aws-iam-ls 0.0.0

package/src/data/servicereference/services/ds.json

@@ -0,0 +1 @@
+{"name":"ds","actions":{"AcceptSharedDirectory":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to accept a directory sharing request that was sent from the directory owner account","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"AccessDSData":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to access directory data using the Directory Service Data API","accessLevel":"Permissions management","resourceTypes":[{"name":"directory","required":true}],"permissionOnly":true},"AddIpRoutes":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}],"dependentActions":["ec2:AuthorizeSecurityGroupEgress","ec2:AuthorizeSecurityGroupIngress","ec2:DescribeSecurityGroups"]},"AddRegion":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to add two domain controllers in the specified Region for the specified directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}],"dependentActions":["ec2:AuthorizeSecurityGroupEgress","ec2:AuthorizeSecurityGroupIngress","ec2:CreateNetworkInterface","ec2:CreateSecurityGroup","ec2:CreateTags","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs"]},"AddTagsToResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"directory"}],"description":"Grants permission to add or overwrite one or more tags for the specified Amazon Directory Services directory","accessLevel":"Tagging","resourceTypes":[{"name":"directory","required":true}],"dependentActions":["ec2:CreateTags"]},"AuthorizeApplication":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to authorize an application for your AWS Directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}],"permissionOnly":true},"CancelSchemaExtension":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to cancel an in-progress schema extension to a Microsoft AD directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"CheckAlias":{"conditionKeys":[],"resources":[],"description":"Grants permission to verify that the alias is available for use","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"ConnectDirectory":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create an AD Connector to connect to an on-premises directory","accessLevel":"Write","resourceTypes":[],"dependentActions":["ec2:AuthorizeSecurityGroupEgress","ec2:AuthorizeSecurityGroupIngress","ec2:CreateNetworkInterface","ec2:CreateSecurityGroup","ec2:CreateTags","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs"]},"CreateAlias":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to create an alias for a directory and assigns the alias to the directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"CreateComputer":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to create a computer account in the specified directory, and joins the computer to the directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"CreateConditionalForwarder":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to create a conditional forwarder associated with your AWS directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"CreateDirectory":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a Simple AD directory","accessLevel":"Write","resourceTypes":[],"dependentActions":["ec2:AuthorizeSecurityGroupEgress","ec2:AuthorizeSecurityGroupIngress","ec2:CreateNetworkInterface","ec2:CreateSecurityGroup","ec2:CreateTags","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs"]},"CreateHybridAD":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a Hybrid Managed AD directory","accessLevel":"Write","resourceTypes":[],"dependentActions":["ec2:AuthorizeSecurityGroupEgress","ec2:AuthorizeSecurityGroupIngress","ec2:CreateNetworkInterface","ec2:CreateNetworkInterfacePermission","ec2:CreateSecurityGroup","ec2:CreateTags","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs","iam:CreateServiceLinkedRole","iam:GetRole","secretsmanager:DescribeSecret","secretsmanager:GetSecretValue","ssm:GetCommandInvocation","ssm:GetConnectionStatus","ssm:ListCommands","ssm:SendCommand"]},"CreateIdentityPoolDirectory":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create an IdentityPool Directory in the AWS cloud","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"CreateLogSubscription":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to create a subscription to forward real time Directory Service domain controller security logs to the specified CloudWatch log group in your AWS account","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"CreateMicrosoftAD":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a Microsoft AD in the AWS cloud","accessLevel":"Write","resourceTypes":[],"dependentActions":["ec2:AuthorizeSecurityGroupEgress","ec2:AuthorizeSecurityGroupIngress","ec2:CreateNetworkInterface","ec2:CreateSecurityGroup","ec2:CreateTags","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs"]},"CreateSnapshot":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to create a snapshot of a Simple AD or Microsoft AD directory in the AWS cloud","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"CreateTrust":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to initiate the creation of the AWS side of a trust relationship between a Microsoft AD in the AWS cloud and an external domain","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"DeleteADAssessment":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a directory assessment","accessLevel":"Write","resourceTypes":[]},"DeleteConditionalForwarder":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to delete a conditional forwarder that has been set up for your AWS directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"DeleteDirectory":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to delete an AWS Directory Service directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}],"dependentActions":["ec2:DeleteNetworkInterface","ec2:DeleteSecurityGroup","ec2:DescribeNetworkInterfaces","ec2:RevokeSecurityGroupEgress","ec2:RevokeSecurityGroupIngress"]},"DeleteLogSubscription":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to delete the specified log subscription","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"DeleteSnapshot":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to delete a directory snapshot","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"DeleteTrust":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to delete an existing trust relationship between your Microsoft AD in the AWS cloud and an external domain","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"DeregisterCertificate":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to delete from the system the certificate that was registered for a secured LDAP