@cloud-copilot/iam-data 0.9.202507161 → 0.9.202507171

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/data/actions/bedrock-agentcore.json +1063 -0
  2. package/data/actions/s3.json +58 -3
  3. package/data/actions/securitylake.json +1 -0
  4. package/data/conditionKeys/bedrock-agentcore.json +22 -0
  5. package/data/resourceTypes/bedrock-agentcore.json +46 -0
  6. package/data/serviceNames.json +1 -1
  7. package/data/services.json +1 -1
  8. package/package.json +2 -2
  9. package/data/actions/supportrecommendations.json +0 -20
  10. package/data/conditionKeys/supportrecommendations.json +0 -1
  11. package/data/resourceTypes/supportrecommendations.json +0 -1
package/data/actions/bedrock-agentcore.json ADDED
@@ -0,0 +1,1063 @@
1
+ {
2
+ "allowvendedlogdeliveryforresource": {
3
+ "name": "AllowVendedLogDeliveryForResource",
4
+ "isPermissionOnly": true,
5
+ "description": "Grants permission to configure vended telemetry for a resource",
6
+ "accessLevel": "Permissions management",
7
+ "resourceTypes": [
8
+ {
9
+ "name": "memory",
10
+ "required": true,
11
+ "conditionKeys": [],
12
+ "dependentActions": []
13
+ }
14
+ ],
15
+ "conditionKeys": [],
16
+ "dependentActions": []
17
+ },
18
+ "connectbrowserautomationstream": {
19
+ "name": "ConnectBrowserAutomationStream",
20
+ "description": "Grants permission to connect to a browser automation stream",
21
+ "accessLevel": "Read",
22
+ "resourceTypes": [],
23
+ "conditionKeys": [],
24
+ "dependentActions": []
25
+ },
26
+ "connectbrowserliveviewstream": {
27
+ "name": "ConnectBrowserLiveViewStream",
28
+ "description": "Grants permission to connect to a browser live view stream",
29
+ "accessLevel": "Read",
30
+ "resourceTypes": [],
31
+ "conditionKeys": [],
32
+ "dependentActions": []
33
+ },
34
+ "createagentruntime": {
35
+ "name": "CreateAgentRuntime",
36
+ "description": "Grants permission to create a new agent runtime",
37
+ "accessLevel": "Write",
38
+ "resourceTypes": [],
39
+ "conditionKeys": [],
40
+ "dependentActions": [
41
+ "iam:PassRole"
42
+ ]
43
+ },
44
+ "createagentruntimeendpoint": {
45
+ "name": "CreateAgentRuntimeEndpoint",
46
+ "description": "Grants permission to create a new agent endpoint",
47
+ "accessLevel": "Write",
48
+ "resourceTypes": [],
49
+ "conditionKeys": [],
50
+ "dependentActions": []
51
+ },
52
+ "createapikeycredentialprovider": {
53
+ "name": "CreateApiKeyCredentialProvider",
54
+ "description": "Grants permission to create a new API Key Credential Provider",
55
+ "accessLevel": "Write",
56
+ "resourceTypes": [],
57
+ "conditionKeys": [],
58
+ "dependentActions": []
59
+ },
60
+ "createbrowser": {
61
+ "name": "CreateBrowser",
62
+ "description": "Grants permission to create a new custom browser",
63
+ "accessLevel": "Write",
64
+ "resourceTypes": [],
65
+ "conditionKeys": [],
66
+ "dependentActions": []
67
+ },
68
+ "createcodeinterpreter": {
69
+ "name": "CreateCodeInterpreter",
70
+ "description": "Grants permission to create a new custom code interpreter",
71
+ "accessLevel": "Write",
72
+ "resourceTypes": [],
73
+ "conditionKeys": [],
74
+ "dependentActions": []
75
+ },
76
+ "createevent": {
77
+ "name": "CreateEvent",
78
+ "description": "Grants permission to create an Event",
79
+ "accessLevel": "Write",
80
+ "resourceTypes": [
81
+ {
82
+ "name": "memory",
83
+ "required": true,
84
+ "conditionKeys": [],
85
+ "dependentActions": []
86
+ }
87
+ ],
88
+ "conditionKeys": [
89
+ "bedrock-agentcore:sessionId",
90
+ "bedrock-agentcore:actorId"
91
+ ],
92
+ "dependentActions": []
93
+ },
94
+ "creategateway": {
95
+ "name": "CreateGateway",
96
+ "description": "Grants permission to create a new gateway",
97
+ "accessLevel": "Write",
98
+ "resourceTypes": [],
99
+ "conditionKeys": [],
100
+ "dependentActions": [
101
+ "iam:PassRole"
102
+ ]
103
+ },
104
+ "creategatewaytarget": {
105
+ "name": "CreateGatewayTarget",
106
+ "description": "Grants permission to create a new target in an existing gateway",
107
+ "accessLevel": "Write",
108
+ "resourceTypes": [
109
+ {
110
+ "name": "gateway",
111
+ "required": true,
112
+ "conditionKeys": [],
113
+ "dependentActions": []
114
+ }
115
+ ],
116
+ "conditionKeys": [],
117
+ "dependentActions": []
118
+ },
119
+ "creatememory": {
120
+ "name": "CreateMemory",
121
+ "description": "Grants permission to create a Memory resource",
122
+ "accessLevel": "Write",
123
+ "resourceTypes": [],
124
+ "conditionKeys": [],
125
+ "dependentActions": [
126
+ "iam:PassRole"
127
+ ]
128
+ },
129
+ "createoauth2credentialprovider": {
130
+ "name": "CreateOauth2CredentialProvider",
131
+ "description": "Grants permission to create a new Credential Provider to access external resources with OAuth2 protocol",
132
+ "accessLevel": "Write",
133
+ "resourceTypes": [],
134
+ "conditionKeys": [],
135
+ "dependentActions": []
136
+ },
137
+ "createworkloadidentity": {
138
+ "name": "CreateWorkloadIdentity",
139
+ "description": "Grants permission to create a new Workload Identity",
140
