aws-iam-ls 0.0.0

package/src/data/servicereference/services/ivschat.json

@@ -0,0 +1 @@
+{"name":"ivschat","actions":{"CreateChatToken":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"Room"}],"description":"Grants permission to create an encrypted token that is used to establish an individual WebSocket connection to a room","accessLevel":"Write","resourceTypes":[{"name":"Room","required":true}]},"CreateLoggingConfiguration":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"Logging-Configuration"}],"description":"Grants permission to create a logging configuration that allows clients to record room messages","accessLevel":"Write","resourceTypes":[{"name":"Logging-Configuration","required":true}]},"CreateRoom":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"Room"}],"description":"Grants permission to create a room that allows clients to connect and pass messages","accessLevel":"Write","resourceTypes":[{"name":"Room","required":true}]},"DeleteLoggingConfiguration":{"conditionKeys":[],"resources":[{"name":"Logging-Configuration"}],"description":"Grants permission to delete the logging configuration for a specified logging configuration ARN","accessLevel":"Write","resourceTypes":[{"name":"Logging-Configuration","required":true}]},"DeleteMessage":{"conditionKeys":[],"resources":[{"name":"Room"}],"description":"Grants permission to send an event to a specific room which directs clients to delete a specific message","accessLevel":"Write","resourceTypes":[{"name":"Room","required":true}]},"DeleteRoom":{"conditionKeys":[],"resources":[{"name":"Room"}],"description":"Grants permission to delete the room for a specified room ARN","accessLevel":"Write","resourceTypes":[{"name":"Room","required":true}]},"DisconnectUser":{"conditionKeys":[],"resources":[{"name":"Room"}],"description":"Grants permission to disconnect all connections using a specified user ID from a room","accessLevel":"Write","resourceTypes":[{"name":"Room","required":true}]},"GetLoggingConfiguration":{"conditionKeys":[],"resources":[{"name":"Logging-Configuration"}],"description":"Grants permission to get the logging configuration for a specified logging configuration ARN","accessLevel":"Read","resourceTypes":[{"name":"Logging-Configuration","required":true}]},"GetRoom":{"conditionKeys":[],"resources":[{"name":"Room"}],"description":"Grants permission to get the room configuration for a specified room ARN","accessLevel":"Read","resourceTypes":[{"name":"Room","required":true}]},"ListLoggingConfigurations":{"conditionKeys":[],"resources":[{"name":"Logging-Configuration"}],"description":"Grants permission to get summary information about logging configurations","accessLevel":"List","resourceTypes":[{"name":"Logging-Configuration","required":true}]},"ListRooms":{"conditionKeys":[],"resources":[{"name":"Room"}],"description":"Grants permission to get summary information about rooms","accessLevel":"List","resourceTypes":[{"name":"Room","required":true}]},"ListTagsForResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"Room"}],"description":"Grants permission to get information about the tags for a specified ARN","accessLevel":"Read","resourceTypes":[{"name":"Room","required":false}]},"SendEvent":{"conditionKeys":[],"resources":[{"name":"Room"}],"description":"Grants permission to send an event to a room","accessLevel":"Write","resourceTypes":[{"name":"Room","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"Logging-Configuration"},{"name":"Room"}],"description":"Grants permission to add or update tags for a resource with a specified ARN","accessLevel":"Tagging","resourceTypes":[{"name":"Logging-Configuration","required":false},{"name":"Room","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"Logging-Configuration"},{"name":"Room"}],"description":"Grants permission to remove tags for a resource with a specified ARN","accessLevel":"Tagging","resourceTypes":[{"name":"Logging-Configuration","required":false},{"name":"Room","required":false}]},"UpdateLoggingConfiguration":{"conditionKeys":[],"resources":[{"name":"Logging-Configuration"}],"description":"Grants permission to update the logging configuration for a specified logging configuration ARN","accessLevel":"Write","resourceTypes":[{"name":"Logging-Configuration","required":true}]},"UpdateRoom":{"conditionKeys":[],"resources":[{"name":"Room"}],"description":"Grants permission to update the room configuration for a specified room ARN","accessLevel":"Write","resourceTypes":[{"name":"Room","required":true}]}},"resources":[{"name":"Logging-Configuration","arnFormats":["arn:${Partition}:ivschat:${Region}:${Account}:logging-configuration/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"Room","arnFormats":["arn:${Partition}:ivschat:${Region}:${Account}:room/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/kafka-cluster.json

@@ -0,0 +1 @@
+{"name":"kafka-cluster","actions":{"AlterCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to alter various aspects of the cluster, equivalent to Apache Kafka's ALTER CLUSTER ACL","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:DescribeCluster"]},"AlterClusterDynamicConfiguration":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to alter the dynamic configuration of a cluster, equivalent to Apache Kafka's ALTER_CONFIGS CLUSTER ACL","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:DescribeClusterDynamicConfiguration"]},"AlterGroup":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to join groups on a cluster, equivalent to Apache Kafka's READ GROUP ACL","accessLevel":"Write","resourceTypes":[{"name":"group","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:DescribeGroup"]},"AlterTopic":{"conditionKeys":[],"resources":[{"name":"topic"}],"description":"Grants permission to alter topics on a cluster, equivalent to Apache Kafka's ALTER TOPIC ACL","accessLevel":"Write","resourceTypes":[{"name":"topic","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:DescribeTopic"]},"AlterTopicDynamicConfiguration":{"conditionKeys":[],"resources":[{"name":"topic"}],"description":"Grants permission to alter the dynamic configuration of topics on a cluster, equivalent to Apache Kafka's ALTER_CONFIGS TOPIC ACL","accessLevel":"Write","resourceTypes":[{"name":"topic","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:DescribeTopicDynamicConfiguration"]},"AlterTransactionalId":{"conditionKeys":[],"resources":[{"name":"transactional-id"}],"description":"Grants permission to alter transactional IDs on a cluster, equivalent to Apache Kafka's WRITE TRANSACTIONAL_ID ACL","accessLevel":"Write","resourceTypes":[{"name":"transactional-id","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:DescribeTransactionalId","kafka-cluster:WriteData"]},"Connect":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to connect and authenticate to the cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"CreateTopic":{"conditionKeys":[],"resources":[{"name":"topic"}],"description":"Grants permission to create topics on a cluster, equivalent to Apache Kafka's CREATE CLUSTER/TOPIC ACL","accessLevel":"Write","resourceTypes":[{"name":"topic","required":true}],"dependentActions":["kafka-cluster:Connect"]},"DeleteGroup":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to delete groups on a cluster, equivalent to Apache Kafka's DELETE GROUP ACL","accessLevel":"Write","resourceTypes":[{"name":"group","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:DescribeGroup"]},"DeleteTopic":{"conditionKeys":[],"resources":[{"name":"topic"}],"description":"Grants permission to delete topics on a cluster, equivalent to Apache Kafka's DELETE TOPIC ACL","accessLevel":"Write","resourceTypes":[{"name":"topic","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:DescribeTopic"]},"DescribeCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to describe various aspects of the cluster, equivalent to Apache Kafka's DESCRIBE CLUSTER ACL","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["kafka-cluster:Connect"]},"DescribeClusterDynamicConfiguration":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to describe the dynamic configuration of a cluster, equivalent to Apache Kafka's DESCRIBE_CONFIGS CLUSTER ACL","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["kafka-cluster:Connect"]},"DescribeGroup":{"conditionKeys":[],"resources":[{"name":"group"}],"description":"Grants permission to describe groups on a cluster, equivalent to Apache Kafka's DESCRIBE GROUP ACL","accessLevel":"List","resourceTypes":[{"name":"group","required":true}],"dependentActions":["kafka-cluster:Connect"]},"DescribeTopic":{"conditionKeys":[],"resources":[{"name":"topic"}],"description":"Grants permission to describe topics on a cluster, equivalent to Apache Kafka's DESCRIBE TOPIC ACL","accessLevel":"List","resourceTypes":[{"name":"topic","required":true}],"dependentActions":["kafka-cluster:Connect"]},"DescribeTopicDynamicConfiguration":{"conditionKeys":[],"resources":[{"name":"topic"}],"description":"Grants permission to describe the dynamic configuration of topics on a cluster, equivalent to Apache Kafka's DESCRIBE_CONFIGS TOPIC ACL","accessLevel":"List","resourceTypes":[{"name":"topic","required":true}],"dependentActions":["kafka-cluster:Connect"]},"DescribeTransactionalId":{"conditionKeys":[],"resources":[{"name":"transactional-id"}],"description":"Grants permission to describe transactional IDs on a cluster, equivalent to Apache Kafka's DESCRIBE TRANSACTIONAL_ID ACL","accessLevel":"List","resourceTypes":[{"name":"transactional-id","required":true}],"dependentActions":["kafka-cluster:Connect"]},"ReadData":{"conditionKeys":[],"resources":[{"name":"topic"}],"description":"Grants permission to read data from topics on a cluster, equivalent to Apache Kafka's READ TOPIC ACL","accessLevel":"Read","resourceTypes":[{"name":"topic","required":true}],"dependentActions":["kafka-cluster:AlterGroup","kafka-cluster:Connect","kafka-cluster:DescribeTopic"]},"WriteData":{"conditionKeys":[],"resources":[{"name":"topic"}],"description":"Grants permission to write data to topics on a cluster, equivalent to Apache Kafka's WRITE TOPIC ACL","accessLevel":"Write","resourceTypes":[{"name":"topic","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:DescribeTopic"]},"WriteDataIdempotently":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to write data idempotently on a cluster, equivalent to Apache Kafka's IDEMPOTENT_WRITE CLUSTER ACL","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:WriteData"]}},"resources":[{"name":"cluster","arnFormats":["arn:${Partition}:kafka:${Region}:${Account}:cluster/${ClusterName}/${ClusterUuid}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"group","arnFormats":["arn:${Partition}:kafka:${Region}:${Account}:group/${ClusterName}/${ClusterUuid}/${GroupName}"],"conditionKeys":[]},{"name":"topic","arnFormats":["arn:${Partition}:kafka:${Region}:${Account}:topic/${ClusterName}/${ClusterUuid}/${TopicName}"],"conditionKeys":[]},{"name":"transactional-id","arnFormats":["arn:${Partition}:kafka:${Region}:${Account}:transactional-id/${ClusterName}/${ClusterUuid}/${TransactionalId}"],"conditionKeys":[]}],"conditionKeys":{"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters actions based on tag key-value pairs attached to the resource. The resource tag context key will only apply to the cluster resource, not topics, groups and transactional IDs"}}}

