aws-iam-ls 0.0.0

package/src/data/servicereference/services/rds.json

@@ -0,0 +1 @@
+{"name":"rds","actions":{"AddRoleToDBCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to associate an Identity and Access Management (IAM) role from an Aurora DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["iam:PassRole"]},"AddRoleToDBInstance":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to associate an AWS Identity and Access Management (IAM) role with a DB instance","accessLevel":"Write","resourceTypes":[{"name":"db","required":true}],"dependentActions":["iam:PassRole"]},"AddSourceIdentifierToSubscription":{"conditionKeys":[],"resources":[{"name":"es"}],"description":"Grants permission to add a source identifier to an existing RDS event notification subscription","accessLevel":"Write","resourceTypes":[{"name":"es","required":true}]},"AddTagsToResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:TagsFromRequest","rds:req-tag/${TagKey}"],"resources":[{"name":"auto-backup"},{"name":"cev"},{"name":"cluster"},{"name":"cluster-auto-backup"},{"name":"cluster-endpoint"},{"name":"cluster-pg"},{"name":"cluster-snapshot"},{"name":"db"},{"name":"deployment"},{"name":"es"},{"name":"global-cluster"},{"name":"integration"},{"name":"og"},{"name":"pg"},{"name":"proxy"},{"name":"proxy-endpoint"},{"name":"ri"},{"name":"secgrp"},{"name":"shardgrp"},{"name":"snapshot"},{"name":"snapshot-tenant-database"},{"name":"subgrp"},{"name":"target-group"},{"name":"tenant-database"}],"description":"Grants permission to add metadata tags to an Amazon RDS resource","accessLevel":"Tagging","resourceTypes":[{"name":"auto-backup","required":false},{"name":"cev","required":false},{"name":"cluster","required":false},{"name":"cluster-auto-backup","required":false},{"name":"cluster-endpoint","required":false},{"name":"cluster-pg","required":false},{"name":"cluster-snapshot","required":false},{"name":"db","required":false},{"name":"deployment","required":false},{"name":"es","required":false},{"name":"global-cluster","required":false},{"name":"integration","required":false},{"name":"og","required":false},{"name":"pg","required":false},{"name":"proxy","required":false},{"name":"proxy-endpoint","required":false},{"name":"ri","required":false},{"name":"secgrp","required":false},{"name":"shardgrp","required":false},{"name":"snapshot","required":false},{"name":"snapshot-tenant-database","required":false},{"name":"subgrp","required":false},{"name":"target-group","required":false},{"name":"tenant-database","required":false}]},"ApplyPendingMaintenanceAction":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"db"}],"description":"Grants permission to apply a pending maintenance action to a resource","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":false},{"name":"db","required":false}]},"AuthorizeDBSecurityGroupIngress":{"conditionKeys":[],"resources":[{"name":"secgrp"}],"description":"Grants permission to enable ingress to a DBSecurityGroup using one of two forms of authorization","accessLevel":"Permissions management","resourceTypes":[{"name":"secgrp","required":true}]},"BacktrackDBCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to backtrack a DB cluster to a specific time, without creating a new DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"CancelExportTask":{"conditionKeys":[],"resources":[],"description":"Grants permission to cancel an export task in progress","accessLevel":"Write","resourceTypes":[]},"CopyCustomDBEngineVersion":{"conditionKeys":[],"resources":[{"name":"cev"}],"description":"Grants permission to copy a custom engine version","accessLevel":"Write","resourceTypes":[{"name":"cev","required":true}],"permissionOnly":true},"CopyDBClusterParameterGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster-pg"}],"description":"Grants permission to copy the specified DB cluster parameter group","accessLevel":"Write","resourceTypes":[{"name":"cluster-pg","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CopyDBClusterSnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster-snapshot"}],"description":"Grants permission to create a snapshot of a DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster-snapshot","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CopyDBParameterGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"pg"}],"description":"Grants permission to copy the specified DB parameter group","accessLevel":"Write","resourceTypes":[{"name":"pg","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CopyDBSnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:CopyOptionGroup","rds:req-tag/${TagKey}"],"resources":[{"name":"snapshot"}],"description":"Grants permission to copy the specified DB snapshot","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}],"dependentActions":["rds:AddTagsToResource","rds:CopyCustomDBEngineVersion"]},"CopyOptionGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"og"}],"description":"Grants permission to copy the specified option group","accessLevel":"Write","resourceTypes":[{"name":"og","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CreateBlueGreenDeployment":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","rds:DatabaseClass","rds:DatabaseEngine","rds:DatabaseName","rds:MultiAz","rds:Piops","rds:StorageEncrypted","rds:StorageSize","rds:Vpc","rds:cluster-pg-tag/${TagKey}","rds:cluster-tag/${TagKey}","rds:db-tag/${TagKey}","rds:pg-tag/${TagKey}","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"cluster-pg"},{"name":"db"},{"name":"deployment"},{"name":"pg"}],"description":"Grants permission to create a blue-green deployment for a given source cluster or instance","accessLevel":"Write","resourceTypes":[{"name":"deployment","required":true},{"name":"cluster","required":false},{"name":"cluster-pg","required":false},{"name":"db","required":false},{"name":"pg","required":false}],"dependentActions":["rds:AddTagsToResource","rds:CreateDBCluster","rds:CreateDBClusterEndpoint","rds:CreateDBInstance","rds:CreateDBInstanceReadReplica"]},"CreateCustomDBEngineVersion":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"cev"}],"description":"Grants permission to create a custom engine version","accessLevel":"Write","resourceTypes":[{"name":"cev","required":true}],"dependentActions":["iam:CreateServiceLinkedRole","mediaimport:CreateDatabaseBinarySnapshot","rds:AddTagsToResource"]},"CreateDBCluster":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:DatabaseClass","rds:DatabaseEngine","rds:DatabaseName","rds:ManageMasterUserPassword","rds:Piops","rds:StorageEncrypted","rds:StorageSize","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"cluster-pg"},{"name":"db"},{"name":"global-cluster"},{"name":"og"},{"name":"subgrp"}],"description":"Grants permission to create a new DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"cluster-pg","required":true},{"name":"og","required":true},{"name":"subgrp","required":true},{"name":"db","required":false},{"name":"global-cluster","required":false}],"dependentActions":["iam:PassRole","kms:CreateGrant","kms:Decrypt","kms:DescribeKey","kms:GenerateDataKey","rds:AddTagsToResource","rds:CreateDBInstance","secretsmanager:CreateSecret","secretsmanager:TagResource"]},"CreateDBClusterEndpoint":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:EndpointType","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"cluster-endpoint"}],"description":"Grants permission to create a new custom endpoint and associates it with an Amazon Aurora DB cluster or Amazon DocumentDB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"cluster-endpoint","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CreateDBClusterParameterGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster-pg"}],"description":"Grants permission to create a new DB cluster parameter group","accessLevel":"Write","resourceTypes":[{"name":"cluster-pg","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CreateDBClusterSnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"cluster-snapshot"}],"description":"Grants permission to create a snapshot of a DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"cluster-snapshot","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CreateDBInstance":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:BackupTarget","rds:ManageMasterUserPassword","rds:PubliclyAccessible","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"db"},{"name":"og"},{"name":"pg"},{"name":"secgrp"},{"name":"subgrp"}],"description":"Grants permission to create a new DB instance","accessLevel":"Write","resourceTypes":[{"name":"db","required":true},{"name":"cluster","required":false},{"name":"og","required":false},{"name":"pg","required":false},{"name":"secgrp","required":false},{"name":"subgrp","required":false}],"dependentActions":["iam:PassRole","kms:CreateGrant","kms:Decrypt","kms:DescribeKey","kms:GenerateDataKey","rds:AddTagsToResource","rds:CreateTenantDatabase","secretsmanager:CreateSecret","secretsmanager:TagResource"]},"CreateDBInstanceReadReplica":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:PubliclyAccessible","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"db"},{"name":"og"},{"name":"pg"},{"name":"subgrp"}],"description":"Grants permission to create a DB instance that acts as a Read Replica of a source DB instance","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"db","required":true},{"name":"og","required":true},{"name":"pg","required":true},{"name":"subgrp","required":true}],"dependentActions":["iam:PassRole","rds:AddTagsToResource"]},"CreateDBParameterGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"pg"}],"description":"Grants permission to create a new DB parameter group","accessLevel":"Write","resourceTypes":[{"name":"pg","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CreateDBProxy":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a database proxy","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:PassRole","rds:AddTagsToResource"]},"CreateDBProxyEndpoint":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"proxy"},{"name":"proxy-endpoint"}],"description":"Grants permission to create a database proxy endpoint","accessLevel":"Write","resourceTypes":[{"name":"proxy","required":true},{"name":"proxy-endpoint","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CreateDBSecurityGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"secgrp"}],"description":"Grants permission to create a new DB security group. DB security groups control access to a DB instance","accessLevel":"Write","resourceTypes":[{"name":"secgrp","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CreateDBShardGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:PubliclyAccessible","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"shardgrp"}],"description":"Grants permission to create a new Aurora Limitless Database DB shard group","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"shardgrp","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CreateDBSnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:BackupTarget","rds:req-tag/${TagKey}"],"resources":[{"name":"db"},{"name":"snapshot"}],"description":"Grants permission to create a DBSnapshot","accessLevel":"Write","resourceTypes":[{"name":"db","required":true},{"name":"snapshot","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CreateDBSubnetGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"subgrp"}],"description":"Grants permission to create a new DB subnet group","accessLevel":"Write","resourceTypes":[{"name":"subgrp","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CreateEventSubscription":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"es"}],"description":"Grants permission to create an RDS event notification subscription","accessLevel":"Write","resourceTypes":[{"name":"es","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CreateGlobalCluster":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"global-cluster"}],"description":"Grants permission to create an Aurora global database or DocumentDB global database spread across multiple regions","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"global-cluster","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CreateIntegration":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"integration"}],"description":"Grants permission to create an Aurora zero-ETL integration with Redshift","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"integration","required":true}],"dependentActions":["kms:CreateGrant","kms:DescribeKey","rds:AddTagsToResource"]},"CreateOptionGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"og"}],"description":"Grants permission to create a new option group","accessLevel":"Write","resourceTypes":[{"name":"og","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CreateTenantDatabase":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:ManageMasterUserPassword","rds:TenantDatabaseName","rds:req-tag/${TagKey}"],"resources":[{"name":"db"},{"name":"tenant-database"}],"description":"Grants permission to create a new tenant database","accessLevel":"Write","resourceTypes":[{"name":"db","required":true},{"name":"tenant-database","required":true}],"dependentActions":["rds:AddTagsToResource"]},"CrossRegionCommunication":{"conditionKeys":[],"resources":[],"description":"Grants permission to access a resource in the remote Region when executing cross-Region operations, such as cross-Region snapshot copy or cross-Region read replica creation","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"DeleteBlueGreenDeployment":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"deployment"}],"description":"Grants permission to delete blue green deployments","accessLevel":"Write","resourceTypes":[{"name":"deployment","required":true}],"dependentActions":["rds:DeleteDBCluster","rds:DeleteDBClusterEndpoint","rds:DeleteDBInstance","rds:PromoteReadReplica","rds:PromoteReadReplicaDBCluster"]},"DeleteCustomDBEngineVersion":{"conditionKeys":[],"resources":[{"name":"cev"}],"description":"Grants permission to delete an existing custom engine version","accessLevel":"Write","resourceTypes":[{"name":"cev","required":true}]},"DeleteDBCluster":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"cluster-snapshot"}],"description":"Grants permission to delete a previously provisioned DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"cluster-snapshot","required":true}],"dependentActions":["rds:AddTagsToResource","rds:CreateDBClusterSnapshot","rds:DeleteDBInstance"]},"DeleteDBClusterAutomatedBackup":{"conditionKeys":[],"resources":[{"name":"cluster-auto-backup"}],"description":"Grants permission to delete cluster automated backups based on the source cluster's DbClusterResourceId value or the restorable cluster's resource ID","accessLevel":"Write","resourceTypes":[{"name":"cluster-auto-backup","required":true}]},"DeleteDBClusterEndpoint":{"conditionKeys":[],"resources":[{"name":"cluster-endpoint"}],"description":"Grants permission to delete a custom endpoint and removes it from an Amazon Aurora DB cluster or Amazon DocumentDB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster-endpoint","required":true}]},"DeleteDBClusterParameterGroup":{"conditionKeys":[],"resources":[{"name":"cluster-pg"}],"description":"Grants permission to delete a specified DB cluster parameter group","accessLevel":"Write","resourceTypes":[{"name":"cluster-pg","required":true}]},"DeleteDBClusterSnapshot":{"conditionKeys":[],"resources":[{"name":"cluster-snapshot"}],"description":"Grants permission to delete a DB cluster snapshot","accessLevel":"Write","resourceTypes":[{"name":"cluster-snapshot","required":true}]},"DeleteDBInstance":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to delete a previously provisioned DB instance","accessLevel":"Write","resourceTypes":[{"name":"db","required":true}],"dependentActions":["rds:AddTagsToResource","rds:CreateDBSnapshot","rds:DeleteTenantDatabase"]},"DeleteDBInstanceAutomatedBackup":{"conditionKeys":[],"resources":[{"name":"auto-backup"}],"description":"Grants permission to delete automated backups based on the source instance's DbiResourceId value or the restorable instance's resource ID","accessLevel":"Write","resourceTypes":[{"name":"auto-backup","required":true}]},"DeleteDBParameterGroup":{"conditionKeys":[],"resources":[{"name":"pg"}],"description":"Grants permission to delete a specified DBParameterGroup","accessLevel":"Write","resourceTypes":[{"name":"pg","required":true}]},"DeleteDBProxy":{"conditionKeys":[],"resources":[{"name":"proxy"}],"description":"Grants permission to delete a database proxy","accessLevel":"Write","resourceTypes":[{"name":"proxy","required":true}]},"DeleteDBProxyEndpoint":{"conditionKeys":[],"resources":[{"name":"proxy-endpoint"}],"description":"Grants permission to delete a database proxy endpoint","accessLevel":"Write","resourceTypes":[{"name":"proxy-endpoint","required":true}]},"DeleteDBSecurityGroup":{"conditionKeys":[],"resources":[{"name":"secgrp"}],"description":"Grants permission to delete a DB security group","accessLevel":"Write","resourceTypes":[{"name":"secgrp","required":true}]},"DeleteDBShardGroup":{"conditionKeys":[],"resources":[{"name":"shardgrp"}],"description":"Grants