+ "accessLevel": "Write",
141
+ "resourceTypes": [],
142
+ "conditionKeys": [],
143
+ "dependentActions": []
144
+ },
145
+ "deleteagentruntime": {
146
+ "name": "DeleteAgentRuntime",
147
+ "description": "Grants permission to delete an agent runtime",
148
+ "accessLevel": "Write",
149
+ "resourceTypes": [
150
+ {
151
+ "name": "runtime",
152
+ "required": true,
153
+ "conditionKeys": [],
154
+ "dependentActions": []
155
+ }
156
+ ],
157
+ "conditionKeys": [],
158
+ "dependentActions": []
159
+ },
160
+ "deleteagentruntimeendpoint": {
161
+ "name": "DeleteAgentRuntimeEndpoint",
162
+ "description": "Grants permission to delete an agent endpoint",
163
+ "accessLevel": "Write",
164
+ "resourceTypes": [
165
+ {
166
+ "name": "runtime",
167
+ "required": true,
168
+ "conditionKeys": [],
169
+ "dependentActions": []
170
+ },
171
+ {
172
+ "name": "runtime-endpoint",
173
+ "required": true,
174
+ "conditionKeys": [],
175
+ "dependentActions": []
176
+ }
177
+ ],
178
+ "conditionKeys": [],
179
+ "dependentActions": []
180
+ },
181
+ "deleteapikeycredentialprovider": {
182
+ "name": "DeleteApiKeyCredentialProvider",
183
+ "description": "Grants permission to delete a registered API Key Credential Provider",
184
+ "accessLevel": "Write",
185
+ "resourceTypes": [],
186
+ "conditionKeys": [],
187
+ "dependentActions": []
188
+ },
189
+ "deletebrowser": {
190
+ "name": "DeleteBrowser",
191
+ "description": "Grants permission to delete a custom browser",
192
+ "accessLevel": "Write",
193
+ "resourceTypes": [
194
+ {
195
+ "name": "browser-custom",
196
+ "required": true,
197
+ "conditionKeys": [],
198
+ "dependentActions": []
199
+ }
200
+ ],
201
+ "conditionKeys": [],
202
+ "dependentActions": []
203
+ },
204
+ "deletecodeinterpreter": {
205
+ "name": "DeleteCodeInterpreter",
206
+ "description": "Grants permission to delete a custom code interpreter",
207
+ "accessLevel": "Write",
208
+ "resourceTypes": [
209
+ {
210
+ "name": "code-interpreter-custom",
211
+ "required": true,
212
+ "conditionKeys": [],
213
+ "dependentActions": []
214
+ }
215
+ ],
216
+ "conditionKeys": [],
217
+ "dependentActions": []
218
+ },
219
+ "deleteevent": {
220
+ "name": "DeleteEvent",
221
+ "description": "Grants permission to delete an Event",
222
+ "accessLevel": "Write",
223
+ "resourceTypes": [
224
+ {
225
+ "name": "memory",
226
+ "required": true,
227
+ "conditionKeys": [],
228
+ "dependentActions": []
229
+ }
230
+ ],
231
+ "conditionKeys": [
232
+ "bedrock-agentcore:sessionId",
233
+ "bedrock-agentcore:actorId"
234
+ ],
235
+ "dependentActions": []
236
+ },
237
+ "deletegateway": {
238
+ "name": "DeleteGateway",
239
+ "description": "Grants permission to delete an existing gateway",
240
+ "accessLevel": "Write",
241
+ "resourceTypes": [
242
+ {
243
+ "name": "gateway",
244
+ "required": true,
245
+ "conditionKeys": [],
246
+ "dependentActions": []
247
+ }
248
+ ],
249
+ "conditionKeys": [],
250
+ "dependentActions": []
251
+ },
252
+ "deletegatewaytarget": {
253
+ "name": "DeleteGatewayTarget",
254
+ "description": "Grants permission to delete an existing gateway target",
255
+ "accessLevel": "Write",
256
+ "resourceTypes": [
257
+ {
258
+ "name": "gateway",
259
+ "required": true,
260
+ "conditionKeys": [],
261
+ "dependentActions": []
262
+ }
263
+ ],
264
+ "conditionKeys": [],
265
+ "dependentActions": []
266
+ },
267
+ "deletememory": {
268
+ "name": "DeleteMemory",
269
+ "description": "Grants permission to delete a Memory resource",
270
+ "accessLevel": "Write",
271
+ "resourceTypes": [
272
+ {
273
+ "name": "memory",
274
+ "required": true,
275
+ "conditionKeys": [],
276
+ "dependentActions": []
277
+ }
278
+ ],
279
+ "conditionKeys": [],
280
+ "dependentActions": []
281
+ },
282
+ "deletememoryrecord": {
283
+ "name": "DeleteMemoryRecord",
284
+ "description": "Grants permission to delete a Memory Record",
285
+ "accessLevel": "Write",
286
+ "resourceTypes": [
287
+ {
288
+ "name": "memory",
289
+ "required": true,
290
+ "conditionKeys": [],
291
+ "dependentActions": []
292
+ }
293
+ ],
294
+ "conditionKeys": [],
295
+ "dependentActions": []
296
+ },
297
+ "deleteoauth2credentialprovider": {
298
+ "name": "DeleteOauth2CredentialProvider",
299
+ "description": "Grants permission to delete a registered OAuth2 Credential Provider",
300
+ "accessLevel": "Write",
301
+ "resourceTypes": [],
302
+ "conditionKeys": [],
303
+ "dependentActions": []
304
+ },
305
+ "deleteworkloadidentity": {
306
+ "name": "DeleteWorkloadIdentity",
307
+ "description": "Grants permission to delete a registered Workload Identity",
308
+ "accessLevel": "Write",
309
+ "resourceTypes": [],
310
+ "conditionKeys": [],
311
+ "dependentActions": []
312
+ },
313
+ "getagentruntime": {
314
+ "name": "GetAgentRuntime",
315
+ "description": "Grants permission to get details of an agent runtime",
316
+ "accessLevel": "Read",
317
+ "resourceTypes": [
318
+ {
319
+ "name": "runtime",
320
+ "required": true,
321
+ "conditionKeys": [],
322
+ "dependentActions": []
