@cloud-copilot/iam-data 0.9.202507041 → 0.9.202507161

package/data/actions/dataexchange.json

@@ -49,20 +49,34 @@
     "name": "CreateDataGrant",
     "description": "Grants permission to create a data grant",
     "accessLevel": "Write",
-    "resourceTypes": [],
+    "resourceTypes": [
+      {
+        "name": "data-grants",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": [
+          "dataexchange:PublishToDataGrant"
+        ]
+      }
+    ],
     "conditionKeys": [
       "aws:RequestTag/${TagKey}",
       "aws:TagKeys"
     ],
-    "dependentActions": [
-      "dataexchange:PublishToDataGrant"
-    ]
+    "dependentActions": []
   },
   "createdataset": {
     "name": "CreateDataSet",
     "description": "Grants permission to create a data set",
     "accessLevel": "Write",
-    "resourceTypes": [],
+    "resourceTypes": [
+      {
+        "name": "data-sets",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
     "conditionKeys": [
       "aws:RequestTag/${TagKey}",
       "aws:TagKeys"
@@ -73,15 +87,32 @@
     "name": "CreateEventAction",
     "description": "Grants permission to create an event action",
     "accessLevel": "Write",
-    "resourceTypes": [],
-    "conditionKeys": [],
+    "resourceTypes": [
+      {
+        "name": "event-actions",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys"
+    ],
     "dependentActions": []
   },
   "createjob": {
     "name": "CreateJob",
     "description": "Grants permission to create a job to import or export assets",
     "accessLevel": "Write",
-    "resourceTypes": [],
+    "resourceTypes": [
+      {
+        "name": "jobs",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
     "conditionKeys": [
       "dataexchange:JobType"
     ],
@@ -408,6 +439,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "event-actions",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "revisions",
         "required": false,
@@ -447,7 +484,10 @@
         "dependentActions": []
       }
     ],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys"
+    ],
     "dependentActions": []
   },
   "revokerevision": {
@@ -541,6 +581,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "event-actions",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "revisions",
         "required": false,
@@ -571,6 +617,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "event-actions",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "revisions",
         "required": false,

package/data/actions/datazone.json

@@ -1318,6 +1318,15 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "startaccountbootstrapaction": {
+    "name": "StartAccountBootstrapAction",
+    "isPermissionOnly": true,
+    "description": "Grants permission to start account bootstrap action for a domain",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "startdatasourcerun": {
     "name": "StartDataSourceRun",
     "description": "Grants permission to start a DataSource run job",

package/data/actions/freetier.json

@@ -1,4 +1,20 @@
 {
+  "getaccountactivity": {
+    "name": "GetAccountActivity",
+    "description": "Grants permission to get a specific activity record",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getaccountplanstate": {
+    "name": "GetAccountPlanState",
+    "description": "Grants permission to get all of the information related to the state of the account plan related to Free Tier",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getfreetieralertpreference": {
     "name": "GetFreeTierAlertPreference",
     "isPermissionOnly": true,
@@ -16,6 +32,14 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "listaccountactivities": {
+    "name": "ListAccountActivities",
+    "description": "Grants permission to list available activities",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "putfreetieralertpreference": {
     "name": "PutFreeTierAlertPreference",
     "isPermissionOnly": true,
@@ -24,5 +48,13 @@
     "resourceTypes": [],
     "conditionKeys": [],
     "dependentActions": []
+  },
+  "upgradeaccountplan": {
+    "name": "UpgradeAccountPlan",
+    "description": "Grants permission to trigger an upgrade of account plan",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
   }
 }

package/data/actions/network-firewall.json

@@ -497,6 +497,27 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "describerulegroupsummary": {
+    "name": "DescribeRuleGroupSummary",
+    "description": "Grants permission to retrieve the summary information about a rule group",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "StatefulRuleGroup",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "StatelessRuleGroup",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "describetlsinspectionconfiguration": {
     "name": "DescribeTLSInspectionConfiguration",
     "description": "Grants permission to retrieve the data objects that define a tls inspection configuration",

