aws-iam-ls 0.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (522) hide show
  1. package/.direnv/bin/nix-direnv-reload +19 -0
  2. package/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa.rc +2156 -0
  3. package/.github/workflows/publish.yml +37 -0
  4. package/.github/workflows/test.yml +16 -0
  5. package/.vscodeignore +17 -0
  6. package/LICENSE +21 -0
  7. package/package.json +53 -0
  8. package/readme.md +25 -0
  9. package/src/data/condition-keys/global.json +362 -0
  10. package/src/data/servicereference/actions.json +1 -0
  11. package/src/data/servicereference/service-principals.json +1 -0
  12. package/src/data/servicereference/services/a2c.json +1 -0
  13. package/src/data/servicereference/services/a4b.json +1 -0
  14. package/src/data/servicereference/services/access-analyzer.json +1 -0
  15. package/src/data/servicereference/services/account.json +1 -0
  16. package/src/data/servicereference/services/acm-pca.json +1 -0
  17. package/src/data/servicereference/services/acm.json +1 -0
  18. package/src/data/servicereference/services/aco-automation.json +1 -0
  19. package/src/data/servicereference/services/action-recommendations.json +1 -0
  20. package/src/data/servicereference/services/activate.json +1 -0
  21. package/src/data/servicereference/services/aidevops.json +1 -0
  22. package/src/data/servicereference/services/aiops.json +1 -0
  23. package/src/data/servicereference/services/airflow-serverless.json +1 -0
  24. package/src/data/servicereference/services/airflow.json +1 -0
  25. package/src/data/servicereference/services/amplify.json +1 -0
  26. package/src/data/servicereference/services/amplifybackend.json +1 -0
  27. package/src/data/servicereference/services/amplifyuibuilder.json +1 -0
  28. package/src/data/servicereference/services/aoss.json +1 -0
  29. package/src/data/servicereference/services/apigateway.json +1 -0
  30. package/src/data/servicereference/services/app-integrations.json +1 -0
  31. package/src/data/servicereference/services/appconfig.json +1 -0
  32. package/src/data/servicereference/services/appfabric.json +1 -0
  33. package/src/data/servicereference/services/appflow.json +1 -0
  34. package/src/data/servicereference/services/application-autoscaling.json +1 -0
  35. package/src/data/servicereference/services/application-signals.json +1 -0
  36. package/src/data/servicereference/services/application-transformation.json +1 -0
  37. package/src/data/servicereference/services/applicationinsights.json +1 -0
  38. package/src/data/servicereference/services/appmesh-preview.json +1 -0
  39. package/src/data/servicereference/services/appmesh.json +1 -0
  40. package/src/data/servicereference/services/apprunner.json +1 -0
  41. package/src/data/servicereference/services/appstream.json +1 -0
  42. package/src/data/servicereference/services/appstudio.json +1 -0
  43. package/src/data/servicereference/services/appsync.json +1 -0
  44. package/src/data/servicereference/services/apptest.json +1 -0
  45. package/src/data/servicereference/services/aps.json +1 -0
  46. package/src/data/servicereference/services/arc-region-switch.json +1 -0
  47. package/src/data/servicereference/services/arc-zonal-shift.json +1 -0
  48. package/src/data/servicereference/services/arsenal.json +1 -0
  49. package/src/data/servicereference/services/artifact.json +1 -0
  50. package/src/data/servicereference/services/athena.json +1 -0
  51. package/src/data/servicereference/services/auditmanager.json +1 -0
  52. package/src/data/servicereference/services/autoscaling-plans.json +1 -0
  53. package/src/data/servicereference/services/autoscaling.json +1 -0
  54. package/src/data/servicereference/services/aws-marketplace-management.json +1 -0
  55. package/src/data/servicereference/services/aws-marketplace.json +1 -0
  56. package/src/data/servicereference/services/aws-mcp.json +1 -0
  57. package/src/data/servicereference/services/aws-portal.json +1 -0
  58. package/src/data/servicereference/services/awsconnector.json +1 -0
  59. package/src/data/servicereference/services/b2bi.json +1 -0
  60. package/src/data/servicereference/services/backup-gateway.json +1 -0
  61. package/src/data/servicereference/services/backup-search.json +1 -0
  62. package/src/data/servicereference/services/backup-storage.json +1 -0
  63. package/src/data/servicereference/services/backup.json +1 -0
  64. package/src/data/servicereference/services/batch.json +1 -0
  65. package/src/data/servicereference/services/bcm-dashboards.json +1 -0
  66. package/src/data/servicereference/services/bcm-data-exports.json +1 -0
  67. package/src/data/servicereference/services/bcm-pricing-calculator.json +1 -0
  68. package/src/data/servicereference/services/bcm-recommended-actions.json +1 -0
  69. package/src/data/servicereference/services/bedrock-agentcore.json +1 -0
  70. package/src/data/servicereference/services/bedrock-mantle.json +1 -0
  71. package/src/data/servicereference/services/bedrock.json +1 -0
  72. package/src/data/servicereference/services/billing.json +1 -0
  73. package/src/data/servicereference/services/billingconductor.json +1 -0
  74. package/src/data/servicereference/services/braket.json +1 -0
  75. package/src/data/servicereference/services/budgets.json +1 -0
  76. package/src/data/servicereference/services/bugbust.json +1 -0
  77. package/src/data/servicereference/services/cases.json +1 -0
  78. package/src/data/servicereference/services/cassandra.json +1 -0
  79. package/src/data/servicereference/services/ce.json +1 -0
  80. package/src/data/servicereference/services/chatbot.json +1 -0
  81. package/src/data/servicereference/services/chime.json +1 -0
  82. package/src/data/servicereference/services/cleanrooms-ml.json +1 -0
  83. package/src/data/servicereference/services/cleanrooms.json +1 -0
  84. package/src/data/servicereference/services/cloud9.json +1 -0
  85. package/src/data/servicereference/services/clouddirectory.json +1 -0
  86. package/src/data/servicereference/services/cloudformation.json +1 -0
  87. package/src/data/servicereference/services/cloudfront-keyvaluestore.json +1 -0
  88. package/src/data/servicereference/services/cloudfront.json +1 -0
  89. package/src/data/servicereference/services/cloudhsm.json +1 -0
  90. package/src/data/servicereference/services/cloudsearch.json +1 -0
  91. package/src/data/servicereference/services/cloudshell.json +1 -0
  92. package/src/data/servicereference/services/cloudtrail-data.json +1 -0
  93. package/src/data/servicereference/services/cloudtrail.json +1 -0
  94. package/src/data/servicereference/services/cloudwatch.json +1 -0
  95. package/src/data/servicereference/services/codeartifact.json +1 -0
  96. package/src/data/servicereference/services/codebuild.json +1 -0
  97. package/src/data/servicereference/services/codecatalyst.json +1 -0
  98. package/src/data/servicereference/services/codecommit.json +1 -0
  99. package/src/data/servicereference/services/codeconnections.json +1 -0
  100. package/src/data/servicereference/services/codedeploy-commands-secure.json +1 -0
  101. package/src/data/servicereference/services/codedeploy.json +1 -0
  102. package/src/data/servicereference/services/codeguru-profiler.json +1 -0
  103. package/src/data/servicereference/services/codeguru-reviewer.json +1 -0
  104. package/src/data/servicereference/services/codeguru-security.json +1 -0
  105. package/src/data/servicereference/services/codeguru.json +1 -0
  106. package/src/data/servicereference/services/codepipeline.json +1 -0
  107. package/src/data/servicereference/services/codestar-connections.json +1 -0
  108. package/src/data/servicereference/services/codestar-notifications.json +1 -0
  109. package/src/data/servicereference/services/codestar.json +1 -0
  110. package/src/data/servicereference/services/codewhisperer.json +1 -0
  111. package/src/data/servicereference/services/cognito-identity.json +1 -0
  112. package/src/data/servicereference/services/cognito-idp.json +1 -0
  113. package/src/data/servicereference/services/cognito-sync.json +1 -0
  114. package/src/data/servicereference/services/comprehend.json +1 -0
  115. package/src/data/servicereference/services/comprehendmedical.json +1 -0
  116. package/src/data/servicereference/services/compute-optimizer.json +1 -0
  117. package/src/data/servicereference/services/config.json +1 -0
  118. package/src/data/servicereference/services/connect-campaigns.json +1 -0
  119. package/src/data/servicereference/services/connect.json +1 -0
  120. package/src/data/servicereference/services/consoleapp.json +1 -0
  121. package/src/data/servicereference/services/consolidatedbilling.json +1 -0
  122. package/src/data/servicereference/services/controlcatalog.json +1 -0
  123. package/src/data/servicereference/services/controltower.json +1 -0
  124. package/src/data/servicereference/services/cost-optimization-hub.json +1 -0
  125. package/src/data/servicereference/services/cur.json +1 -0
  126. package/src/data/servicereference/services/customer-verification.json +1 -0
  127. package/src/data/servicereference/services/databrew.json +1 -0
  128. package/src/data/servicereference/services/dataexchange.json +1 -0
  129. package/src/data/servicereference/services/datapipeline.json +1 -0
  130. package/src/data/servicereference/services/datasync.json +1 -0
  131. package/src/data/servicereference/services/datazone.json +1 -0
  132. package/src/data/servicereference/services/dax.json +1 -0
  133. package/src/data/servicereference/services/dbqms.json +1 -0
  134. package/src/data/servicereference/services/deadline.json +1 -0
  135. package/src/data/servicereference/services/detective.json +1 -0
  136. package/src/data/servicereference/services/devicefarm.json +1 -0
  137. package/src/data/servicereference/services/devops-guru.json +1 -0
  138. package/src/data/servicereference/services/directconnect.json +1 -0
  139. package/src/data/servicereference/services/discovery.json +1 -0
  140. package/src/data/servicereference/services/dlm.json +1 -0
  141. package/src/data/servicereference/services/dms.json +1 -0
  142. package/src/data/servicereference/services/docdb-elastic.json +1 -0
  143. package/src/data/servicereference/services/drs.json +1 -0
  144. package/src/data/servicereference/services/ds-data.json +1 -0
  145. package/src/data/servicereference/services/ds.json +1 -0
  146. package/src/data/servicereference/services/dsql.json +1 -0
  147. package/src/data/servicereference/services/dynamodb.json +1 -0
  148. package/src/data/servicereference/services/ebs.json +1 -0
  149. package/src/data/servicereference/services/ec2-instance-connect.json +1 -0
  150. package/src/data/servicereference/services/ec2.json +1 -0
  151. package/src/data/servicereference/services/ec2messages.json +1 -0
  152. package/src/data/servicereference/services/ecr-public.json +1 -0
  153. package/src/data/servicereference/services/ecr.json +1 -0
  154. package/src/data/servicereference/services/ecs-mcp.json +1 -0
  155. package/src/data/servicereference/services/ecs.json +1 -0
  156. package/src/data/servicereference/services/eks-auth.json +1 -0
  157. package/src/data/servicereference/services/eks-mcp.json +1 -0
  158. package/src/data/servicereference/services/eks.json +1 -0
  159. package/src/data/servicereference/services/elasticache.json +1 -0
  160. package/src/data/servicereference/services/elasticbeanstalk.json +1 -0
  161. package/src/data/servicereference/services/elasticfilesystem.json +1 -0
  162. package/src/data/servicereference/services/elasticloadbalancing.json +1 -0
  163. package/src/data/servicereference/services/elasticmapreduce.json +1 -0
  164. package/src/data/servicereference/services/elastictranscoder.json +1 -0
  165. package/src/data/servicereference/services/elemental-activations.json +1 -0
  166. package/src/data/servicereference/services/elemental-appliances-software.json +1 -0
  167. package/src/data/servicereference/services/elemental-inference.json +1 -0
  168. package/src/data/servicereference/services/elemental-support-cases.json +1 -0
  169. package/src/data/servicereference/services/elemental-support-content.json +1 -0
  170. package/src/data/servicereference/services/emr-containers.json +1 -0
  171. package/src/data/servicereference/services/emr-serverless.json +1 -0
  172. package/src/data/servicereference/services/entityresolution.json +1 -0
  173. package/src/data/servicereference/services/es.json +1 -0
  174. package/src/data/servicereference/services/events.json +1 -0
  175. package/src/data/servicereference/services/evidently.json +1 -0
  176. package/src/data/servicereference/services/evs.json +1 -0
  177. package/src/data/servicereference/services/execute-api.json +1 -0
  178. package/src/data/servicereference/services/finspace-api.json +1 -0
  179. package/src/data/servicereference/services/finspace.json +1 -0
  180. package/src/data/servicereference/services/firehose.json +1 -0
  181. package/src/data/servicereference/services/fis.json +1 -0
  182. package/src/data/servicereference/services/fms.json +1 -0
  183. package/src/data/servicereference/services/forecast.json +1 -0
  184. package/src/data/servicereference/services/frauddetector.json +1 -0
  185. package/src/data/servicereference/services/freertos.json +1 -0
  186. package/src/data/servicereference/services/freetier.json +1 -0
  187. package/src/data/servicereference/services/fsx.json +1 -0
  188. package/src/data/servicereference/services/gamelift.json +1 -0
  189. package/src/data/servicereference/services/gameliftstreams.json +1 -0
  190. package/src/data/servicereference/services/geo-maps.json +1 -0
  191. package/src/data/servicereference/services/geo-places.json +1 -0
  192. package/src/data/servicereference/services/geo-routes.json +1 -0
  193. package/src/data/servicereference/services/geo.json +1 -0
  194. package/src/data/servicereference/services/glacier.json +1 -0
  195. package/src/data/servicereference/services/globalaccelerator.json +1 -0
  196. package/src/data/servicereference/services/glue.json +1 -0
  197. package/src/data/servicereference/services/grafana.json +1 -0
  198. package/src/data/servicereference/services/greengrass.json +1 -0
  199. package/src/data/servicereference/services/groundstation.json +1 -0
  200. package/src/data/servicereference/services/groundtruthlabeling.json +1 -0
  201. package/src/data/servicereference/services/guardduty.json +1 -0
  202. package/src/data/servicereference/services/health-agent.json +1 -0
  203. package/src/data/servicereference/services/health.json +1 -0
  204. package/src/data/servicereference/services/healthlake.json +1 -0
  205. package/src/data/servicereference/services/honeycode.json +1 -0
  206. package/src/data/servicereference/services/iam.json +1 -0
  207. package/src/data/servicereference/services/identity-sync.json +1 -0
  208. package/src/data/servicereference/services/identitystore-auth.json +1 -0
  209. package/src/data/servicereference/services/identitystore.json +1 -0
  210. package/src/data/servicereference/services/imagebuilder.json +1 -0
  211. package/src/data/servicereference/services/importexport.json +1 -0
  212. package/src/data/servicereference/services/inspector-scan.json +1 -0
  213. package/src/data/servicereference/services/inspector.json +1 -0
  214. package/src/data/servicereference/services/inspector2-telemetry.json +1 -0
  215. package/src/data/servicereference/services/inspector2.json +1 -0
  216. package/src/data/servicereference/services/interconnect.json +1 -0
  217. package/src/data/servicereference/services/internetmonitor.json +1 -0
  218. package/src/data/servicereference/services/invoicing.json +1 -0
  219. package/src/data/servicereference/services/iot-device-tester.json +1 -0
  220. package/src/data/servicereference/services/iot.json +1 -0
  221. package/src/data/servicereference/services/iotanalytics.json +1 -0
  222. package/src/data/servicereference/services/iotdeviceadvisor.json +1 -0
  223. package/src/data/servicereference/services/iotevents.json +1 -0
  224. package/src/data/servicereference/services/iotfleethub.json +1 -0
  225. package/src/data/servicereference/services/iotfleetwise.json +1 -0
  226. package/src/data/servicereference/services/iotjobsdata.json +1 -0
  227. package/src/data/servicereference/services/iotmanagedintegrations.json +1 -0
  228. package/src/data/servicereference/services/iotsitewise.json +1 -0
  229. package/src/data/servicereference/services/iottwinmaker.json +1 -0
  230. package/src/data/servicereference/services/iotwireless.json +1 -0
  231. package/src/data/servicereference/services/iq-permission.json +1 -0
  232. package/src/data/servicereference/services/iq.json +1 -0
  233. package/src/data/servicereference/services/ivs.json +1 -0
  234. package/src/data/servicereference/services/ivschat.json +1 -0
  235. package/src/data/servicereference/services/kafka-cluster.json +1 -0
  236. package/src/data/servicereference/services/kafka.json +1 -0
  237. package/src/data/servicereference/services/kafkaconnect.json +1 -0
  238. package/src/data/servicereference/services/kendra-ranking.json +1 -0
  239. package/src/data/servicereference/services/kendra.json +1 -0
  240. package/src/data/servicereference/services/kinesis.json +1 -0
  241. package/src/data/servicereference/services/kinesisanalytics.json +1 -0
  242. package/src/data/servicereference/services/kinesisvideo.json +1 -0
  243. package/src/data/servicereference/services/kms.json +1 -0
  244. package/src/data/servicereference/services/lakeformation.json +1 -0
  245. package/src/data/servicereference/services/lambda.json +1 -0
  246. package/src/data/servicereference/services/launchwizard.json +1 -0
  247. package/src/data/servicereference/services/lex.json +1 -0
  248. package/src/data/servicereference/services/license-manager-linux-subscriptions.json +1 -0
  249. package/src/data/servicereference/services/license-manager-user-subscriptions.json +1 -0
  250. package/src/data/servicereference/services/license-manager.json +1 -0
  251. package/src/data/servicereference/services/lightsail.json +1 -0
  252. package/src/data/servicereference/services/logs.json +1 -0
  253. package/src/data/servicereference/services/lookoutequipment.json +1 -0
  254. package/src/data/servicereference/services/lookoutmetrics.json +1 -0
  255. package/src/data/servicereference/services/lookoutvision.json +1 -0
  256. package/src/data/servicereference/services/m2.json +1 -0
  257. package/src/data/servicereference/services/machinelearning.json +1 -0
  258. package/src/data/servicereference/services/macie2.json +1 -0
  259. package/src/data/servicereference/services/managedblockchain-query.json +1 -0
  260. package/src/data/servicereference/services/managedblockchain.json +1 -0
  261. package/src/data/servicereference/services/mapcredits.json +1 -0
  262. package/src/data/servicereference/services/marketplacecommerceanalytics.json +1 -0
  263. package/src/data/servicereference/services/mechanicalturk.json +1 -0
  264. package/src/data/servicereference/services/mediaconnect.json +1 -0
  265. package/src/data/servicereference/services/mediaconvert.json +1 -0
  266. package/src/data/servicereference/services/mediaimport.json +1 -0
  267. package/src/data/servicereference/services/medialive.json +1 -0
  268. package/src/data/servicereference/services/mediapackage-vod.json +1 -0
  269. package/src/data/servicereference/services/mediapackage.json +1 -0
  270. package/src/data/servicereference/services/mediapackagev2.json +1 -0
  271. package/src/data/servicereference/services/mediastore.json +1 -0
  272. package/src/data/servicereference/services/mediatailor.json +1 -0
  273. package/src/data/servicereference/services/medical-imaging.json +1 -0
  274. package/src/data/servicereference/services/memorydb.json +1 -0
  275. package/src/data/servicereference/services/mgh.json +1 -0
  276. package/src/data/servicereference/services/mgn.json +1 -0
  277. package/src/data/servicereference/services/migrationhub-orchestrator.json +1 -0
  278. package/src/data/servicereference/services/migrationhub-strategy.json +1 -0
  279. package/src/data/servicereference/services/mobileanalytics.json +1 -0
  280. package/src/data/servicereference/services/mobiletargeting.json +1 -0
  281. package/src/data/servicereference/services/monitron.json +1 -0
  282. package/src/data/servicereference/services/mpa.json +1 -0
  283. package/src/data/servicereference/services/mq.json +1 -0
  284. package/src/data/servicereference/services/neptune-db.json +1 -0
  285. package/src/data/servicereference/services/neptune-graph.json +1 -0
  286. package/src/data/servicereference/services/network-firewall.json +1 -0
  287. package/src/data/servicereference/services/network-security-director.json +1 -0
  288. package/src/data/servicereference/services/networkflowmonitor.json +1 -0
  289. package/src/data/servicereference/services/networkmanager-chat.json +1 -0
  290. package/src/data/servicereference/services/networkmanager.json +1 -0
  291. package/src/data/servicereference/services/networkmonitor.json +1 -0
  292. package/src/data/servicereference/services/nimble.json +1 -0
  293. package/src/data/servicereference/services/notifications-contacts.json +1 -0
  294. package/src/data/servicereference/services/notifications.json +1 -0
  295. package/src/data/servicereference/services/nova-act.json +1 -0
  296. package/src/data/servicereference/services/oam.json +1 -0
