@cloud-copilot/iam-data 0.18.202603281 → 0.18.202603311

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/data/actions/aidevops.json +15 -0
  2. package/data/actions/shield.json +1 -1
  3. package/data/actions/sso.json +282 -94
  4. package/data/conditionKeys/sso.json +5 -0
  5. package/data/resourceTypes/sso.json +8 -4
  6. package/package.json +2 -2
package/data/actions/aidevops.json CHANGED
@@ -93,6 +93,21 @@
93
93
  "conditionKeys": [],
94
94
  "dependentActions": []
95
95
  },
96
+ "createonetimeloginsession": {
97
+ "name": "CreateOneTimeLoginSession",
98
+ "description": "Grants permission to generate secure one-time session for initiating off-console Application login",
99
+ "accessLevel": "Write",
100
+ "resourceTypes": [
101
+ {
102
+ "name": "agentspace",
103
+ "required": true,
104
+ "conditionKeys": [],
105
+ "dependentActions": []
106
+ }
107
+ ],
108
+ "conditionKeys": [],
109
+ "dependentActions": []
110
+ },
96
111
  "deleteagentspace": {
97
112
  "name": "DeleteAgentSpace",
98
113
  "description": "Grants permission to delete agentspace",
package/data/actions/shield.json CHANGED
@@ -123,7 +123,7 @@
123
123
  },
124
124
  "describeattack": {
125
125
  "name": "DescribeAttack",
126
- "description": "Grants permission to get attack details",
126
+ "description": "Grants permission to get attack details. For getting attack details protected by AWS WAF anti-DDoS managed rule group, this action additionally calls wafv2:DescribeTopContributorsByEvent to retrieve application layer attack contributors, which requires to have wafv2:DescribeTopContributorsByEvent permission in IAM policy",
127
127
  "accessLevel": "Read",
128
128
  "resourceTypes": [
129
129
  {
package/data/actions/sso.json CHANGED
@@ -11,7 +11,9 @@
11
11
  "dependentActions": []
12
12
  }
13
13
  ],
14
- "conditionKeys": [],
14
+ "conditionKeys": [
15
+ "sso:PrimaryRegion"
16
+ ],
15
17
  "dependentActions": [
16
18
  "identitystore:AddRegion",
17
19
  "kms:Decrypt"
@@ -47,7 +49,9 @@
47
49
  {
48
50
  "name": "Instance",
49
51
  "required": true,
50
- "conditionKeys": [],
52
+ "conditionKeys": [
53
+ "sso:PrimaryRegion"
54
+ ],
51
55
  "dependentActions": [
52
56
  "kms:Decrypt"
53
57
  ]
@@ -55,7 +59,9 @@
55
59
  {
56
60
  "name": "PermissionSet",
57
61
  "required": true,
58
- "conditionKeys": [],
62
+ "conditionKeys": [
63
+ "sso:PrimaryRegion"
64
+ ],
59
65
  "dependentActions": []
60
66
  }
61
67
  ],
@@ -70,7 +76,9 @@
70
76
  {
71
77
  "name": "Instance",
72
78
  "required": true,
73
- "conditionKeys": [],
79
+ "conditionKeys": [
80
+ "sso:PrimaryRegion"
81
+ ],
74
82
  "dependentActions": [
75
83
  "kms:Decrypt"
76
84
  ]
@@ -78,7 +86,9 @@
78
86
  {
79
87
  "name": "PermissionSet",
80
88
  "required": true,
81
- "conditionKeys": [],
89
+ "conditionKeys": [
90
+ "sso:PrimaryRegion"
91
+ ],
82
92
  "dependentActions": []
83
93
  }
84
94
  ],
@@ -101,13 +111,17 @@
101
111
  {
102
112
  "name": "Instance",
103
113
  "required": true,
104
- "conditionKeys": [],
114
+ "conditionKeys": [
115
+ "sso:PrimaryRegion"
116
+ ],
105
117
  "dependentActions": []
106
118
  },
107
119
  {
108
120
  "name": "PermissionSet",
109
121
  "required": true,
110
- "conditionKeys": [],
122
+ "conditionKeys": [
123
+ "sso:PrimaryRegion"
124
+ ],
111
125
  "dependentActions": []
112
126
  }
113
127
  ],
@@ -122,7 +136,9 @@
122
136
  {
123
137
  "name": "Application",
124
138
  "required": true,
125