connection","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"DeregisterEventTopic":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to remove the specified directory as a publisher to the specified SNS topic","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"DescribeADAssessment":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a directory assessment","accessLevel":"Read","resourceTypes":[]},"DescribeCAEnrollmentPolicy":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to describe the ca enrollment status of a specified directory","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"DescribeCertificate":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to display information about the certificate registered for a secured LDAP connection","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"DescribeClientAuthenticationSettings":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to retrieve information about the type of client authentication for the specified directory, if the type is specified. If no type is specified, information about all client authentication types that are supported for the specified directory is retrieved. Currently, only SmartCard is supported","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"DescribeConditionalForwarders":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to obtain information about the conditional forwarders for this account","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"DescribeDirectories":{"conditionKeys":[],"resources":[],"description":"Grants permission to obtain information about the directories that belong to this account","accessLevel":"List","resourceTypes":[]},"DescribeDirectoryDataAccess":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to describe the Directory Service Data API status for the specified directory","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"DescribeDomainControllers":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to provide information about any domain controllers in your directory","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"DescribeEventTopics":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to obtain information about which SNS topics receive status messages from the specified directory","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"DescribeHybridADUpdate":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to describe the updates of a specified hybrid directory","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"DescribeLDAPSSettings":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to describe the status of LDAP security for the specified directory","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"DescribeRegions":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to provide information about the Regions that are configured for multi-Region replication","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"DescribeSettings":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to retrieve information about the configurable settings for the specified directory","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"DescribeSharedDirectories":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to return the shared directories in your account","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"DescribeSnapshots":{"conditionKeys":[],"resources":[],"description":"Grants permission to obtain information about the directory snapshots that belong to this account","accessLevel":"Read","resourceTypes":[]},"DescribeTrusts":{"conditionKeys":[],"resources":[],"description":"Grants permission to obtain information about the trust relationships for this account","accessLevel":"Read","resourceTypes":[]},"DescribeUpdateDirectory":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to describe the updates of a directory for a particular update type","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"DisableCAEnrollmentPolicy":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to disable the ca enrollment of a specified directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"DisableClientAuthentication":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to disable alternative client authentication methods for the specified directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"DisableDirectoryDataAccess":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to disable the Directory Service Data API for the specified directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"DisableLDAPS":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to deactivate LDAP secure calls for the specified directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"DisableRadius":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to disable multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"DisableRoleAccess":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to disable AWS Management Console access for identity in your AWS Directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}],"permissionOnly":true},"DisableSso":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to disable single-sign on for a directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"EnableCAEnrollmentPolicy":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to enable the ca enrollment of a specified directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}],"dependentActions":["acm-pca:DescribeCertificateAuthority","pca-connector-ad:GetConnector"]},"EnableClientAuthentication":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to enable alternative client authentication methods for the specified directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"EnableDirectoryDataAccess":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to enable the Directory Service Data API for the specified directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"EnableLDAPS":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to activate the switch for the specific directory to always use LDAP secure calls","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"EnableRadius":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to enable multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"EnableRoleAccess":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to enable AWS Management Console access for identity in your AWS Directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}],"dependentActions":["iam:PassRole"],"permissionOnly":true},"EnableSso":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to enable single-sign on for a directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"GetAuthorizedApplicationDetails":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to retrieve the details of the authorized applications on a