": [
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -956,7 +958,8 @@
       }
     ],
     "conditionKeys": [
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -1106,7 +1109,8 @@
       }
     ],
     "conditionKeys": [
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -1313,7 +1317,8 @@
       }
     ],
     "conditionKeys": [
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -1610,7 +1615,8 @@
       }
     ],
     "conditionKeys": [
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -1820,6 +1826,30 @@
     ],
     "dependentActions": []
   },
+  "federateauthorization": {
+    "name": "FederateAuthorization",
+    "description": "Grants permission to read and write redshift federated resources",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "rootcatalog",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "catalog",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "glue:EnabledForRedshiftAutoDiscovery",
+      "glue:FederatedAuthorizationSource"
+    ],
+    "dependentActions": []
+  },
   "getblueprint": {
     "name": "GetBlueprint",
     "description": "Grants permission to retrieve a blueprint",
@@ -1885,7 +1915,8 @@
     ],
     "conditionKeys": [
       "glue:EnabledForRedshiftAutoDiscovery",
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -1926,7 +1957,8 @@
     ],
     "conditionKeys": [
       "glue:EnabledForRedshiftAutoDiscovery",
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -2305,7 +2337,8 @@
       }
     ],
     "conditionKeys": [
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -2334,7 +2367,8 @@
       }
     ],
     "conditionKeys": [
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -3051,7 +3085,8 @@
       }
     ],
     "conditionKeys": [
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -3185,7 +3220,8 @@
       }
     ],
     "conditionKeys": [
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -3350,7 +3386,8 @@
       }
     ],
     "conditionKeys": [
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -4763,7 +4800,8 @@
       }
     ],
     "conditionKeys": [
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },
@@ -5205,7 +5243,8 @@
       }
     ],
     "conditionKeys": [
-      "glue:LakeFormationPermissions"
+      "glue:LakeFormationPermissions",
+      "glue:FederatedAuthorizationSource"
     ],
     "dependentActions": []
   },

package/data/actions/healthlake.json

@@ -14,6 +14,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "confirmattributionlist": {
+    "name": "ConfirmAttributionList",
+    "description": "Grants permission to allow customers to indicate to a Producer that the Consumer does not have any more changes to be made to the Attribution List",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "datastore",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "createfhirdatastore": {
     "name": "CreateFHIRDatastore",
     "description": "Grants permission to create a datastore that can ingest and export FHIR data",
@@ -70,6 +85,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "describefhirbulkdeletejob": {
+    "name": "DescribeFHIRBulkDeleteJob",
+    "description": "Grants permission to describe a FHIR Bulk Delete Job",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "datastore",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "describefhirdatastore": {
     "name": "DescribeFHIRDatastore",
     "description": "Grants permission to get the properties associated with the FHIR datastore, including the datastore ID, datastore ARN, datastore name, datastore status, created at, datastore type version, and datastore endpoint",
@@ -318,6 +348,51 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "memberadd": {
+    "name": "MemberAdd",
+    "description": "Grants permission to attribute a member with a specific provider group",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "datastore",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "membermatch": {
+    "name": "MemberMatch",
+    "description": "Grants permission to enable cross-system patient matching",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "datastore",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "memberremove": {
+    "name": "MemberRemove",
+    "description": "Grants permission to remove a member from a group",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "datastore",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "patchresource": {
     "name": "PatchResource",
     "description": "Grants permission to patch a resource",
@@ -363,6 +438,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "retrieveattributionstatus": {
+    "name": "RetrieveAttributionStatus",
+    "description": "Grants permission to retrieve member attribution status",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "datastore",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "searcheverything": {
     "name": "SearchEverything",
     "description": "Grants permission to search all resources related to a patient",
@@ -408,6 +498,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "startfhirbulkdeletejob": {
+    "name": "StartFHIRBulkDeleteJob",
+    "description": "Grants permission to begin a FHIR Bulk Delete Job",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "datastore",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "startfhirexportjob": {
     "name": "StartFHIRExportJob",
     "description": "Grants permission to begin a FHIR Export job",

package/data/actions/lambda.json

@@ -579,7 +579,8 @@
       }
     ],
     "conditionKeys": [
-      "lambda:EventSourceToken"
+      "lambda:EventSourceToken",
+      "lambda:InvokedViaFunctionUrl"
     ],
     "dependentActions": []
   },

package/data/actions/route53.json

@@ -920,21 +920,6 @@
     "conditionKeys": [],
     "dependentActions": []
   },
-  "updatehostedzonefeatures": {
-    "name": "UpdateHostedZoneFeatures",
-    "description": "Grants permission to update features for a specified hosted zone",
-    "accessLevel": "Write",
-    "resourceTypes": [
-      {
-        "name": "hostedzone",
-        "required": true,
-        "conditionKeys": [],
-        "dependentActions": []
-      }
-    ],
-    "conditionKeys": [],
-    "dependentActions": []
-  },
   "updatetrafficpolicycomment": {
     "name": "UpdateTrafficPolicyComment",
     "description": "Grants permission to update the comment for a specified traffic policy version",

package/data/actions/signin.json

@@ -1,7 +1,7 @@
 {
   "createtrustedidentitypropagationapplicationforconsole": {
     "name": "CreateTrustedIdentityPropagationApplicationForConsole",
-    "description": "Grants permission to create an Identity Center application that represents the AWS Management Console on an Identity Center organization instance",
+    "description": "Grants permission to create an Identity Center application that represents the the console on an Identity Center organization instance",
     "accessLevel": "Write",
     "resourceTypes": [],
     "conditionKeys": [],
@@ -17,7 +17,7 @@
   },
   "listtrustedidentitypropagationapplicationsforconsole": {
     "name": "ListTrustedIdentityPropagationApplicationsForConsole",
-    "description": "Grants permission to list all Identity Center applications that represent the AWS Management Console",
+    "description": "Grants permission to list all Identity Center applications that represent the the console",
     "accessLevel": "List",
     "resourceTypes": [],
     "conditionKeys": [],