323
+ }
324
+ ],
325
+ "conditionKeys": [],
326
+ "dependentActions": []
327
+ },
328
+ "getagentruntimeendpoint": {
329
+ "name": "GetAgentRuntimeEndpoint",
330
+ "description": "Grants permission to get details of an agent endpoint",
331
+ "accessLevel": "Read",
332
+ "resourceTypes": [
333
+ {
334
+ "name": "runtime",
335
+ "required": true,
336
+ "conditionKeys": [],
337
+ "dependentActions": []
338
+ },
339
+ {
340
+ "name": "runtime-endpoint",
341
+ "required": true,
342
+ "conditionKeys": [],
343
+ "dependentActions": []
344
+ }
345
+ ],
346
+ "conditionKeys": [],
347
+ "dependentActions": []
348
+ },
349
+ "getapikeycredentialprovider": {
350
+ "name": "GetApiKeyCredentialProvider",
351
+ "description": "Grants permission to fetch a registered API Key Credential Provider by its name",
352
+ "accessLevel": "Read",
353
+ "resourceTypes": [],
354
+ "conditionKeys": [],
355
+ "dependentActions": []
356
+ },
357
+ "getbrowser": {
358
+ "name": "GetBrowser",
359
+ "description": "Grants permission to get details of a browser",
360
+ "accessLevel": "Read",
361
+ "resourceTypes": [
362
+ {
363
+ "name": "browser-custom",
364
+ "required": true,
365
+ "conditionKeys": [],
366
+ "dependentActions": []
367
+ }
368
+ ],
369
+ "conditionKeys": [],
370
+ "dependentActions": []
371
+ },
372
+ "getbrowsersession": {
373
+ "name": "GetBrowserSession",
374
+ "description": "Grants permission to get details of a browser session",
375
+ "accessLevel": "Read",
376
+ "resourceTypes": [
377
+ {
378
+ "name": "browser",
379
+ "required": true,
380
+ "conditionKeys": [],
381
+ "dependentActions": []
382
+ },
383
+ {
384
+ "name": "browser-custom",
385
+ "required": true,
386
+ "conditionKeys": [],
387
+ "dependentActions": []
388
+ }
389
+ ],
390
+ "conditionKeys": [],
391
+ "dependentActions": []
392
+ },
393
+ "getcodeinterpreter": {
394
+ "name": "GetCodeInterpreter",
395
+ "description": "Grants permission to get details of a code interpreter",
396
+ "accessLevel": "Read",
397
+ "resourceTypes": [
398
+ {
399
+ "name": "code-interpreter-custom",
400
+ "required": true,
401
+ "conditionKeys": [],
402
+ "dependentActions": []
403
+ }
404
+ ],
405
+ "conditionKeys": [],
406
+ "dependentActions": []
407
+ },
408
+ "getcodeinterpretersession": {
409
+ "name": "GetCodeInterpreterSession",
410
+ "description": "Grants permission to get details of a code interpreter session",
411
+ "accessLevel": "Read",
412
+ "resourceTypes": [
413
+ {
414
+ "name": "code-interpreter",
415
+ "required": true,
416
+ "conditionKeys": [],
417
+ "dependentActions": []
418
+ },
419
+ {
420
+ "name": "code-interpreter-custom",
421
+ "required": true,
422
+ "conditionKeys": [],
423
+ "dependentActions": []
424
+ }
425
+ ],
426
+ "conditionKeys": [],
427
+ "dependentActions": []
428
+ },
429
+ "getevent": {
430
+ "name": "GetEvent",
431
+ "description": "Grants permission to fetch an Event",
432
+ "accessLevel": "Read",
433
+ "resourceTypes": [
434
+ {
435
+ "name": "memory",
436
+ "required": true,
437
+ "conditionKeys": [],
438
+ "dependentActions": []
439
+ }
440
+ ],
441
+ "conditionKeys": [
442
+ "bedrock-agentcore:sessionId",
443
+ "bedrock-agentcore:actorId"
444
+ ],
445
+ "dependentActions": []
446
+ },
447
+ "getgateway": {
448
+ "name": "GetGateway",
449
+ "description": "Grants permission to retrieve an existing gateway",
450
+ "accessLevel": "Read",
451
+ "resourceTypes": [
452
+ {
453
+ "name": "gateway",
454
+ "required": true,
455
+ "conditionKeys": [],
456
+ "dependentActions": []
457
+ }
458
+ ],
459
+ "conditionKeys": [],
460
+ "dependentActions": []
461
+ },
462
+ "getgatewaytarget": {
463
+ "name": "GetGatewayTarget",
464
+ "description": "Grants permission to retrieve an existing gateway target",
465
+ "accessLevel": "Read",
466
+ "resourceTypes": [
467
+ {
468
+ "name": "gateway",
469
+ "required": true,
470
+ "conditionKeys": [],
471
+ "dependentActions": []
472
+ }
473
+ ],
474
+ "conditionKeys": [],
475
+ "dependentActions": []
476
+ },
477
+ "getmemory": {
478
+ "name": "GetMemory",
479
+ "description": "Grants permission to fetch details for a Memory resource",
480
+ "accessLevel": "Read",
481
+ "resourceTypes": [
482
+ {
483
+ "name": "memory",
484
+ "required": true,
485
+ "conditionKeys": [],
486
+ "dependentActions": []
487
+ }
488
+ ],
489
+ "conditionKeys": [],
490
+ "dependentActions": []
491
+ },
492
+ "getmemoryrecord": {
493
+ "name": "GetMemoryRecord",
494
+ "description": "Grants permission to fetch a Memory Record",
495
+ "accessLevel": "Read",
496
+ "resourceTypes": [
497
+ {
498
+ "name": "memory",
499
+ "required": true,
500
+ "conditionKeys": [],
501
+ "dependentActions": []
502
+ }
503
+ ],
504
+ "conditionKeys": [],
505
+ "dependentActions": []
506
+ },
507
+ "getoauth2credentialprovider": {
508
+ "name": "GetOauth2CredentialProvider",
509
+ "description": "Grants permission to fetch a registered OAuth2 Credential Provider by its name",
510
+ "accessLevel": "Read",
511
+ "resourceTypes": [],
512