package/src/data/servicereference/services/kafka.json

@@ -0,0 +1 @@
+{"name":"kafka","actions":{"BatchAssociateScramSecret":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to associate one or more Scram Secrets with an Amazon MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["kms:CreateGrant","kms:RetireGrant"]},"BatchDisassociateScramSecret":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to disassociate one or more Scram Secrets from an Amazon MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["kms:RetireGrant"]},"CreateCluster":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"}],"description":"Grants permission to create an MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["ec2:DescribeSecurityGroups","ec2:DescribeSubnets","ec2:DescribeVpcs","iam:AttachRolePolicy","iam:CreateServiceLinkedRole","iam:PutRolePolicy","kms:CreateGrant","kms:DescribeKey"]},"CreateClusterV2":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"}],"description":"Grants permission to create an MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["ec2:CreateTags","ec2:CreateVpcEndpoint","ec2:DeleteVpcEndpoints","ec2:DescribeSecurityGroups","ec2:DescribeSubnets","ec2:DescribeVpcAttribute","ec2:DescribeVpcEndpoints","ec2:DescribeVpcs","iam:AttachRolePolicy","iam:CreateServiceLinkedRole","iam:PutRolePolicy","kms:CreateGrant","kms:DescribeKey"]},"CreateConfiguration":{"conditionKeys":[],"resources":[{"name":"configuration"}],"description":"Grants permission to create an MSK configuration","accessLevel":"Write","resourceTypes":[{"name":"configuration","required":true}]},"CreateReplicator":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"replicator"}],"description":"Grants permission to create a MSK replicator","accessLevel":"Write","resourceTypes":[{"name":"replicator","required":true}],"dependentActions":["ec2:DescribeSecurityGroups","ec2:DescribeSubnets","ec2:DescribeVpcs","iam:AttachRolePolicy","iam:CreateServiceLinkedRole","iam:PassRole","iam:PutRolePolicy","kafka:DescribeClusterV2","kafka:GetBootstrapBrokers"]},"CreateTopic":{"conditionKeys":[],"resources":[{"name":"topic"}],"description":"Grants permission to create a Kafka topic in an MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"topic","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:CreateTopic"]},"CreateVpcConnection":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"},{"name":"vpc-connection"}],"description":"Grants permission to create a MSK VPC connection","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"vpc-connection","required":true}],"dependentActions":["ec2:CreateTags","ec2:CreateVpcEndpoint","ec2:DescribeSecurityGroups","ec2:DescribeSubnets","ec2:DescribeVpcAttribute","ec2:DescribeVpcEndpoints","ec2:DescribeVpcs","iam:AttachRolePolicy","iam:CreateServiceLinkedRole","iam:PutRolePolicy"]},"DeleteCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to delete an MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["ec2:DeleteVpcEndpoints","ec2:DescribeVpcAttribute","ec2:DescribeVpcEndpoints"]},"DeleteClusterPolicy":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to delete a cluster resource-based policy","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"DeleteConfiguration":{"conditionKeys":[],"resources":[{"name":"configuration"}],"description":"Grants permission to delete the specified MSK configuration","accessLevel":"Write","resourceTypes":[{"name":"configuration","required":true}]},"DeleteReplicator":{"conditionKeys":[],"resources":[{"name":"replicator"}],"description":"Grants permission to delete a MSK replicator","accessLevel":"Write","resourceTypes":[{"name":"replicator","required":true}]},"DeleteTopic":{"conditionKeys":[],"resources":[{"name":"topic"}],"description":"Grants permission to delete a Kafka topic from an MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"topic","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:DeleteTopic","kafka-cluster:DescribeTopic"]},"DeleteVpcConnection":{"conditionKeys":[],"resources":[{"name":"vpc-connection"}],"description":"Grants permission to delete a MSK VPC connection","accessLevel":"Write","resourceTypes":[{"name":"vpc-connection","required":true}],"dependentActions":["ec2:DeleteVpcEndpoints","ec2:DescribeVpcEndpoints"]},"DescribeCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to describe an MSK cluster","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}]},"DescribeClusterOperation":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe the cluster operation that is specified by the given ARN","accessLevel":"Read","resourceTypes":[]},"DescribeClusterOperationV2":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe the cluster operation that is specified by the given ARN","accessLevel":"Read","resourceTypes":[]},"DescribeClusterV2":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to describe an MSK cluster","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}]},"DescribeConfiguration":{"conditionKeys":[],"resources":[{"name":"configuration"}],"description":"Grants permission to describe an MSK configuration","accessLevel":"Read","resourceTypes":[{"name":"configuration","required":true}]},"DescribeConfigurationRevision":{"conditionKeys":[],"resources":[{"name":"configuration"}],"description":"Grants permission to describe an MSK configuration revision","accessLevel":"Read","resourceTypes":[{"name":"configuration","required":true}]},"DescribeReplicator":{"conditionKeys":[],"resources":[{"name":"replicator"}],"description":"Grants permission to describe a MSK replicator","accessLevel":"Read","resourceTypes":[{"name":"replicator","required":true}]},"DescribeTopic":{"conditionKeys":[],"resources":[{"name":"topic"}],"description":"Grants permission to return metadata details about a specific Kafka topic","accessLevel":"Read","resourceTypes":[{"name":"topic","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:DescribeTopic","kafka-cluster:DescribeTopicDynamicConfiguration"]},"DescribeTopicPartitions":{"conditionKeys":[],"resources":[{"name":"topic"}],"description":"Grants permission to list all partitions of a specific topic","accessLevel":"Read","resourceTypes":[{"name":"topic","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:DescribeTopic","kafka-cluster:DescribeTopicDynamicConfiguration"]},"DescribeVpcConnection":{"conditionKeys":[],"resources":[{"name":"vpc-connection"}],"description":"Grants permission to describe a MSK VPC connection","accessLevel":"Read","resourceTypes":[{"name":"vpc-connection","required":true}]},"GetBootstrapBrokers":{"conditionKeys":[],"resources":[],"description":"Grants permission to get connection details for the brokers in an MSK cluster","accessLevel":"Read","resourceTypes":[]},"GetClusterPolicy":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to describe a cluster resource-based policy","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}]},"GetCompatibleKafkaVersions":{"conditionKeys":[],"resources":[],"description":"Grants permission to get a list of the Apache Kafka versions to which you can update an MSK cluster","accessLevel":"List","resourceTypes":[]},"ListClientVpcConnections":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to list all MSK VPC connections created for a cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListClusterOperations":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to return a list of all the operations that have been performed on the specified MSK cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListClusterOperationsV2":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to return a list of all the operations that have been performed on the specified MSK cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListClusters":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all MSK clusters in this account","accessLevel":"List","resourceTypes":[]},"ListClustersV2":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all MSK clusters in this account","accessLevel":"List","resourceTypes":[]},"ListConfigurationRevisions":{"conditionKeys":[],"resources":[{"name":"configuration"}],"description":"Grants permission to list all revisions for an MSK configuration in this account","accessLevel":"List","resourceTypes":[{"name":"configuration","required":true}]},"ListConfigurations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all MSK configurations in this account","accessLevel":"List","resourceTypes":[]},"ListKafkaVersions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all Apache Kafka versions supported by Amazon MSK","accessLevel":"List","resourceTypes":[]},"ListNodes":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to list brokers in an MSK cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListReplicators":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all MSK replicators in this account","accessLevel":"List","resourceTypes":[]},"ListScramSecrets":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to list the Scram Secrets associated with an Amazon MSK cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to list tags of an MSK resource","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}]},"ListTopics":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to list all Kafka topics for a specified MSK cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["kafka-cluster:Connect","kafka-cluster:DescribeTopic"]},"ListVpcConnections":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all MSK VPC connections that this account uses","accessLevel":"List","resourceTypes":[]},"PutClusterPolicy":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to create or update the resource-based policy for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"RebootBroker":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to reboot broker","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"RejectClientVpcConnection":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"vpc-connection"}],"description":"Grants permission to reject a MSK VPC connection","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"vpc-connection","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"},{"name":"vpc-connection"}],"description":"Grants permission to tag an MSK resource","accessLevel":"Tagging","resourceTypes":[{"name":"cluster","required":false},{"name":"vpc-connection","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"cluster"},{"name":"vpc-connection"}],"description":"Grants permission to remove tags from an MSK resource","accessLevel":"Tagging","resourceTypes":[{"name":"cluster","required":false},{"name":"vpc-connection","required":false}]},"UpdateBrokerCount":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to update the number of brokers of the MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"UpdateBrokerStorage":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to update the storage size of the brokers of the MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"UpdateBrokerType":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to update the broker type of an Amazon MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"UpdateClusterConfiguration":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"configuration"}],"description":"Grants permission to update the configuration of the MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"configuration","required":true}]},"UpdateClusterKafkaVersion":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to update the MSK cluster to the specified Apache Kafka version","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"UpdateConfiguration":{"conditionKeys":[],"resources":[{"name":"configuration"}],"description":"Grants permission to create a new revision of the MSK configuration","accessLevel":"Write","resourceTypes":[{"name":"configuration","required":true}]},"UpdateConnectivity":{"conditionKeys":["kafka:publicAccessEnabled"],"resources":[{"name":"cluster"}],"description":"Grants permission to update the connectivity settings for the MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["ec2:DescribeRouteTables","ec2:DescribeSubnets"]},"UpdateMonitoring":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to update the monitoring settings for the MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"UpdateRebalancing":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to update the intelligent rebalancing status of the MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"UpdateReplicationInfo":{"conditionKeys":[],"resources":[{"name":"replicator"}],"description":"Grants permission to update the replication info of the MSK replicator","accessLevel":"Write","resourceTypes":[{"name":"replicator","required":true}]},"UpdateSecurity":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to update the security settings for the MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["kms:RetireGrant"]},"UpdateStorage":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to update the EBS storage (size or provisioned throughput) associated with MSK brokers or set cluster storage mode to TIERED","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"UpdateTopic":{"conditionKeys":[],"resources":[{"name":"topic"}],"description":"Grants permission to update the configuration of a Kafka topic in an MSK cluster","accessLevel":"Write","resourceTypes":[{"name":"topic","required":true}],"dependentActions":["kafka-cluster:AlterTopic","kafka-cluster:AlterTopicDynamicConfiguration","kafka-cluster:Connect","kafka-cluster:DescribeTopic"]}},"resources":[{"name":"cluster","arnFormats":["arn:${Partition}:kafka:${Region}:${Account}:cluster/${ClusterName}/${Uuid}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"configuration","arnFormats":["arn:${Partition}:kafka:${Region}:${Account}:configuration/${ConfigurationName}/${Uuid}"],"conditionKeys":[]},{"name":"group","arnFormats":["arn:${Partition}:kafka:${Region}:${Account}:group/${ClusterName}/${ClusterUuid}/${GroupName}"],"conditionKeys":[]},{"name":"replicator","arnFormats":["arn:${Partition}:kafka:${Region}:${Account}:replicator/${ReplicatorName}/${Uuid}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"topic","arnFormats":["arn:${Partition}:kafka:${Region}:${Account}:topic/${ClusterName}/${ClusterUuid}/${TopicName}"],"conditionKeys":[]},{"name":"transactional-id","arnFormats":["arn:${Partition}:kafka:${Region}:${Account}:transactional-id/${ClusterName}/${ClusterUuid}/${TransactionalId}"],"conditionKeys":[]},{"name":"vpc-connection","arnFormats":["arn:${Partition}:kafka:${Region}:${VpcOwnerAccount}:vpc-connection/${ClusterOwnerAccount}/${ClusterName}/${Uuid}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the presence of tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of tag keys in the request"},"kafka:publicAccessEnabled":{"types":["Bool"],"description":"Filters access by the presence of public access enabled in the request"}}}

package/src/data/servicereference/services/kafkaconnect.json

@@ -0,0 +1 @@
+{"name":"kafkaconnect","actions":{"CreateConnector":{"conditionKeys":[],"resources":[],"description":"Grants permission to create an MSK Connect connector","accessLevel":"Write","resourceTypes":[],"dependentActions":["ec2:CreateNetworkInterface","ec2:DescribeSecurityGroups","ec2:DescribeSubnets","ec2:DescribeVpcs","firehose:TagDeliveryStream","iam:AttachRolePolicy","iam:CreateServiceLinkedRole","iam:PassRole","iam:PutRolePolicy","logs:CreateLogDelivery","logs:DescribeLogGroups","logs:DescribeResourcePolicies","logs:GetLogDelivery","logs:ListLogDeliveries","logs:PutResourcePolicy","s3:GetBucketPolicy","s3:PutBucketPolicy"]},"CreateCustomPlugin":{"conditionKeys":[],"resources":[],"description":"Grants permission to create an MSK Connect custom plugin","accessLevel":"Write","resourceTypes":[],"dependentActions":["s3:GetObject"]},"CreateWorkerConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to create an MSK Connect worker configuration","accessLevel":"Write","resourceTypes":[]},"DeleteConnector":{"conditionKeys":[],"resources":[{"name":"connector"}],"description":"Grants permission to delete an MSK Connect connector","accessLevel":"Write","resourceTypes":[{"name":"connector","required":true}],"dependentActions":["logs:DeleteLogDelivery","logs:ListLogDeliveries"]},"DeleteCustomPlugin":{"conditionKeys":[],"resources":[{"name":"custom plugin"}],"description":"Grants permission to delete an MSK Connect custom plugin","accessLevel":"Write","resourceTypes":[{"name":"custom plugin","required":true}]},"DeleteWorkerConfiguration":{"conditionKeys":[],"resources":[{"name":"worker configuration"}],"description":"Grants permission to delete an MSK Connect worker configuration","accessLevel":"Write","resourceTypes":[{"name":"worker configuration","required":true}]},"DescribeConnector":{"conditionKeys":[],"resources":[{"name":"connector"}],"description":"Grants permission to describe an MSK Connect connector","accessLevel":"Read","resourceTypes":[{"name":"connector","required":true}]},"DescribeConnectorOperation":{"conditionKeys":[],"resources":[{"name":"connector operation"}],"description":"Grants permission to describe a MSK Connect connector operation","accessLevel":"Read","resourceTypes":[{"name":"connector operation","required":true}]},"DescribeCustomPlugin":{"conditionKeys":[],"resources":[{"name":"custom plugin"}],"description":"Grants permission to describe an MSK Connect custom plugin","accessLevel":"Read","resourceTypes":[{"name":"custom plugin","required":true}]},"DescribeWorkerConfiguration":{"conditionKeys":[],"resources":[{"name":"worker configuration"}],"description":"Grants permission to describe an MSK Connect worker configuration","accessLevel":"Read","resourceTypes":[{"name":"worker configuration","required":true}]},"ListConnectorOperations":{"conditionKeys":[],"resources":[{"name":"connector"}],"description":"Grants permission to list all operations of a given MSK Connect connector","accessLevel":"Read","resourceTypes":[{"name":"connector","required":true}]},"ListConnectors":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all MSK Connect connectors in this account","accessLevel":"Read","resourceTypes":[]},"ListCustomPlugins":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all MSK Connect custom plugins in this account","accessLevel":"Read","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"connector"},{"name":"custom plugin"},{"name":"worker configuration"}],"description":"Grants permission to list tags of an MSK Connect resource","accessLevel":"Read","resourceTypes":[{"name":"connector","required":false},{"name":"custom plugin","required":false},{"name":"worker configuration","required":false}]},"ListWorkerConfigurations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all MSK Connect worker configurations in this account","accessLevel":"Read","resourceTypes":[]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"connector"},{"name":"custom plugin"},{"name":"worker configuration"}],"description":"Grants permission to tag an MSK Connect resource","accessLevel":"Tagging","resourceTypes":[{"name":"connector","required":false},{"name":"custom plugin","required":false},{"name":"worker configuration","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"connector"},{"name":"custom plugin"},{"name":"worker configuration"}],"description":"Grants permission to remove tags from an MSK Connect resource","accessLevel":"Tagging","resourceTypes":[{"name":"connector","required":false},{"name":"custom plugin","required":false},{"name":"worker configuration","required":false}]},"UpdateConnector":{"conditionKeys":[],"resources":[{"name":"connector"}],"description":"Grants permission to update an MSK Connect connector","accessLevel":"Write","resourceTypes":[{"name":"connector","required":true}]}},"resources":[{"name":"connector","arnFormats":["arn:${Partition}:kafkaconnect:${Region}:${Account}:connector/${ConnectorName}/${UUID}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"connector operation","arnFormats":["arn:${Partition}:kafkaconnect:${Region}:${Account}:connector-operation/${ConnectorName}/${ConnectorUUID}/${UUID}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"custom plugin","arnFormats":["arn:${Partition}:kafkaconnect:${Region}:${Account}:custom-plugin/${CustomPluginName}/${UUID}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"worker configuration","arnFormats":["arn:${Partition}:kafkaconnect:${Region}:${Account}:worker-configuration/${WorkerConfigurationName}/${UUID}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the presence of tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of tag keys in the request"}}}

package/src/data/servicereference/services/kendra-ranking.json

@@ -0,0 +1 @@
+{"name":"kendra-ranking","actions":{"CreateRescoreExecutionPlan":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a RescoreExecutionPlan","accessLevel":"Write","resourceTypes":[]},"DeleteRescoreExecutionPlan":{"conditionKeys":[],"resources":[{"name":"rescore-execution-plan"}],"description":"Grants permission to delete a RescoreExecutionPlan","accessLevel":"Write","resourceTypes":[{"name":"rescore-execution-plan","required":true}]},"DescribeRescoreExecutionPlan":{"conditionKeys":[],"resources":[{"name":"rescore-execution-plan"}],"description":"Grants permission to describe a RescoreExecutionPlan","accessLevel":"Read","resourceTypes":[{"name":"rescore-execution-plan","required":true}]},"ListRescoreExecutionPlans":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all RescoreExecutionPlans","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"rescore-execution-plan"}],"description":"Grants permission to list tags for a resource","accessLevel":"Read","resourceTypes":[{"name":"rescore-execution-plan","required":false}]},"Rescore":{"conditionKeys":[],"resources":[{"name":"rescore-execution-plan"}],"description":"Grants permission to Rescore documents with Kendra Intelligent Ranking","accessLevel":"Read","resourceTypes":[{"name":"rescore-execution-plan","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"rescore-execution-plan"}],"description":"Grants permission to tag a resource with given key value pairs","accessLevel":"Tagging","resourceTypes":[{"name":"rescore-execution-plan","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"rescore-execution-plan"}],"description":"Grants permission to remove the tag with the given key from a resource","accessLevel":"Tagging","resourceTypes":[{"name":"rescore-execution-plan","required":false}]},"UpdateRescoreExecutionPlan":{"conditionKeys":[],"resources":[{"name":"rescore-execution-plan"}],"description":"Grants permission to update a RescoreExecutionPlan","accessLevel":"Write","resourceTypes":[{"name":"rescore-execution-plan","required":true}]}},"resources":[{"name":"rescore-execution-plan","arnFormats":["arn:${Partition}:kendra-ranking:${Region}:${Account}:rescore-execution-plan/${RescoreExecutionPlanId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/kendra.json