  297. package/src/data/servicereference/services/observabilityadmin.json +1 -0
  298. package/src/data/servicereference/services/odb.json +1 -0
  299. package/src/data/servicereference/services/omics.json +1 -0
  300. package/src/data/servicereference/services/one.json +1 -0
  301. package/src/data/servicereference/services/opensearch.json +1 -0
  302. package/src/data/servicereference/services/opsworks-cm.json +1 -0
  303. package/src/data/servicereference/services/opsworks.json +1 -0
  304. package/src/data/servicereference/services/organizations.json +1 -0
  305. package/src/data/servicereference/services/osis.json +1 -0
  306. package/src/data/servicereference/services/outposts.json +1 -0
  307. package/src/data/servicereference/services/panorama.json +1 -0
  308. package/src/data/servicereference/services/partnercentral-account-management.json +1 -0
  309. package/src/data/servicereference/services/partnercentral.json +1 -0
  310. package/src/data/servicereference/services/payment-cryptography.json +1 -0
  311. package/src/data/servicereference/services/payments.json +1 -0
  312. package/src/data/servicereference/services/pca-connector-ad.json +1 -0
  313. package/src/data/servicereference/services/pca-connector-scep.json +1 -0
  314. package/src/data/servicereference/services/pcs.json +1 -0
  315. package/src/data/servicereference/services/personalize.json +1 -0
  316. package/src/data/servicereference/services/pi.json +1 -0
  317. package/src/data/servicereference/services/pipes.json +1 -0
  318. package/src/data/servicereference/services/polly.json +1 -0
  319. package/src/data/servicereference/services/pricing.json +1 -0
  320. package/src/data/servicereference/services/pricingplanmanager.json +1 -0
  321. package/src/data/servicereference/services/private-networks.json +1 -0
  322. package/src/data/servicereference/services/profile.json +1 -0
  323. package/src/data/servicereference/services/proton.json +1 -0
  324. package/src/data/servicereference/services/purchase-orders.json +1 -0
  325. package/src/data/servicereference/services/q.json +1 -0
  326. package/src/data/servicereference/services/qapps.json +1 -0
  327. package/src/data/servicereference/services/qbusiness.json +1 -0
  328. package/src/data/servicereference/services/qdeveloper.json +1 -0
  329. package/src/data/servicereference/services/qldb.json +1 -0
  330. package/src/data/servicereference/services/quicksight.json +1 -0
  331. package/src/data/servicereference/services/ram.json +1 -0
  332. package/src/data/servicereference/services/rbin.json +1 -0
  333. package/src/data/servicereference/services/rds-data.json +1 -0
  334. package/src/data/servicereference/services/rds-db.json +1 -0
  335. package/src/data/servicereference/services/rds.json +1 -0
  336. package/src/data/servicereference/services/redshift-data.json +1 -0
  337. package/src/data/servicereference/services/redshift-serverless.json +1 -0
  338. package/src/data/servicereference/services/redshift.json +1 -0
  339. package/src/data/servicereference/services/refactor-spaces.json +1 -0
  340. package/src/data/servicereference/services/rekognition.json +1 -0
  341. package/src/data/servicereference/services/repostspace.json +1 -0
  342. package/src/data/servicereference/services/resiliencehub.json +1 -0
  343. package/src/data/servicereference/services/resource-explorer-2.json +1 -0
  344. package/src/data/servicereference/services/resource-explorer.json +1 -0
  345. package/src/data/servicereference/services/resource-groups.json +1 -0
  346. package/src/data/servicereference/services/rhelkb.json +1 -0
  347. package/src/data/servicereference/services/robomaker.json +1 -0
  348. package/src/data/servicereference/services/rolesanywhere.json +1 -0
  349. package/src/data/servicereference/services/route53-recovery-cluster.json +1 -0
  350. package/src/data/servicereference/services/route53-recovery-control-config.json +1 -0
  351. package/src/data/servicereference/services/route53-recovery-readiness.json +1 -0
  352. package/src/data/servicereference/services/route53.json +1 -0
  353. package/src/data/servicereference/services/route53domains.json +1 -0
  354. package/src/data/servicereference/services/route53globalresolver.json +1 -0
  355. package/src/data/servicereference/services/route53profiles.json +1 -0
  356. package/src/data/servicereference/services/route53resolver.json +1 -0
  357. package/src/data/servicereference/services/rtbfabric.json +1 -0
  358. package/src/data/servicereference/services/rum.json +1 -0
  359. package/src/data/servicereference/services/s3-object-lambda.json +1 -0
  360. package/src/data/servicereference/services/s3-outposts.json +1 -0
  361. package/src/data/servicereference/services/s3.json +1 -0
  362. package/src/data/servicereference/services/s3express.json +1 -0
  363. package/src/data/servicereference/services/s3tables.json +1 -0
  364. package/src/data/servicereference/services/s3vectors.json +1 -0
  365. package/src/data/servicereference/services/sagemaker-data-science-assistant.json +1 -0
  366. package/src/data/servicereference/services/sagemaker-geospatial.json +1 -0
  367. package/src/data/servicereference/services/sagemaker-mlflow.json +1 -0
  368. package/src/data/servicereference/services/sagemaker-unified-studio-mcp.json +1 -0
  369. package/src/data/servicereference/services/sagemaker.json +1 -0
  370. package/src/data/servicereference/services/savingsplans.json +1 -0
  371. package/src/data/servicereference/services/scheduler.json +1 -0
  372. package/src/data/servicereference/services/schemas.json +1 -0
  373. package/src/data/servicereference/services/scn.json +1 -0
  374. package/src/data/servicereference/services/sdb.json +1 -0
  375. package/src/data/servicereference/services/secretsmanager.json +1 -0
  376. package/src/data/servicereference/services/security-ir.json +1 -0
  377. package/src/data/servicereference/services/securityagent.json +1 -0
  378. package/src/data/servicereference/services/securityhub.json +1 -0
  379. package/src/data/servicereference/services/securitylake.json +1 -0
  380. package/src/data/servicereference/services/serverlessrepo.json +1 -0
  381. package/src/data/servicereference/services/servicecatalog.json +1 -0
  382. package/src/data/servicereference/services/servicediscovery.json +1 -0
  383. package/src/data/servicereference/services/serviceextract.json +1 -0
  384. package/src/data/servicereference/services/servicequotas.json +1 -0
  385. package/src/data/servicereference/services/ses.json +1 -0
  386. package/src/data/servicereference/services/shield.json +1 -0
  387. package/src/data/servicereference/services/signer.json +1 -0
  388. package/src/data/servicereference/services/signin.json +1 -0
  389. package/src/data/servicereference/services/simspaceweaver.json +1 -0
  390. package/src/data/servicereference/services/sms-voice.json +1 -0
  391. package/src/data/servicereference/services/sms.json +1 -0
  392. package/src/data/servicereference/services/snow-device-management.json +1 -0
  393. package/src/data/servicereference/services/snowball.json +1 -0
  394. package/src/data/servicereference/services/sns.json +1 -0
  395. package/src/data/servicereference/services/social-messaging.json +1 -0
  396. package/src/data/servicereference/services/sqlworkbench.json +1 -0
  397. package/src/data/servicereference/services/sqs.json +1 -0
  398. package/src/data/servicereference/services/ssm-contacts.json +1 -0
  399. package/src/data/servicereference/services/ssm-guiconnect.json +1 -0
  400. package/src/data/servicereference/services/ssm-incidents.json +1 -0
  401. package/src/data/servicereference/services/ssm-quicksetup.json +1 -0
  402. package/src/data/servicereference/services/ssm-sap.json +1 -0
  403. package/src/data/servicereference/services/ssm.json +1 -0
  404. package/src/data/servicereference/services/ssmmessages.json +1 -0
  405. package/src/data/servicereference/services/sso-directory.json +1 -0
  406. package/src/data/servicereference/services/sso-oauth.json +1 -0
  407. package/src/data/servicereference/services/sso.json +1 -0
  408. package/src/data/servicereference/services/states.json +1 -0
  409. package/src/data/servicereference/services/storagegateway.json +1 -0
  410. package/src/data/servicereference/services/sts.json +1 -0
  411. package/src/data/servicereference/services/support-console.json +1 -0
  412. package/src/data/servicereference/services/support.json +1 -0
  413. package/src/data/servicereference/services/supportapp.json +1 -0
  414. package/src/data/servicereference/services/supportplans.json +1 -0
  415. package/src/data/servicereference/services/sustainability.json +1 -0
  416. package/src/data/servicereference/services/swf.json +1 -0
  417. package/src/data/servicereference/services/synthetics.json +1 -0
  418. package/src/data/servicereference/services/tag.json +1 -0
  419. package/src/data/servicereference/services/tax.json +1 -0
  420. package/src/data/servicereference/services/textract.json +1 -0
  421. package/src/data/servicereference/services/thinclient.json +1 -0
  422. package/src/data/servicereference/services/timestream-influxdb.json +1 -0
  423. package/src/data/servicereference/services/timestream.json +1 -0
  424. package/src/data/servicereference/services/tiros.json +1 -0
  425. package/src/data/servicereference/services/tnb.json +1 -0
  426. package/src/data/servicereference/services/transcribe.json +1 -0
  427. package/src/data/servicereference/services/transfer.json +1 -0
  428. package/src/data/servicereference/services/transform-custom.json +1 -0
  429. package/src/data/servicereference/services/transform.json +1 -0
  430. package/src/data/servicereference/services/translate.json +1 -0
  431. package/src/data/servicereference/services/trustedadvisor.json +1 -0
  432. package/src/data/servicereference/services/ts.json +1 -0
  433. package/src/data/servicereference/services/user-subscriptions.json +1 -0
  434. package/src/data/servicereference/services/uxc.json +1 -0
  435. package/src/data/servicereference/services/vendor-insights.json +1 -0
  436. package/src/data/servicereference/services/verified-access.json +1 -0
  437. package/src/data/servicereference/services/verifiedpermissions.json +1 -0
  438. package/src/data/servicereference/services/voiceid.json +1 -0
  439. package/src/data/servicereference/services/vpc-lattice-svcs.json +1 -0
  440. package/src/data/servicereference/services/vpc-lattice.json +1 -0
  441. package/src/data/servicereference/services/vpce.json +1 -0
  442. package/src/data/servicereference/services/waf-regional.json +1 -0
  443. package/src/data/servicereference/services/waf.json +1 -0
  444. package/src/data/servicereference/services/wafv2.json +1 -0
  445. package/src/data/servicereference/services/wam.json +1 -0
  446. package/src/data/servicereference/services/wellarchitected.json +1 -0
  447. package/src/data/servicereference/services/wickr.json +1 -0
  448. package/src/data/servicereference/services/wisdom.json +1 -0
  449. package/src/data/servicereference/services/workdocs.json +1 -0
  450. package/src/data/servicereference/services/worklink.json +1 -0
  451. package/src/data/servicereference/services/workmail.json +1 -0
  452. package/src/data/servicereference/services/workmailmessageflow.json +1 -0
  453. package/src/data/servicereference/services/workspaces-instances.json +1 -0
  454. package/src/data/servicereference/services/workspaces-web.json +1 -0
  455. package/src/data/servicereference/services/workspaces.json +1 -0
  456. package/src/data/servicereference/services/xray.json +1 -0
  457. package/src/data/servicereference/services.json +1 -0
  458. package/src/extension.d.ts +3 -0
  459. package/src/extension.js +23 -0
  460. package/src/grammars/tree-sitter-hcl.wasm +0 -0
  461. package/src/grammars/tree-sitter-json.wasm +0 -0
  462. package/src/grammars/tree-sitter-yaml.wasm +0 -0
  463. package/src/handlers/completion/action-value.d.ts +4 -0
  464. package/src/handlers/completion/action-value.js +46 -0
  465. package/src/handlers/completion/condition-block.d.ts +4 -0
  466. package/src/handlers/completion/condition-block.js +31 -0
  467. package/src/handlers/completion/condition-key.d.ts +4 -0
  468. package/src/handlers/completion/condition-key.js +80 -0
  469. package/src/handlers/completion/condition-operator.d.ts +4 -0
  470. package/src/handlers/completion/condition-operator.js +22 -0
  471. package/src/handlers/completion/effect-value.d.ts +4 -0
  472. package/src/handlers/completion/effect-value.js +14 -0
  473. package/src/handlers/completion/index.d.ts +14 -0
  474. package/src/handlers/completion/index.js +96 -0
  475. package/src/handlers/completion/principal-block-identifier.d.ts +4 -0
  476. package/src/handlers/completion/principal-block-identifier.js +4 -0
  477. package/src/handlers/completion/principal-block-type.d.ts +4 -0
  478. package/src/handlers/completion/principal-block-type.js +24 -0
  479. package/src/handlers/completion/principal-block.d.ts +4 -0
  480. package/src/handlers/completion/principal-block.js +28 -0
  481. package/src/handlers/completion/principal-identifier-completions.d.ts +2 -0
  482. package/src/handlers/completion/principal-identifier-completions.js +131 -0
  483. package/src/handlers/completion/principal-type.d.ts +4 -0
  484. package/src/handlers/completion/principal-type.js +23 -0
  485. package/src/handlers/completion/principal-typed-value.d.ts +4 -0
  486. package/src/handlers/completion/principal-typed-value.js +4 -0
  487. package/src/handlers/completion/principal-value.d.ts +4 -0
  488. package/src/handlers/completion/principal-value.js +18 -0
  489. package/src/handlers/completion/resource-value.d.ts +4 -0
  490. package/src/handlers/completion/resource-value.js +144 -0
  491. package/src/handlers/completion/statement-block.d.ts +10 -0
  492. package/src/handlers/completion/statement-block.js +51 -0
  493. package/src/handlers/completion/statement-key.d.ts +4 -0
  494. package/src/handlers/completion/statement-key.js +41 -0
  495. package/src/lib/iam-policy/condition-operators.d.ts +317 -0
  496. package/src/lib/iam-policy/condition-operators.js +129 -0
  497. package/src/lib/iam-policy/location.d.ts +71 -0
  498. package/src/lib/iam-policy/location.js +82 -0
  499. package/src/lib/iam-policy/partitions.d.ts +116 -0
  500. package/src/lib/iam-policy/partitions.js +51 -0
  501. package/src/lib/iam-policy/principals.d.ts +21 -0
  502. package/src/lib/iam-policy/principals.js +37 -0
  503. package/src/lib/iam-policy/reference/services.d.ts +22 -0
  504. package/src/lib/iam-policy/reference/services.js +99 -0
  505. package/src/lib/iam-policy/reference/types.d.ts +71 -0
  506. package/src/lib/iam-policy/reference/types.js +1 -0
  507. package/src/lib/iam-policy/statement-keys.d.ts +8 -0
  508. package/src/lib/iam-policy/statement-keys.js +159 -0
  509. package/src/lib/iam-policy/wildcard.d.ts +2 -0
  510. package/src/lib/iam-policy/wildcard.js +14 -0
  511. package/src/lib/treesitter/base.d.ts +35 -0
  512. package/src/lib/treesitter/base.js +50 -0
  513. package/src/lib/treesitter/hcl.d.ts +9 -0
  514. package/src/lib/treesitter/hcl.js +888 -0
  515. package/src/lib/treesitter/json.d.ts +9 -0
  516. package/src/lib/treesitter/json.js +376 -0
  517. package/src/lib/treesitter/manager.d.ts +9 -0
  518. package/src/lib/treesitter/manager.js +66 -0
  519. package/src/lib/treesitter/yaml.d.ts +9 -0
  520. package/src/lib/treesitter/yaml.js +878 -0
  521. package/src/server.d.ts +2 -0
  522. package/src/server.js +26 -0
package/src/data/servicereference/services/ec2messages.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"ec2messages","actions":{"AcknowledgeMessage":{"conditionKeys":[],"resources":[],"description":"Grants permission to acknowledge a message, ensuring it will not be delivered again","accessLevel":"Write","resourceTypes":[]},"DeleteMessage":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a message","accessLevel":"Write","resourceTypes":[]},"FailMessage":{"conditionKeys":[],"resources":[],"description":"Grants permission to fail a message, signifying the message could not be processed successfully, ensuring it cannot be replied to or delivered again","accessLevel":"Write","resourceTypes":[]},"GetEndpoint":{"conditionKeys":[],"resources":[],"description":"Grants permission to route traffic to the correct endpoint based on the given destination for the messages","accessLevel":"Read","resourceTypes":[]},"GetMessages":{"conditionKeys":["ec2:SourceInstanceARN","ssm:SourceInstanceARN"],"resources":[],"description":"Grants permission to deliver messages to clients/instances using long polling","accessLevel":"Read","resourceTypes":[]},"SendReply":{"conditionKeys":["ec2:SourceInstanceARN","ssm:SourceInstanceARN"],"resources":[],"description":"Grants permission to send replies from clients/instances to upstream service","accessLevel":"Write","resourceTypes":[]}},"resources":[],"conditionKeys":{"ec2:SourceInstanceARN":{"types":["ARN"],"description":"Filters access by the ARN of the instance from which the request originated"},"ssm:SourceInstanceARN":{"types":["ARN"],"description":"Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile"}}}
package/src/data/servicereference/services/ecr-public.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"ecr-public","actions":{"BatchCheckLayerAvailability":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to check the availability of multiple image layers in a specified registry and repository","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"BatchDeleteImage":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to delete a list of specified images within a specified repository","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"CompleteLayerUpload":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to inform Amazon ECR that the image layer upload for a specified registry, repository name, and upload ID, has completed","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"CreateRepository":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"repository"}],"description":"Grants permission to create an image repository","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}],"dependentActions":["ecr-public:TagResource"]},"DeleteRepository":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to delete an existing image repository","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"DeleteRepositoryPolicy":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to delete the repository policy from a specified repository","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"DescribeImageTags":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to describe all the image tags for a given repository","accessLevel":"List","resourceTypes":[{"name":"repository","required":true}]},"DescribeImages":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to get metadata about the images in a repository, including image size, image tags, and creation date","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"DescribeRegistries":{"conditionKeys":[],"resources":[{"name":"registry"}],"description":"Grants permission to retrieve the catalog data associated with a registry","accessLevel":"List","resourceTypes":[{"name":"registry","required":true}]},"DescribeRepositories":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to describe image repositories in a registry","accessLevel":"List","resourceTypes":[{"name":"repository","required":false}]},"GetAuthorizationToken":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a token that is valid for a specified registry for 12 hours","accessLevel":"Read","resourceTypes":[]},"GetRegistryCatalogData":{"conditionKeys":[],"resources":[{"name":"registry"}],"description":"Grants permission to retrieve the catalog data associated with a registry","accessLevel":"Read","resourceTypes":[{"name":"registry","required":true}]},"GetRepositoryCatalogData":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to retrieve the catalog data associated with a repository","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"GetRepositoryPolicy":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to retrieve the repository policy for a specified repository","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"InitiateLayerUpload":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to notify Amazon ECR that you intend to upload an image layer","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to list the tags for an Amazon ECR resource","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"PutImage":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to create or update the image manifest associated with an image","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"PutRegistryCatalogData":{"conditionKeys":[],"resources":[{"name":"registry"}],"description":"Grants permission to create and update the catalog data associated with a registry","accessLevel":"Write","resourceTypes":[{"name":"registry","required":true}]},"PutRepositoryCatalogData":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to update the catalog data associated with a repository","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"SetRepositoryPolicy":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to apply a repository policy on a specified repository to control access permissions","accessLevel":"Permissions management","resourceTypes":[{"name":"repository","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"repository"}],"description":"Grants permission to tag an Amazon ECR resource","accessLevel":"Tagging","resourceTypes":[{"name":"repository","required":true}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"repository"}],"description":"Grants permission to untag an Amazon ECR resource","accessLevel":"Tagging","resourceTypes":[{"name":"repository","required":true}]},"UploadLayerPart":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to upload an image layer part to Amazon ECR Public","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]}},"resources":[{"name":"registry","arnFormats":["arn:${Partition}:ecr-public::${Account}:registry/${RegistryId}"],"conditionKeys":[]},{"name":"repository","arnFormats":["arn:${Partition}:ecr-public::${Account}:repository/${RepositoryName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ecr-public:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters create requests based on the allowed set of values for each of the tags"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters actions based on tag-value associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters create requests based on the presence of mandatory tags in the request"},"ecr-public:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters actions based on tag-value associated with the resource"}}}