directory","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}],"permissionOnly":true},"GetDirectoryLimits":{"conditionKeys":[],"resources":[],"description":"Grants permission to obtain directory limit information for the current region","accessLevel":"Read","resourceTypes":[]},"GetSnapshotLimits":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to obtain the manual snapshot limits for a directory","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"ListADAssessments":{"conditionKeys":[],"resources":[],"description":"Grants permission to list directory assessments","accessLevel":"List","resourceTypes":[]},"ListAuthorizedApplications":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to obtain the AWS applications authorized for a directory","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}],"permissionOnly":true},"ListCertificates":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to list all the certificates registered for a secured LDAP connection, for the specified directory","accessLevel":"List","resourceTypes":[{"name":"directory","required":true}]},"ListIpRoutes":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to list the address blocks that you have added to a directory","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"ListLogSubscriptions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the active log subscriptions for the AWS account","accessLevel":"Read","resourceTypes":[]},"ListSchemaExtensions":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to list all schema extensions applied to a Microsoft AD Directory","accessLevel":"List","resourceTypes":[{"name":"directory","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to list all tags on an Amazon Directory Services directory","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]},"RegisterCertificate":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to register a certificate for secured LDAP connection","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"RegisterEventTopic":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to associate a directory with an SNS topic","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}],"dependentActions":["sns:GetTopicAttributes"]},"RejectSharedDirectory":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to reject a directory sharing request that was sent from the directory owner account","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"RemoveIpRoutes":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to remove IP address blocks from a directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"RemoveRegion":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to stop all replication and removes the domain controllers from the specified Region. You cannot remove the primary Region with this operation","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"RemoveTagsFromResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"directory"}],"description":"Grants permission to remove tags from an Amazon Directory Services directory","accessLevel":"Tagging","resourceTypes":[{"name":"directory","required":true}],"dependentActions":["ec2:DeleteTags"]},"ResetUserPassword":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to reset the password for any user in your AWS Managed Microsoft AD or Simple AD directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"RestoreFromSnapshot":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to restore a directory using an existing directory snapshot","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"ShareDirectory":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to share a specified directory in your AWS account (directory owner) with another AWS account (directory consumer). With this operation you can use your directory from any AWS account and from any Amazon VPC within an AWS Region","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"StartADAssessment":{"conditionKeys":[],"resources":[],"description":"Grants permission to start a directory assessment","accessLevel":"Write","resourceTypes":[],"dependentActions":["ec2:AuthorizeSecurityGroupEgress","ec2:AuthorizeSecurityGroupIngress","ec2:CreateNetworkInterface","ec2:CreateNetworkInterfacePermission","ec2:CreateSecurityGroup","ec2:DeleteNetworkInterface","ec2:DeleteSecurityGroup","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs","ssm:GetCommandInvocation","ssm:GetConnectionStatus","ssm:ListCommands","ssm:SendCommand"]},"StartSchemaExtension":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to apply a schema extension to a Microsoft AD directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"UnauthorizeApplication":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to unauthorize an application from your AWS Directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}],"permissionOnly":true},"UnshareDirectory":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to stop the directory sharing between the directory owner and consumer accounts","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"UpdateAuthorizedApplication":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to update an authorized application for your AWS Directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}],"permissionOnly":true},"UpdateConditionalForwarder":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to update a conditional forwarder that has been set up for your AWS directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"UpdateDirectory":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to update the configurations like service account credentials or DNS server IP addresses for the specified directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}],"permissionOnly":true},"UpdateDirectorySetup":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to update the directory for a particular update type","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"UpdateHybridAD":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to update configurations for a specified hybrid directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}],"dependentActions":["ec2:AuthorizeSecurityGroupEgress","ec2:AuthorizeSecurityGroupIngress","ec2:CreateNetworkInterface","ec2:CreateNetworkInterfacePermission","ec2:CreateSecurityGroup","ec2:CreateTags","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs","secretsmanager:DescribeSecret","secretsmanager:GetSecretValue","ssm:GetCommandInvocation","ssm:GetConnectionStatus","ssm:ListCommands","ssm:SendCommand"]},"UpdateNumberOfDomainControllers":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to add or remove domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"UpdateRadius":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to update the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"UpdateSettings":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to update the configurable settings for the specified directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"UpdateTrust":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to update the trust that has been set up between your AWS Managed Microsoft AD directory and an on-premises Active Directory","accessLevel":"Write","resourceTypes":[{"name":"directory","required":true}]},"VerifyTrust":{"conditionKeys":[],"resources":[{"name":"directory"}],"description":"Grants permission to verify a trust relationship between your Microsoft AD in the AWS cloud and an external domain","accessLevel":"Read","resourceTypes":[{"name":"directory","required":true}]}},"resources":[{"name":"directory","arnFormats":["arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the value of the request to AWS DS"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the AWS DS Resource being acted upon"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/dsql.json