@@ -0,0 +1 @@
+{"name":"kendra","actions":{"AssociateEntitiesToExperience":{"conditionKeys":[],"resources":[{"name":"experience"},{"name":"index"}],"description":"Grants permission to put principal mapping in index","accessLevel":"Write","resourceTypes":[{"name":"experience","required":true},{"name":"index","required":true}]},"AssociatePersonasToEntities":{"conditionKeys":[],"resources":[{"name":"experience"},{"name":"index"}],"description":"Defines the specific permissions of users or groups in your AWS SSO identity source with access to your Amazon Kendra experience","accessLevel":"Write","resourceTypes":[{"name":"experience","required":true},{"name":"index","required":true}]},"BatchDeleteDocument":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to batch delete document","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"BatchDeleteFeaturedResultsSet":{"conditionKeys":[],"resources":[{"name":"featured-results-set"},{"name":"index"}],"description":"Grants permission to delete a featured results set","accessLevel":"Write","resourceTypes":[{"name":"featured-results-set","required":true},{"name":"index","required":true}]},"BatchGetDocumentStatus":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to do batch get document status","accessLevel":"Read","resourceTypes":[{"name":"index","required":true}]},"BatchPutDocument":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to batch put document","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"ClearQuerySuggestions":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to clear out the suggestions for a given index, generated so far","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"CreateAccessControlConfiguration":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to create an access control configuration","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"CreateDataSource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"index"}],"description":"Grants permission to create a data source","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"CreateExperience":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Creates an Amazon Kendra experience such as a search application","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"CreateFaq":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"index"}],"description":"Grants permission to create an Faq","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"CreateFeaturedResultsSet":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"index"}],"description":"Grants permission to create a featured results set","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"CreateIndex":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create an Index","accessLevel":"Write","resourceTypes":[]},"CreateQuerySuggestionsBlockList":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"index"}],"description":"Grants permission to create a QuerySuggestions BlockList","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"CreateThesaurus":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"index"}],"description":"Grants permission to create a Thesaurus","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"DeleteAccessControlConfiguration":{"conditionKeys":[],"resources":[{"name":"access-control-configuration"},{"name":"index"}],"description":"Grants permission to delete an access control configuration","accessLevel":"Write","resourceTypes":[{"name":"access-control-configuration","required":true},{"name":"index","required":true}]},"DeleteDataSource":{"conditionKeys":[],"resources":[{"name":"data-source"},{"name":"index"}],"description":"Grants permission to delete a data source","accessLevel":"Write","resourceTypes":[{"name":"data-source","required":true},{"name":"index","required":true}]},"DeleteExperience":{"conditionKeys":[],"resources":[{"name":"experience"},{"name":"index"}],"description":"Deletes your Amazon Kendra experience such as a search application","accessLevel":"Write","resourceTypes":[{"name":"experience","required":true},{"name":"index","required":true}]},"DeleteFaq":{"conditionKeys":[],"resources":[{"name":"faq"},{"name":"index"}],"description":"Grants permission to delete an Faq","accessLevel":"Write","resourceTypes":[{"name":"faq","required":true},{"name":"index","required":true}]},"DeleteIndex":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to delete an Index","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"DeletePrincipalMapping":{"conditionKeys":[],"resources":[{"name":"data-source"},{"name":"index"}],"description":"Grants permission to delete principal mapping from index","accessLevel":"Write","resourceTypes":[{"name":"index","required":true},{"name":"data-source","required":false}]},"DeleteQuerySuggestionsBlockList":{"conditionKeys":[],"resources":[{"name":"index"},{"name":"query-suggestions-block-list"}],"description":"Grants permission to delete a QuerySuggestions BlockList","accessLevel":"Write","resourceTypes":[{"name":"index","required":true},{"name":"query-suggestions-block-list","required":true}]},"DeleteThesaurus":{"conditionKeys":[],"resources":[{"name":"index"},{"name":"thesaurus"}],"description":"Grants permission to delete a Thesaurus","accessLevel":"Write","resourceTypes":[{"name":"index","required":true},{"name":"thesaurus","required":true}]},"DescribeAccessControlConfiguration":{"conditionKeys":[],"resources":[{"name":"access-control-configuration"},{"name":"index"}],"description":"Grants permission to describe an access control configuration","accessLevel":"Read","resourceTypes":[{"name":"access-control-configuration","required":true},{"name":"index","required":true}]},"DescribeDataSource":{"conditionKeys":[],"resources":[{"name":"data-source"},{"name":"index"}],"description":"Grants permission to describe a data source","accessLevel":"Read","resourceTypes":[{"name":"data-source","required":true},{"name":"index","required":true}]},"DescribeExperience":{"conditionKeys":[],"resources":[{"name":"experience"},{"name":"index"}],"description":"Gets information about your Amazon Kendra experience such as a search application","accessLevel":"Read","resourceTypes":[{"name":"experience","required":true},{"name":"index","required":true}]},"DescribeFaq":{"conditionKeys":[],"resources":[{"name":"faq"},{"name":"index"}],"description":"Grants permission to describe an Faq","accessLevel":"Read","resourceTypes":[{"name":"faq","required":true},{"name":"index","required":true}]},"DescribeFeaturedResultsSet":{"conditionKeys":[],"resources":[{"name":"featured-results-set"},{"name":"index"}],"description":"Grants permission to describe a featured results set","accessLevel":"Read","resourceTypes":[{"name":"featured-results-set","required":true},{"name":"index","required":true}]},"DescribeIndex":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to describe an Index","accessLevel":"Read","resourceTypes":[{"name":"index","required":true}]},"DescribePrincipalMapping":{"conditionKeys":[],"resources":[{"name":"data-source"},{"name":"index"}],"description":"Grants permission to describe principal mapping from index","accessLevel":"Read","resourceTypes":[{"name":"index","required":true},{"name":"data-source","required":false}]},"DescribeQuerySuggestionsBlockList":{"conditionKeys":[],"resources":[{"name":"index"},{"name":"query-suggestions-block-list"}],"description":"Grants permission to describe a QuerySuggestions BlockList","accessLevel":"Read","resourceTypes":[{"name":"index","required":true},{"name":"query-suggestions-block-list","required":true}]},"DescribeQuerySuggestionsConfig":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to describe the query suggestions configuration for an index","accessLevel":"Read","resourceTypes":[{"name":"index","required":true}]},"DescribeThesaurus":{"conditionKeys":[],"resources":[{"name":"index"},{"name":"thesaurus"}],"description":"Grants permission to describe a Thesaurus","accessLevel":"Read","resourceTypes":[{"name":"index","required":true},{"name":"thesaurus","required":true}]},"DisassociateEntitiesFromExperience":{"conditionKeys":[],"resources":[{"name":"experience"},{"name":"index"}],"description":"Prevents users or groups in your AWS SSO identity source from accessing your Amazon Kendra experience","accessLevel":"Write","resourceTypes":[{"name":"experience","required":true},{"name":"index","required":true}]},"DisassociatePersonasFromEntities":{"conditionKeys":[],"resources":[{"name":"experience"},{"name":"index"}],"description":"Removes the specific permissions of users or groups in your AWS SSO identity source with access to your Amazon Kendra experience","accessLevel":"Write","resourceTypes":[{"name":"experience","required":true},{"name":"index","required":true}]},"GetQuerySuggestions":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to get suggestions for a query prefix","accessLevel":"Read","resourceTypes":[{"name":"index","required":true}]},"GetSnapshots":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Retrieves search metrics data","accessLevel":"Read","resourceTypes":[{"name":"index","required":true}]},"ListAccessControlConfigurations":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to list the access control configurations","accessLevel":"List","resourceTypes":[{"name":"index","required":true}]},"ListDataSourceSyncJobs":{"conditionKeys":[],"resources":[{"name":"data-source"},{"name":"index"}],"description":"Grants permission to get Data Source sync job history","accessLevel":"List","resourceTypes":[{"name":"data-source","required":true},{"name":"index","required":true}]},"ListDataSources":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to list the data sources","accessLevel":"List","resourceTypes":[{"name":"index","required":true}]},"ListEntityPersonas":{"conditionKeys":[],"resources":[{"name":"experience"},{"name":"index"}],"description":"Lists specific permissions of users and groups with access to your Amazon Kendra experience","accessLevel":"List","resourceTypes":[{"name":"experience","required":true},{"name":"index","required":true}]},"ListExperienceEntities":{"conditionKeys":[],"resources":[{"name":"experience"},{"name":"index"}],"description":"Lists users or groups in your AWS SSO identity source that are granted access to your Amazon Kendra experience","accessLevel":"List","resourceTypes":[{"name":"experience","required":true},{"name":"index","required":true}]},"ListExperiences":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Lists one or more Amazon Kendra experiences. You can create an Amazon Kendra experience such as a search application","accessLevel":"List","resourceTypes":[{"name":"index","required":true}]},"ListFaqs":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to list the Faqs","accessLevel":"List","resourceTypes":[{"name":"index","required":true}]},"ListFeaturedResultsSets":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to list the featured results sets","accessLevel":"List","resourceTypes":[{"name":"index","required":true}]},"ListGroupsOlderThanOrderingId":{"conditionKeys":[],"resources":[{"name":"data-source"},{"name":"index"}],"description":"Grants permission to list groups that are older than an ordering id","accessLevel":"List","resourceTypes":[{"name":"index","required":true},{"name":"data-source","required":false}]},"ListIndices":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the indexes","accessLevel":"List","resourceTypes":[]},"ListQuerySuggestionsBlockLists":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to list the QuerySuggestions BlockLists","accessLevel":"List","resourceTypes":[{"name":"index","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"data-source"},{"name":"faq"},{"name":"featured-results-set"},{"name":"index"},{"name":"query-suggestions-block-list"},{"name":"thesaurus"}],"description":"Grants permission to list tags for a resource","accessLevel":"Read","resourceTypes":[{"name":"data-source","required":false},{"name":"faq","required":false},{"name":"featured-results-set","required":false},{"name":"index","required":false},{"name":"query-suggestions-block-list","required":false},{"name":"thesaurus","required":false}]},"ListThesauri":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to list the Thesauri","accessLevel":"List","resourceTypes":[{"name":"index","required":true}]},"PutPrincipalMapping":{"conditionKeys":[],"resources":[{"name":"data-source"},{"name":"index"}],"description":"Grants permission to put principal mapping in index","accessLevel":"Write","resourceTypes":[{"name":"index","required":true},{"name":"data-source","required":false}]},"Query":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to query documents and faqs","accessLevel":"Read","resourceTypes":[{"name":"index","required":true}]},"Retrieve":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to retrieve relevant content from an index","accessLevel":"Read","resourceTypes":[{"name":"index","required":true}]},"StartDataSourceSyncJob":{"conditionKeys":[],"resources":[{"name":"data-source"},{"name":"index"}],"description":"Grants permission to start Data Source sync job","accessLevel":"Write","resourceTypes":[{"name":"data-source","required":true},{"name":"index","required":true}]},"StopDataSourceSyncJob":{"conditionKeys":[],"resources":[{"name":"data-source"},{"name":"index"}],"description":"Grants permission to stop Data Source sync job","accessLevel":"Write","resourceTypes":[{"name":"data-source","required":true},{"name":"index","required":true}]},"SubmitFeedback":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to send feedback about a query results","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"data-source"},{"name":"faq"},{"name":"featured-results-set"},{"name":"index"},{"name":"query-suggestions-block-list"},{"name":"thesaurus"}],"description":"Grants permission to tag a resource with given key value pairs","accessLevel":"Tagging","resourceTypes":[{"name":"data-source","required":false},{"name":"faq","required":false},{"name":"featured-results-set","required":false},{"name":"index","required":false},{"name":"query-suggestions-block-list","required":false},{"name":"thesaurus","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"data-source"},{"name":"faq"},{"name":"featured-results-set"},{"name":"index"},{"name":"query-suggestions-block-list"},{"name":"thesaurus"}],"description":"Grants permission to remove the tag with the given key from a resource","accessLevel":"Tagging","resourceTypes":[{"name":"data-source","required":false},{"name":"faq","required":false},{"name":"featured-results-set","required":false},{"name":"index","required":false},{"name":"query-suggestions-block-list","required":false},{"name":"thesaurus","required":false}]},"UpdateAccessControlConfiguration":{"conditionKeys":[],"resources":[{"name":"access-control-configuration"},{"name":"index"}],"description":"Grants permission to update an access control configuration","accessLevel":"Write","resourceTypes":[{"name":"access-control-configuration","required":true},{"name":"index","required":true}]},"UpdateDataSource":{"conditionKeys":[],"resources":[{"name":"data-source"},{"name":"index"}],"description":"Grants permission to update a data source","accessLevel":"Write","resourceTypes":[{"name":"data-source","required":true},{"name":"index","required":true}]},"UpdateExperience":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Updates your Amazon Kendra experience such as a search application","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"UpdateFeaturedResultsSet":{"conditionKeys":[],"resources":[{"name":"featured-results-set"},{"name":"index"}],"description":"Grants permission to update a featured results set","accessLevel":"Write","resourceTypes":[{"name":"featured-results-set","required":true},{"name":"index","required":true}]},"UpdateIndex":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to update an Index","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"UpdateQuerySuggestionsBlockList":{"conditionKeys":[],"resources":[{"name":"index"},{"name":"query-suggestions-block-list"}],"description":"Grants permission to update a QuerySuggestions BlockList","accessLevel":"Write","resourceTypes":[{"name":"index","required":true},{"name":"query-suggestions-block-list","required":true}]},"UpdateQuerySuggestionsConfig":{"conditionKeys":[],"resources":[{"name":"index"}],"description":"Grants permission to update the query suggestions configuration for an index","accessLevel":"Write","resourceTypes":[{"name":"index","required":true}]},"UpdateThesaurus":{"conditionKeys":[],"resources":[{"name":"index"},{"name":"thesaurus"}],"description":"Grants permission to update a thesaurus","accessLevel":"Write","resourceTypes":[{"name":"index","required":true},{"name":"thesaurus","required":true}]}},"resources":[{"name":"access-control-configuration","arnFormats":["arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/access-control-configuration/${AccessControlConfigurationId}"],"conditionKeys":[]},{"name":"data-source","arnFormats":["arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/data-source/${DataSourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"experience","arnFormats":["arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/experience/${ExperienceId}"],"conditionKeys":[]},{"name":"faq","arnFormats":["arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/faq/${FaqId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"featured-results-set","arnFormats":["arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/featured-results-set/${FeaturedResultsSetId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"index","arnFormats":["arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"query-suggestions-block-list","arnFormats":["arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/query-suggestions-block-list/${QuerySuggestionsBlockListId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"thesaurus","arnFormats":["arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/thesaurus/${ThesaurusId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/kinesis.json

