aws-iam-language-server 0.0.28 → 0.0.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/package.json +1 -1
  2. package/src/data/servicereference/actions.json +1 -1
  3. package/src/data/servicereference/services/apigateway.json +1 -1
  4. package/src/data/servicereference/services/bedrock-agentcore.json +1 -1
  5. package/src/data/servicereference/services/billing.json +1 -1
  6. package/src/data/servicereference/services/cloudformation.json +1 -1
  7. package/src/data/servicereference/services/cloudfront.json +1 -1
  8. package/src/data/servicereference/services/datazone.json +1 -1
  9. package/src/data/servicereference/services/dsql.json +1 -1
  10. package/src/data/servicereference/services/inspector2-telemetry.json +1 -1
  11. package/src/data/servicereference/services/kinesisanalytics.json +1 -1
  12. package/src/data/servicereference/services/logs.json +1 -1
  13. package/src/data/servicereference/services/odb.json +1 -1
  14. package/src/data/servicereference/services/rtbfabric.json +1 -1
  15. package/src/data/servicereference/services/sagemaker.json +1 -1
  16. package/src/data/servicereference/services/sts.json +1 -1
package/src/data/servicereference/services/sts.json CHANGED
@@ -1 +1 @@
1
- {"name":"sts","actions":{"AssumeRole":{"name":"AssumeRole","service":"sts","conditionKeys":["accounts.google.com:aud","accounts.google.com:sub","aws:RequestTag/${TagKey}","aws:TagKeys","cognito-identity.amazonaws.com:amr","cognito-identity.amazonaws.com:aud","cognito-identity.amazonaws.com:sub","graph.facebook.com:app_id","graph.facebook.com:id","iam:ResourceTag/${TagKey}","saml:namequalifier","saml:sub","saml:sub_type","sts:ExternalId","sts:RoleSessionName","sts:SourceIdentity","sts:TransitiveTagKeys","www.amazon.com:app_id","www.amazon.com:user_id"],"resources":[{"name":"role"}],"description":"Grants permission to obtain a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to","accessLevel":"Write","resourceTypes":[{"name":"role","required":true}],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-AssumeRole"},"AssumeRoleWithSAML":{"name":"AssumeRoleWithSAML","service":"sts","conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","saml:aud","saml:cn","saml:commonName","saml:doc","saml:eduorghomepageuri","saml:eduorgidentityauthnpolicyuri","saml:eduorglegalname","saml:eduorgsuperioruri","saml:eduorgwhitepagesuri","saml:edupersonaffiliation","saml:edupersonassurance","saml:edupersonentitlement","saml:edupersonnickname","saml:edupersonorgdn","saml:edupersonorgunitdn","saml:edupersonprimaryaffiliation","saml:edupersonprimaryorgunitdn","saml:edupersonprincipalname","saml:edupersonscopedaffiliation","saml:edupersontargetedid","saml:givenName","saml:iss","saml:mail","saml:name","saml:namequalifier","saml:organizationStatus","saml:primaryGroupSID","saml:sub","saml:sub_type","saml:surname","saml:uid","saml:x500UniqueIdentifier","sts:RoleSessionName","sts:SourceIdentity","sts:TransitiveTagKeys"],"resources":[{"name":"role"}],"description":"Grants permission to obtain a set of temporary security credentials for users who have been authenticated via a SAML authentication response","accessLevel":"Write","resourceTypes":[{"name":"role","required":true}],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-AssumeRoleWithSAML"},"AssumeRoleWithWebIdentity":{"name":"AssumeRoleWithWebIdentity","service":"sts","conditionKeys":["accounts.google.com:aud","accounts.google.com:oaud","accounts.google.com:sub","aws:RequestTag/${TagKey}","aws:TagKeys","cognito-identity.amazonaws.com:amr","cognito-identity.amazonaws.com:aud","cognito-identity.amazonaws.com:sub","graph.facebook.com:app_id","graph.facebook.com:id","sts:RoleSessionName","sts:SourceIdentity","sts:TransitiveTagKeys","www.amazon.com:app_id","www.amazon.com:user_id"],"resources":[{"name":"role"}],"description":"Grants permission to obtain a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider","accessLevel":"Write","resourceTypes":[{"name":"role","required":true}],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-AssumeRoleWithWebIdentity"},"AssumeRoot":{"name":"AssumeRoot","service":"sts","conditionKeys":["sts:TaskPolicyArn"],"resources":[{"name":"root-user"}],"description":"Grants permission to obtain a set of temporary security credentials that you can use to perform privileged tasks in member accounts in your organization","accessLevel":"Write","resourceTypes":[{"name":"root-user","required":true}],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-AssumeRoot"},"DecodeAuthorizationMessage":{"name":"DecodeAuthorizationMessage","service":"sts","conditionKeys":[],"resources":[],"description":"Grants permission to decode additional information about the authorization status of a request from an encoded message returned in response to an AWS request","accessLevel":"Write","resourceTypes":[],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_DecodeAuthorizationMessage.