aws-iam-ls 0.0.0

package/src/data/servicereference/services/guardduty.json

@@ -0,0 +1 @@
+{"name":"guardduty","actions":{"AcceptAdministratorInvitation":{"conditionKeys":[],"resources":[],"description":"Grants permission to accept invitations to become a GuardDuty member account","accessLevel":"Write","resourceTypes":[]},"AcceptInvitation":{"conditionKeys":[],"resources":[],"description":"Grants permission to accept invitations to become a GuardDuty member account","accessLevel":"Write","resourceTypes":[]},"ArchiveFindings":{"conditionKeys":[],"resources":[],"description":"Grants permission to archive GuardDuty findings","accessLevel":"Write","resourceTypes":[]},"CreateDetector":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a detector","accessLevel":"Write","resourceTypes":[]},"CreateFilter":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"filter"}],"description":"Grants permission to create GuardDuty filters. A filters defines finding attributes and conditions used to filter findings","accessLevel":"Write","resourceTypes":[{"name":"filter","required":true}]},"CreateIPSet":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create an IPSet","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:DeleteRolePolicy","iam:PutRolePolicy"]},"CreateMalwareProtectionPlan":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a new Malware Protection plan","accessLevel":"Write","resourceTypes":[]},"CreateMembers":{"conditionKeys":[],"resources":[],"description":"Grants permission to create GuardDuty member accounts, where the account used to create a member becomes the GuardDuty administrator account","accessLevel":"Write","resourceTypes":[]},"CreatePublishingDestination":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a publishing destination","accessLevel":"Write","resourceTypes":[],"dependentActions":["s3:GetObject","s3:ListBucket"]},"CreateSampleFindings":{"conditionKeys":[],"resources":[],"description":"Grants permission to create sample findings","accessLevel":"Write","resourceTypes":[]},"CreateThreatEntitySet":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create GuardDuty ThreatEntitySets, where a ThreatEntitySet consists of known malicious IP addresses and/or domains used by GuardDuty to generate findings","accessLevel":"Write","resourceTypes":[],"dependentActions":["s3:GetObject"]},"CreateThreatIntelSet":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create GuardDuty ThreatIntelSets, where a ThreatIntelSet consists of known malicious IP addresses used by GuardDuty to generate findings","accessLevel":"Write","resourceTypes":[]},"CreateTrustedEntitySet":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a TrustedEntitySet","accessLevel":"Write","resourceTypes":[],"dependentActions":["s3:GetObject"]},"DeclineInvitations":{"conditionKeys":[],"resources":[],"description":"Grants permission to decline invitations to become a GuardDuty member account","accessLevel":"Write","resourceTypes":[]},"DeleteDetector":{"conditionKeys":[],"resources":[{"name":"detector"}],"description":"Grants permission to delete GuardDuty detectors","accessLevel":"Write","resourceTypes":[{"name":"detector","required":true}]},"DeleteFilter":{"conditionKeys":[],"resources":[{"name":"filter"}],"description":"Grants permission to delete GuardDuty filters","accessLevel":"Write","resourceTypes":[{"name":"filter","required":true}]},"DeleteIPSet":{"conditionKeys":[],"resources":[{"name":"ipset"}],"description":"Grants permission to delete GuardDuty IPSets","accessLevel":"Write","resourceTypes":[{"name":"ipset","required":true}]},"DeleteInvitations":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete invitations to become a GuardDuty member account","accessLevel":"Write","resourceTypes":[]},"DeleteMalwareProtectionPlan":{"conditionKeys":[],"resources":[{"name":"malwareprotectionplan"}],"description":"Grants permission to delete a Malware Protection plan","accessLevel":"Write","resourceTypes":[{"name":"malwareprotectionplan","required":true}]},"DeleteMembers":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete GuardDuty member accounts","accessLevel":"Write","resourceTypes":[]},"DeletePublishingDestination":{"conditionKeys":[],"resources":[{"name":"publishingDestination"}],"description":"Grants permission to delete a publishing destination","accessLevel":"Write","resourceTypes":[{"name":"publishingDestination","required":true}]},"DeleteThreatEntitySet":{"conditionKeys":[],"resources":[{"name":"threatentityset"}],"description":"Grants permission to delete GuardDuty ThreatEntitySets","accessLevel":"Write","resourceTypes":[{"name":"threatentityset","required":true}]},"DeleteThreatIntelSet":{"conditionKeys":[],"resources":[{"name":"threatintelset"}],"description":"Grants permission to delete GuardDuty ThreatIntelSets","accessLevel":"Write","resourceTypes":[{"name":"threatintelset","required":true}]},"DeleteTrustedEntitySet":{"conditionKeys":[],"resources":[{"name":"trustedentityset"}],"description":"Grants permission to delete GuardDuty TrustedEntitySets","accessLevel":"Write","resourceTypes":[{"name":"trustedentityset","required":true}]},"DescribeMalwareScans":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve details about malware scans","accessLevel":"Read","resourceTypes":[]},"DescribeOrganizationConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve details about the delegated administrator associated with a GuardDuty detector","accessLevel":"Read","resourceTypes":[]},"DescribePublishingDestination":{"conditionKeys":[],"resources":[{"name":"publishingDestination"}],"description":"Grants permission to retrieve details about a publishing destination","accessLevel":"Read","resourceTypes":[{"name":"publishingDestination","required":true}]},"DisableOrganizationAdminAccount":{"conditionKeys":[],"resources":[],"description":"Grants permission to disable the organization delegated administrator for GuardDuty","accessLevel":"Write","resourceTypes":[]},"DisassociateFromAdministratorAccount":{"conditionKeys":[],"resources":[],"description":"Grants permission to disassociate a GuardDuty member account from its GuardDuty administrator account","accessLevel":"Write","resourceTypes":[]},"DisassociateFromMasterAccount":{"conditionKeys":[],"resources":[],"description":"Grants permission to disassociate a GuardDuty member account from its GuardDuty administrator account","accessLevel":"Write","resourceTypes":[]},"DisassociateMembers":{"conditionKeys":[],"resources":[],"description":"Grants permission to disassociate GuardDuty member accounts from their administrator GuardDuty account","accessLevel":"Write","resourceTypes":[]},"EnableOrganizationAdminAccount":{"conditionKeys":[],"resources":[],"description":"Grants permission to enable an organization delegated administrator for GuardDuty","accessLevel":"Write","resourceTypes":[]},"GetAdministratorAccount":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve details of the GuardDuty administrator account associated with a member account","accessLevel":"Read","resourceTypes":[]},"GetCoverageStatistics":{"conditionKeys":[],"resources":[{"name":"detector"}],"description":"Grants permission to list Amazon GuardDuty coverage statistics for the specified GuardDuty account in a Region","accessLevel":"Read","resourceTypes":[{"name":"detector","required":true}]},"GetDetector":{"conditionKeys":[],"resources":[{"name":"detector"}],"description":"Grants permission to retrieve GuardDuty detectors","accessLevel":"Read","resourceTypes":[{"name":"detector","required":true}]},"GetFilter":{"conditionKeys":[],"resources":[{"name":"filter"}],"description":"Grants permission to retrieve GuardDuty filters","accessLevel":"Read","resourceTypes":[{"name":"filter","required":true}]},"GetFindings":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve GuardDuty findings","accessLevel":"Read","resourceTypes":[]},"GetFindingsStatistics":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of GuardDuty finding statistics","accessLevel":"Read","resourceTypes":[]},"GetIPSet":{"conditionKeys":[],"resources":[{"name":"ipset"}],"description":"Grants permission to retrieve GuardDuty IPSets","accessLevel":"Read","resourceTypes":[{"name":"ipset","required":true}]},"GetInvitationsCount":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the count of all GuardDuty invitations sent to a specified account, which does not include the accepted invitation","accessLevel":"Read","resourceTypes":[]},"GetMalwareProtectionPlan":{"conditionKeys":[],"resources":[{"name":"malwareprotectionplan"}],"description":"Grants permission to retrieve a Malware Protection plan details","accessLevel":"Read","resourceTypes":[{"name":"malwareprotectionplan","required":true}]},"GetMalwareScan":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a malware scan's details","accessLevel":"Read","resourceTypes":[]},"GetMalwareScanSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the malware scan settings","accessLevel":"Read","resourceTypes":[]},"GetMasterAccount":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve details of the GuardDuty administrator account associated with a member account","accessLevel":"Read","resourceTypes":[]},"GetMemberDetectors":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe which data sources are enabled for member accounts detectors","accessLevel":"Read","resourceTypes":[]},"GetMembers":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the member accounts associated with an administrator account","accessLevel":"Read","resourceTypes":[]},"GetOrganizationStatistics":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve GuardDuty protection plan coverage statistics for member accounts in a Region","accessLevel":"Read","resourceTypes":[]},"GetRemainingFreeTrialDays":{"conditionKeys":[],"resources":[],"description":"Grants permission to provide the number of days left for each data source used in the free trial period","accessLevel":"Read","resourceTypes":[]},"GetThreatEntitySet":{"conditionKeys":[],"resources":[{"name":"threatentityset"}],"description":"Grants permission to retrieve GuardDuty ThreatEntitySets","accessLevel":"Read","resourceTypes":[{"name":"threatentityset","required":true}]},"GetThreatIntelSet":{"conditionKeys":[],"resources":[{"name":"threatintelset"}],"description":"Grants permission to retrieve GuardDuty ThreatIntelSets","accessLevel":"Read","resourceTypes":[{"name":"threatintelset","required":true}]},"GetTrustedEntitySet":{"conditionKeys":[],"resources":[{"name":"trustedentityset"}],"description":"Grants permission to retrieve GuardDuty TrustedEntitySets","accessLevel":"Read","resourceTypes":[{"name":"trustedentityset","required":true}]},"GetUsageStatistics":{"conditionKeys":[],"resources":[],"description":"Grants permission to list Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID","accessLevel":"Read","resourceTypes":[]},"InviteMembers":{"conditionKeys":[],"resources":[],"description":"Grants permission to invite other AWS accounts to enable GuardDuty and become GuardDuty member accounts","accessLevel":"Write","resourceTypes":[]},"ListCoverage":{"conditionKeys":[],"resources":[{"name":"detector"}],"description":"Grants permission to list all the resource details for a given account in a Region","accessLevel":"List","resourceTypes":[{"name":"detector","required":true}]},"ListDetectors":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of GuardDuty detectors","accessLevel":"List","resourceTypes":[]},"ListFilters":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of GuardDuty filters","accessLevel":"List","resourceTypes":[]},"ListFindings":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of GuardDuty findings","accessLevel":"List","resourceTypes":[]},"ListIPSets":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of GuardDuty IPSets","accessLevel":"List","resourceTypes":[]},"ListInvitations":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of all of the GuardDuty membership invitations that were sent to an AWS account","accessLevel":"List","resourceTypes":[]},"ListMalwareProtectionPlans":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of Malware Protection plans","accessLevel":"List","resourceTypes":[]},"ListMalwareScans":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of malware scans","accessLevel":"List","resourceTypes":[]},"ListMembers":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of GuardDuty member accounts associated with an administrator account","accessLevel":"List","resourceTypes":[]},"ListOrganizationAdminAccounts":{"conditionKeys":[],"resources":[],"description":"Grants permission to list details about the organization delegated administrator for GuardDuty","accessLevel":"List","resourceTypes":[]},"ListPublishingDestinations":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of publishing destinations","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"detector"},{"name":"filter"},{"name":"ipset"},{"name":"malwareprotectionplan"},{"name":"publishingDestination"},{"name":"threatentityset"},{"name":"threatintelset"},{"name":"trustedentityset"}],"description":"Grants permission to retrieve a list of tags associated with a GuardDuty resource","accessLevel":"Read","resourceTypes":[{"name":"detector","required":false},{"name":"filter","required":false},{"name":"ipset","required":false},{"name":"malwareprotectionplan","required":false},{"name":"publishingDestination","required":false},{"name":"threatentityset","required":false},{"name":"threatintelset","required":false},{"name":"trustedentityset","required":false}]},"ListThreatEntitySets":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of GuardDuty ThreatEntitySets","accessLevel":"List","resourceTypes":[]},"ListThreatIntelSets":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of GuardDuty ThreatIntelSets","accessLevel":"List","resourceTypes":[]},"ListTrustedEntitySets":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of GuardDuty TrustedEntitySets","accessLevel":"List","resourceTypes":[]},"SendObjectMalwareScan":{"conditionKeys":[],"resources":[],"description":"Grants permission to initiate a new object malware scan","accessLevel":"Write","resourceTypes":[]},"SendSecurityTelemetry":{"conditionKeys":[],"resources":[],"description":"Grants permission to send security telemetry for a specific GuardDuty account in a Region","accessLevel":"Write","resourceTypes":[]},"StartMalwareScan":{"conditionKeys":[],"resources":[],"description":"Grants permission to initiate a new malware scan","accessLevel":"Write","resourceTypes":[]},"StartMonitoringMembers":{"conditionKeys":[],"resources":[],"description":"Grants permission to a GuardDuty administrator account to monitor findings from GuardDuty member accounts","accessLevel":"Write","resourceTypes":[]},"StopMonitoringMembers":{"conditionKeys":[],"resources":[],"description":"Grants permission to disable monitoring findings from member accounts","accessLevel":"Write","resourceTypes":[]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"detector"},{"name":"filter"},{"name":"ipset"},{"name":"malwareprotectionplan"},{"name":"publishingDestination"},{"name":"threatentityset"},{"name":"threatintelset"},{"name":"trustedentityset"}],"description":"Grants permission to add tags to a GuardDuty resource","accessLevel":"Tagging","resourceTypes":[{"name":"detector","required":false},{"name":"filter","required":false},{"name":"ipset","required":false},{"name":"malwareprotectionplan","required":false},{"name":"publishingDestination","required":false},{"name":"threatentityset","required":false},{"name":"threatintelset","required":false},{"name":"trustedentityset","required":false}]},"UnarchiveFindings":{"conditionKeys":[],"resources":[],"description":"Grants permission to unarchive GuardDuty findings","accessLevel":"Write","resourceTypes":[]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"detector"},{"name":"filter"},{"name":"ipset"},{"name":"malwareprotectionplan"},{"name":"publishingDestination"},{"name":"threatentityset"},{"name":"threatintelset"},{"name":"trustedentityset"}],"description":"Grants permission to remove tags from a GuardDuty resource","accessLevel":"Tagging","resourceTypes":[{"name":"detector","required":false},{"name":"filter","required":false},{"name":"ipset","required":false},{"name":"malwareprotectionplan","required":false},{"name":"publishingDestination","required":false},{"name":"threatentityset","required":false},{"name":"threatintelset","required":false},{"name":"trustedentityset","required":false}]},"UpdateDetector":{"conditionKeys":[],"resources":[{"name":"detector"}],"description":"Grants permission to update GuardDuty detectors","accessLevel":"Write","resourceTypes":[{"name":"detector","required":true}]},"UpdateFilter":{"conditionKeys":[],"resources":[{"name":"filter"}],"description":"Grants permission to updates GuardDuty filters","accessLevel":"Write","resourceTypes":[{"name":"filter","required":true}]},"UpdateFindingsFeedback":{"conditionKeys":[],"resources":[],"description":"Grants permission to update findings feedback to mark GuardDuty findings as useful or not useful","accessLevel":"Write","resourceTypes":[]},"UpdateIPSet":{"conditionKeys":[],"resources":[{"name":"ipset"}],"description":"Grants permission to update GuardDuty IPSets","accessLevel":"Write","resourceTypes":[{"name":"ipset","required":true}],"dependentActions":["iam:DeleteRolePolicy","iam:PutRolePolicy"]},"UpdateMalwareProtectionPlan":{"conditionKeys":[],"resources":[{"name":"malwareprotectionplan"}],"description":"Grants permission to update the Malware Protection plan","accessLevel":"Write","resourceTypes":[{"name":"malwareprotectionplan","required":true}]},"UpdateMalwareScanSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the malware scan settings","accessLevel":"Write","resourceTypes":[]},"UpdateMemberDetectors":{"conditionKeys":[],"resources":[],"description":"Grants permission to update which data sources are enabled for member accounts detectors","accessLevel":"Write","resourceTypes":[]},"UpdateOrganizationConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the delegated administrator configuration associated with a GuardDuty detector","accessLevel":"Write","resourceTypes":[]},"UpdatePublishingDestination":{"conditionKeys":[],"resources":[{"name":"publishingDestination"}],"description":"Grants permission to update a publishing destination","accessLevel":"Write","resourceTypes":[{"name":"publishingDestination","required":true}],"dependentActions":["s3:GetObject","s3:ListBucket"]},"UpdateThreatEntitySet":{"conditionKeys":[],"resources":[{"name":"threatentityset"}],"description":"Grants permission to update GuardDuty ThreatEntitySets","accessLevel":"Write","resourceTypes":[{"name":"threatentityset","required":true}],"dependentActions":["s3:GetObject"]},"UpdateThreatIntelSet":{"conditionKeys":[],"resources":[{"name":"threatintelset"}],"description":"Grants permission to updates the GuardDuty ThreatIntelSets","accessLevel":"Write","resourceTypes":[{"name":"threatintelset","required":true}],"dependentActions":["iam:DeleteRolePolicy","iam:PutRolePolicy"]},"UpdateTrustedEntitySet":{"conditionKeys":[],"resources":[{"name":"trustedentityset"}],"description":"Grants permission to update GuardDuty TrustedEntitySets","accessLevel":"Write","resourceTypes":[{"name":"trustedentityset","required":true}],"dependentActions":["s3:GetObject"]}},"resources":[{"name":"detector","arnFormats":["arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"filter","arnFormats":["arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/filter/${FilterName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"ipset","arnFormats":["arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/ipset/${IPSetId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"malwareprotectionplan","arnFormats":["arn:${Partition}:guardduty:${Region}:${Account}:malware-protection-plan/${MalwareProtectionPlanId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"publishingDestination","arnFormats":["arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/publishingdestination/${PublishingDestinationId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"threatentityset","arnFormats":["arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/threatentityset/${ThreatEntitySetId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"threatintelset","arnFormats":["arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/threatintelset/${ThreatIntelSetId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"trustedentityset","arnFormats":["arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/trustedentityset/${TrustedEntitySetId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by tag keys in the request"}}}