permission to delete an Aurora Limitless Database DB shard group","accessLevel":"Write","resourceTypes":[{"name":"shardgrp","required":true}]},"DeleteDBSnapshot":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to delete a DBSnapshot","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}]},"DeleteDBSubnetGroup":{"conditionKeys":[],"resources":[{"name":"subgrp"}],"description":"Grants permission to delete a DB subnet group","accessLevel":"Write","resourceTypes":[{"name":"subgrp","required":true}]},"DeleteEventSubscription":{"conditionKeys":[],"resources":[{"name":"es"}],"description":"Grants permission to delete an RDS event notification subscription","accessLevel":"Write","resourceTypes":[{"name":"es","required":true}]},"DeleteGlobalCluster":{"conditionKeys":[],"resources":[{"name":"global-cluster"}],"description":"Grants permission to delete a global database cluster","accessLevel":"Write","resourceTypes":[{"name":"global-cluster","required":true}]},"DeleteIntegration":{"conditionKeys":[],"resources":[{"name":"integration"}],"description":"Grants permission to delete an Aurora zero-ETL integration with Redshift","accessLevel":"Write","resourceTypes":[{"name":"integration","required":true}]},"DeleteOptionGroup":{"conditionKeys":[],"resources":[{"name":"og"}],"description":"Grants permission to delete an existing option group","accessLevel":"Write","resourceTypes":[{"name":"og","required":true}]},"DeleteTenantDatabase":{"conditionKeys":[],"resources":[{"name":"db"},{"name":"tenant-database"}],"description":"Grants permission to delete a tenant database","accessLevel":"Write","resourceTypes":[{"name":"db","required":true},{"name":"tenant-database","required":true}],"dependentActions":["rds:AddTagsToResource","rds:CreateDBSnapshot"]},"DeregisterDBProxyTargets":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"db"},{"name":"proxy"},{"name":"target-group"}],"description":"Grants permission to remove targets from a database proxy target group","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"db","required":true},{"name":"proxy","required":true},{"name":"target-group","required":true}]},"DescribeAccountAttributes":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all of the attributes for a customer account","accessLevel":"List","resourceTypes":[]},"DescribeBlueGreenDeployments":{"conditionKeys":[],"resources":[{"name":"deployment"}],"description":"Grants permission to describe blue green deployments","accessLevel":"List","resourceTypes":[{"name":"deployment","required":false}]},"DescribeCertificates":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the set of CA certificates provided by Amazon RDS for this AWS account","accessLevel":"List","resourceTypes":[]},"DescribeDBClusterAutomatedBackups":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"cluster-auto-backup"}],"description":"Grants permission to return a list of cluster automated backups for both current and deleted clusters","accessLevel":"List","resourceTypes":[{"name":"cluster","required":false},{"name":"cluster-auto-backup","required":false}]},"DescribeDBClusterBacktracks":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to return information about backtracks for a DB cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true}]},"DescribeDBClusterEndpoints":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"cluster-endpoint"}],"description":"Grants permission to return information about endpoints for an Amazon Aurora DB cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":false},{"name":"cluster-endpoint","required":false}]},"DescribeDBClusterParameterGroups":{"conditionKeys":[],"resources":[{"name":"cluster-pg"}],"description":"Grants permission to return a list of DBClusterParameterGroup descriptions","accessLevel":"List","resourceTypes":[{"name":"cluster-pg","required":false}]},"DescribeDBClusterParameters":{"conditionKeys":[],"resources":[{"name":"cluster-pg"}],"description":"Grants permission to return the detailed parameter list for a particular DB cluster parameter group","accessLevel":"List","resourceTypes":[{"name":"cluster-pg","required":true}]},"DescribeDBClusterSnapshotAttributes":{"conditionKeys":[],"resources":[{"name":"cluster-snapshot"}],"description":"Grants permission to return a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot","accessLevel":"List","resourceTypes":[{"name":"cluster-snapshot","required":true}]},"DescribeDBClusterSnapshots":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"cluster-snapshot"}],"description":"Grants permission to return information about DB cluster snapshots","accessLevel":"List","resourceTypes":[{"name":"cluster","required":false},{"name":"cluster-snapshot","required":false}]},"DescribeDBClusters":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to return information about provisioned Aurora DB clusters or DocumentDB clusters","accessLevel":"List","resourceTypes":[{"name":"cluster","required":false}]},"DescribeDBEngineVersions":{"conditionKeys":[],"resources":[],"description":"Grants permission to return a list of the available DB engines","accessLevel":"List","resourceTypes":[]},"DescribeDBInstanceAutomatedBackups":{"conditionKeys":[],"resources":[{"name":"auto-backup"},{"name":"db"}],"description":"Grants permission to return a list of automated backups for both current and deleted instances","accessLevel":"List","resourceTypes":[{"name":"auto-backup","required":false},{"name":"db","required":false}]},"DescribeDBInstances":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to return information about provisioned RDS instances","accessLevel":"List","resourceTypes":[{"name":"db","required":false}]},"DescribeDBLogFiles":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to return a list of DB log files for the DB instance","accessLevel":"List","resourceTypes":[{"name":"db","required":true}]},"DescribeDBMajorEngineVersions":{"conditionKeys":[],"resources":[],"description":"Grants permission to return information specific for each DB major engine versions","accessLevel":"List","resourceTypes":[]},"DescribeDBParameterGroups":{"conditionKeys":[],"resources":[{"name":"pg"}],"description":"Grants permission to return a list of DBParameterGroup descriptions","accessLevel":"List","resourceTypes":[{"name":"pg","required":false}]},"DescribeDBParameters":{"conditionKeys":[],"resources":[{"name":"pg"}],"description":"Grants permission to return the detailed parameter list for a particular DB parameter group","accessLevel":"List","resourceTypes":[{"name":"pg","required":true}]},"DescribeDBProxies":{"conditionKeys":[],"resources":[{"name":"proxy"}],"description":"Grants permission to view proxies","accessLevel":"List","resourceTypes":[{"name":"proxy","required":false}]},"DescribeDBProxyEndpoints":{"conditionKeys":[],"resources":[{"name":"proxy"},{"name":"proxy-endpoint"}],"description":"Grants permission to view proxy endpoints","accessLevel":"List","resourceTypes":[{"name":"proxy","required":false},{"name":"proxy-endpoint","required":false}]},"DescribeDBProxyTargetGroups":{"conditionKeys":[],"resources":[{"name":"proxy"}],"description":"Grants permission to view database proxy target group details","accessLevel":"List","resourceTypes":[{"name":"proxy","required":true}]},"DescribeDBProxyTargets":{"conditionKeys":[],"resources":[{"name":"proxy"},{"name":"target-group"}],"description":"Grants permission to view database proxy target details","accessLevel":"List","resourceTypes":[{"name":"proxy","required":true},{"name":"target-group","required":true}]},"DescribeDBRecommendations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list recommendation details","accessLevel":"List","resourceTypes":[]},"DescribeDBSecurityGroups":{"conditionKeys":[],"resources":[{"name":"secgrp"}],"description":"Grants permission to return a list of DBSecurityGroup descriptions","accessLevel":"List","resourceTypes":[{"name":"secgrp","required":false}]},"DescribeDBShardGroups":{"conditionKeys":[],"resources":[{"name":"shardgrp"}],"description":"Grants permission to return information about all Aurora Limitless Database DB shard groups for this account. You can filter by shard group(s)","accessLevel":"List","resourceTypes":[{"name":"shardgrp","required":false}]},"DescribeDBSnapshotAttributes":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to return a list of DB snapshot attribute names and values for a manual DB snapshot","accessLevel":"List","resourceTypes":[{"name":"snapshot","required":true}]},"DescribeDBSnapshotTenantDatabases":{"conditionKeys":[],"resources":[{"name":"db"},{"name":"snapshot"},{"name":"snapshot-tenant-database"}],"description":"Grants permission to return information about tenant databases in DB snapshots. You can filter by Region or snapshot","accessLevel":"List","resourceTypes":[{"name":"db","required":false},{"name":"snapshot","required":false},{"name":"snapshot-tenant-database","required":false}]},"DescribeDBSnapshots":{"conditionKeys":[],"resources":[{"name":"db"},{"name":"snapshot"}],"description":"Grants permission to return information about DB snapshots","accessLevel":"List","resourceTypes":[{"name":"db","required":false},{"name":"snapshot","required":false}]},"DescribeDBSubnetGroups":{"conditionKeys":[],"resources":[{"name":"subgrp"}],"description":"Grants permission to return a list of DBSubnetGroup descriptions","accessLevel":"List","resourceTypes":[{"name":"subgrp","required":false}]},"DescribeEngineDefaultClusterParameters":{"conditionKeys":[],"resources":[],"description":"Grants permission to return the default engine and system parameter information for the cluster database engine","accessLevel":"List","resourceTypes":[]},"DescribeEngineDefaultParameters":{"conditionKeys":[],"resources":[],"description":"Grants permission to return the default engine and system parameter information for the specified database engine","accessLevel":"List","resourceTypes":[]},"DescribeEventCategories":{"conditionKeys":[],"resources":[],"description":"Grants permission to display a list of categories for all event source types, or, if specified, for a specified source type","accessLevel":"List","resourceTypes":[]},"DescribeEventSubscriptions":{"conditionKeys":[],"resources":[{"name":"es"}],"description":"Grants permission to list all the subscription descriptions for a customer account","accessLevel":"List","resourceTypes":[{"name":"es","required":false}]},"DescribeEvents":{"conditionKeys":[],"resources":[],"description":"Grants permission to return events related to DB instances, DB security groups, DB snapshots, and DB parameter groups for the past 14 days","accessLevel":"List","resourceTypes":[]},"DescribeExportTasks":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"cluster-snapshot"},{"name":"snapshot"}],"description":"Grants permission to return information about the export tasks","accessLevel":"List","resourceTypes":[{"name":"cluster","required":false},{"name":"cluster-snapshot","required":false},{"name":"snapshot","required":false}]},"DescribeGlobalClusters":{"conditionKeys":[],"resources":[{"name":"global-cluster"}],"description":"Grants permission to return information about Aurora global database clusters or DocumentDB global database clusters","accessLevel":"List","resourceTypes":[{"name":"global-cluster","required":false}]},"DescribeIntegrations":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"integration"}],"description":"Grants permission to describe an Aurora zero-ETL integration with Redshift","accessLevel":"List","resourceTypes":[{"name":"integration","required":false}]},"DescribeOptionGroupOptions":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe all available options","accessLevel":"List","resourceTypes":[]},"DescribeOptionGroups":{"conditionKeys":[],"resources":[{"name":"og"}],"description":"Grants permission to describe the available option groups","accessLevel":"List","resourceTypes":[{"name":"og","required":false}]},"DescribeOrderableDBInstanceOptions":{"conditionKeys":[],"resources":[],"description":"Grants permission to return a list of orderable DB instance options for the specified engine","accessLevel":"List","resourceTypes":[]},"DescribePendingMaintenanceActions":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"db"}],"description":"Grants permission to return a list of resources (for example, DB instances) that have at least one pending maintenance action","accessLevel":"List","resourceTypes":[{"name":"cluster","required":false},{"name":"db","required":false}]},"DescribeRecommendationGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to return information about recommendation groups","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"DescribeRecommendations":{"conditionKeys":[],"resources":[],"description":"Grants permission to return information about recommendations","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"DescribeReservedDBInstances":{"conditionKeys":[],"resources":[{"name":"ri"}],"description":"Grants permission to return information about reserved DB instances for this account, or about a specified reserved DB instance","accessLevel":"List","resourceTypes":[{"name":"ri","required":false}]},"DescribeReservedDBInstancesOfferings":{"conditionKeys":[],"resources":[],"description":"Grants permission to list available reserved DB instance offerings","accessLevel":"List","resourceTypes":[]},"DescribeSourceRegions":{"conditionKeys":[],"resources":[],"description":"Grants permission to return a list of the source AWS Regions where the current AWS Region can create a Read Replica or copy a DB snapshot from","accessLevel":"List","resourceTypes":[]},"DescribeTenantDatabases":{"conditionKeys":[],"resources":[{"name":"db"},{"name":"tenant-database"}],"description":"Grants permission to return information about provisioned tenant databases. You can filter by Region or snapshot","accessLevel":"List","resourceTypes":[{"name":"db","required":false},{"name":"tenant-database","required":false}]},"DescribeValidDBInstanceModifications":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to list available modifications you can make to your DB instance","accessLevel":"List","resourceTypes":[{"name":"db","required":true}]},"DisableHttpEndpoint":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to disable http endpoint for a DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"DownloadCompleteDBLogFile":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to download specified log file","accessLevel":"Read","resourceTypes":[{"name":"db","required":true}]},"DownloadDBLogFilePortion":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to download all or a portion of the specified log file, up to 1 MB in size","accessLevel":"Read","resourceTypes":[{"name":"db","required":true}]},"EnableHttpEndpoint":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to enable http endpoint for a DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"FailoverDBCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to force a failover for a DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"FailoverGlobalCluster":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"global-cluster"}],"description":"Grants permission to failover a global cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"global-cluster","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"auto-backup"},{"name":"cev"},{"name":"cluster"},{"name":"cluster-auto-backup"},{"name":"cluster-endpoint"},{"name":"cluster-pg"},{"name":"cluster-snapshot"},{"name":"db"},{"name":"es"},{"name":"global-cluster"},{"name":"integration"},{"name":"og"},{"name":"pg"},{"name":"proxy"},{"name":"proxy-endpoint"},{"name":"ri"},{"name":"secgrp"},{"name":"shardgrp"},{"name":"snapshot"},{"name":"snapshot-tenant-database"},{"name":"subgrp"},{"name":"target-group"},{"name":"tenant-database"}],"description":"Grants permission to list all tags on an Amazon RDS resource","accessLevel":"Read","resourceTypes":[{"name":"auto-backup","required":false},{"name":"cev","required":false},{"name":"cluster","required":false},{"name":"cluster-auto-backup","required":false},{"name":"cluster-endpoint","required":false},{"name":"cluster-pg","required":false},{"name":"cluster-snapshot","required":false},{"name":"db","required":false},{"name":"es","required":false},{"name":"global-cluster","required":false},{"name":"integration","required":false},{"name":"og","required":false},{"name":"pg","required":false},{"name":"proxy","required":false},{"name":"proxy-endpoint","required":false},{"name":"ri","required":false},{"name":"secgrp","required":false},{"name":"shardgrp","required":false},{"name":"snapshot","required":false},{"name":"snapshot-tenant-database","required":false},{"name":"subgrp","required":false},{"name":"target-group","required":false},{"name":"tenant-database","required":false}]},"ModifyActivityStream":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to modify a database activity stream","accessLevel":"Write","resourceTypes":[{"name":"db","required":true}]},"ModifyCertificates":{"conditionKeys":[],"resources":[],"description":"Grants permission to modify the