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-DecodeAuthorizationMessage"},"GetAccessKeyInfo":{"name":"GetAccessKeyInfo","service":"sts","conditionKeys":[],"resources":[],"description":"Grants permission to obtain details about the access key id passed as a parameter to the request","accessLevel":"Read","resourceTypes":[],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_GetAccessKeyInfo.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetAccessKeyInfo"},"GetCallerIdentity":{"name":"GetCallerIdentity","service":"sts","conditionKeys":[],"resources":[],"description":"Grants permission to obtain details about the IAM identity whose credentials are used to call the API","accessLevel":"Read","resourceTypes":[],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetCallerIdentity"},"GetDelegatedAccessToken":{"name":"GetDelegatedAccessToken","service":"sts","conditionKeys":[],"resources":[],"description":"Returns temporary security credentials for accessing an AWS account after temporary delegation request approval. This API requires the tradeInToken provided upon request delegation approval and is intended to be used only by Amazon or AWS Partners","accessLevel":"Write","resourceTypes":[],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_GetDelegatedAccessToken.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetDelegatedAccessToken"},"GetFederationToken":{"name":"GetFederationToken","service":"sts","conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"federated-user"},{"name":"user"}],"description":"Grants permission to obtain a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user","accessLevel":"Read","resourceTypes":[{"name":"federated-user","required":false},{"name":"user","required":false}],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetFederationToken"},"GetServiceBearerToken":{"name":"GetServiceBearerToken","service":"sts","conditionKeys":["sts:AWSServiceName","sts:DurationSeconds"],"resources":[],"description":"Grants permission to obtain a STS bearer token for an AWS root user, IAM role, or an IAM user","accessLevel":"Read","resourceTypes":[],"permissionOnly":true,"operationUrl":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bearer.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetServiceBearerToken"},"GetSessionToken":{"name":"GetSessionToken","service":"sts","conditionKeys":[],"resources":[],"description":"Grants permission to obtain a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for an AWS account or IAM user","accessLevel":"Read","resourceTypes":[],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetSessionToken"},"GetWebIdentityToken":{"name":"GetWebIdentityToken","service":"sts","conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","sts:DurationSeconds","sts:IdentityTokenAudience","sts:SigningAlgorithm"],"resources":[],"description":"Grants permission to obtain a short-lived, publicly verifiable JSON Web Token (JWT) that represents the calling IAM principal's identity","accessLevel":"Write","resourceTypes":[],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_GetWebIdentityToken.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetWebIdentityToken"},"SetContext":{"name":"SetContext","service":"sts","conditionKeys":["sts:RequestContext/${ContextKey}","sts:RequestContextProviders"],"resources":[{"name":"role"},{"name":"self-session"}],"description":"Grants permission to set context keys on a STS session","accessLevel":"Write","resourceTypes":[{"name":"role","required":false},{"name":"self-session","required":false}],"permissionOnly":true,"operationUrl":"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-SetContext"},"SetSourceIdentity":{"name":"SetSourceIdentity","service":"sts","conditionKeys":["sts:SourceIdentity"],"resources":[{"name":"role"},{"name":"user"}],"description":"Grants permission to set a source identity on a STS session","accessLevel":"Write","resourceTypes":[{"name":"role","required":false},{"name":"user","required":false}],"permissionOnly":true,"operationUrl":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html#id_credentials_temp_control-access_monitor-perms","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-SetSourceIdentity"},"TagGetWebIdentityToken":{"name":"TagGetWebIdentityToken","service":"sts","conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to add tags to the JSON Web Token (JWT) generated by the GetWebIdentityToken API","accessLevel":"Tagging","resourceTypes":[],"permissionOnly":true,"operationUrl":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_web_identity_token_tags.