package/data/actions/network-security-director.json

@@ -0,0 +1,74 @@
+{
+  "getfinding": {
+    "name": "GetFinding",
+    "description": "Grants permission to get a finding",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getnetworksecurityscan": {
+    "name": "GetNetworkSecurityScan",
+    "description": "Grants permission to get the status of network security scan",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getresource": {
+    "name": "GetResource",
+    "description": "Grants permission to get a resource",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listfindings": {
+    "name": "ListFindings",
+    "description": "Grants permission to list findings",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listinsights": {
+    "name": "ListInsights",
+    "description": "Grants permission to list insights about the latest network security scan",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listremediations": {
+    "name": "ListRemediations",
+    "description": "Grants permission to list remediations for a finding",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listresources": {
+    "name": "ListResources",
+    "description": "Grants permission to list resources",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "startnetworksecurityscan": {
+    "name": "StartNetworkSecurityScan",
+    "description": "Grants permission to start a network security scan",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "updatefinding": {
+    "name": "UpdateFinding",
+    "description": "Grants permission to update the status of a finding",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  }
+}

package/data/actions/rds.json

@@ -101,6 +101,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "global-cluster",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "integration",
         "required": false,
@@ -883,7 +889,9 @@
         "name": "cluster",
         "required": true,
         "conditionKeys": [],
-        "dependentActions": []
+        "dependentActions": [
+          "rds:AddTagsToResource"
+        ]
       },
       {
         "name": "global-cluster",
@@ -892,7 +900,10 @@
         "dependentActions": []
       }
     ],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys"
+    ],
     "dependentActions": []
   },
   "createintegration": {
@@ -2201,6 +2212,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "global-cluster",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "integration",
         "required": false,
@@ -2947,6 +2964,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "global-cluster",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "integration",
         "required": false,

package/data/actions/s3.json

@@ -101,6 +101,7 @@
       }
     ],
     "conditionKeys": [
+      "s3:AccessGrantScope",
       "s3:authType",
       "s3:ResourceAccount",
       "s3:signatureAge",
@@ -151,6 +152,7 @@
       }
     ],
     "conditionKeys": [
+      "s3:AccessGrantsLocationScope",
       "s3:authType",
       "s3:ResourceAccount",
       "s3:signatureAge",
@@ -347,6 +349,7 @@
       }
     ],
     "conditionKeys": [
+      "s3:AccessGrantScope",
       "s3:authType",
       "s3:ResourceAccount",
       "s3:signatureAge",
@@ -416,6 +419,7 @@
       }
     ],
     "conditionKeys": [
+      "s3:AccessGrantsLocationScope",
       "s3:authType",
       "s3:ResourceAccount",
       "s3:signatureAge",
@@ -935,6 +939,7 @@
       }
     ],
     "conditionKeys": [
+      "s3:AccessGrantScope",
       "s3:authType",
       "s3:ResourceAccount",
       "s3:signatureAge",
@@ -1027,6 +1032,7 @@
       }
     ],
     "conditionKeys": [
+      "s3:AccessGrantsLocationScope",
       "s3:authType",
       "s3:ResourceAccount",
       "s3:signatureAge",
@@ -3782,6 +3788,7 @@
       }
     ],
     "conditionKeys": [
+      "s3:AccessGrantsLocationScope",
       "s3:authType",
       "s3:ResourceAccount",
       "s3:signatureAge",