system-default Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate for Amazon RDS for new DB instances","accessLevel":"Write","resourceTypes":[]},"ModifyCurrentDBClusterCapacity":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to modify current cluster capacity for an Amazon Aurora Serverless DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"ModifyCustomDBEngineVersion":{"conditionKeys":[],"resources":[{"name":"cev"}],"description":"Grants permission to modify an existing custom engine version","accessLevel":"Write","resourceTypes":[{"name":"cev","required":true}]},"ModifyDBCluster":{"conditionKeys":["rds:DatabaseClass","rds:ManageMasterUserPassword","rds:Piops","rds:StorageSize"],"resources":[{"name":"cluster"},{"name":"cluster-pg"},{"name":"og"},{"name":"pg"}],"description":"Grants permission to modify a setting for an Amazon Aurora DB cluster or Amazon DocumentDB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"cluster-pg","required":false},{"name":"og","required":false},{"name":"pg","required":false}],"dependentActions":["iam:PassRole","kms:CreateGrant","kms:Decrypt","kms:DescribeKey","kms:GenerateDataKey","rds:ModifyDBInstance","secretsmanager:CreateSecret","secretsmanager:RotateSecret","secretsmanager:TagResource"]},"ModifyDBClusterEndpoint":{"conditionKeys":[],"resources":[{"name":"cluster-endpoint"}],"description":"Grants permission to modify the properties of an endpoint in an Amazon Aurora DB cluster or Amazon DocumentDB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster-endpoint","required":true}]},"ModifyDBClusterParameterGroup":{"conditionKeys":[],"resources":[{"name":"cluster-pg"}],"description":"Grants permission to modify the parameters of a DB cluster parameter group","accessLevel":"Write","resourceTypes":[{"name":"cluster-pg","required":true}]},"ModifyDBClusterSnapshotAttribute":{"conditionKeys":[],"resources":[{"name":"cluster-snapshot"}],"description":"Grants permission to add an attribute and values to, or removes an attribute and values from, a manual DB cluster snapshot","accessLevel":"Write","resourceTypes":[{"name":"cluster-snapshot","required":true}]},"ModifyDBInstance":{"conditionKeys":["rds:ManageMasterUserPassword"],"resources":[{"name":"db"},{"name":"og"},{"name":"pg"},{"name":"secgrp"},{"name":"subgrp"}],"description":"Grants permission to modify settings for a DB instance","accessLevel":"Write","resourceTypes":[{"name":"db","required":true},{"name":"og","required":false},{"name":"pg","required":false},{"name":"secgrp","required":false},{"name":"subgrp","required":false}],"dependentActions":["iam:PassRole","kms:CreateGrant","kms:Decrypt","kms:DescribeKey","kms:GenerateDataKey","rds:AddTagsToResource","rds:CreateTenantDatabase","secretsmanager:CreateSecret","secretsmanager:RotateSecret","secretsmanager:TagResource"]},"ModifyDBParameterGroup":{"conditionKeys":[],"resources":[{"name":"pg"}],"description":"Grants permission to modify the parameters of a DB parameter group","accessLevel":"Write","resourceTypes":[{"name":"pg","required":true}]},"ModifyDBProxy":{"conditionKeys":[],"resources":[{"name":"proxy"}],"description":"Grants permission to modify database proxy","accessLevel":"Write","resourceTypes":[{"name":"proxy","required":true}],"dependentActions":["iam:PassRole"]},"ModifyDBProxyEndpoint":{"conditionKeys":[],"resources":[{"name":"proxy-endpoint"}],"description":"Grants permission to modify database proxy endpoint","accessLevel":"Write","resourceTypes":[{"name":"proxy-endpoint","required":true}]},"ModifyDBProxyTargetGroup":{"conditionKeys":[],"resources":[{"name":"target-group"}],"description":"Grants permission to modify target group for a database proxy","accessLevel":"Write","resourceTypes":[{"name":"target-group","required":true}]},"ModifyDBRecommendation":{"conditionKeys":[],"resources":[],"description":"Grants permission to modify recommendation","accessLevel":"Write","resourceTypes":[]},"ModifyDBShardGroup":{"conditionKeys":[],"resources":[{"name":"shardgrp"}],"description":"Grants permission to modify properties of an Aurora Limitless Database DB shard group","accessLevel":"Write","resourceTypes":[{"name":"shardgrp","required":true}]},"ModifyDBSnapshot":{"conditionKeys":[],"resources":[{"name":"og"},{"name":"snapshot"}],"description":"Grants permission to update a manual DB snapshot, which can be encrypted or not encrypted, with a new engine version","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true},{"name":"og","required":false}]},"ModifyDBSnapshotAttribute":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to add an attribute and values to, or removes an attribute and values from, a manual DB snapshot","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}]},"ModifyDBSubnetGroup":{"conditionKeys":[],"resources":[{"name":"subgrp"}],"description":"Grants permission to modify an existing DB subnet group","accessLevel":"Write","resourceTypes":[{"name":"subgrp","required":true}]},"ModifyEventSubscription":{"conditionKeys":[],"resources":[{"name":"es"}],"description":"Grants permission to modify an existing RDS event notification subscription","accessLevel":"Write","resourceTypes":[{"name":"es","required":true}]},"ModifyGlobalCluster":{"conditionKeys":[],"resources":[{"name":"global-cluster"}],"description":"Grants permission to modify a setting for an Amazon Aurora global cluster or Amazon DocumentDB global cluster","accessLevel":"Write","resourceTypes":[{"name":"global-cluster","required":true}]},"ModifyIntegration":{"conditionKeys":[],"resources":[{"name":"integration"}],"description":"Grants permission to modify an Aurora zero-ETL integration with Redshift","accessLevel":"Write","resourceTypes":[{"name":"integration","required":true}]},"ModifyOptionGroup":{"conditionKeys":[],"resources":[{"name":"og"}],"description":"Grants permission to modify an existing option group","accessLevel":"Write","resourceTypes":[{"name":"og","required":true}],"dependentActions":["iam:PassRole"]},"ModifyRecommendation":{"conditionKeys":[],"resources":[],"description":"Grants permission to modify recommendation","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"ModifyTenantDatabase":{"conditionKeys":["rds:ManageMasterUserPassword","rds:TenantDatabaseName"],"resources":[{"name":"db"},{"name":"tenant-database"}],"description":"Grants permission to modify a tenant database","accessLevel":"Write","resourceTypes":[{"name":"db","required":true},{"name":"tenant-database","required":true}]},"PromoteReadReplica":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to promote a Read Replica DB instance to a standalone DB instance","accessLevel":"Write","resourceTypes":[{"name":"db","required":true}],"dependentActions":["rds:AddTagsToResource"]},"PromoteReadReplicaDBCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to promote a Read Replica DB cluster to a standalone DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"PurchaseReservedDBInstancesOffering":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"ri"}],"description":"Grants permission to purchase a reserved DB instance offering","accessLevel":"Write","resourceTypes":[{"name":"ri","required":true}],"dependentActions":["rds:AddTagsToResource"]},"RebootDBCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to reboot a previously provisioned DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["rds:RebootDBInstance"]},"RebootDBInstance":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to restart the database engine service","accessLevel":"Write","resourceTypes":[{"name":"db","required":true}]},"RebootDBShardGroup":{"conditionKeys":[],"resources":[{"name":"shardgrp"}],"description":"Grants permission to reboot an Aurora Limitless Database DB shard group","accessLevel":"Write","resourceTypes":[{"name":"shardgrp","required":true}]},"RegisterDBProxyTargets":{"conditionKeys":[],"resources":[{"name":"target-group"}],"description":"Grants permission to add targets to a database proxy target group","accessLevel":"Write","resourceTypes":[{"name":"target-group","required":true}]},"RemoveFromGlobalCluster":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"global-cluster"}],"description":"Grants permission to detach an Aurora secondary cluster from an Aurora global database cluster or DocumentDB global cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"global-cluster","required":true}]},"RemoveRoleFromDBCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to disassociate an AWS Identity and Access Management (IAM) role from an Amazon Aurora DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["iam:PassRole"]},"RemoveRoleFromDBInstance":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to disassociate an AWS Identity and Access Management (IAM) role from a DB instance","accessLevel":"Write","resourceTypes":[{"name":"db","required":true}],"dependentActions":["iam:PassRole"]},"RemoveSourceIdentifierFromSubscription":{"conditionKeys":[],"resources":[{"name":"es"}],"description":"Grants permission to remove a source identifier from an existing RDS event notification subscription","accessLevel":"Write","resourceTypes":[{"name":"es","required":true}]},"RemoveTagsFromResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"auto-backup"},{"name":"cev"},{"name":"cluster"},{"name":"cluster-auto-backup"},{"name":"cluster-endpoint"},{"name":"cluster-pg"},{"name":"cluster-snapshot"},{"name":"db"},{"name":"deployment"},{"name":"es"},{"name":"global-cluster"},{"name":"integration"},{"name":"og"},{"name":"pg"},{"name":"proxy"},{"name":"proxy-endpoint"},{"name":"ri"},{"name":"secgrp"},{"name":"shardgrp"},{"name":"snapshot"},{"name":"snapshot-tenant-database"},{"name":"subgrp"},{"name":"target-group"},{"name":"tenant-database"}],"description":"Grants permission to remove metadata tags from an Amazon RDS resource","accessLevel":"Tagging","resourceTypes":[{"name":"auto-backup","required":false},{"name":"cev","required":false},{"name":"cluster","required":false},{"name":"cluster-auto-backup","required":false},{"name":"cluster-endpoint","required":false},{"name":"cluster-pg","required":false},{"name":"cluster-snapshot","required":false},{"name":"db","required":false},{"name":"deployment","required":false},{"name":"es","required":false},{"name":"global-cluster","required":false},{"name":"integration","required":false},{"name":"og","required":false},{"name":"pg","required":false},{"name":"proxy","required":false},{"name":"proxy-endpoint","required":false},{"name":"ri","required":false},{"name":"secgrp","required":false},{"name":"shardgrp","required":false},{"name":"snapshot","required":false},{"name":"snapshot-tenant-database","required":false},{"name":"subgrp","required":false},{"name":"target-group","required":false},{"name":"tenant-database","required":false}]},"ResetDBClusterParameterGroup":{"conditionKeys":[],"resources":[{"name":"cluster-pg"}],"description":"Grants permission to modify the parameters of a DB cluster parameter group to the default value","accessLevel":"Write","resourceTypes":[{"name":"cluster-pg","required":true}]},"ResetDBParameterGroup":{"conditionKeys":[],"resources":[{"name":"pg"}],"description":"Grants permission to modify the parameters of a DB parameter group to the engine/system default value","accessLevel":"Write","resourceTypes":[{"name":"pg","required":true}]},"RestoreDBClusterFromS3":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:DatabaseEngine","rds:DatabaseName","rds:ManageMasterUserPassword","rds:StorageEncrypted","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"cluster-pg"},{"name":"og"},{"name":"subgrp"}],"description":"Grants permission to create an Amazon Aurora DB cluster from data stored in an Amazon S3 bucket","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"cluster-pg","required":true},{"name":"og","required":true},{"name":"subgrp","required":true}],"dependentActions":["iam:PassRole","kms:CreateGrant","kms:Decrypt","kms:DescribeKey","kms:GenerateDataKey","rds:AddTagsToResource","secretsmanager:CreateSecret","secretsmanager:TagResource"]},"RestoreDBClusterFromSnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:DatabaseClass","rds:Piops","rds:StorageSize","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"cluster-pg"},{"name":"cluster-snapshot"},{"name":"og"},{"name":"snapshot"},{"name":"subgrp"}],"description":"Grants permission to create a new DB cluster from a DB cluster snapshot","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"cluster-pg","required":true},{"name":"og","required":true},{"name":"subgrp","required":true},{"name":"cluster-snapshot","required":false},{"name":"snapshot","required":false}],"dependentActions":["iam:PassRole","rds:AddTagsToResource","rds:CreateDBInstance"]},"RestoreDBClusterToPointInTime":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:DatabaseClass","rds:Piops","rds:StorageSize","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster"},{"name":"cluster-auto-backup"},{"name":"cluster-pg"},{"name":"og"},{"name":"subgrp"}],"description":"Grants permission to restore a DB cluster to an arbitrary point in time","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"cluster-pg","required":true},{"name":"og","required":true},{"name":"subgrp","required":true},{"name":"cluster-auto-backup","required":false}],"dependentActions":["iam:PassRole","rds:AddTagsToResource","rds:CreateDBInstance"]},"RestoreDBInstanceFromDBSnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:BackupTarget","rds:ManageMasterUserPassword","rds:PubliclyAccessible","rds:req-tag/${TagKey}"],"resources":[{"name":"cluster-snapshot"},{"name":"db"},{"name":"og"},{"name":"pg"},{"name":"snapshot"},{"name":"subgrp"}],"description":"Grants permission to create a new DB instance from a DB snapshot","accessLevel":"Write","resourceTypes":[{"name":"db","required":true},{"name":"og","required":true},{"name":"pg","required":true},{"name":"subgrp","required":true},{"name":"cluster-snapshot","required":false},{"name":"snapshot","required":false}],"dependentActions":["iam:PassRole","rds:AddTagsToResource","rds:CreateTenantDatabase"]},"RestoreDBInstanceFromS3":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:ManageMasterUserPassword","rds:PubliclyAccessible","rds:req-tag/${TagKey}"],"resources":[{"name":"db"},{"name":"og"},{"name":"pg"},{"name":"secgrp"},{"name":"subgrp"}],"description":"Grants permission to create a new DB instance from an Amazon S3 bucket","accessLevel":"Write","resourceTypes":[{"name":"db","required":true},{"name":"og","required":true},{"name":"pg","required":true},{"name":"subgrp","required":true},{"name":"secgrp","required":false}],"dependentActions":["iam:PassRole","kms:CreateGrant","kms:Decrypt","kms:DescribeKey","kms:GenerateDataKey","rds:AddTagsToResource","secretsmanager:CreateSecret","secretsmanager:TagResource"]},"RestoreDBInstanceToPointInTime":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:BackupTarget","rds:ManageMasterUserPassword","rds:PubliclyAccessible","rds:req-tag/${TagKey}"],"resources":[{"name":"auto-backup"},{"name":"db"},{"name":"og"},{"name":"pg"},{"name":"subgrp"}],"description":"Grants permission to restore a DB instance to an arbitrary point in time","accessLevel":"Write","resourceTypes":[{"name":"db","required":true},{"name":"og","required":true},{"name":"pg","required":true},{"name":"subgrp","required":true},{"name":"auto-backup","required":false}],"dependentActions":["iam:PassRole","rds:AddTagsToResource","rds:CreateTenantDatabase"]},"RevokeDBSecurityGroupIngress":{"conditionKeys":[],"resources":[{"name":"secgrp"}],"description":"Grants permission to revoke ingress from a DBSecurityGroup for previously authorized IP ranges or EC2 or VPC Security Groups","accessLevel":"Write","resourceTypes":[{"name":"secgrp","required":true}]},"StartActivityStream":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"db"}],"description":"Grants permission to start Activity Stream","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":false},{"name":"db","required":false}]},"StartDBCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to start the DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"StartDBInstance":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to start the DB instance","accessLevel":"Write","resourceTypes":[{"name":"db","required":true}]},"StartDBInstanceAutomatedBackupsReplication":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","rds:req-tag/${TagKey}"],"resources":[{"name":"auto-backup"},{"name":"db"}],"description":"Grants permission to start replication of automated backups to a different AWS Region","accessLevel":"Write","resourceTypes":[{"name":"auto-backup","required":true},{"name":"db","required":true}],"dependentActions":["rds:AddTagsToResource"]},"StartExportTask":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"cluster-snapshot"},{"name":"snapshot"}],"description":"Grants permission to start a new Export task for a DB snapshot","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":false},{"name":"cluster-snapshot","required":false},{"name":"snapshot","required":false}],"dependentActions":["iam:PassRole"]},"StopActivityStream":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"db"}],"description":"Grants