@@ -0,0 +1 @@
+{"name":"kinesis","actions":{"AddTagsToStream":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to add or update tags for the specified Amazon Kinesis stream. Each stream can have up to 50 tags","accessLevel":"Tagging","resourceTypes":[{"name":"stream","required":true}]},"CreateStream":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to create a Amazon Kinesis stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"DecreaseStreamRetentionPeriod":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to decrease the stream's retention period, which is the length of time data records are accessible after they are added to the stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"DeleteResourcePolicy":{"conditionKeys":[],"resources":[{"name":"consumer"},{"name":"stream"}],"description":"Grants permission to delete a resource policy associated with a specified stream or consumer","accessLevel":"Write","resourceTypes":[{"name":"consumer","required":true},{"name":"stream","required":true}]},"DeleteStream":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to delete a stream and all its shards and data","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"DeregisterStreamConsumer":{"conditionKeys":[],"resources":[{"name":"consumer"}],"description":"Grants permission to deregister a stream consumer with a Kinesis data stream","accessLevel":"Write","resourceTypes":[{"name":"consumer","required":true}]},"DescribeAccountSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe the account-level settings for Amazon Kinesis Data Streams","accessLevel":"Read","resourceTypes":[]},"DescribeLimits":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe the shard limits and usage for the account","accessLevel":"Read","resourceTypes":[]},"DescribeStream":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to describe the specified stream","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"DescribeStreamConsumer":{"conditionKeys":[],"resources":[{"name":"consumer"}],"description":"Grants permission to get the description of a registered stream consumer","accessLevel":"Read","resourceTypes":[{"name":"consumer","required":true}]},"DescribeStreamSummary":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to provide a summarized description of the specified Kinesis data stream without the shard list","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"DisableEnhancedMonitoring":{"conditionKeys":[],"resources":[],"description":"Grants permission to disables enhanced monitoring","accessLevel":"Write","resourceTypes":[]},"EnableEnhancedMonitoring":{"conditionKeys":[],"resources":[],"description":"Grants permission to enable enhanced Kinesis data stream monitoring for shard-level metrics","accessLevel":"Write","resourceTypes":[]},"GetRecords":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to get data records from a shard","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"GetResourcePolicy":{"conditionKeys":[],"resources":[{"name":"consumer"},{"name":"stream"}],"description":"Grants permission to get a resource policy associated with a specified stream or consumer","accessLevel":"Read","resourceTypes":[{"name":"consumer","required":true},{"name":"stream","required":true}]},"GetShardIterator":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to get a shard iterator. A shard iterator expires five minutes after it is returned to the requester","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"IncreaseStreamRetentionPeriod":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to increase the stream's retention period, which is the length of time data records are accessible after they are added to the stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"InjectApiError":{"conditionKeys":["kinesis:FisActionId","kinesis:FisInjectPercentage","kinesis:FisTargetArns"],"resources":[],"description":"Grants permission to temporarily inject errors for target API requests","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"ListShards":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to list the shards in a stream and provides information about each shard","accessLevel":"List","resourceTypes":[{"name":"stream","required":true}]},"ListStreamConsumers":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to list the stream consumers registered to receive data from a Kinesis stream using enhanced fan-out, and provides information about each consumer","accessLevel":"List","resourceTypes":[{"name":"stream","required":true}]},"ListStreams":{"conditionKeys":[],"resources":[],"description":"Grants permission to list your streams","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"consumer"},{"name":"stream"}],"description":"Grants permission to list the tags for the specified Amazon Kinesis resource","accessLevel":"Read","resourceTypes":[{"name":"consumer","required":true},{"name":"stream","required":true}]},"ListTagsForStream":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to list the tags for the specified Amazon Kinesis stream","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"MergeShards":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to merge two adjacent shards in a stream and combines them into a single shard to reduce the stream's capacity to ingest and transport data","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"PutRecord":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to write a single data record from a producer into an Amazon Kinesis stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"PutRecords":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to write multiple data records from a producer into an Amazon Kinesis stream in a single call (also referred to as a PutRecords request)","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"PutResourcePolicy":{"conditionKeys":[],"resources":[{"name":"consumer"},{"name":"stream"}],"description":"Grants permission to attach a resource policy to a specified stream or consumer","accessLevel":"Write","resourceTypes":[{"name":"consumer","required":true},{"name":"stream","required":true}]},"RegisterStreamConsumer":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to register a stream consumer with a Kinesis data stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"RemoveTagsFromStream":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to remove tags from the specified Kinesis data stream. Removed tags are deleted and cannot be recovered after this operation successfully completes","accessLevel":"Tagging","resourceTypes":[{"name":"stream","required":true}]},"SplitShard":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to split a shard into two new shards in the Kinesis data stream, to increase the stream's capacity to ingest and transport data","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"StartStreamEncryption":{"conditionKeys":[],"resources":[{"name":"kmsKey"},{"name":"stream"}],"description":"Grants permission to enable or update server-side encryption using an AWS KMS key for a specified stream","accessLevel":"Write","resourceTypes":[{"name":"kmsKey","required":true},{"name":"stream","required":true}]},"StopStreamEncryption":{"conditionKeys":[],"resources":[{"name":"kmsKey"},{"name":"stream"}],"description":"Grants permission to disable server-side encryption for a specified stream","accessLevel":"Write","resourceTypes":[{"name":"kmsKey","required":true},{"name":"stream","required":true}]},"SubscribeToShard":{"conditionKeys":[],"resources":[{"name":"consumer"}],"description":"Grants permission to listen to a specific shard with enhanced fan-out","accessLevel":"Read","resourceTypes":[{"name":"consumer","required":true}]},"TagResource":{"conditionKeys":[],"resources":[{"name":"consumer"},{"name":"stream"}],"description":"Grants permission to add or update tags for the specified Amazon Kinesis resource. Each resource can have up to 50 tags","accessLevel":"Tagging","resourceTypes":[{"name":"consumer","required":true},{"name":"stream","required":true}]},"UntagResource":{"conditionKeys":[],"resources":[{"name":"consumer"},{"name":"stream"}],"description":"Grants permission to remove tags from the specified Kinesis data resource. Removed tags are deleted and cannot be recovered after this operation successfully completes","accessLevel":"Tagging","resourceTypes":[{"name":"consumer","required":true},{"name":"stream","required":true}]},"UpdateAccountSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the account-level settings for Amazon Kinesis Data Streams","accessLevel":"Write","resourceTypes":[]},"UpdateMaxRecordSize":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to update the maximum record size for a Kinesis data stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"UpdateShardCount":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the shard count of the specified stream to the specified number of shards","accessLevel":"Write","resourceTypes":[]},"UpdateStreamMode":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the capacity mode of the data stream","accessLevel":"Write","resourceTypes":[]},"UpdateStreamWarmThroughput":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to update the warm throughput for a Kinesis on-demand data stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]}},"resources":[{"name":"consumer","arnFormats":["arn:${Partition}:kinesis:${Region}:${Account}:${StreamType}/${StreamName}/consumer/${ConsumerName}:${ConsumerCreationTimpstamp}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"kmsKey","arnFormats":["arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}"],"conditionKeys":[]},{"name":"stream","arnFormats":["arn:${Partition}:kinesis:${Region}:${Account}:stream/${StreamName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the presence of tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of tag keys in the request"},"kinesis:FisActionId":{"types":["String"],"description":"Filters access by the ID of an AWS FIS action"},"kinesis:FisInjectPercentage":{"types":["Numeric"],"description":"Filters access by the percentage of calls being affected by an AWS FIS action"},"kinesis:FisTargetArns":{"types":["ArrayOfARN"],"description":"Filters access by the ARN of an AWS FIS target"}}}

package/src/data/servicereference/services/kinesisanalytics.json

@@ -0,0 +1 @@
+{"name":"kinesisanalytics","actions":{"AddApplicationCloudWatchLoggingOption":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to add cloudwatch logging option to the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"AddApplicationInput":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to add input to the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"AddApplicationInputProcessingConfiguration":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to add input processing configuration to the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"AddApplicationOutput":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to add output to the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"AddApplicationReferenceDataSource":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to add reference data source to the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"AddApplicationVpcConfiguration":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to add VPC configuration to the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"CreateApplication":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create an application","accessLevel":"Write","resourceTypes":[]},"CreateApplicationPresignedUrl":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to create and return a URL that you can use to connect to an application's extension","accessLevel":"Read","resourceTypes":[{"name":"application","required":true}]},"CreateApplicationSnapshot":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to create a snapshot for an application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"DeleteApplication":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to delete the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"DeleteApplicationCloudWatchLoggingOption":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to delete the specified cloudwatch logging option of the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"DeleteApplicationInputProcessingConfiguration":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to delete the specified input processing configuration of the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"DeleteApplicationOutput":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to delete the specified output of the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"DeleteApplicationReferenceDataSource":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to delete the specified reference data source of the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"DeleteApplicationSnapshot":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to delete a snapshot for an application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"DeleteApplicationVpcConfiguration":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to delete the specified VPC configuration of the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"DescribeApplication":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to describe the specified application","accessLevel":"Read","resourceTypes":[{"name":"application","required":true}]},"DescribeApplicationOperation":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to describe an application operation of an application","accessLevel":"Read","resourceTypes":[{"name":"application","required":true}]},"DescribeApplicationSnapshot":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to describe an application snapshot","accessLevel":"Read","resourceTypes":[{"name":"application","required":true}]},"DescribeApplicationVersion":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to describe the application version of an application","accessLevel":"Read","resourceTypes":[{"name":"application","required":true}]},"DiscoverInputSchema":{"conditionKeys":[],"resources":[],"description":"Grants permission to discover the input schema for the application","accessLevel":"Read","resourceTypes":[]},"GetApplicationState":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to Kinesis Data Analytics console to display stream results for Kinesis Data Analytics SQL runtime applications","accessLevel":"Read","resourceTypes":[{"name":"application","required":true}],"permissionOnly":true},"ListApplicationOperations":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to list application operations of an application","accessLevel":"Read","resourceTypes":[{"name":"application","required":true}]},"ListApplicationSnapshots":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to list the snapshots for an application","accessLevel":"Read","resourceTypes":[{"name":"application","required":true}]},"ListApplicationVersions":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to list application versions of an application","accessLevel":"Read","resourceTypes":[{"name":"application","required":true}]},"ListApplications":{"conditionKeys":[],"resources":[],"description":"Grants permission to list applications for the account","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to fetch the tags associated with the application","accessLevel":"Read","resourceTypes":[{"name":"application","required":true}]},"RollbackApplication":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to perform rollback operation on an application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"StartApplication":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to start the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"StopApplication":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to stop the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"application"}],"description":"Grants permission to add tags to the application","accessLevel":"Tagging","resourceTypes":[{"name":"application","required":true}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"application"}],"description":"Grants permission to remove the specified tags from the application","accessLevel":"Tagging","resourceTypes":[{"name":"application","required":true}]},"UpdateApplication":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to update the application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"UpdateApplicationMaintenanceConfiguration":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to update the maintenance configuration of an application","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]}},"resources":[{"name":"application","arnFormats":["arn:${Partition}:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by set of values for each of the tags"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tag-value assoicated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of mandatory tag keys in the request"}}}

