@cloud-copilot/iam-data 0.9.202506261 → 0.9.202507021

package/data/actions/organizations.json

@@ -289,7 +289,7 @@
   },
   "describeorganization": {
     "name": "DescribeOrganization",
-    "description": "Grants permission to retrieves details about the organization that the calling credentials belong to",
+    "description": "Grants permission to retrieve details about the organization that the calling credentials belong to",
     "accessLevel": "Read",
     "resourceTypes": [],
     "conditionKeys": [],
@@ -312,7 +312,7 @@
   },
   "describepolicy": {
     "name": "DescribePolicy",
-    "description": "Grants permission to retrieves details about a policy",
+    "description": "Grants permission to retrieve details about a policy",
     "accessLevel": "Read",
     "resourceTypes": [
       {
@@ -468,7 +468,7 @@
   },
   "listaccounts": {
     "name": "ListAccounts",
-    "description": "Grants permission to list all of the the accounts in the organization",
+    "description": "Grants permission to list all of the accounts in the organization",
     "accessLevel": "List",
     "resourceTypes": [],
     "conditionKeys": [],
@@ -567,7 +567,7 @@
   },
   "listorganizationalunitsforparent": {
     "name": "ListOrganizationalUnitsForParent",
-    "description": "Grants permission to lists all of the organizational units (OUs) in a parent organizational unit or root",
+    "description": "Grants permission to list all of the organizational units (OUs) in a parent organizational unit or root",
     "accessLevel": "List",
     "resourceTypes": [
       {
@@ -774,7 +774,7 @@
   },
   "removeaccountfromorganization": {
     "name": "RemoveAccountFromOrganization",
-    "description": "Grants permission to removes the specified account from the organization",
+    "description": "Grants permission to remove the specified account from the organization",
     "accessLevel": "Write",
     "resourceTypes": [
       {

package/data/actions/qbusiness.json

@@ -192,6 +192,27 @@
     "name": "CreateDataAccessor",
     "description": "Grants permission to create DataAccessor to the application",
     "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "application",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": [
+          "qbusiness:CreateDataAccessorWithTti"
+        ]
+      }
+    ],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys"
+    ],
+    "dependentActions": []
+  },
+  "createdataaccessorwithtti": {
+    "name": "CreateDataAccessorWithTti",
+    "isPermissionOnly": true,
+    "description": "Grants permission to create AWS IAM Identity center Trusted Token Issuer based DataAccessor to the application",
+    "accessLevel": "Write",
     "resourceTypes": [
       {
         "name": "application",
@@ -1292,6 +1313,7 @@
   },
   "putresourcepolicy": {
     "name": "PutResourcePolicy",
+    "isPermissionOnly": true,
     "description": "Grants permission to put resource based policy statement to the application",
     "accessLevel": "Write",
     "resourceTypes": [

package/data/actions/rekognition.json

@@ -608,14 +608,7 @@
     "name": "ListStreamProcessors",
     "description": "Grants permission to get a list of your stream processors",
     "accessLevel": "List",
-    "resourceTypes": [
-      {
-        "name": "streamprocessor",
-        "required": true,
-        "conditionKeys": [],
-        "dependentActions": []
-      }
-    ],
+    "resourceTypes": [],
     "conditionKeys": [],
     "dependentActions": []
   },

package/data/actions/vpc-lattice.json

@@ -1,4 +1,13 @@
 {
+  "associateviaawsservice": {
+    "name": "AssociateViaAWSService",
+    "isPermissionOnly": true,
+    "description": "Grants permission to associate a resource configuration through any AWS service managed networks",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "associateviaawsservice-eventsandstates": {
     "name": "AssociateViaAWSService-EventsAndStates",
     "isPermissionOnly": true,