permission to stop Activity Stream","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":false},{"name":"db","required":false}]},"StopDBCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to stop the DB cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"StopDBInstance":{"conditionKeys":[],"resources":[{"name":"db"},{"name":"snapshot"}],"description":"Grants permission to stop the DB instance","accessLevel":"Write","resourceTypes":[{"name":"db","required":true},{"name":"snapshot","required":false}],"dependentActions":["rds:AddTagsToResource","rds:CreateDBSnapshot"]},"StopDBInstanceAutomatedBackupsReplication":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to stop automated backup replication for a DB instance","accessLevel":"Write","resourceTypes":[{"name":"db","required":true}]},"SwitchoverBlueGreenDeployment":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"deployment"}],"description":"Grants permission to switch a blue-green deployment from source instance or cluster to target","accessLevel":"Write","resourceTypes":[{"name":"deployment","required":true}],"dependentActions":["rds:ModifyDBCluster","rds:ModifyDBInstance","rds:PromoteReadReplica","rds:PromoteReadReplicaDBCluster"]},"SwitchoverGlobalCluster":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"global-cluster"}],"description":"Grants permission to switchover a global cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"global-cluster","required":true}]},"SwitchoverReadReplica":{"conditionKeys":[],"resources":[{"name":"db"}],"description":"Grants permission to switch over a read replica, making it the new primary database","accessLevel":"Write","resourceTypes":[{"name":"db","required":true}]}},"resources":[{"name":"auto-backup","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:auto-backup:${DbInstanceAutomatedBackupId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"cev","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:cev:${Engine}/${EngineVersion}/${CustomDbEngineVersionId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"cluster","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:cluster:${DbClusterInstanceName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rds:cluster-tag/${TagKey}"]},{"name":"cluster-auto-backup","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:cluster-auto-backup:${DbClusterAutomatedBackupId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"cluster-endpoint","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:cluster-endpoint:${DbClusterEndpoint}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"cluster-pg","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:cluster-pg:${ClusterParameterGroupName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rds:cluster-pg-tag/${TagKey}"]},{"name":"cluster-snapshot","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:cluster-snapshot:${ClusterSnapshotName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rds:cluster-snapshot-tag/${TagKey}"]},{"name":"db","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:db:${DbInstanceName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rds:DatabaseClass","rds:DatabaseEngine","rds:DatabaseName","rds:MultiAz","rds:Piops","rds:StorageEncrypted","rds:StorageSize","rds:Vpc","rds:db-tag/${TagKey}"]},{"name":"deployment","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:deployment:${BlueGreenDeploymentIdentifier}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"es","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:es:${SubscriptionName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rds:es-tag/${TagKey}"]},{"name":"global-cluster","arnFormats":["arn:${Partition}:rds::${Account}:global-cluster:${GlobalCluster}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"integration","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:integration:${IntegrationIdentifier}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"og","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:og:${OptionGroupName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rds:og-tag/${TagKey}"]},{"name":"pg","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:pg:${ParameterGroupName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rds:pg-tag/${TagKey}"]},{"name":"proxy","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:db-proxy:${DbProxyId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"proxy-endpoint","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:db-proxy-endpoint:${DbProxyEndpointId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"ri","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:ri:${ReservedDbInstanceName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rds:ri-tag/${TagKey}"]},{"name":"secgrp","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:secgrp:${SecurityGroupName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rds:secgrp-tag/${TagKey}"]},{"name":"shardgrp","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:shard-group:${DbShardGroupResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"snapshot","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:snapshot:${SnapshotName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rds:snapshot-tag/${TagKey}"]},{"name":"snapshot-tenant-database","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:snapshot-tenant-database:${SnapshotName}:${TenantResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"subgrp","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:subgrp:${SubnetGroupName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rds:subgrp-tag/${TagKey}"]},{"name":"target-group","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:target-group:${TargetGroupId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"tenant-database","arnFormats":["arn:${Partition}:rds:${Region}:${Account}:tenant-database:${TenantResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the set of tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the set of tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the set of tag keys in the request"},"rds:BackupTarget":{"types":["String"],"description":"Filters access by the type of backup target. One of: region, outposts"},"rds:CopyOptionGroup":{"types":["Bool"],"description":"Filters access by the value that specifies whether the CopyDBSnapshot action requires copying the DB option group"},"rds:DatabaseClass":{"types":["String"],"description":"Filters access by the type of DB instance class"},"rds:DatabaseEngine":{"types":["String"],"description":"Filters access by the database engine. For possible values refer to the engine parameter in CreateDBInstance API"},"rds:DatabaseName":{"types":["String"],"description":"Filters access by the user-defined name of the database on the DB instance"},"rds:EndpointType":{"types":["String"],"description":"Filters access by the type of the endpoint. One of: READER, WRITER, CUSTOM"},"rds:ManageMasterUserPassword":{"types":["Bool"],"description":"Filters access by the value that specifies whether RDS manages master user password in AWS Secrets Manager for the DB instance or cluster"},"rds:MultiAz":{"types":["Bool"],"description":"Filters access by the value that specifies whether the DB instance runs in multiple Availability Zones. To indicate that the DB instance is using Multi-AZ, specify true"},"rds:Piops":{"types":["Numeric"],"description":"Filters access by the value that contains the number of Provisioned IOPS (PIOPS) that the instance supports. To indicate a DB instance that does not have PIOPS enabled, specify 0"},"rds:PubliclyAccessible":{"types":["Bool"],"description":"Filters access by the value that specifies whether the DB Instance or DB ShardGroup is publicly accessible"},"rds:StorageEncrypted":{"types":["Bool"],"description":"Filters access by the value that specifies whether the DB instance storage should be encrypted. To enforce storage encryption, specify true"},"rds:StorageSize":{"types":["Numeric"],"description":"Filters access by the storage volume size (in GB)"},"rds:TagsFromRequest":{"types":["Bool"],"description":"Filters access for rds:AddTagsToResource based on whether tags are explicitly specified in the Tags or TagSpecification request parameters. Evaluates to true when tags are provided in these parameters. Evaluates as false when tags are implicitly inherited from source resources"},"rds:TenantDatabaseName":{"types":["String"],"description":"Filters access by the tenant database name in CreateTenantDatabase and by the new tenant database name in ModifyTenantDatabase"},"rds:Vpc":{"types":["Bool"],"description":"Filters access by the value that specifies whether the DB instance runs in an Amazon Virtual Private Cloud (Amazon VPC). To indicate that the DB instance runs in an Amazon VPC, specify true"},"rds:cluster-pg-tag/${TagKey}":{"types":["String"],"description":"Filters access by the tag attached to a DB cluster parameter group"},"rds:cluster-snapshot-tag/${TagKey}":{"types":["String"],"description":"Filters access by the tag attached to a DB cluster snapshot"},"rds:cluster-tag/${TagKey}":{"types":["String"],"description":"Filters access by the tag attached to a DB cluster"},"rds:db-tag/${TagKey}":{"types":["String"],"description":"Filters access by the tag attached to a DB instance"},"rds:es-tag/${TagKey}":{"types":["String"],"description":"Filters access by the tag attached to an event subscription"},"rds:og-tag/${TagKey}":{"types":["String"],"description":"Filters access by the tag attached to a DB option group"},"rds:pg-tag/${TagKey}":{"types":["String"],"description":"Filters access by the tag attached to a DB parameter group"},"rds:req-tag/${TagKey}":{"types":["String"],"description":"Filters access by the set of tag keys and values that can be used to tag a resource"},"rds:ri-tag/${TagKey}":{"types":["String"],"description":"Filters access by the tag attached to a reserved DB instance"},"rds:secgrp-tag/${TagKey}":{"types":["String"],"description":"Filters access by the tag attached to a DB security group"},"rds:snapshot-tag/${TagKey}":{"types":["String"],"description":"Filters access by the tag attached to a DB snapshot"},"rds:subgrp-tag/${TagKey}":{"types":["String"],"description":"Filters access by the tag attached to a DB subnet group"}}}

package/src/data/servicereference/services/redshift-data.json

@@ -0,0 +1 @@
+{"name":"redshift-data","actions":{"BatchExecuteStatement":{"conditionKeys":["redshift-data:glue-catalog-arn","redshift-data:session-owner-iam-userid"],"resources":[{"name":"cluster"},{"name":"workgroup"}],"description":"Grants permission to execute multiple queries under a single connection","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":false},{"name":"workgroup","required":false}]},"CancelStatement":{"conditionKeys":["redshift-data:statement-owner-iam-userid"],"resources":[],"description":"Grants permission to cancel a running query","accessLevel":"Write","resourceTypes":[]},"DescribeStatement":{"conditionKeys":["redshift-data:statement-owner-iam-userid"],"resources":[],"description":"Grants permission to retrieve detailed information about a statement execution","accessLevel":"Read","resourceTypes":[]},"DescribeTable":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"workgroup"}],"description":"Grants permission to retrieve metadata about a particular table","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true},{"name":"workgroup","required":true}]},"ExecuteStatement":{"conditionKeys":["redshift-data:glue-catalog-arn","redshift-data:session-owner-iam-userid"],"resources":[{"name":"cluster"},{"name":"workgroup"}],"description":"Grants permission to execute a query","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":false},{"name":"workgroup","required":false}]},"GetStagingBucketLocation":{"conditionKeys":[],"resources":[{"name":"managed-workgroup"}],"description":"Grants permission to get staging bucket location for a given managed workgroup","accessLevel":"Read","resourceTypes":[{"name":"managed-workgroup","required":true}]},"GetStatementResult":{"conditionKeys":["redshift-data:statement-owner-iam-userid"],"resources":[],"description":"Grants permission to fetch the result of a query","accessLevel":"Read","resourceTypes":[]},"ListDatabases":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"workgroup"}],"description":"Grants permission to list databases for a given cluster","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true},{"name":"workgroup","required":true}]},"ListSchemas":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"workgroup"}],"description":"Grants permission to list schemas for a given cluster","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true},{"name":"workgroup","required":true}]},"ListStatements":{"conditionKeys":["redshift-data:statement-owner-iam-userid"],"resources":[],"description":"Grants permission to list queries for a given principal","accessLevel":"List","resourceTypes":[]},"ListTables":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"workgroup"}],"description":"Grants permission to list tables for a given cluster","accessLevel":"List","resourceTypes":[{"name":"cluster","required":true},{"name":"workgroup","required":true}]}},"resources":[{"name":"cluster","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:cluster:${ClusterName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"managed-workgroup","arnFormats":["arn:${Partition}:redshift-serverless:${Region}:${Account}:managed-workgroup/${ManagedWorkgroupId}"],"conditionKeys":[]},{"name":"workgroup","arnFormats":["arn:${Partition}:redshift-serverless:${Region}:${Account}:workgroup/${WorkgroupId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tag-value associated with the resource"},"redshift-data:glue-catalog-arn":{"types":["ARN"],"description":"Filters access by glue catalog arn"},"redshift-data:session-owner-iam-userid":{"types":["String"],"description":"Filters access by session owner iam userid"},"redshift-data:statement-owner-iam-userid":{"types":["String"],"description":"Filters access by statement owner iam userid"}}}

package/src/data/servicereference/services/redshift-serverless.json

@@ -0,0 +1 @@
+{"name":"redshift-serverless","actions":{"ConvertRecoveryPointToSnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"recoveryPoint"},{"name":"snapshot"}],"description":"Grants permission to convert a recovery point to a snapshot","accessLevel":"Write","resourceTypes":[{"name":"recoveryPoint","required":true},{"name":"snapshot","required":true}]},"CreateCustomDomainAssociation":{"conditionKeys":[],"resources":[{"name":"workgroup"}],"description":"Grants permission to create a custom domain association in Amazon Redshift Serverless","accessLevel":"Write","resourceTypes":[{"name":"workgroup","required":true}],"dependentActions":["acm:DescribeCertificate"]},"CreateEndpointAccess":{"conditionKeys":[],"resources":[{"name":"endpointAccess"}],"description":"Grants permission to create an Amazon Redshift Serverless managed VPC endpoint","accessLevel":"Write","resourceTypes":[{"name":"endpointAccess","required":true}]},"CreateNamespace":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"namespace"}],"description":"Grants permission to create an Amazon Redshift Serverless namespace","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true}],"dependentActions":["kms:CreateGrant","kms:Decrypt","kms:DescribeKey","kms:GenerateDataKey","kms:RetireGrant","secretsmanager:CreateSecret","secretsmanager:DeleteSecret","secretsmanager:DescribeSecret","secretsmanager:GetRandomPassword","secretsmanager:RotateSecret","secretsmanager:TagResource","secretsmanager:UpdateSecret"]},"CreateReservation":{"conditionKeys":[],"resources":[],"description":"Grants permission to purchase a capacity reservation according to a specific reservation offering, for a specified number of RPUs","accessLevel":"Write","resourceTypes":[]},"CreateScheduledAction":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to create a scheduled action for a specified Amazon Redshift Serverless namespace","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true}]},"CreateSnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"namespace"},{"name":"snapshot"}],"description":"Grants permission to create a snapshot of all databases in a namespace","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true},{"name":"snapshot","required":true}]},"CreateSnapshotCopyConfiguration":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to create a snapshot copy configuration for a specified Amazon Redshift Serverless namespace","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true}]},"CreateUsageLimit":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a usage limit for a specified Amazon Redshift Serverless usage type","accessLevel":"Write","resourceTypes":[]},"CreateWorkgroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"workgroup"}],"description":"Grants permission to create a workgroup in Amazon Redshift Serverless","accessLevel":"Write","resourceTypes":[{"name":"workgroup","required":true}]},"DeleteCustomDomainAssociation":{"conditionKeys":[],"resources":[{"name":"workgroup"}],"description":"Grants