package/data/actions/s3vectors.json

@@ -0,0 +1,242 @@
+{
+  "createindex": {
+    "name": "CreateIndex",
+    "description": "Grants permission to create a new vector index within a specified vector bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "Index",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "createvectorbucket": {
+    "name": "CreateVectorBucket",
+    "description": "Grants permission to create a new vector bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "VectorBucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3vectors:sseType",
+      "s3vectors:kmsKeyArn"
+    ],
+    "dependentActions": []
+  },
+  "deleteindex": {
+    "name": "DeleteIndex",
+    "description": "Grants permission to delete a specified vector index",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "Index",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "deletevectorbucket": {
+    "name": "DeleteVectorBucket",
+    "description": "Grants permission to delete a specified vector bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "VectorBucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "deletevectorbucketpolicy": {
+    "name": "DeleteVectorBucketPolicy",
+    "description": "Grants permission to delete the IAM resource policy from a specified vector bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "VectorBucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "deletevectors": {
+    "name": "DeleteVectors",
+    "description": "Grants permission to delete a batch of vectors from a specified vector index",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "Index",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getindex": {
+    "name": "GetIndex",
+    "description": "Grants permission to get the attributes of a specified vector index",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "Index",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getvectorbucket": {
+    "name": "GetVectorBucket",
+    "description": "Grants permission to get the attributes of a specified vector bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "VectorBucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getvectorbucketpolicy": {
+    "name": "GetVectorBucketPolicy",
+    "description": "Grants permission to get the IAM resource policy for a specific vector bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "VectorBucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "getvectors": {
+    "name": "GetVectors",
+    "description": "Grants permission to get a batch of vectors by their vector keys",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "Index",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listindexes": {
+    "name": "ListIndexes",
+    "description": "Grants permission to get a paginated list of all indexes in a specified vector bucket",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "VectorBucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listvectorbuckets": {
+    "name": "ListVectorBuckets",
+    "description": "Grants permission to get a paginated list of all vector buckets in the account",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "listvectors": {
+    "name": "ListVectors",
+    "description": "Grants permission to get a paginated list of all vectors in a specified vector index",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "Index",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": [
+      "s3vectors:GetVectors"
+    ]
+  },
+  "putvectorbucketpolicy": {
+    "name": "PutVectorBucketPolicy",
+    "description": "Grants permission to add an IAM resource policy to a specified vector bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "VectorBucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "putvectors": {
+    "name": "PutVectors",
+    "description": "Grants permission to add a batch of vectors to a specified vector index",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "Index",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "queryvectors": {
+    "name": "QueryVectors",
+    "description": "Grants permission to find approximate nearest neighbors within a specified search vector index for a given query vector",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "Index",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": [
+      "s3vectors:GetVectors"
+    ]
+  }
+}

package/data/actions/sagemaker-mlflow.json

@@ -82,6 +82,36 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "deleteloggedmodel": {
+    "name": "DeleteLoggedModel",
+    "description": "Grants permission to delete a logged model in MLflow",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "mlflow-tracking-server",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "deleteloggedmodeltag": {
+    "name": "DeleteLoggedModelTag",
+    "description": "Grants permission to delete a tag for a logged model in MLflow",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "mlflow-tracking-server",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "deletemodelversion": {
     "name": "DeleteModelVersion",
     "description": "Grants permission to delete a model version",
@@ -232,6 +262,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "finalizeloggedmodel": {
+    "name": "FinalizeLoggedModel",
+    "description": "Grants permission to set status for a logged model in MLflow",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "mlflow-tracking-server",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getdownloaduriformodelversionartifacts": {
     "name": "GetDownloadURIForModelVersionArtifacts",
     "description": "Grants permission to get a URI to download model artifacts for a specific model version",
@@ -292,6 +337,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getloggedmodel": {
+    "name": "GetLoggedModel",
+    "description": "Grants permission to get a logged model in MLflow",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "mlflow-tracking-server",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getmetrichistory": {
     "name": "GetMetricHistory",
     "description": "Grants permission to get a list of all values for the specified metric for a given run",
@@ -397,6 +457,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "listloggedmodelartifacts": {
+    "name": "ListLoggedModelArtifacts",
+    "description": "Grants permission to list artifacts for a logged model in MLflow",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "mlflow-tracking-server",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "logbatch": {
     "name": "LogBatch",
     "description": "Grants permission to log a batch of metrics, parameters, and tags for a run",
@@ -427,6 +502,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "logloggedmodelparams": {
+    "name": "LogLoggedModelParams",
+    "description": "Grants permission to log params for a logged model in MLflow",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "mlflow-tracking-server",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "logmetric": {
     "name": "LogMetric",
     "description": "Grants permission to log a metric for a run",
@@ -457,6 +547,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "logoutputs": {
+    "name": "LogOutputs",
+    "description": "Grants permission to log outputs, such as models, for a run in MLflow",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "mlflow-tracking-server",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "logparam": {
     "name": "LogParam",
     "description": "Grants permission to log a parameter tracked during a run",
@@ -532,6 +637,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "searchloggedmodels": {
+    "name": "SearchLoggedModels",
+    "description": "Grants permission to search for logged models in MLflow",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "mlflow-tracking-server",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "searchmodelversions": {
     "name": "SearchModelVersions",
     "description": "Grants permission to search for a model version",
@@ -607,6 +727,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "setloggedmodeltags": {
+    "name": "SetLoggedModelTags",
+    "description": "Grants permission to set tags for a logged model in MLflow",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "mlflow-tracking-server",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "setmodelversiontag": {
     "name": "SetModelVersionTag",
     "description": "Grants permission to set a tag for the model version",