@@ -0,0 +1 @@
+{"name":"dsql","actions":{"AddPeerCluster":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to add a peer cluster to a multi-Region cluster","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}],"dependentActions":["dsql:PutMultiRegionProperties"],"permissionOnly":true},"CreateCluster":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","dsql:WitnessRegion"],"resources":[{"name":"Cluster"}],"description":"Grants permission to create new clusters","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}],"dependentActions":["iam:CreateServiceLinkedRole"]},"DbConnect":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to connect to the database","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}]},"DbConnectAdmin":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to connect to the database with admin role. Connecting with any other role requires DbConnect permission","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}]},"DeleteCluster":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to delete a cluster and all of its data","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}]},"DeleteClusterPolicy":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to remove the inline resource-based policy attached to a cluster","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}]},"GetBackupJob":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to get the status of an Aurora DSQL cluster backup job","accessLevel":"Read","resourceTypes":[{"name":"Cluster","required":true}]},"GetCluster":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to get information about a cluster","accessLevel":"Read","resourceTypes":[{"name":"Cluster","required":true}]},"GetClusterPolicy":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to retrieve the inline resource-based policy attached to a cluster","accessLevel":"Read","resourceTypes":[{"name":"Cluster","required":true}]},"GetRestoreJob":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to get the status of an Aurora DSQL cluster restore job","accessLevel":"Read","resourceTypes":[{"name":"Cluster","required":true}]},"GetVpcEndpointServiceName":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to retrieve the VPC endpoint service name for a cluster","accessLevel":"Read","resourceTypes":[{"name":"Cluster","required":true}]},"InjectError":{"conditionKeys":["dsql:FisActionId","dsql:FisTargetArns"],"resources":[],"description":"Grants permission to inject errors in targeted clusters","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"ListClusters":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of clusters","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to list all tags on an Aurora DSQL resource","accessLevel":"Read","resourceTypes":[{"name":"Cluster","required":true}]},"PutClusterPolicy":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to attach or update the inline resource-based policy attached to a cluster","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}]},"PutMultiRegionProperties":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to update multi-Region properties of a cluster","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}],"permissionOnly":true},"PutWitnessRegion":{"conditionKeys":["dsql:WitnessRegion"],"resources":[{"name":"Cluster"}],"description":"Grants permission to configure and update the witness Region of a multi-Region cluster","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}],"dependentActions":["dsql:PutMultiRegionProperties"],"permissionOnly":true},"RemovePeerCluster":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to remove a peer cluster from a multi-Region cluster","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}],"dependentActions":["dsql:PutMultiRegionProperties"],"permissionOnly":true},"StartBackupJob":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to start a backup job for an Aurora DSQL cluster","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}]},"StartRestoreJob":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to start a restore job for an Aurora DSQL cluster","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}],"dependentActions":["dsql:CreateCluster","iam:CreateServiceLinkedRole"]},"StopBackupJob":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to stop a backup job for an Aurora DSQL cluster","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}]},"StopRestoreJob":{"conditionKeys":[],"resources":[{"name":"Cluster"}],"description":"Grants permission to stop a restore job for an Aurora DSQL Cluster","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"Cluster"}],"description":"Grants permission to add tags to Aurora DSQL resources","accessLevel":"Tagging","resourceTypes":[{"name":"Cluster","required":true}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"Cluster"}],"description":"Grants permission to remove tags from Aurora DSQL resources","accessLevel":"Tagging","resourceTypes":[{"name":"Cluster","required":true}]},"UpdateCluster":{"conditionKeys":["dsql:WitnessRegion"],"resources":[{"name":"Cluster"}],"description":"Grants permission to modify cluster attributes","accessLevel":"Write","resourceTypes":[{"name":"Cluster","required":true}]}},"resources":[{"name":"Cluster","arnFormats":["arn:${Partition}:dsql:${Region}:${Account}:cluster/${Identifier}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by a tag key and value pair that is allowed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by a list of tag keys that are allowed in the request"},"dsql:FisActionId":{"types":["String"],"description":"Filters access by the ID of an AWS FIS action"},"dsql:FisTargetArns":{"types":["ArrayOfARN"],"description":"Filters access by the ARN of an AWS FIS target"},"dsql:WitnessRegion":{"types":["String"],"description":"Filters access by the witness region of multi-Region clusters"}}}

