@cloud-copilot/iam-data 0.9.202504291 → 0.9.202504301

package/data/actions/dsql.json

@@ -115,6 +115,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getvpcendpointservicename": {
+    "name": "GetVpcEndpointServiceName",
+    "description": "Grants permission to retrieve endpoint service name specific to a cluster",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "Cluster",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listclusters": {
     "name": "ListClusters",
     "description": "Grants permission to retrieve a list of clusters",

package/data/actions/ec2.json

@@ -746,6 +746,39 @@
     ],
     "dependentActions": []
   },
+  "associaterouteserver": {
+    "name": "AssociateRouteServer",
+    "description": "Grants permission to associate a route server with a VPC",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "route-server",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "vpc",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:Ipv4IpamPoolId",
+          "ec2:Ipv6IpamPoolId",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:Tenancy",
+          "ec2:VpcID"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "associateroutetable": {
     "name": "AssociateRouteTable",
     "description": "Grants permission to associate a subnet or gateway with a route table",
@@ -1717,7 +1750,20 @@
         "conditionKeys": [
           "aws:RequestTag/${TagKey}",
           "aws:TagKeys",
-          "ec2:CapacityReservationFleet"
+          "ec2:AvailabilityZone",
+          "ec2:AvailabilityZoneId",
+          "ec2:CapacityReservationFleet",
+          "ec2:EbsOptimized",
+          "ec2:EndDate",
+          "ec2:EndDateType",
+          "ec2:EphemeralStorage",
+          "ec2:InstanceCount",
+          "ec2:InstanceMatchCriteria",
+          "ec2:InstancePlatform",
+          "ec2:InstanceType",
+          "ec2:OutpostArn",
+          "ec2:PlacementGroup",
+          "ec2:Tenancy"
         ],
         "dependentActions": [
           "ec2:CreateTags"
@@ -3413,6 +3459,112 @@
     ],
     "dependentActions": []
   },
+  "createrouteserver": {
+    "name": "CreateRouteServer",
+    "description": "Grants permission to create a route server",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "route-server",
+        "required": true,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:TagKeys"
+        ],
+        "dependentActions": [
+          "ec2:CreateTags",
+          "sns:CreateTopic"
+        ]
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "createrouteserverendpoint": {
+    "name": "CreateRouteServerEndpoint",
+    "description": "Grants permission to create a route server endpoint",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "route-server",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": [
+          "ec2:AuthorizeSecurityGroupIngress",
+          "ec2:CreateNetworkInterface",
+          "ec2:CreateNetworkInterfacePermission",
+          "ec2:CreateSecurityGroup",
+          "ec2:CreateTags",
+          "ec2:DescribeSecurityGroups"
+        ]
+      },
+      {
+        "name": "route-server-endpoint",
+        "required": true,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:AvailabilityZone"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "subnet",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:AvailabilityZone",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:SubnetID",
+          "ec2:Vpc"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "createrouteserverpeer": {
+    "name": "CreateRouteServerPeer",
+    "description": "Grants permission to create a route server peer",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "route-server-endpoint",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:AvailabilityZone",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": [
+          "ec2:AuthorizeSecurityGroupIngress",
+          "ec2:CreateTags"
+        ]
+      },
+      {
+        "name": "route-server-peer",
+        "required": true,
+        "conditionKeys": [
+          "aws:RequestTag/${TagKey}",
+          "aws:TagKeys",
+          "ec2:AvailabilityZone"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "createroutetable": {
     "name": "CreateRouteTable",
     "description": "Grants permission to create a route table for a VPC",
@@ -6777,6 +6929,76 @@
     ],
     "dependentActions": []
   },
+  "deleterouteserver": {
+    "name": "DeleteRouteServer",
+    "description": "Grants permission to delete a route server",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "route-server",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": [
+          "sns:DeleteTopic"
+        ]
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "deleterouteserverendpoint": {
+    "name": "DeleteRouteServerEndpoint",
+    "description": "Grants permission to delete a route server endpoint",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "route-server-endpoint",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:AvailabilityZone",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": [
+          "ec2:DeleteNetworkInterface",
+          "ec2:DeleteSecurityGroup",
+          "ec2:RevokeSecurityGroupIngress"
+        ]
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "deleterouteserverpeer": {
+    "name": "DeleteRouteServerPeer",
+    "description": "Grants permission to delete a route server peer",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "route-server-peer",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:AvailabilityZone",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": [
+          "ec2:RevokeSecurityGroupIngress"
+        ]
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "deleteroutetable": {
     "name": "DeleteRouteTable",
     "description": "Grants permission to delete a route table",
@@ -8766,32 +8988,7 @@
     "name": "DescribeCapacityBlockExtensionHistory",
     "description": "Grants permission to describe Capacity Block extensions history",
     "accessLevel": "List",
-    "resourceTypes": [
-      {
-        "name": "capacity-reservation",
-        "required": false,
-        "conditionKeys": [
-          "aws:ResourceTag/${TagKey}",
-          "ec2:AvailabilityZone",
-          "ec2:CapacityReservationFleet",
-          "ec2:CreateDate",
-          "ec2:DestinationCapacityReservationId",
-          "ec2:EbsOptimized",
-          "ec2:EndDate",
-          "ec2:EndDateType",
-          "ec2:InstanceCount",
-          "ec2:InstanceMatchCriteria",
-          "ec2:InstancePlatform",