- "conditionKeys": [],
139
+ "conditionKeys": [
140
+ "sso:PrimaryRegion"
141
+ ],
126
142
  "dependentActions": [
127
143
  "kms:Decrypt"
128
144
  ]
@@ -136,7 +152,9 @@
136
152
  {
137
153
  "name": "Instance",
138
154
  "required": true,
139
- "conditionKeys": [],
155
+ "conditionKeys": [
156
+ "sso:PrimaryRegion"
157
+ ],
140
158
  "dependentActions": []
141
159
  }
142
160
  ],
@@ -154,7 +172,9 @@
154
172
  {
155
173
  "name": "Application",
156
174
  "required": true,
157
- "conditionKeys": [],
175
+ "conditionKeys": [
176
+ "sso:PrimaryRegion"
177
+ ],
158
178
  "dependentActions": [
159
179
  "kms:Decrypt"
160
180
  ]
@@ -219,7 +239,9 @@
219
239
  "dependentActions": []
220
240
  }
221
241
  ],
222
- "conditionKeys": [],
242
+ "conditionKeys": [
243
+ "sso:PrimaryRegion"
244
+ ],
223
245
  "dependentActions": [
224
246
  "iam:AttachRolePolicy",
225
247
  "iam:CreateRole",
@@ -252,7 +274,9 @@
252
274
  {
253
275
  "name": "Instance",
254
276
  "required": true,
255
- "conditionKeys": [],
277
+ "conditionKeys": [
278
+ "sso:PrimaryRegion"
279
+ ],
256
280
  "dependentActions": [
257
281
  "kms:Decrypt"
258
282
  ]
@@ -260,7 +284,9 @@
260
284
  {
261
285
  "name": "PermissionSet",
262
286
  "required": true,
263
- "conditionKeys": [],
287
+ "conditionKeys": [
288
+ "sso:PrimaryRegion"
289
+ ],
264
290
  "dependentActions": []
265
291
  }
266
292
  ],
@@ -298,7 +324,9 @@
298
324
  {
299
325
  "name": "Instance",
300
326
  "required": true,
301
- "conditionKeys": [],
327
+ "conditionKeys": [
328
+ "sso:PrimaryRegion"
329
+ ],
302
330
  "dependentActions": [
303
331
  "kms:Decrypt"
304
332
  ]
@@ -306,7 +334,9 @@
306
334
  {
307
335
  "name": "TrustedTokenIssuer",
308
336
  "required": true,
309
- "conditionKeys": [],
337
+ "conditionKeys": [
338
+ "sso:PrimaryRegion"
339
+ ],
310
340
  "dependentActions": []
311
341
  }
312
342
  ],
@@ -332,13 +362,17 @@
332
362
  {
333
363
  "name": "Instance",
334
364
  "required": true,
335
- "conditionKeys": [],
365
+ "conditionKeys": [
366
+ "sso:PrimaryRegion"
367
+ ],
336
368
  "dependentActions": []
337
369
  },
338
370
  {
339
371
  "name": "PermissionSet",
340
372
  "required": true,
341
- "conditionKeys": [],
373
+ "conditionKeys": [
374
+ "sso:PrimaryRegion"
375
+ ],
342
376
  "dependentActions": []
343
377
  }
344
378
  ],
@@ -353,7 +387,9 @@
353
387
  {
354
388
  "name": "Application",
355
389
  "required": true,
356
- "conditionKeys": [],
390
+ "conditionKeys": [
391
+ "sso:PrimaryRegion"
392
+ ],
357
393
  "dependentActions": [
358
394
  "kms:Decrypt"
359
395
  ]
@@ -372,7 +408,9 @@
372
408
  {
373
409
  "name": "Application",
374
410
  "required": true,
375
- "conditionKeys": [],
411
+ "conditionKeys": [
412
+ "sso:PrimaryRegion"
413
+ ],
376
414
  "dependentActions": [
377
415
  "kms:Decrypt"
378
416
  ]
@@ -391,7 +429,9 @@
391
429
  {
392
430
  "name": "Application",
393
431
  "required": true,
394
- "conditionKeys": [],
432
+ "conditionKeys": [
433
+ "sso:PrimaryRegion"
434
+ ],
395
435
  "dependentActions": [
396
436
  "kms:Decrypt"
397
437
  ]
@@ -410,7 +450,9 @@
410
450
  {
411
451
  "name": "Application",
412
452
  "required": true,
413
- "conditionKeys": [],
453
+ "conditionKeys": [
454
+ "sso:PrimaryRegion"
455
+ ],
414
456
  "dependentActions": [
415
457
  "kms:Decrypt"
416
458
  ]
@@ -429,7 +471,9 @@
429
471
  {
430
472
  "name": "Application",
431
473
  "required": true,
432
- "conditionKeys": [],