package/src/data/servicereference/services/dynamodb.json

@@ -0,0 +1 @@
+{"name":"dynamodb","actions":{"AssociateTableReplica":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to create multi account global table replica","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}],"permissionOnly":true},"BatchGetItem":{"conditionKeys":["dynamodb:Attributes","dynamodb:LeadingKeys","dynamodb:ReturnConsumedCapacity","dynamodb:Select"],"resources":[{"name":"table"}],"description":"Grants permission to return the attributes of one or more items from one or more tables","accessLevel":"Read","resourceTypes":[{"name":"table","required":true}]},"BatchWriteItem":{"conditionKeys":["dynamodb:Attributes","dynamodb:LeadingKeys","dynamodb:ReturnConsumedCapacity"],"resources":[{"name":"table"}],"description":"Grants permission to put or delete multiple items in one or more tables","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"ConditionCheckItem":{"conditionKeys":["dynamodb:Attributes","dynamodb:LeadingKeys","dynamodb:ReturnConsumedCapacity","dynamodb:ReturnValues"],"resources":[{"name":"table"}],"description":"Grants permission to the ConditionCheckItem operation checks the existence of a set of attributes for the item with the given primary key","accessLevel":"Read","resourceTypes":[{"name":"table","required":true}]},"CreateBackup":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to create a backup for an existing table","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"CreateGlobalTable":{"conditionKeys":[],"resources":[{"name":"global-table"},{"name":"table"}],"description":"Grants permission to create a global table from an existing table","accessLevel":"Write","resourceTypes":[{"name":"global-table","required":true},{"name":"table","required":true}]},"CreateGlobalTableWitness":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to add a Witness to a Global Table","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}],"permissionOnly":true},"CreateTable":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"table"}],"description":"Grants permission to the CreateTable operation adds a new table to your account","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"CreateTableReplica":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to add a new replica table","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}],"permissionOnly":true},"DeleteBackup":{"conditionKeys":[],"resources":[{"name":"backup"}],"description":"Grants permission to delete an existing backup of a table","accessLevel":"Write","resourceTypes":[{"name":"backup","required":true}]},"DeleteGlobalTableWitness":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to remove a Witness from a Global Table","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}],"permissionOnly":true},"DeleteItem":{"conditionKeys":["dynamodb:Attributes","dynamodb:EnclosingOperation","dynamodb:LeadingKeys","dynamodb:ReturnConsumedCapacity","dynamodb:ReturnValues"],"resources":[{"name":"table"}],"description":"Grants permission to deletes a single item in a table by primary key","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"DeleteResourcePolicy":{"conditionKeys":[],"resources":[{"name":"stream"},{"name":"table"}],"description":"Grants permission to delete the resource-based policy attached to the resource","accessLevel":"Permissions management","resourceTypes":[{"name":"stream","required":true},{"name":"table","required":true}]},"DeleteTable":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to the DeleteTable operation which deletes a table and all of its items","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"DeleteTableReplica":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to delete a replica table and all of its items","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}],"permissionOnly":true},"DescribeBackup":{"conditionKeys":[],"resources":[{"name":"backup"}],"description":"Grants permission to describe an existing backup of a table","accessLevel":"Read","resourceTypes":[{"name":"backup","required":true}]},"DescribeContinuousBackups":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to check the status of the backup restore settings on the specified table","accessLevel":"Read","resourceTypes":[{"name":"table","required":true}]},"DescribeContributorInsights":{"conditionKeys":[],"resources":[{"name":"index"},{"name":"table"}],"description":"Grants permission to describe the contributor insights status and related details for a given table or global secondary index","accessLevel":"Read","resourceTypes":[{"name":"table","required":true},{"name":"index","required":false}]},"DescribeEndpoints":{"conditionKeys":[],"resources":[],"description":"Grants permission to return the regional endpoint information","accessLevel":"Read","resourceTypes":[]},"DescribeExport":{"conditionKeys":[],"resources":[{"name":"export"}],"description":"Grants permission to describe an existing Export of a table","accessLevel":"Read","resourceTypes":[{"name":"export","required":true}]},"DescribeGlobalTable":{"conditionKeys":[],"resources":[{"name":"global-table"}],"description":"Grants permission to return information about the specified global table","accessLevel":"Read","resourceTypes":[{"name":"global-table","required":true}]},"DescribeGlobalTableSettings":{"conditionKeys":[],"resources":[{"name":"global-table"}],"description":"Grants permission to return settings information about the specified global table","accessLevel":"Read","resourceTypes":[{"name":"global-table","required":true}]},"DescribeImport":{"conditionKeys":[],"resources":[{"name":"import"}],"description":"Grants permission to describe an existing import","accessLevel":"Read","resourceTypes":[{"name":"import","required":true}]},"DescribeKinesisStreamingDestination":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to grant permission to describe the status of Kinesis streaming and related details for a given table","accessLevel":"Read","resourceTypes":[{"name":"table","required":true}]},"DescribeLimits":{"conditionKeys":[],"resources":[],"description":"Grants permission to return the current provisioned-capacity limits for your AWS account in a region, both for the region as a whole and for any one DynamoDB table that you create there","accessLevel":"Read","resourceTypes":[]},"DescribeReservedCapacity":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe one or more of the Reserved Capacity purchased","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"DescribeReservedCapacityOfferings":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe Reserved Capacity offerings that are available for purchase","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"DescribeStream":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to