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-TagGetWebIdentityToken"},"TagSession":{"name":"TagSession","service":"sts","conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","saml:aud","sts:TransitiveTagKeys"],"resources":[{"name":"role"},{"name":"user"}],"description":"Grants permission to add tags to a STS session","accessLevel":"Tagging","resourceTypes":[{"name":"role","required":false},{"name":"user","required":false}],"permissionOnly":true,"operationUrl":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-TagSession"}},"resources":[{"service":"sts","name":"context-provider","arnFormats":["arn:${Partition}:iam::aws:contextProvider/${ContextProviderName}"],"conditionKeys":[]},{"service":"sts","name":"federated-user","arnFormats":["arn:${Partition}:sts::${Account}:federated-user/${FederatedUserName}"],"conditionKeys":[]},{"service":"sts","name":"role","arnFormats":["arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}"],"conditionKeys":["aws:ResourceTag/${TagKey}","iam:ResourceTag/${TagKey}"]},{"service":"sts","name":"root-user","arnFormats":["arn:${Partition}:iam::${Account}:root"],"conditionKeys":[]},{"service":"sts","name":"self-session","arnFormats":["arn:${Partition}:sts::${Account}:self"],"conditionKeys":[]},{"service":"sts","name":"user","arnFormats":["arn:${Partition}:iam::${Account}:user/${UserNameWithPath}"],"conditionKeys":[]}],"conditionKeys":{"accounts.google.com:aud":{"name":"accounts.google.com:aud","types":["String"],"description":"Filters access by the Google application ID"},"accounts.google.com:oaud":{"name":"accounts.google.com:oaud","types":["String"],"description":"Filters access by the Google audience"},"accounts.google.com:sub":{"name":"accounts.google.com:sub","types":["String"],"description":"Filters access by the subject of the claim (the Google user ID)"},"aws:RequestTag/${TagKey}":{"name":"aws:RequestTag/${TagKey}","types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"name":"aws:ResourceTag/${TagKey}","types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"name":"aws:TagKeys","types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"},"cognito-identity.amazonaws.com:amr":{"name":"cognito-identity.amazonaws.com:amr","types":["String"],"description":"Filters access by the login information for Amazon Cognito"},"cognito-identity.amazonaws.com:aud":{"name":"cognito-identity.amazonaws.com:aud","types":["String"],"description":"Filters access by the Amazon Cognito identity pool ID"},"cognito-identity.amazonaws.com:sub":{"name":"cognito-identity.amazonaws.com:sub","types":["String"],"description":"Filters access by the subject of the claim (the Amazon Cognito user ID)"},"graph.facebook.com:app_id":{"name":"graph.facebook.com:app_id","types":["String"],"description":"Filters access by the Facebook application ID"},"graph.facebook.com:id":{"name":"graph.facebook.com:id","types":["String"],"description":"Filters access by the Facebook user ID"},"iam:ResourceTag/${TagKey}":{"name":"iam:ResourceTag/${TagKey}","types":["String"],"description":"Filters access by the tags that are attached to the role that is being assumed"},"saml:aud":{"name":"saml:aud","types":["String"],"description":"Filters access by the endpoint URL to which SAML assertions are presented"},"saml:cn":{"name":"saml:cn","types":["ArrayOfString"],"description":"Filters access by the eduOrg attribute"},"saml:commonName":{"name":"saml:commonName","types":["String"],"description":"Filters access by the commonName attribute"},"saml:doc":{"name":"saml:doc","types":["String"],"description":"Filters access by on the principal that was used to assume the role"},"saml:eduorghomepageuri":{"name":"saml:eduorghomepageuri","types":["ArrayOfString"],"description":"Filters access by the eduOrg attribute"},"saml:eduorgidentityauthnpolicyuri":{"name":"saml:eduorgidentityauthnpolicyuri","types":["ArrayOfString"],"description":"Filters access by the eduOrg attribute"},"saml:eduorglegalname":{"name":"saml:eduorglegalname","types":["ArrayOfString"],"description":"Filters access by the eduOrg attribute"},"saml:eduorgsuperioruri":{"name":"saml:eduorgsuperioruri","types":["ArrayOfString"],"description":"Filters