@cloud-copilot/iam-data 0.9.202412071 → 0.9.202412101

package/data/actions/ec2.json

@@ -152,7 +152,9 @@
         "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
-          "ec2:ResourceTag/${TagKey}"
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:vpceMultiRegion",
+          "ec2:vpceSupportedRegion"
         ],
         "dependentActions": []
       }
@@ -1460,6 +1462,26 @@
     ],
     "dependentActions": []
   },
+  "canceldeclarativepoliciesreport": {
+    "name": "CancelDeclarativePoliciesReport",
+    "description": "Grants permission to cancel a declarative policies report",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "declarative-policies-report",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "cancelexporttask": {
     "name": "CancelExportTask",
     "description": "Grants permission to cancel an active export task",
@@ -3718,6 +3740,15 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "declarative-policies-report",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "dedicated-host",
         "required": false,
@@ -4359,6 +4390,15 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "verified-access-endpoint-target",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "verified-access-group",
         "required": false,
@@ -4447,7 +4487,10 @@
         "required": false,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
-          "ec2:ResourceTag/${TagKey}"
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:vpceMultiRegion",
+          "ec2:vpceServiceRegion",
+          "ec2:vpceSupportedRegion"
         ],
         "dependentActions": []
       },
@@ -5276,6 +5319,44 @@
     ],
     "dependentActions": []
   },
+  "createvpcblockpublicaccessexclusion": {
+    "name": "CreateVpcBlockPublicAccessExclusion",
+    "description": "Grants permission to create an exclusion list for blocked public access on a VPC",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "subnet",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:AvailabilityZone",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:SubnetID",
+          "ec2:Vpc"
+        ],
+        "dependentActions": [
+          "ec2:CreateTags"
+        ]
+      },
+      {
+        "name": "vpc",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:Ipv4IpamPoolId",
+          "ec2:Ipv6IpamPoolId",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:Tenancy",
+          "ec2:VpcID"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "createvpcendpoint": {
     "name": "CreateVpcEndpoint",
     "description": "Grants permission to create a VPC endpoint for an AWS service",
@@ -5360,7 +5441,9 @@
         "required": false,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
-          "ec2:ResourceTag/${TagKey}"
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:vpceMultiRegion",
+          "ec2:vpceServiceRegion"
         ],
         "dependentActions": []
       }
@@ -5381,7 +5464,9 @@
         "conditionKeys": [
           "aws:RequestTag/${TagKey}",
           "aws:TagKeys",
-          "ec2:VpceServicePrivateDnsName"
+          "ec2:VpceServicePrivateDnsName",
+          "ec2:vpceMultiRegion",
+          "ec2:vpceServiceRegion"
         ],
         "dependentActions": [
           "ec2:CreateTags"
@@ -6654,6 +6739,15 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "declarative-policies-report",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "dedicated-host",
         "required": false,
@@ -7221,6 +7315,15 @@
         ],
         "dependentActions": []
       },
+      {
+        "name": "verified-access-endpoint-target",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
       {
         "name": "verified-access-group",
         "required": false,
@@ -7813,6 +7916,26 @@
     ],
     "dependentActions": []
   },
+  "deletevpcblockpublicaccessexclusion": {
+    "name": "DeleteVpcBlockPublicAccessExclusion",
+    "description": "Grants permission to delete an exclusion list for blocked public access on a VPC",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "vpc-block-public-access-exclusion",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "deletevpcendpointconnectionnotifications": {
     "name": "DeleteVpcEndpointConnectionNotifications",
     "description": "Grants permission to delete one or more VPC endpoint connection notifications",
@@ -7832,7 +7955,9 @@
         "required": false,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
-          "ec2:ResourceTag/${TagKey}"
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:vpceMultiRegion",
+          "ec2:vpceSupportedRegion"
         ],
         "dependentActions": []
       }
@@ -7852,7 +7977,9 @@
         "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
-          "ec2:ResourceTag/${TagKey}"
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:vpceMultiRegion",
+          "ec2:vpceSupportedRegion"
         ],
         "dependentActions": []
       }
@@ -8231,6 +8358,76 @@
     ],
     "dependentActions": []
   },
+  "describecapacityblockextensionhistory": {
+    "name": "DescribeCapacityBlockExtensionHistory",
+    "description": "Grants permission to describe Capacity Block extensions history",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "capacity-reservation",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:AvailabilityZone",
+          "ec2:CapacityReservationFleet",
+          "ec2:CreateDate",
+          "ec2:DestinationCapacityReservationId",
+          "ec2:EbsOptimized",