+ "conditionKeys": [],
513
+ "dependentActions": []
514
+ },
515
+ "getresourceapikey": {
516
+ "name": "GetResourceApiKey",
517
+ "description": "Grants permission to retrieve an API Key associated with an Api Key Credential Provider",
518
+ "accessLevel": "Read",
519
+ "resourceTypes": [],
520
+ "conditionKeys": [],
521
+ "dependentActions": []
522
+ },
523
+ "getresourceoauth2token": {
524
+ "name": "GetResourceOauth2Token",
525
+ "description": "Grants permission to retrieve access token with OAuth2 2LO or 3LO flow to access external resource",
526
+ "accessLevel": "Read",
527
+ "resourceTypes": [],
528
+ "conditionKeys": [],
529
+ "dependentActions": []
530
+ },
531
+ "gettokenvault": {
532
+ "name": "GetTokenVault",
533
+ "description": "Grants permission to fetch the current configuration of the TokenVault, including encryption settings",
534
+ "accessLevel": "Read",
535
+ "resourceTypes": [],
536
+ "conditionKeys": [],
537
+ "dependentActions": []
538
+ },
539
+ "getworkloadaccesstoken": {
540
+ "name": "GetWorkloadAccessToken",
541
+ "description": "Grants permission to retrieve an Workload access token for agentic workloads not acting on behalf of a user",
542
+ "accessLevel": "Write",
543
+ "resourceTypes": [],
544
+ "conditionKeys": [],
545
+ "dependentActions": []
546
+ },
547
+ "getworkloadaccesstokenforjwt": {
548
+ "name": "GetWorkloadAccessTokenForJWT",
549
+ "description": "Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with JWT token",
550
+ "accessLevel": "Write",
551
+ "resourceTypes": [],
552
+ "conditionKeys": [],
553
+ "dependentActions": []
554
+ },
555
+ "getworkloadaccesstokenforuserid": {
556
+ "name": "GetWorkloadAccessTokenForUserId",
557
+ "description": "Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with User Id",
558
+ "accessLevel": "Write",
559
+ "resourceTypes": [],
560
+ "conditionKeys": [],
561
+ "dependentActions": []
562
+ },
563
+ "getworkloadidentity": {
564
+ "name": "GetWorkloadIdentity",
565
+ "description": "Grants permission to fetch details for a specific Workload identity, including its name and allowed OAuth2 return URLs",
566
+ "accessLevel": "Read",
567
+ "resourceTypes": [],
568
+ "conditionKeys": [],
569
+ "dependentActions": []
570
+ },
571
+ "invokeagentruntimeendpoint": {
572
+ "name": "InvokeAgentRuntimeEndpoint",
573
+ "description": "Grants permission to invoke an agent endpoint",
574
+ "accessLevel": "Write",
575
+ "resourceTypes": [
576
+ {
577
+ "name": "runtime",
578
+ "required": true,
579
+ "conditionKeys": [],
580
+ "dependentActions": []
581
+ },
582
+ {
583
+ "name": "runtime-endpoint",
584
+ "required": true,
585
+ "conditionKeys": [],
586
+ "dependentActions": []
587
+ }
588
+ ],
589
+ "conditionKeys": [],
590
+ "dependentActions": []
591
+ },
592
+ "invokecodeinterpreter": {
593
+ "name": "InvokeCodeInterpreter",
594
+ "description": "Grants permission to invoke a code interpreter session",
595
+ "accessLevel": "Write",
596
+ "resourceTypes": [
597
+ {
598
+ "name": "code-interpreter",
599
+ "required": true,
600
+ "conditionKeys": [],
601
+ "dependentActions": []
602
+ },
603
+ {
604
+ "name": "code-interpreter-custom",
605
+ "required": true,
606
+ "conditionKeys": [],
607
+ "dependentActions": []
608
+ }
609
+ ],
610
+ "conditionKeys": [],
611
+ "dependentActions": []
612
+ },
613
+ "listactors": {
614
+ "name": "ListActors",
615
+ "description": "Grants permission to list Actors",
616
+ "accessLevel": "List",
617
+ "resourceTypes": [
618
+ {
619
+ "name": "memory",
620
+ "required": true,
621
+ "conditionKeys": [],
622
+ "dependentActions": []
623
+ }
624
+ ],
625
+ "conditionKeys": [],
626
+ "dependentActions": []
627
+ },
628
+ "listagentruntimeendpoints": {
629
+ "name": "ListAgentRuntimeEndpoints",
630
+ "description": "Grants permission to list agent endpoints",
631
+ "accessLevel": "List",
632
+ "resourceTypes": [],
633
+ "conditionKeys": [],
634
+ "dependentActions": []
635
+ },
636
+ "listagentruntimeversions": {
637
+ "name": "ListAgentRuntimeVersions",
638
+ "description": "Grants permission to list agent runtime versions",
639
+ "accessLevel": "List",
640
+ "resourceTypes": [],
641
+ "conditionKeys": [],
642
+ "dependentActions": []
643
+ },
644
+ "listagentruntimes": {
645
+ "name": "ListAgentRuntimes",
646
+ "description": "Grants permission to list agent runtimes",
647
+ "accessLevel": "List",
648
+ "resourceTypes": [],
649
+ "conditionKeys": [],
650
+ "dependentActions": []
651
+ },
652
+ "listapikeycredentialproviders": {
653
+ "name": "ListApiKeyCredentialProviders",
654
+ "description": "Grants permission to list all API Key Credential Providers in the Token Vault",
655
+ "accessLevel": "Read",
656
+ "resourceTypes": [],
657
+ "conditionKeys": [],
658
+ "dependentActions": []
659
+ },
660
+ "listbrowsersessions": {
661
+ "name": "ListBrowserSessions",
662
+ "description": "Grants permission to list browser sessions",
663
+ "accessLevel": "List",
664
+ "resourceTypes": [],
665
+ "conditionKeys": [],