access by the eduOrg attribute"},"saml:eduorgwhitepagesuri":{"name":"saml:eduorgwhitepagesuri","types":["ArrayOfString"],"description":"Filters access by the eduOrg attribute"},"saml:edupersonaffiliation":{"name":"saml:edupersonaffiliation","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonassurance":{"name":"saml:edupersonassurance","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonentitlement":{"name":"saml:edupersonentitlement","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonnickname":{"name":"saml:edupersonnickname","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonorgdn":{"name":"saml:edupersonorgdn","types":["String"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonorgunitdn":{"name":"saml:edupersonorgunitdn","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonprimaryaffiliation":{"name":"saml:edupersonprimaryaffiliation","types":["String"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonprimaryorgunitdn":{"name":"saml:edupersonprimaryorgunitdn","types":["String"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonprincipalname":{"name":"saml:edupersonprincipalname","types":["String"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonscopedaffiliation":{"name":"saml:edupersonscopedaffiliation","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:edupersontargetedid":{"name":"saml:edupersontargetedid","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:givenName":{"name":"saml:givenName","types":["String"],"description":"Filters access by the givenName attribute"},"saml:iss":{"name":"saml:iss","types":["String"],"description":"Filters access by on the issuer, which is represented by a URN"},"saml:mail":{"name":"saml:mail","types":["String"],"description":"Filters access by the mail attribute"},"saml:name":{"name":"saml:name","types":["String"],"description":"Filters access by the name attribute"},"saml:namequalifier":{"name":"saml:namequalifier","types":["String"],"description":"Filters access by the hash value of the issuer, account ID, and friendly name"},"saml:organizationStatus":{"name":"saml:organizationStatus","types":["String"],"description":"Filters access by the organizationStatus attribute"},"saml:primaryGroupSID":{"name":"saml:primaryGroupSID","types":["String"],"description":"Filters access by the primaryGroupSID attribute"},"saml:sub":{"name":"saml:sub","types":["String"],"description":"Filters access by the subject of the claim (the SAML user ID)"},"saml:sub_type":{"name":"saml:sub_type","types":["String"],"description":"Filters access by the value persistent, transient, or the full Format URI"},"saml:surname":{"name":"saml:surname","types":["String"],"description":"Filters access by the surname attribute"},"saml:uid":{"name":"saml:uid","types":["String"],"description":"Filters access by the uid attribute"},"saml:x500UniqueIdentifier":{"name":"saml:x500UniqueIdentifier","types":["String"],"description":"Filters access by the uid attribute"},"sts:AWSServiceName":{"name":"sts:AWSServiceName","types":["String"],"description":"Filters access by the service that is obtaining a bearer token"},"sts:DurationSeconds":{"name":"sts:DurationSeconds","types":["Numeric"],"description":"Filters access by the duration in seconds when getting a bearer token or a JSON Web Token (JWT) from the GetWebIdentityToken API"},"sts:ExternalId":{"name":"sts:ExternalId","types":["String"],"description":"Filters access by the unique identifier required when you assume a role in another account"},"sts:IdentityTokenAudience":{"name":"sts:IdentityTokenAudience","types":["ArrayOfString"],"description":"Filters access by the audience that is passed in the request"},"sts:RequestContext/${ContextKey}":{"name":"sts:RequestContext/${ContextKey}","types":["String"],"description":"Filters access by the session context key-value pairs embedded in the signed context assertion retrieved from a trusted context provider"},"sts:RequestContextProviders":{"name":"sts:RequestContextProviders","types":["ArrayOfARN"],"description":"Filters access by the context provider ARNs"},"sts:RoleSessionName":{"name":"sts:RoleSessionName","types":["String"],"description":"Filters access by the role session name required when you assume a role"},"sts:SigningAlgorithm":{"name":"sts:SigningAlgorithm","types":["String"],"description":"Filters access by the signing algorithm that is passed in the request"},"sts:SourceIdentity":{"name":"sts:SourceIdentity","types":["String"],"description":"Filters access by the source identity that is passed in the request"},"sts:TaskPolicyArn":{"name":"sts:TaskPolicyArn","types":["String"],"description":"Filters access by TaskPolicyARN"},"sts:TransitiveTagKeys":{"name":"sts:TransitiveTagKeys","types":["ArrayOfString"],"description":"Filters access by the transitive tag keys that are passed in the request"},"www.amazon.com:app_id":{"name":"www.amazon.com:app_id","types":["String"],"description":"Filters access by the Login with Amazon application ID"},"www.amazon.com:user_id":{"name":"www.amazon.com:user_id","types":["String"],"description":"Filters access by the Login with Amazon user ID"}},"url":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html"}