package/data/conditionKeys/apigateway.json

@@ -29,6 +29,11 @@
     "description": "Filters access by URI of a Lambda authorizer function. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString",
     "type": "ArrayOfString"
   },
+  "apigateway:request/conditionbasepaths": {
+    "key": "apigateway:Request/ConditionBasePaths",
+    "description": "Filters access by base paths defined on the condition of a routing rule. Available during the CreateRoutingRule and UpdateRoutingRule operations",
+    "type": "ArrayOfString"
+  },
   "apigateway:request/disableexecuteapiendpoint": {
     "key": "apigateway:Request/DisableExecuteApiEndpoint",
     "description": "Filters access by status of the default execute-api endpoint. Available during the CreateRestApi and DeleteRestApi operations",
@@ -49,11 +54,21 @@
     "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during the CreateDomainName and UpdateDomainName operations",
     "type": "String"
   },
+  "apigateway:request/priority": {
+    "key": "apigateway:Request/Priority",
+    "description": "Filters access by priority of the routing rule. Available during the CreateRoutingRule and UpdateRoutingRule operations",
+    "type": "Numeric"
+  },
   "apigateway:request/routeauthorizationtype": {
     "key": "apigateway:Request/RouteAuthorizationType",
     "description": "Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the CreateMethod and PutMethod operations Also available as a collection during import",
     "type": "ArrayOfString"
   },
+  "apigateway:request/routingmode": {
+    "key": "apigateway:Request/RoutingMode",
+    "description": "Filters access by routing mode of the domain name. Available during the CreateDomainName and UpdateDomainName operations",
+    "type": "String"
+  },
   "apigateway:request/securitypolicy": {
     "key": "apigateway:Request/SecurityPolicy",
     "description": "Filters access by TLS version. Available during the CreateDomain and UpdateDomain operations",
@@ -94,6 +109,11 @@
     "description": "Filters access by URI of a Lambda authorizer function. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during reimport as an ArrayOfString",
     "type": "ArrayOfString"
   },
+  "apigateway:resource/conditionbasepaths": {
+    "key": "apigateway:Resource/ConditionBasePaths",
+    "description": "Filters access by base paths defined on the condition of the existing routing rule. Available during the UpdateRoutingRule and DeleteRoutingRule operations",
+    "type": "ArrayOfString"
+  },
   "apigateway:resource/disableexecuteapiendpoint": {
     "key": "apigateway:Resource/DisableExecuteApiEndpoint",
     "description": "Filters access by status of the default execute-api endpoint of the current RestApi resource. Available during UpdateRestApi and DeleteRestApi operations",
@@ -114,11 +134,21 @@
     "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations",
     "type": "String"
   },
+  "apigateway:resource/priority": {
+    "key": "apigateway:Resource/Priority",
+    "description": "Filters access by priority of the existing routing rule. Available during the UpdateRoutingRule and DeleteRoutingRule operations",
+    "type": "Numeric"
+  },
   "apigateway:resource/routeauthorizationtype": {
     "key": "apigateway:Resource/RouteAuthorizationType",
     "description": "Filters access by authorization type of the existing Method resource, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport",
     "type": "ArrayOfString"
   },
+  "apigateway:resource/routingmode": {
+    "key": "apigateway:Resource/RoutingMode",
+    "description": "Filters access by routing mode of the domain name. Available during the UpdateDomainName and DeleteDomainName operations",
+    "type": "String"
+  },
   "apigateway:resource/securitypolicy": {
     "key": "apigateway:Resource/SecurityPolicy",
     "description": "Filters access by TLS version. Available during UpdateDomain and DeleteDomain operations",

package/data/conditionKeys/iotmanagedintegrations.json

@@ -1 +1,17 @@
-{}
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair that is allowed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair of a resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  }
+}

package/data/conditionKeys/odb.json

@@ -0,0 +1,17 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair that is allowed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair of a resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by a list of tag keys that are allowed in the request",
+    "type": "ArrayOfString"
+  }
+}

package/data/resourceTypes/apigateway.json

@@ -211,6 +211,15 @@
       "aws:ResourceTag/${TagKey}"
     ]
   },
+  "routingrule": {
+    "key": "RoutingRule",
+    "arn": "arn:${Partition}:apigateway:${Region}:${Account}:/domainnames/${DomainName}/routingrules/${RoutingRuleId}",
+    "conditionKeys": [
+      "apigateway:Resource/ConditionBasePaths",
+      "apigateway:Resource/Priority",
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
   "stage": {
     "key": "Stage",
     "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages/${StageName}",
@@ -330,6 +339,7 @@
       "apigateway:Resource/EndpointType",
       "apigateway:Resource/MtlsTrustStoreUri",
       "apigateway:Resource/MtlsTrustStoreVersion",
+      "apigateway:Resource/RoutingMode",
       "apigateway:Resource/SecurityPolicy",
       "aws:ResourceTag/${TagKey}"
     ]
@@ -342,6 +352,7 @@
       "apigateway:Request/MtlsTrustStoreUri",
       "apigateway:Request/MtlsTrustStoreVersion",
       "apigateway:Request/SecurityPolicy",
+      "apigateway:Resource/RoutingMode",
       "aws:ResourceTag/${TagKey}"
     ]
   },
@@ -410,6 +421,7 @@
     "conditionKeys": [
       "apigateway:Request/EndpointType",
       "apigateway:Resource/EndpointType",
+      "apigateway:Resource/RoutingMode",
       "aws:ResourceTag/${TagKey}"
     ]
   },