return information about a stream, including the current status of the stream, its Amazon Resource Name (ARN), the composition of its shards, and its corresponding DynamoDB table","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"DescribeTable":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to return information about the table","accessLevel":"Read","resourceTypes":[{"name":"table","required":true}]},"DescribeTableReplicaAutoScaling":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to describe the auto scaling settings across all replicas of the global table","accessLevel":"Read","resourceTypes":[{"name":"table","required":true}]},"DescribeTimeToLive":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to give a description of the Time to Live (TTL) status on the specified table","accessLevel":"Read","resourceTypes":[{"name":"table","required":true}]},"DisableKinesisStreamingDestination":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to grant permission to stop replication from the DynamoDB table to the Kinesis data stream","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"EnableKinesisStreamingDestination":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to grant permission to start table data replication to the specified Kinesis data stream at a timestamp chosen during the enable workflow","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"ExportTableToPointInTime":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to initiate an Export of a DynamoDB table to S3","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"GetAbacStatus":{"conditionKeys":[],"resources":[],"description":"Grants permission to view the status of Attribute Based Access Control for the account","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetItem":{"conditionKeys":["dynamodb:Attributes","dynamodb:EnclosingOperation","dynamodb:LeadingKeys","dynamodb:ReturnConsumedCapacity","dynamodb:Select"],"resources":[{"name":"table"}],"description":"Grants permission to the GetItem operation that returns a set of attributes for the item with the given primary key","accessLevel":"Read","resourceTypes":[{"name":"table","required":true}]},"GetRecords":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to retrieve the stream records from a given shard","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"GetResourcePolicy":{"conditionKeys":[],"resources":[{"name":"stream"},{"name":"table"}],"description":"Grants permission to view a resource-based policy for a resource","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true},{"name":"table","required":true}]},"GetShardIterator":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to return a shard iterator","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"ImportTable":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to initiate an import from S3 to a DynamoDB table","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"InjectError":{"conditionKeys":["dynamodb:FisActionId","dynamodb:FisTargetArns"],"resources":[],"description":"Grants permission to start experiments on a Global Table","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"ListBackups":{"conditionKeys":[],"resources":[],"description":"Grants permission to list backups associated with the account and endpoint","accessLevel":"List","resourceTypes":[]},"ListContributorInsights":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the ContributorInsightsSummary for all tables and global secondary indexes associated with the current account and endpoint","accessLevel":"List","resourceTypes":[]},"ListExports":{"conditionKeys":[],"resources":[],"description":"Grants permission to list exports associated with the account and endpoint","accessLevel":"List","resourceTypes":[]},"ListGlobalTables":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all global tables that have a replica in the specified region","accessLevel":"List","resourceTypes":[]},"ListImports":{"conditionKeys":[],"resources":[],"description":"Grants permission to list imports associated with the account and endpoint","accessLevel":"List","resourceTypes":[]},"ListStreams":{"conditionKeys":[],"resources":[],"description":"Grants permission to return an array of stream ARNs associated with the current account and endpoint","accessLevel":"Read","resourceTypes":[]},"ListTables":{"conditionKeys":[],"resources":[],"description":"Grants permission to return an array of table names associated with the current account and endpoint","accessLevel":"List","resourceTypes":[]},"ListTagsOfResource":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to list all tags on an Amazon DynamoDB resource","accessLevel":"Read","resourceTypes":[{"name":"table","required":true}]},"PartiQLDelete":{"conditionKeys":["dynamodb:Attributes","dynamodb:EnclosingOperation","dynamodb:LeadingKeys","dynamodb:ReturnValues"],"resources":[{"name":"table"}],"description":"Grants permission to delete a single item in a table by primary key","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"PartiQLInsert":{"conditionKeys":["dynamodb:Attributes","dynamodb:EnclosingOperation","dynamodb:LeadingKeys"],"resources":[{"name":"table"}],"description":"Grants permission to create a new item, if an item with same primary key does not exist in the table","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"PartiQLSelect":{"conditionKeys":["dynamodb:Attributes","dynamodb:EnclosingOperation","dynamodb:FullTableScan","dynamodb:LeadingKeys","dynamodb:Select"],"resources":[{"name":"index"},{"name":"table"}],"description":"Grants permission to read a set of attributes for items from a table or index","accessLevel":"Read","resourceTypes":[{"name":"table","required":true},{"name":"index","required":false}]},"PartiQLUpdate":{"conditionKeys":["dynamodb:Attributes","dynamodb:EnclosingOperation","dynamodb:LeadingKeys","dynamodb:ReturnValues"],"resources":[{"name":"table"}],"description":"Grants permission to edit an existing item's attributes","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"PurchaseReservedCapacityOfferings":{"conditionKeys":[],"resources":[],"description":"Grants permission to purchases reserved capacity for use with your account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"PutItem":{"conditionKeys":["dynamodb:Attributes","dynamodb:EnclosingOperation","dynamodb:LeadingKeys","dynamodb:ReturnConsumedCapacity","dynamodb:ReturnValues"],"resources":[{"name":"table"}],"description":"Grants permission to create a new item, or replace an old item with a new item","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"PutResourcePolicy":{"conditionKeys":[],"resources":[{"name":"stream"},{"name":"table"}],"description":"Grants permission to attach a resource-based policy to the resource","accessLevel":"Permissions