aws-iam-ls 0.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (522) hide show
  1. package/.direnv/bin/nix-direnv-reload +19 -0
  2. package/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa.rc +2156 -0
  3. package/.github/workflows/publish.yml +37 -0
  4. package/.github/workflows/test.yml +16 -0
  5. package/.vscodeignore +17 -0
  6. package/LICENSE +21 -0
  7. package/package.json +53 -0
  8. package/readme.md +25 -0
  9. package/src/data/condition-keys/global.json +362 -0
  10. package/src/data/servicereference/actions.json +1 -0
  11. package/src/data/servicereference/service-principals.json +1 -0
  12. package/src/data/servicereference/services/a2c.json +1 -0
  13. package/src/data/servicereference/services/a4b.json +1 -0
  14. package/src/data/servicereference/services/access-analyzer.json +1 -0
  15. package/src/data/servicereference/services/account.json +1 -0
  16. package/src/data/servicereference/services/acm-pca.json +1 -0
  17. package/src/data/servicereference/services/acm.json +1 -0
  18. package/src/data/servicereference/services/aco-automation.json +1 -0
  19. package/src/data/servicereference/services/action-recommendations.json +1 -0
  20. package/src/data/servicereference/services/activate.json +1 -0
  21. package/src/data/servicereference/services/aidevops.json +1 -0
  22. package/src/data/servicereference/services/aiops.json +1 -0
  23. package/src/data/servicereference/services/airflow-serverless.json +1 -0
  24. package/src/data/servicereference/services/airflow.json +1 -0
  25. package/src/data/servicereference/services/amplify.json +1 -0
  26. package/src/data/servicereference/services/amplifybackend.json +1 -0
  27. package/src/data/servicereference/services/amplifyuibuilder.json +1 -0
  28. package/src/data/servicereference/services/aoss.json +1 -0
  29. package/src/data/servicereference/services/apigateway.json +1 -0
  30. package/src/data/servicereference/services/app-integrations.json +1 -0
  31. package/src/data/servicereference/services/appconfig.json +1 -0
  32. package/src/data/servicereference/services/appfabric.json +1 -0
  33. package/src/data/servicereference/services/appflow.json +1 -0
  34. package/src/data/servicereference/services/application-autoscaling.json +1 -0
  35. package/src/data/servicereference/services/application-signals.json +1 -0
  36. package/src/data/servicereference/services/application-transformation.json +1 -0
  37. package/src/data/servicereference/services/applicationinsights.json +1 -0
  38. package/src/data/servicereference/services/appmesh-preview.json +1 -0
  39. package/src/data/servicereference/services/appmesh.json +1 -0
  40. package/src/data/servicereference/services/apprunner.json +1 -0
  41. package/src/data/servicereference/services/appstream.json +1 -0
  42. package/src/data/servicereference/services/appstudio.json +1 -0
  43. package/src/data/servicereference/services/appsync.json +1 -0
  44. package/src/data/servicereference/services/apptest.json +1 -0
  45. package/src/data/servicereference/services/aps.json +1 -0
  46. package/src/data/servicereference/services/arc-region-switch.json +1 -0
  47. package/src/data/servicereference/services/arc-zonal-shift.json +1 -0
  48. package/src/data/servicereference/services/arsenal.json +1 -0
  49. package/src/data/servicereference/services/artifact.json +1 -0
  50. package/src/data/servicereference/services/athena.json +1 -0
  51. package/src/data/servicereference/services/auditmanager.json +1 -0
  52. package/src/data/servicereference/services/autoscaling-plans.json +1 -0
  53. package/src/data/servicereference/services/autoscaling.json +1 -0
  54. package/src/data/servicereference/services/aws-marketplace-management.json +1 -0
  55. package/src/data/servicereference/services/aws-marketplace.json +1 -0
  56. package/src/data/servicereference/services/aws-mcp.json +1 -0
  57. package/src/data/servicereference/services/aws-portal.json +1 -0
  58. package/src/data/servicereference/services/awsconnector.json +1 -0
  59. package/src/data/servicereference/services/b2bi.json +1 -0
  60. package/src/data/servicereference/services/backup-gateway.json +1 -0
  61. package/src/data/servicereference/services/backup-search.json +1 -0
  62. package/src/data/servicereference/services/backup-storage.json +1 -0
  63. package/src/data/servicereference/services/backup.json +1 -0
  64. package/src/data/servicereference/services/batch.json +1 -0
  65. package/src/data/servicereference/services/bcm-dashboards.json +1 -0
  66. package/src/data/servicereference/services/bcm-data-exports.json +1 -0
  67. package/src/data/servicereference/services/bcm-pricing-calculator.json +1 -0
  68. package/src/data/servicereference/services/bcm-recommended-actions.json +1 -0
  69. package/src/data/servicereference/services/bedrock-agentcore.json +1 -0
  70. package/src/data/servicereference/services/bedrock-mantle.json +1 -0
  71. package/src/data/servicereference/services/bedrock.json +1 -0
  72. package/src/data/servicereference/services/billing.json +1 -0
  73. package/src/data/servicereference/services/billingconductor.json +1 -0
  74. package/src/data/servicereference/services/braket.json +1 -0
  75. package/src/data/servicereference/services/budgets.json +1 -0
  76. package/src/data/servicereference/services/bugbust.json +1 -0
  77. package/src/data/servicereference/services/cases.json +1 -0
  78. package/src/data/servicereference/services/cassandra.json +1 -0
  79. package/src/data/servicereference/services/ce.json +1 -0
  80. package/src/data/servicereference/services/chatbot.json +1 -0
  81. package/src/data/servicereference/services/chime.json +1 -0
  82. package/src/data/servicereference/services/cleanrooms-ml.json +1 -0
  83. package/src/data/servicereference/services/cleanrooms.json +1 -0
  84. package/src/data/servicereference/services/cloud9.json +1 -0
  85. package/src/data/servicereference/services/clouddirectory.json +1 -0
  86. package/src/data/servicereference/services/cloudformation.json +1 -0
  87. package/src/data/servicereference/services/cloudfront-keyvaluestore.json +1 -0
  88. package/src/data/servicereference/services/cloudfront.json +1 -0
  89. package/src/data/servicereference/services/cloudhsm.json +1 -0
  90. package/src/data/servicereference/services/cloudsearch.json +1 -0
  91. package/src/data/servicereference/services/cloudshell.json +1 -0
  92. package/src/data/servicereference/services/cloudtrail-data.json +1 -0
  93. package/src/data/servicereference/services/cloudtrail.json +1 -0
  94. package/src/data/servicereference/services/cloudwatch.json +1 -0
  95. package/src/data/servicereference/services/codeartifact.json +1 -0
  96. package/src/data/servicereference/services/codebuild.json +1 -0
  97. package/src/data/servicereference/services/codecatalyst.json +1 -0
  98. package/src/data/servicereference/services/codecommit.json +1 -0
  99. package/src/data/servicereference/services/codeconnections.json +1 -0
  100. package/src/data/servicereference/services/codedeploy-commands-secure.json +1 -0
  101. package/src/data/servicereference/services/codedeploy.json +1 -0
  102. package/src/data/servicereference/services/codeguru-profiler.json +1 -0
  103. package/src/data/servicereference/services/codeguru-reviewer.json +1 -0
  104. package/src/data/servicereference/services/codeguru-security.json +1 -0
  105. package/src/data/servicereference/services/codeguru.json +1 -0
  106. package/src/data/servicereference/services/codepipeline.json +1 -0
  107. package/src/data/servicereference/services/codestar-connections.json +1 -0
  108. package/src/data/servicereference/services/codestar-notifications.json +1 -0
  109. package/src/data/servicereference/services/codestar.json +1 -0
  110. package/src/data/servicereference/services/codewhisperer.json +1 -0
  111. package/src/data/servicereference/services/cognito-identity.json +1 -0
  112. package/src/data/servicereference/services/cognito-idp.json +1 -0
  113. package/src/data/servicereference/services/cognito-sync.json +1 -0
  114. package/src/data/servicereference/services/comprehend.json +1 -0
  115. package/src/data/servicereference/services/comprehendmedical.json +1 -0
  116. package/src/data/servicereference/services/compute-optimizer.json +1 -0
  117. package/src/data/servicereference/services/config.json +1 -0
  118. package/src/data/servicereference/services/connect-campaigns.json +1 -0
  119. package/src/data/servicereference/services/connect.json +1 -0
  120. package/src/data/servicereference/services/consoleapp.json +1 -0
  121. package/src/data/servicereference/services/consolidatedbilling.json +1 -0
  122. package/src/data/servicereference/services/controlcatalog.json +1 -0
  123. package/src/data/servicereference/services/controltower.json +1 -0
  124. package/src/data/servicereference/services/cost-optimization-hub.json +1 -0
  125. package/src/data/servicereference/services/cur.json +1 -0
  126. package/src/data/servicereference/services/customer-verification.json +1 -0
  127. package/src/data/servicereference/services/databrew.json +1 -0
  128. package/src/data/servicereference/services/dataexchange.json +1 -0
  129. package/src/data/servicereference/services/datapipeline.json +1 -0
  130. package/src/data/servicereference/services/datasync.json +1 -0
  131. package/src/data/servicereference/services/datazone.json +1 -0
  132. package/src/data/servicereference/services/dax.json +1 -0
  133. package/src/data/servicereference/services/dbqms.json +1 -0
  134. package/src/data/servicereference/services/deadline.json +1 -0
  135. package/src/data/servicereference/services/detective.json +1 -0
  136. package/src/data/servicereference/services/devicefarm.json +1 -0
  137. package/src/data/servicereference/services/devops-guru.json +1 -0
  138. package/src/data/servicereference/services/directconnect.json +1 -0
  139. package/src/data/servicereference/services/discovery.json +1 -0
  140. package/src/data/servicereference/services/dlm.json +1 -0
  141. package/src/data/servicereference/services/dms.json +1 -0
  142. package/src/data/servicereference/services/docdb-elastic.json +1 -0
  143. package/src/data/servicereference/services/drs.json +1 -0
  144. package/src/data/servicereference/services/ds-data.json +1 -0
  145. package/src/data/servicereference/services/ds.json +1 -0
  146. package/src/data/servicereference/services/dsql.json +1 -0
  147. package/src/data/servicereference/services/dynamodb.json +1 -0
  148. package/src/data/servicereference/services/ebs.json +1 -0
  149. package/src/data/servicereference/services/ec2-instance-connect.json +1 -0
  150. package/src/data/servicereference/services/ec2.json +1 -0
  151. package/src/data/servicereference/services/ec2messages.json +1 -0
  152. package/src/data/servicereference/services/ecr-public.json +1 -0
  153. package/src/data/servicereference/services/ecr.json +1 -0
  154. package/src/data/servicereference/services/ecs-mcp.json +1 -0
  155. package/src/data/servicereference/services/ecs.json +1 -0
  156. package/src/data/servicereference/services/eks-auth.json +1 -0
  157. package/src/data/servicereference/services/eks-mcp.json +1 -0
  158. package/src/data/servicereference/services/eks.json +1 -0
  159. package/src/data/servicereference/services/elasticache.json +1 -0