474
+ "conditionKeys": [
475
+ "sso:PrimaryRegion"
476
+ ],
433
477
  "dependentActions": [
434
478
  "kms:Decrypt"
435
479
  ]
@@ -468,7 +512,9 @@
468
512
  {
469
513
  "name": "Instance",
470
514
  "required": true,
471
- "conditionKeys": [],
515
+ "conditionKeys": [
516
+ "sso:PrimaryRegion"
517
+ ],
472
518
  "dependentActions": [
473
519
  "kms:Decrypt"
474
520
  ]
@@ -476,7 +522,9 @@
476
522
  {
477
523
  "name": "PermissionSet",
478
524
  "required": true,
479
- "conditionKeys": [],
525
+ "conditionKeys": [
526
+ "sso:PrimaryRegion"
527
+ ],
480
528
  "dependentActions": []
481
529
  }
482
530
  ],
@@ -495,7 +543,9 @@
495
543
  "dependentActions": []
496
544
  }
497
545
  ],
498
- "conditionKeys": [],
546
+ "conditionKeys": [
547
+ "sso:PrimaryRegion"
548
+ ],
499
549
  "dependentActions": [
500
550
  "identitystore:DeleteIdentityStore"
501
551
  ]
@@ -512,7 +562,9 @@
512
562
  "dependentActions": []
513
563
  }
514
564
  ],
515
- "conditionKeys": [],
565
+ "conditionKeys": [
566
+ "sso:PrimaryRegion"
567
+ ],
516
568
  "dependentActions": [
517
569
  "kms:Decrypt"
518
570
  ]
@@ -535,7 +587,9 @@
535
587
  {
536
588
  "name": "Instance",
537
589
  "required": true,
538
- "conditionKeys": [],
590
+ "conditionKeys": [
591
+ "sso:PrimaryRegion"
592
+ ],
539
593
  "dependentActions": [
540
594
  "kms:Decrypt"
541
595
  ]
@@ -543,7 +597,9 @@
543
597
  {
544
598
  "name": "PermissionSet",
545
599
  "required": true,
546
- "conditionKeys": [],
600
+ "conditionKeys": [
601
+ "sso:PrimaryRegion"
602
+ ],
547
603
  "dependentActions": []
548
604
  }
549
605
  ],
@@ -558,7 +614,9 @@
558
614
  {
559
615
  "name": "Instance",
560
616
  "required": true,
561
- "conditionKeys": [],
617
+ "conditionKeys": [
618
+ "sso:PrimaryRegion"
619
+ ],
562
620
  "dependentActions": [
563
621
  "kms:Decrypt"
564
622
  ]
@@ -566,7 +624,9 @@
566
624
  {
567
625
  "name": "PermissionSet",
568
626
  "required": true,
569
- "conditionKeys": [],
627
+ "conditionKeys": [
628
+ "sso:PrimaryRegion"
629
+ ],
570
630
  "dependentActions": []
571
631
  }
572
632
  ],
@@ -595,7 +655,9 @@
595
655
  "dependentActions": []
596
656
  }
597
657
  ],
598
- "conditionKeys": [],
658
+ "conditionKeys": [
659
+ "sso:PrimaryRegion"
660
+ ],
599
661
  "dependentActions": [
600
662
  "kms:Decrypt"
601
663
  ]
@@ -612,7 +674,9 @@
612
674
  "dependentActions": []
613
675
  }
614
676
  ],
615
- "conditionKeys": [],
677
+ "conditionKeys": [
678
+ "sso:PrimaryRegion"
679
+ ],
616
680
  "dependentActions": [
617
681
  "kms:Decrypt"
618
682
  ]
@@ -629,7 +693,9 @@
629
693
  "dependentActions": []
630
694
  }
631
695
  ],
632
- "conditionKeys": [],
696
+ "conditionKeys": [
697
+ "sso:PrimaryRegion"
698
+ ],
633
699
  "dependentActions": [
634
700
  "kms:Decrypt"
635
701
  ]
@@ -642,7 +708,9 @@
642
708
  {
643
709
  "name": "Application",
644
710
  "required": true,
645
- "conditionKeys": [],
711
+ "conditionKeys": [
712
+ "sso:PrimaryRegion"
713
+ ],
646
714
  "dependentActions": [
647
715
  "kms:Decrypt"
648
716
  ]
@@ -661,7 +729,9 @@
661
729
  {
662
730
  "name": "Application",
663
731
  "required": true,
664
- "conditionKeys": [],
732
+ "conditionKeys": [
733
+ "sso:PrimaryRegion"
734
+ ],
665
735
  "dependentActions": [
666
736
  "kms:Decrypt"
667
737
  ]
@@ -699,7 +769,9 @@
699
769
  "dependentActions": []
700
770
  }
701
771
  ],
702
- "conditionKeys": [],
772
+ "conditionKeys": [
773
+ "sso:PrimaryRegion"