package/data/actions/sagemaker.json

@@ -301,6 +301,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "notebook-instance-lifecycle-config",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "optimization-job",
         "required": false,
@@ -1121,6 +1127,27 @@
     ],
     "dependentActions": []
   },
+  "createhubcontentpresignedurls": {
+    "name": "CreateHubContentPresignedUrls",
+    "description": "Grants permission to generate S3 presigned URLs with GetObject permission for accessing model artifacts",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "hub",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "hub-content",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "createhubcontentreference": {
     "name": "CreateHubContentReference",
     "description": "Grants permission to create hub content reference",
@@ -1623,10 +1650,15 @@
         "name": "notebook-instance-lifecycle-config",
         "required": true,
         "conditionKeys": [],
-        "dependentActions": []
+        "dependentActions": [
+          "sagemaker:AddTags"
+        ]
       }
     ],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys"
+    ],
     "dependentActions": []
   },
   "createoptimizationjob": {
@@ -1858,6 +1890,7 @@
       "sagemaker:ImageArns",
       "sagemaker:ImageVersionArns",
       "sagemaker:OwnerUserProfileArn",
+      "sagemaker:RemoteAccess",
       "sagemaker:SpaceSharingType"
     ],
     "dependentActions": []
@@ -3178,6 +3211,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "notebook-instance-lifecycle-config",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "optimization-job",
         "required": false,
@@ -3493,6 +3532,22 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "describeclusterinference": {
+    "name": "DescribeClusterInference",
+    "isPermissionOnly": true,
+    "description": "Grants permission to get information about the inference operator for a SageMaker HyperPod cluster",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "cluster",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "describeclusternode": {
     "name": "DescribeClusterNode",
     "description": "Grants permission to return information about a SageMaker HyperPod cluster node",
@@ -4164,7 +4219,9 @@
         "dependentActions": []
       }
     ],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "sagemaker:PipelineVersionId"
+    ],
     "dependentActions": []
   },
   "describepipelinedefinitionforexecution": {
@@ -5267,6 +5324,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "listpipelineversions": {
+    "name": "ListPipelineVersions",
+    "description": "Grants permission to list versions of a pipeline",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "pipeline",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listpipelines": {
     "name": "ListPipelines",
     "description": "Grants permission to list pipelines",
@@ -5628,6 +5700,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "notebook-instance-lifecycle-config",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "optimization-job",
         "required": false,
@@ -5646,6 +5724,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "pipeline-execution",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "processing-job",
         "required": false,
@@ -6068,6 +6152,23 @@
         "dependentActions": []
       }
     ],
+    "conditionKeys": [
+      "sagemaker:PipelineVersionId"
+    ],
+    "dependentActions": []
+  },
+  "startsession": {
+    "name": "StartSession",
+    "description": "Grants permission to start a remote session for a SageMaker space",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "space",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
     "conditionKeys": [],
     "dependentActions": []
   },
@@ -6431,6 +6532,28 @@
     ],
     "dependentActions": []
   },
+  "updateclusterinference": {
+    "name": "UpdateClusterInference",
+    "isPermissionOnly": true,
+    "description": "Grants permission to update the inference operator for a SageMaker HyperPod cluster",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "cluster",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": [
+      "eks:AssociateAccessPolicy",
+      "eks:DescribeCluster",
+      "eks:ListAssociatedAccessPolicies",
+      "iam:PassRole",
+      "sagemaker:DescribeCluster"
+    ]
+  },
   "updateclusterschedulerconfig": {
     "name": "UpdateClusterSchedulerConfig",
     "description": "Grants permission to update a cluster scheduler config",
@@ -6958,6 +7081,23 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "updatepipelineversion": {
+    "name": "UpdatePipelineVersion",
+    "description": "Grants permission to update a pipeline version",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "pipeline",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "sagemaker:PipelineVersionId"
+    ],
+    "dependentActions": []
+  },
   "updateproject": {
     "name": "UpdateProject",
     "description": "Grants permission to update a Project",
@@ -7009,6 +7149,7 @@
       "sagemaker:ImageArns",
       "sagemaker:ImageVersionArns",
       "sagemaker:OwnerUserProfileArn",
+      "sagemaker:RemoteAccess",
       "sagemaker:SpaceSharingType"
     ],
     "dependentActions": []