-          "ec2:InstanceType",
-          "ec2:OutpostArn",
-          "ec2:PlacementGroup",
-          "ec2:ResourceTag/${TagKey}",
-          "ec2:SourceCapacityReservationId",
-          "ec2:Tenancy"
-        ],
-        "dependentActions": []
-      }
-    ],
+    "resourceTypes": [],
     "conditionKeys": [
       "ec2:Region"
     ],
@@ -8942,23 +9139,7 @@
     "name": "DescribeClientVpnEndpoints",
     "description": "Grants permission to describe one or more Client VPN endpoints",
     "accessLevel": "List",
-    "resourceTypes": [
-      {
-        "name": "client-vpn-endpoint",
-        "required": false,
-        "conditionKeys": [
-          "aws:ResourceTag/${TagKey}",
-          "ec2:ClientRootCertificateChainArn",
-          "ec2:CloudwatchLogGroupArn",
-          "ec2:CloudwatchLogStreamArn",
-          "ec2:DirectoryArn",
-          "ec2:ResourceTag/${TagKey}",
-          "ec2:SamlProviderArn",
-          "ec2:ServerCertificateArn"
-        ],
-        "dependentActions": []
-      }
-    ],
+    "resourceTypes": [],
     "conditionKeys": [
       "ec2:Region"
     ],
@@ -9893,6 +10074,36 @@
     ],
     "dependentActions": []
   },
+  "describerouteserverendpoints": {
+    "name": "DescribeRouteServerEndpoints",
+    "description": "Grants permission to describe one or more route server endpoints",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "describerouteserverpeers": {
+    "name": "DescribeRouteServerPeers",
+    "description": "Grants permission to describe one or more route server peers",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "describerouteservers": {
+    "name": "DescribeRouteServers",
+    "description": "Grants permission to describe one or more route servers",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "describeroutetables": {
     "name": "DescribeRouteTables",
     "description": "Grants permission to describe one or more route tables",
@@ -10479,19 +10690,7 @@
     "name": "DescribeVpcEndpointAssociations",
     "description": "Grants permission to describe the VPC endpoint associations",
     "accessLevel": "List",
-    "resourceTypes": [
-      {
-        "name": "vpc-endpoint",
-        "required": false,
-        "conditionKeys": [
-          "aws:ResourceTag/${TagKey}",
-          "ec2:ResourceTag/${TagKey}",
-          "ec2:VpceServiceName",
-          "ec2:VpceServiceOwner"
-        ],
-        "dependentActions": []
-      }
-    ],
+    "resourceTypes": [],
     "conditionKeys": [
       "ec2:Region"
     ],
@@ -11057,6 +11256,37 @@
       "organizations:DeregisterDelegatedAdministrator"
     ]
   },
+  "disablerouteserverpropagation": {
+    "name": "DisableRouteServerPropagation",
+    "description": "Grants permission to disable route server propagation",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "route-server",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "route-table",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:RouteTableID",
+          "ec2:Vpc"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "disableserialconsoleaccess": {
     "name": "DisableSerialConsoleAccess",
     "description": "Grants permission to disable access to the EC2 serial console of all instances for your account",
@@ -11450,6 +11680,39 @@
     ],
     "dependentActions": []
   },
+  "disassociaterouteserver": {
+    "name": "DisassociateRouteServer",
+    "description": "Grants permission to disassociate a route server from a VPC",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "route-server",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "vpc",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:Ipv4IpamPoolId",
+          "ec2:Ipv6IpamPoolId",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:Tenancy",
+          "ec2:VpcID"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "disassociateroutetable": {
     "name": "DisassociateRouteTable",
     "description": "Grants permission to disassociate a subnet from a route table",
@@ -11982,6 +12245,37 @@
       "organizations:EnableAWSServiceAccess"
     ]
   },
+  "enablerouteserverpropagation": {
+    "name": "EnableRouteServerPropagation",
+    "description": "Grants permission to enable route server propagation",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "route-server",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "route-table",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:RouteTableID",
+          "ec2:Vpc"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "enableserialconsoleaccess": {
     "name": "EnableSerialConsoleAccess",
     "description": "Grants permission to enable access to the EC2 serial console of all instances for your account",
@@ -12990,6 +13284,77 @@
     ],
     "dependentActions": []
   },
+  "getrouteserverassociations": {
+    "name": "GetRouteServerAssociations",
+    "description": "Grants permission to get associations for a route server",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "route-server",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "getrouteserverpropagations": {
+    "name": "GetRouteServerPropagations",
+    "description": "Grants permission to get propagations for a route server",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "route-server",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "route-table",
+        "required": false,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}",
+          "ec2:RouteTableID",
+          "ec2:Vpc"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
+  "getrouteserverroutingdatabase": {
+    "name": "GetRouteServerRoutingDatabase",
+    "description": "Grants permission to get the routing database for a route server",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "route-server",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "getsecuritygroupsforvpc": {
     "name": "GetSecurityGroupsForVpc",
     "description": "Grants permission to retrieve a list of security groups for a specified VPC",
@@ -14691,6 +15056,26 @@
     ],
     "dependentActions": []
   },
+  "modifyrouteserver": {
+    "name": "ModifyRouteServer",
+    "description": "Grants permission to modify a route server",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "route-server",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ec2:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ec2:Region"
+    ],
+    "dependentActions": []
+  },
   "modifysecuritygrouprules": {
     "name": "ModifySecurityGroupRules",
     "description": "Grants permission to modify the rules of a security group",