774
+ ],
703
775
  "dependentActions": []
704
776
  },
705
777
  "describeinstanceaccesscontrolattributeconfiguration": {
@@ -714,7 +786,9 @@
714
786
  "dependentActions": []
715
787
  }
716
788
  ],
717
- "conditionKeys": [],
789
+ "conditionKeys": [
790
+ "sso:PrimaryRegion"
791
+ ],
718
792
  "dependentActions": [
719
793
  "kms:Decrypt"
720
794
  ]
@@ -727,7 +801,9 @@
727
801
  {
728
802
  "name": "Instance",
729
803
  "required": true,
730
- "conditionKeys": [],
804
+ "conditionKeys": [
805
+ "sso:PrimaryRegion"
806
+ ],
731
807
  "dependentActions": [
732
808
  "kms:Decrypt"
733
809
  ]
@@ -735,7 +811,9 @@
735
811
  {
736
812
  "name": "PermissionSet",
737
813
  "required": true,
738
- "conditionKeys": [],
814
+ "conditionKeys": [
815
+ "sso:PrimaryRegion"
816
+ ],
739
817
  "dependentActions": []
740
818
  }
741
819
  ],
@@ -754,7 +832,9 @@
754
832
  "dependentActions": []
755
833
  }
756
834
  ],
757
- "conditionKeys": [],
835
+ "conditionKeys": [
836
+ "sso:PrimaryRegion"
837
+ ],
758
838
  "dependentActions": [
759
839
  "kms:Decrypt"
760
840
  ]
@@ -771,7 +851,9 @@
771
851
  "dependentActions": []
772
852
  }
773
853
  ],
774
- "conditionKeys": [],
854
+ "conditionKeys": [
855
+ "sso:PrimaryRegion"
856
+ ],
775
857
  "dependentActions": [
776
858
  "kms:Decrypt"
777
859
  ]
@@ -796,7 +878,9 @@
796
878
  "dependentActions": []
797
879
  }
798
880
  ],
799
- "conditionKeys": [],
881
+ "conditionKeys": [
882
+ "sso:PrimaryRegion"
883
+ ],
800
884
  "dependentActions": [
801
885
  "kms:Decrypt"
802
886
  ]
@@ -809,7 +893,9 @@
809
893
  {
810
894
  "name": "Instance",
811
895
  "required": true,
812
- "conditionKeys": [],
896
+ "conditionKeys": [
897
+ "sso:PrimaryRegion"
898
+ ],
813
899
  "dependentActions": [
814
900
  "kms:Decrypt"
815
901
  ]
@@ -817,7 +903,9 @@
817
903
  {
818
904
  "name": "PermissionSet",
819
905
  "required": true,
820
- "conditionKeys": [],
906
+ "conditionKeys": [
907
+ "sso:PrimaryRegion"
908
+ ],
821
909
  "dependentActions": []
822
910
  }
823
911
  ],
@@ -832,7 +920,9 @@
832
920
  {
833
921
  "name": "Instance",
834
922
  "required": true,
835
- "conditionKeys": [],
923
+ "conditionKeys": [
924
+ "sso:PrimaryRegion"
925
+ ],
836
926
  "dependentActions": [
837
927
  "kms:Decrypt"
838
928
  ]
@@ -840,7 +930,9 @@
840
930
  {
841
931
  "name": "PermissionSet",
842
932
  "required": true,
843
- "conditionKeys": [],
933
+ "conditionKeys": [
934
+ "sso:PrimaryRegion"
935
+ ],
844
936
  "dependentActions": []
845
937
  }
846
938
  ],
@@ -877,7 +969,9 @@
877
969
  {
878
970
  "name": "Application",
879
971
  "required": true,
880
- "conditionKeys": [],
972
+ "conditionKeys": [
973
+ "sso:PrimaryRegion"
974
+ ],
881
975
  "dependentActions": [
882
976
  "kms:Decrypt"
883
977
  ]
@@ -896,7 +990,9 @@
896
990
  {
897
991
  "name": "Application",
898
992
  "required": true,
899
- "conditionKeys": [],
993
+ "conditionKeys": [
994
+ "sso:PrimaryRegion"
995
+ ],
900
996
  "dependentActions": [
901
997
  "kms:Decrypt"
902
998
  ]
@@ -915,7 +1011,9 @@
915
1011
  {
916
1012
  "name": "Application",
917
1013
  "required": true,
918
- "conditionKeys": [],
1014
+ "conditionKeys": [
1015
+ "sso:PrimaryRegion"
1016
+ ],
919
1017
  "dependentActions": [
920
1018
  "kms:Decrypt"
921
1019
  ]
@@ -934,7 +1032,9 @@
934
1032
  {
935
1033
  "name": "Application",
936
1034
  "required": true,
937
- "conditionKeys": [],
1035
+ "conditionKeys": [
1036