1
+ {"name":"sts","actions":{"AssumeRole":{"name":"AssumeRole","service":"sts","conditionKeys":["accounts.google.com:aud","accounts.google.com:sub","aws:RequestTag/${TagKey}","aws:TagKeys","cognito-identity.amazonaws.com:amr","cognito-identity.amazonaws.com:aud","cognito-identity.amazonaws.com:sub","graph.facebook.com:app_id","graph.facebook.com:id","iam:ResourceTag/${TagKey}","saml:namequalifier","saml:sub","saml:sub_type","sts:ExternalId","sts:RoleSessionName","sts:SourceIdentity","sts:TransitiveTagKeys","www.amazon.com:app_id","www.amazon.com:user_id"],"resources":[{"name":"role"}],"description":"Grants permission to obtain a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to","accessLevel":"Write","resourceTypes":[{"name":"role","required":true}],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-AssumeRole"},"AssumeRoleWithSAML":{"name":"AssumeRoleWithSAML","service":"sts","conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","saml:aud","saml:cn","saml:commonName","saml:doc","saml:eduorghomepageuri","saml:eduorgidentityauthnpolicyuri","saml:eduorglegalname","saml:eduorgsuperioruri","saml:eduorgwhitepagesuri","saml:edupersonaffiliation","saml:edupersonassurance","saml:edupersonentitlement","saml:edupersonnickname","saml:edupersonorgdn","saml:edupersonorgunitdn","saml:edupersonprimaryaffiliation","saml:edupersonprimaryorgunitdn","saml:edupersonprincipalname","saml:edupersonscopedaffiliation","saml:edupersontargetedid","saml:givenName","saml:iss","saml:mail","saml:name","saml:namequalifier","saml:organizationStatus","saml:primaryGroupSID","saml:sub","saml:sub_type","saml:surname","saml:uid","saml:x500UniqueIdentifier","sts:RoleSessionName","sts:SourceIdentity","sts:TransitiveTagKeys"],"resources":[{"name":"role"}],"description":"Grants permission to obtain a set of temporary security credentials for users who have been authenticated via a SAML authentication response","accessLevel":"Write","resourceTypes":[{"name":"role","required":true}],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-AssumeRoleWithSAML"},"AssumeRoleWithWebIdentity":{"name":"AssumeRoleWithWebIdentity","service":"sts","conditionKeys":["accounts.google.com:aud","accounts.google.com:oaud","accounts.google.com:sub","aws:RequestTag/${TagKey}","aws:TagKeys","cognito-identity.amazonaws.com:amr","cognito-identity.amazonaws.com:aud","cognito-identity.amazonaws.com:sub","graph.facebook.com:app_id","graph.facebook.com:id","sts:RoleSessionName","sts:SourceIdentity","sts:TransitiveTagKeys","www.amazon.com:app_id","www.amazon.com:user_id"],"resources":[{"name":"role"}],"description":"Grants permission to obtain a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider","accessLevel":"Write","resourceTypes":[{"name":"role","required":true}],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-AssumeRoleWithWebIdentity"},"AssumeRoot":{"name":"AssumeRoot","service":"sts","conditionKeys":["sts:TaskPolicyArn"],"resources":[{"name":"root-user"}],"description":"Grants permission to obtain a set of temporary security credentials that you can use to perform privileged tasks in member accounts in your organization","accessLevel":"Write","resourceTypes":[{"name":"root-user","required":true}],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-AssumeRoot"},"DecodeAuthorizationMessage":{"name":"DecodeAuthorizationMessage","service":"sts","conditionKeys":[],"resources":[],"description":"Grants permission to decode additional information about the authorization status of a request from an encoded message returned in response to an AWS request","accessLevel":"Write","resourceTypes":[],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_DecodeAuthorizationMessage.