@cloud-copilot/iam-data 0.9.202506181 → 0.9.202506191

package/data/actions/acm.json

@@ -49,7 +49,7 @@
   },
   "exportcertificate": {
     "name": "ExportCertificate",
-    "description": "Grants permission to export a private certificate issued by a private certificate authority (CA) for use anywhere",
+    "description": "Grants permission to export an exportable certificate for use anywhere",
     "accessLevel": "Read",
     "resourceTypes": [
       {
@@ -59,7 +59,9 @@
         "dependentActions": []
       }
     ],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "acm:DomainNames"
+    ],
     "dependentActions": []
   },
   "getaccountconfiguration": {
@@ -179,7 +181,8 @@
       "acm:CertificateTransparencyLogging",
       "acm:ValidationMethod",
       "acm:KeyAlgorithm",
-      "acm:CertificateAuthority"
+      "acm:CertificateAuthority",
+      "acm:Export"
     ],
     "dependentActions": []
   },
@@ -198,6 +201,23 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "revokecertificate": {
+    "name": "RevokeCertificate",
+    "description": "Grants permission to revoke an exportable certificate",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "certificate",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "acm:DomainNames"
+    ],
+    "dependentActions": []
+  },
   "updatecertificateoptions": {
     "name": "UpdateCertificateOptions",
     "description": "Grants permission to update a certificate configuration. Use this to specify whether to opt in to or out of certificate transparency logging",

package/data/actions/backup.json

@@ -1,4 +1,21 @@
 {
+  "associatebackupvaultmpaapprovalteam": {
+    "name": "AssociateBackupVaultMpaApprovalTeam",
+    "description": "Grants permission to associate an MPA approval team with a backup vault",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "backupVault",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "backup:MpaApprovalTeamArn"
+    ],
+    "dependentActions": []
+  },
   "cancellegalhold": {
     "name": "CancelLegalHold",
     "description": "Grants permission to cancel a legal hold",
@@ -179,6 +196,24 @@
     ],
     "dependentActions": []
   },
+  "createrestoreaccessbackupvault": {
+    "name": "CreateRestoreAccessBackupVault",
+    "description": "Grants permission to create a restore access backup vault",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "backupVault",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys"
+    ],
+    "dependentActions": []
+  },
   "createrestoretestingplan": {
     "name": "CreateRestoreTestingPlan",
     "description": "Grants permission to create a new restore testing plan",
@@ -511,6 +546,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "disassociatebackupvaultmpaapprovalteam": {
+    "name": "DisassociateBackupVaultMpaApprovalTeam",
+    "description": "Grants permission to disassociate an MPA approval team from a backup vault",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "backupVault",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "disassociaterecoverypoint": {
     "name": "DisassociateRecoveryPoint",
     "description": "Grants permission to disassociate a recovery point from a backup vault",
@@ -936,6 +986,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "listrestoreaccessbackupvaults": {
+    "name": "ListRestoreAccessBackupVaults",
+    "description": "Grants permission to list a restore access backup vaults associated with a backup vault",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "backupVault",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listrestorejobsummaries": {
     "name": "ListRestoreJobSummaries",
     "description": "Grants permission to list restore job summaries",
@@ -1107,6 +1172,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "revokerestoreaccessbackupvault": {
+    "name": "RevokeRestoreAccessBackupVault",
+    "description": "Grants permission to revoke a restore access backup vault",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "backupVault",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "searchrecoverypoint": {
     "name": "SearchRecoveryPoint",
     "isPermissionOnly": true,

package/data/actions/lex.json

@@ -235,6 +235,27 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "createresourcepolicystatement": {
+    "name": "CreateResourcePolicyStatement",
+    "description": "Grants permission to create a new resource policy statement for a Lex resource",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bot",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "bot alias",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "createslot": {
     "name": "CreateSlot",
     "description": "Grants permission to create a new slot in an intent",
@@ -485,6 +506,27 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "deleteresourcepolicystatement": {
+    "name": "DeleteResourcePolicyStatement",
+    "description": "Grants permission to delete an existing resource policy statement for a Lex resource",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bot",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "bot alias",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "deletesession": {
     "name": "DeleteSession",
     "description": "Removes session information for a specified bot, alias, and user ID",

