@cloud-copilot/iam-data 0.19.202606111 → 0.19.202606131

package/data/actions/aidevops.json

@@ -29,6 +29,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "createaccesstoken": {
+    "name": "CreateAccessToken",
+    "description": "Grants permission to create an access token",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "agentspace",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "createagentspace": {
     "name": "CreateAgentSpace",
     "description": "Grants permission to create agentspace",
@@ -411,6 +426,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getaccesstoken": {
+    "name": "GetAccessToken",
+    "description": "Grants permission to get access token details",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "agentspace",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getaccountusage": {
     "name": "GetAccountUsage",
     "description": "Grants permission to retrieve account usage information",
@@ -609,6 +639,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "listaccesstokens": {
+    "name": "ListAccessTokens",
+    "description": "Grants permission to list access tokens",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "agentspace",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listagentspaces": {
     "name": "ListAgentSpaces",
     "description": "Grants permission to list agentspace",
@@ -932,6 +977,36 @@
     ],
     "dependentActions": []
   },
+  "revokeaccesstoken": {
+    "name": "RevokeAccessToken",
+    "description": "Grants permission to revoke an access token",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "agentspace",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "rotateaccesstoken": {
+    "name": "RotateAccessToken",
+    "description": "Grants permission to rotate an access token",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "agentspace",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "searchserviceaccessibleresource": {
     "name": "SearchServiceAccessibleResource",
     "description": "Grants permission to look up a registered service accessible resources",

package/data/actions/aws-external-anthropic.json

@@ -343,6 +343,23 @@
     ],
     "dependentActions": []
   },
+  "createwebhook": {
+    "name": "CreateWebhook",
+    "description": "Grants permission to create a webhook in a workspace",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "workspace",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "createworkspace": {
     "name": "CreateWorkspace",
     "description": "Grants permission to create a workspace in an organization",
@@ -473,6 +490,23 @@
     ],
     "dependentActions": []
   },
+  "deletewebhook": {
+    "name": "DeleteWebhook",
+    "description": "Grants permission to delete a webhook",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "workspace",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "getaccountstatus": {
     "name": "GetAccountStatus",
     "description": "Grants permission to retrieve the status of account setup and AWS Marketplace registration",
@@ -651,6 +685,23 @@
     ],
     "dependentActions": []
   },
+  "getwebhook": {
+    "name": "GetWebhook",
+    "description": "Grants permission to retrieve details of a webhook",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "workspace",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "getworkspace": {
     "name": "GetWorkspace",
     "description": "Grants permission to retrieve details of a workspace",
@@ -855,6 +906,23 @@
     ],
     "dependentActions": []
   },
+  "listwebhooks": {
+    "name": "ListWebhooks",
+    "description": "Grants permission to list webhooks in a workspace",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "workspace",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "listworkspaces": {
     "name": "ListWorkspaces",
     "description": "Grants permission to list workspaces in an organization",
@@ -863,6 +931,40 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "processenvironmentwork": {
+    "name": "ProcessEnvironmentWork",
+    "description": "Grants permission to process work items in a self-hosted managed agent environment",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "workspace",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "rotatewebhooksecret": {
+    "name": "RotateWebhookSecret",
+    "description": "Grants permission to rotate the signing secret of a webhook",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "workspace",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "tagresource": {
     "name": "TagResource",
     "description": "Grants permission to tag a resource",
@@ -1021,6 +1123,23 @@
     ],
     "dependentActions": []
   },
+  "updatewebhook": {
+    "name": "UpdateWebhook",
+    "description": "Grants permission to update a webhook",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "workspace",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "updateworkspace": {
     "name": "UpdateWorkspace",
     "description": "Grants permission to update a workspace",

package/data/actions/healthlake.json

@@ -685,6 +685,21 @@
     ],
     "dependentActions": []
   },
+  "updatefhirdatastore": {
+    "name": "UpdateFHIRDatastore",
+    "description": "Grants permission to update the configuration of a datastore",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "datastore",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "updateresource": {
     "name": "UpdateResource",
     "description": "Grants permission to update resource",

package/data/actions/s3.json

@@ -28,6 +28,25 @@
     ],
     "dependentActions": []
   },
+  "allowvendedlogdeliveryforresource": {
+    "name": "AllowVendedLogDeliveryForResource",
+    "description": "Grants permission to configure server access logs delivery to CloudWatch",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:resourceArnBeingAuthorized",
+      "s3:deliverySourceArn",
+      "s3:logType"
+    ],
+    "dependentActions": []
+  },
   "associateaccessgrantsidentitycenter": {
     "name": "AssociateAccessGrantsIdentityCenter",
     "description": "Grants permission to associate Access Grants identity center",