package/src/data/servicereference/services/ecr.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"ecr","actions":{"BatchCheckLayerAvailability":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to check the availability of multiple image layers in a specified registry and repository","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"BatchDeleteImage":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to delete a list of specified images within a specified repository","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"BatchGetImage":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to get detailed information for specified images within a specified repository","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"BatchGetRepositoryScanningConfiguration":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to retrieve repository scanning configuration for a list of repositories","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"BatchImportUpstreamImage":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to retrieve the image from the upstream registry and import it to your private registry","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}],"permissionOnly":true},"CompleteLayerUpload":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to inform Amazon ECR that the image layer upload for a specified registry, repository name, and upload ID, has completed","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"CreatePullThroughCacheRule":{"conditionKeys":[],"resources":[],"description":"Grants permission to create new pull-through cache rule","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:CreateServiceLinkedRole"]},"CreateRepository":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"repository"}],"description":"Grants permission to create an image repository","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}],"dependentActions":["ecr:TagResource"]},"CreateRepositoryCreationTemplate":{"conditionKeys":[],"resources":[],"description":"Grants permission to create the repository creation template","accessLevel":"Write","resourceTypes":[],"dependentActions":["ecr:CreateRepository","ecr:PutLifecyclePolicy","ecr:SetRepositoryPolicy","iam:CreateServiceLinkedRole","iam:PassRole"]},"DeleteLifecyclePolicy":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to delete the specified lifecycle policy","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"DeletePullThroughCacheRule":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete the pull-through cache rule","accessLevel":"Write","resourceTypes":[]},"DeleteRegistryPolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete the registry policy","accessLevel":"Permissions management","resourceTypes":[]},"DeleteRepository":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to delete an existing image repository","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"DeleteRepositoryCreationTemplate":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete the repository creation template","accessLevel":"Write","resourceTypes":[]},"DeleteRepositoryPolicy":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to delete the repository policy from a specified repository","accessLevel":"Permissions management","resourceTypes":[{"name":"repository","required":true}]},"DeleteSigningConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete the signing configuration for the registry","accessLevel":"Write","resourceTypes":[]},"DeregisterPullTimeUpdateExclusion":{"conditionKeys":[],"resources":[],"description":"Grants permission to deregister a pull time update exclusion","accessLevel":"Write","resourceTypes":[]},"DescribeImageReplicationStatus":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to retrieve replication status about an image in a registry, including failure reason if replication fails","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"DescribeImageScanFindings":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to describe the image scan findings for the specified image","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"DescribeImageSigningStatus":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to retrieve signing status about an image in a specified registry","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"DescribeImages":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to get metadata about the images in a repository, including image size, image tags, and creation date","accessLevel":"List","resourceTypes":[{"name":"repository","required":true}]},"DescribePullThroughCacheRules":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe the pull-through cache rules","accessLevel":"List","resourceTypes":[]},"DescribeRegistry":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe the registry settings","accessLevel":"Read","resourceTypes":[]},"DescribeRepositories":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to describe image repositories in a registry","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"DescribeRepositoryCreationTemplates":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe the repository creation template","accessLevel":"Read","resourceTypes":[]},"GetAccountSetting":{"conditionKeys":["ecr:AccountSetting"],"resources":[],"description":"Grants permission to retrieve account settings","accessLevel":"Read","resourceTypes":[]},"GetAuthorizationToken":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a token that is valid for a specified registry for 12 hours","accessLevel":"Read","resourceTypes":[]},"GetDownloadUrlForLayer":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to retrieve the download URL corresponding to an image layer","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"GetImageCopyStatus":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to retrieve the status about an image copy","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}],"permissionOnly":true},"GetLifecyclePolicy":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to retrieve the specified lifecycle policy","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"GetLifecyclePolicyPreview":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to retrieve the results of the specified lifecycle policy preview request","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"GetRegistryPolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the registry policy","accessLevel":"Read","resourceTypes":[]},"GetRegistryScanningConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve registry scanning configuration","accessLevel":"Read","resourceTypes":[]},"GetRepositoryPolicy":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to retrieve the repository policy for a specified repository","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"GetSigningConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the signing configuration for the registry","accessLevel":"Read","resourceTypes":[]},"InitiateLayerUpload":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to notify Amazon ECR that you intend to upload an image layer","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"ListImages":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to list all the image IDs for a given repository","accessLevel":"List","resourceTypes":[{"name":"repository","required":true}]},"ListPullTimeUpdateExclusions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list pull time update exclusions for the registry","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"repository"}],"description":"Grants permission to list the tags for an Amazon ECR resource","accessLevel":"Read","resourceTypes":[{"name":"repository","required":true}]},"PutAccountSetting":{"conditionKeys":["ecr:AccountSetting"],"resources":[],"description":"Grants permission to update account settings","accessLevel":"Write","resourceTypes":[]},"PutImage":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to create or update the image manifest associated with an image","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"PutImageScanningConfiguration":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to update the image scanning configuration for a repository","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"PutImageTagMutability":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to update the image tag mutability settings for a repository","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"PutLifecyclePolicy":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to create or update a lifecycle policy","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"PutRegistryPolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the registry policy","accessLevel":"Permissions management","resourceTypes":[]},"PutRegistryScanningConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to update registry scanning configuration","accessLevel":"Write","resourceTypes":[]},"PutReplicationConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the replication configuration for the registry","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:CreateServiceLinkedRole"]},"PutSigningConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the signing configuration for the registry","accessLevel":"Write","resourceTypes":[]},"RegisterPullTimeUpdateExclusion":{"conditionKeys":[],"resources":[],"description":"Grants permission to register a pull time update exclusion","accessLevel":"Write","resourceTypes":[]},"ReplicateImage":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to replicate images to the destination registry","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}],"permissionOnly":true},"SetRepositoryPolicy":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to apply a repository policy on a specified repository to control access permissions","accessLevel":"Permissions management","resourceTypes":[{"name":"repository","required":true}]},"StartImageScan":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to start an image scan","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"StartLifecyclePolicyPreview":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to start a preview of the specified lifecycle policy","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"repository"}],"description":"Grants permission to tag an Amazon ECR resource","accessLevel":"Tagging","resourceTypes":[{"name":"repository","required":true}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"repository"}],"description":"Grants permission to untag an Amazon ECR resource","accessLevel":"Tagging","resourceTypes":[{"name":"repository","required":true}]},"UpdateImageStorageClass":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to get update the storage class of a specified image within a specified repository","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"UpdatePullThroughCacheRule":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the pull-through cache rule","accessLevel":"Write","resourceTypes":[]},"UpdateRepositoryCreationTemplate":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the repository creation template","accessLevel":"Write","resourceTypes":[],"dependentActions":["ecr:CreateRepository","ecr:PutLifecyclePolicy","ecr:SetRepositoryPolicy","iam:CreateServiceLinkedRole","iam:PassRole"]},"UploadLayerPart":{"conditionKeys":[],"resources":[{"name":"repository"}],"description":"Grants permission to upload an image layer part to Amazon ECR","accessLevel":"Write","resourceTypes":[{"name":"repository","required":true}]},"ValidatePullThroughCacheRule":{"conditionKeys":[],"resources":[],"description":"Grants permission to validate the pull-through cache rule","accessLevel":"Read","resourceTypes":[]}},"resources":[{"name":"repository","arnFormats":["arn:${Partition}:ecr:${Region}:${Account}:repository/${RepositoryName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ecr:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the allowed set of values for each of the tags"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tag-value associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of mandatory tags in the request"},"ecr:AccountSetting":{"types":["String"],"description":"Filters access by the ECR account setting name"},"ecr:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tag-value associated with the resource"}}}
package/src/data/servicereference/services/ecs-mcp.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"ecs-mcp","actions":{"InvokeReadOnlyTools":{"conditionKeys":[],"resources":[],"description":"Grants permission to call read-only tools in MCP service","accessLevel":"Read","resourceTypes":[]},"UseMcp":{"conditionKeys":[],"resources":[],"description":"Grants permission to use MCP service","accessLevel":"Read","resourceTypes":[]}},"resources":[],"conditionKeys":{}}
package/src/data/servicereference/services/ecs.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"ecs","actions":{"CreateCapacityProvider":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","ecs:instance-metadata-tags-propagation","ecs:propagate-tags"],"resources":[{"name":"capacity-provider"}],"description":"Grants permission to create a new capacity provider. Capacity providers are associated with an Amazon ECS cluster and are used in capacity provider strategies to facilitate cluster auto scaling","accessLevel":"Write","resourceTypes":[{"name":"capacity-provider","required":true}]},"CreateCluster":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","ecs:capacity-provider","ecs:fargate-ephemeral-storage-kms-key"],"resources":[{"name":"cluster"}],"description":"Grants permission to create a new Amazon ECS cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"CreateExpressGatewayService":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","ecs:enable-ecs-managed-tags","ecs:propagate-tags","ecs:subnet","ecs:task-cpu","ecs:task-definition","ecs:task-memory"],"resources":[{"name":"service"}],"description":"Grants permission to create a new Amazon ECS Express Gateway service with cluster and task definition","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}],"dependentActions":["ecs:RegisterTaskDefinition","iam:PassRole"]},"CreateService":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","ecs:auto-assign-public-ip","ecs:capacity-provider","ecs:enable-ebs-volumes","ecs:enable-ecs-managed-tags","ecs:enable-execute-command","ecs:enable-service-connect","ecs:enable-vpc-lattice","ecs:namespace","ecs:propagate-tags","ecs:subnet","ecs:task-cpu","ecs:task-definition","ecs:task-memory"],"resources":[{"name":"service"}],"description":"Grants permission to run and maintain a desired number of tasks from a specified task definition via service creation","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]},"CreateTaskSet":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","ecs:capacity-provider","ecs:cluster","ecs:service","ecs:task-definition"],"resources":[{"name":"task-set"}],"description":"Grants permission to create a new Amazon ECS task set","accessLevel":"Write","resourceTypes":[{"name":"task-set","required":true}]},"DeleteAccountSetting":{"conditionKeys":["ecs:account-setting"],"resources":[],"description":"Grants permission to modify the ARN and resource ID format of a resource for a specified IAM user, IAM role, or the root user for an account. You can specify whether the new ARN and resource ID format are disabled for new resources that are created","accessLevel":"Write","resourceTypes":[]},"DeleteAttributes":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster"],"resources":[{"name":"container-instance"}],"description":"Grants permission to delete one or more custom attributes from an Amazon ECS resource","accessLevel":"Write","resourceTypes":[{"name":"container-instance","required":true}]},"DeleteCapacityProvider":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"capacity-provider"}],"description":"Grants permission to delete the specified capacity provider","accessLevel":"Write","resourceTypes":[{"name":"capacity-provider","required":true}]},"DeleteCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to delete the specified cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"DeleteExpressGatewayService":{"conditionKeys":[],"resources":[{"name":"service"}],"description":"Grants permission to delete a specified Express Gateway service","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]},"DeleteService":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster"],"resources":[{"name":"service"}],"description":"Grants permission to delete a specified service within a cluster","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]},"DeleteTaskDefinitions":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"task-definition"}],"description":"Grants permission to delete the specified task definitions by family and revision","accessLevel":"Write","resourceTypes":[{"name":"task-definition","required":true}]},"DeleteTaskSet":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster","ecs:service"],"resources":[{"name":"task-set"}],"description":"Grants permission to delete the specified task set","accessLevel":"Write","resourceTypes":[{"name":"task-set","required":true}]},"DeregisterContainerInstance":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to deregister an Amazon ECS container instance from the specified cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"DeregisterTaskDefinition":{"conditionKeys":[],"resources":[],"description":"Grants permission to deregister the specified task definition by family and revision","accessLevel":"Write","resourceTypes":[]},"DescribeCapacityProviders":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"capacity-provider"}],"description":"Grants permission to describe one or more Amazon ECS capacity providers","accessLevel":"Read","resourceTypes":[{"name":"capacity-provider","required":true}]},"DescribeClusters":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to describes one or more of your clusters","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}]},"DescribeContainerInstances":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster"],"resources":[{"name":"container-instance"}],"description":"Grants permission to describes Amazon ECS container instances","accessLevel":"Read","resourceTypes":[{"name":"container-instance","required":true}]},"DescribeExpressGatewayService":{"conditionKeys":[],"resources":[{"name":"service"}],"description":"Grants permission to describe the specified Express Gateway service","accessLevel":"Read","resourceTypes":[{"name":"service","required":true}]},"DescribeServiceDeployments":{"conditionKeys":[],"resources":[{"name":"service"},{"name":"service-deployment"}],"description":"Grants permission to describe one or more of your service deployments","accessLevel":"Read","resourceTypes":[{"name":"service","required":true},{"name":"service-deployment","required":true}]},"DescribeServiceRevisions":{"conditionKeys":[],"resources":[{"name":"service"},{"name":"service-revision"}],"description":"Grants permission to describe one or more of your service revisions","accessLevel":"Read","resourceTypes":[{"name":"service","required":true},{"name":"service-revision","required":true}]},"DescribeServices":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster"],"resources":[{"name":"service"}],"description":"Grants permission to describe the specified services running in your cluster","accessLevel":"Read","resourceTypes":[{"name":"service","required":true}]},"DescribeTaskDefinition":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a task definition. You can specify a family and revision to find information about a specific task definition, or you can simply specify the family to find the latest ACTIVE revision in that family","accessLevel":"Read","resourceTypes":[]},"DescribeTaskSets":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster","ecs:service"],"resources":[{"name":"task-set"}],"description":"Grants permission to describe Amazon ECS task