management","resourceTypes":[{"name":"stream","required":true},{"name":"table","required":true}]},"Query":{"conditionKeys":["dynamodb:Attributes","dynamodb:LeadingKeys","dynamodb:ReturnConsumedCapacity","dynamodb:ReturnValues","dynamodb:Select"],"resources":[{"name":"index"},{"name":"table"}],"description":"Grants permission to use the primary key of a table or a secondary index to directly access items from that table or index","accessLevel":"Read","resourceTypes":[{"name":"table","required":true},{"name":"index","required":false}]},"ReadDataForReplication":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to read data from a multi account global table replica","accessLevel":"Read","resourceTypes":[{"name":"table","required":true}],"permissionOnly":true},"ReplicateSettings":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to configure settings for a multi account global table replica","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}],"permissionOnly":true},"RestoreTableFromAwsBackup":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to create a new table from recovery point on AWS Backup","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}],"permissionOnly":true},"RestoreTableFromBackup":{"conditionKeys":[],"resources":[{"name":"backup"},{"name":"table"}],"description":"Grants permission to create a new table from an existing backup","accessLevel":"Write","resourceTypes":[{"name":"backup","required":true},{"name":"table","required":true}],"dependentActions":["dynamodb:BatchWriteItem","dynamodb:DeleteItem","dynamodb:GetItem","dynamodb:PutItem","dynamodb:Query","dynamodb:Scan","dynamodb:UpdateItem"]},"RestoreTableToPointInTime":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to restore a table to a point in time","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}],"dependentActions":["dynamodb:BatchWriteItem","dynamodb:DeleteItem","dynamodb:GetItem","dynamodb:PutItem","dynamodb:Query","dynamodb:Scan","dynamodb:UpdateItem"]},"Scan":{"conditionKeys":["dynamodb:Attributes","dynamodb:ReturnConsumedCapacity","dynamodb:ReturnValues","dynamodb:Select"],"resources":[{"name":"index"},{"name":"table"}],"description":"Grants permission to return one or more items and item attributes by accessing every item in a table or a secondary index","accessLevel":"Read","resourceTypes":[{"name":"table","required":true},{"name":"index","required":false}]},"StartAwsBackupJob":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to create a backup on AWS Backup with advanced features enabled","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}],"permissionOnly":true},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"table"}],"description":"Grants permission to associate a set of tags with an Amazon DynamoDB resource","accessLevel":"Tagging","resourceTypes":[{"name":"table","required":true}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"table"}],"description":"Grants permission to remove the association of tags from an Amazon DynamoDB resource","accessLevel":"Tagging","resourceTypes":[{"name":"table","required":true}]},"UpdateAbacStatus":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the status of Attribute Based Access Control for the account","accessLevel":"Permissions management","resourceTypes":[],"permissionOnly":true},"UpdateContinuousBackups":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to enable or disable continuous backups","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"UpdateContributorInsights":{"conditionKeys":[],"resources":[{"name":"index"},{"name":"table"}],"description":"Grants permission to update the status for contributor insights for a specific table or global secondary index","accessLevel":"Write","resourceTypes":[{"name":"table","required":true},{"name":"index","required":false}]},"UpdateGlobalTable":{"conditionKeys":[],"resources":[{"name":"global-table"},{"name":"table"}],"description":"Grants permission to add or remove replicas in the specified global table","accessLevel":"Write","resourceTypes":[{"name":"global-table","required":true},{"name":"table","required":true}]},"UpdateGlobalTableSettings":{"conditionKeys":[],"resources":[{"name":"global-table"},{"name":"table"}],"description":"Grants permission to update settings of the specified global table","accessLevel":"Write","resourceTypes":[{"name":"global-table","required":true},{"name":"table","required":true}]},"UpdateGlobalTableVersion":{"conditionKeys":[],"resources":[{"name":"global-table"},{"name":"table"}],"description":"Grants permission to update version of the specified global table","accessLevel":"Write","resourceTypes":[{"name":"global-table","required":true},{"name":"table","required":false}],"permissionOnly":true},"UpdateItem":{"conditionKeys":["dynamodb:Attributes","dynamodb:EnclosingOperation","dynamodb:LeadingKeys","dynamodb:ReturnConsumedCapacity","dynamodb:ReturnValues"],"resources":[{"name":"table"}],"description":"Grants permission to edit an existing item's attributes, or adds a new item to the table if it does not already exist","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"UpdateKinesisStreamingDestination":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to update data replication configurations for the specified Kinesis data stream","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"UpdateTable":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to modify the provisioned throughput settings, global secondary indexes, or DynamoDB Streams settings for a given table","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"UpdateTableReplicaAutoScaling":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to update auto scaling settings on your replica table","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"UpdateTimeToLive":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to enable or disable TTL for the specified table","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"WriteDataForReplication":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to write data to a multi account global table replica","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}],"permissionOnly":true}},"resources":[{"name":"backup","arnFormats":["arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/backup/${BackupName}"],"conditionKeys":[]},{"name":"export","arnFormats":["arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/export/${ExportName}"],"conditionKeys":[]},{"name":"global-table","arnFormats":["arn:${Partition}:dynamodb::${Account}:global-table/${GlobalTableName}"],"conditionKeys":[]},{"name":"import","arnFormats":["arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/import/${ImportName}"],"conditionKeys":[]},{"name":"index","arnFormats":["arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/index/${IndexName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"stream","arnFormats":["arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/stream/${StreamLabel}"],"conditionKeys":[]},{"name":"table","arnFormats":["arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"},"dynamodb:Attributes":{"types":["ArrayOfString"],"description":"Filters