package/src/data/servicereference/services/health-agent.json

@@ -0,0 +1 @@
+{"name":"health-agent","actions":{"ActivateSubscription":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Subscription"}],"description":"Grants permission to activate a subscription to enable billing for a user","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true},{"name":"Subscription","required":true}]},"CancelAppointment":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to cancel an appointment","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"CreateAgent":{"conditionKeys":[],"resources":[{"name":"Agent"},{"name":"Domain"}],"description":"Grants permission to create a new agent with an initial version in DRAFT state","accessLevel":"Write","resourceTypes":[{"name":"Agent","required":true},{"name":"Domain","required":true}],"permissionOnly":true},"CreateDomain":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a new domain for managing HealthAgent resources","accessLevel":"Write","resourceTypes":[],"dependentActions":["health-agent:TagResource","iam:PassRole"]},"CreateIntegration":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to create a new integration for a domain","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"CreateSession":{"conditionKeys":[],"resources":[{"name":"Agent"},{"name":"Domain"},{"name":"Session"}],"description":"Grants permission to create a new session with specified agent configurations","accessLevel":"Write","resourceTypes":[{"name":"Agent","required":true},{"name":"Domain","required":true},{"name":"Session","required":true}],"permissionOnly":true},"CreateSubscription":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Subscription"}],"description":"Grants permission to create a new subscription within a domain for billing and user management","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true},{"name":"Subscription","required":true}]},"DeactivateSubscription":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Subscription"}],"description":"Grants permission to deactivate a subscription to stop billing for a user","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true},{"name":"Subscription","required":true}]},"DeleteAgent":{"conditionKeys":[],"resources":[{"name":"Agent"},{"name":"Domain"}],"description":"Grants permission to delete an agent configuration and all its versions","accessLevel":"Write","resourceTypes":[{"name":"Agent","required":true},{"name":"Domain","required":true}],"permissionOnly":true},"DeleteDomain":{"conditionKeys":[],"resources":[{"name":"Domain"}],"description":"Grants permission to delete a domain and all associated resources","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true}]},"DeleteIntegration":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to delete an integration","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"GetAgent":{"conditionKeys":[],"resources":[{"name":"Agent"},{"name":"Domain"}],"description":"Grants permission to retrieve an agent configuration, defaulting to the most recent version if not specified","accessLevel":"Read","resourceTypes":[{"name":"Agent","required":true},{"name":"Domain","required":true}],"permissionOnly":true},"GetCareTeamProvider":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to retrieve the care team provider of a patient","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"GetDomain":{"conditionKeys":[],"resources":[{"name":"Domain"}],"description":"Grants permission to retrieve information about a domain","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true}]},"GetIntegration":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to get an existing integration","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"GetMedicalScribeListeningSession":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Subscription"}],"description":"Grants permission to retrieve details about an existing Medical Scribe listening session","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true},{"name":"Subscription","required":true}]},"GetPatient":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to retrieve patient information","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"GetPatientInsightsJob":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"PatientInsightsJob"}],"description":"Grants permission to get details of a started patient insights job","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true},{"name":"PatientInsightsJob","required":true}]},"GetPractitioner":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to retrieve practitioner information","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"GetSessionContext":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Session"}],"description":"Grants permission to retrieve structured session context including attributes and collected data","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true},{"name":"Session","required":true}],"permissionOnly":true},"GetSubscription":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Subscription"}],"description":"Grants permission to retrieve information about a subscription","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true},{"name":"Subscription","required":true}]},"InvokeAgent":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Session"}],"description":"Grants permission to invoke an agent within a session with streaming response support","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true},{"name":"Session","required":true}],"permissionOnly":true},"ListAgents":{"conditionKeys":[],"resources":[{"name":"Domain"}],"description":"Grants permission to list all agents in a domain","accessLevel":"List","resourceTypes":[{"name":"Domain","required":true}],"permissionOnly":true},"ListAppointmentSlots":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to list available appointment slots","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"ListDomains":{"conditionKeys":[],"resources":[],"description":"Grants permission to list domains for a given account","accessLevel":"List","resourceTypes":[]},"ListIntegrations":{"conditionKeys":[],"resources":[{"name":"Domain"}],"description":"Grants permission to list integrations for a domain","accessLevel":"List","resourceTypes":[{"name":"Domain","required":true}],"permissionOnly":true},"ListPatientAppointments":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to list patient appointments","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"ListPatientInsuranceCoverages":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to list patient insurance coverages","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"ListProviders":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to retrieve active providers available for scheduling appointments with a patient","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"ListSubscriptions":{"conditionKeys":[],"resources":[{"name":"Domain"}],"description":"Grants permission to list all subscriptions within a domain","accessLevel":"List","resourceTypes":[{"name":"Domain","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"Domain"}],"description":"Grants permission to list the tags for the specified resource","accessLevel":"List","resourceTypes":[{"name":"Domain","required":false}]},"MatchPatient":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to match a patient","accessLevel":"Read","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"PublishAgent":{"conditionKeys":[],"resources":[{"name":"Agent"},{"name":"Domain"}],"description":"Grants permission to publish an agent configuration version","accessLevel":"Write","resourceTypes":[{"name":"Agent","required":true},{"name":"Domain","required":true}],"permissionOnly":true},"RescheduleAppointment":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to reschedule an appointment","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"ScheduleAppointment":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to schedule an appointment for a patient","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"StartMedicalScribeListeningSession":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Subscription"}],"description":"Grants permission to start a new Medical Scribe listening session for real-time audio transcription","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true},{"name":"Subscription","required":true}]},"StartPatientInsightsJob":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"PatientInsightsJob"}],"description":"Grants permission to start a new patient insights job","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true},{"name":"PatientInsightsJob","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"Domain"}],"description":"Grants permission to add the specified tags to the specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"Domain","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"Domain"}],"description":"Grants permission to remove the tags identified by the TagKeys list from a resource","accessLevel":"Tagging","resourceTypes":[{"name":"Domain","required":false}]},"UpdateAgent":{"conditionKeys":[],"resources":[{"name":"Agent"},{"name":"Domain"}],"description":"Grants permission to update a draft agent configuration, creating a new draft version if none exists","accessLevel":"Write","resourceTypes":[{"name":"Agent","required":true},{"name":"Domain","required":true}],"permissionOnly":true},"UpdateIntegration":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Integration"}],"description":"Grants permission to update an existing integration","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true},{"name":"Integration","required":true}],"permissionOnly":true},"UpdateSession":{"conditionKeys":[],"resources":[{"name":"Domain"},{"name":"Session"}],"description":"Grants permission to update session attributes such as departmentId and appointmentType","accessLevel":"Write","resourceTypes":[{"name":"Domain","required":true},{"name":"Session","required":true}],"permissionOnly":true}},"resources":[{"name":"Agent","arnFormats":["arn:${Partition}:health-agent:${Region}:${Account}:domain/${DomainId}/agent/${AgentId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"Domain","arnFormats":["arn:${Partition}:health-agent:${Region}:${Account}:domain/${DomainId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"Integration","arnFormats":["arn:${Partition}:health-agent:${Region}:${Account}:domain/${DomainId}/integration/${IntegrationId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"PatientInsightsJob","arnFormats":["arn:${Partition}:health-agent:${Region}:${Account}:domain/${DomainId}/patient-insights-job/${JobId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"Session","arnFormats":["arn:${Partition}:health-agent:${Region}:${Account}:domain/${DomainId}/session/${SessionId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"Subscription","arnFormats":["arn:${Partition}:health-agent:${Region}:${Account}:domain/${DomainId}/subscription/${SubscriptionId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/health.json

@@ -0,0 +1 @@
+{"name":"health","actions":{"DescribeAffectedAccountsForOrganization":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of accounts that have been affected by the specified events in organization","accessLevel":"Read","resourceTypes":[],"dependentActions":["organizations:ListAccounts"]},"DescribeAffectedEntities":{"conditionKeys":["health:eventTypeCode","health:service"],"resources":[{"name":"event"}],"description":"Grants permission to retrieve a list of entities that have been affected by the specified events","accessLevel":"Read","resourceTypes":[{"name":"event","required":true}]},"DescribeAffectedEntitiesForOrganization":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of entities that have been affected by the specified events and accounts in organization","accessLevel":"Read","resourceTypes":[],"dependentActions":["organizations:ListAccounts"]},"DescribeEntityAggregates":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the number of entities that are affected by each of the specified events","accessLevel":"Read","resourceTypes":[]},"DescribeEntityAggregatesForOrganization":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the number of entities that are affected by each of the specified events in an organization","accessLevel":"Read","resourceTypes":[],"dependentActions":["organizations:ListAccounts"]},"DescribeEventAggregates":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the number of events of each event type (issue, scheduled change, and account notification)","accessLevel":"Read","resourceTypes":[]},"DescribeEventDetails":{"conditionKeys":["health:eventTypeCode","health:service"],"resources":[{"name":"event"}],"description":"Grants permission to retrieve detailed information about one or more specified events","accessLevel":"Read","resourceTypes":[{"name":"event","required":true}]},"DescribeEventDetailsForOrganization":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve detailed information about one or more specified events for provided accounts in organization","accessLevel":"Read","resourceTypes":[],"dependentActions":["organizations:ListAccounts"]},"DescribeEventTypes":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the event types that meet the specified filter criteria","accessLevel":"Read","resourceTypes":[]},"DescribeEvents":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about events that meet the specified filter criteria","accessLevel":"Read","resourceTypes":[]},"DescribeEventsForOrganization":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about events that meet the specified filter criteria in organization","accessLevel":"Read","resourceTypes":[],"dependentActions":["organizations:ListAccounts"]},"DescribeHealthServiceStatusForOrganization":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the status of enabling or disabling the Organizational View feature","accessLevel":"Read","resourceTypes":[],"dependentActions":["organizations:ListAccounts"]},"DisableHealthServiceAccessForOrganization":{"conditionKeys":[],"resources":[],"description":"Grants permission to disable the Organizational View feature","accessLevel":"Permissions management","resourceTypes":[],"dependentActions":["organizations:DisableAWSServiceAccess","organizations:ListAccounts"]},"EnableHealthServiceAccessForOrganization":{"conditionKeys":[],"resources":[],"description":"Grants permission to enable the Organizational View feature","accessLevel":"Permissions management","resourceTypes":[],"dependentActions":["iam:CreateServiceLinkedRole","organizations:EnableAWSServiceAccess","organizations:ListAccounts"]}},"resources":[{"name":"event","arnFormats":["arn:${Partition}:health:*::event/${Service}/${EventTypeCode}/*"],"conditionKeys":[]}],"conditionKeys":{"health:eventTypeCode":{"types":["String"],"description":"Filters access by event type"},"health:service":{"types":["String"],"description":"Filters access by impacted service"}}}