666
+ "dependentActions": []
667
+ },
668
+ "listbrowsers": {
669
+ "name": "ListBrowsers",
670
+ "description": "Grants permission to list browsers",
671
+ "accessLevel": "List",
672
+ "resourceTypes": [],
673
+ "conditionKeys": [],
674
+ "dependentActions": []
675
+ },
676
+ "listcodeinterpretersessions": {
677
+ "name": "ListCodeInterpreterSessions",
678
+ "description": "Grants permission to list code interpreter sessions",
679
+ "accessLevel": "List",
680
+ "resourceTypes": [
681
+ {
682
+ "name": "code-interpreter",
683
+ "required": true,
684
+ "conditionKeys": [],
685
+ "dependentActions": []
686
+ },
687
+ {
688
+ "name": "code-interpreter-custom",
689
+ "required": true,
690
+ "conditionKeys": [],
691
+ "dependentActions": []
692
+ }
693
+ ],
694
+ "conditionKeys": [],
695
+ "dependentActions": []
696
+ },
697
+ "listcodeinterpreters": {
698
+ "name": "ListCodeInterpreters",
699
+ "description": "Grants permission to list code interpreters",
700
+ "accessLevel": "List",
701
+ "resourceTypes": [],
702
+ "conditionKeys": [],
703
+ "dependentActions": []
704
+ },
705
+ "listevents": {
706
+ "name": "ListEvents",
707
+ "description": "Grants permission to list events",
708
+ "accessLevel": "List",
709
+ "resourceTypes": [
710
+ {
711
+ "name": "memory",
712
+ "required": true,
713
+ "conditionKeys": [],
714
+ "dependentActions": []
715
+ }
716
+ ],
717
+ "conditionKeys": [
718
+ "bedrock-agentcore:sessionId",
719
+ "bedrock-agentcore:actorId"
720
+ ],
721
+ "dependentActions": []
722
+ },
723
+ "listgatewaytargets": {
724
+ "name": "ListGatewayTargets",
725
+ "description": "Grants permission to list existing gateway targets",
726
+ "accessLevel": "List",
727
+ "resourceTypes": [
728
+ {
729
+ "name": "gateway",
730
+ "required": true,
731
+ "conditionKeys": [],
732
+ "dependentActions": []
733
+ }
734
+ ],
735
+ "conditionKeys": [],
736
+ "dependentActions": []
737
+ },
738
+ "listgateways": {
739
+ "name": "ListGateways",
740
+ "description": "Grants permission to list existing gateways",
741
+ "accessLevel": "List",
742
+ "resourceTypes": [],
743
+ "conditionKeys": [],
744
+ "dependentActions": []
745
+ },
746
+ "listmemories": {
747
+ "name": "ListMemories",
748
+ "description": "Grants permission to list memory resources",
749
+ "accessLevel": "List",
750
+ "resourceTypes": [],
751
+ "conditionKeys": [],
752
+ "dependentActions": []
753
+ },
754
+ "listmemoryrecords": {
755
+ "name": "ListMemoryRecords",
756
+ "description": "Grants permission to list memory records",
757
+ "accessLevel": "List",
758
+ "resourceTypes": [
759
+ {
760
+ "name": "memory",
761
+ "required": true,
762
+ "conditionKeys": [],
763
+ "dependentActions": []
764
+ }
765
+ ],
766
+ "conditionKeys": [
767
+ "bedrock-agentcore:namespace",
768
+ "bedrock-agentcore:strategyId"
769
+ ],
770
+ "dependentActions": []
771
+ },
772
+ "listoauth2credentialproviders": {
773
+ "name": "ListOauth2CredentialProviders",
774
+ "description": "Grants permission to list all OAuth2 Credential Providers in the Token Vault",
775
+ "accessLevel": "Read",
776
+ "resourceTypes": [],
777
+ "conditionKeys": [],
778
+ "dependentActions": []
779
+ },
780
+ "listsessions": {
781
+ "name": "ListSessions",
782
+ "description": "Grants permission to list sessions",
783
+ "accessLevel": "List",
784
+ "resourceTypes": [
785
+ {
786
+ "name": "memory",
787
+ "required": true,
788
+ "conditionKeys": [],
789
+ "dependentActions": []
790
+ }
791
+ ],
792
+ "conditionKeys": [
793
+ "bedrock-agentcore:actorId"
794
+ ],
795
+ "dependentActions": []
796
+ },
797
+ "listworkloadidentities": {
798
+ "name": "ListWorkloadIdentities",
799
+ "description": "Grants permission to list all Workload Identities in the caller's AWS account",
800
+ "accessLevel": "Read",
801
+ "resourceTypes": [],
802
+ "conditionKeys": [],
803
+ "dependentActions": []
804
+ },
805
+ "retrievememoryrecords": {
806
+ "name": "RetrieveMemoryRecords",
807
+ "description": "Grants permission to retrieve memory records through sematic query",
808
+ "accessLevel": "List",
809
+ "resourceTypes": [
810
+ {
811
+ "name": "memory",
812
+ "required": true,
813
+ "conditionKeys": [],
814
+ "dependentActions": []
815
+ }
816
+ ],
817
+ "conditionKeys": [
818
+ "bedrock-agentcore:namespace",
819
+ "bedrock-agentcore:strategyId"
820
+ ],
821
+ "dependentActions": []
822
+ },
823
+ "settokenvaultcmk": {
824
+ "name": "SetTokenVaultCMK",
825
+ "description": "Grants permission to associate a Customer Managed Key (CMK) or a Service Managed Key with a specific TokenVault",
826
+ "accessLevel": "Read",
827
+ "resourceTypes": [],
828
+ "conditionKeys": [],
829
+ "dependentActions": []
830
+ },
831
+ "startbrowsersession": {
832
+ "name": "StartBrowserSession",
833
+ "description": "Grants permission to starts a new browser session",
834
+ "accessLevel": "Write",
835
+ "resourceTypes": [
836
+ {
837
+ "name": "browser",
838
+ "required": true,
839
+ "conditionKeys": [],
840
+ "dependentActions": []
841
+ },