package/data/actions/mpa.json

@@ -0,0 +1,313 @@
+{
+  "cancelsession": {
+    "name": "CancelSession",
+    "description": "Grants permission to cancel an approval session",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "session",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}",
+      "mpa:RequestedOperation",
+      "mpa:ProtectedResourceAccount"
+    ],
+    "dependentActions": []
+  },
+  "createapprovalteam": {
+    "name": "CreateApprovalTeam",
+    "description": "Grants permission to create an approval team",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "approval-team",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys"
+    ],
+    "dependentActions": []
+  },
+  "createidentitysource": {
+    "name": "CreateIdentitySource",
+    "description": "Grants permission to create an identity source",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "identity-source",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys"
+    ],
+    "dependentActions": []
+  },
+  "deleteidentitysource": {
+    "name": "DeleteIdentitySource",
+    "description": "Grants permission to delete an identity source",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "identity-source",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "deleteinactiveapprovalteamversion": {
+    "name": "DeleteInactiveApprovalTeamVersion",
+    "description": "Grants permission to delete an inactive approval team",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "approval-team",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "deleteresourcepolicy": {
+    "name": "DeleteResourcePolicy",
+    "isPermissionOnly": true,
+    "description": "Grants permission to delete a resource policy",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getapprovalteam": {
+    "name": "GetApprovalTeam",
+    "description": "Grants permission to retrieve details for an approval team",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "approval-team",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "getidentitysource": {
+    "name": "GetIdentitySource",
+    "description": "Grants permission to retrieve details for an identity source",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "identity-source",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "getpolicyversion": {
+    "name": "GetPolicyVersion",
+    "description": "Grants permission to retrieve details for a policy",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getresourcepolicy": {
+    "name": "GetResourcePolicy",
+    "description": "Grants permission to retrieve details for a specific resource",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getsession": {
+    "name": "GetSession",
+    "description": "Grants permission to retrieve details for an approval session",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "session",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}",
+      "mpa:RequestedOperation",
+      "mpa:ProtectedResourceAccount"
+    ],
+    "dependentActions": []
+  },
+  "listapprovalteams": {
+    "name": "ListApprovalTeams",
+    "description": "Grants permission to list approval teams",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listidentitysources": {
+    "name": "ListIdentitySources",
+    "description": "Grants permission to list identity sources",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listpolicies": {
+    "name": "ListPolicies",
+    "description": "Grants permission to list policies",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listpolicyversions": {
+    "name": "ListPolicyVersions",
+    "description": "Grants permission to list the versions for policies",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listresourcepolicies": {
+    "name": "ListResourcePolicies",
+    "description": "Grants permission to list policies for a resource",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listsessions": {
+    "name": "ListSessions",
+    "description": "Grants permission to list approval sessions",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listtagsforresource": {
+    "name": "ListTagsForResource",
+    "description": "Grants permission to list tags for a resource",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "putresourcepolicy": {
+    "name": "PutResourcePolicy",
+    "isPermissionOnly": true,
+    "description": "Grants permission to create or update policies for a resource",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "startactiveapprovalteamdeletion": {
+    "name": "StartActiveApprovalTeamDeletion",
+    "description": "Grants permission to start the deletion process for an active approval team",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "approval-team",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "startsession": {
+    "name": "StartSession",
+    "isPermissionOnly": true,
+    "description": "Grants permission to start an approval session",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "session",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}",
+      "mpa:RequestedOperation",
+      "mpa:ProtectedResourceAccount"
+    ],
+    "dependentActions": []
+  },
+  "tagresource": {
+    "name": "TagResource",
+    "description": "Grants permission to tag a resource",
+    "accessLevel": "Tagging",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys"
+    ],
+    "dependentActions": []
+  },
+  "untagresource": {
+    "name": "UntagResource",
+    "description": "Grants permission to untag a resource",
+    "accessLevel": "Tagging",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys"
+    ],
+    "dependentActions": []
+  },
+  "updateapprovalteam": {
+    "name": "UpdateApprovalTeam",
+    "description": "Grants permission to update approval team",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "approval-team",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  }
+}