package/src/data/servicereference/services/kinesisvideo.json

@@ -0,0 +1 @@
+{"name":"kinesisvideo","actions":{"ConnectAsMaster":{"conditionKeys":[],"resources":[{"name":"channel"}],"description":"Grants permission to connect as a master to the signaling channel specified by the endpoint","accessLevel":"Write","resourceTypes":[{"name":"channel","required":true}]},"ConnectAsViewer":{"conditionKeys":[],"resources":[{"name":"channel"}],"description":"Grants permission to connect as a viewer to the signaling channel specified by the endpoint","accessLevel":"Write","resourceTypes":[{"name":"channel","required":true}]},"CreateSignalingChannel":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"channel"}],"description":"Grants permission to create a signaling channel","accessLevel":"Write","resourceTypes":[{"name":"channel","required":true}]},"CreateStream":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"stream"}],"description":"Grants permission to create a Kinesis video stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"DeleteEdgeConfiguration":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to delete the edge configuration of your Kinesis Video Stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"DeleteSignalingChannel":{"conditionKeys":[],"resources":[{"name":"channel"}],"description":"Grants permission to delete an existing signaling channel","accessLevel":"Write","resourceTypes":[{"name":"channel","required":true}]},"DeleteStream":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to delete an existing Kinesis video stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"DescribeEdgeConfiguration":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to describe the edge configuration of your Kinesis Video Stream","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"DescribeImageGenerationConfiguration":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to describe the image generation configuration of your Kinesis video stream","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"DescribeMappedResourceConfiguration":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to describe the resource mapped to the Kinesis video stream","accessLevel":"List","resourceTypes":[{"name":"stream","required":true}]},"DescribeMediaStorageConfiguration":{"conditionKeys":[],"resources":[{"name":"channel"}],"description":"Grants permission to describe the media storage configuration of a signaling channel","accessLevel":"Read","resourceTypes":[{"name":"channel","required":true}]},"DescribeNotificationConfiguration":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to describe the notification configuration of your Kinesis video stream","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"DescribeSignalingChannel":{"conditionKeys":[],"resources":[{"name":"channel"}],"description":"Grants permission to describe the specified signaling channel","accessLevel":"List","resourceTypes":[{"name":"channel","required":true}]},"DescribeStream":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to describe the specified Kinesis video stream","accessLevel":"List","resourceTypes":[{"name":"stream","required":true}]},"DescribeStreamStorageConfiguration":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to describe the stream storage configuration of your Kinesis Video Stream","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"GetClip":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to get a media clip from a video stream","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"GetDASHStreamingSessionURL":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to create a URL for MPEG-DASH video streaming","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"GetDataEndpoint":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to get an endpoint for a specified stream for either reading or writing media data to Kinesis Video Streams","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"GetHLSStreamingSessionURL":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to create a URL for HLS video streaming","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"GetIceServerConfig":{"conditionKeys":[],"resources":[{"name":"channel"}],"description":"Grants permission to get the ICE server configuration","accessLevel":"Read","resourceTypes":[{"name":"channel","required":true}]},"GetImages":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to get generated images from your Kinesis video stream","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"GetMedia":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to return media content of a Kinesis video stream","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"GetMediaForFragmentList":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to read and return media data only from persisted storage","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"GetSignalingChannelEndpoint":{"conditionKeys":[],"resources":[{"name":"channel"}],"description":"Grants permission to get endpoints for a specified combination of protocol and role for a signaling channel","accessLevel":"Read","resourceTypes":[{"name":"channel","required":true}]},"JoinStorageSession":{"conditionKeys":[],"resources":[{"name":"channel"}],"description":"Grants permission to join a storage session for a channel","accessLevel":"Write","resourceTypes":[{"name":"channel","required":true}]},"JoinStorageSessionAsViewer":{"conditionKeys":[],"resources":[{"name":"channel"}],"description":"Grants permission to join a storage session for a channel as viewer","accessLevel":"Write","resourceTypes":[{"name":"channel","required":true}]},"ListEdgeAgentConfigurations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list an edge agent configurations","accessLevel":"List","resourceTypes":[]},"ListFragments":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to list the fragments from archival storage based on the pagination token or selector type with range specified","accessLevel":"List","resourceTypes":[{"name":"stream","required":true}]},"ListSignalingChannels":{"conditionKeys":[],"resources":[],"description":"Grants permission to list your signaling channels","accessLevel":"List","resourceTypes":[]},"ListStreams":{"conditionKeys":[],"resources":[],"description":"Grants permission to list your Kinesis video streams","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"channel"},{"name":"stream"}],"description":"Grants permission to fetch the tags associated with your resource","accessLevel":"Read","resourceTypes":[{"name":"channel","required":false},{"name":"stream","required":false}]},"ListTagsForStream":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to fetch the tags associated with Kinesis video stream","accessLevel":"Read","resourceTypes":[{"name":"stream","required":true}]},"PutMedia":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to send media data to a Kinesis video stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"SendAlexaOfferToMaster":{"conditionKeys":[],"resources":[{"name":"channel"}],"description":"Grants permission to send the Alexa SDP offer to the master","accessLevel":"Write","resourceTypes":[{"name":"channel","required":true}]},"StartEdgeConfigurationUpdate":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to start edge configuration update of your Kinesis Video Stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"channel"},{"name":"stream"}],"description":"Grants permission to attach set of tags to your resource","accessLevel":"Tagging","resourceTypes":[{"name":"channel","required":false},{"name":"stream","required":false}]},"TagStream":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"stream"}],"description":"Grants permission to attach set of tags to your Kinesis video streams","accessLevel":"Tagging","resourceTypes":[{"name":"stream","required":true}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"channel"},{"name":"stream"}],"description":"Grants permission to remove one or more tags from your resource","accessLevel":"Tagging","resourceTypes":[{"name":"channel","required":false},{"name":"stream","required":false}]},"UntagStream":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"stream"}],"description":"Grants permission to remove one or more tags from your Kinesis video streams","accessLevel":"Tagging","resourceTypes":[{"name":"stream","required":true}]},"UpdateDataRetention":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to update the data retention period of your Kinesis video stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"UpdateImageGenerationConfiguration":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to update the image generation configuration of your Kinesis video stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"UpdateMediaStorageConfiguration":{"conditionKeys":[],"resources":[{"name":"channel"}],"description":"Grants permission to create or update an mapping between a signaling channel and stream","accessLevel":"Write","resourceTypes":[{"name":"channel","required":true}]},"UpdateNotificationConfiguration":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to update the notification configuration of your Kinesis video stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"UpdateSignalingChannel":{"conditionKeys":[],"resources":[{"name":"channel"}],"description":"Grants permission to update an existing signaling channel","accessLevel":"Write","resourceTypes":[{"name":"channel","required":true}]},"UpdateStream":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to update an existing Kinesis video stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]},"UpdateStreamStorageConfiguration":{"conditionKeys":[],"resources":[{"name":"stream"}],"description":"Grants permission to update the stream storage configuration of your Kinesis Video Stream","accessLevel":"Write","resourceTypes":[{"name":"stream","required":true}]}},"resources":[{"name":"channel","arnFormats":["arn:${Partition}:kinesisvideo:${Region}:${Account}:channel/${ChannelName}/${CreationTime}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"stream","arnFormats":["arn:${Partition}:kinesisvideo:${Region}:${Account}:stream/${StreamName}/${CreationTime}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters requests based on the allowed set of values for each of the tags"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters actions based on tag-value assoicated with the stream"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters requests based on the presence of mandatory tag keys in the request"}}}