package/data/actions/shield.json

@@ -136,6 +136,28 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "describeattackcontributors": {
+    "name": "DescribeAttackContributors",
+    "isPermissionOnly": true,
+    "description": "Grants permission to get detailed information about the contributors to a specific DDoS attack",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "attack",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "protection-group",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "describeattackstatistics": {
     "name": "DescribeAttackStatistics",
     "description": "Grants permission to describe information about the number and type of attacks AWS Shield has detected in the last year",
@@ -280,6 +302,15 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getglobalthreatdata": {
+    "name": "GetGlobalThreatData",
+    "isPermissionOnly": true,
+    "description": "Grants permission to retrieve global threat intelligence data and trends from AWS Shield's threat monitoring systems",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getsubscriptionstate": {
     "name": "GetSubscriptionState",
     "description": "Grants permission to get subscription state",
@@ -296,6 +327,22 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "listmitigations": {
+    "name": "ListMitigations",
+    "isPermissionOnly": true,
+    "description": "Grants permission to retrieve a list of mitigation actions that have been applied during DDoS attacks",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "attack",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listprotectiongroups": {
     "name": "ListProtectionGroups",
     "description": "Grants permission to retrieve the protection groups for the account",

package/data/conditionKeys/network-security-director.json

@@ -0,0 +1 @@
+{}

package/data/conditionKeys/s3.json

@@ -14,11 +14,21 @@
     "description": "Filters access by the tag keys that are passed in the request",
     "type": "ArrayOfString"
   },
+  "s3:accessgrantscope": {
+    "key": "s3:AccessGrantScope",
+    "description": "Filters access by the grant scope of access grants grant",
+    "type": "String"
+  },
   "s3:accessgrantsinstancearn": {
     "key": "s3:AccessGrantsInstanceArn",
     "description": "Filters access by access grants instance ARN",
     "type": "ARN"
   },
+  "s3:accessgrantslocationscope": {
+    "key": "s3:AccessGrantsLocationScope",
+    "description": "Filters access by the location scope of access grants location",
+    "type": "String"
+  },
   "s3:accesspointnetworkorigin": {
     "key": "s3:AccessPointNetworkOrigin",
     "description": "Filters access by the network origin (Internet or VPC)",

package/data/conditionKeys/s3vectors.json

@@ -0,0 +1,12 @@
+{
+  "s3vectors:kmskeyarn": {
+    "key": "s3vectors:kmsKeyArn",
+    "description": "Filters access by the AWS KMS key ARN for the key used to encrypt a vector bucket",
+    "type": "ARN"
+  },
+  "s3vectors:ssetype": {
+    "key": "s3vectors:sseType",
+    "description": "Filters access by server-side encryption type",
+    "type": "String"
+  }
+}

package/data/conditionKeys/sagemaker.json

@@ -184,6 +184,16 @@
     "description": "Filters access by the OwnerUserProfile arn associated with the space in the request",
     "type": "ARN"
   },
+  "sagemaker:pipelineversionid": {
+    "key": "sagemaker:PipelineVersionId",
+    "description": "Filters access to specific version IDs of a Sagemaker pipeline",
+    "type": "String"
+  },
+  "sagemaker:remoteaccess": {
+    "key": "sagemaker:RemoteAccess",
+    "description": "Filters access by the remote access flag associated with the space in the request",
+    "type": "String"
+  },
   "sagemaker:resourcetag/": {
     "key": "sagemaker:ResourceTag/",
     "description": "Filters access by the preface string for a tag key and value pair attached to a resource",