package/src/data/servicereference/services/healthlake.json

@@ -0,0 +1 @@
+{"name":"healthlake","actions":{"CancelFHIRExportJobWithDelete":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to cancel an on going FHIR Export job with Delete","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"ConfirmAttributionList":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to allow customers to indicate to a Producer that the Consumer does not have any more changes to be made to the Attribution List","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"CreateFHIRDatastore":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a datastore that can ingest and export FHIR data","accessLevel":"Write","resourceTypes":[]},"CreateResource":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to create resource","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"DeleteFHIRDatastore":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to delete a datastore","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"DeleteResource":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to delete resource","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"DescribeFHIRBulkDeleteJob":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to describe a FHIR Bulk Delete Job","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"DescribeFHIRDatastore":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to get the properties associated with the FHIR datastore, including the datastore ID, datastore ARN, datastore name, datastore status, created at, datastore type version, and datastore endpoint","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"DescribeFHIRExportJob":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to display the properties of a FHIR export job, including the ID, ARN, name, and the status of the datastore","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"DescribeFHIRExportJobWithGet":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to display the properties of a FHIR export job, including the ID, ARN, name, and the status of the datastore with Get","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"DescribeFHIRImportJob":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to display the properties of a FHIR import job, including the ID, ARN, name, and the status of the datastore","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"ExpandValueSetWithGet":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to search and expand ValueSet resource","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"ExpandValueSetWithPost":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to search and expand ValueSet resource","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"GenerateDocumentWithGet":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to generate a clinical document resource","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"GenerateDocumentWithPost":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to generate a clinical document resource","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"GetCapabilities":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to get the capabilities of a FHIR datastore","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"GetExportedFile":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to access exported files from a FHIR Export job initiated with Get","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"GetHistoryByResourceId":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to read resource history","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"InquirePreAuthClaim":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to inquire about the status of a prior authorization Claim","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"ListFHIRDatastores":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all FHIR datastores that are in the user's account, regardless of datastore status","accessLevel":"List","resourceTypes":[]},"ListFHIRExportJobs":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to get a list of export jobs for the specified datastore","accessLevel":"List","resourceTypes":[{"name":"datastore","required":true}]},"ListFHIRImportJobs":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to get a list of import jobs for the specified datastore","accessLevel":"List","resourceTypes":[{"name":"datastore","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to get a list of tags for the specified datastore","accessLevel":"List","resourceTypes":[{"name":"datastore","required":false}]},"LookupCodeSystemWithGet":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to retrieve Codes for a CodeSystem resource","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"LookupCodeSystemWithPost":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to retrieve Codes for a CodeSystem resource","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"MemberAdd":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to attribute a member with a specific provider group","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"MemberMatch":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to enable cross-system patient matching","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"MemberRemove":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to remove a member from a group","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"PatchResource":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to patch a resource","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"ProcessBundle":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to bundle multiple resource operations","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"QuestionnairePackage":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to retrieve Questionnaire packages with dependency Library and ValueSet resources","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"ReadResource":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to read resource","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"RetrieveAttributionStatus":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to retrieve member attribution status","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"SearchEverything":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to search all resources related to a patient","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"SearchWithGet":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to search resources with GET method","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"SearchWithPost":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to search resources with POST method","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"StartFHIRBulkDeleteJob":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to begin a FHIR Bulk Delete Job","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"StartFHIRExportJob":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to begin a FHIR Export job","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"StartFHIRExportJobWithGet":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to begin a FHIR Export job with Get","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"StartFHIRExportJobWithPost":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to begin a FHIR Export job with Post","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"StartFHIRImportJob":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to begin a FHIR Import job","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"SubmitPreAuthClaim":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to submit a prior authorization Claim request","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"datastore"}],"description":"Grants permission to add tags to a datastore","accessLevel":"Tagging","resourceTypes":[{"name":"datastore","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"datastore"}],"description":"Grants permission to remove tags associated with a datastore","accessLevel":"Tagging","resourceTypes":[{"name":"datastore","required":false}]},"UpdateResource":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to update resource","accessLevel":"Write","resourceTypes":[{"name":"datastore","required":true}]},"ValidateResource":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to validate a resource","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]},"VersionReadResource":{"conditionKeys":[],"resources":[{"name":"datastore"}],"description":"Grants permission to read version of a resource","accessLevel":"Read","resourceTypes":[{"name":"datastore","required":true}]}},"resources":[{"name":"datastore","arnFormats":["arn:${Partition}:healthlake:${Region}:${Account}:datastore/fhir/${DatastoreId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the presence of tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the presence of tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of tag keys in the request"}}}

package/src/data/servicereference/services/honeycode.json

@@ -0,0 +1 @@
+{"name":"honeycode","actions":{"ApproveTeamAssociation":{"conditionKeys":[],"resources":[],"description":"Grants permission to approve a team association request for your AWS Account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"BatchCreateTableRows":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to create new rows in a table","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"BatchDeleteTableRows":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to delete rows from a table","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"BatchUpdateTableRows":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to update rows in a table","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"BatchUpsertTableRows":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to upsert rows in a table","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"CreateTeam":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a new Amazon Honeycode team for your AWS Account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"CreateTenant":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a new tenant within Amazon Honeycode for your AWS Account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"DeleteDomains":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete Amazon Honeycode domains for your AWS Account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"DeregisterGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to remove groups from an Amazon Honeycode team for your AWS Account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"DescribeTableDataImportJob":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to get details about a table data import job","accessLevel":"Read","resourceTypes":[{"name":"table","required":true}]},"DescribeTeam":{"conditionKeys":[],"resources":[],"description":"Grants permission to get details about Amazon Honeycode teams for your AWS Account","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetScreenData":{"conditionKeys":[],"resources":[{"name":"screen"}],"description":"Grants permission to load the data from a screen","accessLevel":"Read","resourceTypes":[{"name":"screen","required":true}]},"InvokeScreenAutomation":{"conditionKeys":[],"resources":[{"name":"screen-automation"}],"description":"Grants permission to invoke a screen automation","accessLevel":"Write","resourceTypes":[{"name":"screen-automation","required":true}]},"ListDomains":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all Amazon Honeycode domains and their verification status for your AWS Account","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all groups in an Amazon Honeycode team for your AWS Account","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListTableColumns":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to list the columns in a table","accessLevel":"List","resourceTypes":[{"name":"table","required":true}]},"ListTableRows":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to list the rows in a table","accessLevel":"List","resourceTypes":[{"name":"table","required":true}]},"ListTables":{"conditionKeys":[],"resources":[{"name":"workbook"}],"description":"Grants permission to list the tables in a workbook","accessLevel":"List","resourceTypes":[{"name":"workbook","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all tags for a resource","accessLevel":"Tagging","resourceTypes":[]},"ListTeamAssociations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all pending and approved team associations with your AWS Account","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListTenants":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all tenants of Amazon Honeycode for your AWS Account","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"QueryTableRows":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to query the rows of a table using a filter","accessLevel":"Read","resourceTypes":[{"name":"table","required":true}]},"RegisterDomainForVerification":{"conditionKeys":[],"resources":[],"description":"Grants permission to request verification of the Amazon Honeycode domains for your AWS Account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"RegisterGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to add groups to an Amazon Honeycode team for your AWS Account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"RejectTeamAssociation":{"conditionKeys":[],"resources":[],"description":"Grants permission to reject a team association request for your AWS Account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"RestartDomainVerification":{"conditionKeys":[],"resources":[],"description":"Grants permission to restart verification of the Amazon Honeycode domains for your AWS Account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"StartTableDataImportJob":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to start a table data import job","accessLevel":"Write","resourceTypes":[{"name":"table","required":true}]},"TagResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to tag a resource","accessLevel":"Tagging","resourceTypes":[]},"UntagResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to untag a resource","accessLevel":"Tagging","resourceTypes":[]},"UpdateTeam":{"conditionKeys":[],"resources":[],"description":"Grants permission to update an Amazon Honeycode team for your AWS Account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true}},"resources":[{"name":"screen","arnFormats":["arn:${Partition}:honeycode:${Region}:${Account}:screen:workbook/${WorkbookId}/app/${AppId}/screen/${ScreenId}"],"conditionKeys":[]},{"name":"screen-automation","arnFormats":["arn:${Partition}:honeycode:${Region}:${Account}:screen-automation:workbook/${WorkbookId}/app/${AppId}/screen/${ScreenId}/automation/${AutomationId}"],"conditionKeys":[]},{"name":"table","arnFormats":["arn:${Partition}:honeycode:${Region}:${Account}:table:workbook/${WorkbookId}/table/${TableId}"],"conditionKeys":[]},{"name":"workbook","arnFormats":["arn:${Partition}:honeycode:${Region}:${Account}:workbook:workbook/${WorkbookId}"],"conditionKeys":[]}],"conditionKeys":{}}