package/src/data/servicereference/services/kms.json

@@ -0,0 +1 @@
+{"name":"kms","actions":{"CancelKeyDeletion":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to cancel the scheduled deletion of an AWS KMS key","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"ConnectCustomKeyStore":{"conditionKeys":["kms:CallerAccount"],"resources":[],"description":"Controls permission to connect or reconnect a custom key store to its associated AWS CloudHSM cluster or external key manager outside of AWS","accessLevel":"Write","resourceTypes":[]},"CreateAlias":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"alias"},{"name":"key"}],"description":"Controls permission to create an alias for an AWS KMS key. Aliases are optional friendly names that you can associate with KMS keys","accessLevel":"Write","resourceTypes":[{"name":"alias","required":true},{"name":"key","required":true}]},"CreateCustomKeyStore":{"conditionKeys":["kms:CallerAccount"],"resources":[],"description":"Controls permission to create a custom key store that is backed by an AWS CloudHSM cluster or an external key manager outside of AWS","accessLevel":"Write","resourceTypes":[],"dependentActions":["cloudhsm:DescribeClusters","ec2:DescribeVpcEndpointServices","iam:CreateServiceLinkedRole"]},"CreateGrant":{"conditionKeys":["kms:CallerAccount","kms:EncryptionContext:${EncryptionContextKey}","kms:EncryptionContextKeys","kms:GrantConstraintType","kms:GrantIsForAWSResource","kms:GrantOperations","kms:GranteePrincipal","kms:RetiringPrincipal","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to add a grant to an AWS KMS key. You can use grants to add permissions without changing the key policy or IAM policy","accessLevel":"Permissions management","resourceTypes":[{"name":"key","required":true}]},"CreateKey":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","kms:BypassPolicyLockoutSafetyCheck","kms:CallerAccount","kms:KeyOrigin","kms:KeySpec","kms:KeyUsage","kms:MultiRegion","kms:MultiRegionKeyType","kms:ViaService"],"resources":[],"description":"Controls permission to create an AWS KMS key that can be used to protect data keys and other sensitive information","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:CreateServiceLinkedRole","kms:PutKeyPolicy","kms:TagResource"]},"Decrypt":{"conditionKeys":["kms:CallerAccount","kms:EncryptionAlgorithm","kms:EncryptionContext:${EncryptionContextKey}","kms:EncryptionContextKeys","kms:RecipientAttestation:ImageSha384","kms:RecipientAttestation:NitroTPMPCR0","kms:RecipientAttestation:NitroTPMPCR1","kms:RecipientAttestation:NitroTPMPCR10","kms:RecipientAttestation:NitroTPMPCR11","kms:RecipientAttestation:NitroTPMPCR12","kms:RecipientAttestation:NitroTPMPCR13","kms:RecipientAttestation:NitroTPMPCR14","kms:RecipientAttestation:NitroTPMPCR15","kms:RecipientAttestation:NitroTPMPCR16","kms:RecipientAttestation:NitroTPMPCR17","kms:RecipientAttestation:NitroTPMPCR18","kms:RecipientAttestation:NitroTPMPCR19","kms:RecipientAttestation:NitroTPMPCR2","kms:RecipientAttestation:NitroTPMPCR20","kms:RecipientAttestation:NitroTPMPCR21","kms:RecipientAttestation:NitroTPMPCR22","kms:RecipientAttestation:NitroTPMPCR23","kms:RecipientAttestation:NitroTPMPCR3","kms:RecipientAttestation:NitroTPMPCR4","kms:RecipientAttestation:NitroTPMPCR5","kms:RecipientAttestation:NitroTPMPCR6","kms:RecipientAttestation:NitroTPMPCR7","kms:RecipientAttestation:NitroTPMPCR8","kms:RecipientAttestation:NitroTPMPCR9","kms:RecipientAttestation:PCR0","kms:RecipientAttestation:PCR1","kms:RecipientAttestation:PCR10","kms:RecipientAttestation:PCR11","kms:RecipientAttestation:PCR12","kms:RecipientAttestation:PCR13","kms:RecipientAttestation:PCR14","kms:RecipientAttestation:PCR15","kms:RecipientAttestation:PCR16","kms:RecipientAttestation:PCR17","kms:RecipientAttestation:PCR18","kms:RecipientAttestation:PCR19","kms:RecipientAttestation:PCR2","kms:RecipientAttestation:PCR20","kms:RecipientAttestation:PCR21","kms:RecipientAttestation:PCR22","kms:RecipientAttestation:PCR23","kms:RecipientAttestation:PCR24","kms:RecipientAttestation:PCR25","kms:RecipientAttestation:PCR26","kms:RecipientAttestation:PCR27","kms:RecipientAttestation:PCR28","kms:RecipientAttestation:PCR29","kms:RecipientAttestation:PCR3","kms:RecipientAttestation:PCR30","kms:RecipientAttestation:PCR31","kms:RecipientAttestation:PCR4","kms:RecipientAttestation:PCR5","kms:RecipientAttestation:PCR6","kms:RecipientAttestation:PCR7","kms:RecipientAttestation:PCR8","kms:RecipientAttestation:PCR9","kms:RequestAlias","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to decrypt ciphertext that was encrypted under an AWS KMS key","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"DeleteAlias":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"alias"},{"name":"key"}],"description":"Controls permission to delete an alias. Aliases are optional friendly names that you can associate with AWS KMS keys","accessLevel":"Write","resourceTypes":[{"name":"alias","required":true},{"name":"key","required":true}]},"DeleteCustomKeyStore":{"conditionKeys":["kms:CallerAccount"],"resources":[],"description":"Controls permission to delete a custom key store","accessLevel":"Write","resourceTypes":[]},"DeleteImportedKeyMaterial":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to delete cryptographic material that you imported into an AWS KMS key. This action makes the key unusable","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"DeriveSharedSecret":{"conditionKeys":["kms:CallerAccount","kms:KeyAgreementAlgorithm","kms:RecipientAttestation:ImageSha384","kms:RecipientAttestation:NitroTPMPCR0","kms:RecipientAttestation:NitroTPMPCR1","kms:RecipientAttestation:NitroTPMPCR10","kms:RecipientAttestation:NitroTPMPCR11","kms:RecipientAttestation:NitroTPMPCR12","kms:RecipientAttestation:NitroTPMPCR13","kms:RecipientAttestation:NitroTPMPCR14","kms:RecipientAttestation:NitroTPMPCR15","kms:RecipientAttestation:NitroTPMPCR16","kms:RecipientAttestation:NitroTPMPCR17","kms:RecipientAttestation:NitroTPMPCR18","kms:RecipientAttestation:NitroTPMPCR19","kms:RecipientAttestation:NitroTPMPCR2","kms:RecipientAttestation:NitroTPMPCR20","kms:RecipientAttestation:NitroTPMPCR21","kms:RecipientAttestation:NitroTPMPCR22","kms:RecipientAttestation:NitroTPMPCR23","kms:RecipientAttestation:NitroTPMPCR3","kms:RecipientAttestation:NitroTPMPCR4","kms:RecipientAttestation:NitroTPMPCR5","kms:RecipientAttestation:NitroTPMPCR6","kms:RecipientAttestation:NitroTPMPCR7","kms:RecipientAttestation:NitroTPMPCR8","kms:RecipientAttestation:NitroTPMPCR9","kms:RecipientAttestation:PCR0","kms:RecipientAttestation:PCR1","kms:RecipientAttestation:PCR10","kms:RecipientAttestation:PCR11","kms:RecipientAttestation:PCR12","kms:RecipientAttestation:PCR13","kms:RecipientAttestation:PCR14","kms:RecipientAttestation:PCR15","kms:RecipientAttestation:PCR16","kms:RecipientAttestation:PCR17","kms:RecipientAttestation:PCR18","kms:RecipientAttestation:PCR19","kms:RecipientAttestation:PCR2","kms:RecipientAttestation:PCR20","kms:RecipientAttestation:PCR21","kms:RecipientAttestation:PCR22","kms:RecipientAttestation:PCR23","kms:RecipientAttestation:PCR24","kms:RecipientAttestation:PCR25","kms:RecipientAttestation:PCR26","kms:RecipientAttestation:PCR27","kms:RecipientAttestation:PCR28","kms:RecipientAttestation:PCR29","kms:RecipientAttestation:PCR3","kms:RecipientAttestation:PCR30","kms:RecipientAttestation:PCR31","kms:RecipientAttestation:PCR4","kms:RecipientAttestation:PCR5","kms:RecipientAttestation:PCR6","kms:RecipientAttestation:PCR7","kms:RecipientAttestation:PCR8","kms:RecipientAttestation:PCR9","kms:RequestAlias","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to use the specified AWS KMS key to derive shared secrets","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"DescribeCustomKeyStores":{"conditionKeys":["kms:CallerAccount"],"resources":[],"description":"Controls permission to view detailed information about custom key stores in the account and region","accessLevel":"Read","resourceTypes":[]},"DescribeKey":{"conditionKeys":["kms:CallerAccount","kms:RequestAlias","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to view detailed information about an AWS KMS key","accessLevel":"Read","resourceTypes":[{"name":"key","required":true}]},"DisableKey":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to disable an AWS KMS key, which prevents it from being used in cryptographic operations","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"DisableKeyRotation":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to disable automatic rotation of a customer managed AWS KMS key","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"DisconnectCustomKeyStore":{"conditionKeys":["kms:CallerAccount"],"resources":[],"description":"Controls permission to disconnect the custom key store from its associated AWS CloudHSM cluster or external key manager outside of AWS","accessLevel":"Write","resourceTypes":[]},"EnableKey":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to change the state of an AWS KMS key to enabled. This allows the KMS key to be used in cryptographic operations","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"EnableKeyRotation":{"conditionKeys":["kms:CallerAccount","kms:RotationPeriodInDays","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to enable automatic rotation of the cryptographic material in an AWS KMS key","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"Encrypt":{"conditionKeys":["kms:CallerAccount","kms:EncryptionAlgorithm","kms:EncryptionContext:${EncryptionContextKey}","kms:EncryptionContextKeys","kms:RequestAlias","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to use the specified AWS KMS key to encrypt data and data keys","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"GenerateDataKey":{"conditionKeys":["kms:CallerAccount","kms:EncryptionAlgorithm","kms:EncryptionContext:${EncryptionContextKey}","kms:EncryptionContextKeys","kms:RecipientAttestation:ImageSha384","kms:RecipientAttestation:NitroTPMPCR0","kms:RecipientAttestation:NitroTPMPCR1","kms:RecipientAttestation:NitroTPMPCR10","kms:RecipientAttestation:NitroTPMPCR11","kms:RecipientAttestation:NitroTPMPCR12","kms:RecipientAttestation:NitroTPMPCR13","kms:RecipientAttestation:NitroTPMPCR14","kms:RecipientAttestation:NitroTPMPCR15","kms:RecipientAttestation:NitroTPMPCR16","kms:RecipientAttestation:NitroTPMPCR17","kms:RecipientAttestation:NitroTPMPCR18","kms:RecipientAttestation:NitroTPMPCR19","kms:RecipientAttestation:NitroTPMPCR2","kms:RecipientAttestation:NitroTPMPCR20","kms:RecipientAttestation:NitroTPMPCR21","kms:RecipientAttestation:NitroTPMPCR22","kms:RecipientAttestation:NitroTPMPCR23","kms:RecipientAttestation:NitroTPMPCR3","kms:RecipientAttestation:NitroTPMPCR4","kms:RecipientAttestation:NitroTPMPCR5","kms:RecipientAttestation:NitroTPMPCR6","kms:RecipientAttestation:NitroTPMPCR7","kms:RecipientAttestation:NitroTPMPCR8","kms:RecipientAttestation:NitroTPMPCR9","kms:RecipientAttestation:PCR0","kms:RecipientAttestation:PCR1","kms:RecipientAttestation:PCR10","kms:RecipientAttestation:PCR11","kms:RecipientAttestation:PCR12","kms:RecipientAttestation:PCR13","kms:RecipientAttestation:PCR14","kms:RecipientAttestation:PCR15","kms:RecipientAttestation:PCR16","kms:RecipientAttestation:PCR17","kms:RecipientAttestation:PCR18","kms:RecipientAttestation:PCR19","kms:RecipientAttestation:PCR2","kms:RecipientAttestation:PCR20","kms:RecipientAttestation:PCR21","kms:RecipientAttestation:PCR22","kms:RecipientAttestation:PCR23","kms:RecipientAttestation:PCR24","kms:RecipientAttestation:PCR25","kms:RecipientAttestation:PCR26","kms:RecipientAttestation:PCR27","kms:RecipientAttestation:PCR28","kms:RecipientAttestation:PCR29","kms:RecipientAttestation:PCR3","kms:RecipientAttestation:PCR30","kms:RecipientAttestation:PCR31","kms:RecipientAttestation:PCR4","kms:RecipientAttestation:PCR5","kms:RecipientAttestation:PCR6","kms:RecipientAttestation:PCR7","kms:RecipientAttestation:PCR8","kms:RecipientAttestation:PCR9","kms:RequestAlias","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to use the AWS KMS key to generate data keys. You can use the data keys to encrypt data outside of AWS KMS","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"GenerateDataKeyPair":{"conditionKeys":["kms:CallerAccount","kms:DataKeyPairSpec","kms:EncryptionAlgorithm","kms:EncryptionContext:${EncryptionContextKey}","kms:EncryptionContextKeys","kms:RecipientAttestation:ImageSha384","kms:RecipientAttestation:NitroTPMPCR0","kms:RecipientAttestation:NitroTPMPCR1","kms:RecipientAttestation:NitroTPMPCR10","kms:RecipientAttestation:NitroTPMPCR11","kms:RecipientAttestation:NitroTPMPCR12","kms:RecipientAttestation:NitroTPMPCR13","kms:RecipientAttestation:NitroTPMPCR14","kms:RecipientAttestation:NitroTPMPCR15","kms:RecipientAttestation:NitroTPMPCR16","kms:RecipientAttestation:NitroTPMPCR17","kms:RecipientAttestation:NitroTPMPCR18","kms:RecipientAttestation:NitroTPMPCR19","kms:RecipientAttestation:NitroTPMPCR2","kms:RecipientAttestation:NitroTPMPCR20","kms:RecipientAttestation:NitroTPMPCR21","kms:RecipientAttestation:NitroTPMPCR22","kms:RecipientAttestation:NitroTPMPCR23","kms:RecipientAttestation:NitroTPMPCR3","kms:RecipientAttestation:NitroTPMPCR4","kms:RecipientAttestation:NitroTPMPCR5","kms:RecipientAttestation:NitroTPMPCR6","kms:RecipientAttestation:NitroTPMPCR7","kms:RecipientAttestation:NitroTPMPCR8","kms:RecipientAttestation:NitroTPMPCR9","kms:RecipientAttestation:PCR0","kms:RecipientAttestation:PCR1","kms:RecipientAttestation:PCR10","kms:RecipientAttestation:PCR11","kms:RecipientAttestation:PCR12","kms:RecipientAttestation:PCR13","kms:RecipientAttestation:PCR14","kms:RecipientAttestation:PCR15","kms:RecipientAttestation:PCR16","kms:RecipientAttestation:PCR17","kms:RecipientAttestation:PCR18","kms:RecipientAttestation:PCR19","kms:RecipientAttestation:PCR2","kms:RecipientAttestation:PCR20","kms:RecipientAttestation:PCR21","kms:RecipientAttestation:PCR22","kms:RecipientAttestation:PCR23","kms:RecipientAttestation:PCR24","kms:RecipientAttestation:PCR25","kms:RecipientAttestation:PCR26","kms:RecipientAttestation:PCR27","kms:RecipientAttestation:PCR28","kms:RecipientAttestation:PCR29","kms:RecipientAttestation:PCR3","kms:RecipientAttestation:PCR30","kms:RecipientAttestation:PCR31","kms:RecipientAttestation:PCR4","kms:RecipientAttestation:PCR5","kms:RecipientAttestation:PCR6","kms:RecipientAttestation:PCR7","kms:RecipientAttestation:PCR8","kms:RecipientAttestation:PCR9","kms:RequestAlias","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to use the AWS KMS key to generate data key pairs","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"GenerateDataKeyPairWithoutPlaintext":{"conditionKeys":["kms:CallerAccount","kms:DataKeyPairSpec","kms:EncryptionAlgorithm","kms:EncryptionContext:${EncryptionContextKey}","kms:EncryptionContextKeys","kms:RequestAlias","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to use the AWS KMS key to generate data key pairs. Unlike the GenerateDataKeyPair operation, this operation returns an encrypted private key without a plaintext copy","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"GenerateDataKeyWithoutPlaintext":{"conditionKeys":["kms:CallerAccount","kms:EncryptionAlgorithm","kms:EncryptionContext:${EncryptionContextKey}","kms:EncryptionContextKeys","kms:RequestAlias","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to use the AWS KMS key to generate a data key. Unlike the GenerateDataKey operation, this operation returns an encrypted data key without a plaintext version of the data key","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"GenerateMac":{"conditionKeys":["kms:CallerAccount","kms:MacAlgorithm","kms:RequestAlias","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to use the AWS KMS key to generate message authentication codes","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"GenerateRandom":{"conditionKeys":["kms:RecipientAttestation:ImageSha384","kms:RecipientAttestation:NitroTPMPCR0","kms:RecipientAttestation:NitroTPMPCR1","kms:RecipientAttestation:NitroTPMPCR10","kms:RecipientAttestation:NitroTPMPCR11","kms:RecipientAttestation:NitroTPMPCR12","kms:RecipientAttestation:NitroTPMPCR13","kms:RecipientAttestation:NitroTPMPCR14","kms:RecipientAttestation:NitroTPMPCR15","kms:RecipientAttestation:NitroTPMPCR16","kms:RecipientAttestation:NitroTPMPCR17","kms:RecipientAttestation:NitroTPMPCR18","kms:RecipientAttestation:NitroTPMPCR19","kms:RecipientAttestation:NitroTPMPCR2","kms:RecipientAttestation:NitroTPMPCR20","kms:RecipientAttestation:NitroTPMPCR21","kms:RecipientAttestation:NitroTPMPCR22","kms:RecipientAttestation:NitroTPMPCR23","kms:RecipientAttestation:NitroTPMPCR3","kms:RecipientAttestation:NitroTPMPCR4","kms:RecipientAttestation:NitroTPMPCR5","kms:RecipientAttestation:NitroTPMPCR6","kms:RecipientAttestation:NitroTPMPCR7","kms:RecipientAttestation:NitroTPMPCR8","kms:RecipientAttestation:NitroTPMPCR9","kms:RecipientAttestation:PCR0","kms:RecipientAttestation:PCR1","kms:RecipientAttestation:PCR10","kms:RecipientAttestation:PCR11","kms:RecipientAttestation:PCR12","kms:RecipientAttestation:PCR13","kms:RecipientAttestation:PCR14","kms:RecipientAttestation:PCR15","kms:RecipientAttestation:PCR16","kms:RecipientAttestation:PCR17","kms:RecipientAttestation:PCR18","kms:RecipientAttestation:PCR19","kms:RecipientAttestation:PCR2","kms:RecipientAttestation:PCR20","kms:RecipientAttestation:PCR21","kms:RecipientAttestation:PCR22","kms:RecipientAttestation:PCR23","kms:RecipientAttestation:PCR24","kms:RecipientAttestation:PCR25","kms:RecipientAttestation:PCR26","kms:RecipientAttestation:PCR27","kms:RecipientAttestation:PCR28","kms:RecipientAttestation:PCR29","kms:RecipientAttestation:PCR3","kms:RecipientAttestation:PCR30","kms:RecipientAttestation:PCR31","kms:RecipientAttestation:PCR4","kms:RecipientAttestation:PCR5","kms:RecipientAttestation:PCR6","kms:RecipientAttestation:PCR7","kms:RecipientAttestation:PCR8","kms:RecipientAttestation:PCR9"],"resources":[],"description":"Controls permission to get a cryptographically secure random byte string from AWS KMS","accessLevel":"Write","resourceTypes":[]},"GetKeyPolicy":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to view the key policy for the specified AWS KMS key","accessLevel":"Read","resourceTypes":[{"name":"key","required":true}]},"GetKeyRotationStatus":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to view the key rotation status for an AWS KMS key","accessLevel":"Read","resourceTypes":[{"name":"key","required":true}]},"GetParametersForImport":{"conditionKeys":["kms:CallerAccount","kms:ViaService","kms:WrappingAlgorithm","kms:WrappingKeySpec"],"resources":[{"name":"key"}],"description":"Controls permission to get data that is required to import cryptographic material into a customer managed key, including a public key and import token","accessLevel":"Read","resourceTypes":[{"name":"key","required":true}]},"GetPublicKey":{"conditionKeys":["kms:CallerAccount","kms:RequestAlias","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to download the public key of an asymmetric AWS KMS key","accessLevel":"Read","resourceTypes":[{"name":"key","required":true}]},"ImportKeyMaterial":{"conditionKeys":["kms:CallerAccount","kms:ExpirationModel","kms:ValidTo","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to import cryptographic material into an AWS KMS key","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"ListAliases":{"conditionKeys":[],"resources":[],"description":"Controls permission to view the aliases that are defined in the account. Aliases are optional friendly names that you can associate with AWS KMS keys","accessLevel":"List","resourceTypes":[]},"ListGrants":{"conditionKeys":["kms:CallerAccount","kms:GrantIsForAWSResource","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to view all grants for an AWS KMS key","accessLevel":"List","resourceTypes":[{"name":"key","required":true}]},"ListKeyPolicies":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to view the names of key policies for an AWS KMS key","accessLevel":"List","resourceTypes":[{"name":"key","required":true}]},"ListKeyRotations":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to view the list of key materials for an AWS KMS key","accessLevel":"List","resourceTypes":[{"name":"key","required":true}]},"ListKeys":{"conditionKeys":[],"resources":[],"description":"Controls permission to view the key ID and Amazon Resource Name (ARN) of all AWS KMS keys in the account","accessLevel":"List","resourceTypes":[]},"ListResourceTags":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to view all tags that are attached to an AWS KMS key","accessLevel":"List","resourceTypes":[{"name":"key","required":true}]},"ListRetirableGrants":{"conditionKeys":[],"resources":[],"description":"Controls permission to view grants in which the specified principal is the retiring principal. Other principals might be able to retire the grant and this principal might be able to retire other grants","accessLevel":"List","resourceTypes":[]},"PutKeyPolicy":{"conditionKeys":["kms:BypassPolicyLockoutSafetyCheck","kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to replace the key policy for the specified AWS KMS key","accessLevel":"Permissions management","resourceTypes":[{"name":"key","required":true}]},"ReEncryptFrom":{"conditionKeys":["kms:CallerAccount","kms:EncryptionAlgorithm","kms:EncryptionContext:${EncryptionContextKey}","kms:EncryptionContextKeys","kms:ReEncryptOnSameKey","kms:RequestAlias","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to decrypt data as part of the process that decrypts and reencrypts the data within AWS KMS","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"ReEncryptTo":{"conditionKeys":["kms:CallerAccount","kms:EncryptionAlgorithm","kms:EncryptionContext:${EncryptionContextKey}","kms:EncryptionContextKeys","kms:ReEncryptOnSameKey","kms:RequestAlias","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to encrypt data as part of the process that decrypts and reencrypts the data within AWS KMS","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"ReplicateKey":{"conditionKeys":["kms:CallerAccount","kms:ReplicaRegion","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to