permission to delete a custom domain association","accessLevel":"Write","resourceTypes":[{"name":"workgroup","required":true}]},"DeleteEndpointAccess":{"conditionKeys":[],"resources":[{"name":"endpointAccess"}],"description":"Grants permission to delete an Amazon Redshift Serverless managed VPC endpoint","accessLevel":"Write","resourceTypes":[{"name":"endpointAccess","required":true}]},"DeleteNamespace":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to delete a namespace from Amazon Redshift Serverless","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true}],"dependentActions":["kms:DescribeKey","kms:RetireGrant","secretsmanager:DeleteSecret","secretsmanager:DescribeSecret"]},"DeleteResourcePolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete the specified resource policy","accessLevel":"Write","resourceTypes":[]},"DeleteScheduledAction":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a scheduled action from Amazon Redshift Serverless","accessLevel":"Write","resourceTypes":[]},"DeleteSnapshot":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to delete a snapshot from Amazon Redshift Serverless","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}]},"DeleteSnapshotCopyConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a snapshot copy configuration for a Amazon Redshift Serverless namespace","accessLevel":"Write","resourceTypes":[]},"DeleteUsageLimit":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a usage limit from Amazon Redshift Serverless","accessLevel":"Write","resourceTypes":[]},"DeleteWorkgroup":{"conditionKeys":[],"resources":[{"name":"workgroup"}],"description":"Grants permission to delete a workgroup","accessLevel":"Write","resourceTypes":[{"name":"workgroup","required":true}]},"DescribeOneTimeCredit":{"conditionKeys":[],"resources":[],"description":"Grants permission to see on the Amazon Redshift Serverless console the remaining number of free trial credits and their expiration date","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetCredentials":{"conditionKeys":[],"resources":[{"name":"workgroup"}],"description":"Grants permission to get a database user name and temporary password with temporary authorization to log on to Amazon Redshift Serverless","accessLevel":"Write","resourceTypes":[{"name":"workgroup","required":true}]},"GetCustomDomainAssociation":{"conditionKeys":[],"resources":[{"name":"workgroup"}],"description":"Grants permission to get information about a specific custom domain association","accessLevel":"Read","resourceTypes":[{"name":"workgroup","required":true}]},"GetEndpointAccess":{"conditionKeys":[],"resources":[{"name":"endpointAccess"}],"description":"Grants permission to create an Amazon Redshift Serverless managed VPC endpoint","accessLevel":"Read","resourceTypes":[{"name":"endpointAccess","required":true}]},"GetIdentityCenterAuthToken":{"conditionKeys":[],"resources":[{"name":"workgroup"}],"description":"Grants permission to get an authorized token for Identity Center users to access Redshift Serverless workgroups","accessLevel":"Read","resourceTypes":[{"name":"workgroup","required":true}]},"GetManagedWorkgroup":{"conditionKeys":[],"resources":[{"name":"managed-workgroup"}],"description":"Grants permission to create a Amazon Redshift Managed Serverless workgroup with the specified configuration settings","accessLevel":"Read","resourceTypes":[{"name":"managed-workgroup","required":true}]},"GetNamespace":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to get information about a namespace in Amazon Redshift Serverless","accessLevel":"Read","resourceTypes":[{"name":"namespace","required":true}]},"GetRecoveryPoint":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to get information about a recovery point","accessLevel":"Read","resourceTypes":[{"name":"recoveryPoint","required":true}]},"GetReservation":{"conditionKeys":[],"resources":[],"description":"Grants permission to get a particular reservation object","accessLevel":"Read","resourceTypes":[]},"GetReservationOffering":{"conditionKeys":[],"resources":[],"description":"Grants permission to get a particular reservation offering","accessLevel":"Read","resourceTypes":[]},"GetResourcePolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to get a resource policy","accessLevel":"Read","resourceTypes":[]},"GetScheduledAction":{"conditionKeys":[],"resources":[],"description":"Grants permission to get information about a specific scheduled action","accessLevel":"Read","resourceTypes":[]},"GetSnapshot":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to get information about a specific snapshot","accessLevel":"Read","resourceTypes":[{"name":"snapshot","required":true}]},"GetTableRestoreStatus":{"conditionKeys":[],"resources":[],"description":"Grants permission to get table restore status about a specific snapshot","accessLevel":"Read","resourceTypes":[]},"GetTrack":{"conditionKeys":[],"resources":[],"description":"Grants permission to get information about a track in Amazon Redshift Serverless","accessLevel":"Read","resourceTypes":[]},"GetUsageLimit":{"conditionKeys":[],"resources":[],"description":"Grants permission to get information about a usage limit in Amazon Redshift Serverless","accessLevel":"Read","resourceTypes":[]},"GetWorkgroup":{"conditionKeys":[],"resources":[{"name":"workgroup"}],"description":"Grants permission to get information about a specific workgroup","accessLevel":"Read","resourceTypes":[{"name":"workgroup","required":true}]},"ListAutonomicsDenylist":{"conditionKeys":[],"resources":[{"name":"workgroup"}],"description":"Grants permission to list the resources that are denylisted from global autonomics decisions for a specified workgroup","accessLevel":"Read","resourceTypes":[{"name":"workgroup","required":true}],"permissionOnly":true},"ListCustomDomainAssociations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list custom domain associations in Amazon Redshift Serverless","accessLevel":"List","resourceTypes":[]},"ListEndpointAccess":{"conditionKeys":[],"resources":[{"name":"endpointAccess"}],"description":"Grants permission to list EndpointAccess objects and relevant information","accessLevel":"List","resourceTypes":[{"name":"endpointAccess","required":true}]},"ListManagedWorkgroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to list managed workgroups in Amazon Redshift Serverless","accessLevel":"List","resourceTypes":[]},"ListNamespaces":{"conditionKeys":[],"resources":[],"description":"Grants permission to list namespaces in Amazon Redshift Serverless","accessLevel":"List","resourceTypes":[]},"ListRecoveryPoints":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to list an array of recovery points","accessLevel":"List","resourceTypes":[{"name":"recoveryPoint","required":true}]},"ListReservationOfferings":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all available capacity reservation offerings","accessLevel":"List","resourceTypes":[]},"ListReservations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all reservations","accessLevel":"List","resourceTypes":[]},"ListScheduledActions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list scheduled actions","accessLevel":"List","resourceTypes":[]},"ListSnapshotCopyConfigurations":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to list SnapshotCopyConfiguration objects and relevant information","accessLevel":"List","resourceTypes":[{"name":"namespace","required":false}]},"ListSnapshots":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to list snapshots","accessLevel":"List","resourceTypes":[{"name":"snapshot","required":true}]},"ListTableRestoreStatus":{"conditionKeys":[],"resources":[],"description":"Grants permission to list table restore status","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"namespace"},{"name":"workgroup"}],"description":"Grants permission to list the tags assigned to a resource","accessLevel":"List","resourceTypes":[{"name":"namespace","required":false},{"name":"workgroup","required":false}]},"ListTracks":{"conditionKeys":[],"resources":[],"description":"Grants permission to list tracks available in Amazon Redshift Serverless","accessLevel":"List","resourceTypes":[]},"ListUsageLimits":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all usage limits within Amazon Redshift Serverless","accessLevel":"List","resourceTypes":[]},"ListWorkgroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to list workgroups in Amazon Redshift Serverless","accessLevel":"List","resourceTypes":[]},"PutResourcePolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to create or update a resource policy","accessLevel":"Write","resourceTypes":[]},"RestoreFromRecoveryPoint":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to restore the data from a recovery point","accessLevel":"Write","resourceTypes":[{"name":"recoveryPoint","required":true}]},"RestoreFromSnapshot":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to restore a namespace from a snapshot","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}],"dependentActions":["kms:CreateGrant","kms:Decrypt","kms:DescribeKey","kms:GenerateDataKey","kms:RetireGrant","secretsmanager:CreateSecret","secretsmanager:DeleteSecret","secretsmanager:DescribeSecret","secretsmanager:GetRandomPassword","secretsmanager:RotateSecret","secretsmanager:TagResource","secretsmanager:UpdateSecret"]},"RestoreTableFromRecoveryPoint":{"conditionKeys":[],"resources":[{"name":"namespace"},{"name":"recoveryPoint"}],"description":"Grants permission to restore a table from a recovery point","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true},{"name":"recoveryPoint","required":true}]},"RestoreTableFromSnapshot":{"conditionKeys":[],"resources":[{"name":"namespace"},{"name":"snapshot"}],"description":"Grants permission to restore a table from a snapshot","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true},{"name":"snapshot","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"namespace"},{"name":"recoveryPoint"},{"name":"snapshot"},{"name":"workgroup"}],"description":"Grants permission to assign one or more tags to a resource","accessLevel":"Tagging","resourceTypes":[{"name":"namespace","required":false},{"name":"recoveryPoint","required":false},{"name":"snapshot","required":false},{"name":"workgroup","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"namespace"},{"name":"recoveryPoint"},{"name":"snapshot"},{"name":"workgroup"}],"description":"Grants permission to remove a tag or set of tags from a resource","accessLevel":"Tagging","resourceTypes":[{"name":"namespace","required":false},{"name":"recoveryPoint","required":false},{"name":"snapshot","required":false},{"name":"workgroup","required":false}]},"UpdateAutonomicsDenylist":{"conditionKeys":[],"resources":[{"name":"workgroup"}],"description":"Grants permission to add or remove resources from the global autonomics denylist for a specified workgroup","accessLevel":"Write","resourceTypes":[{"name":"workgroup","required":true}],"permissionOnly":true},"UpdateCustomDomainAssociation":{"conditionKeys":[],"resources":[{"name":"workgroup"}],"description":"Grants permission to update a certificate associated with a custom domain","accessLevel":"Write","resourceTypes":[{"name":"workgroup","required":true}],"dependentActions":["acm:DescribeCertificate"]},"UpdateEndpointAccess":{"conditionKeys":[],"resources":[{"name":"endpointAccess"}],"description":"Grants permission to update an Amazon Redshift Serverless managed VPC endpoint","accessLevel":"Write","resourceTypes":[{"name":"endpointAccess","required":true}]},"UpdateNamespace":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to update a namespace with the specified configuration settings","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true}],"dependentActions":["kms:CreateGrant","kms:Decrypt","kms:DescribeKey","kms:GenerateDataKey","kms:RetireGrant","secretsmanager:CreateSecret","secretsmanager:DeleteSecret","secretsmanager:DescribeSecret","secretsmanager:GetRandomPassword","secretsmanager:RotateSecret","secretsmanager:TagResource","secretsmanager:UpdateSecret"]},"UpdateScheduledAction":{"conditionKeys":[],"resources":[],"description":"Grants permission to update a scheduled action","accessLevel":"Write","resourceTypes":[]},"UpdateSnapshot":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to update a snapshot","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}]},"UpdateSnapshotCopyConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to update a snapshot copy configuration for a Amazon Redshift Serverless namespace","accessLevel":"Write","resourceTypes":[]},"UpdateUsageLimit":{"conditionKeys":[],"resources":[],"description":"Grants permission to update a usage limit in Amazon Redshift Serverless","accessLevel":"Write","resourceTypes":[]},"UpdateWorkgroup":{"conditionKeys":[],"resources":[{"name":"workgroup"}],"description":"Grants permission to update an Amazon Redshift Serverless workgroup with the specified configuration settings","accessLevel":"Write","resourceTypes":[{"name":"workgroup","required":true}]}},"resources":[{"name":"endpointAccess","arnFormats":["arn:${Partition}:redshift-serverless:${Region}:${Account}:managedvpcendpoint/${EndpointAccessId}"],"conditionKeys":[]},{"name":"managed-workgroup","arnFormats":["arn:${Partition}:redshift-serverless:${Region}:${Account}:managed-workgroup/${ManagedWorkgroupName}"],"conditionKeys":[]},{"name":"namespace","arnFormats":["arn:${Partition}:redshift-serverless:${Region}:${Account}:namespace/${NamespaceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"recoveryPoint","arnFormats":["arn:${Partition}:redshift-serverless:${Region}:${Account}:recoverypoint/${RecoveryPointId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"snapshot","arnFormats":["arn:${Partition}:redshift-serverless:${Region}:${Account}:snapshot/${SnapshotId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"workgroup","arnFormats":["arn:${Partition}:redshift-serverless:${Region}:${Account}:workgroup/${WorkgroupId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"},"redshift-serverless:endpointAccessId":{"types":["String"],"description":"Filters access by the endpoint access identifier"},"redshift-serverless:managedWorkgroupName":{"types":["String"],"description":"Filters access by the managed workgroup identifier"},"redshift-serverless:namespaceId":{"types":["String"],"description":"Filters access by the namespace identifier"},"redshift-serverless:recoveryPointId":{"types":["String"],"description":"Filters access by the recovery point identifier"},"redshift-serverless:snapshotId":{"types":["String"],"description":"Filters access by the snapshot identifier"},"redshift-serverless:tableRestoreRequestId":{"types":["String"],"description":"Filters access by the table restore request identifier"},"redshift-serverless:workgroupId":{"types":["String"],"description":"Filters access by the workgroup identifier"}}}

package/src/data/servicereference/services/redshift.json

@@ -0,0 +1 @@