sets","accessLevel":"Read","resourceTypes":[{"name":"task-set","required":true}]},"DescribeTasks":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster"],"resources":[{"name":"task"}],"description":"Grants permission to describe a specified task or tasks","accessLevel":"Read","resourceTypes":[{"name":"task","required":true}]},"DiscoverPollEndpoint":{"conditionKeys":[],"resources":[],"description":"Grants permission to get an endpoint for the Amazon ECS agent to poll for updates","accessLevel":"Write","resourceTypes":[]},"ExecuteCommand":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster","ecs:container-name","ecs:task"],"resources":[{"name":"cluster"},{"name":"task"}],"description":"Grants permission to run a command remotely on an Amazon ECS container","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"task","required":true}]},"GetTaskProtection":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster"],"resources":[{"name":"task"}],"description":"Grants permission to retrieve the protection status of tasks in an Amazon ECS service","accessLevel":"Read","resourceTypes":[{"name":"task","required":true}]},"ListAccountSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the account settings for an Amazon ECS resource for a specified principal","accessLevel":"Read","resourceTypes":[]},"ListAttributes":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to lists the attributes for Amazon ECS resources within a specified target type and cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListClusters":{"conditionKeys":[],"resources":[],"description":"Grants permission to get a list of existing clusters","accessLevel":"List","resourceTypes":[]},"ListContainerInstances":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to get a list of container instances in a specified cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListServiceDeployments":{"conditionKeys":[],"resources":[{"name":"service"}],"description":"Grants permission to get a list of service deployments for a specified service","accessLevel":"List","resourceTypes":[{"name":"service","required":true}]},"ListServices":{"conditionKeys":["ecs:cluster"],"resources":[],"description":"Grants permission to get a list of services that are running in a specified cluster","accessLevel":"List","resourceTypes":[]},"ListServicesByNamespace":{"conditionKeys":["ecs:namespace"],"resources":[],"description":"Grants permission to get a list of services that are running in a specified AWS Cloud Map Namespace","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"capacity-provider"},{"name":"cluster"},{"name":"container-instance"},{"name":"service"},{"name":"task"},{"name":"task-definition"},{"name":"task-set"}],"description":"Grants permission to get a list of tags for the specified resource","accessLevel":"Read","resourceTypes":[{"name":"capacity-provider","required":false},{"name":"cluster","required":false},{"name":"container-instance","required":false},{"name":"service","required":false},{"name":"task","required":false},{"name":"task-definition","required":false},{"name":"task-set","required":false}]},"ListTaskDefinitionFamilies":{"conditionKeys":[],"resources":[],"description":"Grants permission to get a list of task definition families that are registered to your account (which may include task definition families that no longer have any ACTIVE task definitions)","accessLevel":"List","resourceTypes":[]},"ListTaskDefinitions":{"conditionKeys":[],"resources":[],"description":"Grants permission to get a list of task definitions that are registered to your account","accessLevel":"List","resourceTypes":[]},"ListTasks":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster"],"resources":[{"name":"container-instance"}],"description":"Grants permission to get a list of tasks for a specified cluster","accessLevel":"List","resourceTypes":[{"name":"container-instance","required":true}]},"Poll":{"conditionKeys":["ecs:cluster"],"resources":[{"name":"container-instance"}],"description":"Grants permission to an agent to connect with the Amazon ECS service to report status and get commands","accessLevel":"Write","resourceTypes":[{"name":"container-instance","required":true}],"permissionOnly":true},"PutAccountSetting":{"conditionKeys":["ecs:account-setting"],"resources":[],"description":"Grants permission to modify the ARN and resource ID format of a resource for a specified IAM user, IAM role, or the root user for an account. You can specify whether the new ARN and resource ID format are enabled for new resources that are created. Enabling this setting is required to use new Amazon ECS features such as resource tagging","accessLevel":"Write","resourceTypes":[]},"PutAccountSettingDefault":{"conditionKeys":["ecs:account-setting"],"resources":[],"description":"Grants permission to modify the ARN and resource ID format of a resource type for all IAM users on an account for which no individual account setting has been set. Enabling this setting is required to use new Amazon ECS features such as resource tagging","accessLevel":"Write","resourceTypes":[]},"PutAttributes":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster"],"resources":[{"name":"container-instance"}],"description":"Grants permission to create or update an attribute on an Amazon ECS resource","accessLevel":"Write","resourceTypes":[{"name":"container-instance","required":true}]},"PutClusterCapacityProviders":{"conditionKeys":["ecs:capacity-provider"],"resources":[{"name":"cluster"}],"description":"Grants permission to modify the available capacity providers and the default capacity provider strategy for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"PutSystemLogEvents":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"container-instance"}],"description":"Grants permission to collect system logs from the container instances","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"container-instance","required":true}]},"RegisterContainerInstance":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"}],"description":"Grants permission to register an EC2 instance into the specified cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"RegisterTaskDefinition":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","ecs:compute-compatibility","ecs:privileged","ecs:task-cpu","ecs:task-memory"],"resources":[{"name":"task-definition"}],"description":"Grants permission to register a new task definition from the supplied family and containerDefinitions","accessLevel":"Write","resourceTypes":[{"name":"task-definition","required":true}]},"RunTask":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ecs:capacity-provider","ecs:cluster","ecs:enable-ebs-volumes","ecs:enable-execute-command"],"resources":[{"name":"task-definition"}],"description":"Grants permission to start a task using random placement and the default Amazon ECS scheduler","accessLevel":"Write","resourceTypes":[{"name":"task-definition","required":true}],"dependentActions":["iam:PassRole"]},"StartTask":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ecs:cluster","ecs:container-instances","ecs:enable-ebs-volumes","ecs:enable-execute-command"],"resources":[{"name":"task-definition"}],"description":"Grants permission to start a new task from the specified task definition on the specified container instance or instances","accessLevel":"Write","resourceTypes":[{"name":"task-definition","required":true}],"dependentActions":["iam:PassRole"]},"StartTelemetrySession":{"conditionKeys":["ecs:cluster"],"resources":[{"name":"container-instance"}],"description":"Grants permission to start a telemetry session","accessLevel":"Write","resourceTypes":[{"name":"container-instance","required":true}]},"StopServiceDeployment":{"conditionKeys":[],"resources":[{"name":"service"},{"name":"service-deployment"}],"description":"Grants permission to stop an ongoing service deployment","accessLevel":"Write","resourceTypes":[{"name":"service","required":true},{"name":"service-deployment","required":true}]},"StopTask":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster"],"resources":[{"name":"task"}],"description":"Grants permission to stop a running task","accessLevel":"Write","resourceTypes":[{"name":"task","required":true}]},"SubmitAttachmentStateChanges":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to send an acknowledgement that attachments changed states","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"SubmitContainerStateChange":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to send an acknowledgement that a container changed states","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"SubmitTaskStateChange":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to send an acknowledgement that a task changed states","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ecs:CreateAction"],"resources":[{"name":"capacity-provider"},{"name":"cluster"},{"name":"container-instance"},{"name":"service"},{"name":"task"},{"name":"task-definition"},{"name":"task-set"}],"description":"Grants permission to tag the specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"capacity-provider","required":false},{"name":"cluster","required":false},{"name":"container-instance","required":false},{"name":"service","required":false},{"name":"task","required":false},{"name":"task-definition","required":false},{"name":"task-set","required":false}]},"UntagResource":{"conditionKeys":["aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"capacity-provider"},{"name":"cluster"},{"name":"container-instance"},{"name":"service"},{"name":"task"},{"name":"task-definition"},{"name":"task-set"}],"description":"Grants permission to untag the specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"capacity-provider","required":false},{"name":"cluster","required":false},{"name":"container-instance","required":false},{"name":"service","required":false},{"name":"task","required":false},{"name":"task-definition","required":false},{"name":"task-set","required":false}]},"UpdateCapacityProvider":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:instance-metadata-tags-propagation","ecs:propagate-tags"],"resources":[{"name":"capacity-provider"}],"description":"Grants permission to update the specified capacity provider","accessLevel":"Write","resourceTypes":[{"name":"capacity-provider","required":true}]},"UpdateCluster":{"conditionKeys":["ecs:fargate-ephemeral-storage-kms-key"],"resources":[{"name":"cluster"}],"description":"Grants permission to modify the configuration or settings to use for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"UpdateClusterSettings":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to modify the settings to use for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"UpdateContainerAgent":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster"],"resources":[{"name":"container-instance"}],"description":"Grants permission to update the Amazon ECS container agent on a specified container instance","accessLevel":"Write","resourceTypes":[{"name":"container-instance","required":true}]},"UpdateContainerInstancesState":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster"],"resources":[{"name":"container-instance"}],"description":"Grants permission to the user to modify the status of an Amazon ECS container instance","accessLevel":"Write","resourceTypes":[{"name":"container-instance","required":true}]},"UpdateExpressGatewayService":{"conditionKeys":["ecs:enable-ecs-managed-tags","ecs:propagate-tags","ecs:subnet","ecs:task-cpu","ecs:task-memory"],"resources":[{"name":"service"}],"description":"Grants permission to modify the parameters of an Express Gateway service","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]},"UpdateService":{"conditionKeys":["ecs:auto-assign-public-ip","ecs:capacity-provider","ecs:enable-ebs-volumes","ecs:enable-ecs-managed-tags","ecs:enable-execute-command","ecs:enable-service-connect","ecs:enable-vpc-lattice","ecs:namespace","ecs:propagate-tags","ecs:subnet","ecs:task-cpu","ecs:task-definition","ecs:task-memory"],"resources":[{"name":"service"}],"description":"Grants permission to modify the parameters of a service","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]},"UpdateServicePrimaryTaskSet":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster"],"resources":[{"name":"service"}],"description":"Grants permission to modify the primary task set used in a service","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]},"UpdateTaskProtection":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster"],"resources":[{"name":"task"}],"description":"Grants permission to modify the protection status of a task","accessLevel":"Write","resourceTypes":[{"name":"task","required":true}]},"UpdateTaskSet":{"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster","ecs:service"],"resources":[{"name":"task-set"}],"description":"Grants permission to update the specified task set","accessLevel":"Write","resourceTypes":[{"name":"task-set","required":true}]}},"resources":[{"name":"capacity-provider","arnFormats":["arn:${Partition}:ecs:${Region}:${Account}:capacity-provider/${CapacityProviderName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:ResourceTag/${TagKey}"]},{"name":"cluster","arnFormats":["arn:${Partition}:ecs:${Region}:${Account}:cluster/${ClusterName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:ResourceTag/${TagKey}"]},{"name":"container-instance","arnFormats":["arn:${Partition}:ecs:${Region}:${Account}:container-instance/${ClusterName}/${ContainerInstanceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:ResourceTag/${TagKey}"]},{"name":"service","arnFormats":["arn:${Partition}:ecs:${Region}:${Account}:service/${ClusterName}/${ServiceName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:ResourceTag/${TagKey}"]},{"name":"service-deployment","arnFormats":["arn:${Partition}:ecs:${Region}:${Account}:service-deployment/${ClusterName}/${ServiceName}/${ServiceDeploymentId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster","ecs:service"]},{"name":"service-revision","arnFormats":["arn:${Partition}:ecs:${Region}:${Account}:service-revision/${ClusterName}/${ServiceName}/${ServiceRevisionId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:cluster","ecs:service"]},{"name":"task","arnFormats":["arn:${Partition}:ecs:${Region}:${Account}:task/${ClusterName}/${TaskId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:ResourceTag/${TagKey}"]},{"name":"task-definition","arnFormats":["arn:${Partition}:ecs:${Region}:${Account}:task-definition/${TaskDefinitionFamilyName}:${TaskDefinitionRevisionNumber}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:ResourceTag/${TagKey}"]},{"name":"task-set","arnFormats":["arn:${Partition}:ecs:${Region}:${Account}:task-set/${ClusterName}/${ServiceName}/${TaskSetId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ecs:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"},"ecs:CreateAction":{"types":["String"],"description":"Filters access by the name of a resource-creating API action"},"ecs:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tag key-value pairs attached to the resource"},"ecs:account-setting":{"types":["String"],"description":"Filters access by the Amazon ECS account setting name"},"ecs:auto-assign-public-ip":{"types":["Bool"],"description":"Filters access by the public IP assignment configuration of your Amazon ECS task or Amazon ECS service that uses awsvpc network mode"},"ecs:capacity-provider":{"types":["ArrayOfARN"],"description":"Filters access by the ARN of an Amazon ECS capacity provider"},"ecs:cluster":{"types":["ARN"],"description":"Filters access by the ARN of an Amazon ECS cluster"},"ecs:compute-compatibility":{"types":["ArrayOfString"],"description":"Filters access by the required compatibilities field provided in the request"},"ecs:container-instances":{"types":["ARN"],"description":"Filters access by the ARN of an Amazon ECS container instance"},"ecs:container-name":{"types":["String"],"description":"Filters access by the name of an Amazon ECS container which is defined in the ECS task definition"},"ecs:enable-ebs-volumes":{"types":["String"],"description":"Filters access by the Amazon ECS managed Amazon EBS volume capability of your ECS task or service"},"ecs:enable-ecs-managed-tags":{"types":["Bool"],"description":"Filters access by the enableECSManagedTags configuration of your Amazon ECS task or Amazon ECS service"},"ecs:enable-execute-command":{"types":["String"],"description":"Filters access by the execute-command capability of your Amazon ECS task or Amazon ECS service"},"ecs:enable-service-connect":{"types":["String"],"description":"Filters access by the enable field value in the Service Connect configuration"},"ecs:enable-vpc-lattice":{"types":["String"],"description":"Filters access by the VPC lattice capability of your Amazon ECS service"},"ecs:fargate-ephemeral-storage-kms-key":{"types":["String"],"description":"Filters access by the AWS KMS key id provided in the request"},"ecs:instance-metadata-tags-propagation":{"types":["Bool"],"description":"Filters access by the instance metadata tags propagation setting of your Amazon ECS capacity provider"},"ecs:namespace":{"types":["ARN"],"description":"Filters access by the ARN of AWS Cloud Map namespace which is defined in the Service Connect Configuration"},"ecs:privileged":{"types":["String"],"description":"Filters access by the privileged field provided in the request"},"ecs:propagate-tags":{"types":["String"],"description":"Filters access by the tag propagation configuration of your Amazon ECS task or Amazon ECS service"},"ecs:service":{"types":["ARN"],"description":"Filters access by the ARN of an Amazon ECS service"},"ecs:subnet":{"types":["ArrayOfString"],"description":"Filters access by the subnet configuration of your Amazon ECS task or Amazon ECS service that uses awsvpc network mode"},"ecs:task":{"types":["ARN"],"description":"Filters access by the ARN of an Amazon ECS task"},"ecs:task-cpu":{"types":["Numeric"],"description":"Filters access by the task cpu, as an integer with 1024 = 1 vCPU, provided in the request"},"ecs:task-definition":{"types":["ARN"],"description":"Filters access by the ARN of an Amazon ECS task definition"},"ecs:task-memory":{"types":["Numeric"],"description":"Filters access by the task memory, as an integer representing MiB, provided in the request"}}}
package/src/data/servicereference/services/eks-auth.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"eks-auth","actions":{"AssumeRoleForPodIdentity":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to exchange a Kubernetes service account token for temporary AWS credentials","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}]}},"resources":[{"name":"cluster","arnFormats":["arn:${Partition}:eks:${Region}:${Account}:cluster/${ClusterName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by a tag key and value pair"}}}
package/src/data/servicereference/services/eks-mcp.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"eks-mcp","actions":{"CallPrivilegedTool":{"conditionKeys":[],"resources":[],"description":"Grants permission to call privileged tools in MCP service","accessLevel":"Write","resourceTypes":[]},"CallReadOnlyTool":{"conditionKeys":[],"resources":[],"description":"Grants permission to call read-only tools in MCP service","accessLevel":"Read","resourceTypes":[]},"InvokeMcp":{"conditionKeys":[],"resources":[],"description":"Grants permission to use MCP service","accessLevel":"Read","resourceTypes":[]}},"resources":[],"conditionKeys":{}}