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-DecodeAuthorizationMessage"},"GetAccessKeyInfo":{"name":"GetAccessKeyInfo","service":"sts","conditionKeys":[],"resources":[],"description":"Grants permission to obtain details about the access key id passed as a parameter to the request","accessLevel":"Read","resourceTypes":[],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_GetAccessKeyInfo.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetAccessKeyInfo"},"GetCallerIdentity":{"name":"GetCallerIdentity","service":"sts","conditionKeys":[],"resources":[],"description":"Grants permission to obtain details about the IAM identity whose credentials are used to call the API","accessLevel":"Read","resourceTypes":[],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetCallerIdentity"},"GetDelegatedAccessToken":{"name":"GetDelegatedAccessToken","service":"sts","conditionKeys":[],"resources":[],"description":"Returns temporary security credentials for accessing an AWS account after temporary delegation request approval. This API requires the tradeInToken provided upon request delegation approval and is intended to be used only by Amazon or AWS Partners","accessLevel":"Write","resourceTypes":[],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_GetDelegatedAccessToken.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetDelegatedAccessToken"},"GetFederationToken":{"name":"GetFederationToken","service":"sts","conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"federated-user"}],"description":"Grants permission to obtain a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user","accessLevel":"Read","resourceTypes":[{"name":"federated-user","required":false}],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetFederationToken"},"GetServiceBearerToken":{"name":"GetServiceBearerToken","service":"sts","conditionKeys":["sts:AWSServiceName","sts:DurationSeconds"],"resources":[],"description":"Grants permission to obtain a STS bearer token for an AWS root user, IAM role, or an IAM user","accessLevel":"Read","resourceTypes":[],"permissionOnly":true,"operationUrl":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bearer.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetServiceBearerToken"},"GetSessionToken":{"name":"GetSessionToken","service":"sts","conditionKeys":[],"resources":[],"description":"Grants permission to obtain a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for an AWS account or IAM user","accessLevel":"Read","resourceTypes":[],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetSessionToken"},"GetWebIdentityToken":{"name":"GetWebIdentityToken","service":"sts","conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","sts:DurationSeconds","sts:IdentityTokenAudience","sts:SigningAlgorithm"],"resources":[],"description":"Grants permission to obtain a short-lived, publicly verifiable JSON Web Token (JWT) that represents the calling IAM principal's identity","accessLevel":"Write","resourceTypes":[],"operationUrl":"https://docs.aws.amazon.com/STS/latest/APIReference/API_GetWebIdentityToken.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-GetWebIdentityToken"},"SetContext":{"name":"SetContext","service":"sts","conditionKeys":["sts:RequestContext/${ContextKey}","sts:RequestContextProviders"],"resources":[{"name":"role"},{"name":"self-session"}],"description":"Grants permission to set context keys on a STS session","accessLevel":"Write","resourceTypes":[{"name":"role","required":false},{"name":"self-session","required":false}],"permissionOnly":true,"operationUrl":"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-SetContext"},"SetSourceIdentity":{"name":"SetSourceIdentity","service":"sts","conditionKeys":["sts:SourceIdentity"],"resources":[{"name":"role"}],"description":"Grants permission to set a source identity on a STS session","accessLevel":"Write","resourceTypes":[{"name":"role","required":false}],"permissionOnly":true,"operationUrl":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html#id_credentials_temp_control-access_monitor-perms","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-SetSourceIdentity"},"TagGetWebIdentityToken":{"name":"TagGetWebIdentityToken","service":"sts","conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to add tags to the JSON Web Token (JWT) generated by the GetWebIdentityToken API","accessLevel":"Tagging","resourceTypes":[],"permissionOnly":true,"operationUrl":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_web_identity_token_tags.