+ "sso:PrimaryRegion"
1037
+ ],
938
1038
  "dependentActions": [
939
1039
  "kms:Decrypt"
940
1040
  ]
@@ -963,7 +1063,9 @@
963
1063
  {
964
1064
  "name": "Application",
965
1065
  "required": true,
966
- "conditionKeys": [],
1066
+ "conditionKeys": [
1067
+ "sso:PrimaryRegion"
1068
+ ],
967
1069
  "dependentActions": [
968
1070
  "kms:Decrypt"
969
1071
  ]
@@ -990,7 +1092,9 @@
990
1092
  {
991
1093
  "name": "Instance",
992
1094
  "required": true,
993
- "conditionKeys": [],
1095
+ "conditionKeys": [
1096
+ "sso:PrimaryRegion"
1097
+ ],
994
1098
  "dependentActions": [
995
1099
  "kms:Decrypt"
996
1100
  ]
@@ -998,7 +1102,9 @@
998
1102
  {
999
1103
  "name": "PermissionSet",
1000
1104
  "required": true,
1001
- "conditionKeys": [],
1105
+ "conditionKeys": [
1106
+ "sso:PrimaryRegion"
1107
+ ],
1002
1108
  "dependentActions": []
1003
1109
  }
1004
1110
  ],
@@ -1043,7 +1149,9 @@
1043
1149
  {
1044
1150
  "name": "Instance",
1045
1151
  "required": true,
1046
- "conditionKeys": [],
1152
+ "conditionKeys": [
1153
+ "sso:PrimaryRegion"
1154
+ ],
1047
1155
  "dependentActions": [
1048
1156
  "kms:Decrypt"
1049
1157
  ]
@@ -1051,7 +1159,9 @@
1051
1159
  {
1052
1160
  "name": "PermissionSet",
1053
1161
  "required": true,
1054
- "conditionKeys": [],
1162
+ "conditionKeys": [
1163
+ "sso:PrimaryRegion"
1164
+ ],
1055
1165
  "dependentActions": []
1056
1166
  }
1057
1167
  ],
@@ -1128,7 +1238,9 @@
1128
1238
  "dependentActions": []
1129
1239
  }
1130
1240
  ],
1131
- "conditionKeys": [],
1241
+ "conditionKeys": [
1242
+ "sso:PrimaryRegion"
1243
+ ],
1132
1244
  "dependentActions": [
1133
1245
  "kms:Decrypt"
1134
1246
  ]
@@ -1145,7 +1257,9 @@
1145
1257
  "dependentActions": []
1146
1258
  }
1147
1259
  ],
1148
- "conditionKeys": [],
1260
+ "conditionKeys": [
1261
+ "sso:PrimaryRegion"
1262
+ ],
1149
1263
  "dependentActions": [
1150
1264
  "kms:Decrypt"
1151
1265
  ]
@@ -1166,13 +1280,17 @@
1166
1280
  {
1167
1281
  "name": "Instance",
1168
1282
  "required": true,
1169
- "conditionKeys": [],
1283
+ "conditionKeys": [
1284
+ "sso:PrimaryRegion"
1285
+ ],
1170
1286
  "dependentActions": []
1171
1287
  },
1172
1288
  {
1173
1289
  "name": "PermissionSet",
1174
1290
  "required": true,
1175
- "conditionKeys": [],
1291
+ "conditionKeys": [
1292
+ "sso:PrimaryRegion"
1293
+ ],
1176
1294
  "dependentActions": []
1177
1295
  }
1178
1296
  ],
@@ -1191,7 +1309,9 @@
1191
1309
  "dependentActions": []
1192
1310
  }
1193
1311
  ],
1194
- "conditionKeys": [],
1312
+ "conditionKeys": [
1313
+ "sso:PrimaryRegion"
1314
+ ],
1195
1315
  "dependentActions": [
1196
1316
  "kms:Decrypt"
1197
1317
  ]
@@ -1204,7 +1324,9 @@
1204
1324
  {
1205
1325
  "name": "Instance",
1206
1326
  "required": true,
1207
- "conditionKeys": [],
1327
+ "conditionKeys": [
1328
+ "sso:PrimaryRegion"
1329
+ ],
1208
1330
  "dependentActions": [
1209
1331
  "kms:Decrypt"
1210
1332
  ]
@@ -1212,7 +1334,9 @@
1212
1334
  {
1213
1335
  "name": "PermissionSet",
1214
1336
  "required": true,
1215
- "conditionKeys": [],
1337
+ "conditionKeys": [
1338
+ "sso:PrimaryRegion"
1339
+ ],
1216
1340
  "dependentActions": []
1217
1341
  }
1218
1342
  ],
@@ -1227,7 +1351,9 @@
1227
1351
  {
1228
1352
  "name": "Application",
1229
1353
  "required": true,
1230
- "conditionKeys": [],
1354
+ "conditionKeys": [
1355
+ "sso:PrimaryRegion"
1356
+ ],
1231
1357
  "dependentActions": [
1232
1358
  "kms:Decrypt"
1233
1359
  ]
@@ -1246,7 +1372,9 @@