package/src/data/servicereference/services/eks.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"eks","actions":{"AccessKubernetesApi":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to view Kubernetes objects via AWS EKS console","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}],"permissionOnly":true},"AssociateAccessPolicy":{"conditionKeys":["eks:accessScope","eks:namespaces","eks:policyArn"],"resources":[{"name":"access-entry"}],"description":"Grants permission to associate an Amazon EKS access policy to an Amazon EKS access entry","accessLevel":"Write","resourceTypes":[{"name":"access-entry","required":true}]},"AssociateEncryptionConfig":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to associate encryption configuration to a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"AssociateIdentityProviderConfig":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","eks:clientId","eks:issuerUrl"],"resources":[{"name":"cluster"}],"description":"Grants permission to associate an identity provider configuration to a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"CreateAccessEntry":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","eks:accessEntryType","eks:kubernetesGroups","eks:principalArn","eks:username"],"resources":[{"name":"cluster"}],"description":"Grants permission to create an Amazon EKS access entry","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"CreateAddon":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"},{"name":"podidentityassociation"}],"description":"Grants permission to create an Amazon EKS add-on","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"podidentityassociation","required":false}]},"CreateCapability":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"}],"description":"Grants permission to create a capability for an Amazon EKS cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"CreateCluster":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","eks:authenticationMode","eks:blockStorageEnabled","eks:bootstrapClusterCreatorAdminPermissions","eks:bootstrapSelfManagedAddons","eks:computeConfigEnabled","eks:elasticLoadBalancingEnabled","eks:loggingType/${type}","eks:supportType"],"resources":[],"description":"Grants permission to create an Amazon EKS cluster","accessLevel":"Write","resourceTypes":[]},"CreateEksAnywhereSubscription":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create an EKS Anywhere subscription","accessLevel":"Write","resourceTypes":[]},"CreateFargateProfile":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"}],"description":"Grants permission to create an AWS Fargate profile","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"CreateNodegroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"}],"description":"Grants permission to create an Amazon EKS Nodegroup","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"CreatePodIdentityAssociation":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"}],"description":"Grants permission to create an EKS Pod Identity association","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"DeleteAccessEntry":{"conditionKeys":[],"resources":[{"name":"access-entry"}],"description":"Grants permission to delete an Amazon EKS access entry","accessLevel":"Write","resourceTypes":[{"name":"access-entry","required":true}]},"DeleteAddon":{"conditionKeys":[],"resources":[{"name":"addon"},{"name":"podidentityassociation"}],"description":"Grants permission to delete an Amazon EKS add-on","accessLevel":"Write","resourceTypes":[{"name":"addon","required":true},{"name":"podidentityassociation","required":false}]},"DeleteCapability":{"conditionKeys":[],"resources":[{"name":"capability"}],"description":"Grants permission to delete a capability from an Amazon EKS cluster","accessLevel":"Write","resourceTypes":[{"name":"capability","required":true}]},"DeleteCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to delete an Amazon EKS cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"DeleteEksAnywhereSubscription":{"conditionKeys":[],"resources":[{"name":"eks-anywhere-subscription"}],"description":"Grants permission to describe an EKS Anywhere subscription","accessLevel":"Write","resourceTypes":[{"name":"eks-anywhere-subscription","required":true}]},"DeleteFargateProfile":{"conditionKeys":[],"resources":[{"name":"fargateprofile"}],"description":"Grants permission to delete an AWS Fargate profile","accessLevel":"Write","resourceTypes":[{"name":"fargateprofile","required":true}]},"DeleteNodegroup":{"conditionKeys":[],"resources":[{"name":"nodegroup"}],"description":"Grants permission to delete an Amazon EKS Nodegroup","accessLevel":"Write","resourceTypes":[{"name":"nodegroup","required":true}]},"DeletePodIdentityAssociation":{"conditionKeys":[],"resources":[{"name":"podidentityassociation"}],"description":"Grants permission to delete an EKS Pod Identity association","accessLevel":"Write","resourceTypes":[{"name":"podidentityassociation","required":true}]},"DeregisterCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to deregister an External cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"DescribeAccessEntry":{"conditionKeys":[],"resources":[{"name":"access-entry"}],"description":"Grants permission to describe an Amazon EKS access entry","accessLevel":"Read","resourceTypes":[{"name":"access-entry","required":true}]},"DescribeAddon":{"conditionKeys":[],"resources":[{"name":"addon"}],"description":"Grants permission to retrieve descriptive information about an Amazon EKS add-on","accessLevel":"Read","resourceTypes":[{"name":"addon","required":true}]},"DescribeAddonConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to list configuration options about an Amazon EKS add-on","accessLevel":"Read","resourceTypes":[]},"DescribeAddonVersions":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve descriptive version information about the add-ons that Amazon EKS Add-ons supports","accessLevel":"Read","resourceTypes":[]},"DescribeCapability":{"conditionKeys":[],"resources":[{"name":"capability"}],"description":"Grants permission to describe a capability for an Amazon EKS cluster","accessLevel":"Read","resourceTypes":[{"name":"capability","required":true}]},"DescribeCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to retrieve descriptive information about an Amazon EKS cluster","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}]},"DescribeClusterVersions":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve descriptive information about Kubernetes versions that Amazon EKS clusters support","accessLevel":"Read","resourceTypes":[]},"DescribeEksAnywhereSubscription":{"conditionKeys":[],"resources":[{"name":"eks-anywhere-subscription"}],"description":"Grants permission to describe an EKS Anywhere subscription","accessLevel":"Read","resourceTypes":[{"name":"eks-anywhere-subscription","required":true}]},"DescribeFargateProfile":{"conditionKeys":[],"resources":[{"name":"fargateprofile"}],"description":"Grants permission to retrieve descriptive information about an AWS Fargate profile associated with a cluster","accessLevel":"Read","resourceTypes":[{"name":"fargateprofile","required":true}]},"DescribeIdentityProviderConfig":{"conditionKeys":[],"resources":[{"name":"identityproviderconfig"}],"description":"Grants permission to retrieve descriptive information about an Idp config associated with a cluster","accessLevel":"Read","resourceTypes":[{"name":"identityproviderconfig","required":true}]},"DescribeInsight":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to retrieve descriptive information of a detected insight for a specified cluster","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}]},"DescribeInsightsRefresh":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to retrieve the status of the latest on-demand cluster insights refresh operation","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}]},"DescribeNodegroup":{"conditionKeys":[],"resources":[{"name":"nodegroup"}],"description":"Grants permission to retrieve descriptive information about an Amazon EKS nodegroup","accessLevel":"Read","resourceTypes":[{"name":"nodegroup","required":true}]},"DescribePodIdentityAssociation":{"conditionKeys":[],"resources":[{"name":"podidentityassociation"}],"description":"Grants permission to describe an EKS Pod Identity association","accessLevel":"Read","resourceTypes":[{"name":"podidentityassociation","required":true}]},"DescribeUpdate":{"conditionKeys":[],"resources":[{"name":"addon"},{"name":"capability"},{"name":"cluster"},{"name":"nodegroup"}],"description":"Grants permission to retrieve a given update for a given Amazon EKS cluster/nodegroup/add-on (in the specified or default region)","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true},{"name":"addon","required":false},{"name":"capability","required":false},{"name":"nodegroup","required":false}]},"DisassociateAccessPolicy":{"conditionKeys":["eks:accessScope","eks:namespaces","eks:policyArn"],"resources":[{"name":"access-entry"}],"description":"Grants permission to disassociate an Amazon EKS access policy from an Amazon EKS acces entry","accessLevel":"Write","resourceTypes":[{"name":"access-entry","required":true}]},"DisassociateIdentityProviderConfig":{"conditionKeys":[],"resources":[{"name":"identityproviderconfig"}],"description":"Grants permission to delete an asssociated Idp config","accessLevel":"Write","resourceTypes":[{"name":"identityproviderconfig","required":true}]},"ListAccessEntries":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to list all Amazon EKS access entries","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListAccessPolicies":{"conditionKeys":[],"resources":[],"description":"Grants permission to list Amazon EKS access policies","accessLevel":"List","resourceTypes":[]},"ListAddons":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to list the Amazon EKS add-ons in your AWS account (in the specified or default region) for a given cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListAssociatedAccessPolicies":{"conditionKeys":[],"resources":[{"name":"access-entry"}],"description":"Grants permission to list associated access policy on and Amazon EKS access entry","accessLevel":"List","resourceTypes":[{"name":"access-entry","required":true}]},"ListCapabilities":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to list capabilities for an Amazon EKS cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListClusters":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the Amazon EKS clusters in your AWS account (in the specified or default region)","accessLevel":"List","resourceTypes":[]},"ListDashboardData":{"conditionKeys":[],"resources":[{"name":"dashboard"}],"description":"Grants permission to list dashboard data. The Amazon EKS Dashboard aggregates information about cluster resources across multiple accounts and regions. The dashboard includes information about EC2 Instances and EKS Cluster versions","accessLevel":"Read","resourceTypes":[{"name":"dashboard","required":true}]},"ListDashboardResources":{"conditionKeys":[],"resources":[{"name":"dashboard"}],"description":"Grants permission to list dashboard resources. The Amazon EKS Dashboard aggregates information about cluster resources across multiple accounts and regions. The dashboard includes information about EC2 Instances and EKS Cluster versions","accessLevel":"Read","resourceTypes":[{"name":"dashboard","required":true}]},"ListEksAnywhereSubscriptions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list EKS Anywhere subscriptions","accessLevel":"List","resourceTypes":[]},"ListFargateProfiles":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to list the AWS Fargate profiles in your AWS account (in the specified or default region) associated with a given cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListIdentityProviderConfigs":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to list the Idp configs in your AWS account (in the specified or default region) associated with a given cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListInsights":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to list all detected insights for a specified cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListNodegroups":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to list the Amazon EKS nodegroups in your AWS account (in the specified or default region) attached to given cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListPodIdentityAssociations":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to list EKS Pod Identity associations","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"addon"},{"name":"capability"},{"name":"cluster"},{"name":"dashboard"},{"name":"eks-anywhere-subscription"},{"name":"fargateprofile"},{"name":"identityproviderconfig"},{"name":"nodegroup"}],"description":"Grants permission to list tags for the specified resource","accessLevel":"Read","resourceTypes":[{"name":"addon","required":false},{"name":"capability","required":false},{"name":"cluster","required":false},{"name":"dashboard","required":false},{"name":"eks-anywhere-subscription","required":false},{"name":"fargateprofile","required":false},{"name":"identityproviderconfig","required":false},{"name":"nodegroup","required":false}]},"ListUpdates":{"conditionKeys":[],"resources":[{"name":"addon"},{"name":"capability"},{"name":"cluster"},{"name":"nodegroup"}],"description":"Grants permission to list the updates for a given Amazon EKS cluster/nodegroup/add-on (in the specified or default region)","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true},{"name":"addon","required":false},{"name":"capability","required":false},{"name":"nodegroup","required":false}]},"MutateViaKubernetesApi":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to modify Kubernetes objects via AWS console","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["eks:AccessKubernetesApi"],"permissionOnly":true},"RegisterCluster":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to register an External cluster","accessLevel":"Write","resourceTypes":[]},"StartInsightsRefresh":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to initiate an on-demand refresh operation for cluster insights, getting the latest analysis outside of the standard refresh schedule","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"access-entry"},{"name":"addon"},{"name":"capability"},{"name":"cluster"},{"name":"dashboard"},{"name":"eks-anywhere-subscription"},{"name":"fargateprofile"},{"name":"identityproviderconfig"},{"name":"nodegroup"},{"name":"podidentityassociation"}],"description":"Grants permission to tag the specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"access-entry","required":false},{"name":"addon","required":false},{"name":"capability","required":false},{"name":"cluster","required":false},{"name":"dashboard","required":false},{"name":"eks-anywhere-subscription","required":false},{"name":"fargateprofile","required":false},{"name":"identityproviderconfig","required":false},{"name":"nodegroup","required":false},{"name":"podidentityassociation","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"access-entry"},{"name":"addon"},{"name":"capability"},{"name":"cluster"},{"name":"dashboard"},{"name":"eks-anywhere-subscription"},{"name":"fargateprofile"},{"name":"identityproviderconfig"},{"name":"nodegroup"},{"name":"podidentityassociation"}],"description":"Grants permission to untag the specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"access-entry","required":false},{"name":"addon","required":false},{"name":"capability","required":false},{"name":"cluster","required":false},{"name":"dashboard","required":false},{"name":"eks-anywhere-subscription","required":false},{"name":"fargateprofile","required":false},{"name":"identityproviderconfig","required":false},{"name":"nodegroup","required":false},{"name":"podidentityassociation","required":false}]},"UpdateAccessEntry":{"conditionKeys":[],"resources":[{"name":"access-entry"}],"description":"Grants permission to update an Amazon EKS access entry","accessLevel":"Write","resourceTypes":[{"name":"access-entry","required":true}]},"UpdateAddon":{"conditionKeys":[],"resources":[{"name":"addon"},{"name":"podidentityassociation"}],"description":"Grants permission to update Amazon EKS add-on configurations, such as the VPC-CNI version","accessLevel":"Write","resourceTypes":[{"name":"addon","required":true},{"name":"podidentityassociation","required":false}]},"UpdateCapability":{"conditionKeys":[],"resources":[{"name":"capability"}],"description":"Grants permission to update a capability for an Amazon EKS cluster","accessLevel":"Write","resourceTypes":[{"name":"capability","required":true}]},"UpdateClusterConfig":{"conditionKeys":["eks:authenticationMode","eks:blockStorageEnabled","eks:computeConfigEnabled","eks:elasticLoadBalancingEnabled","eks:loggingType/${type}","eks:supportType"],"resources":[{"name":"cluster"}],"description":"Grants permission to update Amazon EKS cluster configurations (eg: API server endpoint access)","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"UpdateClusterVersion":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to update the Kubernetes version of an Amazon EKS cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"UpdateEksAnywhereSubscription":{"conditionKeys":[],"resources":[{"name":"eks-anywhere-subscription"}],"description":"Grants permission to update an EKS Anywhere subscription","accessLevel":"Write","resourceTypes":[{"name":"eks-anywhere-subscription","required":true}]},"UpdateNodegroupConfig":{"conditionKeys":[],"resources":[{"name":"nodegroup"}],"description":"Grants permission to update Amazon EKS nodegroup configurations (eg: min/max/desired capacity or labels)","accessLevel":"Write","resourceTypes":[{"name":"nodegroup","required":true}]},"UpdateNodegroupVersion":{"conditionKeys":[],"resources":[{"name":"nodegroup"}],"description":"Grants permission to update the Kubernetes version of an Amazon EKS nodegroup","accessLevel":"Write","resourceTypes":[{"name":"nodegroup","required":true}]},"UpdatePodIdentityAssociation":{"conditionKeys":[],"resources":[{"name":"podidentityassociation"}],"description":"Grants permission to update an EKS Pod Identity association","accessLevel":"Write","resourceTypes":[{"name":"podidentityassociation","required":true}]}},"resources":[{"name":"access-entry","arnFormats":["arn:${Partition}:eks:${Region}:${Account}:access-entry/${ClusterName}/${IamIdentityType}/${IamIdentityAccountID}/${IamIdentityName}/${UUID}"],"conditionKeys":["aws:ResourceTag/${TagKey}","eks:accessEntryType","eks:clusterName","eks:kubernetesGroups","eks:principalArn","eks:username"]},{"name":"access-policy","arnFormats":["arn:${Partition}:eks::aws:cluster-access-policy/${AccessPolicyName}"],"conditionKeys":[]},{"name":"addon","arnFormats":["arn:${Partition}:eks:${Region}:${Account}:addon/${ClusterName}/${AddonName}/${UUID}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"capability","arnFormats":["arn:${Partition}:eks:${Region}:${Account}:capability/${ClusterName}/${CapabilityType}/${CapabilityName}/${UUID}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"cluster","arnFormats":["arn:${Partition}:eks:${Region}:${Account}:cluster/${ClusterName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"dashboard","arnFormats":["arn:${Partition}:eks:${Region}:${Account}:dashboard/${DashboardName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"eks-anywhere-subscription","arnFormats":["arn:${Partition}:eks:${Region}:${Account}:eks-anywhere-subscription/${UUID}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"fargateprofile","arnFormats":["arn:${Partition}:eks:${Region}:${Account}:fargateprofile/${ClusterName}/${FargateProfileName}/${UUID}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"identityproviderconfig","arnFormats":["arn:${Partition}:eks:${Region}:${Account}:identityproviderconfig/${ClusterName}/${IdentityProviderType}/${IdentityProviderConfigName}/${UUID}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"nodegroup","arnFormats":["arn:${Partition}:eks:${Region}:${Account}:nodegroup/${ClusterName}/${NodegroupName}/${UUID}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"podidentityassociation","arnFormats":["arn:${Partition}:eks:${Region}:${Account}:podidentityassociation/${ClusterName}/${UUID}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by a key that is present in the request the user makes to the EKS service"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by a tag key and value pair"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the list of all the tag key names present in the request the user makes to the EKS service"},"eks:accessEntryType":{"types":["String"],"description":"Filters access by the access entry type present in the access entry requests the user makes to the EKS service"},"eks:accessScope":{"types":["String"],"description":"Filters access by the accessScope present in the associate / disassociate access policy requests the user makes to the EKS service"},"eks:authenticationMode":{"types":["String"],"description":"Filters access by the authenticationMode present in the create / update cluster request"},"eks:blockStorageEnabled":{"types":["Bool"],"description":"Filters access by the block storage enabled parameter in the create / update cluster request"},"eks:bootstrapClusterCreatorAdminPermissions":{"types":["Bool"],"description":"Filters access by the bootstrapClusterCreatorAdminPermissions present in the create cluster request"},"eks:bootstrapSelfManagedAddons":{"types":["Bool"],"description":"Filters access by the bootstrapSelfManagedAddons present in the create cluster request"},"eks:clientId":{"types":["String"],"description":"Filters access by the clientId present in the associateIdentityProviderConfig request the user makes to the EKS service"},"eks:clusterName":{"types":["String"],"description":"Filters access by the clusterName present in the access entry requests the user makes to the EKS service"},"eks:computeConfigEnabled":{"types":["Bool"],"description":"Filters access by the compute config enabled parameter in the create / update cluster request"},"eks:elasticLoadBalancingEnabled":{"types":["Bool"],"description":"Filters access by the elastic load balancing enabled parameter in the create / update cluster request"},"eks:issuerUrl":{"types":["String"],"description":"Filters access by the issuerUrl present in the associateIdentityProviderConfig request the user makes to the EKS service"},"eks:kubernetesGroups":{"types":["ArrayOfString"],"description":"Filters access by the kubernetesGroups present in the access entry requests the user makes to the EKS service"},"eks:loggingType/${type}":{"types":["Bool"],"description":"Filters access by the cluster logging enabled and type parameter in the create / update cluster request"},"eks:namespaces":{"types":["ArrayOfString"],"description":"Filters access by the namespaces present in the associate / disassociate access policy requests the user makes to the EKS service"},"eks:policyArn":{"types":["ARN"],"description":"Filters access by the policyArn present in the access entry requests the user makes to the EKS service"},"eks:principalArn":{"types":["ARN"],"description":"Filters access by the principalArn present in the access entry requests requests the user makes to the EKS service"},"eks:supportType":{"types":["String"],"description":"Filters access by the supportType present in the create / update cluster request"},"eks:username":{"types":["String"],"description":"Filters access by the Kubernetes username present in the access entry requests the user makes to the EKS service"}}}