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-TagGetWebIdentityToken"},"TagSession":{"name":"TagSession","service":"sts","conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","saml:aud","sts:TransitiveTagKeys"],"resources":[{"name":"role"}],"description":"Grants permission to add tags to a STS session","accessLevel":"Tagging","resourceTypes":[{"name":"role","required":false}],"permissionOnly":true,"operationUrl":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html","iamUrl":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html#awssecuritytokenservice-TagSession"}},"resources":[{"service":"sts","name":"context-provider","arnFormats":["arn:${Partition}:iam::aws:contextProvider/${ContextProviderName}"],"conditionKeys":[]},{"service":"sts","name":"federated-user","arnFormats":["arn:${Partition}:sts::${Account}:federated-user/${FederatedUserName}"],"conditionKeys":[]},{"service":"sts","name":"role","arnFormats":["arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}"],"conditionKeys":["aws:ResourceTag/${TagKey}","iam:ResourceTag/${TagKey}"]},{"service":"sts","name":"root-user","arnFormats":["arn:${Partition}:iam::${Account}:root"],"conditionKeys":[]},{"service":"sts","name":"self-session","arnFormats":["arn:${Partition}:sts::${Account}:self"],"conditionKeys":[]}],"conditionKeys":{"accounts.google.com:aud":{"name":"accounts.google.com:aud","types":["String"],"description":"Filters access by the Google application ID"},"accounts.google.com:oaud":{"name":"accounts.google.com:oaud","types":["String"],"description":"Filters access by the Google audience"},"accounts.google.com:sub":{"name":"accounts.google.com:sub","types":["String"],"description":"Filters access by the subject of the claim (the Google user ID)"},"aws:RequestTag/${TagKey}":{"name":"aws:RequestTag/${TagKey}","types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"name":"aws:ResourceTag/${TagKey}","types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"name":"aws:TagKeys","types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"},"cognito-identity.amazonaws.com:amr":{"name":"cognito-identity.amazonaws.com:amr","types":["String"],"description":"Filters access by the login information for Amazon Cognito"},"cognito-identity.amazonaws.com:aud":{"name":"cognito-identity.amazonaws.com:aud","types":["String"],"description":"Filters access by the Amazon Cognito identity pool ID"},"cognito-identity.amazonaws.com:sub":{"name":"cognito-identity.amazonaws.com:sub","types":["String"],"description":"Filters access by the subject of the claim (the Amazon Cognito user ID)"},"graph.facebook.com:app_id":{"name":"graph.facebook.com:app_id","types":["String"],"description":"Filters access by the Facebook application ID"},"graph.facebook.com:id":{"name":"graph.facebook.com:id","types":["String"],"description":"Filters access by the Facebook user ID"},"iam:ResourceTag/${TagKey}":{"name":"iam:ResourceTag/${TagKey}","types":["String"],"description":"Filters access by the tags that are attached to the role that is being assumed"},"saml:aud":{"name":"saml:aud","types":["String"],"description":"Filters access by the endpoint URL to which SAML assertions are presented"},"saml:cn":{"name":"saml:cn","types":["ArrayOfString"],"description":"Filters access by the eduOrg attribute"},"saml:commonName":{"name":"saml:commonName","types":["String"],"description":"Filters access by the commonName attribute"},"saml:doc":{"name":"saml:doc","types":["String"],"description":"Filters access by on the principal that was used to assume the role"},"saml:eduorghomepageuri":{"name":"saml:eduorghomepageuri","types":["ArrayOfString"],"description":"Filters access by the eduOrg attribute"},"saml:eduorgidentityauthnpolicyuri":{"name":"saml:eduorgidentityauthnpolicyuri","types":["ArrayOfString"],"description":"Filters access by the eduOrg attribute"},"saml:eduorglegalname":{"name":"saml:eduorglegalname","types":["ArrayOfString"],"description":"Filters access by the eduOrg attribute"},"saml:eduorgsuperioruri":{"name":"saml:eduorgsuperioruri","types":["ArrayOfString"],"description":"Filters access by the eduOrg attribute"},"saml:eduorgwhitepagesuri":{"name":"saml:eduorgwhitepagesuri","types":["ArrayOfString"],"description":"Filters access by the eduOrg attribute"},"saml:edupersonaffiliation":{"name":"saml:edupersonaffiliation","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonassurance":{"name":"saml:edupersonassurance","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonentitlement":{"name":"saml:edupersonentitlement","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonnickname":{"name":"saml:edupersonnickname","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonorgdn":{"name":"saml:edupersonorgdn","types":["String"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonorgunitdn":{"name":"saml:edupersonorgunitdn","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonprimaryaffiliation":{"name":"saml:edupersonprimaryaffiliation","types":["String"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonprimaryorgunitdn":{"name":"saml:edupersonprimaryorgunitdn","types":["String"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonprincipalname":{"name":"saml:edupersonprincipalname","types":["String"],"description":"Filters