package/data/actions/support.json

@@ -230,5 +230,13 @@
     "resourceTypes": [],
     "conditionKeys": [],
     "dependentActions": []
+  },
+  "updateinteraction": {
+    "name": "UpdateInteraction",
+    "description": "Grants permission to update a specific interaction to receive personalized troubleshooting assistance for account and technical issues",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
   }
 }

package/data/conditionKeys/acm.json

@@ -14,6 +14,11 @@
     "description": "Filters access by domainNames in the request. This key can be used to restrict which domains can be in certificate requests",
     "type": "ArrayOfString"
   },
+  "acm:export": {
+    "key": "acm:Export",
+    "description": "Filters access by the export option in the request. Can be used to restrict creation of certificates that can be exported",
+    "type": "String"
+  },
   "acm:keyalgorithm": {
     "key": "acm:KeyAlgorithm",
     "description": "Filters access by keyAlgorithm in the request",

package/data/conditionKeys/backup.json

@@ -26,7 +26,7 @@
   },
   "backup:copytargets": {
     "key": "backup:CopyTargets",
-    "description": "Filters access by the ARN of an backup vault",
+    "description": "Filters access by the ARN of a backup vault",
     "type": "ArrayOfARN"
   },
   "backup:frameworkarns": {
@@ -48,5 +48,10 @@
     "key": "backup:MinRetentionDays",
     "description": "Filters access by the value of the MinRetentionDays parameter",
     "type": "Numeric"
+  },
+  "backup:mpaapprovalteamarn": {
+    "key": "backup:MpaApprovalTeamArn",
+    "description": "Filters access by the MPA Approval Team ARN of a backup vault",
+    "type": "ARN"
   }
 }

package/data/conditionKeys/mpa.json

@@ -0,0 +1,27 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair that is allowed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair of a resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by a list of tag keys that are allowed in the request",
+    "type": "ArrayOfString"
+  },
+  "mpa:protectedresourceaccount": {
+    "key": "mpa:ProtectedResourceAccount",
+    "description": "Filters access by the account that owns the resource that is the target of the operation that requires approval",
+    "type": "String"
+  },
+  "mpa:requestedoperation": {
+    "key": "mpa:RequestedOperation",
+    "description": "Filters access by a requested operation that requires team approval before it can be executed",
+    "type": "String"
+  }
+}

package/data/resourceTypes/mpa.json

@@ -0,0 +1,23 @@
+{
+  "approval-team": {
+    "key": "approval-team",
+    "arn": "arn:${Partition}:mpa:${Region}:${Account}:approval-team/${Arn}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
+  "identity-source": {
+    "key": "identity-source",
+    "arn": "arn:${Partition}:mpa:${Region}:${Account}:identity-source/${IdentitySourceArn}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
+  "session": {
+    "key": "session",
+    "arn": "arn:${Partition}:mpa:${Region}:${Account}:session/${SessionArn}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  }
+}

package/data/serviceNames.json

@@ -256,6 +256,7 @@
   "mobileanalytics": "Amazon Mobile Analytics",
   "mobiletargeting": "Amazon Pinpoint",
   "monitron": "Amazon Monitron",
+  "mpa": "Multi-party approval",
   "mq": "Amazon MQ",
   "neptune-db": "Amazon Neptune",
   "neptune-graph": "Amazon Neptune Analytics",

package/data/services.json

@@ -256,6 +256,7 @@
   "mobileanalytics",
   "mobiletargeting",
   "monitron",
+  "mpa",
   "mq",
   "neptune-db",
   "neptune-graph",

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@cloud-copilot/iam-data",
-  "version": "0.9.202506181",
+  "version": "0.9.202506191",
   "description": "AWS IAM Data",
   "repository": "github:cloud-copilot/iam-data",
-  "updatedAt": "2025-06-18T04:53:23.704Z",
+  "updatedAt": "2025-06-19T04:52:35.673Z",
   "exports": {
     ".": {
       "import": "./dist/esm/index.js",