+{"name":"redshift","actions":{"AcceptReservedNodeExchange":{"conditionKeys":[],"resources":[],"description":"Grants permission to exchange a DC1 reserved node for a DC2 reserved node with no changes to the configuration","accessLevel":"Write","resourceTypes":[]},"AddPartner":{"conditionKeys":[],"resources":[],"description":"Grants permission to add a partner integration to a cluster","accessLevel":"Write","resourceTypes":[]},"AssociateDataShareConsumer":{"conditionKeys":["redshift:AllowWrites","redshift:ConsumerArn"],"resources":[{"name":"datashare"}],"description":"Grants permission to associate a consumer to a datashare","accessLevel":"Write","resourceTypes":[{"name":"datashare","required":true}]},"AuthorizeClusterSecurityGroupIngress":{"conditionKeys":[],"resources":[{"name":"securitygroup"},{"name":"securitygroupingress-ec2securitygroup"}],"description":"Grants permission to add an inbound (ingress) rule to an Amazon Redshift security group","accessLevel":"Write","resourceTypes":[{"name":"securitygroup","required":true},{"name":"securitygroupingress-ec2securitygroup","required":true}]},"AuthorizeDataShare":{"conditionKeys":["redshift:AllowWrites","redshift:ConsumerIdentifier"],"resources":[{"name":"datashare"}],"description":"Grants permission to authorize the specified datashare consumer to consume a datashare","accessLevel":"Permissions management","resourceTypes":[{"name":"datashare","required":true}]},"AuthorizeEndpointAccess":{"conditionKeys":[],"resources":[],"description":"Grants permission to authorize endpoint related activities for redshift-managed vpc endpoint","accessLevel":"Permissions management","resourceTypes":[]},"AuthorizeInboundIntegration":{"conditionKeys":[],"resources":[{"name":"integration"}],"description":"Grants permission to Amazon Redshift to continuously validate that the target data warehouse can receive data replicated from the source ARN","accessLevel":"Write","resourceTypes":[{"name":"integration","required":true}],"permissionOnly":true},"AuthorizeSnapshotAccess":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to the specified AWS account to restore a snapshot","accessLevel":"Permissions management","resourceTypes":[{"name":"snapshot","required":true}]},"BatchDeleteClusterSnapshots":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to delete snapshots in a batch of size upto 100","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}]},"BatchModifyClusterSnapshots":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to modify settings for a list of snapshots","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}]},"CancelQuery":{"conditionKeys":[],"resources":[],"description":"Grants permission to cancel a query through the Amazon Redshift console","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"CancelQuerySession":{"conditionKeys":[],"resources":[],"description":"Grants permission to see queries in the Amazon Redshift console","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"CancelResize":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to cancel a resize operation","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"CopyClusterSnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"snapshot"}],"description":"Grants permission to copy a cluster snapshot","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}]},"CreateAuthenticationProfile":{"conditionKeys":[],"resources":[],"description":"Grants permission to create an Amazon Redshift authentication profile","accessLevel":"Write","resourceTypes":[]},"CreateCluster":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"}],"description":"Grants permission to create a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["kms:CreateGrant","kms:Decrypt","kms:DescribeKey","kms:GenerateDataKey","kms:RetireGrant","secretsmanager:CreateSecret","secretsmanager:DeleteSecret","secretsmanager:DescribeSecret","secretsmanager:GetRandomPassword","secretsmanager:RotateSecret","secretsmanager:TagResource","secretsmanager:UpdateSecret"]},"CreateClusterParameterGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"parametergroup"}],"description":"Grants permission to create an Amazon Redshift parameter group","accessLevel":"Write","resourceTypes":[{"name":"parametergroup","required":true}]},"CreateClusterSecurityGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"securitygroup"}],"description":"Grants permission to create an Amazon Redshift security group","accessLevel":"Write","resourceTypes":[{"name":"securitygroup","required":true}]},"CreateClusterSnapshot":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"snapshot"}],"description":"Grants permission to create a manual snapshot of the specified cluster","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}]},"CreateClusterSubnetGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"subnetgroup"}],"description":"Grants permission to create an Amazon Redshift subnet group","accessLevel":"Write","resourceTypes":[{"name":"subnetgroup","required":true}]},"CreateClusterUser":{"conditionKeys":["redshift:DbUser"],"resources":[{"name":"dbuser"}],"description":"Grants permission to automatically create the specified Amazon Redshift user if it does not exist","accessLevel":"Permissions management","resourceTypes":[{"name":"dbuser","required":true}]},"CreateCustomDomainAssociation":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to create a custom domain name for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["acm:DescribeCertificate"]},"CreateEndpointAccess":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a redshift-managed vpc endpoint","accessLevel":"Write","resourceTypes":[]},"CreateEventSubscription":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"eventsubscription"}],"description":"Grants permission to create an Amazon Redshift event notification subscription","accessLevel":"Write","resourceTypes":[{"name":"eventsubscription","required":true}]},"CreateHsmClientCertificate":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"hsmclientcertificate"}],"description":"Grants permission to create an HSM client certificate that a cluster uses to connect to an HSM","accessLevel":"Write","resourceTypes":[{"name":"hsmclientcertificate","required":true}]},"CreateHsmConfiguration":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"hsmconfiguration"}],"description":"Grants permission to create an HSM configuration that contains information required by a cluster to store and use database encryption keys in a hardware security module (HSM)","accessLevel":"Write","resourceTypes":[{"name":"hsmconfiguration","required":true}]},"CreateInboundIntegration":{"conditionKeys":[],"resources":[],"description":"Grants permission to the source principal to create an inbound integration for data to be replicated from the source into the target data warehouse","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"CreateIntegration":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","redshift:IntegrationSourceArn","redshift:IntegrationTargetArn"],"resources":[{"name":"integration"}],"description":"Grants permission to create an Amazon Redshift zero-ETL integration","accessLevel":"Write","resourceTypes":[{"name":"integration","required":true}],"dependentActions":["kms:CreateGrant","kms:DescribeKey"]},"CreateQev2IdcApplication":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a qev2 idc application","accessLevel":"Write","resourceTypes":[],"dependentActions":["sso:CreateApplication","sso:PutApplicationAccessScope","sso:PutApplicationAuthenticationMethod","sso:PutApplicationGrant"],"permissionOnly":true},"CreateRedshiftIdcApplication":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a redshift idc application","accessLevel":"Write","resourceTypes":[],"dependentActions":["sso:CreateApplication","sso:PutApplicationAccessScope","sso:PutApplicationAuthenticationMethod","sso:PutApplicationGrant"]},"CreateSavedQuery":{"conditionKeys":[],"resources":[],"description":"Grants permission to create saved SQL queries through the Amazon Redshift console","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"CreateScheduledAction":{"conditionKeys":[],"resources":[],"description":"Grants permission to create an Amazon Redshift scheduled action","accessLevel":"Write","resourceTypes":[]},"CreateSnapshotCopyGrant":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"snapshotcopygrant"}],"description":"Grants permission to create a snapshot copy grant and encrypt copied snapshots in a destination AWS Region","accessLevel":"Permissions management","resourceTypes":[{"name":"snapshotcopygrant","required":true}]},"CreateSnapshotSchedule":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"snapshotschedule"}],"description":"Grants permission to create a snapshot schedule","accessLevel":"Write","resourceTypes":[{"name":"snapshotschedule","required":true}]},"CreateTags":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"cluster"},{"name":"eventsubscription"},{"name":"hsmclientcertificate"},{"name":"hsmconfiguration"},{"name":"integration"},{"name":"parametergroup"},{"name":"securitygroup"},{"name":"securitygroupingress-cidr"},{"name":"securitygroupingress-ec2securitygroup"},{"name":"snapshot"},{"name":"snapshotcopygrant"},{"name":"snapshotschedule"},{"name":"subnetgroup"},{"name":"usagelimit"}],"description":"Grants permission to add one or more tags to a specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"cluster","required":false},{"name":"eventsubscription","required":false},{"name":"hsmclientcertificate","required":false},{"name":"hsmconfiguration","required":false},{"name":"integration","required":false},{"name":"parametergroup","required":false},{"name":"securitygroup","required":false},{"name":"securitygroupingress-cidr","required":false},{"name":"securitygroupingress-ec2securitygroup","required":false},{"name":"snapshot","required":false},{"name":"snapshotcopygrant","required":false},{"name":"snapshotschedule","required":false},{"name":"subnetgroup","required":false},{"name":"usagelimit","required":false}]},"CreateUsageLimit":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"usagelimit"}],"description":"Grants permission to create a usage limit","accessLevel":"Write","resourceTypes":[{"name":"usagelimit","required":true}]},"DeauthorizeDataShare":{"conditionKeys":["redshift:ConsumerIdentifier"],"resources":[{"name":"datashare"}],"description":"Grants permission to remove permission from the specified datashare consumer to consume a datashare","accessLevel":"Permissions management","resourceTypes":[{"name":"datashare","required":true}]},"DeleteAuthenticationProfile":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete an Amazon Redshift authentication profile","accessLevel":"Write","resourceTypes":[]},"DeleteCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to delete a previously provisioned cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"DeleteClusterParameterGroup":{"conditionKeys":[],"resources":[{"name":"parametergroup"}],"description":"Grants permission to delete an Amazon Redshift parameter group","accessLevel":"Write","resourceTypes":[{"name":"parametergroup","required":true}]},"DeleteClusterSecurityGroup":{"conditionKeys":[],"resources":[{"name":"securitygroup"}],"description":"Grants permission to delete an Amazon Redshift security group","accessLevel":"Write","resourceTypes":[{"name":"securitygroup","required":true}]},"DeleteClusterSnapshot":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to delete a manual snapshot","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}]},"DeleteClusterSubnetGroup":{"conditionKeys":[],"resources":[{"name":"subnetgroup"}],"description":"Grants permission to delete a cluster subnet group","accessLevel":"Write","resourceTypes":[{"name":"subnetgroup","required":true}]},"DeleteCustomDomainAssociation":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to delete a custom domain name for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"DeleteEndpointAccess":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a redshift-managed vpc endpoint","accessLevel":"Write","resourceTypes":[]},"DeleteEventSubscription":{"conditionKeys":[],"resources":[{"name":"eventsubscription"}],"description":"Grants permission to delete an Amazon Redshift event notification subscription","accessLevel":"Write","resourceTypes":[{"name":"eventsubscription","required":true}]},"DeleteHsmClientCertificate":{"conditionKeys":[],"resources":[{"name":"hsmclientcertificate"}],"description":"Grants permission to delete an HSM client certificate","accessLevel":"Write","resourceTypes":[{"name":"hsmclientcertificate","required":true}]},"DeleteHsmConfiguration":{"conditionKeys":[],"resources":[{"name":"hsmconfiguration"}],"description":"Grants permission to delete an Amazon Redshift HSM configuration","accessLevel":"Write","resourceTypes":[{"name":"hsmconfiguration","required":true}]},"DeleteIntegration":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"integration"}],"description":"Grants permission to delete an Amazon Redshift zero-ETL integration","accessLevel":"Write","resourceTypes":[{"name":"integration","required":true}]},"DeletePartner":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a partner integration from a cluster","accessLevel":"Write","resourceTypes":[]},"DeleteQev2IdcApplication":{"conditionKeys":[],"resources":[{"name":"qev2idcapplication"}],"description":"Grants permission to delete a qev2 idc application","accessLevel":"Write","resourceTypes":[{"name":"qev2idcapplication","required":true}],"dependentActions":["sso:DeleteApplication"],"permissionOnly":true},"DeleteRedshiftIdcApplication":{"conditionKeys":[],"resources":[{"name":"redshiftidcapplication"}],"description":"Grants permission to delete a redshift idc application","accessLevel":"Write","resourceTypes":[{"name":"redshiftidcapplication","required":true}],"dependentActions":["sso:DeleteApplication"]},"DeleteResourcePolicy":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to delete the resource policy for a specified resource","accessLevel":"Permissions management","resourceTypes":[{"name":"namespace","required":true}]},"DeleteSavedQueries":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete saved SQL queries through the Amazon Redshift console","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"DeleteScheduledAction":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete an Amazon Redshift scheduled action","accessLevel":"Write","resourceTypes":[]},"DeleteSnapshotCopyGrant":{"conditionKeys":[],"resources":[{"name":"snapshotcopygrant"}],"description":"Grants permission to delete a snapshot copy grant","accessLevel":"Write","resourceTypes":[{"name":"snapshotcopygrant","required":true}]},"DeleteSnapshotSchedule":{"conditionKeys":[],"resources":[{"name":"snapshotschedule"}],"description":"Grants permission to delete a snapshot schedule","accessLevel":"Write","resourceTypes":[{"name":"snapshotschedule","required":true}]},"DeleteTags":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"cluster"},{"name":"eventsubscription"},{"name":"hsmclientcertificate"},{"name":"hsmconfiguration"},{"name":"integration"},{"name":"parametergroup"},{"name":"securitygroup"},{"name":"securitygroupingress-cidr"},{"name":"securitygroupingress-ec2securitygroup"},{"name":"snapshot"},{"name":"snapshotcopygrant"},{"name":"snapshotschedule"},{"name":"subnetgroup"},{"name":"usagelimit"}],"description":"Grants permission to delete a tag or tags from a resource","accessLevel":"Tagging","resourceTypes":[{"name":"cluster","required":false},{"name":"eventsubscription","required":false},{"name":"hsmclientcertificate","required":false},{"name":"hsmconfiguration","required":false},{"name":"integration","required":false},{"name":"parametergroup","required":false},{"name":"securitygroup","required":false},{"name":"securitygroupingress-cidr","required":false},{"name":"securitygroupingress-ec2securitygroup","required":false},{"name":"snapshot","required":false},{"name":"snapshotcopygrant","required":false},{"name":"snapshotschedule","required":false},{"name":"subnetgroup","required":false},{"name":"usagelimit","required":false}]},"DeleteUsageLimit":{"conditionKeys":[],"resources":[{"name":"usagelimit"}],"description":"Grants permission to delete a usage limit","accessLevel":"Write","resourceTypes":[{"name":"usagelimit","required":true}]},"DeregisterNamespace":{"conditionKeys":[],"resources":[],"description":"Grants permission to deregister the specified namespace from a consumer","accessLevel":"Write","resourceTypes":[]},"DescribeAccountAttributes":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe attributes attached to the specified AWS account","accessLevel":"Read","resourceTypes":[]},"DescribeAuthenticationProfiles":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe created Amazon Redshift authentication profiles","accessLevel":"Read","resourceTypes":[]},"DescribeAutonomicsDenylist":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to describe the list of resources that are denylisted from global autonomics decisions for a specified cluster","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}],"permissionOnly":true},"DescribeClusterDbRevisions":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe database revisions for a cluster","accessLevel":"List","resourceTypes":[]},"DescribeClusterParameterGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe Amazon Redshift parameter groups, including parameter groups you created and the default parameter group","accessLevel":"Read","resourceTypes":[]},"DescribeClusterParameters":{"conditionKeys":[],"resources":[{"name":"parametergroup"}],"description":"Grants permission to describe parameters contained within an Amazon Redshift parameter group","accessLevel":"Read","resourceTypes":[{"name":"parametergroup","required":true}]},"DescribeClusterSecurityGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe Amazon Redshift security groups","accessLevel":"Read","resourceTypes":[]},"DescribeClusterSnapshots":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe one or more snapshot objects, which contain metadata about your cluster snapshots","accessLevel":"Read","resourceTypes":[]},"DescribeClusterSubnetGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe one or more cluster subnet group objects, which contain metadata about your cluster subnet groups","accessLevel":"Read","resourceTypes":[]},"DescribeClusterTracks":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe available maintenance tracks","accessLevel":"List","resourceTypes":[]},"DescribeClusterVersions":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe available Amazon Redshift cluster versions","accessLevel":"Read","resourceTypes":[]},"DescribeClusters":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to describe properties of provisioned clusters","accessLevel":"List","resourceTypes":[{"name":"cluster","required":false}]},"DescribeCustomDomainAssociations":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe custom domain names for a cluster","accessLevel":"List","resourceTypes":[]},"DescribeDataShares":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe datashares created and consumed by your