package/src/data/servicereference/services/elasticache.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"elasticache","actions":{"AddTagsToResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"},{"name":"parametergroup"},{"name":"replicationgroup"},{"name":"reserved-instance"},{"name":"securitygroup"},{"name":"serverlesscache"},{"name":"serverlesscachesnapshot"},{"name":"snapshot"},{"name":"subnetgroup"},{"name":"user"},{"name":"usergroup"}],"description":"Grants permission to add tags to an ElastiCache resource","accessLevel":"Tagging","resourceTypes":[{"name":"cluster","required":false},{"name":"parametergroup","required":false},{"name":"replicationgroup","required":false},{"name":"reserved-instance","required":false},{"name":"securitygroup","required":false},{"name":"serverlesscache","required":false},{"name":"serverlesscachesnapshot","required":false},{"name":"snapshot","required":false},{"name":"subnetgroup","required":false},{"name":"user","required":false},{"name":"usergroup","required":false}]},"AuthorizeCacheSecurityGroupIngress":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"securitygroup"}],"description":"Grants permission to authorize an EC2 security group on a ElastiCache security group","accessLevel":"Write","resourceTypes":[{"name":"securitygroup","required":true}],"dependentActions":["ec2:AuthorizeSecurityGroupIngress"]},"BatchApplyUpdateAction":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"replicationgroup"}],"description":"Grants permission to apply ElastiCache service updates to sets of clusters and replication groups","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":false},{"name":"replicationgroup","required":false}],"dependentActions":["ec2:CreateNetworkInterface","ec2:DeleteNetworkInterface","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs","s3:GetObject"]},"BatchStopUpdateAction":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"replicationgroup"}],"description":"Grants permission to stop ElastiCache service updates from being executed on a set of clusters","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":false},{"name":"replicationgroup","required":false}]},"CompleteMigration":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"replicationgroup"}],"description":"Grants permission to complete an online migration of data from hosted Redis on Amazon EC2 to ElastiCache","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":false},{"name":"replicationgroup","required":false}]},"Connect":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"replicationgroup"},{"name":"serverlesscache"},{"name":"user"}],"description":"Grants permission to connect as a specified ElastiCache user to an ElastiCache Replication Group or ElastiCache serverless cache","accessLevel":"Write","resourceTypes":[{"name":"user","required":true},{"name":"replicationgroup","required":false},{"name":"serverlesscache","required":false}]},"CopyServerlessCacheSnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"serverlesscachesnapshot"}],"description":"Grants permission to make a copy of an existing serverless cache snapshot","accessLevel":"Write","resourceTypes":[{"name":"serverlesscachesnapshot","required":true}],"dependentActions":["elasticache:AddTagsToResource"]},"CopySnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticache:KmsKeyId"],"resources":[{"name":"snapshot"}],"description":"Grants permission to make a copy of an existing snapshot","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}],"dependentActions":["elasticache:AddTagsToResource","s3:DeleteObject","s3:GetBucketAcl","s3:PutObject"]},"CreateCacheCluster":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"parametergroup"},{"name":"replicationgroup"},{"name":"securitygroup"},{"name":"snapshot"},{"name":"subnetgroup"}],"description":"Grants permission to create a cache cluster","accessLevel":"Write","resourceTypes":[{"name":"parametergroup","required":true},{"name":"cluster","required":false},{"name":"replicationgroup","required":false},{"name":"securitygroup","required":false},{"name":"snapshot","required":false},{"name":"subnetgroup","required":false}],"dependentActions":["ec2:CreateNetworkInterface","ec2:DeleteNetworkInterface","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs","elasticache:AddTagsToResource","s3:GetObject"]},"CreateCacheParameterGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticache:CacheParameterGroupName"],"resources":[{"name":"parametergroup"}],"description":"Grants permission to create a parameter group","accessLevel":"Write","resourceTypes":[{"name":"parametergroup","required":true}],"dependentActions":["elasticache:AddTagsToResource"]},"CreateCacheSecurityGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"securitygroup"}],"description":"Grants permission to create a cache security group","accessLevel":"Write","resourceTypes":[{"name":"securitygroup","required":true}],"dependentActions":["elasticache:AddTagsToResource"]},"CreateCacheSubnetGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"subnetgroup"}],"description":"Grants permission to create a cache subnet group","accessLevel":"Write","resourceTypes":[{"name":"subnetgroup","required":true}],"dependentActions":["elasticache:AddTagsToResource"]},"CreateGlobalReplicationGroup":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"globalreplicationgroup"},{"name":"replicationgroup"}],"description":"Grants permission to create a global replication group","accessLevel":"Write","resourceTypes":[{"name":"globalreplicationgroup","required":true},{"name":"replicationgroup","required":true}]},"CreateReplicationGroup":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"globalreplicationgroup"},{"name":"parametergroup"},{"name":"replicationgroup"},{"name":"securitygroup"},{"name":"snapshot"},{"name":"subnetgroup"},{"name":"usergroup"}],"description":"Grants permission to create a replication group","accessLevel":"Write","resourceTypes":[{"name":"parametergroup","required":true},{"name":"cluster","required":false},{"name":"globalreplicationgroup","required":false},{"name":"replicationgroup","required":false},{"name":"securitygroup","required":false},{"name":"snapshot","required":false},{"name":"subnetgroup","required":false},{"name":"usergroup","required":false}],"dependentActions":["ec2:CreateNetworkInterface","ec2:DeleteNetworkInterface","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs","elasticache:AddTagsToResource","s3:GetObject"]},"CreateServerlessCache":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"serverlesscache"},{"name":"serverlesscachesnapshot"},{"name":"snapshot"},{"name":"usergroup"}],"description":"Grants permission to create a serverless cache","accessLevel":"Write","resourceTypes":[{"name":"serverlesscache","required":true},{"name":"serverlesscachesnapshot","required":false},{"name":"snapshot","required":false},{"name":"usergroup","required":false}],"dependentActions":["ec2:CreateTags","ec2:CreateVpcEndpoint","ec2:DeleteVpcEndpoints","ec2:DescribeSecurityGroups","ec2:DescribeSubnets","ec2:DescribeTags","ec2:DescribeVpcEndpoints","ec2:DescribeVpcs","elasticache:AddTagsToResource","s3:GetObject"]},"CreateServerlessCacheSnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"serverlesscache"},{"name":"serverlesscachesnapshot"}],"description":"Grants permission to create a copy of a serverless cache at a specific moment in time","accessLevel":"Write","resourceTypes":[{"name":"serverlesscache","required":true},{"name":"serverlesscachesnapshot","required":true}],"dependentActions":["elasticache:AddTagsToResource"]},"CreateSnapshot":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"replicationgroup"},{"name":"snapshot"}],"description":"Grants permission to create a copy of an entire Redis cluster at a specific moment in time","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true},{"name":"cluster","required":false},{"name":"replicationgroup","required":false}],"dependentActions":["elasticache:AddTagsToResource","s3:DeleteObject","s3:GetBucketAcl","s3:PutObject"]},"CreateUser":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticache:UserAuthenticationMode"],"resources":[{"name":"user"}],"description":"Grants permission to create a user for Redis. Users are supported from Redis 6.0 onwards","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}],"dependentActions":["elasticache:AddTagsToResource"]},"CreateUserGroup":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"user"},{"name":"usergroup"}],"description":"Grants permission to create a user group for Redis. Groups are supported from Redis 6.0 onwards","accessLevel":"Write","resourceTypes":[{"name":"user","required":true},{"name":"usergroup","required":true}],"dependentActions":["elasticache:AddTagsToResource"]},"DecreaseNodeGroupsInGlobalReplicationGroup":{"conditionKeys":["elasticache:NumNodeGroups"],"resources":[{"name":"globalreplicationgroup"}],"description":"Grants permission to decrease the number of node groups in global replication groups","accessLevel":"Write","resourceTypes":[{"name":"globalreplicationgroup","required":true}]},"DecreaseReplicaCount":{"conditionKeys":["aws:ResourceTag/${TagKey}","elasticache:ReplicasPerNodeGroup"],"resources":[{"name":"replicationgroup"}],"description":"Grants permission to decrease the number of replicas in a Redis (cluster mode disabled) replication group or the number of replica nodes in one or more node groups (shards) of a Redis (cluster mode enabled) replication group","accessLevel":"Write","resourceTypes":[{"name":"replicationgroup","required":true}],"dependentActions":["ec2:CreateNetworkInterface","ec2:DeleteNetworkInterface","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs"]},"DeleteCacheCluster":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"snapshot"}],"description":"Grants permission to delete a previously provisioned cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"snapshot","required":false}],"dependentActions":["ec2:CreateNetworkInterface","ec2:DeleteNetworkInterface","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs"]},"DeleteCacheParameterGroup":{"conditionKeys":["aws:ResourceTag/${TagKey}","elasticache:CacheParameterGroupName"],"resources":[{"name":"parametergroup"}],"description":"Grants permission to delete the specified cache parameter group","accessLevel":"Write","resourceTypes":[{"name":"parametergroup","required":true}]},"DeleteCacheSecurityGroup":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"securitygroup"}],"description":"Grants permission to delete a cache security group","accessLevel":"Write","resourceTypes":[{"name":"securitygroup","required":true}]},"DeleteCacheSubnetGroup":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"subnetgroup"}],"description":"Grants permission to delete a cache subnet group","accessLevel":"Write","resourceTypes":[{"name":"subnetgroup","required":true}],"dependentActions":["ec2:CreateNetworkInterface","ec2:DeleteNetworkInterface","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs"]},"DeleteGlobalReplicationGroup":{"conditionKeys":[],"resources":[{"name":"globalreplicationgroup"}],"description":"Grants permission to delete an existing global replication group","accessLevel":"Write","resourceTypes":[{"name":"globalreplicationgroup","required":true}]},"DeleteReplicationGroup":{"conditionKeys":[],"resources":[{"name":"replicationgroup"},{"name":"snapshot"}],"description":"Grants permission to delete an existing replication group","accessLevel":"Write","resourceTypes":[{"name":"replicationgroup","required":true},{"name":"snapshot","required":false}],"dependentActions":["ec2:CreateNetworkInterface","ec2:DeleteNetworkInterface","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs"]},"DeleteServerlessCache":{"conditionKeys":[],"resources":[{"name":"serverlesscache"},{"name":"serverlesscachesnapshot"}],"description":"Grants permission to delete a serverless cache","accessLevel":"Write","resourceTypes":[{"name":"serverlesscache","required":true},{"name":"serverlesscachesnapshot","required":false}],"dependentActions":["ec2:DescribeTags"]},"DeleteServerlessCacheSnapshot":{"conditionKeys":[],"resources":[{"name":"serverlesscachesnapshot"}],"description":"Grants permission to delete a serverless cache snapshot","accessLevel":"Write","resourceTypes":[{"name":"serverlesscachesnapshot","required":true}]},"DeleteSnapshot":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"snapshot"}],"description":"Grants permission to delete an existing snapshot","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}]},"DeleteUser":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"user"}],"description":"Grants permission to delete an existing user and thus remove it from all user groups and replication groups where it was assigned","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"DeleteUserGroup":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"usergroup"}],"description":"Grants permission to delete an existing user group","accessLevel":"Write","resourceTypes":[{"name":"usergroup","required":true}]},"DescribeCacheClusters":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"cluster"}],"description":"Grants permission to list information about provisioned cache clusters","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"DescribeCacheEngineVersions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list available cache engines and their versions","accessLevel":"List","resourceTypes":[]},"DescribeCacheParameterGroups":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"parametergroup"}],"description":"Grants permission to list cache parameter group descriptions","accessLevel":"List","resourceTypes":[{"name":"parametergroup","required":true}]},"DescribeCacheParameters":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"parametergroup"}],"description":"Grants permission to retrieve the detailed parameter list for a particular cache parameter group","accessLevel":"List","resourceTypes":[{"name":"parametergroup","required":true}]},"DescribeCacheSecurityGroups":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"securitygroup"}],"description":"Grants permission to list cache security group descriptions","accessLevel":"List","resourceTypes":[{"name":"securitygroup","required":true}]},"DescribeCacheSubnetGroups":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"subnetgroup"}],"description":"Grants permission to list cache subnet group descriptions","accessLevel":"List","resourceTypes":[{"name":"subnetgroup","required":true}]},"DescribeEngineDefaultParameters":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the default engine and system parameter information for the specified cache engine","accessLevel":"List","resourceTypes":[]},"DescribeEvents":{"conditionKeys":[],"resources":[],"description":"Grants permission to list events related to clusters, cache security groups, and cache parameter groups","accessLevel":"List","resourceTypes":[]},"DescribeGlobalReplicationGroups":{"conditionKeys":[],"resources":[{"name":"globalreplicationgroup"}],"description":"Grants permission to list information about global replication groups","accessLevel":"List","resourceTypes":[{"name":"globalreplicationgroup","required":true}]},"DescribeReplicationGroups":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"replicationgroup"}],"description":"Grants permission to list information about provisioned replication groups","accessLevel":"List","resourceTypes":[{"name":"replicationgroup","required":true}]},"DescribeReservedCacheNodes":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"reserved-instance"}],"description":"Grants permission to list information about purchased reserved cache nodes","accessLevel":"List","resourceTypes":[{"name":"reserved-instance","required":true}]},"DescribeReservedCacheNodesOfferings":{"conditionKeys":[],"resources":[],"description":"Grants permission to list available reserved cache node offerings","accessLevel":"List","resourceTypes":[]},"DescribeServerlessCacheSnapshots":{"conditionKeys":[],"resources":[{"name":"serverlesscache"},{"name":"serverlesscachesnapshot"}],"description":"Grants permission to list information about serverless cache snapshots","accessLevel":"List","resourceTypes":[{"name":"serverlesscachesnapshot","required":true},{"name":"serverlesscache","required":false}]},"DescribeServerlessCaches":{"conditionKeys":[],"resources":[{"name":"serverlesscache"}],"description":"Grants permission to list serverless caches","accessLevel":"List","resourceTypes":[{"name":"serverlesscache","required":true}]},"DescribeServiceUpdates":{"conditionKeys":[],"resources":[],"description":"Grants permission to list details of the service updates","accessLevel":"List","resourceTypes":[]},"DescribeSnapshots":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"snapshot"}],"description":"Grants permission to list information about cluster or replication group snapshots","accessLevel":"List","resourceTypes":[{"name":"snapshot","required":true}]},"DescribeUpdateActions":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"replicationgroup"}],"description":"Grants permission to list details of the update actions for a set of clusters or replication groups","accessLevel":"List","resourceTypes":[{"name":"cluster","required":false},{"name":"replicationgroup","required":false}]},"DescribeUserGroups":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"usergroup"}],"description":"Grants permission to list information about Redis user groups","accessLevel":"List","resourceTypes":[{"name":"usergroup","required":true}]},"DescribeUsers":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"user"}],"description":"Grants permission to list information about Redis users","accessLevel":"List","resourceTypes":[{"name":"user","required":true}]},"DisassociateGlobalReplicationGroup":{"conditionKeys":[],"resources":[{"name":"globalreplicationgroup"}],"description":"Grants permission to remove a secondary replication group from the global replication group","accessLevel":"Write","resourceTypes":[{"name":"globalreplicationgroup","required":true}]},"ExportServerlessCacheSnapshot":{"conditionKeys":[],"resources":[{"name":"serverlesscachesnapshot"}],"description":"Grants permission to export a copy of a serverless cache at a specific moment in time to s3 bucket","accessLevel":"Write","resourceTypes":[{"name":"serverlesscachesnapshot","required":true}],"dependentActions":["s3:DeleteObject","s3:ListAllMyBuckets","s3:PutObject"]},"FailoverGlobalReplicationGroup":{"conditionKeys":[],"resources":[{"name":"globalreplicationgroup"}],"description":"Grants permission to failover the primary region to a selected secondary region of a global replication group","accessLevel":"Write","resourceTypes":[{"name":"globalreplicationgroup","required":true}]},"IncreaseNodeGroupsInGlobalReplicationGroup":{"conditionKeys":["elasticache:NumNodeGroups"],"resources":[{"name":"globalreplicationgroup"}],"description":"Grants permission to increase the number of node groups in a global replication group","accessLevel":"Write","resourceTypes":[{"name":"globalreplicationgroup","required":true}]},"IncreaseReplicaCount":{"conditionKeys":["aws:ResourceTag/${TagKey}","elasticache:ReplicasPerNodeGroup"],"resources":[{"name":"replicationgroup"}],"description":"Grants permission to increase the number of replicas in a Redis (cluster mode disabled) replication group or the number of replica nodes in one or more node groups (shards) of a Redis (cluster mode enabled) replication group","accessLevel":"Write","resourceTypes":[{"name":"replicationgroup","required":true}],"dependentActions":["ec2:CreateNetworkInterface","ec2:DeleteNetworkInterface","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs"]},"InterruptClusterAzPower":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"replicationgroup"}],"description":"Grants permission to test an AZ power interruption for an ElastiCache resource","accessLevel":"Write","resourceTypes":[{"name":"replicationgroup","required":true}],"permissionOnly":true},"ListAllowedNodeTypeModifications":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"replicationgroup"}],"description":"Grants permission to list available node type that can be used to scale a particular Redis cluster or replication group","accessLevel":"List","resourceTypes":[{"name":"cluster","required":false},{"name":"replicationgroup","required":false}]},"ListTagsForResource":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"parametergroup"},{"name":"replicationgroup"},{"name":"reserved-instance"},{"name":"securitygroup"},{"name":"serverlesscache"},{"name":"serverlesscachesnapshot"},{"name":"snapshot"},{"name":"subnetgroup"},{"name":"user"},{"name":"usergroup"}],"description":"Grants permission to list tags for an ElastiCache resource","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":false},{"name":"parametergroup","required":false},{"name":"replicationgroup","required":false},{"name":"reserved-instance","required":false},{"name":"securitygroup","required":false},{"name":"serverlesscache","required":false},{"name":"serverlesscachesnapshot","required":false},{"name":"snapshot","required":false},{"name":"subnetgroup","required":false},{"name":"user","required":false},{"name":"usergroup","required":false}]},"ModifyCacheCluster":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"parametergroup"},{"name":"securitygroup"}],"description":"Grants