  160. package/src/data/servicereference/services/elasticbeanstalk.json +1 -0
  161. package/src/data/servicereference/services/elasticfilesystem.json +1 -0
  162. package/src/data/servicereference/services/elasticloadbalancing.json +1 -0
  163. package/src/data/servicereference/services/elasticmapreduce.json +1 -0
  164. package/src/data/servicereference/services/elastictranscoder.json +1 -0
  165. package/src/data/servicereference/services/elemental-activations.json +1 -0
  166. package/src/data/servicereference/services/elemental-appliances-software.json +1 -0
  167. package/src/data/servicereference/services/elemental-inference.json +1 -0
  168. package/src/data/servicereference/services/elemental-support-cases.json +1 -0
  169. package/src/data/servicereference/services/elemental-support-content.json +1 -0
  170. package/src/data/servicereference/services/emr-containers.json +1 -0
  171. package/src/data/servicereference/services/emr-serverless.json +1 -0
  172. package/src/data/servicereference/services/entityresolution.json +1 -0
  173. package/src/data/servicereference/services/es.json +1 -0
  174. package/src/data/servicereference/services/events.json +1 -0
  175. package/src/data/servicereference/services/evidently.json +1 -0
  176. package/src/data/servicereference/services/evs.json +1 -0
  177. package/src/data/servicereference/services/execute-api.json +1 -0
  178. package/src/data/servicereference/services/finspace-api.json +1 -0
  179. package/src/data/servicereference/services/finspace.json +1 -0
  180. package/src/data/servicereference/services/firehose.json +1 -0
  181. package/src/data/servicereference/services/fis.json +1 -0
  182. package/src/data/servicereference/services/fms.json +1 -0
  183. package/src/data/servicereference/services/forecast.json +1 -0
  184. package/src/data/servicereference/services/frauddetector.json +1 -0
  185. package/src/data/servicereference/services/freertos.json +1 -0
  186. package/src/data/servicereference/services/freetier.json +1 -0
  187. package/src/data/servicereference/services/fsx.json +1 -0
  188. package/src/data/servicereference/services/gamelift.json +1 -0
  189. package/src/data/servicereference/services/gameliftstreams.json +1 -0
  190. package/src/data/servicereference/services/geo-maps.json +1 -0
  191. package/src/data/servicereference/services/geo-places.json +1 -0
  192. package/src/data/servicereference/services/geo-routes.json +1 -0
  193. package/src/data/servicereference/services/geo.json +1 -0
  194. package/src/data/servicereference/services/glacier.json +1 -0
  195. package/src/data/servicereference/services/globalaccelerator.json +1 -0
  196. package/src/data/servicereference/services/glue.json +1 -0
  197. package/src/data/servicereference/services/grafana.json +1 -0
  198. package/src/data/servicereference/services/greengrass.json +1 -0
  199. package/src/data/servicereference/services/groundstation.json +1 -0
  200. package/src/data/servicereference/services/groundtruthlabeling.json +1 -0
  201. package/src/data/servicereference/services/guardduty.json +1 -0
  202. package/src/data/servicereference/services/health-agent.json +1 -0
  203. package/src/data/servicereference/services/health.json +1 -0
  204. package/src/data/servicereference/services/healthlake.json +1 -0
  205. package/src/data/servicereference/services/honeycode.json +1 -0
  206. package/src/data/servicereference/services/iam.json +1 -0
  207. package/src/data/servicereference/services/identity-sync.json +1 -0
  208. package/src/data/servicereference/services/identitystore-auth.json +1 -0
  209. package/src/data/servicereference/services/identitystore.json +1 -0
  210. package/src/data/servicereference/services/imagebuilder.json +1 -0
  211. package/src/data/servicereference/services/importexport.json +1 -0
  212. package/src/data/servicereference/services/inspector-scan.json +1 -0
  213. package/src/data/servicereference/services/inspector.json +1 -0
  214. package/src/data/servicereference/services/inspector2-telemetry.json +1 -0
  215. package/src/data/servicereference/services/inspector2.json +1 -0
  216. package/src/data/servicereference/services/interconnect.json +1 -0
  217. package/src/data/servicereference/services/internetmonitor.json +1 -0
  218. package/src/data/servicereference/services/invoicing.json +1 -0
  219. package/src/data/servicereference/services/iot-device-tester.json +1 -0
  220. package/src/data/servicereference/services/iot.json +1 -0
  221. package/src/data/servicereference/services/iotanalytics.json +1 -0
  222. package/src/data/servicereference/services/iotdeviceadvisor.json +1 -0
  223. package/src/data/servicereference/services/iotevents.json +1 -0
  224. package/src/data/servicereference/services/iotfleethub.json +1 -0
  225. package/src/data/servicereference/services/iotfleetwise.json +1 -0
  226. package/src/data/servicereference/services/iotjobsdata.json +1 -0
  227. package/src/data/servicereference/services/iotmanagedintegrations.json +1 -0
  228. package/src/data/servicereference/services/iotsitewise.json +1 -0
  229. package/src/data/servicereference/services/iottwinmaker.json +1 -0
  230. package/src/data/servicereference/services/iotwireless.json +1 -0
  231. package/src/data/servicereference/services/iq-permission.json +1 -0
  232. package/src/data/servicereference/services/iq.json +1 -0
  233. package/src/data/servicereference/services/ivs.json +1 -0
  234. package/src/data/servicereference/services/ivschat.json +1 -0
  235. package/src/data/servicereference/services/kafka-cluster.json +1 -0
  236. package/src/data/servicereference/services/kafka.json +1 -0
  237. package/src/data/servicereference/services/kafkaconnect.json +1 -0
  238. package/src/data/servicereference/services/kendra-ranking.json +1 -0
  239. package/src/data/servicereference/services/kendra.json +1 -0
  240. package/src/data/servicereference/services/kinesis.json +1 -0
  241. package/src/data/servicereference/services/kinesisanalytics.json +1 -0
  242. package/src/data/servicereference/services/kinesisvideo.json +1 -0
  243. package/src/data/servicereference/services/kms.json +1 -0
  244. package/src/data/servicereference/services/lakeformation.json +1 -0
  245. package/src/data/servicereference/services/lambda.json +1 -0
  246. package/src/data/servicereference/services/launchwizard.json +1 -0
  247. package/src/data/servicereference/services/lex.json +1 -0
  248. package/src/data/servicereference/services/license-manager-linux-subscriptions.json +1 -0
  249. package/src/data/servicereference/services/license-manager-user-subscriptions.json +1 -0
  250. package/src/data/servicereference/services/license-manager.json +1 -0
  251. package/src/data/servicereference/services/lightsail.json +1 -0
  252. package/src/data/servicereference/services/logs.json +1 -0
  253. package/src/data/servicereference/services/lookoutequipment.json +1 -0
  254. package/src/data/servicereference/services/lookoutmetrics.json +1 -0
  255. package/src/data/servicereference/services/lookoutvision.json +1 -0
  256. package/src/data/servicereference/services/m2.json +1 -0
  257. package/src/data/servicereference/services/machinelearning.json +1 -0
  258. package/src/data/servicereference/services/macie2.json +1 -0
  259. package/src/data/servicereference/services/managedblockchain-query.json +1 -0
  260. package/src/data/servicereference/services/managedblockchain.json +1 -0
  261. package/src/data/servicereference/services/mapcredits.json +1 -0
  262. package/src/data/servicereference/services/marketplacecommerceanalytics.json +1 -0
  263. package/src/data/servicereference/services/mechanicalturk.json +1 -0
  264. package/src/data/servicereference/services/mediaconnect.json +1 -0
  265. package/src/data/servicereference/services/mediaconvert.json +1 -0
  266. package/src/data/servicereference/services/mediaimport.json +1 -0
  267. package/src/data/servicereference/services/medialive.json +1 -0
  268. package/src/data/servicereference/services/mediapackage-vod.json +1 -0
  269. package/src/data/servicereference/services/mediapackage.json +1 -0
  270. package/src/data/servicereference/services/mediapackagev2.json +1 -0
  271. package/src/data/servicereference/services/mediastore.json +1 -0
  272. package/src/data/servicereference/services/mediatailor.json +1 -0
  273. package/src/data/servicereference/services/medical-imaging.json +1 -0
  274. package/src/data/servicereference/services/memorydb.json +1 -0
  275. package/src/data/servicereference/services/mgh.json +1 -0
  276. package/src/data/servicereference/services/mgn.json +1 -0
  277. package/src/data/servicereference/services/migrationhub-orchestrator.json +1 -0
  278. package/src/data/servicereference/services/migrationhub-strategy.json +1 -0
  279. package/src/data/servicereference/services/mobileanalytics.json +1 -0
  280. package/src/data/servicereference/services/mobiletargeting.json +1 -0
  281. package/src/data/servicereference/services/monitron.json +1 -0
  282. package/src/data/servicereference/services/mpa.json +1 -0
  283. package/src/data/servicereference/services/mq.json +1 -0
  284. package/src/data/servicereference/services/neptune-db.json +1 -0
  285. package/src/data/servicereference/services/neptune-graph.json +1 -0
  286. package/src/data/servicereference/services/network-firewall.json +1 -0
  287. package/src/data/servicereference/services/network-security-director.json +1 -0
  288. package/src/data/servicereference/services/networkflowmonitor.json +1 -0
  289. package/src/data/servicereference/services/networkmanager-chat.json +1 -0
  290. package/src/data/servicereference/services/networkmanager.json +1 -0
  291. package/src/data/servicereference/services/networkmonitor.json +1 -0
  292. package/src/data/servicereference/services/nimble.json +1 -0
  293. package/src/data/servicereference/services/notifications-contacts.json +1 -0
  294. package/src/data/servicereference/services/notifications.json +1 -0
  295. package/src/data/servicereference/services/nova-act.json +1 -0
  296. package/src/data/servicereference/services/oam.json +1 -0
  297. package/src/data/servicereference/services/observabilityadmin.json +1 -0
  298. package/src/data/servicereference/services/odb.json +1 -0
  299. package/src/data/servicereference/services/omics.json +1 -0
  300. package/src/data/servicereference/services/one.json +1 -0
  301. package/src/data/servicereference/services/opensearch.json +1 -0
  302. package/src/data/servicereference/services/opsworks-cm.json +1 -0
  303. package/src/data/servicereference/services/opsworks.json +1 -0
  304. package/src/data/servicereference/services/organizations.json +1 -0
  305. package/src/data/servicereference/services/osis.json +1 -0
  306. package/src/data/servicereference/services/outposts.json +1 -0
  307. package/src/data/servicereference/services/panorama.json +1 -0
  308. package/src/data/servicereference/services/partnercentral-account-management.json +1 -0
  309. package/src/data/servicereference/services/partnercentral.json +1 -0
  310. package/src/data/servicereference/services/payment-cryptography.json +1 -0
  311. package/src/data/servicereference/services/payments.json +1 -0
  312. package/src/data/servicereference/services/pca-connector-ad.json +1 -0
  313. package/src/data/servicereference/services/pca-connector-scep.json +1 -0