access by the eduPerson attribute"},"saml:edupersonscopedaffiliation":{"name":"saml:edupersonscopedaffiliation","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:edupersontargetedid":{"name":"saml:edupersontargetedid","types":["ArrayOfString"],"description":"Filters access by the eduPerson attribute"},"saml:givenName":{"name":"saml:givenName","types":["String"],"description":"Filters access by the givenName attribute"},"saml:iss":{"name":"saml:iss","types":["String"],"description":"Filters access by on the issuer, which is represented by a URN"},"saml:mail":{"name":"saml:mail","types":["String"],"description":"Filters access by the mail attribute"},"saml:name":{"name":"saml:name","types":["String"],"description":"Filters access by the name attribute"},"saml:namequalifier":{"name":"saml:namequalifier","types":["String"],"description":"Filters access by the hash value of the issuer, account ID, and friendly name"},"saml:organizationStatus":{"name":"saml:organizationStatus","types":["String"],"description":"Filters access by the organizationStatus attribute"},"saml:primaryGroupSID":{"name":"saml:primaryGroupSID","types":["String"],"description":"Filters access by the primaryGroupSID attribute"},"saml:sub":{"name":"saml:sub","types":["String"],"description":"Filters access by the subject of the claim (the SAML user ID)"},"saml:sub_type":{"name":"saml:sub_type","types":["String"],"description":"Filters access by the value persistent, transient, or the full Format URI"},"saml:surname":{"name":"saml:surname","types":["String"],"description":"Filters access by the surname attribute"},"saml:uid":{"name":"saml:uid","types":["String"],"description":"Filters access by the uid attribute"},"saml:x500UniqueIdentifier":{"name":"saml:x500UniqueIdentifier","types":["String"],"description":"Filters access by the uid attribute"},"sts:AWSServiceName":{"name":"sts:AWSServiceName","types":["String"],"description":"Filters access by the service that is obtaining a bearer token"},"sts:DurationSeconds":{"name":"sts:DurationSeconds","types":["Numeric"],"description":"Filters access by the duration in seconds when getting a bearer token or a JSON Web Token (JWT) from the GetWebIdentityToken API"},"sts:ExternalId":{"name":"sts:ExternalId","types":["String"],"description":"Filters access by the unique identifier required when you assume a role in another account"},"sts:IdentityTokenAudience":{"name":"sts:IdentityTokenAudience","types":["ArrayOfString"],"description":"Filters access by the audience that is passed in the request"},"sts:RequestContext/${ContextKey}":{"name":"sts:RequestContext/${ContextKey}","types":["String"],"description":"Filters access by the session context key-value pairs embedded in the signed context assertion retrieved from a trusted context provider"},"sts:RequestContextProviders":{"name":"sts:RequestContextProviders","types":["ArrayOfARN"],"description":"Filters access by the context provider ARNs"},"sts:RoleSessionName":{"name":"sts:RoleSessionName","types":["String"],"description":"Filters access by the role session name required when you assume a role"},"sts:SigningAlgorithm":{"name":"sts:SigningAlgorithm","types":["String"],"description":"Filters access by the signing algorithm that is passed in the request"},"sts:SourceIdentity":{"name":"sts:SourceIdentity","types":["String"],"description":"Filters access by the source identity that is passed in the request"},"sts:TaskPolicyArn":{"name":"sts:TaskPolicyArn","types":["ARN"],"description":"Filters access by TaskPolicyARN"},"sts:TransitiveTagKeys":{"name":"sts:TransitiveTagKeys","types":["ArrayOfString"],"description":"Filters access by the transitive tag keys that are passed in the request"},"www.amazon.com:app_id":{"name":"www.amazon.com:app_id","types":["String"],"description":"Filters access by the Login with Amazon application ID"},"www.amazon.com:user_id":{"name":"www.amazon.com:user_id","types":["String"],"description":"Filters access by the Login with Amazon user ID"}},"url":"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html"}