permission to modify settings for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"parametergroup","required":false},{"name":"securitygroup","required":false}]},"ModifyCacheParameterGroup":{"conditionKeys":["aws:ResourceTag/${TagKey}","elasticache:CacheParameterGroupName"],"resources":[{"name":"parametergroup"}],"description":"Grants permission to modify parameters of a cache parameter group","accessLevel":"Write","resourceTypes":[{"name":"parametergroup","required":true}]},"ModifyCacheSubnetGroup":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"subnetgroup"}],"description":"Grants permission to modify an existing cache subnet group","accessLevel":"Write","resourceTypes":[{"name":"subnetgroup","required":true}]},"ModifyGlobalReplicationGroup":{"conditionKeys":["elasticache:AutomaticFailoverEnabled","elasticache:CacheNodeType","elasticache:EngineVersion"],"resources":[{"name":"globalreplicationgroup"}],"description":"Grants permission to modify settings for a global replication group","accessLevel":"Write","resourceTypes":[{"name":"globalreplicationgroup","required":true}]},"ModifyReplicationGroup":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"parametergroup"},{"name":"replicationgroup"},{"name":"securitygroup"},{"name":"usergroup"}],"description":"Grants permission to modify the settings for a replication group","accessLevel":"Write","resourceTypes":[{"name":"replicationgroup","required":true},{"name":"parametergroup","required":false},{"name":"securitygroup","required":false},{"name":"usergroup","required":false}],"dependentActions":["ec2:CreateNetworkInterface","ec2:DeleteNetworkInterface","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs"]},"ModifyReplicationGroupShardConfiguration":{"conditionKeys":["aws:ResourceTag/${TagKey}","elasticache:NumNodeGroups"],"resources":[{"name":"replicationgroup"}],"description":"Grants permission to add shards, remove shards, or rebalance the keyspaces among existing shards of a replication group","accessLevel":"Write","resourceTypes":[{"name":"replicationgroup","required":true}],"dependentActions":["ec2:CreateNetworkInterface","ec2:DeleteNetworkInterface","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs"]},"ModifyServerlessCache":{"conditionKeys":[],"resources":[{"name":"serverlesscache"},{"name":"usergroup"}],"description":"Grants permission to modify parameters for a serverless cache","accessLevel":"Write","resourceTypes":[{"name":"serverlesscache","required":true},{"name":"usergroup","required":false}],"dependentActions":["ec2:DescribeSecurityGroups","ec2:DescribeTags"]},"ModifyUser":{"conditionKeys":["aws:ResourceTag/${TagKey}","elasticache:UserAuthenticationMode"],"resources":[{"name":"user"}],"description":"Grants permission to change Redis user password(s) and/or access string","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"ModifyUserGroup":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"user"},{"name":"usergroup"}],"description":"Grants permission to change list of users that belong to the user group","accessLevel":"Write","resourceTypes":[{"name":"user","required":true},{"name":"usergroup","required":true}]},"PurchaseReservedCacheNodesOffering":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"reserved-instance"}],"description":"Grants permission to purchase a reserved cache node offering","accessLevel":"Write","resourceTypes":[{"name":"reserved-instance","required":true}],"dependentActions":["elasticache:AddTagsToResource"]},"RebalanceSlotsInGlobalReplicationGroup":{"conditionKeys":[],"resources":[{"name":"globalreplicationgroup"}],"description":"Grants permission to perform a key space rebalance operation to redistribute slots and ensure uniform key distribution across existing shards in a global replication group","accessLevel":"Write","resourceTypes":[{"name":"globalreplicationgroup","required":true}]},"RebootCacheCluster":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"cluster"}],"description":"Grants permission to reboot some, or all, of the cache nodes within a provisioned cache cluster or replication group (cluster mode disabled)","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"RemoveTagsFromResource":{"conditionKeys":["aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"},{"name":"parametergroup"},{"name":"replicationgroup"},{"name":"reserved-instance"},{"name":"securitygroup"},{"name":"serverlesscache"},{"name":"serverlesscachesnapshot"},{"name":"snapshot"},{"name":"subnetgroup"},{"name":"user"},{"name":"usergroup"}],"description":"Grants permission to remove tags from a ElastiCache resource","accessLevel":"Tagging","resourceTypes":[{"name":"cluster","required":false},{"name":"parametergroup","required":false},{"name":"replicationgroup","required":false},{"name":"reserved-instance","required":false},{"name":"securitygroup","required":false},{"name":"serverlesscache","required":false},{"name":"serverlesscachesnapshot","required":false},{"name":"snapshot","required":false},{"name":"subnetgroup","required":false},{"name":"user","required":false},{"name":"usergroup","required":false}]},"ResetCacheParameterGroup":{"conditionKeys":["aws:ResourceTag/${TagKey}","elasticache:CacheParameterGroupName"],"resources":[{"name":"parametergroup"}],"description":"Grants permission to modify parameters of a cache parameter group back to their default values","accessLevel":"Write","resourceTypes":[{"name":"parametergroup","required":true}]},"RevokeCacheSecurityGroupIngress":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"securitygroup"}],"description":"Grants permission to remove an EC2 security group ingress from a ElastiCache security group","accessLevel":"Write","resourceTypes":[{"name":"securitygroup","required":true}]},"StartMigration":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"replicationgroup"}],"description":"Grants permission to start a migration of data from hosted Redis on Amazon EC2 to ElastiCache for Redis","accessLevel":"Write","resourceTypes":[{"name":"replicationgroup","required":true}]},"TestFailover":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"replicationgroup"}],"description":"Grants permission to test automatic failover on a specified node group in a replication group","accessLevel":"Write","resourceTypes":[{"name":"replicationgroup","required":true}],"dependentActions":["ec2:CreateNetworkInterface","ec2:DeleteNetworkInterface","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:DescribeVpcs"]},"TestMigration":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"replicationgroup"}],"description":"Grants permission to test a migration of data from hosted Redis on Amazon EC2 to ElastiCache for Redis","accessLevel":"Write","resourceTypes":[{"name":"replicationgroup","required":true}]}},"resources":[{"name":"cluster","arnFormats":["arn:${Partition}:elasticache:${Region}:${Account}:cluster:${CacheClusterId}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticache:AuthTokenEnabled","elasticache:CacheNodeType","elasticache:CacheParameterGroupName","elasticache:EngineType","elasticache:EngineVersion","elasticache:MultiAZEnabled","elasticache:SnapshotRetentionLimit"]},{"name":"globalreplicationgroup","arnFormats":["arn:${Partition}:elasticache::${Account}:globalreplicationgroup:${GlobalReplicationGroupId}"],"conditionKeys":["elasticache:AtRestEncryptionEnabled","elasticache:AuthTokenEnabled","elasticache:AutomaticFailoverEnabled","elasticache:CacheNodeType","elasticache:CacheParameterGroupName","elasticache:ClusterModeEnabled","elasticache:EngineType","elasticache:EngineVersion","elasticache:KmsKeyId","elasticache:MultiAZEnabled","elasticache:NumNodeGroups","elasticache:ReplicasPerNodeGroup","elasticache:SnapshotRetentionLimit","elasticache:TransitEncryptionEnabled"]},{"name":"parametergroup","arnFormats":["arn:${Partition}:elasticache:${Region}:${Account}:parametergroup:${CacheParameterGroupName}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticache:CacheParameterGroupName"]},{"name":"replicationgroup","arnFormats":["arn:${Partition}:elasticache:${Region}:${Account}:replicationgroup:${ReplicationGroupId}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticache:AtRestEncryptionEnabled","elasticache:AuthTokenEnabled","elasticache:AutomaticFailoverEnabled","elasticache:CacheNodeType","elasticache:CacheParameterGroupName","elasticache:ClusterModeEnabled","elasticache:EngineType","elasticache:EngineVersion","elasticache:KmsKeyId","elasticache:MultiAZEnabled","elasticache:NumNodeGroups","elasticache:ReplicasPerNodeGroup","elasticache:SnapshotRetentionLimit","elasticache:TransitEncryptionEnabled"]},{"name":"reserved-instance","arnFormats":["arn:${Partition}:elasticache:${Region}:${Account}:reserved-instance:${ReservedCacheNodeId}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"]},{"name":"securitygroup","arnFormats":["arn:${Partition}:elasticache:${Region}:${Account}:securitygroup:${CacheSecurityGroupName}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"]},{"name":"serverlesscache","arnFormats":["arn:${Partition}:elasticache:${Region}:${Account}:serverlesscache:${ServerlessCacheName}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticache:DataStorageUnit","elasticache:EngineType","elasticache:EngineVersion","elasticache:KmsKeyId","elasticache:MaximumDataStorage","elasticache:MaximumECPUPerSecond","elasticache:MinimumDataStorage","elasticache:MinimumECPUPerSecond","elasticache:SnapshotRetentionLimit"]},{"name":"serverlesscachesnapshot","arnFormats":["arn:${Partition}:elasticache:${Region}:${Account}:serverlesscachesnapshot:${ServerlessCacheSnapshotName}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticache:KmsKeyId"]},{"name":"snapshot","arnFormats":["arn:${Partition}:elasticache:${Region}:${Account}:snapshot:${SnapshotName}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticache:KmsKeyId"]},{"name":"subnetgroup","arnFormats":["arn:${Partition}:elasticache:${Region}:${Account}:subnetgroup:${CacheSubnetGroupName}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"]},{"name":"user","arnFormats":["arn:${Partition}:elasticache:${Region}:${Account}:user:${UserId}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticache:UserAuthenticationMode"]},{"name":"usergroup","arnFormats":["arn:${Partition}:elasticache:${Region}:${Account}:usergroup:${UserGroupId}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters actions based on the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters actions based on the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters actions based on the tag keys that are passed in the request"},"elasticache:AtRestEncryptionEnabled":{"types":["Bool"],"description":"Filters access by the AtRestEncryptionEnabled parameter present in the request or default false value if parameter is not present"},"elasticache:AuthTokenEnabled":{"types":["Bool"],"description":"Filters access by the presence of non empty AuthToken parameter in the request"},"elasticache:AutomaticFailoverEnabled":{"types":["Bool"],"description":"Filters access by the AutomaticFailoverEnabled parameter in the request"},"elasticache:CacheNodeType":{"types":["String"],"description":"Filters access by the cacheNodeType parameter present in the request. This key can be used to restrict which cache node types can be used on cluster creation or scaling operations"},"elasticache:CacheParameterGroupName":{"types":["String"],"description":"Filters access by the CacheParameterGroupName parameter in the request"},"elasticache:ClusterModeEnabled":{"types":["Bool"],"description":"Filters access by the cluster mode parameter present in the request. Default value for single node group (shard) creations is false"},"elasticache:DataStorageUnit":{"types":["String"],"description":"Filters access by the CacheUsageLimits.DataStorage.Unit parameter in the CreateServerlessCache and ModifyServerlessCache request"},"elasticache:EngineType":{"types":["String"],"description":"Filters access by the engine type present in creation requests. For replication group creations, default engine 'redis' is used as key if parameter is not present"},"elasticache:EngineVersion":{"types":["String"],"description":"Filters access by the engineVersion parameter present in creation or cluster modification requests"},"elasticache:KmsKeyId":{"types":["String"],"description":"Filters access by the Key ID of the KMS key"},"elasticache:MaximumDataStorage":{"types":["Numeric"],"description":"Filters access by the CacheUsageLimits.DataStorage.Maximum parameter in the CreateServerlessCache and ModifyServerlessCache request"},"elasticache:MaximumECPUPerSecond":{"types":["Numeric"],"description":"Filters access by the CacheUsageLimits.ECPUPerSecond.Maximum parameter in the CreateServerlessCache and ModifyServerlessCache request"},"elasticache:MinimumDataStorage":{"types":["Numeric"],"description":"Filters access by the CacheUsageLimits.DataStorage.Minimum parameter in the CreateServerlessCache and ModifyServerlessCache request"},"elasticache:MinimumECPUPerSecond":{"types":["Numeric"],"description":"Filters access by the CacheUsageLimits.ECPUPerSecond.Minimum parameter in the CreateServerlessCache and ModifyServerlessCache request"},"elasticache:MultiAZEnabled":{"types":["Bool"],"description":"Filters access by the AZMode parameter, MultiAZEnabled parameter or the number of availability zones that the cluster or replication group can be placed in"},"elasticache:NumNodeGroups":{"types":["Numeric"],"description":"Filters access by the NumNodeGroups or NodeGroupCount parameter specified in the request. This key can be used to restrict the number of node groups (shards) clusters can have after creation or scaling operations"},"elasticache:ReplicasPerNodeGroup":{"types":["Numeric"],"description":"Filters access by the number of replicas per node group (shards) specified in creations or scaling requests"},"elasticache:SnapshotRetentionLimit":{"types":["Numeric"],"description":"Filters access by the SnapshotRetentionLimit parameter in the request"},"elasticache:TransitEncryptionEnabled":{"types":["Bool"],"description":"Filters access by the TransitEncryptionEnabled parameter present in the request. For replication group creations, default value 'false' is used as key if parameter is not present"},"elasticache:UserAuthenticationMode":{"types":["String"],"description":"Filters access by the UserAuthenticationMode parameter in the request"}}}
package/src/data/servicereference/services/elasticbeanstalk.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"elasticbeanstalk","actions":{"AbortEnvironmentUpdate":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to cancel in-progress environment configuration update or application version deployment","accessLevel":"Write","resourceTypes":[{"name":"environment","required":true}]},"AddTags":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"application"},{"name":"applicationversion"},{"name":"configurationtemplate"},{"name":"environment"},{"name":"platform"}],"description":"Grants permission to add tags to an Elastic Beanstalk resource and to update tag values","accessLevel":"Tagging","resourceTypes":[{"name":"application","required":false},{"name":"applicationversion","required":false},{"name":"configurationtemplate","required":false},{"name":"environment","required":false},{"name":"platform","required":false}]},"ApplyEnvironmentManagedAction":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to apply a scheduled managed action immediately","accessLevel":"Write","resourceTypes":[{"name":"environment","required":true}]},"AssociateEnvironmentOperationsRole":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to associate an operations role with an environment","accessLevel":"Write","resourceTypes":[{"name":"environment","required":true}]},"CheckDNSAvailability":{"conditionKeys":[],"resources":[],"description":"Grants permission to check CNAME availability","accessLevel":"Read","resourceTypes":[]},"ComposeEnvironments":{"conditionKeys":[],"resources":[{"name":"application"},{"name":"applicationversion"}],"description":"Grants permission to create or update a group of environments, each running a separate component of a single application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true},{"name":"applicationversion","required":true}]},"CreateApplication":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"application"}],"description":"Grants permission to create a new application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"CreateApplicationVersion":{"conditionKeys":[],"resources":[{"name":"application"},{"name":"applicationversion"}],"description":"Grants permission to create an application version for an application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true},{"name":"applicationversion","required":true}]},"CreateConfigurationTemplate":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","elasticbeanstalk:FromApplication","elasticbeanstalk:FromApplicationVersion","elasticbeanstalk:FromConfigurationTemplate","elasticbeanstalk:FromEnvironment","elasticbeanstalk:FromPlatform","elasticbeanstalk:FromSolutionStack"],"resources":[{"name":"configurationtemplate"}],"description":"Grants permission to create a configuration template","accessLevel":"Write","resourceTypes":[{"name":"configurationtemplate","required":true}]},"CreateEnvironment":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","elasticbeanstalk:FromApplicationVersion","elasticbeanstalk:FromConfigurationTemplate","elasticbeanstalk:FromPlatform","elasticbeanstalk:FromSolutionStack"],"resources":[{"name":"environment"}],"description":"Grants permission to launch an environment for an application","accessLevel":"Write","resourceTypes":[{"name":"environment","required":true}]},"CreatePlatformVersion":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"platform"}],"description":"Grants permission to create a new version of a custom platform","accessLevel":"Write","resourceTypes":[{"name":"platform","required":true}]},"CreateStorageLocation":{"conditionKeys":[],"resources":[],"description":"Grants permission to create the Amazon S3 storage location for the account","accessLevel":"Write","resourceTypes":[]},"DeleteApplication":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to delete an application along with all associated versions and configurations","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"DeleteApplicationVersion":{"conditionKeys":[],"resources":[{"name":"applicationversion"}],"description":"Grants permission to delete an application version from an application","accessLevel":"Write","resourceTypes":[{"name":"applicationversion","required":true}]},"DeleteConfigurationTemplate":{"conditionKeys":[],"resources":[{"name":"configurationtemplate"}],"description":"Grants permission to delete a configuration template","accessLevel":"Write","resourceTypes":[{"name":"configurationtemplate","required":true}]},"DeleteEnvironmentConfiguration":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to delete the draft configuration associated with the running environment","accessLevel":"Write","resourceTypes":[{"name":"environment","required":true}]},"DeletePlatformVersion":{"conditionKeys":[],"resources":[{"name":"platform"}],"description":"Grants permission to delete a version of a custom platform","accessLevel":"Write","resourceTypes":[{"name":"platform","required":true}]},"DescribeAccountAttributes":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of account attributes, including resource quotas","accessLevel":"Read","resourceTypes":[]},"DescribeApplicationVersions":{"conditionKeys":[],"resources":[{"name":"applicationversion"}],"description":"Grants permission to retrieve a list of application versions stored in an AWS Elastic Beanstalk storage bucket","accessLevel":"List","resourceTypes":[{"name":"applicationversion","required":false}]},"DescribeApplications":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to retrieve the descriptions of existing applications","accessLevel":"List","resourceTypes":[{"name":"application","required":false}]},"DescribeConfigurationOptions":{"conditionKeys":[],"resources":[{"name":"configurationtemplate"},{"name":"environment"},{"name":"solutionstack"}],"description":"Grants permission to retrieve descriptions of environment configuration options","accessLevel":"Read","resourceTypes":[{"name":"configurationtemplate","required":false},{"name":"environment","required":false},{"name":"solutionstack","required":false}]},"DescribeConfigurationSettings":{"conditionKeys":[],"resources":[{"name":"configurationtemplate"},{"name":"environment"}],"description":"Grants permission to retrieve a description of the settings for a configuration set","accessLevel":"Read","resourceTypes":[{"name":"configurationtemplate","required":false},{"name":"environment","required":false}]},"DescribeEnvironmentHealth":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to retrieve information about the overall health of an environment","accessLevel":"Read","resourceTypes":[{"name":"environment","required":false}]},"DescribeEnvironmentManagedActionHistory":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to retrieve a list of an environment's completed and failed managed