  314. package/src/data/servicereference/services/pcs.json +1 -0
  315. package/src/data/servicereference/services/personalize.json +1 -0
  316. package/src/data/servicereference/services/pi.json +1 -0
  317. package/src/data/servicereference/services/pipes.json +1 -0
  318. package/src/data/servicereference/services/polly.json +1 -0
  319. package/src/data/servicereference/services/pricing.json +1 -0
  320. package/src/data/servicereference/services/pricingplanmanager.json +1 -0
  321. package/src/data/servicereference/services/private-networks.json +1 -0
  322. package/src/data/servicereference/services/profile.json +1 -0
  323. package/src/data/servicereference/services/proton.json +1 -0
  324. package/src/data/servicereference/services/purchase-orders.json +1 -0
  325. package/src/data/servicereference/services/q.json +1 -0
  326. package/src/data/servicereference/services/qapps.json +1 -0
  327. package/src/data/servicereference/services/qbusiness.json +1 -0
  328. package/src/data/servicereference/services/qdeveloper.json +1 -0
  329. package/src/data/servicereference/services/qldb.json +1 -0
  330. package/src/data/servicereference/services/quicksight.json +1 -0
  331. package/src/data/servicereference/services/ram.json +1 -0
  332. package/src/data/servicereference/services/rbin.json +1 -0
  333. package/src/data/servicereference/services/rds-data.json +1 -0
  334. package/src/data/servicereference/services/rds-db.json +1 -0
  335. package/src/data/servicereference/services/rds.json +1 -0
  336. package/src/data/servicereference/services/redshift-data.json +1 -0
  337. package/src/data/servicereference/services/redshift-serverless.json +1 -0
  338. package/src/data/servicereference/services/redshift.json +1 -0
  339. package/src/data/servicereference/services/refactor-spaces.json +1 -0
  340. package/src/data/servicereference/services/rekognition.json +1 -0
  341. package/src/data/servicereference/services/repostspace.json +1 -0
  342. package/src/data/servicereference/services/resiliencehub.json +1 -0
  343. package/src/data/servicereference/services/resource-explorer-2.json +1 -0
  344. package/src/data/servicereference/services/resource-explorer.json +1 -0
  345. package/src/data/servicereference/services/resource-groups.json +1 -0
  346. package/src/data/servicereference/services/rhelkb.json +1 -0
  347. package/src/data/servicereference/services/robomaker.json +1 -0
  348. package/src/data/servicereference/services/rolesanywhere.json +1 -0
  349. package/src/data/servicereference/services/route53-recovery-cluster.json +1 -0
  350. package/src/data/servicereference/services/route53-recovery-control-config.json +1 -0
  351. package/src/data/servicereference/services/route53-recovery-readiness.json +1 -0
  352. package/src/data/servicereference/services/route53.json +1 -0
  353. package/src/data/servicereference/services/route53domains.json +1 -0
  354. package/src/data/servicereference/services/route53globalresolver.json +1 -0
  355. package/src/data/servicereference/services/route53profiles.json +1 -0
  356. package/src/data/servicereference/services/route53resolver.json +1 -0
  357. package/src/data/servicereference/services/rtbfabric.json +1 -0
  358. package/src/data/servicereference/services/rum.json +1 -0
  359. package/src/data/servicereference/services/s3-object-lambda.json +1 -0
  360. package/src/data/servicereference/services/s3-outposts.json +1 -0
  361. package/src/data/servicereference/services/s3.json +1 -0
  362. package/src/data/servicereference/services/s3express.json +1 -0
  363. package/src/data/servicereference/services/s3tables.json +1 -0
  364. package/src/data/servicereference/services/s3vectors.json +1 -0
  365. package/src/data/servicereference/services/sagemaker-data-science-assistant.json +1 -0
  366. package/src/data/servicereference/services/sagemaker-geospatial.json +1 -0
  367. package/src/data/servicereference/services/sagemaker-mlflow.json +1 -0
  368. package/src/data/servicereference/services/sagemaker-unified-studio-mcp.json +1 -0
  369. package/src/data/servicereference/services/sagemaker.json +1 -0
  370. package/src/data/servicereference/services/savingsplans.json +1 -0
  371. package/src/data/servicereference/services/scheduler.json +1 -0
  372. package/src/data/servicereference/services/schemas.json +1 -0
  373. package/src/data/servicereference/services/scn.json +1 -0
  374. package/src/data/servicereference/services/sdb.json +1 -0
  375. package/src/data/servicereference/services/secretsmanager.json +1 -0
  376. package/src/data/servicereference/services/security-ir.json +1 -0
  377. package/src/data/servicereference/services/securityagent.json +1 -0
  378. package/src/data/servicereference/services/securityhub.json +1 -0
  379. package/src/data/servicereference/services/securitylake.json +1 -0
  380. package/src/data/servicereference/services/serverlessrepo.json +1 -0
  381. package/src/data/servicereference/services/servicecatalog.json +1 -0
  382. package/src/data/servicereference/services/servicediscovery.json +1 -0
  383. package/src/data/servicereference/services/serviceextract.json +1 -0
  384. package/src/data/servicereference/services/servicequotas.json +1 -0
  385. package/src/data/servicereference/services/ses.json +1 -0
  386. package/src/data/servicereference/services/shield.json +1 -0
  387. package/src/data/servicereference/services/signer.json +1 -0
  388. package/src/data/servicereference/services/signin.json +1 -0
  389. package/src/data/servicereference/services/simspaceweaver.json +1 -0
  390. package/src/data/servicereference/services/sms-voice.json +1 -0
  391. package/src/data/servicereference/services/sms.json +1 -0
  392. package/src/data/servicereference/services/snow-device-management.json +1 -0
  393. package/src/data/servicereference/services/snowball.json +1 -0
  394. package/src/data/servicereference/services/sns.json +1 -0
  395. package/src/data/servicereference/services/social-messaging.json +1 -0
  396. package/src/data/servicereference/services/sqlworkbench.json +1 -0
  397. package/src/data/servicereference/services/sqs.json +1 -0
  398. package/src/data/servicereference/services/ssm-contacts.json +1 -0
  399. package/src/data/servicereference/services/ssm-guiconnect.json +1 -0
  400. package/src/data/servicereference/services/ssm-incidents.json +1 -0
  401. package/src/data/servicereference/services/ssm-quicksetup.json +1 -0
  402. package/src/data/servicereference/services/ssm-sap.json +1 -0
  403. package/src/data/servicereference/services/ssm.json +1 -0
  404. package/src/data/servicereference/services/ssmmessages.json +1 -0
  405. package/src/data/servicereference/services/sso-directory.json +1 -0
  406. package/src/data/servicereference/services/sso-oauth.json +1 -0
  407. package/src/data/servicereference/services/sso.json +1 -0
  408. package/src/data/servicereference/services/states.json +1 -0
  409. package/src/data/servicereference/services/storagegateway.json +1 -0
  410. package/src/data/servicereference/services/sts.json +1 -0
  411. package/src/data/servicereference/services/support-console.json +1 -0
  412. package/src/data/servicereference/services/support.json +1 -0
  413. package/src/data/servicereference/services/supportapp.json +1 -0
  414. package/src/data/servicereference/services/supportplans.json +1 -0
  415. package/src/data/servicereference/services/sustainability.json +1 -0
  416. package/src/data/servicereference/services/swf.json +1 -0
  417. package/src/data/servicereference/services/synthetics.json +1 -0
  418. package/src/data/servicereference/services/tag.json +1 -0
  419. package/src/data/servicereference/services/tax.json +1 -0
  420. package/src/data/servicereference/services/textract.json +1 -0
  421. package/src/data/servicereference/services/thinclient.json +1 -0
  422. package/src/data/servicereference/services/timestream-influxdb.json +1 -0
  423. package/src/data/servicereference/services/timestream.json +1 -0
  424. package/src/data/servicereference/services/tiros.json +1 -0
  425. package/src/data/servicereference/services/tnb.json +1 -0
  426. package/src/data/servicereference/services/transcribe.json +1 -0
  427. package/src/data/servicereference/services/transfer.json +1 -0
  428. package/src/data/servicereference/services/transform-custom.json +1 -0
  429. package/src/data/servicereference/services/transform.json +1 -0
  430. package/src/data/servicereference/services/translate.json +1 -0
  431. package/src/data/servicereference/services/trustedadvisor.json +1 -0
  432. package/src/data/servicereference/services/ts.json +1 -0
  433. package/src/data/servicereference/services/user-subscriptions.json +1 -0
  434. package/src/data/servicereference/services/uxc.json +1 -0
  435. package/src/data/servicereference/services/vendor-insights.json +1 -0
  436. package/src/data/servicereference/services/verified-access.json +1 -0
  437. package/src/data/servicereference/services/verifiedpermissions.json +1 -0
  438. package/src/data/servicereference/services/voiceid.json +1 -0
  439. package/src/data/servicereference/services/vpc-lattice-svcs.json +1 -0
  440. package/src/data/servicereference/services/vpc-lattice.json +1 -0
  441. package/src/data/servicereference/services/vpce.json +1 -0
  442. package/src/data/servicereference/services/waf-regional.json +1 -0
  443. package/src/data/servicereference/services/waf.json +1 -0
  444. package/src/data/servicereference/services/wafv2.json +1 -0
  445. package/src/data/servicereference/services/wam.json +1 -0
  446. package/src/data/servicereference/services/wellarchitected.json +1 -0
  447. package/src/data/servicereference/services/wickr.json +1 -0
  448. package/src/data/servicereference/services/wisdom.json +1 -0
  449. package/src/data/servicereference/services/workdocs.json +1 -0
  450. package/src/data/servicereference/services/worklink.json +1 -0
  451. package/src/data/servicereference/services/workmail.json +1 -0
  452. package/src/data/servicereference/services/workmailmessageflow.json +1 -0
  453. package/src/data/servicereference/services/workspaces-instances.json +1 -0
  454. package/src/data/servicereference/services/workspaces-web.json +1 -0
  455. package/src/data/servicereference/services/workspaces.json +1 -0
  456. package/src/data/servicereference/services/xray.json +1 -0
  457. package/src/data/servicereference/services.json +1 -0
  458. package/src/extension.d.ts +3 -0
  459. package/src/extension.js +23 -0
  460. package/src/grammars/tree-sitter-hcl.wasm +0 -0
  461. package/src/grammars/tree-sitter-json.wasm +0 -0
  462. package/src/grammars/tree-sitter-yaml.wasm +0 -0
  463. package/src/handlers/completion/action-value.d.ts +4 -0
  464. package/src/handlers/completion/action-value.js +46 -0
  465. package/src/handlers/completion/condition-block.d.ts +4 -0
  466. package/src/handlers/completion/condition-block.js +31 -0
  467. package/src/handlers/completion/condition-key.d.ts +4 -0
  468. package/src/handlers/completion/condition-key.js +80 -0
  469. package/src/handlers/completion/condition-operator.d.ts +4 -0
  470. package/src/handlers/completion/condition-operator.js +22 -0
  471. package/src/handlers/completion/effect-value.d.ts +4 -0
  472. package/src/handlers/completion/effect-value.js +14 -0