+          "ec2:EndDate",
+          "ec2:EndDateType",
+          "ec2:InstanceCount",
+          "ec2:InstanceMatchCriteria",
+          "ec2:InstancePlatform",
+          "ec2:InstanceType",
+          "ec2:OutpostArn",
+          "ec2:PlacementGroup",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:SourceCapacityReservationId",
+          "ec2:Tenancy"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "describecapacityblockextensionofferings": {
+    "name": "DescribeCapacityBlockExtensionOfferings",
+    "description": "Grants permission to describe Capacity Block extensions offerings",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "capacity-reservation",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:AvailabilityZone",
+          "ec2:CapacityReservationFleet",
+          "ec2:CreateDate",
+          "ec2:DestinationCapacityReservationId",
+          "ec2:EbsOptimized",
+          "ec2:EndDate",
+          "ec2:EndDateType",
+          "ec2:InstanceCount",
+          "ec2:InstanceMatchCriteria",
+          "ec2:InstancePlatform",
+          "ec2:InstanceType",
+          "ec2:OutpostArn",
+          "ec2:PlacementGroup",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:SourceCapacityReservationId",
+          "ec2:Tenancy"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "describecapacityblockofferings": {
     "name": "DescribeCapacityBlockOfferings",
     "description": "Grants permission to describe Capacity Block offerings available for purchase",
@@ -8445,6 +8642,16 @@
     ],
     "dependentActions": []
   },
+  "describedeclarativepoliciesreports": {
+    "name": "DescribeDeclarativePoliciesReports",
+    "description": "Grants permission to describe one or more declarative policies reports",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "describedhcpoptions": {
     "name": "DescribeDhcpOptions",
     "description": "Grants permission to describe one or more DHCP options sets",
@@ -9823,6 +10030,36 @@
     ],
     "dependentActions": []
   },
+  "describevpcblockpublicaccessexclusions": {
+    "name": "DescribeVpcBlockPublicAccessExclusions",
+    "description": "Grants permission to describe an exclusion list for blocked public access on a VPC",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "vpc-block-public-access-exclusion",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "describevpcblockpublicaccessoptions": {
+    "name": "DescribeVpcBlockPublicAccessOptions",
+    "description": "Grants permission to describe options for blocked public access on a VPC",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "describevpcclassiclink": {
     "name": "DescribeVpcClassicLink",
     "description": "Grants permission to describe the ClassicLink status of one or more VPCs",
@@ -9843,6 +10080,28 @@
     ],
     "dependentActions": []
   },
+  "describevpcendpointassociations": {
+    "name": "DescribeVpcEndpointAssociations",
+    "description": "Grants permission to describe the VPC endpoint associations",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "vpc-endpoint",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:VpceServiceName",
+          "ec2:VpceServiceOwner"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "describevpcendpointconnectionnotifications": {
     "name": "DescribeVpcEndpointConnectionNotifications",
     "description": "Grants permission to describe the connection notifications for VPC endpoints and VPC endpoint services",
@@ -9883,7 +10142,9 @@
         "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
-          "ec2:ResourceTag/${TagKey}"
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:vpceMultiRegion",
+          "ec2:vpceSupportedRegion"
         ],
         "dependentActions": []
       }
@@ -10219,6 +10480,16 @@
     ],
     "dependentActions": []
   },
+  "disableallowedimagessettings": {
+    "name": "DisableAllowedImagesSettings",
+    "description": "Grants permission to disable allowed images settings",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "disableawsnetworkperformancemetricsubscription": {
     "name": "DisableAwsNetworkPerformanceMetricSubscription",
     "description": "Grants permission to disable infrastructure performance metric subscriptions",
@@ -11090,6 +11361,16 @@
     ],
     "dependentActions": []
   },
+  "enableallowedimagessettings": {
+    "name": "EnableAllowedImagesSettings",
+    "description": "Grants permission to enable allowed images settings",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "enableawsnetworkperformancemetricsubscription": {
     "name": "EnableAwsNetworkPerformanceMetricSubscription",
     "description": "Grants permission to enable infrastructure performance subscriptions",
@@ -11565,6 +11846,36 @@
     ],
     "dependentActions": []
   },
+  "exportverifiedaccessinstanceclientconfiguration": {
+    "name": "ExportVerifiedAccessInstanceClientConfiguration",
+    "description": "Grants permission to export a verified access instance client configuration",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "verified-access-instance",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "getallowedimagessettings": {
+    "name": "GetAllowedImagesSettings",
+    "description": "Grants permission to get the allowed settings for images",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "getassociatedenclavecertificateiamroles": {
     "name": "GetAssociatedEnclaveCertificateIamRoles",