actions","accessLevel":"Read","resourceTypes":[{"name":"environment","required":false}]},"DescribeEnvironmentManagedActions":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to retrieve a list of an environment's upcoming and in-progress managed actions","accessLevel":"Read","resourceTypes":[{"name":"environment","required":false}]},"DescribeEnvironmentResources":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to retrieve a list of AWS resources for an environment","accessLevel":"Read","resourceTypes":[{"name":"environment","required":false}]},"DescribeEnvironments":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to retrieve descriptions for existing environments","accessLevel":"List","resourceTypes":[{"name":"environment","required":false}]},"DescribeEvents":{"conditionKeys":[],"resources":[{"name":"application"},{"name":"applicationversion"},{"name":"configurationtemplate"},{"name":"environment"}],"description":"Grants permission to retrieve a list of event descriptions matching a set of criteria","accessLevel":"Read","resourceTypes":[{"name":"application","required":false},{"name":"applicationversion","required":false},{"name":"configurationtemplate","required":false},{"name":"environment","required":false}]},"DescribeInstancesHealth":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to retrieve more detailed information about the health of environment instances","accessLevel":"Read","resourceTypes":[{"name":"environment","required":false}]},"DescribePlatformVersion":{"conditionKeys":[],"resources":[{"name":"platform"}],"description":"Grants permission to retrieve a description of a managed platform version","accessLevel":"Read","resourceTypes":[{"name":"platform","required":false}]},"DisassociateEnvironmentOperationsRole":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to disassociate an operations role with an environment","accessLevel":"Write","resourceTypes":[{"name":"environment","required":true}]},"ListAvailableSolutionStacks":{"conditionKeys":[],"resources":[{"name":"solutionstack"}],"description":"Grants permission to retrieve a list of the available solution stack names","accessLevel":"List","resourceTypes":[{"name":"solutionstack","required":false}]},"ListPlatformBranches":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of the available platform branches","accessLevel":"List","resourceTypes":[]},"ListPlatformVersions":{"conditionKeys":[],"resources":[{"name":"platform"}],"description":"Grants permission to retrieve a list of the available platforms","accessLevel":"List","resourceTypes":[{"name":"platform","required":false}]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"application"},{"name":"applicationversion"},{"name":"configurationtemplate"},{"name":"environment"},{"name":"platform"}],"description":"Grants permission to retrieve a list of tags of an Elastic Beanstalk resource","accessLevel":"Read","resourceTypes":[{"name":"application","required":false},{"name":"applicationversion","required":false},{"name":"configurationtemplate","required":false},{"name":"environment","required":false},{"name":"platform","required":false}]},"PutInstanceStatistics":{"conditionKeys":[],"resources":[{"name":"application"},{"name":"environment"}],"description":"Grants permission to submit instance statistics for enhanced health","accessLevel":"Write","resourceTypes":[{"name":"application","required":true},{"name":"environment","required":true}]},"RebuildEnvironment":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to delete and recreate all of the AWS resources for an environment and to force a restart","accessLevel":"Write","resourceTypes":[{"name":"environment","required":true}]},"RemoveTags":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"application"},{"name":"applicationversion"},{"name":"configurationtemplate"},{"name":"environment"},{"name":"platform"}],"description":"Grants permission to remove tags from an Elastic Beanstalk resource","accessLevel":"Tagging","resourceTypes":[{"name":"application","required":false},{"name":"applicationversion","required":false},{"name":"configurationtemplate","required":false},{"name":"environment","required":false},{"name":"platform","required":false}]},"RequestEnvironmentInfo":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to initiate a request to compile information of the deployed environment","accessLevel":"Read","resourceTypes":[{"name":"environment","required":true}]},"RestartAppServer":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to request an environment to restart the application container server running on each Amazon EC2 instance","accessLevel":"Write","resourceTypes":[{"name":"environment","required":true}]},"RetrieveEnvironmentInfo":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to retrieve the compiled information from a RequestEnvironmentInfo request","accessLevel":"Read","resourceTypes":[{"name":"environment","required":true}]},"SwapEnvironmentCNAMEs":{"conditionKeys":["elasticbeanstalk:FromEnvironment"],"resources":[{"name":"environment"}],"description":"Grants permission to swap the CNAMEs of two environments","accessLevel":"Write","resourceTypes":[{"name":"environment","required":true}]},"TerminateEnvironment":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to terminate an environment","accessLevel":"Write","resourceTypes":[{"name":"environment","required":true}]},"UpdateApplication":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to update an application with specified properties","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"UpdateApplicationResourceLifecycle":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to update the application version lifecycle policy associated with the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"UpdateApplicationVersion":{"conditionKeys":[],"resources":[{"name":"applicationversion"}],"description":"Grants permission to update an application version with specified properties","accessLevel":"Write","resourceTypes":[{"name":"applicationversion","required":true}]},"UpdateConfigurationTemplate":{"conditionKeys":["elasticbeanstalk:FromApplication","elasticbeanstalk:FromApplicationVersion","elasticbeanstalk:FromConfigurationTemplate","elasticbeanstalk:FromEnvironment","elasticbeanstalk:FromPlatform","elasticbeanstalk:FromSolutionStack"],"resources":[{"name":"configurationtemplate"}],"description":"Grants permission to update a configuration template with specified properties or configuration option values","accessLevel":"Write","resourceTypes":[{"name":"configurationtemplate","required":true}]},"UpdateEnvironment":{"conditionKeys":["elasticbeanstalk:FromApplicationVersion","elasticbeanstalk:FromConfigurationTemplate","elasticbeanstalk:FromPlatform","elasticbeanstalk:FromSolutionStack"],"resources":[{"name":"environment"}],"description":"Grants permission to update an environment","accessLevel":"Write","resourceTypes":[{"name":"environment","required":true}]},"UpdateTagsForResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"application"},{"name":"applicationversion"},{"name":"configurationtemplate"},{"name":"environment"},{"name":"platform"}],"description":"Doesn't grant permission to update tags. To grant permission to add tags to an Elastic Beanstalk resource, remove tags, and to update tag values, specify elasticbeanstalk:AddTags and elasticbeanstalk:RemoveTags","accessLevel":"Tagging","resourceTypes":[{"name":"application","required":false},{"name":"applicationversion","required":false},{"name":"configurationtemplate","required":false},{"name":"environment","required":false},{"name":"platform","required":false}]},"ValidateConfigurationSettings":{"conditionKeys":[],"resources":[{"name":"configurationtemplate"},{"name":"environment"}],"description":"Grants permission to check the validity of a set of configuration settings for a configuration template or an environment","accessLevel":"Read","resourceTypes":[{"name":"configurationtemplate","required":false},{"name":"environment","required":false}]}},"resources":[{"name":"application","arnFormats":["arn:${Partition}:elasticbeanstalk:${Region}:${Account}:application/${ApplicationName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"applicationversion","arnFormats":["arn:${Partition}:elasticbeanstalk:${Region}:${Account}:applicationversion/${ApplicationName}/${VersionLabel}"],"conditionKeys":["aws:ResourceTag/${TagKey}","elasticbeanstalk:InApplication"]},{"name":"configurationtemplate","arnFormats":["arn:${Partition}:elasticbeanstalk:${Region}:${Account}:configurationtemplate/${ApplicationName}/${TemplateName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","elasticbeanstalk:InApplication"]},{"name":"environment","arnFormats":["arn:${Partition}:elasticbeanstalk:${Region}:${Account}:environment/${ApplicationName}/${EnvironmentName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","elasticbeanstalk:InApplication"]},{"name":"platform","arnFormats":["arn:${Partition}:elasticbeanstalk:${Region}::platform/${PlatformNameWithVersion}"],"conditionKeys":[]},{"name":"solutionstack","arnFormats":["arn:${Partition}:elasticbeanstalk:${Region}::solutionstack/${SolutionStackName}"],"conditionKeys":[]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters actions based on the presence of tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters actions based on tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters actions based on the presence of tag keys in the request"},"elasticbeanstalk:FromApplication":{"types":["ARN"],"description":"Filters access by an application as a dependency or a constraint on an input parameter"},"elasticbeanstalk:FromApplicationVersion":{"types":["ARN"],"description":"Filters access by an application version as a dependency or a constraint on an input parameter"},"elasticbeanstalk:FromConfigurationTemplate":{"types":["ARN"],"description":"Filters access by a configuration template as a dependency or a constraint on an input parameter"},"elasticbeanstalk:FromEnvironment":{"types":["ARN"],"description":"Filters access by an environment as a dependency or a constraint on an input parameter"},"elasticbeanstalk:FromPlatform":{"types":["ARN"],"description":"Filters access by a platform as a dependency or a constraint on an input parameter"},"elasticbeanstalk:FromSolutionStack":{"types":["ARN"],"description":"Filters access by a solution stack as a dependency or a constraint on an input parameter"},"elasticbeanstalk:InApplication":{"types":["ARN"],"description":"Filters access by the application that contains the resource that the action operates on"}}}
package/src/data/servicereference/services/elasticfilesystem.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"elasticfilesystem","actions":{"Backup":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to start a backup job for an existing file system","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}],"permissionOnly":true},"ClientMount":{"conditionKeys":["elasticfilesystem:AccessPointArn","elasticfilesystem:AccessedViaMountTarget"],"resources":[{"name":"file-system"}],"description":"Grants permission to allow an NFS client read-access to a file system","accessLevel":"Read","resourceTypes":[{"name":"file-system","required":true}],"permissionOnly":true},"ClientRootAccess":{"conditionKeys":["elasticfilesystem:AccessPointArn","elasticfilesystem:AccessedViaMountTarget"],"resources":[{"name":"file-system"}],"description":"Grants permission to allow an NFS client root-access to a file system","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}],"permissionOnly":true},"ClientWrite":{"conditionKeys":["elasticfilesystem:AccessPointArn","elasticfilesystem:AccessedViaMountTarget"],"resources":[{"name":"file-system"}],"description":"Grants permission to allow an NFS client write-access to a file system","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}],"permissionOnly":true},"CreateAccessPoint":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"file-system"}],"description":"Grants permission to create an access point for the specified file system","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}],"dependentActions":["elasticfilesystem:TagResource"]},"CreateFileSystem":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","elasticfilesystem:Encrypted"],"resources":[],"description":"Grants permission to create a new, empty file system","accessLevel":"Write","resourceTypes":[],"dependentActions":["elasticfilesystem:TagResource"]},"CreateMountTarget":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to create a mount target for a file system","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}]},"CreateReplicationConfiguration":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to create a new replication configuration","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}]},"CreateTags":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"file-system"}],"description":"Grants permission to create or overwrite tags associated with a file system; deprecated, see TagResource","accessLevel":"Tagging","resourceTypes":[{"name":"file-system","required":true}]},"DeleteAccessPoint":{"conditionKeys":[],"resources":[{"name":"access-point"}],"description":"Grants permission to delete the specified access point","accessLevel":"Write","resourceTypes":[{"name":"access-point","required":true}]},"DeleteFileSystem":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to delete a file system, permanently severing access to its contents","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}]},"DeleteFileSystemPolicy":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to delete the resource-level policy for a file system","accessLevel":"Permissions management","resourceTypes":[{"name":"file-system","required":true}]},"DeleteMountTarget":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to delete the specified mount target","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}]},"DeleteReplicationConfiguration":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to delete a replication configuration","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}]},"DeleteTags":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"file-system"}],"description":"Grants permission to delete the specified tags from a file system; deprecated, see UntagResource","accessLevel":"Tagging","resourceTypes":[{"name":"file-system","required":true}]},"DescribeAccessPoints":{"conditionKeys":[],"resources":[{"name":"access-point"},{"name":"file-system"}],"description":"Grants permission to view the descriptions of Amazon EFS access points","accessLevel":"List","resourceTypes":[{"name":"access-point","required":false},{"name":"file-system","required":false}]},"DescribeAccountPreferences":{"conditionKeys":[],"resources":[],"description":"Grants permission to view the account preferences in effect for an account","accessLevel":"List","resourceTypes":[]},"DescribeBackupPolicy":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to view the BackupPolicy object for an Amazon EFS file system","accessLevel":"Read","resourceTypes":[{"name":"file-system","required":true}]},"DescribeFileSystemPolicy":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to view the resource-level policy for an Amazon EFS file system","accessLevel":"Read","resourceTypes":[{"name":"file-system","required":false}]},"DescribeFileSystems":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to view the description of an Amazon EFS file system specified by file system CreationToken or FileSystemId; or to view the description of all file systems owned by the caller's AWS account in the AWS region of the endpoint that is being called","accessLevel":"List","resourceTypes":[{"name":"file-system","required":false}]},"DescribeLifecycleConfiguration":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to view the LifecycleConfiguration object for an Amazon EFS file system","accessLevel":"Read","resourceTypes":[{"name":"file-system","required":true}]},"DescribeMountTargetSecurityGroups":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to view the security groups in effect for a mount target","accessLevel":"Read","resourceTypes":[{"name":"file-system","required":true}]},"DescribeMountTargets":{"conditionKeys":[],"resources":[{"name":"access-point"},{"name":"file-system"}],"description":"Grants permission to view the descriptions of all mount targets, or a specific mount target, for a file system","accessLevel":"Read","resourceTypes":[{"name":"file-system","required":true},{"name":"access-point","required":false}]},"DescribeReplicationConfigurations":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to view the description of an Amazon EFS replication configuration specified by FileSystemId; or to view the description of all replication configurations owned by the caller's AWS account in the AWS region of the endpoint that is being called","accessLevel":"List","resourceTypes":[{"name":"file-system","required":false}]},"DescribeTags":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to view the tags associated with a file system","accessLevel":"Read","resourceTypes":[{"name":"file-system","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"access-point"},{"name":"file-system"}],"description":"Grants permission to view the tags associated with the specified Amazon EFS resource","accessLevel":"Read","resourceTypes":[{"name":"access-point","required":false},{"name":"file-system","required":false}]},"ModifyMountTargetSecurityGroups":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to modify the set of security groups in effect for a mount target","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}]},"PutAccountPreferences":{"conditionKeys":[],"resources":[],"description":"Grants permission to set the account preferences of an account","accessLevel":"Write","resourceTypes":[]},"PutBackupPolicy":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to enable or disable automatic backups with AWS Backup by creating a new BackupPolicy object","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}]},"PutFileSystemPolicy":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to apply a resource-level policy that defines the actions allowed or denied from given actors for the specified file system","accessLevel":"Permissions management","resourceTypes":[{"name":"file-system","required":true}]},"PutLifecycleConfiguration":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to enable lifecycle management by creating a new LifecycleConfiguration object","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}]},"ReplicationRead":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to read file system data for replication","accessLevel":"Read","resourceTypes":[{"name":"file-system","required":true}],"permissionOnly":true},"ReplicationWrite":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to replicate data to a file system","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}],"permissionOnly":true},"Restore":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to start a restore job for a backup of a file system","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}],"permissionOnly":true},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","elasticfilesystem:CreateAction"],"resources":[{"name":"access-point"},{"name":"file-system"}],"description":"Grants permission to create or overwrite tags associated with the specified Amazon EFS resource","accessLevel":"Tagging","resourceTypes":[{"name":"access-point","required":false},{"name":"file-system","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"access-point"},{"name":"file-system"}],"description":"Grants permission to delete the specified tags from an Amazon EFS resource","accessLevel":"Tagging","resourceTypes":[{"name":"access-point","required":false},{"name":"file-system","required":false}]},"UpdateFileSystem":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to update the throughput mode or the amount of provisioned throughput of an existing file system","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}]},"UpdateFileSystemProtection":{"conditionKeys":[],"resources":[{"name":"file-system"}],"description":"Grants permission to update the file system protection of an existing file system","accessLevel":"Write","resourceTypes":[{"name":"file-system","required":true}]}},"resources":[{"name":"access-point","arnFormats":["arn:${Partition}:elasticfilesystem:${Region}:${Account}:access-point/${AccessPointId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"file-system","arnFormats":["arn:${Partition}:elasticfilesystem:${Region}:${Account}:file-system/${FileSystemId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by a tag key and value pair that is allowed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by a tag key and value pair of a resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by a list of tag keys that are allowed in the request"},"elasticfilesystem:AccessPointArn":{"types":["ARN"],"description":"Filters access by the ARN of the access point used to mount the file system"},"elasticfilesystem:AccessedViaMountTarget":{"types":["Bool"],"description":"Filters access by whether the file system is accessed via mount targets"},"elasticfilesystem:CreateAction":{"types":["String"],"description":"Filters access by the name of a resource-creating API action"},"elasticfilesystem:Encrypted":{"types":["Bool"],"description":"Filters access by whether users can create only encrypted or unencrypted file systems"}}}