  473. package/src/handlers/completion/index.d.ts +14 -0
  474. package/src/handlers/completion/index.js +96 -0
  475. package/src/handlers/completion/principal-block-identifier.d.ts +4 -0
  476. package/src/handlers/completion/principal-block-identifier.js +4 -0
  477. package/src/handlers/completion/principal-block-type.d.ts +4 -0
  478. package/src/handlers/completion/principal-block-type.js +24 -0
  479. package/src/handlers/completion/principal-block.d.ts +4 -0
  480. package/src/handlers/completion/principal-block.js +28 -0
  481. package/src/handlers/completion/principal-identifier-completions.d.ts +2 -0
  482. package/src/handlers/completion/principal-identifier-completions.js +131 -0
  483. package/src/handlers/completion/principal-type.d.ts +4 -0
  484. package/src/handlers/completion/principal-type.js +23 -0
  485. package/src/handlers/completion/principal-typed-value.d.ts +4 -0
  486. package/src/handlers/completion/principal-typed-value.js +4 -0
  487. package/src/handlers/completion/principal-value.d.ts +4 -0
  488. package/src/handlers/completion/principal-value.js +18 -0
  489. package/src/handlers/completion/resource-value.d.ts +4 -0
  490. package/src/handlers/completion/resource-value.js +144 -0
  491. package/src/handlers/completion/statement-block.d.ts +10 -0
  492. package/src/handlers/completion/statement-block.js +51 -0
  493. package/src/handlers/completion/statement-key.d.ts +4 -0
  494. package/src/handlers/completion/statement-key.js +41 -0
  495. package/src/lib/iam-policy/condition-operators.d.ts +317 -0
  496. package/src/lib/iam-policy/condition-operators.js +129 -0
  497. package/src/lib/iam-policy/location.d.ts +71 -0
  498. package/src/lib/iam-policy/location.js +82 -0
  499. package/src/lib/iam-policy/partitions.d.ts +116 -0
  500. package/src/lib/iam-policy/partitions.js +51 -0
  501. package/src/lib/iam-policy/principals.d.ts +21 -0
  502. package/src/lib/iam-policy/principals.js +37 -0
  503. package/src/lib/iam-policy/reference/services.d.ts +22 -0
  504. package/src/lib/iam-policy/reference/services.js +99 -0
  505. package/src/lib/iam-policy/reference/types.d.ts +71 -0
  506. package/src/lib/iam-policy/reference/types.js +1 -0
  507. package/src/lib/iam-policy/statement-keys.d.ts +8 -0
  508. package/src/lib/iam-policy/statement-keys.js +159 -0
  509. package/src/lib/iam-policy/wildcard.d.ts +2 -0
  510. package/src/lib/iam-policy/wildcard.js +14 -0
  511. package/src/lib/treesitter/base.d.ts +35 -0
  512. package/src/lib/treesitter/base.js +50 -0
  513. package/src/lib/treesitter/hcl.d.ts +9 -0
  514. package/src/lib/treesitter/hcl.js +888 -0
  515. package/src/lib/treesitter/json.d.ts +9 -0
  516. package/src/lib/treesitter/json.js +376 -0
  517. package/src/lib/treesitter/manager.d.ts +9 -0
  518. package/src/lib/treesitter/manager.js +66 -0
  519. package/src/lib/treesitter/yaml.d.ts +9 -0
  520. package/src/lib/treesitter/yaml.js +878 -0
  521. package/src/server.d.ts +2 -0
  522. package/src/server.js +26 -0
package/src/data/servicereference/services/route53resolver.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"route53resolver","actions":{"AssociateFirewallRuleGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"firewall-rule-group-association"}],"description":"Grants permission to associate an Amazon VPC with a specified firewall rule group","accessLevel":"Write","resourceTypes":[{"name":"firewall-rule-group-association","required":true}],"dependentActions":["ec2:DescribeVpcs"]},"AssociateResolverEndpointIpAddress":{"conditionKeys":[],"resources":[{"name":"resolver-endpoint"}],"description":"Grants permission to associate a specified IP address with a Resolver endpoint. This is an IP address that DNS queries pass through on the way to your network (outbound) or your VPCs (inbound)","accessLevel":"Write","resourceTypes":[{"name":"resolver-endpoint","required":true}],"dependentActions":["ec2:CreateNetworkInterface","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets"]},"AssociateResolverQueryLogConfig":{"conditionKeys":[],"resources":[{"name":"resolver-query-log-config"}],"description":"Grants permission to associate an Amazon VPC with a specified query logging configuration","accessLevel":"Write","resourceTypes":[{"name":"resolver-query-log-config","required":true}],"dependentActions":["ec2:DescribeVpcs"]},"AssociateResolverRule":{"conditionKeys":[],"resources":[{"name":"resolver-rule"}],"description":"Grants permission to associate a specified Resolver rule with a specified VPC","accessLevel":"Write","resourceTypes":[{"name":"resolver-rule","required":true}],"dependentActions":["ec2:DescribeVpcs"]},"CreateFirewallDomainList":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"firewall-domain-list"}],"description":"Grants permission to create a Firewall domain list","accessLevel":"Write","resourceTypes":[{"name":"firewall-domain-list","required":true}]},"CreateFirewallRule":{"conditionKeys":[],"resources":[{"name":"firewall-domain-list"},{"name":"firewall-rule-group"}],"description":"Grants permission to create a Firewall rule within a Firewall rule group","accessLevel":"Write","resourceTypes":[{"name":"firewall-domain-list","required":true},{"name":"firewall-rule-group","required":true}]},"CreateFirewallRuleGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"firewall-rule-group"}],"description":"Grants permission to create a Firewall rule group","accessLevel":"Write","resourceTypes":[{"name":"firewall-rule-group","required":true}]},"CreateOutpostResolver":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"outpost-resolver"}],"description":"Grants permission to create a Route 53 Resolver on Outposts","accessLevel":"Write","resourceTypes":[{"name":"outpost-resolver","required":true}],"dependentActions":["outposts:GetOutpost"]},"CreateResolverEndpoint":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"resolver-endpoint"}],"description":"Grants permission to create a Resolver endpoint. There are two types of Resolver endpoints, inbound and outbound","accessLevel":"Write","resourceTypes":[{"name":"resolver-endpoint","required":true}],"dependentActions":["ec2:CreateNetworkInterface","ec2:DescribeNetworkInterfaces","ec2:DescribeSecurityGroups","ec2:DescribeSubnets","ec2:DescribeVpcs"]},"CreateResolverQueryLogConfig":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"resolver-query-log-config"}],"description":"Grants permission to create a Resolver query logging configuration, which defines where you want Resolver to save DNS query logs that originate in your VPCs","accessLevel":"Write","resourceTypes":[{"name":"resolver-query-log-config","required":true}]},"CreateResolverRule":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"resolver-rule"}],"description":"Grants permission to define how to route queries originating from your VPC out of the VPC","accessLevel":"Write","resourceTypes":[{"name":"resolver-rule","required":true}]},"DeleteFirewallDomainList":{"conditionKeys":[],"resources":[{"name":"firewall-domain-list"}],"description":"Grants permission to delete a Firewall domain list","accessLevel":"Write","resourceTypes":[{"name":"firewall-domain-list","required":true}]},"DeleteFirewallRule":{"conditionKeys":[],"resources":[{"name":"firewall-domain-list"},{"name":"firewall-rule-group"}],"description":"Grants permission to delete a Firewall rule within a Firewall rule group","accessLevel":"Write","resourceTypes":[{"name":"firewall-domain-list","required":true},{"name":"firewall-rule-group","required":true}]},"DeleteFirewallRuleGroup":{"conditionKeys":[],"resources":[{"name":"firewall-rule-group"}],"description":"Grants permission to delete a Firewall rule group","accessLevel":"Write","resourceTypes":[{"name":"firewall-rule-group","required":true}]},"DeleteOutpostResolver":{"conditionKeys":[],"resources":[{"name":"outpost-resolver"}],"description":"Grants permission to delete a Route 53 Resolver on Outposts","accessLevel":"Write","resourceTypes":[{"name":"outpost-resolver","required":true}]},"DeleteResolverEndpoint":{"conditionKeys":[],"resources":[{"name":"resolver-endpoint"}],"description":"Grants permission to delete a Resolver endpoint. The effect of deleting a Resolver endpoint depends on whether it's an inbound or an outbound endpoint","accessLevel":"Write","resourceTypes":[{"name":"resolver-endpoint","required":true}],"dependentActions":["ec2:DeleteNetworkInterface","ec2:DescribeNetworkInterfaces"]},"DeleteResolverQueryLogConfig":{"conditionKeys":[],"resources":[{"name":"resolver-query-log-config"}],"description":"Grants permission to delete a Resolver query logging configuration","accessLevel":"Write","resourceTypes":[{"name":"resolver-query-log-config","required":true}]},"DeleteResolverRule":{"conditionKeys":[],"resources":[{"name":"resolver-rule"}],"description":"Grants permission to delete a Resolver rule","accessLevel":"Write","resourceTypes":[{"name":"resolver-rule","required":true}]},"DisassociateFirewallRuleGroup":{"conditionKeys":[],"resources":[{"name":"firewall-rule-group-association"}],"description":"Grants permission to remove the association between a specified Firewall rule group and a specified VPC","accessLevel":"Write","resourceTypes":[{"name":"firewall-rule-group-association","required":true}]},"DisassociateResolverEndpointIpAddress":{"conditionKeys":[],"resources":[{"name":"resolver-endpoint"}],"description":"Grants permission to remove a specified IP address from a Resolver endpoint. This is an IP address that DNS queries pass through on the way to your network (outbound) or your VPCs (inbound)","accessLevel":"Write","resourceTypes":[{"name":"resolver-endpoint","required":true}],"dependentActions":["ec2:DeleteNetworkInterface","ec2:DescribeNetworkInterfaces"]},"DisassociateResolverQueryLogConfig":{"conditionKeys":[],"resources":[{"name":"resolver-query-log-config"}],"description":"Grants permission to remove the association between a specified Resolver query logging configuration and a specified VPC","accessLevel":"Write","resourceTypes":[{"name":"resolver-query-log-config","required":true}]},"DisassociateResolverRule":{"conditionKeys":[],"resources":[{"name":"resolver-rule"}],"description":"Grants permission to remove the association between a specified Resolver rule and a specified VPC","accessLevel":"Write","resourceTypes":[{"name":"resolver-rule","required":true}]},"GetFirewallConfig":{"conditionKeys":[],"resources":[{"name":"firewall-config"}],"description":"Grants permission to get information about a specified Firewall config","accessLevel":"Read","resourceTypes":[{"name":"firewall-config","required":true}],"dependentActions":["ec2:DescribeVpcs"]},"GetFirewallDomainList":{"conditionKeys":[],"resources":[{"name":"firewall-domain-list"}],"description":"Grants permission to get information about a specified Firewall domain list","accessLevel":"Read","resourceTypes":[{"name":"firewall-domain-list","required":true}]},"GetFirewallRuleGroup":{"conditionKeys":[],"resources":[{"name":"firewall-rule-group"}],"description":"Grants permission to get information about a specified Firewall rule group","accessLevel":"Read","resourceTypes":[{"name":"firewall-rule-group","required":true}]},"GetFirewallRuleGroupAssociation":{"conditionKeys":[],"resources":[{"name":"firewall-rule-group-association"}],"description":"Grants