842
+ {
843
+ "name": "browser-custom",
844
+ "required": true,
845
+ "conditionKeys": [],
846
+ "dependentActions": []
847
+ }
848
+ ],
849
+ "conditionKeys": [],
850
+ "dependentActions": []
851
+ },
852
+ "startcodeinterpretersession": {
853
+ "name": "StartCodeInterpreterSession",
854
+ "description": "Grants permission to start a new code interpreter session",
855
+ "accessLevel": "Write",
856
+ "resourceTypes": [
857
+ {
858
+ "name": "code-interpreter",
859
+ "required": true,
860
+ "conditionKeys": [],
861
+ "dependentActions": []
862
+ },
863
+ {
864
+ "name": "code-interpreter-custom",
865
+ "required": true,
866
+ "conditionKeys": [],
867
+ "dependentActions": []
868
+ }
869
+ ],
870
+ "conditionKeys": [],
871
+ "dependentActions": []
872
+ },
873
+ "stopbrowsersession": {
874
+ "name": "StopBrowserSession",
875
+ "description": "Grants permission to stop a browser session",
876
+ "accessLevel": "Write",
877
+ "resourceTypes": [
878
+ {
879
+ "name": "browser",
880
+ "required": true,
881
+ "conditionKeys": [],
882
+ "dependentActions": []
883
+ },
884
+ {
885
+ "name": "browser-custom",
886
+ "required": true,
887
+ "conditionKeys": [],
888
+ "dependentActions": []
889
+ }
890
+ ],
891
+ "conditionKeys": [],
892
+ "dependentActions": []
893
+ },
894
+ "stopcodeinterpretersession": {
895
+ "name": "StopCodeInterpreterSession",
896
+ "description": "Grants permission to stop a code interpreter session",
897
+ "accessLevel": "Write",
898
+ "resourceTypes": [
899
+ {
900
+ "name": "code-interpreter",
901
+ "required": true,
902
+ "conditionKeys": [],
903
+ "dependentActions": []
904
+ },
905
+ {
906
+ "name": "code-interpreter-custom",
907
+ "required": true,
908
+ "conditionKeys": [],
909
+ "dependentActions": []
910
+ }
911
+ ],
912
+ "conditionKeys": [],
913
+ "dependentActions": []
914
+ },
915
+ "synchronizegatewaytargets": {
916
+ "name": "SynchronizeGatewayTargets",
917
+ "isPermissionOnly": true,
918
+ "description": "Grants permission to enable search on gateways",
919
+ "accessLevel": "Permissions management",
920
+ "resourceTypes": [
921
+ {
922
+ "name": "gateway",
923
+ "required": true,
924
+ "conditionKeys": [],
925
+ "dependentActions": []
926
+ }
927
+ ],
928
+ "conditionKeys": [],
929
+ "dependentActions": []
930
+ },
931
+ "updateagentruntime": {
932
+ "name": "UpdateAgentRuntime",
933
+ "description": "Grants permission to update an agent runtime",
934
+ "accessLevel": "Write",
935
+ "resourceTypes": [
936
+ {
937
+ "name": "runtime",
938
+ "required": true,
939
+ "conditionKeys": [],
940
+ "dependentActions": []
941
+ }
942
+ ],
943
+ "conditionKeys": [],
944
+ "dependentActions": [
945
+ "iam:PassRole"
946
+ ]
947
+ },
948
+ "updateagentruntimeendpoint": {
949
+ "name": "UpdateAgentRuntimeEndpoint",
950
+ "description": "Grants permission to update an agent endpoint",
951
+ "accessLevel": "Write",
952
+ "resourceTypes": [
953
+ {
954
+ "name": "runtime",
955
+ "required": true,
956
+ "conditionKeys": [],
957
+ "dependentActions": []
958
+ },
959
+ {
960
+ "name": "runtime-endpoint",
961
+ "required": true,
962
+ "conditionKeys": [],
963
+ "dependentActions": []
964
+ }
965
+ ],
966
+ "conditionKeys": [],
967
+ "dependentActions": []
968
+ },
969
+ "updateapikeycredentialprovider": {
970
+ "name": "UpdateApiKeyCredentialProvider",
971
+ "description": "Grants permission to update an existing API Key Credential Provider",
972
+ "accessLevel": "Write",
973
+ "resourceTypes": [],
974
+ "conditionKeys": [],
975
+ "dependentActions": []
976
+ },
977
+ "updatebrowserstream": {
978
+ "name": "UpdateBrowserStream",
979
+ "description": "Grants permission to update the status of browser session stream",
980
+ "accessLevel": "Write",
981
+ "resourceTypes": [
982
+ {
983
+ "name": "browser",
984
+ "required": true,
985
+ "conditionKeys": [],
986
+ "dependentActions": []
987
+ },
988
+ {
989
+ "name": "browser-custom",
990
+ "required": true,
991
+ "conditionKeys": [],
992
+ "dependentActions": []
993
+ }
994
+ ],
995
+ "conditionKeys": [],
996
+ "dependentActions": []
997
+ },
998
+ "updategateway": {
999
+ "name": "UpdateGateway",
1000
+ "description": "Grants permission to update an existing gateway",
1001
+ "accessLevel": "Write",
1002
+ "resourceTypes": [
1003
+ {
1004
+ "name": "gateway",
1005
+ "required": true,
1006
+ "conditionKeys": [],
1007
+ "dependentActions": []
1008
+ }
1009
+ ],
1010
+ "conditionKeys": [],
1011
+ "dependentActions": [
1012
+ "iam:PassRole"
1013
+ ]
1014
+ },
1015
+ "updategatewaytarget": {
1016
+ "name": "UpdateGatewayTarget",
1017
+ "description": "Grants permission to update an existing gateway target",
1018
+ "accessLevel": "Write",
1019
+ "resourceTypes": [
1020
+ {
1021
+ "name": "gateway",
1022
+ "required": true,
1023
+ "conditionKeys": [],
1024
+ "dependentActions": []
1025
+ }
1026
+ ],
1027
+ "conditionKeys": [],
1028
+ "dependentActions": []
1029
+ },
1030
+ "updatememory": {
1031
+ "name": "UpdateMemory",
1032