package/data/actions/ssm.json

@@ -1013,7 +1013,7 @@
   },
   "executeapi": {
     "name": "ExecuteAPI",
-    "description": "Grants permission to a Systems Manager delegated administrator to view related resource details about OpsItems across multiple AWS accounts in the AWS Management Console",
+    "description": "Grants permission to a Systems Manager delegated administrator to view related resource details about OpsItems across multiple AWS accounts in the the console",
     "accessLevel": "Read",
     "resourceTypes": [],
     "conditionKeys": [],

package/data/conditionKeys/airflow-serverless.json

@@ -0,0 +1,17 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the presence of tag key-value pairs in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by tag key-value pairs that are attached to the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by tag keys in the request",
+    "type": "ArrayOfString"
+  }
+}

package/data/conditionKeys/eks-mcp.json

@@ -0,0 +1 @@
+{}

package/data/conditionKeys/glue.json

@@ -24,6 +24,11 @@
     "description": "Filters access by the presence of the key configured for role's identity-based policy",
     "type": "Bool"
   },
+  "glue:federatedauthorizationsource": {
+    "key": "glue:FederatedAuthorizationSource",
+    "description": "Filters access by whether the resource belongs to federarted authorization",
+    "type": "String"
+  },
   "glue:lakeformationpermissions": {
     "key": "glue:LakeFormationPermissions",
     "description": "Filters access by whether Lake Formation permission checks will be performed for a given caller and the Glue resource",

package/data/resourceTypes/airflow-serverless.json

@@ -0,0 +1,9 @@
+{
+  "workflow": {
+    "key": "Workflow",
+    "arn": "arn:${Partition}:airflow-serverless:${Region}:${Account}:workflow/${WorkflowId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  }
+}

package/data/resourceTypes/athena.json

@@ -19,5 +19,12 @@
     "conditionKeys": [
       "aws:ResourceTag/${TagKey}"
     ]
+  },
+  "session": {
+    "key": "session",
+    "arn": "arn:${Partition}:athena:${Region}:${Account}:workgroup/${WorkGroupName}/session/${SessionId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
   }
 }

package/data/resourceTypes/cloudformation.json

@@ -28,6 +28,10 @@
     "key": "type",
     "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:type/resource/${Type}"
   },
+  "typehook": {
+    "key": "typeHook",
+    "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:type/hook/${Type}"
+  },
   "generatedtemplate": {
     "key": "generatedtemplate",
     "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:generatedTemplate/${Id}"

package/data/resourceTypes/eks-mcp.json

@@ -0,0 +1 @@
+{}

package/data/serviceNames.json

@@ -9,6 +9,7 @@
   "activate": "AWS Activate",
   "aiops": "Amazon AI Operations",
   "airflow": "Amazon Managed Workflows for Apache Airflow",
+  "airflow-serverless": "AWS MWAA Serverless",
   "amplify": "AWS Amplify",
   "amplifybackend": "AWS Amplify Admin",
   "amplifyuibuilder": "AWS Amplify UI Builder",
@@ -102,7 +103,7 @@
   "config": "AWS Config",
   "connect": "Amazon Connect",
   "connect-campaigns": "Amazon Connect Outbound Campaigns",
-  "consoleapp": "AWS Management Console Mobile App",
+  "consoleapp": "the console Mobile App",
   "consolidatedbilling": "AWS Consolidated Billing",
   "controlcatalog": "AWS Control Catalog",
   "controltower": "AWS Control Tower",
@@ -141,6 +142,7 @@
   "ecs": "Amazon Elastic Container Service",
   "eks": "Amazon Elastic Kubernetes Service",
   "eks-auth": "Amazon EKS Auth",
+  "eks-mcp": "Amazon EKS MCP Server",
   "elasticache": "Amazon ElastiCache",
   "elasticbeanstalk": "AWS Elastic Beanstalk",
   "elasticfilesystem": "Amazon Elastic File System",
@@ -407,7 +409,7 @@
   "trustedadvisor": "AWS Trusted Advisor",
   "ts": "AWS Diagnostic tools",
   "user-subscriptions": "AWS User Subscriptions",
-  "uxc": "AWS Service for managing AWS Management Console user experience capabilities.",
+  "uxc": "AWS Service for managing the console user experience capabilities.",
   "vendor-insights": "AWS Marketplace Vendor Insights",
   "verified-access": "AWS Verified Access",
   "verifiedpermissions": "Amazon Verified Permissions",

package/data/services.json

@@ -9,6 +9,7 @@
   "activate",
   "aiops",
   "airflow",
+  "airflow-serverless",
   "amplify",
   "amplifybackend",
   "amplifyuibuilder",
@@ -141,6 +142,7 @@
   "ecs",
   "eks",
   "eks-auth",
+  "eks-mcp",
   "elasticache",
   "elasticbeanstalk",
   "elasticfilesystem",

package/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@cloud-copilot/iam-data",
-  "version": "0.15.202511141",
+  "version": "0.15.202511201",
   "description": "AWS IAM Data",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/cloud-copilot/iam-data.git"
   },
-  "updatedAt": "2025-11-14T04:47:42.092Z",
+  "updatedAt": "2025-11-20T04:47:21.609Z",
   "exports": {
     ".": {
       "import": "./dist/esm/index.js",