package/src/data/servicereference/services/iam.json

@@ -0,0 +1 @@
+{"name":"iam","actions":{"AcceptDelegationRequest":{"conditionKeys":[],"resources":[{"name":"delegation-request"}],"description":"Accepts a delegation request resource, granting the requested temporary access","accessLevel":"Write","resourceTypes":[{"name":"delegation-request","required":true}]},"AddClientIDToOpenIDConnectProvider":{"conditionKeys":[],"resources":[{"name":"oidc-provider"}],"description":"Grants permission to add a new client ID (audience) to the list of registered IDs for the specified IAM OpenID Connect (OIDC) provider resource","accessLevel":"Write","resourceTypes":[{"name":"oidc-provider","required":true}]},"AddRoleToInstanceProfile":{"conditionKeys":[],"resources":[{"name":"instance-profile"}],"description":"Grants permission to add an IAM role to the specified instance profile","accessLevel":"Write","resourceTypes":[{"name":"instance-profile","required":true}],"dependentActions":["iam:PassRole"]},"AddUserToGroup":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to add an IAM user to the specified IAM group","accessLevel":"Write","resourceTypes":[{"name":"group","required":true}]},"AssociateDelegationRequest":{"conditionKeys":[],"resources":[{"name":"delegation-request"}],"description":"Associates a delegation request resource with the calling identity","accessLevel":"Write","resourceTypes":[{"name":"delegation-request","required":true}]},"AttachGroupPolicy":{"conditionKeys":["iam:PolicyARN"],"resources":[{"name":"group"}],"description":"Grants permission to attach a managed policy to the specified IAM group","accessLevel":"Permissions management","resourceTypes":[{"name":"group","required":true}]},"AttachRolePolicy":{"conditionKeys":["iam:PermissionsBoundary","iam:PolicyARN"],"resources":[{"name":"role"}],"description":"Grants permission to attach a managed policy to the specified IAM role","accessLevel":"Permissions management","resourceTypes":[{"name":"role","required":true}]},"AttachUserPolicy":{"conditionKeys":["iam:PermissionsBoundary","iam:PolicyARN"],"resources":[{"name":"user"}],"description":"Grants permission to attach a managed policy to the specified IAM user","accessLevel":"Permissions management","resourceTypes":[{"name":"user","required":true}]},"ChangePassword":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to an IAM user to change their own password","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"CreateAccessKey":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to create access key and secret access key for the specified IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"CreateAccountAlias":{"conditionKeys":[],"resources":[],"description":"Grants permission to create an alias for your AWS account","accessLevel":"Write","resourceTypes":[]},"CreateDelegationRequest":{"conditionKeys":["iam:DelegationDuration","iam:NotificationChannel","iam:TemplateArn"],"resources":[{"name":"delegation-request"}],"description":"Creates an IAM delegation request resource for temporary access delegation","accessLevel":"Write","resourceTypes":[{"name":"delegation-request","required":true}]},"CreateGroup":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to create a new group","accessLevel":"Write","resourceTypes":[{"name":"group","required":true}]},"CreateInstanceProfile":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"instance-profile"}],"description":"Grants permission to create a new instance profile","accessLevel":"Write","resourceTypes":[{"name":"instance-profile","required":true}]},"CreateLoginProfile":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to create a password for the specified IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"CreateOpenIDConnectProvider":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"oidc-provider"}],"description":"Grants permission to create an IAM resource that describes an identity provider (IdP) that supports OpenID Connect (OIDC)","accessLevel":"Write","resourceTypes":[{"name":"oidc-provider","required":true}]},"CreatePolicy":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"policy"}],"description":"Grants permission to create a new managed policy","accessLevel":"Permissions management","resourceTypes":[{"name":"policy","required":true}]},"CreatePolicyVersion":{"conditionKeys":[],"resources":[{"name":"policy"}],"description":"Grants permission to create a new version of the specified managed policy","accessLevel":"Permissions management","resourceTypes":[{"name":"policy","required":true}]},"CreateRole":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","iam:PermissionsBoundary"],"resources":[{"name":"role"}],"description":"Grants permission to create a new role","accessLevel":"Write","resourceTypes":[{"name":"role","required":true}]},"CreateSAMLProvider":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"saml-provider"}],"description":"Grants permission to create an IAM resource that describes an identity provider (IdP) that supports SAML 2.0","accessLevel":"Write","resourceTypes":[{"name":"saml-provider","required":true}]},"CreateServiceLinkedRole":{"conditionKeys":["iam:AWSServiceName"],"resources":[{"name":"role"}],"description":"Grants permission to create an IAM role that allows an AWS service to perform actions on your behalf","accessLevel":"Write","resourceTypes":[{"name":"role","required":true}]},"CreateServiceSpecificCredential":{"conditionKeys":["iam:ServiceSpecificCredentialAgeDays","iam:ServiceSpecificCredentialServiceName"],"resources":[{"name":"user"}],"description":"Grants permission to create a new service-specific credential for an IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"CreateUser":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","iam:PermissionsBoundary"],"resources":[{"name":"user"}],"description":"Grants permission to create a new IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"CreateVirtualMFADevice":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"mfa"}],"description":"Grants permission to create a new virtual MFA device","accessLevel":"Write","resourceTypes":[{"name":"mfa","required":true}]},"DeactivateMFADevice":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to deactivate the specified MFA device and remove its association with the IAM user for which it was originally enabled","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"DeleteAccessKey":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to delete the access key pair that is associated with the specified IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"DeleteAccountAlias":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete the specified AWS account alias","accessLevel":"Write","resourceTypes":[]},"DeleteAccountPasswordPolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete the password policy for the AWS account","accessLevel":"Permissions management","resourceTypes":[]},"DeleteCloudFrontPublicKey":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete an existing CloudFront public key","accessLevel":"Write","resourceTypes":[]},"DeleteGroup":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to delete the specified IAM group","accessLevel":"Write","resourceTypes":[{"name":"group","required":true}]},"DeleteGroupPolicy":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to delete the specified inline policy from its group","accessLevel":"Permissions management","resourceTypes":[{"name":"group","required":true}]},"DeleteInstanceProfile":{"conditionKeys":[],"resources":[{"name":"instance-profile"}],"description":"Grants permission to delete the specified instance profile","accessLevel":"Write","resourceTypes":[{"name":"instance-profile","required":true}]},"DeleteLoginProfile":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to delete the password for the specified IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"DeleteOpenIDConnectProvider":{"conditionKeys":[],"resources":[{"name":"oidc-provider"}],"description":"Grants permission to delete an OpenID Connect identity provider (IdP) resource object in IAM","accessLevel":"Write","resourceTypes":[{"name":"oidc-provider","required":true}]},"DeletePolicy":{"conditionKeys":[],"resources":[{"name":"policy"}],"description":"Grants permission to delete the specified managed policy and remove it from any IAM entities (users, groups, or roles) to which it is attached","accessLevel":"Permissions management","resourceTypes":[{"name":"policy","required":true}]},"DeletePolicyVersion":{"conditionKeys":[],"resources":[{"name":"policy"}],"description":"Grants permission to delete a version from the specified managed policy","accessLevel":"Permissions management","resourceTypes":[{"name":"policy","required":true}]},"DeleteRole":{"conditionKeys":["iam:PermissionsBoundary"],"resources":[{"name":"role"}],"description":"Grants permission to delete the specified role","accessLevel":"Write","resourceTypes":[{"name":"role","required":true}]},"DeleteRolePermissionsBoundary":{"conditionKeys":["iam:PermissionsBoundary"],"resources":[{"name":"role"}],"description":"Grants permission to remove the permissions boundary from a role","accessLevel":"Permissions management","resourceTypes":[{"name":"role","required":true}]},"DeleteRolePolicy":{"conditionKeys":["iam:PermissionsBoundary"],"resources":[{"name":"role"}],"description":"Grants permission to delete the specified inline policy from the specified role","accessLevel":"Permissions management","resourceTypes":[{"name":"role","required":true}]},"DeleteSAMLProvider":{"conditionKeys":[],"resources":[{"name":"saml-provider"}],"description":"Grants permission to delete a SAML provider resource in IAM","accessLevel":"Write","resourceTypes":[{"name":"saml-provider","required":true}]},"DeleteSSHPublicKey":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to delete the specified SSH public key","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"DeleteServerCertificate":{"conditionKeys":[],"resources":[{"name":"server-certificate"}],"description":"Grants permission to delete the specified server certificate","accessLevel":"Write","resourceTypes":[{"name":"server-certificate","required":true}]},"DeleteServiceLinkedRole":{"conditionKeys":[],"resources":[{"name":"role"}],"description":"Grants permission to delete an IAM role that is linked to a specific AWS service, if the service is no longer using it","accessLevel":"Write","resourceTypes":[{"name":"role","required":true}]},"DeleteServiceSpecificCredential":{"conditionKeys":["iam:ServiceSpecificCredentialServiceName"],"resources":[{"name":"user"}],"description":"Grants permission to delete the specified service-specific credential for an IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"DeleteSigningCertificate":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to delete a signing certificate that is associated with the specified IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"DeleteUser":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to delete the specified IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"DeleteUserPermissionsBoundary":{"conditionKeys":["iam:PermissionsBoundary"],"resources":[{"name":"user"}],"description":"Grants permission to remove the permissions boundary from the specified IAM user","accessLevel":"Permissions management","resourceTypes":[{"name":"user","required":true}]},"DeleteUserPolicy":{"conditionKeys":["iam:PermissionsBoundary"],"resources":[{"name":"user"}],"description":"Grants permission to delete the specified inline policy from an IAM user","accessLevel":"Permissions management","resourceTypes":[{"name":"user","required":true}]},"DeleteVirtualMFADevice":{"conditionKeys":[],"resources":[{"name":"mfa"},{"name":"sms-mfa"}],"description":"Grants permission to delete a virtual MFA device","accessLevel":"Write","resourceTypes":[{"name":"mfa","required":false},{"name":"sms-mfa","required":false}]},"DetachGroupPolicy":{"conditionKeys":["iam:PolicyARN"],"resources":[{"name":"group"}],"description":"Grants permission to detach a managed policy from the specified IAM group","accessLevel":"Permissions management","resourceTypes":[{"name":"group","required":true}]},"DetachRolePolicy":{"conditionKeys":["iam:PermissionsBoundary","iam:PolicyARN"],"resources":[{"name":"role"}],"description":"Grants permission to detach a managed policy from the specified role","accessLevel":"Permissions management","resourceTypes":[{"name":"role","required":true}]},"DetachUserPolicy":{"conditionKeys":["iam:PermissionsBoundary","iam:PolicyARN"],"resources":[{"name":"user"}],"description":"Grants permission to detach a managed policy from the specified IAM user","accessLevel":"Permissions management","resourceTypes":[{"name":"user","required":true}]},"DisableOrganizationsRootCredentialsManagement":{"conditionKeys":[],"resources":[],"description":"Grants permission to disable the management of member account root user credentials for an organization managed under the current account","accessLevel":"Write","resourceTypes":[]},"DisableOrganizationsRootSessions":{"conditionKeys":[],"resources":[],"description":"Grants permission to disable privileged root actions in member accounts for an organization managed under the current account","accessLevel":"Write","resourceTypes":[]},"DisableOutboundWebIdentityFederation":{"conditionKeys":[],"resources":[],"description":"Disables the outbound identity federation feature for the callers account","accessLevel":"Write","resourceTypes":[]},"EnableMFADevice":{"conditionKeys":["iam:FIDO-FIPS-140-2-certification","iam:FIDO-FIPS-140-3-certification","iam:FIDO-certification","iam:RegisterSecurityKey"],"resources":[{"name":"user"}],"description":"Grants permission to enable an MFA device and associate it with the specified IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"EnableOrganizationsRootCredentialsManagement":{"conditionKeys":[],"resources":[],"description":"Grants permission to enable the management of member account root user credentials for an organization managed under the current account","accessLevel":"Write","resourceTypes":[]},"EnableOrganizationsRootSessions":{"conditionKeys":[],"resources":[],"description":"Grants permission to enable privileged root actions in member accounts for an organization managed under the current account","accessLevel":"Write","resourceTypes":[]},"EnableOutboundWebIdentityFederation":{"conditionKeys":[],"resources":[],"description":"Enables the outbound identity federation feature for the callers account","accessLevel":"Write","resourceTypes":[]},"GenerateCredentialReport":{"conditionKeys":[],"resources":[],"description":"Grants permission to generate a credential report for the AWS account","accessLevel":"Read","resourceTypes":[]},"GenerateOrganizationsAccessReport":{"conditionKeys":["iam:OrganizationsPolicyId"],"resources":[{"name":"access-report"}],"description":"Grants permission to generate an access report for an AWS Organizations entity","accessLevel":"Read","resourceTypes":[{"name":"access-report","required":true}],"dependentActions":["organizations:DescribePolicy","organizations:ListChildren","organizations:ListParents","organizations:ListPoliciesForTarget","organizations:ListRoots","organizations:ListTargetsForPolicy"]},"GenerateServiceLastAccessedDetails":{"conditionKeys":[],"resources":[{"name":"group"},{"name":"policy"},{"name":"role"},{"name":"user"}],"description":"Grants permission to generate a service last accessed data report for an IAM resource","accessLevel":"Read","resourceTypes":[{"name":"group","required":true},{"name":"policy","required":true},{"name":"role","required":true},{"name":"user","required":true}]},"GetAccessKeyLastUsed":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to retrieve information about when the specified access key was last used","accessLevel":"Read","resourceTypes":[{"name":"user","required":true}]},"GetAccountAuthorizationDetails":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another","accessLevel":"Read","resourceTypes":[]},"GetAccountEmailAddress":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the email address that is associated with the account","accessLevel":"Read","resourceTypes":[]},"GetAccountName":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the account name that is associated with the account","accessLevel":"Read","resourceTypes":[]},"GetAccountPasswordPolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the password policy for the AWS account","accessLevel":"Read","resourceTypes":[]},"GetAccountSummary":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about IAM entity usage and IAM quotas in the AWS account","accessLevel":"List","resourceTypes":[]},"GetCloudFrontPublicKey":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about the specified CloudFront public key","accessLevel":"Read","resourceTypes":[]},"GetContextKeysForCustomPolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of all of the context keys that are referenced in the specified policy","accessLevel":"Read","resourceTypes":[]},"GetContextKeysForPrincipalPolicy":{"conditionKeys":[],"resources":[{"name":"group"},{"name":"role"},{"name":"user"}],"description":"Grants permission to retrieve a list of all context keys that are referenced in all IAM policies that are attached to the specified IAM identity (user, group, or role)","accessLevel":"Read","resourceTypes":[{"name":"group","required":false},{"name":"role","required":false},{"name":"user","required":false}]},"GetCredentialReport":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a credential report for the AWS account","accessLevel":"Read","resourceTypes":[]},"GetDelegationRequest":{"conditionKeys":[],"resources":[{"name":"delegation-request"}],"description":"Retrieves information about a specific delegation request","accessLevel":"Read","resourceTypes":[{"name":"delegation-request","required":true}]},"GetGroup":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to retrieve a list of IAM users in the specified IAM group","accessLevel":"Read","resourceTypes":[{"name":"group","required":true}]},"GetGroupPolicy":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to retrieve an inline policy document that is embedded in the specified IAM group","accessLevel":"Read","resourceTypes":[{"name":"group","required":true}]},"GetHumanReadableSummary":{"conditionKeys":[],"resources":[{"name":"delegation-request"}],"description":"Retrieves a human readable summary for a given entity. At this time, only delegation request are supported","accessLevel":"Read","resourceTypes":[{"name":"delegation-request","required":true}]},"GetInstanceProfile":{"conditionKeys":[],"resources":[{"name":"instance-profile"}],"description":"Grants permission to retrieve information about the specified instance profile, including the instance profile's path, GUID, ARN, and role","accessLevel":"Read","resourceTypes":[{"name":"instance-profile","required":true}]},"GetLoginProfile":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to retrieve the user name and password creation date for the specified IAM user","accessLevel":"List","resourceTypes":[{"name":"user","required":true}]},"GetMFADevice":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to retrieve information about an MFA device for the specified user","accessLevel":"Read","resourceTypes":[{"name":"user","required":true}]},"GetOpenIDConnectProvider":{"conditionKeys":[],"resources":[{"name":"oidc-provider"}],"description":"Grants permission to retrieve information about the specified OpenID Connect (OIDC) provider resource in IAM","accessLevel":"Read","resourceTypes":[{"name":"oidc-provider","required":true}]},"GetOrganizationsAccessReport":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve an AWS Organizations access report","accessLevel":"Read","resourceTypes":[]},"GetOutboundWebIdentityFederationInfo":{"conditionKeys":[],"resources":[],"description":"Retrieves the configuration information for the outbound identity federation feature for the callers account","accessLevel":"Read","resourceTypes":[]},"GetPolicy":{"conditionKeys":[],"resources":[{"name":"policy"}],"description":"Grants permission to retrieve information about the specified managed policy, including the policy's default version and the total number of identities to which the policy is attached","accessLevel":"Read","resourceTypes":[{"name":"policy","required":true}]},"GetPolicyVersion":{"conditionKeys":[],"resources":[{"name":"policy"}],"description":"Grants permission to retrieve information about a version of the specified managed policy, including the policy document","accessLevel":"Read","resourceTypes":[{"name":"policy","required":true}]},"GetRole":{"conditionKeys":["iam:PermissionsBoundary"],"resources":[{"name":"role"}],"description":"Grants permission to retrieve information about the specified role, including the role's path, GUID, ARN, and the role's trust policy","accessLevel":"Read","resourceTypes":[{"name":"role","required":true}]},"GetRolePolicy":{"conditionKeys":[],"resources":[{"name":"role"}],"description":"Grants permission to retrieve an inline policy document that is embedded with the specified IAM role","accessLevel":"Read","resourceTypes":[{"name":"role","required":true}]},"GetSAMLProvider":{"conditionKeys":[],"resources":[{"name":"saml-provider"}],"description":"Grants permission to retrieve the SAML provider metadocument that was uploaded when the IAM SAML provider resource was created or updated","accessLevel":"Read","resourceTypes":[{"name":"saml-provider","required":true}]},"GetSSHPublicKey":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to retrieve the specified SSH public key, including metadata about the key","accessLevel":"Read","resourceTypes":[{"name":"user","required":true}]},"GetServerCertificate":{"conditionKeys":[],"resources":[{"name":"server-certificate"}],"description":"Grants permission to retrieve information about the specified server certificate stored in IAM","accessLevel":"Read","resourceTypes":[{"name":"server-certificate","required":true}]},"GetServiceLastAccessedDetails":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about the service last accessed data report","accessLevel":"Read","resourceTypes":[]},"GetServiceLastAccessedDetailsWithEntities":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about the entities from the service last accessed data report","accessLevel":"Read","resourceTypes":[]},"GetServiceLinkedRoleDeletionStatus":{"conditionKeys":[],"resources":[{"name":"role"}],"description":"Grants permission to retrieve an IAM service-linked role deletion status","accessLevel":"Read","resourceTypes":[{"name":"role","required":true}]},"GetUser":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to retrieve information about the specified IAM user, including the user's creation date, path, unique ID, and ARN","accessLevel":"Read","resourceTypes":[{"name":"user","required":true}]},"GetUserPolicy":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to retrieve an inline policy document that is embedded in the specified IAM user","accessLevel":"Read","resourceTypes":[{"name":"user","required":true}]},"ListAccessKeys":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to list information about the access key IDs that are associated with the specified IAM user","accessLevel":"List","resourceTypes":[{"name":"user","required":true}]},"ListAccountAliases":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the account alias that is associated with the AWS account","accessLevel":"List","resourceTypes":[]},"ListAttachedGroupPolicies":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to list all managed policies that are attached to the specified IAM group","accessLevel":"List","resourceTypes":[{"name":"group","required":true}]},"ListAttachedRolePolicies":{"conditionKeys":[],"resources":[{"name":"role"}],"description":"Grants permission to list all managed policies that are attached to the specified IAM role","accessLevel":"List","resourceTypes":[{"name":"role","required":true}]},"ListAttachedUserPolicies":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to list all managed policies that are attached to the specified IAM user","accessLevel":"List","resourceTypes":[{"name":"user","required":true}]},"ListCloudFrontPublicKeys":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all current CloudFront public keys for the account","accessLevel":"List","resourceTypes":[]},"ListDelegationRequests":{"conditionKeys":["iam:DelegationRequestOwner"],"resources":[],"description":"Lists delegation requests based on the specified criteria","accessLevel":"List","resourceTypes":[]},"ListEntitiesForPolicy":{"conditionKeys":[],"resources":[{"name":"policy"}],"description":"Grants permission to list all IAM identities to which the specified managed policy is