1246
1372
  {
1247
1373
  "name": "Application",
1248
1374
  "required": true,
1249
- "conditionKeys": [],
1375
+ "conditionKeys": [
1376
+ "sso:PrimaryRegion"
1377
+ ],
1250
1378
  "dependentActions": [
1251
1379
  "kms:Decrypt"
1252
1380
  ]
@@ -1265,7 +1393,9 @@
1265
1393
  {
1266
1394
  "name": "Instance",
1267
1395
  "required": true,
1268
- "conditionKeys": [],
1396
+ "conditionKeys": [
1397
+ "sso:PrimaryRegion"
1398
+ ],
1269
1399
  "dependentActions": [
1270
1400
  "kms:Decrypt"
1271
1401
  ]
@@ -1284,7 +1414,9 @@
1284
1414
  {
1285
1415
  "name": "Application",
1286
1416
  "required": true,
1287
- "conditionKeys": [],
1417
+ "conditionKeys": [
1418
+ "sso:PrimaryRegion"
1419
+ ],
1288
1420
  "dependentActions": [
1289
1421
  "kms:Decrypt"
1290
1422
  ]
@@ -1303,7 +1435,9 @@
1303
1435
  {
1304
1436
  "name": "Application",
1305
1437
  "required": true,
1306
- "conditionKeys": [],
1438
+ "conditionKeys": [
1439
+ "sso:PrimaryRegion"
1440
+ ],
1307
1441
  "dependentActions": [
1308
1442
  "kms:Decrypt"
1309
1443
  ]
@@ -1378,7 +1512,9 @@
1378
1512
  {
1379
1513
  "name": "Instance",
1380
1514
  "required": true,
1381
- "conditionKeys": [],
1515
+ "conditionKeys": [
1516
+ "sso:PrimaryRegion"
1517
+ ],
1382
1518
  "dependentActions": [
1383
1519
  "kms:Decrypt"
1384
1520
  ]
@@ -1386,7 +1522,9 @@
1386
1522
  {
1387
1523
  "name": "PermissionSet",
1388
1524
  "required": true,
1389
- "conditionKeys": [],
1525
+ "conditionKeys": [
1526
+ "sso:PrimaryRegion"
1527
+ ],
1390
1528
  "dependentActions": []
1391
1529
  }
1392
1530
  ],
@@ -1419,7 +1557,9 @@
1419
1557
  {
1420
1558
  "name": "Instance",
1421
1559
  "required": true,
1422
- "conditionKeys": [],
1560
+ "conditionKeys": [
1561
+ "sso:PrimaryRegion"
1562
+ ],
1423
1563
  "dependentActions": [
1424
1564
  "kms:Decrypt"
1425
1565
  ]
@@ -1427,7 +1567,9 @@
1427
1567
  {
1428
1568
  "name": "PermissionSet",
1429
1569
  "required": true,
1430
- "conditionKeys": [],
1570
+ "conditionKeys": [
1571
+ "sso:PrimaryRegion"
1572
+ ],
1431
1573
  "dependentActions": []
1432
1574
  }
1433
1575
  ],
@@ -1446,7 +1588,9 @@
1446
1588
  "dependentActions": []
1447
1589
  }
1448
1590
  ],
1449
- "conditionKeys": [],
1591
+ "conditionKeys": [
1592
+ "sso:PrimaryRegion"
1593
+ ],
1450
1594
  "dependentActions": [
1451
1595
  "kms:Decrypt"
1452
1596
  ]
@@ -1463,7 +1607,9 @@
1463
1607
  "dependentActions": []
1464
1608
  }
1465
1609
  ],
1466
- "conditionKeys": [],
1610
+ "conditionKeys": [
1611
+ "sso:PrimaryRegion"
1612
+ ],
1467
1613
  "dependentActions": [
1468
1614
  "kms:Decrypt"
1469
1615
  ]
@@ -1484,7 +1630,9 @@
1484
1630
  {
1485
1631
  "name": "Instance",
1486
1632
  "required": true,
1487
- "conditionKeys": [],
1633
+ "conditionKeys": [
1634
+ "sso:PrimaryRegion"
1635
+ ],
1488
1636
  "dependentActions": []
1489
1637
  }
1490
1638
  ],
@@ -1524,7 +1672,9 @@
1524
1672
  "dependentActions": []
1525
1673
  }
1526
1674
  ],
1527
- "conditionKeys": [],
1675
+ "conditionKeys": [
1676
+ "sso:PrimaryRegion"
1677
+ ],
1528
1678
  "dependentActions": [
1529
1679
  "kms:Decrypt"
1530
1680
  ]
@@ -1576,7 +1726,9 @@
1576
1726
  "dependentActions": []
1577
1727
  }
1578
1728
  ],
1579
- "conditionKeys": [],
1729
+ "conditionKeys": [
1730
+ "sso:PrimaryRegion"
1731
+ ],
1580
1732
  "dependentActions": [
1581
1733
  "kms:Decrypt"
1582
1734
  ]
@@ -1597,13 +1749,17 @@
1597
1749
  {
1598
1750
  "name": "Instance",
1599
1751