package/data/resourceTypes/cassandra.json

@@ -12,5 +12,12 @@
     "conditionKeys": [
       "aws:ResourceTag/${TagKey}"
     ]
+  },
+  "stream": {
+    "key": "stream",
+    "arn": "arn:${Partition}:cassandra:${Region}:${Account}:/keyspace/${KeyspaceName}/table/${TableName}/stream/${StreamLabel}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
   }
 }

package/data/resourceTypes/iotmanagedintegrations.json

@@ -1,18 +1,37 @@
 {
-  "credentiallockerresource": {
-    "key": "CredentialLockerResource",
-    "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:credential-locker/${Identifier}"
+  "account-association": {
+    "key": "account-association",
+    "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:account-association/${AccountAssociationId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
   },
-  "managedthingresource": {
-    "key": "ManagedThingResource",
-    "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:managed-thing/${Identifier}"
+  "credential-locker": {
+    "key": "credential-locker",
+    "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:credential-locker/${Identifier}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
   },
-  "otataskresource": {
-    "key": "OtaTaskResource",
-    "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:ota-task/${Identifier}"
+  "managed-thing": {
+    "key": "managed-thing",
+    "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:managed-thing/${Identifier}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
   },
-  "provisioningprofileresource": {
-    "key": "ProvisioningProfileResource",
-    "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:provisioning-profile/${Identifier}"
+  "ota-task": {
+    "key": "ota-task",
+    "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:ota-task/${Identifier}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
+  "provisioning-profile": {
+    "key": "provisioning-profile",
+    "arn": "arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:provisioning-profile/${Identifier}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
   }
 }

package/data/resourceTypes/odb.json

@@ -0,0 +1,44 @@
+{
+  "cloud-autonomous-vm-cluster": {
+    "key": "cloud-autonomous-vm-cluster",
+    "arn": "arn:${Partition}:odb:${Region}:${Account}:cloud-autonomous-vm-cluster/${CloudAutonomousVmClusterId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
+  "cloud-exadata-infrastructure": {
+    "key": "cloud-exadata-infrastructure",
+    "arn": "arn:${Partition}:odb:${Region}:${Account}:cloud-exadata-infrastructure/${CloudExadataInfrastructureId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
+  "cloud-vm-cluster": {
+    "key": "cloud-vm-cluster",
+    "arn": "arn:${Partition}:odb:${Region}:${Account}:cloud-vm-cluster/${CloudVmClusterId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
+  "db-node": {
+    "key": "db-node",
+    "arn": "arn:${Partition}:odb:${Region}:${Account}:db-node/${DbNodeId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
+  "odb-network": {
+    "key": "odb-network",
+    "arn": "arn:${Partition}:odb:${Region}:${Account}:odb-network/${OdbNetworkId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
+  "odb-peering-connection": {
+    "key": "odb-peering-connection",
+    "arn": "arn:${Partition}:odb:${Region}:${Account}:odb-peering-connection/${OdbPeeringConnectionId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  }
+}

package/data/serviceNames.json

@@ -201,7 +201,7 @@
   "iotfleethub": "AWS IoT Fleet Hub for Device Management",
   "iotfleetwise": "AWS IoT FleetWise",
   "iotjobsdata": "AWS IoT Jobs DataPlane",
-  "iotmanagedintegrations": "AWS IoT managed integrations feature of IoT Device Management",
+  "iotmanagedintegrations": "AWS IoT Managed Integrations",
   "iotsitewise": "AWS IoT SiteWise",
   "iottwinmaker": "AWS IoT TwinMaker",
   "iotwireless": "AWS IoT Wireless",
@@ -270,6 +270,7 @@
   "notifications-contacts": "AWS User Notifications Contacts",
   "oam": "Amazon CloudWatch Observability Access Manager",
   "observabilityadmin": "Amazon CloudWatch Observability Admin Service",
+  "odb": "AWS Service - Oracle Database@AWS",
   "omics": "AWS HealthOmics",
   "one": "Amazon One Enterprise",
   "opensearch": "Amazon OpenSearch",

package/data/services.json

@@ -270,6 +270,7 @@
   "notifications-contacts",
   "oam",
   "observabilityadmin",
+  "odb",
   "omics",
   "one",
   "opensearch",

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@cloud-copilot/iam-data",
-  "version": "0.9.202506261",
+  "version": "0.9.202507021",
   "description": "AWS IAM Data",
   "repository": "github:cloud-copilot/iam-data",
-  "updatedAt": "2025-06-26T04:53:59.300Z",
+  "updatedAt": "2025-07-02T04:54:47.508Z",
   "exports": {
     ".": {
       "import": "./dist/esm/index.js",