replicate a multi-Region primary key","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}],"dependentActions":["iam:CreateServiceLinkedRole","kms:CreateKey","kms:PutKeyPolicy","kms:TagResource"]},"RetireGrant":{"conditionKeys":["kms:CallerAccount","kms:EncryptionContext:${EncryptionContextKey}","kms:EncryptionContextKeys","kms:GrantConstraintType","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to retire a grant. The RetireGrant operation is typically called by the grant user after they complete the tasks that the grant allowed them to perform","accessLevel":"Permissions management","resourceTypes":[{"name":"key","required":true}]},"RevokeGrant":{"conditionKeys":["kms:CallerAccount","kms:GrantIsForAWSResource","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to revoke a grant, which denies permission for all operations that depend on the grant","accessLevel":"Permissions management","resourceTypes":[{"name":"key","required":true}]},"RotateKeyOnDemand":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to invoke on-demand rotation of the cryptographic material in an AWS KMS key","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"ScheduleKeyDeletion":{"conditionKeys":["kms:CallerAccount","kms:ScheduleKeyDeletionPendingWindowInDays","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to schedule deletion of an AWS KMS key","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"Sign":{"conditionKeys":["kms:CallerAccount","kms:MessageType","kms:RequestAlias","kms:SigningAlgorithm","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to produce a digital signature for a message","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"SynchronizeMultiRegionKey":{"conditionKeys":[],"resources":[{"name":"key"}],"description":"Controls access to internal APIs that synchronize multi-Region keys","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}],"permissionOnly":true},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to create or update tags that are attached to an AWS KMS key","accessLevel":"Tagging","resourceTypes":[{"name":"key","required":true}]},"UntagResource":{"conditionKeys":["aws:TagKeys","kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to delete tags that are attached to an AWS KMS key","accessLevel":"Tagging","resourceTypes":[{"name":"key","required":true}]},"UpdateAlias":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"alias"},{"name":"key"}],"description":"Controls permission to associate an alias with a different AWS KMS key. An alias is an optional friendly name that you can associate with a KMS key","accessLevel":"Write","resourceTypes":[{"name":"alias","required":true},{"name":"key","required":true}]},"UpdateCustomKeyStore":{"conditionKeys":["kms:CallerAccount"],"resources":[],"description":"Controls permission to change the properties of a custom key store","accessLevel":"Write","resourceTypes":[],"dependentActions":["ec2:DescribeVpcEndpointServices"]},"UpdateKeyDescription":{"conditionKeys":["kms:CallerAccount","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to delete or change the description of an AWS KMS key","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"UpdatePrimaryRegion":{"conditionKeys":["kms:CallerAccount","kms:PrimaryRegion","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to update the primary Region of a multi-Region primary key","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"Verify":{"conditionKeys":["kms:CallerAccount","kms:MessageType","kms:RequestAlias","kms:SigningAlgorithm","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to use the specified AWS KMS key to verify digital signatures","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]},"VerifyMac":{"conditionKeys":["kms:CallerAccount","kms:MacAlgorithm","kms:RequestAlias","kms:ViaService"],"resources":[{"name":"key"}],"description":"Controls permission to use the AWS KMS key to verify message authentication codes","accessLevel":"Write","resourceTypes":[{"name":"key","required":true}]}},"resources":[{"name":"alias","arnFormats":["arn:${Partition}:kms:${Region}:${Account}:alias/${Alias}"],"conditionKeys":[]},{"name":"key","arnFormats":["arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","kms:KeyOrigin","kms:KeySpec","kms:KeyUsage","kms:MultiRegion","kms:MultiRegionKeyType","kms:ResourceAliases"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access to the specified AWS KMS operations based on both the key and value of the tag in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access to the specified AWS KMS operations based on tags assigned to the AWS KMS key"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access to the specified AWS KMS operations based on tag keys in the request"},"kms:BypassPolicyLockoutSafetyCheck":{"types":["Bool"],"description":"Filters access to the CreateKey and PutKeyPolicy operations based on the value of the BypassPolicyLockoutSafetyCheck parameter in the request"},"kms:CallerAccount":{"types":["String"],"description":"Filters access to specified AWS KMS operations based on the AWS account ID of the caller. You can use this condition key to allow or deny access to all IAM users and roles in an AWS account in a single policy statement"},"kms:CustomerMasterKeySpec":{"types":["String"],"description":"The kms:CustomerMasterKeySpec condition key is deprecated. Instead, use the kms:KeySpec condition key"},"kms:CustomerMasterKeyUsage":{"types":["String"],"description":"The kms:CustomerMasterKeyUsage condition key is deprecated. Instead, use the kms:KeyUsage condition key"},"kms:DataKeyPairSpec":{"types":["String"],"description":"Filters access to GenerateDataKeyPair and GenerateDataKeyPairWithoutPlaintext operations based on the value of the KeyPairSpec parameter in the request"},"kms:EncryptionAlgorithm":{"types":["String"],"description":"Filters access to encryption operations based on the value of the encryption algorithm in the request"},"kms:EncryptionContext:${EncryptionContextKey}":{"types":["String"],"description":"Filters access to a symmetric AWS KMS key based on the encryption context in a cryptographic operation. This condition evaluates the key and value in each key-value encryption context pair"},"kms:EncryptionContextKeys":{"types":["ArrayOfString"],"description":"Filters access to a symmetric AWS KMS key based on the encryption context in a cryptographic operation. This condition key evaluates only the key in each key-value encryption context pair"},"kms:ExpirationModel":{"types":["String"],"description":"Filters access to the ImportKeyMaterial operation based on the value of the ExpirationModel parameter in the request"},"kms:GrantConstraintType":{"types":["String"],"description":"Filters access to the CreateGrant operation based on the grant constraint in the request"},"kms:GrantIsForAWSResource":{"types":["Bool"],"description":"Filters access to the CreateGrant operation when the request comes from a specified AWS service"},"kms:GrantOperations":{"types":["ArrayOfString"],"description":"Filters access to the CreateGrant operation based on the operations in the grant"},"kms:GranteePrincipal":{"types":["String"],"description":"Filters access to the CreateGrant operation based on the grantee principal in the grant"},"kms:KeyAgreementAlgorithm":{"types":["String"],"description":"Filters access to the DeriveSharedSecret operation based on the value of the KeyAgreementAlgorithm parameter in the request"},"kms:KeyOrigin":{"types":["String"],"description":"Filters access to an API operation based on the Origin property of the AWS KMS key created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key"},"kms:KeySpec":{"types":["String"],"description":"Filters access to an API operation based on the KeySpec property of the AWS KMS key that is created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key resource"},"kms:KeyUsage":{"types":["String"],"description":"Filters access to an API operation based on the KeyUsage property of the AWS KMS key created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key resource"},"kms:MacAlgorithm":{"types":["String"],"description":"Filters access to the GenerateMac and VerifyMac operations based on the MacAlgorithm parameter in the request"},"kms:MessageType":{"types":["String"],"description":"Filters access to the Sign and Verify operations based on the value of the MessageType parameter in the request"},"kms:MultiRegion":{"types":["Bool"],"description":"Filters access to an API operation based on the MultiRegion property of the AWS KMS key created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key resource"},"kms:MultiRegionKeyType":{"types":["String"],"description":"Filters access to an API operation based on the MultiRegionKeyType property of the AWS KMS key created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key resource"},"kms:PrimaryRegion":{"types":["String"],"description":"Filters access to the UpdatePrimaryRegion operation based on the value of the PrimaryRegion parameter in the request"},"kms:ReEncryptOnSameKey":{"types":["Bool"],"description":"Filters access to the ReEncrypt operation when it uses the same AWS KMS key that was used for the Encrypt operation"},"kms:RecipientAttestation:ImageSha384":{"types":["String"],"description":"Filters access to the API operations based on the image hash in the attestation document in the request"},"kms:RecipientAttestation:NitroTPMPCR0":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 0 in the attestation document in the request. PCR0 is a contiguous measure of core system firmware executable code"},"kms:RecipientAttestation:NitroTPMPCR1":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 1 in the attestation document in the request. PCR1 is a contiguous measure of core system firmware data/host platform configuration, typically including serial and model numbers"},"kms:RecipientAttestation:NitroTPMPCR10":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 10 in the attestation document in the request. PCR10 is a contiguous measure of protection of the IMA measurement log"},"kms:RecipientAttestation:NitroTPMPCR11":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 11 in the attestation document in the request. PCR11 is a contiguous measure of all components of unified kernel images (UKIs)"},"kms:RecipientAttestation:NitroTPMPCR12":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 12 in the attestation document in the request. PCR12 is a contiguous measure of kernel command line, system credentials and system configuration images"},"kms:RecipientAttestation:NitroTPMPCR13":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 13 in the attestation document in the request. PCR13 is a contiguous measure of all system extension images for the initrd"},"kms:RecipientAttestation:NitroTPMPCR14":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 14 in the attestation document in the request. PCR14 is a contiguous measure of \"MOK\" certificates and hashes"},"kms:RecipientAttestation:NitroTPMPCR15":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 15 in the attestation document in the request. PCR15 is a contiguous measure of root file system volume encryption key"},"kms:RecipientAttestation:NitroTPMPCR16":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 16 in the attestation document in the request. PCR16 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:NitroTPMPCR17":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 17 in the attestation document in the request. PCR17 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:NitroTPMPCR18":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 18 in the attestation document in the request. PCR18 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:NitroTPMPCR19":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 19 in the attestation document in the request. PCR19 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:NitroTPMPCR2":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 2 in the attestation document in the request. PCR2 is a contiguous measure of extended or pluggable executable code, including option ROMs on pluggable hardware"},"kms:RecipientAttestation:NitroTPMPCR20":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 20 in the attestation document in the request. PCR20 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:NitroTPMPCR21":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 21 in the attestation document in the request. PCR21 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:NitroTPMPCR22":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 22 in the attestation document in the request. PCR22 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:NitroTPMPCR23":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 23 in the attestation document in the request. PCR23 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:NitroTPMPCR3":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 3 in the attestation document in the request. PCR3 is a contiguous measure of extended or pluggable firmware data, including information about pluggable hardware"},"kms:RecipientAttestation:NitroTPMPCR4":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 4 in the attestation document in the request. PCR4 is a contiguous measure of boot loader and additional drivers, including binaries and extensions loaded by the boot loader"},"kms:RecipientAttestation:NitroTPMPCR5":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 5 in the attestation document in the request. PCR5 is a contiguous measure of GPT/Partition table"},"kms:RecipientAttestation:NitroTPMPCR6":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 6 in the attestation document in the request. PCR6 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:NitroTPMPCR7":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 7 in the attestation document in the request. PCR7 is a contiguous measure of SecureBoot state"},"kms:RecipientAttestation:NitroTPMPCR8":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 8 in the attestation document in the request. PCR8 is a contiguous measure of commands and kernel command line"},"kms:RecipientAttestation:NitroTPMPCR9":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 9 in the attestation document in the request. PCR9 is a contiguous measure of all files read (including kernel image)"},"kms:RecipientAttestation:PCR0":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 0 in the attestation document in the request. PCR0 is a contiguous measure of the contents of the enclave image file, without the section data"},"kms:RecipientAttestation:PCR1":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 1 in the attestation document in the request. PCR1 is a contiguous measurement of the Linux kernel and bootstrap data"},"kms:RecipientAttestation:PCR10":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 10 in the attestation document in the request. PCR10 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR11":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 11 in the attestation document in the request. PCR11 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR12":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 12 in the attestation document in the request. PCR12 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR13":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 13 in the attestation document in the request. PCR13 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR14":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 14 in the attestation document in the request. PCR14 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR15":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 15 in the attestation document in the request. PCR15 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR16":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 16 in the attestation document in the request. PCR16 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR17":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 17 in the attestation document in the request. PCR17 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR18":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 18 in the attestation document in the request. PCR18 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR19":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 19 in the attestation document in the request. PCR19 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR2":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 2 in the attestation document in the request. PCR2 is a contiguous, in-order measurement of the user applications, without the boot ramfs"},"kms:RecipientAttestation:PCR20":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 20 in the attestation document in the request. PCR20 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR21":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 21 in the attestation document in the request. PCR21 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR22":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 22 in the attestation document in the request. PCR22 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR23":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 23 in the attestation document in the request. PCR23 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR24":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 24 in the attestation document in the request. PCR24 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR25":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 25 in the attestation document in the request. PCR25 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR26":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 26 in the attestation document in the request. PCR26 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR27":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 27 in the attestation document in the request. PCR27 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR28":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 28 in the attestation document in the request. PCR28 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR29":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 29 in the attestation document in the request. PCR29 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR3":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 3 in the attestation document in the request. PCR3 is a contiguous measurement of the IAM role assigned to the parent instance"},"kms:RecipientAttestation:PCR30":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 30 in the attestation document in the request. PCR30 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR31":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 31 in the attestation document in the request. PCR31 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR4":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 4 in the attestation document in the request. PCR4 is a contiguous measurement of the ID of the parent instance"},"kms:RecipientAttestation:PCR5":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 5 in the attestation document in the request. PCR5 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR6":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 6 in the attestation document in the request. PCR6 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR7":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 7 in the attestation document in the request. PCR7 is a custom PCR that can be defined by the user for specific use cases"},"kms:RecipientAttestation:PCR8":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 8 in the attestation document in the request. PCR8 is a measure of the signing certificate specified for the enclave image file"},"kms:RecipientAttestation:PCR9":{"types":["String"],"description":"Filters access by the platform configuration register (PCR) 9 in the attestation document in the request. PCR9 is a custom PCR that can be defined by the user for specific use cases"},"kms:ReplicaRegion":{"types":["String"],"description":"Filters access to the ReplicateKey operation based on the value of the ReplicaRegion parameter in the request"},"kms:RequestAlias":{"types":["String"],"description":"Filters access to cryptographic operations, DescribeKey, and GetPublicKey based on the alias in the request"},"kms:ResourceAliases":{"types":["ArrayOfString"],"description":"Filters access to specified AWS KMS operations based on aliases associated with the AWS KMS key"},"kms:RetiringPrincipal":{"types":["String"],"description":"Filters access to the CreateGrant operation based on the retiring principal in the grant"},"kms:RotationPeriodInDays":{"types":["Numeric"],"description":"Filters access to the EnableKeyRotation operation based on the value of the RotationPeriodInDays parameter in the request"},"kms:ScheduleKeyDeletionPendingWindowInDays":{"types":["Numeric"],"description":"Filters access to the ScheduleKeyDeletion operation based on the value of the PendingWindowInDays parameter in the request"},"kms:SigningAlgorithm":{"types":["String"],"description":"Filters access to the Sign and Verify operations based on the signing algorithm in the request"},"kms:ValidTo":{"types":["Date"],"description":"Filters access to the ImportKeyMaterial operation based on the value of the ValidTo parameter in the request. You can use this condition key to allow users to import key material only when it expires by the specified date"},"kms:ViaService":{"types":["String"],"description":"Filters access when a request made on the principal's behalf comes from a specified AWS service"},"kms:WrappingAlgorithm":{"types":["String"],"description":"Filters access to the GetParametersForImport operation based on the value of the WrappingAlgorithm parameter in the request"},"kms:WrappingKeySpec":{"types":["String"],"description":"Filters access to the GetParametersForImport operation based on the value of the WrappingKeySpec parameter in the request"}}}