package/data/resourceTypes/dataexchange.json

@@ -38,7 +38,10 @@
   },
   "event-actions": {
     "key": "event-actions",
-    "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:event-actions/${EventActionId}"
+    "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:event-actions/${EventActionId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
   },
   "data-grants": {
     "key": "data-grants",

package/data/resourceTypes/network-security-director.json

@@ -0,0 +1 @@
+{}

package/data/resourceTypes/rds.json

@@ -71,7 +71,10 @@
   },
   "global-cluster": {
     "key": "global-cluster",
-    "arn": "arn:${Partition}:rds::${Account}:global-cluster:${GlobalCluster}"
+    "arn": "arn:${Partition}:rds::${Account}:global-cluster:${GlobalCluster}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
   },
   "og": {
     "key": "og",

package/data/resourceTypes/s3vectors.json

@@ -0,0 +1,10 @@
+{
+  "index": {
+    "key": "Index",
+    "arn": "arn:${Partition}:s3vectors:${Region}:${Account}:bucket/${BucketName}/index/${IndexName}"
+  },
+  "vectorbucket": {
+    "key": "VectorBucket",
+    "arn": "arn:${Partition}:s3vectors:${Region}:${Account}:bucket/${BucketName}"
+  }
+}

package/data/resourceTypes/sagemaker.json

@@ -165,7 +165,11 @@
   },
   "notebook-instance-lifecycle-config": {
     "key": "notebook-instance-lifecycle-config",
-    "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:notebook-instance-lifecycle-config/${NotebookInstanceLifecycleConfigName}"
+    "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:notebook-instance-lifecycle-config/${NotebookInstanceLifecycleConfigName}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}",
+      "sagemaker:ResourceTag/${TagKey}"
+    ]
   },
   "code-repository": {
     "key": "code-repository",
@@ -417,7 +421,11 @@
   },
   "pipeline-execution": {
     "key": "pipeline-execution",
-    "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:pipeline/${PipelineName}/execution/${RandomString}"
+    "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:pipeline/${PipelineName}/execution/${RandomString}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}",
+      "sagemaker:ResourceTag/${TagKey}"
+    ]
   },
   "artifact": {
     "key": "artifact",

package/data/serviceNames.json

@@ -261,6 +261,7 @@
   "neptune-db": "Amazon Neptune",
   "neptune-graph": "Amazon Neptune Analytics",
   "network-firewall": "AWS Network Firewall",
+  "network-security-director": "AWS Shield network security director",
   "networkflowmonitor": "Network Flow Monitor",
   "networkmanager": "AWS Network Manager",
   "networkmanager-chat": "AWS Network Manager Chat",
@@ -333,6 +334,7 @@
   "s3-outposts": "Amazon S3 on Outposts",
   "s3express": "Amazon S3 Express",
   "s3tables": "Amazon S3 Tables",
+  "s3vectors": "Amazon S3 Vectors",
   "sagemaker": "Amazon SageMaker",
   "sagemaker-data-science-assistant": "Amazon SageMaker data science assistant",
   "sagemaker-geospatial": "Amazon SageMaker geospatial capabilities",

package/data/services.json

@@ -261,6 +261,7 @@
   "neptune-db",
   "neptune-graph",
   "network-firewall",
+  "network-security-director",
   "networkflowmonitor",
   "networkmanager",
   "networkmanager-chat",
@@ -333,6 +334,7 @@
   "s3-outposts",
   "s3express",
   "s3tables",
+  "s3vectors",
   "sagemaker",
   "sagemaker-data-science-assistant",
   "sagemaker-geospatial",

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@cloud-copilot/iam-data",
-  "version": "0.9.202507041",
+  "version": "0.9.202507161",
   "description": "AWS IAM Data",
   "repository": "github:cloud-copilot/iam-data",
-  "updatedAt": "2025-07-04T04:56:26.926Z",
+  "updatedAt": "2025-07-16T05:01:34.567Z",
   "exports": {
     ".": {
       "import": "./dist/esm/index.js",