permission to get information about an association between a specified Firewall rule group and a VPC","accessLevel":"Read","resourceTypes":[{"name":"firewall-rule-group-association","required":true}]},"GetFirewallRuleGroupPolicy":{"conditionKeys":[],"resources":[{"name":"firewall-rule-group"}],"description":"Grants permission to get information about a specified Firewall rule group policy, which specifies the Firewall rule group operations and resources that you want to allow another AWS account to use","accessLevel":"Read","resourceTypes":[{"name":"firewall-rule-group","required":true}]},"GetOutpostResolver":{"conditionKeys":[],"resources":[{"name":"outpost-resolver"}],"description":"Grants permission to get information about a specified Route 53 Resolver on Outposts","accessLevel":"Read","resourceTypes":[{"name":"outpost-resolver","required":true}]},"GetResolverConfig":{"conditionKeys":[],"resources":[{"name":"resolver-config"}],"description":"Grants permission to get the Resolver Config status within the specified resource","accessLevel":"Read","resourceTypes":[{"name":"resolver-config","required":true}],"dependentActions":["ec2:DescribeVpcs"]},"GetResolverDnssecConfig":{"conditionKeys":[],"resources":[{"name":"resolver-dnssec-config"}],"description":"Grants permission to get the DNSSEC validation support status for DNS queries within the specified resource","accessLevel":"Read","resourceTypes":[{"name":"resolver-dnssec-config","required":true}]},"GetResolverEndpoint":{"conditionKeys":[],"resources":[{"name":"resolver-endpoint"}],"description":"Grants permission to get information about a specified Resolver endpoint, such as whether it's an inbound or an outbound endpoint, and the IP addresses in your VPC that DNS queries are forwarded to on the way into or out of your VPC","accessLevel":"Read","resourceTypes":[{"name":"resolver-endpoint","required":true}]},"GetResolverQueryLogConfig":{"conditionKeys":[],"resources":[{"name":"resolver-query-log-config"}],"description":"Grants permission to get information about a specified Resolver query logging configuration, such as the number of VPCs that the configuration is logging queries for and the location that logs are sent to","accessLevel":"Read","resourceTypes":[{"name":"resolver-query-log-config","required":true}],"dependentActions":["ec2:DescribeVpcs"]},"GetResolverQueryLogConfigAssociation":{"conditionKeys":[],"resources":[],"description":"Grants permission to get information about a specified association between a Resolver query logging configuration and an Amazon VPC. When you associate a VPC with a query logging configuration, Resolver logs DNS queries that originate in that VPC","accessLevel":"Read","resourceTypes":[]},"GetResolverQueryLogConfigPolicy":{"conditionKeys":[],"resources":[{"name":"resolver-query-log-config"}],"description":"Grants permission to get information about a specified Resolver query logging policy, which specifies the Resolver query logging operations and resources that you want to allow another AWS account to use","accessLevel":"Read","resourceTypes":[{"name":"resolver-query-log-config","required":true}]},"GetResolverRule":{"conditionKeys":[],"resources":[{"name":"autodefined-rule"},{"name":"resolver-rule"}],"description":"Grants permission to get information about a specified Resolver rule, such as the domain name that the rule forwards DNS queries for and the IP address that queries are forwarded to","accessLevel":"Read","resourceTypes":[{"name":"autodefined-rule","required":false},{"name":"resolver-rule","required":false}]},"GetResolverRuleAssociation":{"conditionKeys":[],"resources":[{"name":"autodefined-rule"},{"name":"resolver-rule"}],"description":"Grants permission to get information about an association between a specified Resolver rule and a VPC","accessLevel":"Read","resourceTypes":[{"name":"autodefined-rule","required":false},{"name":"resolver-rule","required":false}]},"GetResolverRulePolicy":{"conditionKeys":[],"resources":[{"name":"resolver-rule"}],"description":"Grants permission to get information about a Resolver rule policy, which specifies the Resolver operations and resources that you want to allow another AWS account to use","accessLevel":"Read","resourceTypes":[{"name":"resolver-rule","required":true}]},"ImportFirewallDomains":{"conditionKeys":[],"resources":[{"name":"firewall-domain-list"}],"description":"Grants permission to add, remove or replace Firewall domains in a Firewall domain list","accessLevel":"Write","resourceTypes":[{"name":"firewall-domain-list","required":true}]},"ListFirewallConfigs":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all the Firewall config that current AWS account is able to check","accessLevel":"List","resourceTypes":[],"dependentActions":["ec2:DescribeVpcs"]},"ListFirewallDomainLists":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all the Firewall domain list that current AWS account is able to use","accessLevel":"List","resourceTypes":[]},"ListFirewallDomains":{"conditionKeys":[],"resources":[{"name":"firewall-domain-list"}],"description":"Grants permission to list all the Firewall domain under a specified Firewall domain list","accessLevel":"List","resourceTypes":[{"name":"firewall-domain-list","required":true}]},"ListFirewallRuleGroupAssociations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list information about associations between Amazon VPCs and Firewall rule group","accessLevel":"List","resourceTypes":[]},"ListFirewallRuleGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all the Firewall rule group that current AWS account is able to use","accessLevel":"List","resourceTypes":[]},"ListFirewallRules":{"conditionKeys":[],"resources":[{"name":"firewall-rule-group"}],"description":"Grants permission to list all the Firewall rule under a specified Firewall rule group","accessLevel":"List","resourceTypes":[{"name":"firewall-rule-group","required":true}]},"ListOutpostResolvers":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all instances of Route 53 Resolver on Outposts that were created using the current AWS account","accessLevel":"List","resourceTypes":[]},"ListResolverConfigs":{"conditionKeys":[],"resources":[{"name":"resolver-config"}],"description":"Grants permission to list Resolver Config statuses","accessLevel":"List","resourceTypes":[{"name":"resolver-config","required":true}],"dependentActions":["ec2:DescribeVpcs"]},"ListResolverDnssecConfigs":{"conditionKeys":[],"resources":[{"name":"resolver-dnssec-config"}],"description":"Grants permission to list the DNSSEC validation support status for DNS queries","accessLevel":"List","resourceTypes":[{"name":"resolver-dnssec-config","required":true}]},"ListResolverEndpointIpAddresses":{"conditionKeys":[],"resources":[{"name":"resolver-endpoint"}],"description":"Grants permission to list the IP addresses that DNS queries pass through on the way to your network (outbound) or your VPCs (inbound) for a specified Resolver endpoint","accessLevel":"List","resourceTypes":[{"name":"resolver-endpoint","required":true}]},"ListResolverEndpoints":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all the Resolver endpoints that were created using the current AWS account","accessLevel":"List","resourceTypes":[]},"ListResolverQueryLogConfigAssociations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list information about associations between Amazon VPCs and query logging configurations","accessLevel":"List","resourceTypes":[],"dependentActions":["ec2:DescribeVpcs"]},"ListResolverQueryLogConfigs":{"conditionKeys":[],"resources":[],"description":"Grants permission to list information about the specified query logging configurations, which define where you want Resolver to save DNS query logs and specify the VPCs that you want to log queries for","accessLevel":"List","resourceTypes":[],"dependentActions":["ec2:DescribeVpcs"]},"ListResolverRuleAssociations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the associations that were created between Resolver rules and VPCs using the current AWS account","accessLevel":"List","resourceTypes":[],"dependentActions":["ec2:DescribeVpcs"]},"ListResolverRules":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the Resolver rules that were created using the current AWS account","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"firewall-domain-list"},{"name":"firewall-rule-group"},{"name":"firewall-rule-group-association"},{"name":"outpost-resolver"},{"name":"resolver-endpoint"},{"name":"resolver-query-log-config"},{"name":"resolver-rule"}],"description":"Grants permission to list the tags that you associated with the specified resource","accessLevel":"Read","resourceTypes":[{"name":"firewall-domain-list","required":false},{"name":"firewall-rule-group","required":false},{"name":"firewall-rule-group-association","required":false},{"name":"outpost-resolver","required":false},{"name":"resolver-endpoint","required":false},{"name":"resolver-query-log-config","required":false},{"name":"resolver-rule","required":false}]},"PutFirewallRuleGroupPolicy":{"conditionKeys":[],"resources":[{"name":"firewall-rule-group"}],"description":"Grants permission to specify an AWS account that you want to share a Firewall rule group with, the Firewall rule group that you want to share, and the operations that you want the account to be able to perform on the configuration","accessLevel":"Permissions management","resourceTypes":[{"name":"firewall-rule-group","required":true}]},"PutResolverQueryLogConfigPolicy":{"conditionKeys":[],"resources":[{"name":"resolver-query-log-config"}],"description":"Grants permission to specify an AWS account that you want to share a query logging configuration with, the query logging configuration that you want to share, and the operations that you want the account to be able to perform on the configuration","accessLevel":"Permissions management","resourceTypes":[{"name":"resolver-query-log-config","required":true}]},"PutResolverRulePolicy":{"conditionKeys":[],"resources":[{"name":"resolver-rule"}],"description":"Grants permission to specify an AWS account that you want to share rules with, the Resolver rules that you want to share, and the operations that you want the account to be able to perform on those rules","accessLevel":"Permissions management","resourceTypes":[{"name":"resolver-rule","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"firewall-config"},{"name":"firewall-domain-list"},{"name":"firewall-rule-group"},{"name":"firewall-rule-group-association"},{"name":"outpost-resolver"},{"name":"resolver-dnssec-config"},{"name":"resolver-endpoint"},{"name":"resolver-query-log-config"},{"name":"resolver-rule"}],"description":"Grants permission to add one or more tags to a specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"firewall-config","required":false},{"name":"firewall-domain-list","required":false},{"name":"firewall-rule-group","required":false},{"name":"firewall-rule-group-association","required":false},{"name":"outpost-resolver","required":false},{"name":"resolver-dnssec-config","required":false},{"name":"resolver-endpoint","required":false},{"name":"resolver-query-log-config","required":false},{"name":"resolver-rule","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"firewall-config"},{"name":"firewall-domain-list"},{"name":"firewall-rule-group"},{"name":"firewall-rule-group-association"},{"name":"outpost-resolver"},{"name":"resolver-dnssec-config"},{"name":"resolver-endpoint"},{"name":"resolver-query-log-config"},{"name":"resolver-rule"}],"description":"Grants