attached","accessLevel":"List","resourceTypes":[{"name":"policy","required":true}]},"ListGroupPolicies":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to list the names of the inline policies that are embedded in the specified IAM group","accessLevel":"List","resourceTypes":[{"name":"group","required":true}]},"ListGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the IAM groups that have the specified path prefix","accessLevel":"List","resourceTypes":[]},"ListGroupsForUser":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to list the IAM groups that the specified IAM user belongs to","accessLevel":"List","resourceTypes":[{"name":"user","required":true}]},"ListInstanceProfileTags":{"conditionKeys":[],"resources":[{"name":"instance-profile"}],"description":"Grants permission to list the tags that are attached to the specified instance profile","accessLevel":"List","resourceTypes":[{"name":"instance-profile","required":true}]},"ListInstanceProfiles":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the instance profiles that have the specified path prefix","accessLevel":"List","resourceTypes":[]},"ListInstanceProfilesForRole":{"conditionKeys":[],"resources":[{"name":"role"}],"description":"Grants permission to list the instance profiles that have the specified associated IAM role","accessLevel":"List","resourceTypes":[{"name":"role","required":true}]},"ListMFADeviceTags":{"conditionKeys":[],"resources":[{"name":"mfa"}],"description":"Grants permission to list the tags that are attached to the specified virtual mfa device","accessLevel":"List","resourceTypes":[{"name":"mfa","required":true}]},"ListMFADevices":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to list the MFA devices for an IAM user","accessLevel":"List","resourceTypes":[{"name":"user","required":false}]},"ListOpenIDConnectProviderTags":{"conditionKeys":[],"resources":[{"name":"oidc-provider"}],"description":"Grants permission to list the tags that are attached to the specified OpenID Connect provider","accessLevel":"List","resourceTypes":[{"name":"oidc-provider","required":true}]},"ListOpenIDConnectProviders":{"conditionKeys":[],"resources":[],"description":"Grants permission to list information about the IAM OpenID Connect (OIDC) provider resource objects that are defined in the AWS account","accessLevel":"List","resourceTypes":[]},"ListOrganizationsFeatures":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the centralized root access features enabled for your organization","accessLevel":"List","resourceTypes":[]},"ListPolicies":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all managed policies","accessLevel":"List","resourceTypes":[]},"ListPoliciesGrantingServiceAccess":{"conditionKeys":[],"resources":[{"name":"group"},{"name":"role"},{"name":"user"}],"description":"Grants permission to list information about the policies that grant an entity access to a specific service","accessLevel":"List","resourceTypes":[{"name":"group","required":true},{"name":"role","required":true},{"name":"user","required":true}]},"ListPolicyTags":{"conditionKeys":[],"resources":[{"name":"policy"}],"description":"Grants permission to list the tags that are attached to the specified managed policy","accessLevel":"List","resourceTypes":[{"name":"policy","required":true}]},"ListPolicyVersions":{"conditionKeys":[],"resources":[{"name":"policy"}],"description":"Grants permission to list information about the versions of the specified managed policy, including the version that is currently set as the policy's default version","accessLevel":"List","resourceTypes":[{"name":"policy","required":true}]},"ListRolePolicies":{"conditionKeys":[],"resources":[{"name":"role"}],"description":"Grants permission to list the names of the inline policies that are embedded in the specified IAM role","accessLevel":"List","resourceTypes":[{"name":"role","required":true}]},"ListRoleTags":{"conditionKeys":[],"resources":[{"name":"role"}],"description":"Grants permission to list the tags that are attached to the specified IAM role","accessLevel":"List","resourceTypes":[{"name":"role","required":true}]},"ListRoles":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the IAM roles that have the specified path prefix","accessLevel":"List","resourceTypes":[]},"ListSAMLProviderTags":{"conditionKeys":[],"resources":[{"name":"saml-provider"}],"description":"Grants permission to list the tags that are attached to the specified SAML provider","accessLevel":"List","resourceTypes":[{"name":"saml-provider","required":true}]},"ListSAMLProviders":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the SAML provider resources in IAM","accessLevel":"List","resourceTypes":[]},"ListSSHPublicKeys":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to list information about the SSH public keys that are associated with the specified IAM user","accessLevel":"List","resourceTypes":[{"name":"user","required":true}]},"ListSTSRegionalEndpointsStatus":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the status of all active STS regional endpoints","accessLevel":"List","resourceTypes":[]},"ListServerCertificateTags":{"conditionKeys":[],"resources":[{"name":"server-certificate"}],"description":"Grants permission to list the tags that are attached to the specified server certificate","accessLevel":"List","resourceTypes":[{"name":"server-certificate","required":true}]},"ListServerCertificates":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the server certificates that have the specified path prefix","accessLevel":"List","resourceTypes":[]},"ListServiceSpecificCredentials":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to list the service-specific credentials that are associated with the specified IAM user","accessLevel":"List","resourceTypes":[{"name":"user","required":true}]},"ListSigningCertificates":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to list information about the signing certificates that are associated with the specified IAM user","accessLevel":"List","resourceTypes":[{"name":"user","required":true}]},"ListUserPolicies":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to list the names of the inline policies that are embedded in the specified IAM user","accessLevel":"List","resourceTypes":[{"name":"user","required":true}]},"ListUserTags":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to list the tags that are attached to the specified IAM user","accessLevel":"List","resourceTypes":[{"name":"user","required":true}]},"ListUsers":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the IAM users that have the specified path prefix","accessLevel":"List","resourceTypes":[]},"ListVirtualMFADevices":{"conditionKeys":[],"resources":[],"description":"Grants permission to list virtual MFA devices by assignment status","accessLevel":"List","resourceTypes":[]},"PassRole":{"conditionKeys":["iam:AssociatedResourceArn","iam:PassedToService"],"resources":[{"name":"role"}],"description":"Grants permission to pass a role to a service","accessLevel":"Write","resourceTypes":[{"name":"role","required":true}],"permissionOnly":true},"PutGroupPolicy":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to create or update an inline policy document that is embedded in the specified IAM group","accessLevel":"Permissions management","resourceTypes":[{"name":"group","required":true}]},"PutRolePermissionsBoundary":{"conditionKeys":["iam:PermissionsBoundary"],"resources":[{"name":"role"}],"description":"Grants permission to set a managed policy as a permissions boundary for a role","accessLevel":"Permissions management","resourceTypes":[{"name":"role","required":true}]},"PutRolePolicy":{"conditionKeys":["iam:PermissionsBoundary"],"resources":[{"name":"role"}],"description":"Grants permission to create or update an inline policy document that is embedded in the specified IAM role","accessLevel":"Permissions management","resourceTypes":[{"name":"role","required":true}]},"PutUserPermissionsBoundary":{"conditionKeys":["iam:PermissionsBoundary"],"resources":[{"name":"user"}],"description":"Grants permission to set a managed policy as a permissions boundary for an IAM user","accessLevel":"Permissions management","resourceTypes":[{"name":"user","required":true}]},"PutUserPolicy":{"conditionKeys":["iam:PermissionsBoundary"],"resources":[{"name":"user"}],"description":"Grants permission to create or update an inline policy document that is embedded in the specified IAM user","accessLevel":"Permissions management","resourceTypes":[{"name":"user","required":true}]},"RejectDelegationRequest":{"conditionKeys":[],"resources":[{"name":"delegation-request"}],"description":"Rejects a delegation request, denying the requested temporary access","accessLevel":"Write","resourceTypes":[{"name":"delegation-request","required":true}]},"RemoveClientIDFromOpenIDConnectProvider":{"conditionKeys":[],"resources":[{"name":"oidc-provider"}],"description":"Grants permission to remove the client ID (audience) from the list of client IDs in the specified IAM OpenID Connect (OIDC) provider resource","accessLevel":"Write","resourceTypes":[{"name":"oidc-provider","required":true}]},"RemoveRoleFromInstanceProfile":{"conditionKeys":[],"resources":[{"name":"instance-profile"}],"description":"Grants permission to remove an IAM role from the specified EC2 instance profile","accessLevel":"Write","resourceTypes":[{"name":"instance-profile","required":true}]},"RemoveUserFromGroup":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to remove an IAM user from the specified group","accessLevel":"Write","resourceTypes":[{"name":"group","required":true}]},"ResetServiceSpecificCredential":{"conditionKeys":["iam:ServiceSpecificCredentialServiceName"],"resources":[{"name":"user"}],"description":"Grants permission to reset the password for an existing service-specific credential for an IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"ResyncMFADevice":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to synchronize the specified MFA device with its IAM entity (user or role)","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"SendDelegationToken":{"conditionKeys":[],"resources":[{"name":"delegation-request"}],"description":"Sends the exchange token for an accepted delegation request","accessLevel":"Write","resourceTypes":[{"name":"delegation-request","required":true}]},"SetDefaultPolicyVersion":{"conditionKeys":[],"resources":[{"name":"policy"}],"description":"Grants permission to set the version of the specified policy as the policy's default version","accessLevel":"Permissions management","resourceTypes":[{"name":"policy","required":true}]},"SetSTSRegionalEndpointStatus":{"conditionKeys":[],"resources":[],"description":"Grants permission to activate or deactivate an STS regional endpoint","accessLevel":"Write","resourceTypes":[]},"SetSecurityTokenServicePreferences":{"conditionKeys":[],"resources":[],"description":"Grants permission to set the STS global endpoint token version","accessLevel":"Write","resourceTypes":[]},"SimulateCustomPolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to simulate whether an identity-based policy or resource-based policy provides permissions for specific API operations and resources","accessLevel":"Read","resourceTypes":[]},"SimulatePrincipalPolicy":{"conditionKeys":[],"resources":[{"name":"group"},{"name":"role"},{"name":"user"}],"description":"Grants permission to simulate whether an identity-based policy that is attached to a specified IAM entity (user or role) provides permissions for specific API operations and resources","accessLevel":"Read","resourceTypes":[{"name":"group","required":false},{"name":"role","required":false},{"name":"user","required":false}]},"TagInstanceProfile":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"instance-profile"}],"description":"Grants permission to add tags to an instance profile","accessLevel":"Tagging","resourceTypes":[{"name":"instance-profile","required":true}]},"TagMFADevice":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"mfa"}],"description":"Grants permission to add tags to a virtual mfa device","accessLevel":"Tagging","resourceTypes":[{"name":"mfa","required":true}]},"TagOpenIDConnectProvider":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"oidc-provider"}],"description":"Grants permission to add tags to an OpenID Connect provider","accessLevel":"Tagging","resourceTypes":[{"name":"oidc-provider","required":true}]},"TagPolicy":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"policy"}],"description":"Grants permission to add tags to a managed policy","accessLevel":"Tagging","resourceTypes":[{"name":"policy","required":true}]},"TagRole":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"role"}],"description":"Grants permission to add tags to an IAM role","accessLevel":"Tagging","resourceTypes":[{"name":"role","required":true}]},"TagSAMLProvider":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"saml-provider"}],"description":"Grants permission to add tags to a SAML Provider","accessLevel":"Tagging","resourceTypes":[{"name":"saml-provider","required":true}]},"TagServerCertificate":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"server-certificate"}],"description":"Grants permission to add tags to a server certificate","accessLevel":"Tagging","resourceTypes":[{"name":"server-certificate","required":true}]},"TagUser":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"user"}],"description":"Grants permission to add tags to an IAM user","accessLevel":"Tagging","resourceTypes":[{"name":"user","required":true}]},"UntagInstanceProfile":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"instance-profile"}],"description":"Grants permission to remove the specified tags from the instance profile","accessLevel":"Tagging","resourceTypes":[{"name":"instance-profile","required":true}]},"UntagMFADevice":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"mfa"}],"description":"Grants permission to remove the specified tags from the virtual mfa device","accessLevel":"Tagging","resourceTypes":[{"name":"mfa","required":true}]},"UntagOpenIDConnectProvider":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"oidc-provider"}],"description":"Grants permission to remove the specified tags from the OpenID Connect provider","accessLevel":"Tagging","resourceTypes":[{"name":"oidc-provider","required":true}]},"UntagPolicy":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"policy"}],"description":"Grants permission to remove the specified tags from the managed policy","accessLevel":"Tagging","resourceTypes":[{"name":"policy","required":true}]},"UntagRole":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"role"}],"description":"Grants permission to remove the specified tags from the role","accessLevel":"Tagging","resourceTypes":[{"name":"role","required":true}]},"UntagSAMLProvider":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"saml-provider"}],"description":"Grants permission to remove the specified tags from the SAML Provider","accessLevel":"Tagging","resourceTypes":[{"name":"saml-provider","required":true}]},"UntagServerCertificate":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"server-certificate"}],"description":"Grants permission to remove the specified tags from the server certificate","accessLevel":"Tagging","resourceTypes":[{"name":"server-certificate","required":true}]},"UntagUser":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"user"}],"description":"Grants permission to remove the specified tags from the user","accessLevel":"Tagging","resourceTypes":[{"name":"user","required":true}]},"UpdateAccessKey":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to update the status of the specified access key as Active or Inactive","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"UpdateAccountEmailAddress":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the email address that is associated with the account","accessLevel":"Write","resourceTypes":[]},"UpdateAccountName":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the account name that is associated with the account","accessLevel":"Write","resourceTypes":[]},"UpdateAccountPasswordPolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the password policy settings for the AWS account","accessLevel":"Write","resourceTypes":[]},"UpdateAssumeRolePolicy":{"conditionKeys":["iam:PermissionsBoundary"],"resources":[{"name":"role"}],"description":"Grants permission to update the policy that grants an IAM entity permission to assume a role","accessLevel":"Permissions management","resourceTypes":[{"name":"role","required":true}]},"UpdateCloudFrontPublicKey":{"conditionKeys":[],"resources":[],"description":"Grants permission to update an existing CloudFront public key","accessLevel":"Write","resourceTypes":[]},"UpdateGroup":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to update the name or path of the specified IAM group","accessLevel":"Write","resourceTypes":[{"name":"group","required":true}]},"UpdateLoginProfile":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to change the password for the specified IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"UpdateOpenIDConnectProviderThumbprint":{"conditionKeys":[],"resources":[{"name":"oidc-provider"}],"description":"Grants permission to update the entire list of server certificate thumbprints that are associated with an OpenID Connect (OIDC) provider resource","accessLevel":"Write","resourceTypes":[{"name":"oidc-provider","required":true}]},"UpdateRole":{"conditionKeys":["iam:PermissionsBoundary"],"resources":[{"name":"role"}],"description":"Grants permission to update the description or maximum session duration setting of a role","accessLevel":"Write","resourceTypes":[{"name":"role","required":true}]},"UpdateRoleDescription":{"conditionKeys":["iam:PermissionsBoundary"],"resources":[{"name":"role"}],"description":"Grants permission to update only the description of a role","accessLevel":"Write","resourceTypes":[{"name":"role","required":true}]},"UpdateSAMLProvider":{"conditionKeys":[],"resources":[{"name":"saml-provider"}],"description":"Grants permission to update the metadata document for an existing SAML provider resource","accessLevel":"Write","resourceTypes":[{"name":"saml-provider","required":true}]},"UpdateSSHPublicKey":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to update the status of an IAM user's SSH public key to active or inactive","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"UpdateServerCertificate":{"conditionKeys":[],"resources":[{"name":"server-certificate"}],"description":"Grants permission to update the name or the path of the specified server certificate stored in IAM","accessLevel":"Write","resourceTypes":[{"name":"server-certificate","required":true}]},"UpdateServiceSpecificCredential":{"conditionKeys":["iam:ServiceSpecificCredentialServiceName"],"resources":[{"name":"user"}],"description":"Grants permission to update the status of a service-specific credential to active or inactive for an IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"UpdateSigningCertificate":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to update the status of the specified user signing certificate to active or disabled","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"UpdateUser":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to update the name or the path of the specified IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"UploadCloudFrontPublicKey":{"conditionKeys":[],"resources":[],"description":"Grants permission to upload a CloudFront public key","accessLevel":"Write","resourceTypes":[]},"UploadSSHPublicKey":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to upload an SSH public key and associate it with the specified IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]},"UploadServerCertificate":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"server-certificate"}],"description":"Grants permission to upload a server certificate entity for the AWS account","accessLevel":"Write","resourceTypes":[{"name":"server-certificate","required":true}]},"UploadSigningCertificate":{"conditionKeys":[],"resources":[{"name":"user"}],"description":"Grants permission to upload an X.509 signing certificate and associate it with the specified IAM user","accessLevel":"Write","resourceTypes":[{"name":"user","required":true}]}},"resources":[{"name":"access-report","arnFormats":["arn:${Partition}:iam::${Account}:access-report/${EntityPath}"],"conditionKeys":[]},{"name":"assumed-role","arnFormats":["arn:${Partition}:iam::${Account}:assumed-role/${RoleName}/${RoleSessionName}"],"conditionKeys":[]},{"name":"delegation-request","arnFormats":["arn:${Partition}:iam::${Account}:delegation-request/${DelegationRequestId}"],"conditionKeys":["iam:DelegationRequestOwner"]},{"name":"federated-user","arnFormats":["arn:${Partition}:iam::${Account}:federated-user/${UserName}"],"conditionKeys":[]},{"name":"group","arnFormats":["arn:${Partition}:iam::${Account}:group/${GroupNameWithPath}"],"conditionKeys":[]},{"name":"instance-profile","arnFormats":["arn:${Partition}:iam::${Account}:instance-profile/${InstanceProfileNameWithPath}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"mfa","arnFormats":["arn:${Partition}:iam::${Account}:mfa/${MfaTokenIdWithPath}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"oidc-provider","arnFormats":["arn:${Partition}:iam::${Account}:oidc-provider/${OidcProviderName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"policy","arnFormats":["arn:${Partition}:iam::${Account}:policy/${PolicyNameWithPath}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"role","arnFormats":["arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}"],"conditionKeys":["aws:ResourceTag/${TagKey}","iam:ResourceTag/${TagKey}"]},{"name":"saml-provider","arnFormats":["arn:${Partition}:iam::${Account}:saml-provider/${SamlProviderName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"server-certificate","arnFormats":["arn:${Partition}:iam::${Account}:server-certificate/${CertificateNameWithPath}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"sms-mfa","arnFormats":["arn:${Partition}:iam::${Account}:sms-mfa/${MfaTokenIdWithPath}"],"conditionKeys":[]},{"name":"user","arnFormats":["arn:${Partition}:iam::${Account}:user/${UserNameWithPath}"],"conditionKeys":["aws:ResourceTag/${TagKey}","iam:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access based on the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access based on the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access based on the tag keys that are passed in the request"},"iam:AWSServiceName":{"types":["String"],"description":"Filters access by the AWS service to which this role is attached"},"iam:AssociatedResourceArn":{"types":["ARN"],"description":"Filters access by the resource that the role will be used on behalf of"},"iam:DelegationDuration":{"types":["String"],"description":"Filters access based on the requested delegation duration"},"iam:DelegationRequestOwner":{"types":["ARN"],"description":"Filters access based on the delegation request owner"},"iam:FIDO-FIPS-140-2-certification":{"types":["String"],"description":"Filters access by the MFA device FIPS-140-2 validation certification level at the time of registration of a FIDO security key"},"iam:FIDO-FIPS-140-3-certification":{"types":["String"],"description":"Filters access by the MFA device FIPS-140-3 validation certification level at the time of registration of a FIDO security key"},"iam:FIDO-certification":{"types":["String"],"description":"Filters access by the MFA device FIDO certification level at the time of registration of a FIDO security key"},"iam:NotificationChannel":{"types":["String"],"description":"Filters access based on the requested notification channel"},"iam:OrganizationsPolicyId":{"types":["String"],"description":"Filters access by the ID of an AWS Organizations policy"},"iam:PassedToService":{"types":["String"],"description":"Filters access by the AWS service to which this role is passed"},"iam:PermissionsBoundary":{"types":["ARN"],"description":"Filters access if the specified policy is set as the permissions boundary on the IAM entity (user or role)"},"iam:PolicyARN":{"types":["ARN"],"description":"Filters access by the ARN of an IAM policy"},"iam:RegisterSecurityKey":{"types":["String"],"description":"Filters access by the current state of MFA device enablement"},"iam:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags attached to an IAM entity (user or role)"},"iam:ServiceSpecificCredentialAgeDays":{"types":["Numeric"],"description":"Filters access by the duration until the credential's expiration"},"iam:ServiceSpecificCredentialServiceName":{"types":["String"],"description":"Filters access by the service associated with the credential"},"iam:TemplateArn":{"types":["ARN"],"description":"Filters access based on the requested template ARN"}}}