clusters","accessLevel":"Read","resourceTypes":[]},"DescribeDataSharesForConsumer":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe only datashares consumed by your clusters","accessLevel":"Read","resourceTypes":[]},"DescribeDataSharesForProducer":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe only datashares created by your clusters","accessLevel":"Read","resourceTypes":[]},"DescribeDefaultClusterParameters":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe parameter settings for a parameter group family","accessLevel":"Read","resourceTypes":[]},"DescribeEndpointAccess":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe redshift-managed vpc endpoints","accessLevel":"Read","resourceTypes":[]},"DescribeEndpointAuthorization":{"conditionKeys":[],"resources":[],"description":"Grants permission to authorize describe activity for redshift-managed vpc endpoint","accessLevel":"List","resourceTypes":[]},"DescribeEventCategories":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe event categories for all event source types, or for a specified source type","accessLevel":"Read","resourceTypes":[]},"DescribeEventSubscriptions":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe Amazon Redshift event notification subscriptions for the specified AWS account","accessLevel":"Read","resourceTypes":[]},"DescribeEvents":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe events related to clusters, security groups, snapshots, and parameter groups for the past 14 days","accessLevel":"List","resourceTypes":[]},"DescribeHsmClientCertificates":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe HSM client certificates","accessLevel":"Read","resourceTypes":[]},"DescribeHsmConfigurations":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe Amazon Redshift HSM configurations","accessLevel":"Read","resourceTypes":[]},"DescribeInboundIntegrations":{"conditionKeys":["redshift:InboundIntegrationArn"],"resources":[],"description":"Grants permission to list the inbound integrations","accessLevel":"List","resourceTypes":[]},"DescribeIntegrations":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"integration"}],"description":"Grants permission to describe an Amazon Redshift zero-ETL integration","accessLevel":"List","resourceTypes":[{"name":"integration","required":true}]},"DescribeLoggingStatus":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to describe whether information, such as queries and connection attempts, is being logged for a cluster","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}]},"DescribeNodeConfigurationOptions":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe properties of possible node configurations such as node type, number of nodes, and disk usage for the specified action type","accessLevel":"List","resourceTypes":[]},"DescribeOrderableClusterOptions":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe orderable cluster options","accessLevel":"Read","resourceTypes":[]},"DescribePartners":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about the partner integrations defined for a cluster","accessLevel":"Read","resourceTypes":[]},"DescribeQev2IdcApplications":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe qev2 idc applications","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"DescribeQuery":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a query through the Amazon Redshift console","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"DescribeRedshiftIdcApplications":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe redshift idc applications","accessLevel":"List","resourceTypes":[],"dependentActions":["sso:GetApplicationGrant","sso:ListApplicationAccessScopes"]},"DescribeReservedNodeExchangeStatus":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe exchange status details and associated metadata for a reserved-node exchange. Statuses include such values as in progress and requested","accessLevel":"Read","resourceTypes":[]},"DescribeReservedNodeOfferings":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe available reserved node offerings by Amazon Redshift","accessLevel":"Read","resourceTypes":[]},"DescribeReservedNodes":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe the reserved nodes","accessLevel":"Read","resourceTypes":[]},"DescribeResize":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to describe the last resize operation for a cluster","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}]},"DescribeSavedQueries":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe saved queries through the Amazon Redshift console","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"DescribeScheduledActions":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe created Amazon Redshift scheduled actions","accessLevel":"Read","resourceTypes":[]},"DescribeSnapshotCopyGrants":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe snapshot copy grants owned by the specified AWS account in the destination AWS Region","accessLevel":"Read","resourceTypes":[]},"DescribeSnapshotSchedules":{"conditionKeys":[],"resources":[{"name":"snapshotschedule"}],"description":"Grants permission to describe snapshot schedules","accessLevel":"Read","resourceTypes":[{"name":"snapshotschedule","required":true}]},"DescribeStorage":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe account level backups storage size and provisional storage","accessLevel":"Read","resourceTypes":[]},"DescribeTable":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a table through the Amazon Redshift console","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"DescribeTableRestoreStatus":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe status of one or more table restore requests made using the RestoreTableFromClusterSnapshot API action","accessLevel":"Read","resourceTypes":[]},"DescribeTags":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"eventsubscription"},{"name":"hsmclientcertificate"},{"name":"hsmconfiguration"},{"name":"integration"},{"name":"parametergroup"},{"name":"securitygroup"},{"name":"securitygroupingress-cidr"},{"name":"securitygroupingress-ec2securitygroup"},{"name":"snapshot"},{"name":"snapshotcopygrant"},{"name":"snapshotschedule"},{"name":"subnetgroup"},{"name":"usagelimit"}],"description":"Grants permission to describe tags","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":false},{"name":"eventsubscription","required":false},{"name":"hsmclientcertificate","required":false},{"name":"hsmconfiguration","required":false},{"name":"integration","required":false},{"name":"parametergroup","required":false},{"name":"securitygroup","required":false},{"name":"securitygroupingress-cidr","required":false},{"name":"securitygroupingress-ec2securitygroup","required":false},{"name":"snapshot","required":false},{"name":"snapshotcopygrant","required":false},{"name":"snapshotschedule","required":false},{"name":"subnetgroup","required":false},{"name":"usagelimit","required":false}]},"DescribeUsageLimits":{"conditionKeys":[],"resources":[{"name":"usagelimit"}],"description":"Grants permission to describe usage limits","accessLevel":"Read","resourceTypes":[{"name":"usagelimit","required":true}]},"DisableLogging":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to disable logging information, such as queries and connection attempts, for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"DisableSnapshotCopy":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to disable the automatic copy of snapshots for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"DisassociateDataShareConsumer":{"conditionKeys":["redshift:ConsumerArn"],"resources":[{"name":"datashare"}],"description":"Grants permission to disassociate a consumer from a datashare","accessLevel":"Write","resourceTypes":[{"name":"datashare","required":true}]},"EnableLogging":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to enable logging information, such as queries and connection attempts, for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"EnableSnapshotCopy":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to enable the automatic copy of snapshots for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"ExecuteQuery":{"conditionKeys":[],"resources":[],"description":"Grants permission to execute a query through the Amazon Redshift console","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"FailoverPrimaryCompute":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to failover the primary compute of an Multi-AZ cluster to another AZ","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"FetchResults":{"conditionKeys":[],"resources":[],"description":"Grants permission to fetch query results through the Amazon Redshift console","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetClusterCredentials":{"conditionKeys":["redshift:DbName","redshift:DbUser","redshift:DurationSeconds"],"resources":[{"name":"dbname"},{"name":"dbuser"}],"description":"Grants permission to get temporary credentials to access an Amazon Redshift database by the specified AWS account","accessLevel":"Write","resourceTypes":[{"name":"dbuser","required":true},{"name":"dbname","required":false}]},"GetClusterCredentialsWithIAM":{"conditionKeys":["redshift:DbName","redshift:DurationSeconds"],"resources":[{"name":"dbname"}],"description":"Grants permission to get enhanced temporary credentials to access an Amazon Redshift database by the specified AWS account","accessLevel":"Write","resourceTypes":[{"name":"dbname","required":false}]},"GetIdentityCenterAuthToken":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to get an authorized token for Identity Center users to access Redshift clusters","accessLevel":"Read","resourceTypes":[{"name":"cluster","required":true}]},"GetReservedNodeExchangeConfigurationOptions":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the configuration options for the reserved-node exchange","accessLevel":"Read","resourceTypes":[]},"GetReservedNodeExchangeOfferings":{"conditionKeys":[],"resources":[],"description":"Grants permission to get an array of DC2 ReservedNodeOfferings that matches the payment type, term, and usage price of the given DC1 reserved node","accessLevel":"Read","resourceTypes":[]},"GetResourcePolicy":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to get the resource policy for a specified resource","accessLevel":"Read","resourceTypes":[{"name":"namespace","required":true}]},"JoinGroup":{"conditionKeys":[],"resources":[{"name":"dbgroup"}],"description":"Grants permission to join the specified Amazon Redshift group","accessLevel":"Permissions management","resourceTypes":[{"name":"dbgroup","required":true}]},"ListDatabases":{"conditionKeys":[],"resources":[],"description":"Grants permission to list databases through the Amazon Redshift console","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListRecommendations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list Advisor recommendations","accessLevel":"List","resourceTypes":[]},"ListSavedQueries":{"conditionKeys":[],"resources":[],"description":"Grants permission to list saved queries through the Amazon Redshift console","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListSchemas":{"conditionKeys":[],"resources":[],"description":"Grants permission to list schemas through the Amazon Redshift console","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListTables":{"conditionKeys":[],"resources":[],"description":"Grants permission to list tables through the Amazon Redshift console","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ModifyAquaConfiguration":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to modify the AQUA configuration of a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"ModifyAuthenticationProfile":{"conditionKeys":[],"resources":[],"description":"Grants permission to modify an existing Amazon Redshift authentication profile","accessLevel":"Write","resourceTypes":[]},"ModifyAutonomicsDenylist":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to add or remove resources from the global autonomics denylist for a specified cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"permissionOnly":true},"ModifyCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to modify the settings of a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["acm:DescribeCertificate","kms:CreateGrant","kms:Decrypt","kms:DescribeKey","kms:GenerateDataKey","kms:RetireGrant","secretsmanager:CreateSecret","secretsmanager:DeleteSecret","secretsmanager:DescribeSecret","secretsmanager:GetRandomPassword","secretsmanager:RotateSecret","secretsmanager:TagResource","secretsmanager:UpdateSecret"]},"ModifyClusterDbRevision":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to modify the database revision of a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"ModifyClusterIamRoles":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to modify the list of AWS Identity and Access Management (IAM) roles that can be used by a cluster to access other AWS services","accessLevel":"Permissions management","resourceTypes":[{"name":"cluster","required":true}]},"ModifyClusterMaintenance":{"conditionKeys":[],"resources":[],"description":"Grants permission to modify the maintenance settings of a cluster","accessLevel":"Write","resourceTypes":[]},"ModifyClusterParameterGroup":{"conditionKeys":[],"resources":[{"name":"parametergroup"}],"description":"Grants permission to modify the parameters of a parameter group","accessLevel":"Write","resourceTypes":[{"name":"parametergroup","required":true}]},"ModifyClusterSnapshot":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to modify the settings of a snapshot","accessLevel":"Write","resourceTypes":[{"name":"snapshot","required":true}]},"ModifyClusterSnapshotSchedule":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to modify a snapshot schedule for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"ModifyClusterSubnetGroup":{"conditionKeys":[],"resources":[{"name":"subnetgroup"}],"description":"Grants permission to modify a cluster subnet group to include the specified list of VPC subnets","accessLevel":"Write","resourceTypes":[{"name":"subnetgroup","required":true}]},"ModifyCustomDomainAssociation":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to modify a custom domain name for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}],"dependentActions":["acm:DescribeCertificate"]},"ModifyEndpointAccess":{"conditionKeys":[],"resources":[],"description":"Grants permission to modify a redshift-managed vpc endpoint","accessLevel":"Write","resourceTypes":[]},"ModifyEventSubscription":{"conditionKeys":[],"resources":[{"name":"eventsubscription"}],"description":"Grants permission to modify an existing Amazon Redshift event notification subscription","accessLevel":"Write","resourceTypes":[{"name":"eventsubscription","required":true}]},"ModifyIntegration":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"integration"}],"description":"Grants permission to modify an Amazon Redshift zero-ETL integration","accessLevel":"Write","resourceTypes":[{"name":"integration","required":true}]},"ModifyQev2IdcApplication":{"conditionKeys":[],"resources":[{"name":"qev2idcapplication"}],"description":"Grants permission to modify a qev2 idc application","accessLevel":"Write","resourceTypes":[{"name":"qev2idcapplication","required":true}],"dependentActions":["sso:UpdateApplication"],"permissionOnly":true},"ModifyRedshiftIdcApplication":{"conditionKeys":[],"resources":[{"name":"redshiftidcapplication"}],"description":"Grants permission to modify a redshift idc application","accessLevel":"Write","resourceTypes":[{"name":"redshiftidcapplication","required":true}],"dependentActions":["sso:DeleteApplicationAccessScope","sso:DeleteApplicationGrant","sso:GetApplicationGrant","sso:ListApplicationAccessScopes","sso:PutApplicationAccessScope","sso:PutApplicationGrant","sso:UpdateApplication"]},"ModifySavedQuery":{"conditionKeys":[],"resources":[],"description":"Grants permission to modify an existing saved query through the Amazon Redshift console","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"ModifyScheduledAction":{"conditionKeys":[],"resources":[],"description":"Grants permission to modify an existing Amazon Redshift scheduled action","accessLevel":"Write","resourceTypes":[]},"ModifySnapshotCopyRetentionPeriod":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to modify the number of days to retain snapshots in the destination AWS Region after they are copied from the source AWS Region","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"ModifySnapshotSchedule":{"conditionKeys":[],"resources":[{"name":"snapshotschedule"}],"description":"Grants permission to modify a snapshot schedule","accessLevel":"Write","resourceTypes":[{"name":"snapshotschedule","required":true}]},"ModifyUsageLimit":{"conditionKeys":[],"resources":[{"name":"usagelimit"}],"description":"Grants permission to modify a usage limit","accessLevel":"Write","resourceTypes":[{"name":"usagelimit","required":true}]},"PauseCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to pause