permission to remove one or more tags from a specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"firewall-config","required":false},{"name":"firewall-domain-list","required":false},{"name":"firewall-rule-group","required":false},{"name":"firewall-rule-group-association","required":false},{"name":"outpost-resolver","required":false},{"name":"resolver-dnssec-config","required":false},{"name":"resolver-endpoint","required":false},{"name":"resolver-query-log-config","required":false},{"name":"resolver-rule","required":false}]},"UpdateFirewallConfig":{"conditionKeys":[],"resources":[{"name":"firewall-config"}],"description":"Grants permission to update selected settings for an Firewall config","accessLevel":"Write","resourceTypes":[{"name":"firewall-config","required":true}],"dependentActions":["ec2:DescribeVpcs"]},"UpdateFirewallDomains":{"conditionKeys":[],"resources":[{"name":"firewall-domain-list"}],"description":"Grants permission to add, remove or replace Firewall domains in a Firewall domain list","accessLevel":"Write","resourceTypes":[{"name":"firewall-domain-list","required":true}]},"UpdateFirewallRule":{"conditionKeys":[],"resources":[{"name":"firewall-domain-list"},{"name":"firewall-rule-group"}],"description":"Grants permission to update selected settings for an Firewall rule in a Firewall rule group","accessLevel":"Write","resourceTypes":[{"name":"firewall-domain-list","required":true},{"name":"firewall-rule-group","required":true}]},"UpdateFirewallRuleGroupAssociation":{"conditionKeys":[],"resources":[{"name":"firewall-rule-group-association"}],"description":"Grants permission to update selected settings for an Firewall rule group association","accessLevel":"Write","resourceTypes":[{"name":"firewall-rule-group-association","required":true}]},"UpdateOutpostResolver":{"conditionKeys":[],"resources":[{"name":"outpost-resolver"}],"description":"Grants permission to update seletected settings for a specified Route 53 Resolver on Outposts","accessLevel":"Write","resourceTypes":[{"name":"outpost-resolver","required":true}]},"UpdateResolverConfig":{"conditionKeys":[],"resources":[{"name":"resolver-config"}],"description":"Grants permission to update the Resolver Config status within the specified resource","accessLevel":"Write","resourceTypes":[{"name":"resolver-config","required":true}],"dependentActions":["ec2:DescribeVpcs"]},"UpdateResolverDnssecConfig":{"conditionKeys":[],"resources":[{"name":"resolver-dnssec-config"}],"description":"Grants permission to update the DNSSEC validation support status for DNS queries within the specified resource","accessLevel":"Write","resourceTypes":[{"name":"resolver-dnssec-config","required":true}]},"UpdateResolverEndpoint":{"conditionKeys":[],"resources":[{"name":"resolver-endpoint"}],"description":"Grants permission to update selected settings for an inbound or an outbound Resolver endpoint","accessLevel":"Write","resourceTypes":[{"name":"resolver-endpoint","required":true}],"dependentActions":["ec2:AssignIpv6Addresses","ec2:DescribeNetworkInterfaces","ec2:DescribeSubnets","ec2:ModifyNetworkInterfaceAttribute","ec2:UnassignIpv6Addresses"]},"UpdateResolverRule":{"conditionKeys":[],"resources":[{"name":"resolver-rule"}],"description":"Grants permission to update settings for a specified Resolver rule","accessLevel":"Write","resourceTypes":[{"name":"resolver-rule","required":true}]}},"resources":[{"name":"autodefined-rule","arnFormats":["arn:${Partition}:route53resolver:${Region}:${Account}:autodefined-rule/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"firewall-config","arnFormats":["arn:${Partition}:route53resolver:${Region}:${Account}:firewall-config/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"firewall-domain-list","arnFormats":["arn:${Partition}:route53resolver:${Region}:${Account}:firewall-domain-list/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"firewall-rule-group","arnFormats":["arn:${Partition}:route53resolver:${Region}:${Account}:firewall-rule-group/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"firewall-rule-group-association","arnFormats":["arn:${Partition}:route53resolver:${Region}:${Account}:firewall-rule-group-association/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"outpost-resolver","arnFormats":["arn:${Partition}:route53resolver:${Region}:${Account}:outpost-resolver/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"resolver-config","arnFormats":["arn:${Partition}:route53resolver:${Region}:${Account}:resolver-config/${ResourceId}"],"conditionKeys":[]},{"name":"resolver-dnssec-config","arnFormats":["arn:${Partition}:route53resolver:${Region}:${Account}:resolver-dnssec-config/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"resolver-endpoint","arnFormats":["arn:${Partition}:route53resolver:${Region}:${Account}:resolver-endpoint/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"resolver-query-log-config","arnFormats":["arn:${Partition}:route53resolver:${Region}:${Account}:resolver-query-log-config/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"resolver-rule","arnFormats":["arn:${Partition}:route53resolver:${Region}:${Account}:resolver-rule/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the presence of tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the presence of tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of tag keys in the request"}}}
package/src/data/servicereference/services/rtbfabric.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"rtbfabric","actions":{"AcceptLink":{"conditionKeys":[],"resources":[{"name":"Link"}],"description":"Grants permission to accept a link invitation from another Gateway","accessLevel":"Write","resourceTypes":[{"name":"Link","required":true}]},"CreateInboundExternalLink":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"ResponderGateway"}],"description":"Grants permission to create an inbound external link for a responder gateway","accessLevel":"Write","resourceTypes":[{"name":"ResponderGateway","required":true}]},"CreateLink":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a new link between RTB applications","accessLevel":"Write","resourceTypes":[]},"CreateOutboundExternalLink":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"RequesterGateway"}],"description":"Grants permission to create an outbound external link for a requester gateway to connect to external public responder endpoints","accessLevel":"Write","resourceTypes":[{"name":"RequesterGateway","required":true}]},"CreateRequesterGateway":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a requester gateway","accessLevel":"Write","resourceTypes":[]},"CreateResponderGateway":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a responder gateway","accessLevel":"Write","resourceTypes":[]},"DeleteInboundExternalLink":{"conditionKeys":[],"resources":[{"name":"InboundExternalLink"},{"name":"ResponderGateway"}],"description":"Grants permission to delete an inbound external link","accessLevel":"Write","resourceTypes":[{"name":"InboundExternalLink","required":true},{"name":"ResponderGateway","required":true}]},"DeleteLink":{"conditionKeys":[],"resources":[{"name":"Link"}],"description":"Grants permission to delete a link between RTB applications","accessLevel":"Write","resourceTypes":[{"name":"Link","required":true}]},"DeleteOutboundExternalLink":{"conditionKeys":[],"resources":[{"name":"OutboundExternalLink"},{"name":"RequesterGateway"}],"description":"Grants permission to delete an outbound external link","accessLevel":"Write","resourceTypes":[{"name":"OutboundExternalLink","required":true},{"name":"RequesterGateway","required":true}]},"DeleteRequesterGateway":{"conditionKeys":[],"resources":[{"name":"RequesterGateway"}],"description":"Grants permission to delete a requester gateway","accessLevel":"Write","resourceTypes":[{"name":"RequesterGateway","required":true}]},"DeleteResponderGateway":{"conditionKeys":[],"resources":[{"name":"ResponderGateway"}],"description":"Grants permission to delete a responder gateway","accessLevel":"Write","resourceTypes":[{"name":"ResponderGateway","required":true}]},"GetInboundExternalLink":{"conditionKeys":[],"resources":[{"name":"InboundExternalLink"},{"name":"ResponderGateway"}],"description":"Grants permission to retrieve information about an inbound external link","accessLevel":"Read","resourceTypes":[{"name":"InboundExternalLink","required":true},{"name":"ResponderGateway","required":true}]},"GetLink":{"conditionKeys":[],"resources":[{"name":"Link"}],"description":"Grants permission to retrieve information about a link between RTB applications","accessLevel":"Read","resourceTypes":[{"name":"Link","required":true}]},"GetOutboundExternalLink":{"conditionKeys":[],"resources":[{"name":"OutboundExternalLink"},{"name":"RequesterGateway"}],"description":"Grants permission to retrieve information about an outbound external link","accessLevel":"Read","resourceTypes":[{"name":"OutboundExternalLink","required":true},{"name":"RequesterGateway","required":true}]},"GetRequesterGateway":{"conditionKeys":[],"resources":[{"name":"RequesterGateway"}],"description":"Grants permission to retrieve information about a requester gateway","accessLevel":"Read","resourceTypes":[{"name":"RequesterGateway","required":true}]},"GetResponderGateway":{"conditionKeys":[],"resources":[{"name":"ResponderGateway"}],"description":"Grants permission to retrieve information about a responder gateway","accessLevel":"Read","resourceTypes":[{"name":"ResponderGateway","required":true}]},"ListLinks":{"conditionKeys":[],"resources":[],"description":"Grants permission to list links associated with an RTB application","accessLevel":"List","resourceTypes":[]},"ListRequesterGateways":{"conditionKeys":[],"resources":[],"description":"Grants permission to list requester gateways with optional filtering and pagination","accessLevel":"List","resourceTypes":[]},"ListResponderGateways":{"conditionKeys":[],"resources":[],"description":"Grants permission to list responder gateways with optional filtering and pagination","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"InboundExternalLink"},{"name":"Link"},{"name":"OutboundExternalLink"},{"name":"RequesterGateway"},{"name":"ResponderGateway"}],"description":"Grants permission to list tags for a resource","accessLevel":"Read","resourceTypes":[{"name":"InboundExternalLink","required":false},{"name":"Link","required":false},{"name":"OutboundExternalLink","required":false},{"name":"RequesterGateway","required":false},{"name":"ResponderGateway","required":false}]},"RejectLink":{"conditionKeys":[],"resources":[{"name":"Link"}],"description":"Grants permission to reject a link request between RTB applications","accessLevel":"Write","resourceTypes":[{"name":"Link","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"InboundExternalLink"},{"name":"Link"},{"name":"OutboundExternalLink"},{"name":"RequesterGateway"},{"name":"ResponderGateway"}],"description":"Grants permission to assign one or more tags (key-value pairs) to the specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"InboundExternalLink","required":false},{"name":"Link","required":false},{"name":"OutboundExternalLink","required":false},{"name":"RequesterGateway","required":false},{"name":"ResponderGateway","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"InboundExternalLink"},{"name":"Link"},{"name":"OutboundExternalLink"},{"name":"RequesterGateway"},{"name":"ResponderGateway"}],"description":"Grants permission to remove a tag or tags from a resource","accessLevel":"Tagging","resourceTypes":[{"name":"InboundExternalLink","required":false},{"name":"Link","required":false},{"name":"OutboundExternalLink","required":false},{"name":"RequesterGateway","required":false},{"name":"ResponderGateway","required":false}]},"UpdateLink":{"conditionKeys":[],"resources":[{"name":"Link"}],"description":"Grants permission to update configuration settings for an existing link","accessLevel":"Write","resourceTypes":[{"name":"Link","required":true}]},"UpdateLinkModuleFlow":{"conditionKeys":[],"resources":[{"name":"Link"}],"description":"Grants permission to update a link module flow","accessLevel":"Write","resourceTypes":[{"name":"Link","required":true}]},"UpdateRequesterGateway":{"conditionKeys":[],"resources":[{"name":"RequesterGateway"}],"description":"Grants permission to update a requester gateway","accessLevel":"Write","resourceTypes":[{"name":"RequesterGateway","required":true}]},"UpdateResponderGateway":{"conditionKeys":[],"resources":[{"name":"ResponderGateway"}],"description":"Grants permission to update a responder gateway","accessLevel":"Write","resourceTypes":[{"name":"ResponderGateway","required":true}]}},"resources":[{"name":"InboundExternalLink","arnFormats":["arn:${Partition}:rtbfabric:${Region}:${Account}:gateway/${GatewayId}/link/${LinkId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rtbfabric:InboundExternalLinkLinkId","rtbfabric:ResponderGatewayGatewayId"]},{"name":"Link","arnFormats":["arn:${Partition}:rtbfabric:${Region}:${Account}:gateway/${GatewayId}/link/${LinkId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rtbfabric:LinkLinkId","rtbfabric:RequesterGatewayGatewayId","rtbfabric:ResponderGatewayGatewayId"]},{"name":"OutboundExternalLink","arnFormats":["arn:${Partition}:rtbfabric:${Region}:${Account}:gateway/${GatewayId}/link/${LinkId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rtbfabric:OutboundExternalLinkLinkId","rtbfabric:RequesterGatewayGatewayId"]},{"name":"RequesterGateway","arnFormats":["arn:${Partition}:rtbfabric:${Region}:${Account}:gateway/${GatewayId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rtbfabric:RequesterGatewayGatewayId"]},{"name":"ResponderGateway","arnFormats":["arn:${Partition}:rtbfabric:${Region}:${Account}:gateway/${GatewayId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","rtbfabric:ResponderGatewayGatewayId"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by a tag key and value pair that is allowed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by a tag key and value pair of a resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by a list of tag keys that are allowed in the request"},"rtbfabric:InboundExternalLinkGatewayId":{"types":["String"],"description":"Filters access by gateway identifier supporting rtb-gw-* formats"},"rtbfabric:InboundExternalLinkLinkId":{"types":["String"],"description":"Filters access by InboundExternalLink resource linkId identifier"},"rtbfabric:LinkLinkId":{"types":["String"],"description":"Filters access by Link resource linkId identifier"},"rtbfabric:OutboundExternalLinkLinkId":{"types":["String"],"description":"Filters access by OutboundExternalLink resource linkId identifier"},"rtbfabric:RequesterGatewayGatewayId":{"types":["String"],"description":"Filters access by gateway identifier supporting rtb-gw-* formats"},"rtbfabric:ResponderGatewayGatewayId":{"types":["String"],"description":"Filters access by gateway identifier supporting rtb-gw-* formats"}}}
package/src/data/servicereference/services/rum.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"rum","actions":{"BatchCreateRumMetricDefinitions":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to create rum metric definitions","accessLevel":"Write","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"BatchDeleteRumMetricDefinitions":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to remove rum metric definitions","accessLevel":"Write","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"BatchGetRumMetricDefinitions":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to get rum metric definitions","accessLevel":"Read","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"CreateAppMonitor":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to create appMonitor metadata","accessLevel":"Write","resourceTypes":[{"name":"AppMonitorResource","required":true}],"dependentActions":["iam:CreateServiceLinkedRole","iam:GetRole"]},"DeleteAppMonitor":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to delete appMonitor metadata","accessLevel":"Write","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"DeleteResourcePolicy":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to delete a resource policy attached to an app monitor","accessLevel":"Write","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"DeleteRumMetricsDestination":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to delete rum metrics destinations","accessLevel":"Write","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"GetAppMonitor":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to get appMonitor metadata","accessLevel":"Read","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"GetAppMonitorData":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to get appMonitor data","accessLevel":"Read","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"GetResourcePolicy":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to retrieve a resource policy attached to an app monitor","accessLevel":"Read","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"ListAppMonitors":{"conditionKeys":[],"resources":[],"description":"Grants permission to list appMonitors metadata","accessLevel":"List","resourceTypes":[]},"ListRumMetricsDestinations":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to list rum metrics destinations","accessLevel":"Read","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to list tags for resources","accessLevel":"Read","resourceTypes":[]},"PutResourcePolicy":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to attach a resource policy to an app monitor","accessLevel":"Write","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"PutRumEvents":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to put RUM events for appmonitor","accessLevel":"Write","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"PutRumMetricsDestination":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to put rum metrics destinations","accessLevel":"Write","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to tag resources","accessLevel":"Tagging","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to untag resources","accessLevel":"Tagging","resourceTypes":[{"name":"AppMonitorResource","required":true}]},"UpdateAppMonitor":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to update appmonitor metadata","accessLevel":"Write","resourceTypes":[{"name":"AppMonitorResource","required":true}],"dependentActions":["iam:CreateServiceLinkedRole","iam:GetRole"]},"UpdateRumMetricDefinition":{"conditionKeys":[],"resources":[{"name":"AppMonitorResource"}],"description":"Grants permission to update rum metric definition","accessLevel":"Write","resourceTypes":[{"name":"AppMonitorResource","required":true}]}},"resources":[{"name":"AppMonitorResource","arnFormats":["arn:${Partition}:rum:${Region}:${Account}:appmonitor/${Name}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed the request on behalf of the IAM principal"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource that make the request on behalf of the IAM principal"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request on behalf of the IAM principal"}}}
package/src/data/servicereference/services/s3-object-lambda.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"s3-object-lambda","actions":{"AbortMultipartUpload":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to abort a multipart upload","accessLevel":"Write","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"DeleteObject":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the object","accessLevel":"Write","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"DeleteObjectTagging":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to use the tagging subresource to remove the entire tag set from the specified object","accessLevel":"Tagging","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"DeleteObjectVersion":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge","s3-object-lambda:versionid"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to remove a specific version of an object","accessLevel":"Write","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"DeleteObjectVersionTagging":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge","s3-object-lambda:versionid"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to remove the entire tag set for a specific version of the object","accessLevel":"Tagging","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"GetObject":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to retrieve objects from Amazon S3","accessLevel":"Read","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"GetObjectAcl":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to return the access control list (ACL) of an object","accessLevel":"Read","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"GetObjectLegalHold":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to get an object's current Legal Hold status","accessLevel":"Read","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"GetObjectRetention":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to retrieve the retention settings for an object","accessLevel":"Read","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"GetObjectTagging":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to return the tag set of an object","accessLevel":"Read","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"GetObjectVersion":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge","s3-object-lambda:versionid"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to retrieve a specific version of an object","accessLevel":"Read","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"GetObjectVersionAcl":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge","s3-object-lambda:versionid"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to return the access control list (ACL) of a specific object version","accessLevel":"Read","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"GetObjectVersionTagging":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge","s3-object-lambda:versionid"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to return the tag set for a specific version of the object","accessLevel":"Read","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"ListBucket":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to list some or all of the objects in