package/data/conditionKeys/ec2.json

@@ -74,6 +74,11 @@
     "description": "Filters access by the name of an Availability Zone in an AWS Region",
     "type": "String"
   },
+  "ec2:availabilityzoneid": {
+    "key": "ec2:AvailabilityZoneId",
+    "description": "Filters access by the ID of an Availability Zone in an AWS Region",
+    "type": "String"
+  },
   "ec2:capacityreservationfleet": {
     "key": "ec2:CapacityReservationFleet",
     "description": "Filters access by the ARN of the Capacity Reservation Fleet",
@@ -159,6 +164,11 @@
     "description": "Filters access by the way in which the Capacity Reservation ends",
     "type": "String"
   },
+  "ec2:ephemeralstorage": {
+    "key": "ec2:EphemeralStorage",
+    "description": "Filters access by whether the instance is enabled for ephemeral storage",
+    "type": "Bool"
+  },
   "ec2:fisactionid": {
     "key": "ec2:FisActionId",
     "description": "Filters access by the ID of an AWS FIS action",

package/data/resourceTypes/ec2.json

@@ -38,12 +38,14 @@
       "ec2:Attribute",
       "ec2:Attribute/${AttributeName}",
       "ec2:AvailabilityZone",
+      "ec2:AvailabilityZoneId",
       "ec2:CapacityReservationFleet",
       "ec2:CreateDate",
       "ec2:DestinationCapacityReservationId",
       "ec2:EbsOptimized",
       "ec2:EndDate",
       "ec2:EndDateType",
+      "ec2:EphemeralStorage",
       "ec2:InstanceCount",
       "ec2:InstanceMatchCriteria",
       "ec2:InstancePlatform",
@@ -715,6 +717,41 @@
     "key": "role",
     "arn": "arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}"
   },
+  "route-server-endpoint": {
+    "key": "route-server-endpoint",
+    "arn": "arn:${Partition}:ec2:${Region}:${Account}:route-server-endpoint/${RouteServerEndpointId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys",
+      "ec2:AvailabilityZone",
+      "ec2:Region",
+      "ec2:ResourceTag/${TagKey}"
+    ]
+  },
+  "route-server": {
+    "key": "route-server",
+    "arn": "arn:${Partition}:ec2:${Region}:${Account}:route-server/${RouteServerId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys",
+      "ec2:Region",
+      "ec2:ResourceTag/${TagKey}"
+    ]
+  },
+  "route-server-peer": {
+    "key": "route-server-peer",
+    "arn": "arn:${Partition}:ec2:${Region}:${Account}:route-server-peer/${RouteServerPeerId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys",
+      "ec2:AvailabilityZone",
+      "ec2:Region",
+      "ec2:ResourceTag/${TagKey}"
+    ]
+  },
   "route-table": {
     "key": "route-table",
     "arn": "arn:${Partition}:ec2:${Region}:${Account}:route-table/${RouteTableId}",

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@cloud-copilot/iam-data",
-  "version": "0.9.202504291",
+  "version": "0.9.202504301",
   "description": "AWS IAM Data",
   "repository": "github:cloud-copilot/iam-data",
-  "updatedAt": "2025-04-29T04:47:00.893Z",
+  "updatedAt": "2025-04-30T04:48:40.474Z",
   "exports": {
     ".": {
       "import": "./dist/esm/index.js",