package/src/data/servicereference/services/identity-sync.json

@@ -0,0 +1 @@
+{"name":"identity-sync","actions":{"AllowVendedLogDeliveryForResource":{"conditionKeys":[],"resources":[{"name":"SyncProfileResource"}],"description":"Grants permission to configure vended log delivery for a Sync Profile","accessLevel":"Permissions management","resourceTypes":[{"name":"SyncProfileResource","required":true}],"permissionOnly":true},"CreateSyncFilter":{"conditionKeys":[],"resources":[{"name":"SyncProfileResource"}],"description":"Grants permission to create a sync filter on the sync profile","accessLevel":"Write","resourceTypes":[{"name":"SyncProfileResource","required":true}]},"CreateSyncProfile":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a sync profile for the identity source","accessLevel":"Write","resourceTypes":[],"dependentActions":["ds:AuthorizeApplication"]},"CreateSyncTarget":{"conditionKeys":[],"resources":[{"name":"SyncProfileResource"}],"description":"Grants permission to create a sync target for the identity source","accessLevel":"Write","resourceTypes":[{"name":"SyncProfileResource","required":true}]},"DeleteSyncFilter":{"conditionKeys":[],"resources":[{"name":"SyncProfileResource"}],"description":"Grants permission to delete a sync filter from the sync profile","accessLevel":"Write","resourceTypes":[{"name":"SyncProfileResource","required":true}]},"DeleteSyncProfile":{"conditionKeys":[],"resources":[{"name":"SyncProfileResource"}],"description":"Grants permission to delete a sync profile from the source","accessLevel":"Write","resourceTypes":[{"name":"SyncProfileResource","required":true}],"dependentActions":["ds:UnauthorizeApplication"]},"DeleteSyncTarget":{"conditionKeys":[],"resources":[{"name":"SyncProfileResource"},{"name":"SyncTargetResource"}],"description":"Grants permission to delete a sync target from the source","accessLevel":"Write","resourceTypes":[{"name":"SyncProfileResource","required":true},{"name":"SyncTargetResource","required":true}]},"GetSyncProfile":{"conditionKeys":[],"resources":[{"name":"SyncProfileResource"}],"description":"Grants permission to retrieve a sync profile by using a sync profile name","accessLevel":"Read","resourceTypes":[{"name":"SyncProfileResource","required":true}]},"GetSyncTarget":{"conditionKeys":[],"resources":[{"name":"SyncProfileResource"},{"name":"SyncTargetResource"}],"description":"Grants permission to retrieve a sync target from the sync profile","accessLevel":"Read","resourceTypes":[{"name":"SyncProfileResource","required":true},{"name":"SyncTargetResource","required":true}]},"ListSyncFilters":{"conditionKeys":[],"resources":[{"name":"SyncProfileResource"}],"description":"Grants permission to list the sync filters from the sync profile","accessLevel":"List","resourceTypes":[{"name":"SyncProfileResource","required":true}]},"StartSync":{"conditionKeys":[],"resources":[{"name":"SyncProfileResource"}],"description":"Grants permission to start a sync process or to resume a sync process that was previously paused","accessLevel":"Write","resourceTypes":[{"name":"SyncProfileResource","required":true}]},"StopSync":{"conditionKeys":[],"resources":[{"name":"SyncProfileResource"}],"description":"Grants permission to stop any planned sync process in the sync schedule from starting","accessLevel":"Write","resourceTypes":[{"name":"SyncProfileResource","required":true}]},"UpdateSyncTarget":{"conditionKeys":[],"resources":[{"name":"SyncProfileResource"},{"name":"SyncTargetResource"}],"description":"Grants permission to update a sync target on the sync profile","accessLevel":"Write","resourceTypes":[{"name":"SyncProfileResource","required":true},{"name":"SyncTargetResource","required":true}]}},"resources":[{"name":"SyncProfileResource","arnFormats":["arn:${Partition}:identity-sync:${Region}:${Account}:profile/${SyncProfileName}"],"conditionKeys":[]},{"name":"SyncTargetResource","arnFormats":["arn:${Partition}:identity-sync:${Region}:${Account}:target/${SyncProfileName}/${SyncTargetName}"],"conditionKeys":[]}],"conditionKeys":{}}

package/src/data/servicereference/services/identitystore-auth.json

@@ -0,0 +1 @@
+{"name":"identitystore-auth","actions":{"BatchDeleteSession":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a batch of specified sessions","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"BatchGetSession":{"conditionKeys":[],"resources":[],"description":"Grants permission to return session attributes for a batch of specified sessions","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"ListSessions":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of active sessions for the specified user","accessLevel":"List","resourceTypes":[],"permissionOnly":true}},"resources":[],"conditionKeys":{}}

package/src/data/servicereference/services/identitystore.json

@@ -0,0 +1 @@
+{"name":"identitystore","actions":{"AddRegion":{"conditionKeys":[],"resources":[],"description":"Grants permission to add a region to an IdentityStore","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"CreateGroup":{"conditionKeys":["identitystore:GroupExternalIdIssuers","identitystore:PrimaryRegion"],"resources":[{"name":"Identitystore"}],"description":"Grants permission to create a group in the specified IdentityStore","accessLevel":"Write","resourceTypes":[{"name":"Identitystore","required":true}],"dependentActions":["kms:Decrypt"]},"CreateGroupMembership":{"conditionKeys":["identitystore:PrimaryRegion"],"resources":[{"name":"Group"},{"name":"Identitystore"},{"name":"User"}],"description":"Grants permission to create a member to a group in the specified IdentityStore","accessLevel":"Write","resourceTypes":[{"name":"Group","required":true},{"name":"Identitystore","required":true},{"name":"User","required":true}],"dependentActions":["kms:Decrypt"]},"CreateIdentityStore":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a new IdentityStore in an AWS account","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt","kms:DescribeKey","kms:Encrypt","kms:GenerateDataKeyWithoutPlaintext"]},"CreateUser":{"conditionKeys":["identitystore:PrimaryRegion","identitystore:ReservedUserId","identitystore:UserExternalIdIssuers"],"resources":[{"name":"Identitystore"}],"description":"Grants permission to create a user in the specified IdentityStore","accessLevel":"Write","resourceTypes":[{"name":"Identitystore","required":true}],"dependentActions":["kms:Decrypt"]},"DeleteGroup":{"conditionKeys":["identitystore:GroupExternalIdIssuers","identitystore:PrimaryRegion"],"resources":[{"name":"Group"},{"name":"Identitystore"}],"description":"Grants permission to delete a group in the specified IdentityStore","accessLevel":"Write","resourceTypes":[{"name":"Group","required":true},{"name":"Identitystore","required":true}],"dependentActions":["kms:Decrypt"]},"DeleteGroupMembership":{"conditionKeys":["identitystore:PrimaryRegion"],"resources":[{"name":"Group"},{"name":"GroupMembership"},{"name":"Identitystore"},{"name":"User"}],"description":"Grants permission to remove a member that is part of a group in the specified IdentityStore","accessLevel":"Write","resourceTypes":[{"name":"Group","required":true},{"name":"GroupMembership","required":true},{"name":"Identitystore","required":true},{"name":"User","required":true}],"dependentActions":["kms:Decrypt"]},"DeleteIdentityStore":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete an IdentityStore","accessLevel":"Write","resourceTypes":[]},"DeleteUser":{"conditionKeys":["identitystore:PrimaryRegion","identitystore:UserExternalIdIssuers"],"resources":[{"name":"Identitystore"},{"name":"User"}],"description":"Grants permission to delete a user in the specified IdentityStore","accessLevel":"Write","resourceTypes":[{"name":"Identitystore","required":true},{"name":"User","required":true}],"dependentActions":["kms:Decrypt"]},"DescribeGroup":{"conditionKeys":["identitystore:GroupExternalIdIssuers","identitystore:PrimaryRegion"],"resources":[{"name":"Group"},{"name":"Identitystore"}],"description":"Grants permission to retrieve information about a group in the specified IdentityStore","accessLevel":"Read","resourceTypes":[{"name":"Group","required":true},{"name":"Identitystore","required":true}],"dependentActions":["kms:Decrypt"]},"DescribeGroupMembership":{"conditionKeys":["identitystore:PrimaryRegion"],"resources":[{"name":"Group"},{"name":"GroupMembership"},{"name":"Identitystore"},{"name":"User"}],"description":"Grants permission to retrieve information about a member that is part of a group in the specified IdentityStore","accessLevel":"Read","resourceTypes":[{"name":"Group","required":true},{"name":"GroupMembership","required":true},{"name":"Identitystore","required":true},{"name":"User","required":true}],"dependentActions":["kms:Decrypt"]},"DescribeRegion":{"conditionKeys":["identitystore:PrimaryRegion"],"resources":[],"description":"Grants permission to retrieve configuration details for a specific IdentityStore region","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"DescribeUser":{"conditionKeys":["identitystore:PrimaryRegion","identitystore:UserExternalIdIssuers"],"resources":[{"name":"Identitystore"},{"name":"User"}],"description":"Grants permission to retrieve information about user in the specified IdentityStore","accessLevel":"Read","resourceTypes":[{"name":"Identitystore","required":true},{"name":"User","required":true}],"dependentActions":["kms:Decrypt"]},"GetGroupId":{"conditionKeys":["identitystore:PrimaryRegion"],"resources":[{"name":"Group"},{"name":"Identitystore"}],"description":"Grants permission to retrieve ID information about group in the specified IdentityStore","accessLevel":"Read","resourceTypes":[{"name":"Group","required":true},{"name":"Identitystore","required":true}],"dependentActions":["kms:Decrypt"]},"GetGroupMembershipId":{"conditionKeys":["identitystore:PrimaryRegion"],"resources":[{"name":"Group"},{"name":"GroupMembership"},{"name":"Identitystore"},{"name":"User"}],"description":"Grants permission to retrieve ID information of a member which is part of a group in the specified IdentityStore","accessLevel":"Read","resourceTypes":[{"name":"Group","required":true},{"name":"GroupMembership","required":true},{"name":"Identitystore","required":true},{"name":"User","required":true}],"dependentActions":["kms:Decrypt"]},"GetUserId":{"conditionKeys":["identitystore:PrimaryRegion"],"resources":[{"name":"Identitystore"},{"name":"User"}],"description":"Grants permission to retrieves ID information about user in the specified IdentityStore","accessLevel":"Read","resourceTypes":[{"name":"Identitystore","required":true},{"name":"User","required":true}],"dependentActions":["kms:Decrypt"]},"IsMemberInGroups":{"conditionKeys":["identitystore:PrimaryRegion"],"resources":[{"name":"AllGroupMemberships"},{"name":"Group"},{"name":"Identitystore"},{"name":"User"}],"description":"Grants permission to check if a member is a part of groups in the specified IdentityStore","accessLevel":"Read","resourceTypes":[{"name":"AllGroupMemberships","required":true},{"name":"Group","required":true},{"name":"Identitystore","required":true},{"name":"User","required":true}],"dependentActions":["kms:Decrypt"]},"ListGroupMemberships":{"conditionKeys":["identitystore:PrimaryRegion"],"resources":[{"name":"AllGroupMemberships"},{"name":"Group"},{"name":"Identitystore"}],"description":"Grants permission to retrieve all members that are part of a group in the specified IdentityStore","accessLevel":"List","resourceTypes":[{"name":"AllGroupMemberships","required":true},{"name":"Group","required":true},{"name":"Identitystore","required":true}],"dependentActions":["kms:Decrypt"]},"ListGroupMembershipsForMember":{"conditionKeys":["identitystore:PrimaryRegion"],"resources":[{"name":"AllGroupMemberships"},{"name":"Identitystore"},{"name":"User"}],"description":"Grants permission to list groups of the target member in the specified IdentityStore","accessLevel":"List","resourceTypes":[{"name":"AllGroupMemberships","required":true},{"name":"Identitystore","required":true},{"name":"User","required":true}],"dependentActions":["kms:Decrypt"]},"ListGroups":{"conditionKeys":["identitystore:GroupExternalIdIssuers","identitystore:PrimaryRegion"],"resources":[{"name":"AllGroups"},{"name":"Identitystore"}],"description":"Grants permission to search for groups within the specified IdentityStore","accessLevel":"List","resourceTypes":[{"name":"AllGroups","required":true},{"name":"Identitystore","required":true}],"dependentActions":["kms:Decrypt"]},"ListRegions":{"conditionKeys":["identitystore:PrimaryRegion"],"resources":[],"description":"Grants permission to list all regions configured for an IdentityStore","accessLevel":"List","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"ListUsers":{"conditionKeys":["identitystore:PrimaryRegion","identitystore:UserExternalIdIssuers"],"resources":[{"name":"AllUsers"},{"name":"Identitystore"}],"description":"Grants permission to search for users in the specified IdentityStore","accessLevel":"List","resourceTypes":[{"name":"AllUsers","required":true},{"name":"Identitystore","required":true}],"dependentActions":["kms:Decrypt"]},"RemoveRegion":{"conditionKeys":[],"resources":[],"description":"Grants permission to remove a region from an IdentityStore","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"ReserveUser":{"conditionKeys":["identitystore:PrimaryRegion"],"resources":[{"name":"Identitystore"}],"description":"Grants permission to reserve a user by getting a userId","accessLevel":"Write","resourceTypes":[{"name":"Identitystore","required":true}],"dependentActions":["kms:Decrypt"]},"UpdateGroup":{"conditionKeys":["identitystore:GroupExternalIdIssuers","identitystore:PrimaryRegion"],"resources":[{"name":"Group"},{"name":"Identitystore"}],"description":"Grants permission to update information about a group in the specified IdentityStore","accessLevel":"Write","resourceTypes":[{"name":"Group","required":true},{"name":"Identitystore","required":true}],"dependentActions":["kms:Decrypt"]},"UpdateIdentityStore":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the configuration of an IdentityStore","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt","kms:DescribeKey","kms:Encrypt","kms:GenerateDataKeyWithoutPlaintext"]},"UpdateUser":{"conditionKeys":["identitystore:PrimaryRegion","identitystore:UserExternalIdIssuers"],"resources":[{"name":"Identitystore"},{"name":"User"}],"description":"Grants permission to update user information in the specified IdentityStore","accessLevel":"Write","resourceTypes":[{"name":"Identitystore","required":true},{"name":"User","required":true}],"dependentActions":["kms:Decrypt"]}},"resources":[{"name":"AllGroupMemberships","arnFormats":["arn:${Partition}:identitystore:::membership/*"],"conditionKeys":[]},{"name":"AllGroups","arnFormats":["arn:${Partition}:identitystore:::group/*"],"conditionKeys":[]},{"name":"AllUsers","arnFormats":["arn:${Partition}:identitystore:::user/*"],"conditionKeys":[]},{"name":"Group","arnFormats":["arn:${Partition}:identitystore:::group/${GroupId}"],"conditionKeys":[]},{"name":"GroupMembership","arnFormats":["arn:${Partition}:identitystore:::membership/${MembershipId}"],"conditionKeys":[]},{"name":"Identitystore","arnFormats":["arn:${Partition}:identitystore::${Account}:identitystore/${IdentityStoreId}"],"conditionKeys":[]},{"name":"User","arnFormats":["arn:${Partition}:identitystore:::user/${UserId}"],"conditionKeys":[]}],"conditionKeys":{"identitystore:GroupExternalIdIssuers":{"types":["ArrayOfARN"],"description":"Filters access by Issuer present in ExternalIds for Group resources"},"identitystore:IdentityStoreArn":{"types":["ARN"],"description":"Filters access by Identity Store ARN"},"identitystore:PrimaryRegion":{"types":["String"],"description":"Filters access by Primary Region of Identity Store"},"identitystore:ReservedUserId":{"types":["String"],"description":"Filters access by a previously reserved User ID for CreateUser operation"},"identitystore:UserExternalIdIssuers":{"types":["ArrayOfARN"],"description":"Filters access by Issuer present in ExternalIds for User resources"},"identitystore:UserId":{"types":["String"],"description":"Filters access by Identity Store User ID"}}}