package/data/actions/securityagent.json

@@ -14,6 +14,26 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "batchcreatesecurityrequirements": {
+    "name": "BatchCreateSecurityRequirements",
+    "description": "Grants permission to batch create security requirements in a customer managed pack",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "SecurityRequirementPack",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": [
+      "kms:Decrypt",
+      "kms:GenerateDataKeyWithoutPlaintext",
+      "kms:ReEncryptFrom",
+      "kms:ReEncryptTo"
+    ]
+  },
   "batchdeletecodereviews": {
     "name": "BatchDeleteCodeReviews",
     "description": "Grants permission to delete multiple code reviews in a single request",
@@ -48,6 +68,21 @@
       "kms:Decrypt"
     ]
   },
+  "batchdeletesecurityrequirements": {
+    "name": "BatchDeleteSecurityRequirements",
+    "description": "Grants permission to batch delete security requirements from a customer managed pack",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "SecurityRequirementPack",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "batchdeletethreatmodels": {
     "name": "BatchDeleteThreatModels",
     "description": "Grants permission to delete multiple threat models in a single request",
@@ -250,6 +285,26 @@
       "kms:Decrypt"
     ]
   },
+  "batchgetsecurityrequirements": {
+    "name": "BatchGetSecurityRequirements",
+    "description": "Grants permission to retrieve multiple security requirements in a single request",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "SecurityRequirementPack",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": [
+      "kms:Decrypt",
+      "kms:GenerateDataKeyWithoutPlaintext",
+      "kms:ReEncryptFrom",
+      "kms:ReEncryptTo"
+    ]
+  },
   "batchgettargetdomains": {
     "name": "BatchGetTargetDomains",
     "description": "Grants permission to retrieve multiple target domains in a single request",
@@ -333,6 +388,26 @@
       "kms:Decrypt"
     ]
   },
+  "batchupdatesecurityrequirements": {
+    "name": "BatchUpdateSecurityRequirements",
+    "description": "Grants permission to batch update security requirements within a customer managed pack",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "SecurityRequirementPack",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": [
+      "kms:Decrypt",
+      "kms:GenerateDataKeyWithoutPlaintext",
+      "kms:ReEncryptFrom",
+      "kms:ReEncryptTo"
+    ]
+  },
   "createagentspace": {
     "name": "CreateAgentSpace",
     "description": "Grants permission to create an agent space record",
@@ -453,6 +528,17 @@
       "kms:Decrypt"
     ]
   },
+  "createprivateconnection": {
+    "name": "CreatePrivateConnection",
+    "description": "Grants permission to create a private connection for VPC Lattice integration",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys"
+    ],
+    "dependentActions": []
+  },
   "createsecurityrequirement": {
     "name": "CreateSecurityRequirement",
     "description": "Grants permission to add a customer managed Security Requirement",
@@ -468,6 +554,23 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "createsecurityrequirementpack": {
+    "name": "CreateSecurityRequirementPack",
+    "description": "Grants permission to create a customer managed security requirement pack",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys"
+    ],
+    "dependentActions": [
+      "kms:Decrypt",
+      "kms:DescribeKey",
+      "kms:GenerateDataKeyWithoutPlaintext",
+      "kms:ReEncryptFrom",
+      "kms:ReEncryptTo"
+    ]
+  },
   "createtargetdomain": {
     "name": "CreateTargetDomain",
     "description": "Grants permission to create a target domain record",
@@ -602,6 +705,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "deleteprivateconnection": {
+    "name": "DeletePrivateConnection",
+    "description": "Grants permission to delete a private connection",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "PrivateConnection",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "deletesecurityrequirement": {
     "name": "DeleteSecurityRequirement",
     "description": "Grants permission to delete a customer managed Security Requirement",
@@ -617,6 +735,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "deletesecurityrequirementpack": {
+    "name": "DeleteSecurityRequirementPack",
+    "description": "Grants permission to delete a customer managed security requirement pack and all its associated security requirements",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "SecurityRequirementPack",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "deletetargetdomain": {
     "name": "DeleteTargetDomain",
     "description": "Grants permission to delete a target domain record",
@@ -632,6 +765,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "describeprivateconnection": {
+    "name": "DescribePrivateConnection",