package/src/data/servicereference/services/lakeformation.json

@@ -0,0 +1 @@
+{"name":"lakeformation","actions":{"AddLFTagsToResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to attach Lake Formation tags to catalog resources","accessLevel":"Tagging","resourceTypes":[]},"BatchGrantPermissions":{"conditionKeys":[],"resources":[],"description":"Grants permission to data lake permissions to one or more principals in a batch","accessLevel":"Permissions management","resourceTypes":[]},"BatchRevokePermissions":{"conditionKeys":[],"resources":[],"description":"Grants permission to revoke data lake permissions from one or more principals in a batch","accessLevel":"Permissions management","resourceTypes":[]},"CancelTransaction":{"conditionKeys":[],"resources":[],"description":"Grants permission to cancel the given transaction","accessLevel":"Write","resourceTypes":[]},"CommitTransaction":{"conditionKeys":[],"resources":[],"description":"Grants permission to commit the given transaction","accessLevel":"Write","resourceTypes":[]},"CreateDataCellsFilter":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a Lake Formation data cell filter","accessLevel":"Write","resourceTypes":[]},"CreateLFTag":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a Lake Formation tag","accessLevel":"Write","resourceTypes":[]},"CreateLFTagExpression":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a Lake Formation tag expression","accessLevel":"Write","resourceTypes":[]},"CreateLakeFormationIdentityCenterConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to create an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources","accessLevel":"Write","resourceTypes":[]},"CreateLakeFormationOptIn":{"conditionKeys":[],"resources":[],"description":"Grants permission to enforce Lake Formation permissions for the given databases, tables, and principals","accessLevel":"Write","resourceTypes":[]},"DeleteDataCellsFilter":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a Lake Formation data cell filter","accessLevel":"Write","resourceTypes":[]},"DeleteLFTag":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a Lake Formation tag","accessLevel":"Write","resourceTypes":[]},"DeleteLFTagExpression":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a Lake Formation expression","accessLevel":"Write","resourceTypes":[]},"DeleteLakeFormationIdentityCenterConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete an IAM Identity Center connection with Lake Formation","accessLevel":"Write","resourceTypes":[]},"DeleteLakeFormationOptIn":{"conditionKeys":[],"resources":[],"description":"Grants permission to remove the Lake Formation permissions enforcement of the given databases, tables, and principals","accessLevel":"Write","resourceTypes":[]},"DeleteObjectsOnCancel":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete the specified objects if the transaction is canceled","accessLevel":"Write","resourceTypes":[]},"DeregisterResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to deregister a registered location","accessLevel":"Write","resourceTypes":[]},"DescribeLakeFormationIdentityCenterConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe the IAM Identity Center connection with Lake Formation","accessLevel":"Read","resourceTypes":[]},"DescribeResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a registered location","accessLevel":"Read","resourceTypes":[]},"DescribeTransaction":{"conditionKeys":[],"resources":[],"description":"Grants permission to get status of the given transaction","accessLevel":"Read","resourceTypes":[]},"ExtendTransaction":{"conditionKeys":[],"resources":[],"description":"Grants permission to extend the timeout of the given transaction","accessLevel":"Write","resourceTypes":[]},"GetDataAccess":{"conditionKeys":["lakeformation:EnabledOnlyForMetaDataAccess"],"resources":[],"description":"Grants permission to virtual data lake access","accessLevel":"Write","resourceTypes":[]},"GetDataCellsFilter":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a Lake Formation data cell filter","accessLevel":"Read","resourceTypes":[]},"GetDataLakePrincipal":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the identity of the invoking principal","accessLevel":"Read","resourceTypes":[]},"GetDataLakeSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve data lake settings such as the list of data lake administrators and database and table default permissions","accessLevel":"Read","resourceTypes":[]},"GetEffectivePermissionsForPath":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve permissions attached to resources in the given path","accessLevel":"Read","resourceTypes":[]},"GetLFTag":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a Lake Formation tag","accessLevel":"Read","resourceTypes":[]},"GetLFTagExpression":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a Lake Formation tag expression","accessLevel":"Read","resourceTypes":[]},"GetQueryState":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the state of the given query","accessLevel":"Read","resourceTypes":[],"dependentActions":["lakeformation:StartQueryPlanning"]},"GetQueryStatistics":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the statistics for the given query","accessLevel":"Read","resourceTypes":[],"dependentActions":["lakeformation:StartQueryPlanning"]},"GetResourceLFTags":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve lakeformation tags on a catalog resource","accessLevel":"Read","resourceTypes":[]},"GetTableObjects":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve objects from a table","accessLevel":"Read","resourceTypes":[]},"GetTemporaryGluePartitionCredentials":{"conditionKeys":[],"resources":[],"description":"Grants permission to get temporary credentials to access Glue partition data through Lake Formation","accessLevel":"Read","resourceTypes":[]},"GetTemporaryGlueTableCredentials":{"conditionKeys":[],"resources":[],"description":"Grants permission to get temporary credentials to access Glue table data through Lake Formation","accessLevel":"Read","resourceTypes":[]},"GetWorkUnitResults":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the results for the given work units","accessLevel":"Read","resourceTypes":[],"dependentActions":["lakeformation:GetWorkUnits","lakeformation:StartQueryPlanning"]},"GetWorkUnits":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the work units for the given query","accessLevel":"Read","resourceTypes":[],"dependentActions":["lakeformation:StartQueryPlanning"]},"GrantPermissions":{"conditionKeys":[],"resources":[],"description":"Grants permission to data lake permissions to a principal","accessLevel":"Permissions management","resourceTypes":[]},"ListDataCellsFilter":{"conditionKeys":[],"resources":[],"description":"Grants permission to list cell filters","accessLevel":"List","resourceTypes":[]},"ListLFTagExpressions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list Lake Foramtion tag expressions","accessLevel":"Read","resourceTypes":[]},"ListLFTags":{"conditionKeys":[],"resources":[],"description":"Grants permission to list Lake Formation tags","accessLevel":"Read","resourceTypes":[]},"ListLakeFormationOptIns":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions","accessLevel":"List","resourceTypes":[]},"ListPermissions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list permissions filtered by principal or resource","accessLevel":"List","resourceTypes":[]},"ListResources":{"conditionKeys":[],"resources":[],"description":"Grants permission to List registered locations","accessLevel":"List","resourceTypes":[]},"ListTableStorageOptimizers":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all the storage optimizers for the Governed table","accessLevel":"List","resourceTypes":[]},"ListTransactions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all transactions in the system","accessLevel":"List","resourceTypes":[]},"PutDataLakeSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to overwrite data lake settings such as the list of data lake administrators and database and table default permissions","accessLevel":"Permissions management","resourceTypes":[]},"RegisterResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to register a new location to be managed by Lake Formation","accessLevel":"Write","resourceTypes":[]},"RegisterResourceWithPrivilegedAccess":{"conditionKeys":[],"resources":[],"description":"Grants permission to register a new location to be managed by Lake Formation, with privileged access","accessLevel":"Write","resourceTypes":[]},"RemoveLFTagsFromResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to remove lakeformation tags from catalog resources","accessLevel":"Tagging","resourceTypes":[]},"RevokePermissions":{"conditionKeys":[],"resources":[],"description":"Grants permission to revoke data lake permissions from a principal","accessLevel":"Permissions management","resourceTypes":[]},"SearchDatabasesByLFTags":{"conditionKeys":[],"resources":[],"description":"Grants permission to list catalog databases with Lake Formation tags","accessLevel":"Read","resourceTypes":[]},"SearchTablesByLFTags":{"conditionKeys":[],"resources":[],"description":"Grants permission to list catalog tables with Lake Formation tags","accessLevel":"Read","resourceTypes":[]},"StartQueryPlanning":{"conditionKeys":[],"resources":[],"description":"Grants permission to initiate the planning of the given query","accessLevel":"Write","resourceTypes":[]},"StartTransaction":{"conditionKeys":[],"resources":[],"description":"Grants permission to start a new transaction","accessLevel":"Write","resourceTypes":[]},"UpdateDataCellsFilter":{"conditionKeys":[],"resources":[],"description":"Grants permission to update a Lake Formation data cell filter","accessLevel":"Write","resourceTypes":[]},"UpdateLFTag":{"conditionKeys":[],"resources":[],"description":"Grants permission to update a Lake Formation tag","accessLevel":"Write","resourceTypes":[]},"UpdateLFTagExpression":{"conditionKeys":[],"resources":[],"description":"Grants permission to update a Lake Formation expression","accessLevel":"Write","resourceTypes":[]},"UpdateLakeFormationIdentityCenterConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the IAM Identity Center connection parameters","accessLevel":"Write","resourceTypes":[]},"UpdateResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to update a registered location","accessLevel":"Write","resourceTypes":[]},"UpdateTableObjects":{"conditionKeys":[],"resources":[],"description":"Grants permission to add or delete the specified objects to or from a table","accessLevel":"Write","resourceTypes":[]},"UpdateTableStorageOptimizer":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the configuration of the storage optimizer for the Governed table","accessLevel":"Write","resourceTypes":[]}},"resources":[],"conditionKeys":{"lakeformation:EnabledOnlyForMetaDataAccess":{"types":["Bool"],"description":"Filters access by the presence of the key configured for role's identity-based policy"}}}