@cloud-copilot/iam-data 0.15.202601301 → 0.15.202602031

package/data/actions/bedrock-agentcore.json

@@ -149,7 +149,9 @@
     "resourceTypes": [],
     "conditionKeys": [
       "aws:RequestTag/${TagKey}",
-      "aws:TagKeys"
+      "aws:TagKeys",
+      "bedrock-agentcore:subnets",
+      "bedrock-agentcore:securityGroups"
     ],
     "dependentActions": [
       "iam:PassRole"
@@ -204,7 +206,9 @@
     "resourceTypes": [],
     "conditionKeys": [
       "aws:RequestTag/${TagKey}",
-      "aws:TagKeys"
+      "aws:TagKeys",
+      "bedrock-agentcore:subnets",
+      "bedrock-agentcore:securityGroups"
     ],
     "dependentActions": []
   },
@@ -215,7 +219,9 @@
     "resourceTypes": [],
     "conditionKeys": [
       "aws:RequestTag/${TagKey}",
-      "aws:TagKeys"
+      "aws:TagKeys",
+      "bedrock-agentcore:subnets",
+      "bedrock-agentcore:securityGroups"
     ],
     "dependentActions": []
   },
@@ -1844,7 +1850,7 @@
   },
   "startbrowsersession": {
     "name": "StartBrowserSession",
-    "description": "Grants permission to starts a new browser session",
+    "description": "Grants permission to start a new browser session",
     "accessLevel": "Write",
     "resourceTypes": [
       {
@@ -2161,13 +2167,16 @@
         "name": "runtime",
         "required": true,
         "conditionKeys": [],
-        "dependentActions": []
+        "dependentActions": [
+          "iam:PassRole"
+        ]
       }
     ],
-    "conditionKeys": [],
-    "dependentActions": [
-      "iam:PassRole"
-    ]
+    "conditionKeys": [
+      "bedrock-agentcore:subnets",
+      "bedrock-agentcore:securityGroups"
+    ],
+    "dependentActions": []
   },
   "updateagentruntimeendpoint": {
     "name": "UpdateAgentRuntimeEndpoint",

package/data/actions/cloudfront.json

@@ -223,14 +223,7 @@
     "name": "CreateKeyValueStore",
     "description": "Grants permission to create a CloudFront KeyValueStore",
     "accessLevel": "Write",
-    "resourceTypes": [
-      {
-        "name": "key-value-store",
-        "required": true,
-        "conditionKeys": [],
-        "dependentActions": []
-      }
-    ],
+    "resourceTypes": [],
     "conditionKeys": [],
     "dependentActions": []
   },

package/data/actions/dynamodb.json

@@ -1,4 +1,20 @@
 {
+  "associatetablereplica": {
+    "name": "AssociateTableReplica",
+    "isPermissionOnly": true,
+    "description": "Grants permission to create multi account global table replica",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "table",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "batchgetitem": {
     "name": "BatchGetItem",
     "description": "Grants permission to return the attributes of one or more items from one or more tables",
@@ -860,6 +876,38 @@
     ],
     "dependentActions": []
   },
+  "readdataforreplication": {
+    "name": "ReadDataForReplication",
+    "isPermissionOnly": true,
+    "description": "Grants permission to read data from a multi account global table replica",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "table",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "replicatesettings": {
+    "name": "ReplicateSettings",
+    "isPermissionOnly": true,
+    "description": "Grants permission to configure settings for a multi account global table replica",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "table",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "restoretablefromawsbackup": {
     "name": "RestoreTableFromAwsBackup",
     "isPermissionOnly": true,
@@ -1194,5 +1242,21 @@
     ],
     "conditionKeys": [],
     "dependentActions": []
+  },
+  "writedataforreplication": {
+    "name": "WriteDataForReplication",
+    "isPermissionOnly": true,
+    "description": "Grants permission to write data to a multi account global table replica",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "table",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
   }
 }

package/data/actions/identitystore.json

@@ -1,4 +1,14 @@
 {
+  "addregion": {
+    "name": "AddRegion",
+    "description": "Grants permission to add a region to an IdentityStore",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": [
+      "kms:Decrypt"
+    ]
+  },
   "creategroup": {
     "name": "CreateGroup",
     "description": "Grants permission to create a group in the specified IdentityStore",
@@ -244,6 +254,18 @@
     ],
     "dependentActions": []
   },
+  "describeregion": {
+    "name": "DescribeRegion",
+    "description": "Grants permission to retrieve configuration details for a specific IdentityStore region",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "identitystore:PrimaryRegion"
+    ],
+    "dependentActions": [
+      "kms:Decrypt"
+    ]
+  },
   "describeuser": {
     "name": "DescribeUser",
     "description": "Grants permission to retrieve information about user in the specified IdentityStore",
@@ -482,6 +504,18 @@
     ],
     "dependentActions": []
   },
+  "listregions": {
+    "name": "ListRegions",
+    "description": "Grants permission to list all regions configured for an IdentityStore",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "identitystore:PrimaryRegion"
+    ],
+    "dependentActions": [
+      "kms:Decrypt"
+    ]
+  },
   "listusers": {
     "name": "ListUsers",
     "description": "Grants permission to search for users in the specified IdentityStore",
@@ -508,6 +542,16 @@
     ],
     "dependentActions": []
   },
+  "removeregion": {
+    "name": "RemoveRegion",
+    "description": "Grants permission to remove a region from an IdentityStore",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": [
+      "kms:Decrypt"
+    ]
+  },
   "reserveuser": {
     "name": "ReserveUser",
     "description": "Grants permission to reserve a user by getting a userId",

package/data/actions/redshift-serverless.json

@@ -334,6 +334,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getidentitycenterauthtoken": {
+    "name": "GetIdentityCenterAuthToken",
+    "description": "Grants permission to get an authorized token for Identity Center users to access Redshift Serverless workgroups",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "workgroup",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getmanagedworkgroup": {
     "name": "GetManagedWorkgroup",
     "description": "Grants permission to create a Amazon Redshift Managed Serverless workgroup with the specified configuration settings",

package/data/actions/redshift.json

@@ -1707,6 +1707,21 @@
     ],
     "dependentActions": []
   },
+  "getidentitycenterauthtoken": {
+    "name": "GetIdentityCenterAuthToken",
+    "description": "Grants permission to get an authorized token for Identity Center users to access Redshift clusters",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "cluster",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getreservednodeexchangeconfigurationoptions": {
     "name": "GetReservedNodeExchangeConfigurationOptions",
     "description": "Grants permission to get the configuration options for the reserved-node exchange",