     "description": "Grants permission to get the list of roles associated with an ACM certificate",
@@ -11717,6 +12028,26 @@
     ],
     "dependentActions": []
   },
+  "getdeclarativepoliciesreportsummary": {
+    "name": "GetDeclarativePoliciesReportSummary",
+    "description": "Grants permission to get the report summary of declarative policies",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "declarative-policies-report",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "getdefaultcreditspecification": {
     "name": "GetDefaultCreditSpecification",
     "description": "Grants permission to get the default credit option for CPU usage of a burstable performance instance family",
@@ -12439,6 +12770,26 @@
     ],
     "dependentActions": []
   },
+  "getverifiedaccessendpointtargets": {
+    "name": "GetVerifiedAccessEndpointTargets",
+    "description": "Grants permission to get verified access endpoint targets",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "verified-access-endpoint",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "getverifiedaccessgrouppolicy": {
     "name": "GetVerifiedAccessGroupPolicy",
     "description": "Grants permission to show the contents of the Verified Access policy associated with the group",
@@ -14514,6 +14865,36 @@
     ],
     "dependentActions": []
   },
+  "modifyvpcblockpublicaccessexclusion": {
+    "name": "ModifyVpcBlockPublicAccessExclusion",
+    "description": "Grants permission to modify an exclusion list for blocked public access on a VPC",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "vpc-block-public-access-exclusion",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "modifyvpcblockpublicaccessoptions": {
+    "name": "ModifyVpcBlockPublicAccessOptions",
+    "description": "Grants permission to modify options for blocked public access on a VPC",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "modifyvpcendpoint": {
     "name": "ModifyVpcEndpoint",
     "description": "Grants permission to modify an attribute of a VPC endpoint",
@@ -14588,7 +14969,9 @@
         "required": false,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
-          "ec2:ResourceTag/${TagKey}"
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:vpceMultiRegion",
+          "ec2:vpceSupportedRegion"
         ],
         "dependentActions": []
       }
@@ -14611,7 +14994,9 @@
           "ec2:Attribute",
           "ec2:Attribute/${AttributeName}",
           "ec2:ResourceTag/${TagKey}",
-          "ec2:VpceServicePrivateDnsName"
+          "ec2:VpceServicePrivateDnsName",
+          "ec2:vpceMultiRegion",
+          "ec2:vpceSupportedRegion"
         ],
         "dependentActions": []
       }
@@ -14633,7 +15018,9 @@
           "aws:ResourceTag/${TagKey}",
           "ec2:Attribute",
           "ec2:Attribute/${AttributeName}",
-          "ec2:ResourceTag/${TagKey}"
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:vpceMultiRegion",
+          "ec2:vpceSupportedRegion"
         ],
         "dependentActions": []
       }
@@ -14655,7 +15042,9 @@
           "aws:ResourceTag/${TagKey}",
           "ec2:Attribute",
           "ec2:Attribute/${AttributeName}",
-          "ec2:ResourceTag/${TagKey}"
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:vpceMultiRegion",
+          "ec2:vpceSupportedRegion"
         ],
         "dependentActions": []
       }
@@ -15105,6 +15494,26 @@
     ],
     "dependentActions": []
   },
+  "purchasecapacityblockextension": {
+    "name": "PurchaseCapacityBlockExtension",
+    "description": "Grants permission to purchase a Capacity Block extension",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "capacity-reservation",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:CapacityReservationFleet"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "purchasehostreservation": {
     "name": "PurchaseHostReservation",
     "description": "Grants permission to purchase a reservation with configurations that match those of a Dedicated Host",
@@ -15463,7 +15872,9 @@
         "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
-          "ec2:ResourceTag/${TagKey}"
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:vpceMultiRegion",
+          "ec2:vpceSupportedRegion"
         ],
         "dependentActions": []
       }
@@ -15599,6 +16010,16 @@
     ],
     "dependentActions": []
   },
+  "replaceimagecriteriainallowedimagessettings": {
+    "name": "ReplaceImageCriteriaInAllowedImagesSettings",
+    "description": "Grants permission to replace image criteria in allowed images settings",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "replacenetworkaclassociation": {
     "name": "ReplaceNetworkAclAssociation",
     "description": "Grants permission to change which network ACL a subnet is associated with",
@@ -16954,6 +17375,16 @@
     ],
     "dependentActions": []
   },
+  "startdeclarativepoliciesreport": {
+    "name": "StartDeclarativePoliciesReport",
+    "description": "Grants permission to start a declarative policies report",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "startinstances": {
     "name": "StartInstances",
     "description": "Grants permission to start a stopped instance",
@@ -17066,7 +17497,9 @@
         "required": true,
         "conditionKeys": [
           "aws:ResourceTag/${TagKey}",
-          "ec2:ResourceTag/${TagKey}"
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:vpceMultiRegion",
+          "ec2:vpceSupportedRegion"
         ],
         "dependentActions": []
       }