  "required": true,
1600
- "conditionKeys": [],
1752
+ "conditionKeys": [
1753
+ "sso:PrimaryRegion"
1754
+ ],
1601
1755
  "dependentActions": []
1602
1756
  },
1603
1757
  {
1604
1758
  "name": "PermissionSet",
1605
1759
  "required": true,
1606
- "conditionKeys": [],
1760
+ "conditionKeys": [
1761
+ "sso:PrimaryRegion"
1762
+ ],
1607
1763
  "dependentActions": []
1608
1764
  }
1609
1765
  ],
@@ -1618,7 +1774,9 @@
1618
1774
  {
1619
1775
  "name": "Application",
1620
1776
  "required": true,
1621
- "conditionKeys": [],
1777
+ "conditionKeys": [
1778
+ "sso:PrimaryRegion"
1779
+ ],
1622
1780
  "dependentActions": [
1623
1781
  "kms:Decrypt"
1624
1782
  ]
@@ -1637,7 +1795,9 @@
1637
1795
  {
1638
1796
  "name": "Application",
1639
1797
  "required": true,
1640
- "conditionKeys": [],
1798
+ "conditionKeys": [
1799
+ "sso:PrimaryRegion"
1800
+ ],
1641
1801
  "dependentActions": [
1642
1802
  "kms:Decrypt"
1643
1803
  ]
@@ -1656,7 +1816,9 @@
1656
1816
  {
1657
1817
  "name": "Application",
1658
1818
  "required": true,
1659
- "conditionKeys": [],
1819
+ "conditionKeys": [
1820
+ "sso:PrimaryRegion"
1821
+ ],
1660
1822
  "dependentActions": [
1661
1823
  "kms:Decrypt"
1662
1824
  ]
@@ -1675,7 +1837,9 @@
1675
1837
  {
1676
1838
  "name": "Application",
1677
1839
  "required": true,
1678
- "conditionKeys": [],
1840
+ "conditionKeys": [
1841
+ "sso:PrimaryRegion"
1842
+ ],
1679
1843
  "dependentActions": [
1680
1844
  "kms:Decrypt"
1681
1845
  ]
@@ -1694,7 +1858,9 @@
1694
1858
  {
1695
1859
  "name": "Application",
1696
1860
  "required": true,
1697
- "conditionKeys": [],
1861
+ "conditionKeys": [
1862
+ "sso:PrimaryRegion"
1863
+ ],
1698
1864
  "dependentActions": [
1699
1865
  "kms:Decrypt"
1700
1866
  ]
@@ -1713,7 +1879,9 @@
1713
1879
  {
1714
1880
  "name": "Instance",
1715
1881
  "required": true,
1716
- "conditionKeys": [],
1882
+ "conditionKeys": [
1883
+ "sso:PrimaryRegion"
1884
+ ],
1717
1885
  "dependentActions": [
1718
1886
  "kms:Decrypt"
1719
1887
  ]
@@ -1721,7 +1889,9 @@
1721
1889
  {
1722
1890
  "name": "PermissionSet",
1723
1891
  "required": true,
1724
- "conditionKeys": [],
1892
+ "conditionKeys": [
1893
+ "sso:PrimaryRegion"
1894
+ ],
1725
1895
  "dependentActions": []
1726
1896
  }
1727
1897
  ],
@@ -1746,7 +1916,9 @@
1746
1916
  {
1747
1917
  "name": "Instance",
1748
1918
  "required": true,
1749
- "conditionKeys": [],
1919
+ "conditionKeys": [
1920
+ "sso:PrimaryRegion"
1921
+ ],
1750
1922
  "dependentActions": [
1751
1923
  "kms:Decrypt"
1752
1924
  ]
@@ -1754,7 +1926,9 @@
1754
1926
  {
1755
1927
  "name": "PermissionSet",
1756
1928
  "required": true,
1757
- "conditionKeys": [],
1929
+ "conditionKeys": [
1930
+ "sso:PrimaryRegion"
1931
+ ],
1758
1932
  "dependentActions": []
1759
1933
  }
1760
1934
  ],
@@ -1783,7 +1957,9 @@
1783
1957
  "dependentActions": []
1784
1958
  }
1785
1959
  ],
1786
- "conditionKeys": [],
1960
+ "conditionKeys": [
1961
+ "sso:PrimaryRegion"
1962
+ ],
1787
1963
  "dependentActions": [
1788
1964
  "identitystore:RemoveRegion",
1789
1965
  "kms:Decrypt"
@@ -1909,7 +2085,9 @@
1909
2085
  {
1910
2086
  "name": "Application",
1911
2087
  "required": true,
1912
- "conditionKeys": [],
2088
+ "conditionKeys": [
2089
+ "sso:PrimaryRegion"
2090
+ ],
1913
2091
  "dependentActions": [
1914
2092
  "kms:Decrypt"
1915
2093
  ]
@@ -2002,7 +2180,9 @@
2002
2180
  "dependentActions": []
2003
2181
  }
2004
2182
  ],
2005
- "conditionKeys": [],