+    "description": "Grants permission to describe a private connection",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "PrivateConnection",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getapplication": {
     "name": "GetApplication",
     "description": "Grants permission to get application details by application ID",
@@ -722,6 +870,14 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getproviderregistrationmanifest": {
+    "name": "GetProviderRegistrationManifest",
+    "description": "Grants permission to retrieve the provider registration manifest used for browser-based integration registration",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getsecurityrequirement": {
     "name": "GetSecurityRequirement",
     "description": "Grants permission to retrieve a Security Requirement",
@@ -737,6 +893,49 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getsecurityrequirementpack": {
+    "name": "GetSecurityRequirementPack",
+    "description": "Grants permission to retrieve a security requirement pack",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "SecurityRequirementPack",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "handleproviderregistrationcallback": {
+    "name": "HandleProviderRegistrationCallback",
+    "description": "Grants permission to handle the provider OAuth registration callback that completes integration setup",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "importsecurityrequirements": {
+    "name": "ImportSecurityRequirements",
+    "description": "Grants permission to import security requirements from uploaded documents for a customer managed security requirement pack",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "SecurityRequirementPack",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": [
+      "kms:Decrypt",
+      "kms:GenerateDataKeyWithoutPlaintext",
+      "kms:ReEncryptFrom",
+      "kms:ReEncryptTo"
+    ]
+  },
   "initiateproviderregistration": {
     "name": "InitiateProviderRegistration",
     "description": "Grants permission to initiate the registration of Security Agent App for the given provider (eg: GitHub)",
@@ -980,6 +1179,14 @@
       "kms:Decrypt"
     ]
   },
+  "listprivateconnections": {
+    "name": "ListPrivateConnections",
+    "description": "Grants permission to list private connections in the account",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listresourcesfromintegration": {
     "name": "ListResourcesFromIntegration",
     "description": "Grants permission to list resources from Integration",
@@ -995,6 +1202,14 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "listsecurityrequirementpacks": {
+    "name": "ListSecurityRequirementPacks",
+    "description": "Grants permission to list all security requirement packs in the account",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listsecurityrequirements": {
     "name": "ListSecurityRequirements",
     "description": "Grants permission to list all Security Requirements",
@@ -1008,7 +1223,12 @@
       }
     ],
     "conditionKeys": [],
-    "dependentActions": []
+    "dependentActions": [
+      "kms:Decrypt",
+      "kms:GenerateDataKeyWithoutPlaintext",
+      "kms:ReEncryptFrom",
+      "kms:ReEncryptTo"
+    ]
   },
   "listtagsforresource": {
     "name": "ListTagsForResource",
@@ -1033,6 +1253,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "PrivateConnection",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "SecurityRequirementPack",
         "required": false,
@@ -1286,6 +1512,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "PrivateConnection",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "SecurityRequirementPack",
         "required": false,
@@ -1343,6 +1575,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "PrivateConnection",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "SecurityRequirementPack",
         "required": false,
@@ -1462,6 +1700,21 @@
       "kms:Decrypt"
     ]
   },
+  "updateprivateconnectioncertificate": {
+    "name": "UpdatePrivateConnectionCertificate",
+    "description": "Grants permission to update the certificate associated with a private connection",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "PrivateConnection",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "updatesecurityrequirement": {
     "name": "UpdateSecurityRequirement",
     "description": "Grants permission to update a customer managed Security Requirement",
@@ -1477,6 +1730,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "updatesecurityrequirementpack": {
+    "name": "UpdateSecurityRequirementPack",
+    "description": "Grants permission to update a security requirement pack",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "SecurityRequirementPack",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "updatetargetdomain": {
     "name": "UpdateTargetDomain",
     "description": "Grants permission to update a target domain record",