a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"PurchaseReservedNodeOffering":{"conditionKeys":[],"resources":[],"description":"Grants permission to purchase a reserved node","accessLevel":"Write","resourceTypes":[]},"PutResourcePolicy":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to update the resource policy for a specified resource","accessLevel":"Permissions management","resourceTypes":[{"name":"namespace","required":true}]},"RebootCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to reboot a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"RegisterNamespace":{"conditionKeys":[],"resources":[],"description":"Grants permission to register the specified namespace to a consumer","accessLevel":"Write","resourceTypes":[]},"RejectDataShare":{"conditionKeys":[],"resources":[{"name":"datashare"}],"description":"Grants permission to decline a datashare shared from another account","accessLevel":"Permissions management","resourceTypes":[{"name":"datashare","required":true}]},"ResetClusterParameterGroup":{"conditionKeys":[],"resources":[{"name":"parametergroup"}],"description":"Grants permission to set one or more parameters of a parameter group to their default values and set the source values of the parameters to \"engine-default\"","accessLevel":"Write","resourceTypes":[{"name":"parametergroup","required":true}]},"ResizeCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to change the size of a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"RestoreFromClusterSnapshot":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"cluster"},{"name":"snapshot"}],"description":"Grants permission to create a cluster from a snapshot","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"snapshot","required":true}],"dependentActions":["kms:CreateGrant","kms:Decrypt","kms:DescribeKey","kms:GenerateDataKey","kms:RetireGrant","secretsmanager:CreateSecret","secretsmanager:DeleteSecret","secretsmanager:DescribeSecret","secretsmanager:GetRandomPassword","secretsmanager:RotateSecret","secretsmanager:TagResource","secretsmanager:UpdateSecret"]},"RestoreTableFromClusterSnapshot":{"conditionKeys":[],"resources":[{"name":"cluster"},{"name":"snapshot"}],"description":"Grants permission to create a table from a table in an Amazon Redshift cluster snapshot","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true},{"name":"snapshot","required":true}]},"ResumeCluster":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to resume a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"RevokeClusterSecurityGroupIngress":{"conditionKeys":[],"resources":[{"name":"securitygroup"},{"name":"securitygroupingress-ec2securitygroup"}],"description":"Grants permission to revoke an ingress rule in an Amazon Redshift security group for a previously authorized IP range or Amazon EC2 security group","accessLevel":"Write","resourceTypes":[{"name":"securitygroup","required":true},{"name":"securitygroupingress-ec2securitygroup","required":true}]},"RevokeEndpointAccess":{"conditionKeys":[],"resources":[],"description":"Grants permission to revoke access for endpoint related activities for redshift-managed vpc endpoint","accessLevel":"Permissions management","resourceTypes":[]},"RevokeSnapshotAccess":{"conditionKeys":[],"resources":[{"name":"snapshot"}],"description":"Grants permission to revoke access from the specified AWS account to restore a snapshot","accessLevel":"Permissions management","resourceTypes":[{"name":"snapshot","required":true}]},"RotateEncryptionKey":{"conditionKeys":[],"resources":[{"name":"cluster"}],"description":"Grants permission to rotate an encryption key for a cluster","accessLevel":"Write","resourceTypes":[{"name":"cluster","required":true}]},"UpdatePartnerStatus":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the status of a partner integration","accessLevel":"Write","resourceTypes":[]},"ViewQueriesFromConsole":{"conditionKeys":[],"resources":[],"description":"Grants permission to view query results through the Amazon Redshift console","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ViewQueriesInConsole":{"conditionKeys":[],"resources":[],"description":"Grants permission to terminate running queries and loads through the Amazon Redshift console","accessLevel":"List","resourceTypes":[],"permissionOnly":true}},"resources":[{"name":"cluster","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:cluster:${ClusterName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"datashare","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:datashare:${ProducerClusterNamespace}/${DataShareName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"dbgroup","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:dbgroup:${ClusterName}/${DbGroup}"],"conditionKeys":[]},{"name":"dbname","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:dbname:${ClusterName}/${DbName}"],"conditionKeys":[]},{"name":"dbuser","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:dbuser:${ClusterName}/${DbUser}"],"conditionKeys":[]},{"name":"eventsubscription","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:eventsubscription:${EventSubscriptionName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"hsmclientcertificate","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:hsmclientcertificate:${HSMClientCertificateId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"hsmconfiguration","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:hsmconfiguration:${HSMConfigurationId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"integration","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:integration:${IntegrationIdentifier}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"namespace","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:namespace:${ClusterNamespace}"],"conditionKeys":[]},{"name":"parametergroup","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:parametergroup:${ParameterGroupName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"qev2idcapplication","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:qev2idcapplication:${Qev2IdcApplicationId}"],"conditionKeys":[]},{"name":"redshiftidcapplication","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:redshiftidcapplication:${RedshiftIdcApplicationId}"],"conditionKeys":[]},{"name":"securitygroup","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ec2SecurityGroupId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"securitygroupingress-cidr","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/cidrip/${IpRange}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"securitygroupingress-ec2securitygroup","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ece2SecuritygroupId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"snapshot","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:snapshot:${ClusterName}/${SnapshotName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"snapshotcopygrant","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:snapshotcopygrant:${SnapshotCopyGrantName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"snapshotschedule","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:snapshotschedule:${ScheduleIdentifier}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"subnetgroup","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:subnetgroup:${SubnetGroupName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"usagelimit","arnFormats":["arn:${Partition}:redshift:${Region}:${Account}:usagelimit:${UsageLimitId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by actions based on the allowed set of values for each of the tags"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by actions based on tag-value associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by actions based on the presence of mandatory tags in the request"},"redshift:AllowWrites":{"types":["Bool"],"description":"Filters access by the allowWrites input parameter"},"redshift:ConsumerArn":{"types":["ARN"],"description":"Filters access by the datashare consumer arn"},"redshift:ConsumerIdentifier":{"types":["String"],"description":"Filters access by the datashare consumer"},"redshift:DbName":{"types":["String"],"description":"Filters access by the database name"},"redshift:DbUser":{"types":["String"],"description":"Filters access by the database user name"},"redshift:DurationSeconds":{"types":["String"],"description":"Filters access by the number of seconds until a temporary credential set expires"},"redshift:InboundIntegrationArn":{"types":["ARN"],"description":"Filters access by the ARN of an inbound zero-ETL Integration resource"},"redshift:IntegrationSourceArn":{"types":["ARN"],"description":"Filters access by the ARN of a zero-ETL Integration source"},"redshift:IntegrationTargetArn":{"types":["ARN"],"description":"Filters access by the ARN of a zero-ETL Integration target"}}}

package/src/data/servicereference/services/refactor-spaces.json

@@ -0,0 +1 @@
+{"name":"refactor-spaces","actions":{"CreateApplication":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds"],"resources":[],"description":"Grants permission to create an application within an environment","accessLevel":"Write","resourceTypes":[]},"CreateEnvironment":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create an environment","accessLevel":"Write","resourceTypes":[]},"CreateRoute":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds","refactor-spaces:RouteCreatedByAccount","refactor-spaces:ServiceCreatedByAccount","refactor-spaces:SourcePath"],"resources":[],"description":"Grants permission to create a route within an application","accessLevel":"Write","resourceTypes":[]},"CreateService":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds","refactor-spaces:ServiceCreatedByAccount"],"resources":[],"description":"Grants permission to create a service within an application","accessLevel":"Write","resourceTypes":[]},"DeleteApplication":{"conditionKeys":["aws:ResourceTag/${TagKey}","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds"],"resources":[{"name":"application"}],"description":"Grants permission to delete an application from an environment","accessLevel":"Write","resourceTypes":[{"name":"application","required":true}]},"DeleteEnvironment":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"environment"}],"description":"Grants permission to delete an environment","accessLevel":"Write","resourceTypes":[{"name":"environment","required":true}]},"DeleteResourcePolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a resource policy","accessLevel":"Write","resourceTypes":[]},"DeleteRoute":{"conditionKeys":["aws:ResourceTag/${TagKey}","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds","refactor-spaces:RouteCreatedByAccount","refactor-spaces:ServiceCreatedByAccount","refactor-spaces:SourcePath"],"resources":[{"name":"route"}],"description":"Grants permission to delete a route from an application","accessLevel":"Write","resourceTypes":[{"name":"route","required":true}]},"DeleteService":{"conditionKeys":["aws:ResourceTag/${TagKey}","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds","refactor-spaces:ServiceCreatedByAccount"],"resources":[{"name":"service"}],"description":"Grants permission to delete a service from an application","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]},"GetApplication":{"conditionKeys":["aws:ResourceTag/${TagKey}","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds"],"resources":[{"name":"application"}],"description":"Grants permission to get more information about an application","accessLevel":"Read","resourceTypes":[{"name":"application","required":true}]},"GetEnvironment":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"environment"}],"description":"Grants permission to get more information for an environment","accessLevel":"Read","resourceTypes":[{"name":"environment","required":true}]},"GetResourcePolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the details about a resource policy","accessLevel":"Read","resourceTypes":[]},"GetRoute":{"conditionKeys":["aws:ResourceTag/${TagKey}","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds","refactor-spaces:RouteCreatedByAccount","refactor-spaces:ServiceCreatedByAccount","refactor-spaces:SourcePath"],"resources":[{"name":"route"}],"description":"Grants permission to get more information about a route","accessLevel":"Read","resourceTypes":[{"name":"route","required":true}]},"GetService":{"conditionKeys":["aws:ResourceTag/${TagKey}","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds","refactor-spaces:ServiceCreatedByAccount"],"resources":[{"name":"service"}],"description":"Grants permission to get more information about a service","accessLevel":"Read","resourceTypes":[{"name":"service","required":true}]},"ListApplications":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to list all the applications in an environment","accessLevel":"Read","resourceTypes":[{"name":"application","required":true}]},"ListEnvironmentVpcs":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to list all the VPCs for the environment","accessLevel":"Read","resourceTypes":[{"name":"environment","required":true}]},"ListEnvironments":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all environments","accessLevel":"Read","resourceTypes":[]},"ListRoutes":{"conditionKeys":[],"resources":[{"name":"route"}],"description":"Grants permission to list all the routes in an application","accessLevel":"Read","resourceTypes":[{"name":"route","required":true}]},"ListServices":{"conditionKeys":[],"resources":[{"name":"environment"}],"description":"Grants permission to list all the services in an environment","accessLevel":"Read","resourceTypes":[{"name":"environment","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all the tags for a given resource","accessLevel":"Read","resourceTypes":[]},"PutResourcePolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to add a resource policy","accessLevel":"Write","resourceTypes":[]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds","refactor-spaces:RouteCreatedByAccount","refactor-spaces:ServiceCreatedByAccount","refactor-spaces:SourcePath"],"resources":[{"name":"application"},{"name":"environment"},{"name":"route"},{"name":"service"}],"description":"Grants permission to tag a resource","accessLevel":"Tagging","resourceTypes":[{"name":"application","required":false},{"name":"environment","required":false},{"name":"route","required":false},{"name":"service","required":false}]},"UntagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds","refactor-spaces:RouteCreatedByAccount","refactor-spaces:ServiceCreatedByAccount","refactor-spaces:SourcePath"],"resources":[{"name":"application"},{"name":"environment"},{"name":"route"},{"name":"service"}],"description":"Grants permission to remove a tag from a resource","accessLevel":"Tagging","resourceTypes":[{"name":"application","required":false},{"name":"environment","required":false},{"name":"route","required":false},{"name":"service","required":false}]},"UpdateRoute":{"conditionKeys":["aws:ResourceTag/${TagKey}","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds","refactor-spaces:RouteCreatedByAccount","refactor-spaces:ServiceCreatedByAccount","refactor-spaces:SourcePath"],"resources":[{"name":"route"}],"description":"Grants permission to update a route from an application","accessLevel":"Write","resourceTypes":[{"name":"route","required":true}]}},"resources":[{"name":"application","arnFormats":["arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentId}/application/${ApplicationId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds"]},{"name":"environment","arnFormats":["arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"route","arnFormats":["arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentId}/application/${ApplicationId}/route/${RouteId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds","refactor-spaces:RouteCreatedByAccount","refactor-spaces:ServiceCreatedByAccount","refactor-spaces:SourcePath"]},{"name":"service","arnFormats":["arn:${Partition}:refactor-spaces:${Region}:${Account}:environment/${EnvironmentId}/application/${ApplicationId}/service/${ServiceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds","refactor-spaces:ServiceCreatedByAccount"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the presence of tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of tag keys in the request"},"refactor-spaces:ApplicationCreatedByAccount":{"types":["String"],"description":"Filters access by restricting the action to only those accounts that created the application within an environment"},"refactor-spaces:CreatedByAccountIds":{"types":["ArrayOfString"],"description":"Filters access by the accounts that created the resource"},"refactor-spaces:RouteCreatedByAccount":{"types":["String"],"description":"Filters access by restricting the action to only those accounts that created the route within an application"},"refactor-spaces:ServiceCreatedByAccount":{"types":["String"],"description":"Filters access by restricting the action to only those accounts that created the service within an application"},"refactor-spaces:SourcePath":{"types":["String"],"description":"Filters access by the path of the route"}}}