package/src/data/servicereference/services/imagebuilder.json

@@ -0,0 +1 @@
+{"name":"imagebuilder","actions":{"CancelImageCreation":{"conditionKeys":[],"resources":[{"name":"image"}],"description":"Grants permission to cancel an image creation","accessLevel":"Write","resourceTypes":[{"name":"image","required":true}]},"CancelLifecycleExecution":{"conditionKeys":[],"resources":[{"name":"lifecycleExecution"}],"description":"Grants permission to cancel a lifecycle execution","accessLevel":"Write","resourceTypes":[{"name":"lifecycleExecution","required":true}]},"CreateComponent":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"component"}],"description":"Grants permission to create a new component","accessLevel":"Write","resourceTypes":[{"name":"component","required":true}],"dependentActions":["imagebuilder:TagResource","kms:Encrypt","kms:GenerateDataKey","kms:GenerateDataKeyWithoutPlaintext","s3:GetObject","s3:ListBucket"]},"CreateContainerRecipe":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"containerRecipe"}],"description":"Grants permission to create a new Container Recipe","accessLevel":"Write","resourceTypes":[{"name":"containerRecipe","required":true}],"dependentActions":["ec2:DescribeImages","ecr:DescribeImages","ecr:DescribeRepositories","imagebuilder:GetComponent","imagebuilder:GetImage","imagebuilder:TagResource","kms:Encrypt","kms:GenerateDataKey","kms:GenerateDataKeyWithoutPlaintext","s3:GetObject","s3:ListBucket","ssm:GetParameter"]},"CreateDistributionConfiguration":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"distributionConfiguration"}],"description":"Grants permission to create a new distribution configuration","accessLevel":"Write","resourceTypes":[{"name":"distributionConfiguration","required":true}],"dependentActions":["ec2:CreateLaunchTemplateVersion","ec2:DescribeLaunchTemplates","ec2:ModifyLaunchTemplate","imagebuilder:TagResource","s3:ListBucket","ssm:GetParameter"]},"CreateImage":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"image"}],"description":"Grants permission to create a new image","accessLevel":"Write","resourceTypes":[{"name":"image","required":true}],"dependentActions":["ecr:BatchGetRepositoryScanningConfiguration","ecr:DescribeRepositories","iam:CreateServiceLinkedRole","iam:PassRole","imagebuilder:GetContainerRecipe","imagebuilder:GetDistributionConfiguration","imagebuilder:GetImageRecipe","imagebuilder:GetInfrastructureConfiguration","imagebuilder:GetWorkflow","imagebuilder:TagResource","inspector2:BatchGetAccountStatus"]},"CreateImagePipeline":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"imagePipeline"}],"description":"Grants permission to create a new image pipeline","accessLevel":"Write","resourceTypes":[{"name":"imagePipeline","required":true}],"dependentActions":["ecr:BatchGetRepositoryScanningConfiguration","ecr:DescribeRepositories","iam:CreateServiceLinkedRole","iam:PassRole","imagebuilder:GetContainerRecipe","imagebuilder:GetDistributionConfiguration","imagebuilder:GetImageRecipe","imagebuilder:GetInfrastructureConfiguration","imagebuilder:GetWorkflow","imagebuilder:TagResource","inspector2:BatchGetAccountStatus"]},"CreateImageRecipe":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"imageRecipe"}],"description":"Grants permission to create a new Image Recipe","accessLevel":"Write","resourceTypes":[{"name":"imageRecipe","required":true}],"dependentActions":["ec2:DescribeImages","imagebuilder:GetComponent","imagebuilder:GetImage","imagebuilder:TagResource","ssm:GetParameter"]},"CreateInfrastructureConfiguration":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","imagebuilder:CreatedResourceTag/${TagKey}","imagebuilder:CreatedResourceTagKeys","imagebuilder:Ec2MetadataHttpTokens","imagebuilder:StatusTopicArn"],"resources":[{"name":"infrastructureConfiguration"}],"description":"Grants permission to create a new infrastructure configuration","accessLevel":"Write","resourceTypes":[{"name":"infrastructureConfiguration","required":true}],"dependentActions":["ec2:DescribeAvailabilityZones","ec2:DescribeHosts","iam:PassRole","imagebuilder:TagResource","resource-groups:GetGroup","sns:Publish"]},"CreateLifecyclePolicy":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","imagebuilder:LifecyclePolicyResourceType"],"resources":[{"name":"lifecyclePolicy"}],"description":"Grants permission to create a new lifecycle policy","accessLevel":"Write","resourceTypes":[{"name":"lifecyclePolicy","required":true}],"dependentActions":["iam:PassRole","imagebuilder:TagResource"]},"CreateWorkflow":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"workflow"}],"description":"Grants permission to create a new workflow","accessLevel":"Write","resourceTypes":[{"name":"workflow","required":true}],"dependentActions":["imagebuilder:TagResource","kms:Encrypt","kms:GenerateDataKey","kms:GenerateDataKeyWithoutPlaintext","s3:GetObject","s3:ListBucket"]},"DeleteComponent":{"conditionKeys":[],"resources":[{"name":"component"}],"description":"Grants permission to delete a component","accessLevel":"Write","resourceTypes":[{"name":"component","required":true}]},"DeleteContainerRecipe":{"conditionKeys":[],"resources":[{"name":"containerRecipe"}],"description":"Grants permission to delete a container recipe","accessLevel":"Write","resourceTypes":[{"name":"containerRecipe","required":true}]},"DeleteDistributionConfiguration":{"conditionKeys":[],"resources":[{"name":"distributionConfiguration"}],"description":"Grants permission to delete a distribution configuration","accessLevel":"Write","resourceTypes":[{"name":"distributionConfiguration","required":true}]},"DeleteImage":{"conditionKeys":[],"resources":[{"name":"image"}],"description":"Grants permission to delete an image","accessLevel":"Write","resourceTypes":[{"name":"image","required":true}]},"DeleteImagePipeline":{"conditionKeys":[],"resources":[{"name":"imagePipeline"}],"description":"Grants permission to delete an image pipeline","accessLevel":"Write","resourceTypes":[{"name":"imagePipeline","required":true}]},"DeleteImageRecipe":{"conditionKeys":[],"resources":[{"name":"imageRecipe"}],"description":"Grants permission to delete an image recipe","accessLevel":"Write","resourceTypes":[{"name":"imageRecipe","required":true}]},"DeleteInfrastructureConfiguration":{"conditionKeys":[],"resources":[{"name":"infrastructureConfiguration"}],"description":"Grants permission to delete an infrastructure configuration","accessLevel":"Write","resourceTypes":[{"name":"infrastructureConfiguration","required":true}]},"DeleteLifecyclePolicy":{"conditionKeys":[],"resources":[{"name":"lifecyclePolicy"}],"description":"Grants permission to delete a lifecycle policy","accessLevel":"Write","resourceTypes":[{"name":"lifecyclePolicy","required":true}]},"DeleteWorkflow":{"conditionKeys":[],"resources":[{"name":"workflow"}],"description":"Grants permission to delete a workflow","accessLevel":"Write","resourceTypes":[{"name":"workflow","required":true}]},"DistributeImage":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"image"}],"description":"Grants permission to distribute an image","accessLevel":"Write","resourceTypes":[{"name":"image","required":true}],"dependentActions":["ec2:DescribeImages","iam:PassRole","imagebuilder:GetDistributionConfiguration","imagebuilder:GetImage","imagebuilder:TagResource","ssm:GetParameter"]},"GetComponent":{"conditionKeys":[],"resources":[{"name":"component"}],"description":"Grants permission to view details about a component","accessLevel":"Read","resourceTypes":[{"name":"component","required":true}],"dependentActions":["kms:Decrypt"]},"GetComponentPolicy":{"conditionKeys":[],"resources":[{"name":"component"}],"description":"Grants permission to view the resource policy associated with a component","accessLevel":"Read","resourceTypes":[{"name":"component","required":true}]},"GetContainerRecipe":{"conditionKeys":[],"resources":[{"name":"containerRecipe"}],"description":"Grants permission to view details about a container recipe","accessLevel":"Read","resourceTypes":[{"name":"containerRecipe","required":true}]},"GetContainerRecipePolicy":{"conditionKeys":[],"resources":[{"name":"containerRecipe"}],"description":"Grants permission to view the resource policy associated with a container recipe","accessLevel":"Read","resourceTypes":[{"name":"containerRecipe","required":true}]},"GetDistributionConfiguration":{"conditionKeys":[],"resources":[{"name":"distributionConfiguration"}],"description":"Grants permission to view details about a distribution configuration","accessLevel":"Read","resourceTypes":[{"name":"distributionConfiguration","required":true}]},"GetImage":{"conditionKeys":[],"resources":[{"name":"image"}],"description":"Grants permission to view details about an image","accessLevel":"Read","resourceTypes":[{"name":"image","required":true}]},"GetImagePipeline":{"conditionKeys":[],"resources":[{"name":"imagePipeline"}],"description":"Grants permission to view details about an image pipeline","accessLevel":"Read","resourceTypes":[{"name":"imagePipeline","required":true}]},"GetImagePolicy":{"conditionKeys":[],"resources":[{"name":"image"}],"description":"Grants permission to view the resource policy associated with an image","accessLevel":"Read","resourceTypes":[{"name":"image","required":true}]},"GetImageRecipe":{"conditionKeys":[],"resources":[{"name":"imageRecipe"}],"description":"Grants permission to view details about an image recipe","accessLevel":"Read","resourceTypes":[{"name":"imageRecipe","required":true}]},"GetImageRecipePolicy":{"conditionKeys":[],"resources":[{"name":"imageRecipe"}],"description":"Grants permission to view the resource policy associated with an image recipe","accessLevel":"Read","resourceTypes":[{"name":"imageRecipe","required":true}]},"GetInfrastructureConfiguration":{"conditionKeys":[],"resources":[{"name":"infrastructureConfiguration"}],"description":"Grants permission to view details about an infrastructure configuration","accessLevel":"Read","resourceTypes":[{"name":"infrastructureConfiguration","required":true}]},"GetLifecycleExecution":{"conditionKeys":[],"resources":[{"name":"lifecycleExecution"}],"description":"Grants permission to view details about a lifecycle execution","accessLevel":"Read","resourceTypes":[{"name":"lifecycleExecution","required":true}]},"GetLifecyclePolicy":{"conditionKeys":[],"resources":[{"name":"lifecyclePolicy"}],"description":"Grants permission to view details about a lifecycle policy","accessLevel":"Read","resourceTypes":[{"name":"lifecyclePolicy","required":true}]},"GetMarketplaceResource":{"conditionKeys":[],"resources":[{"name":"component"}],"description":"Grants permission to retrieve Marketplace provided resource","accessLevel":"Read","resourceTypes":[{"name":"component","required":true}]},"GetWorkflow":{"conditionKeys":[],"resources":[{"name":"workflow"}],"description":"Grants permission to view details about a workflow","accessLevel":"Read","resourceTypes":[{"name":"workflow","required":true}],"dependentActions":["kms:Decrypt"]},"GetWorkflowExecution":{"conditionKeys":[],"resources":[{"name":"workflowExecution"}],"description":"Grants permission to view details about a workflow execution","accessLevel":"Read","resourceTypes":[{"name":"workflowExecution","required":true}]},"GetWorkflowStepExecution":{"conditionKeys":[],"resources":[{"name":"workflowStepExecution"}],"description":"Grants permission to view details about a workflow step execution","accessLevel":"Read","resourceTypes":[{"name":"workflowStepExecution","required":true}],"dependentActions":["kms:Decrypt"]},"ImportComponent":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"component"}],"description":"Grants permission to import a new component","accessLevel":"Write","resourceTypes":[{"name":"component","required":true}],"dependentActions":["imagebuilder:TagResource","kms:Encrypt","kms:GenerateDataKey","kms:GenerateDataKeyWithoutPlaintext","s3:GetObject","s3:ListBucket"]},"ImportDiskImage":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"imageVersion"}],"description":"Grants permission to import a disk image","accessLevel":"Write","resourceTypes":[{"name":"imageVersion","required":true}],"dependentActions":["iam:CreateServiceLinkedRole","iam:PassRole","imagebuilder:GetInfrastructureConfiguration","imagebuilder:GetWorkflow","imagebuilder:TagResource","s3:GetObject","s3:ListBucket"]},"ImportVmImage":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"imageVersion"}],"description":"Grants permission to import an image","accessLevel":"Write","resourceTypes":[{"name":"imageVersion","required":true}],"dependentActions":["ec2:DescribeImages","ec2:DescribeImportImageTasks","iam:CreateServiceLinkedRole","imagebuilder:TagResource"]},"ListComponentBuildVersions":{"conditionKeys":[],"resources":[{"name":"allComponentBuildVersions"}],"description":"Grants permission to list the component build versions in your account","accessLevel":"List","resourceTypes":[{"name":"allComponentBuildVersions","required":true}]},"ListComponents":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the component versions owned by or shared with your account","accessLevel":"List","resourceTypes":[]},"ListContainerRecipes":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the container recipes owned by or shared with your account","accessLevel":"List","resourceTypes":[]},"ListDistributionConfigurations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the distribution configurations in your account","accessLevel":"List","resourceTypes":[]},"ListImageBuildVersions":{"conditionKeys":[],"resources":[{"name":"allImageBuildVersions"}],"description":"Grants permission to list the image build versions in your account","accessLevel":"List","resourceTypes":[{"name":"allImageBuildVersions","required":true}]},"ListImagePackages":{"conditionKeys":[],"resources":[{"name":"image"}],"description":"Grants permission to return a list of packages installed on the specified image","accessLevel":"List","resourceTypes":[{"name":"image","required":true}]},"ListImagePipelineImages":{"conditionKeys":[],"resources":[{"name":"imagePipeline"}],"description":"Grants permission to return a list of images created by the specified pipeline","accessLevel":"List","resourceTypes":[{"name":"imagePipeline","required":true}]},"ListImagePipelines":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the image pipelines in your account","accessLevel":"List","resourceTypes":[]},"ListImageRecipes":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the image recipes owned by or shared with your