package/data/actions/tax.json

@@ -33,7 +33,6 @@
   },
   "getexemptions": {
     "name": "GetExemptions",
-    "isPermissionOnly": true,
     "description": "Grants permission to view tax exemptions data",
     "accessLevel": "Read",
     "resourceTypes": [],
@@ -51,7 +50,6 @@
   },
   "gettaxinheritance": {
     "name": "GetTaxInheritance",
-    "isPermissionOnly": true,
     "description": "Grants permission to view tax inheritance status",
     "accessLevel": "Read",
     "resourceTypes": [],
@@ -109,7 +107,6 @@
   },
   "puttaxinheritance": {
     "name": "PutTaxInheritance",
-    "isPermissionOnly": true,
     "description": "Grants permission to set tax inheritance",
     "accessLevel": "Write",
     "resourceTypes": [],
@@ -135,7 +132,6 @@
   },
   "updateexemptions": {
     "name": "UpdateExemptions",
-    "isPermissionOnly": true,
     "description": "Grants permission to update tax exemptions data",
     "accessLevel": "Write",
     "resourceTypes": [],

package/data/conditionKeys/ec2.json

@@ -643,5 +643,20 @@
     "key": "ec2:transitGatewayRouteTableId",
     "description": "Filters access by the ID of a transit gateway route table",
     "type": "String"
+  },
+  "ec2:vpcemultiregion": {
+    "key": "ec2:vpceMultiRegion",
+    "description": "Filters access by multi region of the VPC endpoint service",
+    "type": "String"
+  },
+  "ec2:vpceserviceregion": {
+    "key": "ec2:vpceServiceRegion",
+    "description": "Filters access by the region of the VPC endpoint service",
+    "type": "String"
+  },
+  "ec2:vpcesupportedregion": {
+    "key": "ec2:vpceSupportedRegion",
+    "description": "Filters access by the supported region of the VPC endpoint service",
+    "type": "String"
   }
 }

package/data/resourceTypes/ec2.json

@@ -105,6 +105,17 @@
       "ec2:ResourceTag/${TagKey}"
     ]
   },
+  "declarative-policies-report": {
+    "key": "declarative-policies-report",
+    "arn": "arn:${Partition}:ec2:${Region}:${Account}:declarative-policies-report/${DeclarativePoliciesReportId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys",
+      "ec2:Region",
+      "ec2:ResourceTag/${TagKey}"
+    ]
+  },
   "dedicated-host": {
     "key": "dedicated-host",
     "arn": "arn:${Partition}:ec2:${Region}:${Account}:dedicated-host/${DedicatedHostId}",
@@ -977,6 +988,17 @@
       "ec2:ResourceTag/${TagKey}"
     ]
   },
+  "verified-access-endpoint-target": {
+    "key": "verified-access-endpoint-target",
+    "arn": "arn:${Partition}:ec2:${Region}:${Account}:verified-access-endpoint-target/${VerifiedAccessEndpointTargetId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys",
+      "ec2:Region",
+      "ec2:ResourceTag/${TagKey}"
+    ]
+  },
   "verified-access-group": {
     "key": "verified-access-group",
     "arn": "arn:${Partition}:ec2:${Region}:${Account}:verified-access-group/${VerifiedAccessGroupId}",
@@ -1046,6 +1068,17 @@
       "ec2:VolumeType"
     ]
   },
+  "vpc-block-public-access-exclusion": {
+    "key": "vpc-block-public-access-exclusion",
+    "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-block-public-access-exclusion/${VpcBlockPublicAccessExclusionId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys",
+      "ec2:Region",
+      "ec2:ResourceTag/${TagKey}"
+    ]
+  },
   "vpc-endpoint-connection": {
     "key": "vpc-endpoint-connection",
     "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint-connection/${VpcEndpointConnectionId}",
@@ -1083,7 +1116,10 @@
       "ec2:Attribute/${AttributeName}",
       "ec2:Region",
       "ec2:ResourceTag/${TagKey}",
-      "ec2:VpceServicePrivateDnsName"
+      "ec2:VpceServicePrivateDnsName",
+      "ec2:vpceMultiRegion",
+      "ec2:vpceServiceRegion",
+      "ec2:vpceSupportedRegion"
     ]
   },
   "vpc-endpoint-service-permission": {

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@cloud-copilot/iam-data",
-  "version": "0.9.202412071",
+  "version": "0.9.202412101",
   "description": "AWS IAM Data",
   "repository": "github:cloud-copilot/iam-data",
-  "updatedAt": "2024-12-07T04:46:27.746Z",
+  "updatedAt": "2024-12-10T04:47:20.347Z",
   "exports": {
     ".": {
       "import": "./dist/esm/index.js",