access by attribute (field or column) names of the table"},"dynamodb:EnclosingOperation":{"types":["String"],"description":"Filters access by blocking Transactions APIs calls and allow the non-Transaction APIs calls and vice-versa"},"dynamodb:FirstPartitionKeyValues":{"types":["ArrayOfString"],"description":"Filters access by the first partition key of the table"},"dynamodb:FisActionId":{"types":["String"],"description":"Filters access by the ID of an AWS FIS action"},"dynamodb:FisTargetArns":{"types":["ArrayOfARN"],"description":"Filters access by the ARN of an AWS FIS target"},"dynamodb:FourthPartitionKeyValues":{"types":["ArrayOfString"],"description":"Filters access by the forth partition key of the table"},"dynamodb:FullTableScan":{"types":["Bool"],"description":"Filters access by blocking full table scan"},"dynamodb:LeadingKeys":{"types":["ArrayOfString"],"description":"Filters access by the first partition key of the table"},"dynamodb:ReturnConsumedCapacity":{"types":["String"],"description":"Filters access by the ReturnConsumedCapacity parameter of a request. Contains either \"TOTAL\" or \"NONE\""},"dynamodb:ReturnValues":{"types":["String"],"description":"Filters access by the ReturnValues parameter of request. Contains one of the following: \"ALL_OLD\", \"UPDATED_OLD\",\"ALL_NEW\",\"UPDATED_NEW\", or \"NONE\""},"dynamodb:SecondPartitionKeyValues":{"types":["ArrayOfString"],"description":"Filters access by the second partition key of the table"},"dynamodb:Select":{"types":["String"],"description":"Filters access by the Select parameter of a Query or Scan request"},"dynamodb:ThirdPartitionKeyValues":{"types":["ArrayOfString"],"description":"Filters access by the third partition key of the table"}}}

package/src/data/servicereference/services/ebs.json

@@ -0,0 +1 @@
+{"name":"ebs","actions":{"CompleteSnapshot":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"snapshot"}],"description":"Grants permission to seal and complete the snapshot after all of the required blocks of data have been written to it","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}]},"GetSnapshotBlock":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"snapshot"}],"description":"Grants permission to return the data of a block in an Amazon Elastic Block Store (EBS) snapshot","accessLevel":"Read","resourceTypes":[{"name":"snapshot","required":true}]},"ListChangedBlocks":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"snapshot"}],"description":"Grants permission to list the blocks that are different between two Amazon Elastic Block Store (EBS) snapshots of the same volume/snapshot lineage","accessLevel":"Read","resourceTypes":[{"name":"snapshot","required":true}]},"ListSnapshotBlocks":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"snapshot"}],"description":"Grants permission to list the blocks in an Amazon Elastic Block Store (EBS) snapshot","accessLevel":"Read","resourceTypes":[{"name":"snapshot","required":true}]},"PutSnapshotBlock":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"snapshot"}],"description":"Grants permission to write a block of data to a snapshot created by the StartSnapshot operation","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}]},"StartSnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ebs:Description","ebs:ParentSnapshot","ebs:VolumeSize"],"resources":[{"name":"snapshot"}],"description":"Grants permission to create a new EBS snapshot","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":false}],"dependentActions":["ec2:CreateTags"]}},"resources":[{"name":"snapshot","arnFormats":["arn:${Partition}:ec2:${Region}::snapshot/${SnapshotId}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ebs:Description","ebs:ParentSnapshot","ebs:VolumeSize"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by a tag key and value pair that is allowed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by a tag key and value pair of a resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by a list of tag keys that are allowed in the request"},"ebs:Description":{"types":["String"],"description":"Filters access by the description of the snapshot being created"},"ebs:ParentSnapshot":{"types":["ARN"],"description":"Filters access by the ARN of the parent snapshot"},"ebs:VolumeSize":{"types":["Numeric"],"description":"Filters access by the size of the volume for the snapshot being created, in GiB"}}}

package/src/data/servicereference/services/ec2-instance-connect.json

@@ -0,0 +1 @@
+{"name":"ec2-instance-connect","actions":{"OpenTunnel":{"conditionKeys":[],"resources":[{"name":"instance-connect-endpoint"},{"name":"instance-connect-endpoint"}],"description":"Grants permission to establish SSH connection to an EC2 instance using EC2 Instance Connect Endpoint","accessLevel":"Write","resourceTypes":[{"name":"instance-connect-endpoint","required":true}]},"SendSSHPublicKey":{"conditionKeys":["ec2:osuser"],"resources":[{"name":"instance"}],"description":"Grants permission to push an SSH public key to the specified EC2 instance to be used for standard SSH","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]},"SendSerialConsoleSSHPublicKey":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to push an SSH public key to the specified EC2 instance to be used for serial console SSH","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]}},"resources":[{"name":"instance","arnFormats":["arn:${Partition}:ec2:${Region}:${Account}:instance/${InstanceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ec2:ResourceTag/${TagKey}"]},{"name":"instance-connect-endpoint","arnFormats":["arn:${Partition}:ec2:${Region}:${Account}:instance-connect-endpoint/${InstanceConnectEndpointId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ec2:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tags associated with the resource"},"ec2-instance-connect:maxTunnelDuration":{"types":["Numeric"],"description":"Filters access by maximum session duration associated with the instance"},"ec2-instance-connect:privateIpAddress":{"types":["IPAddress"],"description":"Filters access by private IP Address associated with the instance"},"ec2-instance-connect:remotePort":{"types":["Numeric"],"description":"Filters access by port number associated with the instance"},"ec2:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tags associated with the resource"},"ec2:osuser":{"types":["String"],"description":"Filters access by specifying the default user name for the AMI that you used to launch your instance"}}}