account","accessLevel":"List","resourceTypes":[]},"ListImageScanFindingAggregations":{"conditionKeys":[],"resources":[{"name":"image"},{"name":"imagePipeline"}],"description":"Grants permission to list aggregations on the image scan findings in your account","accessLevel":"List","resourceTypes":[{"name":"image","required":false},{"name":"imagePipeline","required":false}]},"ListImageScanFindings":{"conditionKeys":[],"resources":[{"name":"image"},{"name":"imagePipeline"}],"description":"Grants permission to list the image scan findings for the images in your account","accessLevel":"List","resourceTypes":[{"name":"image","required":false},{"name":"imagePipeline","required":false}],"dependentActions":["inspector2:ListFindings"]},"ListImages":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the image versions owned by or shared with your account","accessLevel":"List","resourceTypes":[]},"ListInfrastructureConfigurations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the infrastructure configurations in your account","accessLevel":"List","resourceTypes":[]},"ListLifecycleExecutionResources":{"conditionKeys":[],"resources":[{"name":"lifecycleExecution"}],"description":"Grants permission to list resources for the specified lifecycle execution","accessLevel":"List","resourceTypes":[{"name":"lifecycleExecution","required":true}]},"ListLifecycleExecutions":{"conditionKeys":[],"resources":[{"name":"image"},{"name":"lifecyclePolicy"}],"description":"Grants permission to list lifecycle executions for the specified resource","accessLevel":"List","resourceTypes":[{"name":"image","required":false},{"name":"lifecyclePolicy","required":false}]},"ListLifecyclePolicies":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the lifecycle policies in your account","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"component"},{"name":"containerRecipe"},{"name":"distributionConfiguration"},{"name":"image"},{"name":"imagePipeline"},{"name":"imageRecipe"},{"name":"infrastructureConfiguration"},{"name":"lifecyclePolicy"},{"name":"workflow"}],"description":"Grants permission to list tags for an Image Builder resource","accessLevel":"Read","resourceTypes":[{"name":"component","required":false},{"name":"containerRecipe","required":false},{"name":"distributionConfiguration","required":false},{"name":"image","required":false},{"name":"imagePipeline","required":false},{"name":"imageRecipe","required":false},{"name":"infrastructureConfiguration","required":false},{"name":"lifecyclePolicy","required":false},{"name":"workflow","required":false}]},"ListWaitingWorkflowSteps":{"conditionKeys":[],"resources":[],"description":"Grants permission to list waiting workflow steps for the caller account","accessLevel":"List","resourceTypes":[]},"ListWorkflowBuildVersions":{"conditionKeys":[],"resources":[{"name":"allWorkflowBuildVersions"}],"description":"Grants permission to list the workflow build versions in your account","accessLevel":"List","resourceTypes":[{"name":"allWorkflowBuildVersions","required":true}]},"ListWorkflowExecutions":{"conditionKeys":[],"resources":[{"name":"image"}],"description":"Grants permission to list workflow executions for the specified image","accessLevel":"List","resourceTypes":[{"name":"image","required":true}]},"ListWorkflowStepExecutions":{"conditionKeys":[],"resources":[{"name":"workflowExecution"}],"description":"Grants permission to list workflow step executions for the specified workflow","accessLevel":"List","resourceTypes":[{"name":"workflowExecution","required":true}],"dependentActions":["kms:Decrypt"]},"ListWorkflows":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the workflow versions owned by or shared with your account","accessLevel":"List","resourceTypes":[]},"PutComponentPolicy":{"conditionKeys":[],"resources":[{"name":"component"}],"description":"Grants permission to set the resource policy associated with a component","accessLevel":"Permissions management","resourceTypes":[{"name":"component","required":true}]},"PutContainerRecipePolicy":{"conditionKeys":[],"resources":[{"name":"containerRecipe"}],"description":"Grants permission to set the resource policy associated with a container recipe","accessLevel":"Permissions management","resourceTypes":[{"name":"containerRecipe","required":true}]},"PutImagePolicy":{"conditionKeys":[],"resources":[{"name":"image"}],"description":"Grants permission to set the resource policy associated with an image","accessLevel":"Permissions management","resourceTypes":[{"name":"image","required":true}]},"PutImageRecipePolicy":{"conditionKeys":[],"resources":[{"name":"imageRecipe"}],"description":"Grants permission to set the resource policy associated with an image recipe","accessLevel":"Permissions management","resourceTypes":[{"name":"imageRecipe","required":true}]},"RetryImage":{"conditionKeys":[],"resources":[{"name":"image"}],"description":"Grants permission to retry an image creation","accessLevel":"Write","resourceTypes":[{"name":"image","required":true}]},"SendWorkflowStepAction":{"conditionKeys":[],"resources":[{"name":"image"},{"name":"workflowStepExecution"}],"description":"Grants permission to send an action to a workflow step","accessLevel":"Write","resourceTypes":[{"name":"image","required":true},{"name":"workflowStepExecution","required":true}]},"StartImagePipelineExecution":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"imagePipeline"}],"description":"Grants permission to create a new image from a pipeline","accessLevel":"Write","resourceTypes":[{"name":"imagePipeline","required":true}],"dependentActions":["iam:CreateServiceLinkedRole","imagebuilder:GetImagePipeline","imagebuilder:TagResource"]},"StartResourceStateUpdate":{"conditionKeys":[],"resources":[{"name":"image"}],"description":"Grants permission to start a state update for the specified resource","accessLevel":"Write","resourceTypes":[{"name":"image","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"component"},{"name":"containerRecipe"},{"name":"distributionConfiguration"},{"name":"image"},{"name":"imagePipeline"},{"name":"imageRecipe"},{"name":"infrastructureConfiguration"},{"name":"lifecyclePolicy"},{"name":"workflow"}],"description":"Grants permission to tag an Image Builder resource","accessLevel":"Tagging","resourceTypes":[{"name":"component","required":false},{"name":"containerRecipe","required":false},{"name":"distributionConfiguration","required":false},{"name":"image","required":false},{"name":"imagePipeline","required":false},{"name":"imageRecipe","required":false},{"name":"infrastructureConfiguration","required":false},{"name":"lifecyclePolicy","required":false},{"name":"workflow","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"component"},{"name":"containerRecipe"},{"name":"distributionConfiguration"},{"name":"image"},{"name":"imagePipeline"},{"name":"imageRecipe"},{"name":"infrastructureConfiguration"},{"name":"lifecyclePolicy"},{"name":"workflow"}],"description":"Grants permission to untag an Image Builder resource","accessLevel":"Tagging","resourceTypes":[{"name":"component","required":false},{"name":"containerRecipe","required":false},{"name":"distributionConfiguration","required":false},{"name":"image","required":false},{"name":"imagePipeline","required":false},{"name":"imageRecipe","required":false},{"name":"infrastructureConfiguration","required":false},{"name":"lifecyclePolicy","required":false},{"name":"workflow","required":false}]},"UpdateDistributionConfiguration":{"conditionKeys":[],"resources":[{"name":"distributionConfiguration"}],"description":"Grants permission to update an existing distribution configuration","accessLevel":"Write","resourceTypes":[{"name":"distributionConfiguration","required":true}],"dependentActions":["ec2:CreateLaunchTemplateVersion","ec2:DescribeLaunchTemplates","ec2:ModifyLaunchTemplate","s3:ListBucket","ssm:GetParameter"]},"UpdateImagePipeline":{"conditionKeys":[],"resources":[{"name":"imagePipeline"}],"description":"Grants permission to update an existing image pipeline","accessLevel":"Write","resourceTypes":[{"name":"imagePipeline","required":true}],"dependentActions":["ecr:BatchGetRepositoryScanningConfiguration","ecr:DescribeRepositories","iam:CreateServiceLinkedRole","iam:PassRole","imagebuilder:GetContainerRecipe","imagebuilder:GetDistributionConfiguration","imagebuilder:GetImageRecipe","imagebuilder:GetInfrastructureConfiguration","imagebuilder:GetWorkflow","inspector2:BatchGetAccountStatus"]},"UpdateInfrastructureConfiguration":{"conditionKeys":["imagebuilder:CreatedResourceTag/${TagKey}","imagebuilder:CreatedResourceTagKeys","imagebuilder:Ec2MetadataHttpTokens","imagebuilder:StatusTopicArn"],"resources":[{"name":"infrastructureConfiguration"}],"description":"Grants permission to update an existing infrastructure configuration","accessLevel":"Write","resourceTypes":[{"name":"infrastructureConfiguration","required":true}],"dependentActions":["ec2:DescribeAvailabilityZones","ec2:DescribeHosts","iam:PassRole","resource-groups:GetGroup","sns:Publish"]},"UpdateLifecyclePolicy":{"conditionKeys":["imagebuilder:LifecyclePolicyResourceType"],"resources":[{"name":"lifecyclePolicy"}],"description":"Grants permission to update an existing lifecycle policy","accessLevel":"Write","resourceTypes":[{"name":"lifecyclePolicy","required":true}],"dependentActions":["iam:PassRole"]}},"resources":[{"name":"allComponentBuildVersions","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:component/${ComponentName}/${ComponentVersion}/*"],"conditionKeys":[]},{"name":"allImageBuildVersions","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}/*"],"conditionKeys":[]},{"name":"allWorkflowBuildVersions","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:workflow/${WorkflowType}/${WorkflowName}/${WorkflowVersion}/*"],"conditionKeys":[]},{"name":"component","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:component/${ComponentName}/${ComponentVersion}/${ComponentBuildVersion}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"containerRecipe","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:container-recipe/${ContainerRecipeName}/${ContainerRecipeVersion}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"distributionConfiguration","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:distribution-configuration/${DistributionConfigurationName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"image","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}/${ImageBuildVersion}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"imagePipeline","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:image-pipeline/${ImagePipelineName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"imageRecipe","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:image-recipe/${ImageRecipeName}/${ImageRecipeVersion}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"imageVersion","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"infrastructureConfiguration","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:infrastructure-configuration/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"lifecycleExecution","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:lifecycle-execution/${LifecycleExecutionId}"],"conditionKeys":[]},{"name":"lifecyclePolicy","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:lifecycle-policy/${LifecyclePolicyName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"workflow","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:workflow/${WorkflowType}/${WorkflowName}/${WorkflowVersion}/${WorkflowBuildVersion}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"workflowExecution","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:workflow-execution/${WorkflowExecutionId}"],"conditionKeys":[]},{"name":"workflowStepExecution","arnFormats":["arn:${Partition}:imagebuilder:${Region}:${Account}:workflow-step-execution/${WorkflowStepExecutionId}"],"conditionKeys":[]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the presence of tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of tag keys in the request"},"imagebuilder:CreatedResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tag key-value pairs attached to the resource created by Image Builder"},"imagebuilder:CreatedResourceTagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of tag keys in the request"},"imagebuilder:Ec2MetadataHttpTokens":{"types":["String"],"description":"Filters access by the EC2 Instance Metadata HTTP Token Requirement specified in the request"},"imagebuilder:LifecyclePolicyResourceType":{"types":["String"],"description":"Filters access by the Lifecycle Policy Resource Type specified in the request"},"imagebuilder:StatusTopicArn":{"types":["ARN"],"description":"Filters access by the SNS Topic Arn in the request to which terminal state notifications will be published"}}}

package/src/data/servicereference/services/importexport.json

@@ -0,0 +1 @@
+{"name":"importexport","actions":{"CancelJob":{"conditionKeys":[],"resources":[],"description":"This action cancels a specified job. Only the job owner can cancel it. The action fails if the job has already started or is complete.","accessLevel":"Write","resourceTypes":[]},"CreateJob":{"conditionKeys":[],"resources":[],"description":"This action initiates the process of scheduling an upload or download of your data.","accessLevel":"Write","resourceTypes":[]},"GetShippingLabel":{"conditionKeys":[],"resources":[],"description":"This action generates a pre-paid shipping label that you will use to ship your device to AWS for processing.","accessLevel":"Read","resourceTypes":[]},"GetStatus":{"conditionKeys":[],"resources":[],"description":"This action returns information about a job, including where the job is in the processing pipeline, the status of the results, and the signature value associated with the job.","accessLevel":"Read","resourceTypes":[]},"ListJobs":{"conditionKeys":[],"resources":[],"description":"This action returns the jobs associated with the requester.","accessLevel":"List","resourceTypes":[]},"UpdateJob":{"conditionKeys":[],"resources":[],"description":"You use this action to change the parameters specified in the original manifest file by supplying a new manifest file.","accessLevel":"Write","resourceTypes":[]}},"resources":[],"conditionKeys":{}}

package/src/data/servicereference/services/inspector-scan.json

@@ -0,0 +1 @@
+{"name":"inspector-scan","actions":{"ScanSbom":{"conditionKeys":[],"resources":[],"description":"Grants permission to scan the customer provided SBOM and return vulnerabilities detected within","accessLevel":"Read","resourceTypes":[]}},"resources":[],"conditionKeys":{}}