package/data/actions/signin.json

@@ -1,9 +1,32 @@
 {
+  "authenticate": {
+    "name": "Authenticate",
+    "description": "Grants permission to authenticate to the AWS Management Console",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "console",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "signin:PrincipalArn"
+    ],
+    "dependentActions": []
+  },
   "authorizeoauth2access": {
     "name": "AuthorizeOAuth2Access",
     "description": "Grants permission to authenticate through a browser and obtain an OAuth 2.0 authorization code for credential exchange",
     "accessLevel": "Read",
     "resourceTypes": [
+      {
+        "name": "console",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "oauth2-public-client-localhost",
         "required": true,
@@ -20,11 +43,33 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "createaccount": {
+    "name": "CreateAccount",
+    "isPermissionOnly": true,
+    "description": "Grants permission to create an AWS account through the AWS Management Console sign-up flow",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "console",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "createoauth2token": {
     "name": "CreateOAuth2Token",
     "description": "Grants permission to exchange an authorization code for OAuth 2.0 access token and refresh token that can be used to access AWS services from developer tools and applications",
     "accessLevel": "Read",
     "resourceTypes": [
+      {
+        "name": "console",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "oauth2-public-client-localhost",
         "required": true,
@@ -57,6 +102,46 @@
       "sso:PutApplicationGrant"
     ]
   },
+  "deleteconsoleauthorizationconfiguration": {
+    "name": "DeleteConsoleAuthorizationConfiguration",
+    "description": "Grants permission to disable console authorization configuration for an AWS account or organization",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "deleteresourcepermissionstatement": {
+    "name": "DeleteResourcePermissionStatement",
+    "description": "Grants permission to remove a permission statement from the account's SignIn Resource Based Policy",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getconsoleauthorizationconfiguration": {
+    "name": "GetConsoleAuthorizationConfiguration",
+    "description": "Grants permission to retrieve console authorization configuration for an AWS account or organization",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getresourcepolicy": {
+    "name": "GetResourcePolicy",
+    "description": "Grants permission to retrieve SignIn Resource Based Policy document that is attached with your account",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listresourcepermissionstatements": {
+    "name": "ListResourcePermissionStatements",
+    "description": "Grants permission to list the SignIn Resource Based Policy statements in your account",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listtrustedidentitypropagationapplicationsforconsole": {
     "name": "ListTrustedIdentityPropagationApplicationsForConsole",
     "description": "Grants permission to list all Identity Center applications that represent the AWS Management Console",
@@ -67,5 +152,21 @@
       "sso:GetSharedSsoConfiguration",
       "sso:ListApplications"
     ]
+  },
+  "putconsoleauthorizationconfiguration": {
+    "name": "PutConsoleAuthorizationConfiguration",
+    "description": "Grants permission to enable console authorization configuration for an AWS account or organization",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "putresourcepermissionstatement": {
+    "name": "PutResourcePermissionStatement",
+    "description": "Grants permission to create a permission statement in the account's SignIn resource-based policy",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
   }
 }

package/data/conditionKeys/s3.json

@@ -124,6 +124,11 @@
     "description": "Filters access by delimiter parameter",
     "type": "String"
   },
+  "s3:deliverysourcearn": {
+    "key": "s3:deliverySourceArn",
+    "description": "Filters access by specific delivery source Amazon Resource Name (ARN)",
+    "type": "ARN"
+  },
   "s3:destinationregion": {
     "key": "s3:destinationRegion",
     "description": "Filters access by a specific replication destination region for targeted buckets of the AWS FIS action aws:s3:bucket-pause-replication",
@@ -149,6 +154,11 @@
     "description": "Filters access by a specific Region",
     "type": "String"
   },
+  "s3:logtype": {
+    "key": "s3:logType",
+    "description": "Filters access by specific log type, currently supports S3_SERVER_ACCESS_LOGS",
+    "type": "String"
+  },
   "s3:max-keys": {
     "key": "s3:max-keys",
     "description": "Filters access by maximum number of keys returned in a ListBucket request",
@@ -179,6 +189,11 @@
     "description": "Filters access by key name prefix",
     "type": "String"
   },
+  "s3:resourcearnbeingauthorized": {
+    "key": "s3:resourceArnBeingAuthorized",
+    "description": "Filters access by source bucket Amazon Resource Name (ARN)",
+    "type": "ARN"
+  },
   "s3:signatureage": {
     "key": "s3:signatureAge",
     "description": "Filters access by the age in milliseconds of the request signature",

package/data/conditionKeys/signin.json

@@ -1 +1,7 @@
-{}
+{
+  "signin:principalarn": {
+    "key": "signin:PrincipalArn",
+    "description": "Filters access by the principal ARN during pre-authentication console sign-in",
+    "type": "ARN"
+  }
+}

package/data/resourceTypes/securityagent.json

@@ -33,5 +33,12 @@
     "conditionKeys": [
       "aws:ResourceTag/${TagKey}"
     ]
+  },
+  "privateconnection": {
+    "key": "PrivateConnection",
+    "arn": "arn:${Partition}:securityagent:${Region}:${Account}:private-connection/${PrivateConnectionName}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
   }
 }

package/data/resourceTypes/signin.json

@@ -6,5 +6,9 @@
   "oauth2-public-client-remote": {
     "key": "oauth2-public-client-remote",
     "arn": "arn:${Partition}:signin:${Region}:${Account}:oauth2/public-client/remote"
+  },
+  "console": {
+    "key": "console",
+    "arn": "arn:${Partition}:signin:::console/${ConsoleName}"
   }
 }

package/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@cloud-copilot/iam-data",
-  "version": "0.19.202606111",
+  "version": "0.19.202606131",
   "description": "AWS IAM Data",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/cloud-copilot/iam-data.git"
   },
-  "updatedAt": "2026-06-11T06:14:53.087Z",
+  "updatedAt": "2026-06-13T06:04:42.729Z",
   "exports": {
     ".": {
       "import": "./dist/esm/index.js",