+ "description": "Grants permission to update a Memory resource",
1033
+ "accessLevel": "Write",
1034
+ "resourceTypes": [
1035
+ {
1036
+ "name": "memory",
1037
+ "required": true,
1038
+ "conditionKeys": [],
1039
+ "dependentActions": []
1040
+ }
1041
+ ],
1042
+ "conditionKeys": [],
1043
+ "dependentActions": [
1044
+ "iam:PassRole"
1045
+ ]
1046
+ },
1047
+ "updateoauth2credentialprovider": {
1048
+ "name": "UpdateOauth2CredentialProvider",
1049
+ "description": "Grants permission to update an existing OAuth2 Credential Provider",
1050
+ "accessLevel": "Write",
1051
+ "resourceTypes": [],
1052
+ "conditionKeys": [],
1053
+ "dependentActions": []
1054
+ },
1055
+ "updateworkloadidentity": {
1056
+ "name": "UpdateWorkloadIdentity",
1057
+ "description": "Grants permission to update the metadata of an existing Workload Identity",
1058
+ "accessLevel": "Write",
1059
+ "resourceTypes": [],
1060
+ "conditionKeys": [],
1061
+ "dependentActions": []
1062
+ }
1063
+ }
package/data/actions/s3.json CHANGED
@@ -249,7 +249,7 @@
249
249
  },
250
250
  "createbucketmetadatatableconfiguration": {
251
251
  "name": "CreateBucketMetadataTableConfiguration",
252
- "description": "Grants permission to create a new S3 Metadata configuration for a specified bucket",
252
+ "description": "Grants permission to create a new S3 Metadata configuration for a specified general purpose bucket",
253
253
  "accessLevel": "Write",
254
254
  "resourceTypes": [
255
255
  {
@@ -257,9 +257,12 @@
257
257
  "required": true,
258
258
  "conditionKeys": [],
259
259
  "dependentActions": [
260
+ "kms:DescribeKey",
260
261
  "s3tables:CreateNamespace",
261
262
  "s3tables:CreateTable",
263
+ "s3tables:CreateTableBucket",
262
264
  "s3tables:GetTable",
265
+ "s3tables:PutTableEncryption",
263
266
  "s3tables:PutTablePolicy"
264
267
  ]
265
268
  }
@@ -554,7 +557,7 @@
554
557
  },
555
558
  "deletebucketmetadatatableconfiguration": {
556
559
  "name": "DeleteBucketMetadataTableConfiguration",
557
- "description": "Grants permission to delete the S3 Metadata configuration for a specified bucket",
560
+ "description": "Grants permission to delete the S3 Metadata configuration for a specified general purpose bucket",
558
561
  "accessLevel": "Write",
559
562
  "resourceTypes": [
560
563
  {
@@ -1338,7 +1341,7 @@
1338
1341
  },
1339
1342
  "getbucketmetadatatableconfiguration": {
1340
1343
  "name": "GetBucketMetadataTableConfiguration",
1341
- "description": "Grants permission to return the S3 Metadata configuration for a specified bucket",
1344
+ "description": "Grants permission to return the S3 Metadata configuration for a specified general purpose bucket",
1342
1345
  "accessLevel": "Read",
1343
1346
  "resourceTypes": [
1344
1347
  {
@@ -3799,6 +3802,58 @@
3799
3802
  ],
3800
3803
  "dependentActions": []
3801
3804
  },
3805
+ "updatebucketmetadatainventorytableconfiguration": {
3806
+ "name": "UpdateBucketMetadataInventoryTableConfiguration",
3807
+ "description": "Grants permission to update the inventory table configuration on an existing S3 Metadata configuration for a specified general purpose bucket",
3808
+ "accessLevel": "Write",
3809
+ "resourceTypes": [
3810
+ {
3811
+ "name": "bucket",
3812
+ "required": true,
3813
+ "conditionKeys": [],
3814
+ "dependentActions": [
3815
+ "kms:DescribeKey",
3816
+ "s3tables:CreateNamespace",
3817
+ "s3tables:CreateTable",
3818
+ "s3tables:CreateTableBucket",
3819
+ "s3tables:GetTable",
3820
+ "s3tables:PutTableEncryption",
3821
+ "s3tables:PutTablePolicy"
3822
+ ]
3823
+ }
3824
+ ],
3825
+ "conditionKeys": [
3826
+ "s3:authType",
3827
+ "s3:ResourceAccount",
3828
+ "s3:signatureAge",
3829
+ "s3:signatureversion",
3830
+ "s3:TlsVersion",
3831
+ "s3:x-amz-content-sha256"
3832
+ ],
3833
+ "dependentActions": []
3834
+ },
3835
+ "updatebucketmetadatajournaltableconfiguration": {
3836
+ "name": "UpdateBucketMetadataJournalTableConfiguration",
3837
+ "description": "Grants permission to update the journal table configuration on an existing S3 Metadata configuration for a specified general purpose bucket",
3838
+ "accessLevel": "Write",
3839
+ "resourceTypes": [
3840
+ {
3841
+ "name": "bucket",
3842
+ "required": true,
3843
+ "conditionKeys": [],
3844
+ "dependentActions": []
3845
+ }
3846
+ ],
3847
+ "conditionKeys": [
3848
+ "s3:authType",
3849
+ "s3:ResourceAccount",
3850
+ "s3:signatureAge",
3851
+ "s3:signatureversion",
3852
+ "s3:TlsVersion",
3853
+ "s3:x-amz-content-sha256"
3854
+ ],
3855
+ "dependentActions": []
3856
+ },
3802
3857
  "updatejobpriority": {
3803
3858
  "name": "UpdateJobPriority",
3804
3859
  "description": "Grants permission to update the priority of an existing job",
package/data/actions/securitylake.json CHANGED
@@ -130,6 +130,7 @@
130
130
  "resourceTypes": [],
131
131
  "conditionKeys": [
132
132
  "aws:RequestTag/${TagKey}",
133
+ "aws:ResourceTag/${TagKey}",
133
134
  "aws:TagKeys"
134
135
  ],
135
136
  "dependentActions": [
package/data/conditionKeys/bedrock-agentcore.json ADDED
@@ -0,0 +1,22 @@