2183
+ "conditionKeys": [
2184
+ "sso:PrimaryRegion"
2185
+ ],
2006
2186
  "dependentActions": [
2007
2187
  "identitystore:UpdateIdentityStore",
2008
2188
  "kms:Decrypt",
@@ -2023,7 +2203,9 @@
2023
2203
  "dependentActions": []
2024
2204
  }
2025
2205
  ],
2026
- "conditionKeys": [],
2206
+ "conditionKeys": [
2207
+ "sso:PrimaryRegion"
2208
+ ],
2027
2209
  "dependentActions": [
2028
2210
  "kms:Decrypt"
2029
2211
  ]
@@ -2046,7 +2228,9 @@
2046
2228
  {
2047
2229
  "name": "Instance",
2048
2230
  "required": true,
2049
- "conditionKeys": [],
2231
+ "conditionKeys": [
2232
+ "sso:PrimaryRegion"
2233
+ ],
2050
2234
  "dependentActions": [
2051
2235
  "kms:Decrypt"
2052
2236
  ]
@@ -2054,7 +2238,9 @@
2054
2238
  {
2055
2239
  "name": "PermissionSet",
2056
2240
  "required": true,
2057
- "conditionKeys": [],
2241
+ "conditionKeys": [
2242
+ "sso:PrimaryRegion"
2243
+ ],
2058
2244
  "dependentActions": []
2059
2245
  }
2060
2246
  ],
@@ -2103,7 +2289,9 @@
2103
2289
  "dependentActions": []
2104
2290
  }
2105
2291
  ],
2106
- "conditionKeys": [],
2292
+ "conditionKeys": [
2293
+ "sso:PrimaryRegion"
2294
+ ],
2107
2295
  "dependentActions": [
2108
2296
  "kms:Decrypt"
2109
2297
  ]
package/data/conditionKeys/sso.json CHANGED
@@ -28,5 +28,10 @@
28
28
  "key": "sso:ApplicationAccount",
29
29
  "description": "Filters access by the account which creates the application. This condition key is not supported for customer managed SAML applications",
30
30
  "type": "String"
31
+ },
32
+ "sso:primaryregion": {
33
+ "key": "sso:PrimaryRegion",
34
+ "description": "Filters access by the primary region of the IAM Identity Center instance",
35
+ "type": "String"
31
36
  }
32
37
  }
package/data/resourceTypes/sso.json CHANGED
@@ -3,7 +3,8 @@
3
3
  "key": "PermissionSet",
4
4
  "arn": "arn:${Partition}:sso:::permissionSet/${InstanceId}/${PermissionSetId}",
5
5
  "conditionKeys": [
6
- "aws:ResourceTag/${TagKey}"
6
+ "aws:ResourceTag/${TagKey}",
7
+ "sso:PrimaryRegion"
7
8
  ]
8
9
  },
9
10
  "account": {
@@ -14,7 +15,8 @@
14
15
  "key": "Instance",
15
16
  "arn": "arn:${Partition}:sso:::instance/${InstanceId}",
16
17
  "conditionKeys": [
17
- "aws:ResourceTag/${TagKey}"
18
+ "aws:ResourceTag/${TagKey}",
19
+ "sso:PrimaryRegion"
18
20
  ]
19
21
  },
20
22
  "application": {
@@ -22,14 +24,16 @@
22
24
  "arn": "arn:${Partition}:sso::${AccountId}:application/${InstanceId}/${ApplicationId}",
23
25
  "conditionKeys": [
24
26
  "aws:ResourceTag/${TagKey}",
25
- "sso:ApplicationAccount"
27
+ "sso:ApplicationAccount",
28
+ "sso:PrimaryRegion"
26
29
  ]
27
30
  },
28
31
  "trustedtokenissuer": {
29
32
  "key": "TrustedTokenIssuer",
30
33
  "arn": "arn:${Partition}:sso::${AccountId}:trustedTokenIssuer/${InstanceId}/${TrustedTokenIssuerId}",
31
34
  "conditionKeys": [
32
- "aws:ResourceTag/${TagKey}"
35
+ "aws:ResourceTag/${TagKey}",
36
+ "sso:PrimaryRegion"
33
37
  ]
34
38
  },
35
39
  "applicationprovider": {
package/package.json CHANGED
@@ -1,12 +1,12 @@
1
1
  {
2
2
  "name": "@cloud-copilot/iam-data",
3
- "version": "0.18.202603281",
3
+ "version": "0.18.202603311",
4
4
  "description": "AWS IAM Data",
5
5
  "repository": {
6
6
  "type": "git",
7
7
  "url": "git+https://github.com/cloud-copilot/iam-data.git"
8
8
  },
9
- "updatedAt": "2026-03-28T05:12:05.889Z",
9
+ "updatedAt": "2026-03-31T05:21:13.563Z",
10
10
  "exports": {
11
11
  ".": {
12
12
  "import": "./dist/esm/index.js",