1
+ {
2
+ "bedrock-agentcore:actorid": {
3
+ "key": "bedrock-agentcore:actorId",
4
+ "description": "Filters access by Actor Id",
5
+ "type": "String"
6
+ },
7
+ "bedrock-agentcore:namespace": {
8
+ "key": "bedrock-agentcore:namespace",
9
+ "description": "Filters access by namespace",
10
+ "type": "String"
11
+ },
12
+ "bedrock-agentcore:sessionid": {
13
+ "key": "bedrock-agentcore:sessionId",
14
+ "description": "Filters access by Session Id",
15
+ "type": "String"
16
+ },
17
+ "bedrock-agentcore:strategyid": {
18
+ "key": "bedrock-agentcore:strategyId",
19
+ "description": "Filters access by Memory Strategy Id",
20
+ "type": "String"
21
+ }
22
+ }
package/data/resourceTypes/bedrock-agentcore.json ADDED
@@ -0,0 +1,46 @@
1
+ {
2
+ "memory": {
3
+ "key": "memory",
4
+ "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:memory/${MemoryId}"
5
+ },
6
+ "gateway": {
7
+ "key": "gateway",
8
+ "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:gateway/${GatewayId}"
9
+ },
10
+ "workload-identity": {
11
+ "key": "workload-identity",
12
+ "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:workload-identity-directory/${DirectoryId}/workload-identity/${WorkloadIdentityName}"
13
+ },
14
+ "oauth2credentialprovider": {
15
+ "key": "oauth2credentialprovider",
16
+ "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}/oauth2credentialprovider/${Name}"
17
+ },
18
+ "apikeycredentialprovider": {
19
+ "key": "apikeycredentialprovider",
20
+ "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}/apikeycredentialprovider/${Name}"
21
+ },
22
+ "runtime": {
23
+ "key": "runtime",
24
+ "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:runtime/${RuntimeId}"
25
+ },
26
+ "runtime-endpoint": {
27
+ "key": "runtime-endpoint",
28
+ "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:runtime/${RuntimeId}/runtime-endpoint/${Name}"
29
+ },
30
+ "code-interpreter-custom": {
31
+ "key": "code-interpreter-custom",
32
+ "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:code-interpreter-custom/${CodeInterpreterId}"
33
+ },
34
+ "code-interpreter": {
35
+ "key": "code-interpreter",
36
+ "arn": "arn:${Partition}:bedrock-agentcore:${Region}:aws:code-interpreter/${CodeInterpreterId}"
37
+ },
38
+ "browser-custom": {
39
+ "key": "browser-custom",
40
+ "arn": "arn:${Partition}:bedrock-agentcore:${Region}:${Account}:browser-custom/${BrowserId}"
41
+ },
42
+ "browser": {
43
+ "key": "browser",
44
+ "arn": "arn:${Partition}:bedrock-agentcore:${Region}:aws:browser/${BrowserId}"
45
+ }
46
+ }
package/data/serviceNames.json CHANGED
@@ -50,6 +50,7 @@
50
50
  "bcm-data-exports": "AWS Billing And Cost Management Data Exports",
51
51
  "bcm-pricing-calculator": "AWS Billing And Cost Management Pricing Calculator",
52
52
  "bedrock": "Amazon Bedrock",
53
+ "bedrock-agentcore": "Amazon Bedrock Agentcore",
53
54
  "billing": "AWS Billing",
54
55
  "billingconductor": "AWS Billing Conductor",
55
56
  "braket": "Amazon Braket",
@@ -383,7 +384,6 @@
383
384
  "support-console": "AWS Support Console",
384
385
  "supportapp": "AWS Support App in Slack",
385
386
  "supportplans": "AWS Support Plans",
386
- "supportrecommendations": "AWS Support Recommendations",
387
387
  "sustainability": "AWS Sustainability",
388
388
  "swf": "Amazon Simple Workflow Service",
389
389
  "synthetics": "Amazon CloudWatch Synthetics",
package/data/services.json CHANGED
@@ -50,6 +50,7 @@
50
50
  "bcm-data-exports",
51
51
  "bcm-pricing-calculator",
52
52
  "bedrock",
53
+ "bedrock-agentcore",
53
54
  "billing",
54
55
  "billingconductor",
55
56
  "braket",
@@ -383,7 +384,6 @@
383
384
  "support-console",
384
385
  "supportapp",
385
386
  "supportplans",
386
- "supportrecommendations",
387
387
  "sustainability",
388
388
  "swf",
389
389
  "synthetics",
package/package.json CHANGED
@@ -1,9 +1,9 @@
1
1
  {
2
2
  "name": "@cloud-copilot/iam-data",
3
- "version": "0.9.202507161",
3
+ "version": "0.9.202507171",
4
4
  "description": "AWS IAM Data",
5
5
  "repository": "github:cloud-copilot/iam-data",
6
- "updatedAt": "2025-07-16T05:01:34.567Z",
6
+ "updatedAt": "2025-07-17T05:01:41.010Z",
7
7
  "exports": {
8
8
  ".": {
9
9
  "import": "./dist/esm/index.js",
package/data/actions/supportrecommendations.json DELETED
@@ -1,20 +0,0 @@
1
- {
2
- "getsupporttroubleshootingresponse": {
3
- "name": "GetSupportTroubleshootingResponse",
4
- "isPermissionOnly": true,
5
- "description": "Grants permission to the GetSupportTroubleshootingResponse API which lists troubleshooting responses for users' issues",
6
- "accessLevel": "Read",
7
- "resourceTypes": [],
8
- "conditionKeys": [],
9
- "dependentActions": []
10
- },
11
- "startsupporttroubleshooting": {
12
- "name": "StartSupportTroubleshooting",
13
- "isPermissionOnly": true,
14
- "description": "Grants permission to the StartSupportTroubleshooting API which starts troubleshooting for users' issues",
15
- "accessLevel": "Read",
16
- "resourceTypes": [],
17
- "conditionKeys": [],
18
- "dependentActions": []
19
- }
20
- }