an Amazon S3 bucket (up to 1000)","accessLevel":"List","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"ListBucketMultipartUploads":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to list in-progress multipart uploads","accessLevel":"List","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"ListBucketVersions":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to list metadata about all the versions of objects in an Amazon S3 bucket","accessLevel":"List","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"ListMultipartUploadParts":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to list the parts that have been uploaded for a specific multipart upload","accessLevel":"List","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"PutObject":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to add an object to a bucket","accessLevel":"Write","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"PutObjectAcl":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to set the access control list (ACL) permissions for new or existing objects in an S3 bucket","accessLevel":"Permissions management","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"PutObjectLegalHold":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to apply a Legal Hold configuration to the specified object","accessLevel":"Write","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"PutObjectRetention":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to place an Object Retention configuration on an object","accessLevel":"Write","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"PutObjectTagging":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to set the supplied tag-set to an object that already exists in a bucket","accessLevel":"Tagging","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"PutObjectVersionAcl":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge","s3-object-lambda:versionid"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to use the acl subresource to set the access control list (ACL) permissions for an object that already exists in a bucket","accessLevel":"Permissions management","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"PutObjectVersionTagging":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge","s3-object-lambda:versionid"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to set the supplied tag-set for a specific version of an object","accessLevel":"Tagging","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"RestoreObject":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to restore an archived copy of an object back into Amazon S3","accessLevel":"Write","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"WriteGetObjectResponse":{"conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to provide data for GetObject requests send to S3 Object Lambda","accessLevel":"Write","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]}},"resources":[{"name":"objectlambdaaccesspoint","arnFormats":["arn:${Partition}:s3-object-lambda:${Region}:${Account}:accesspoint/${AccessPointName}"],"conditionKeys":[]}],"conditionKeys":{"s3-object-lambda:TlsVersion":{"types":["Numeric"],"description":"Filters access by the TLS version used by the client"},"s3-object-lambda:authType":{"types":["String"],"description":"Filters access by authentication method"},"s3-object-lambda:signatureAge":{"types":["Numeric"],"description":"Filters access by the age in milliseconds of the request signature"},"s3-object-lambda:versionid":{"types":["String"],"description":"Filters access by a specific object version"}}}
package/src/data/servicereference/services/s3-outposts.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"s3-outposts","actions":{"AbortMultipartUpload":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to abort a multipart upload","accessLevel":"Write","resourceTypes":[{"name":"object","required":true}]},"CreateAccessPoint":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"accesspoint"}],"description":"Grants permission to create a new access point","accessLevel":"Write","resourceTypes":[{"name":"accesspoint","required":true}]},"CreateBucket":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to create a new bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"CreateEndpoint":{"conditionKeys":[],"resources":[{"name":"endpoint"}],"description":"Grants permission to create a new endpoint","accessLevel":"Write","resourceTypes":[{"name":"endpoint","required":true}]},"DeleteAccessPoint":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"accesspoint"}],"description":"Grants permission to delete the access point named in the URI","accessLevel":"Write","resourceTypes":[{"name":"accesspoint","required":true}]},"DeleteAccessPointPolicy":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"accesspoint"}],"description":"Grants permission to delete the policy on a specified access point","accessLevel":"Permissions management","resourceTypes":[{"name":"accesspoint","required":true}]},"DeleteBucket":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to delete the bucket named in the URI","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"DeleteBucketPolicy":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to delete the policy on a specified bucket","accessLevel":"Permissions management","resourceTypes":[{"name":"bucket","required":true}]},"DeleteEndpoint":{"conditionKeys":[],"resources":[{"name":"endpoint"}],"description":"Grants permission to delete the endpoint named in the URI","accessLevel":"Write","resourceTypes":[{"name":"endpoint","required":true}]},"DeleteObject":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the object","accessLevel":"Write","resourceTypes":[{"name":"object","required":true}]},"DeleteObjectTagging":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:ExistingObjectTag/<key>","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to use the tagging subresource to remove the entire tag set from the specified object","accessLevel":"Tagging","resourceTypes":[{"name":"object","required":true}]},"DeleteObjectVersion":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:versionid","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to remove a specific version of an object","accessLevel":"Write","resourceTypes":[{"name":"object","required":true}]},"DeleteObjectVersionTagging":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:ExistingObjectTag/<key>","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:versionid","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to remove the entire tag set for a specific version of the object","accessLevel":"Tagging","resourceTypes":[{"name":"object","required":true}]},"GetAccessPoint":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[],"description":"Grants permission to return configuration information about the specified access point","accessLevel":"Read","resourceTypes":[]},"GetAccessPointPolicy":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"accesspoint"}],"description":"Grants permission to returns the access point policy associated with the specified access point","accessLevel":"Read","resourceTypes":[{"name":"accesspoint","required":true}]},"GetBucket":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return the bucket configuration associated with an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketPolicy":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return the policy of the specified bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketTagging":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return the tag set associated with an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketVersioning":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return the versioning state of an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetLifecycleConfiguration":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return the lifecycle configuration information set on an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetObject":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:ExistingObjectTag/<key>","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to retrieve objects from Amazon S3","accessLevel":"Read","resourceTypes":[{"name":"object","required":true}]},"GetObjectTagging":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:ExistingObjectTag/<key>","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to return the tag set of an object","accessLevel":"Read","resourceTypes":[{"name":"object","required":true}]},"GetObjectVersion":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:ExistingObjectTag/<key>","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:versionid","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to retrieve a specific version of an object","accessLevel":"Read","resourceTypes":[{"name":"object","required":true}]},"GetObjectVersionForReplication":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to replicate both unencrypted objects and objects encrypted with SSE-KMS","accessLevel":"Read","resourceTypes":[{"name":"object","required":true}]},"GetObjectVersionTagging":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:ExistingObjectTag/<key>","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:versionid","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to return the tag set for a specific version of the object","accessLevel":"Read","resourceTypes":[{"name":"object","required":true}]},"GetReplicationConfiguration":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to get the replication configuration information set on an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"ListAccessPoints":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[],"description":"Grants permission to list access points","accessLevel":"List","resourceTypes":[]},"ListBucket":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:authType","s3-outposts:delimiter","s3-outposts:max-keys","s3-outposts:prefix","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"accesspoint"},{"name":"bucket"}],"description":"Grants permission to list some or all of the objects in an Amazon S3 bucket (up to 1000)","accessLevel":"List","resourceTypes":[{"name":"accesspoint","required":true},{"name":"bucket","required":true}]},"ListBucketMultipartUploads":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"accesspoint"},{"name":"bucket"}],"description":"Grants permission to list in-progress multipart uploads","accessLevel":"List","resourceTypes":[{"name":"accesspoint","required":true},{"name":"bucket","required":true}]},"ListBucketVersions":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:authType","s3-outposts:delimiter","s3-outposts:max-keys","s3-outposts:prefix","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to list metadata about all the versions of objects in an Amazon S3 bucket","accessLevel":"List","resourceTypes":[{"name":"bucket","required":true}]},"ListEndpoints":{"conditionKeys":[],"resources":[],"description":"Grants permission to list endpoints","accessLevel":"List","resourceTypes":[]},"ListMultipartUploadParts":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to list the parts that have been uploaded for a specific multipart upload","accessLevel":"List","resourceTypes":[{"name":"object","required":true}]},"ListOutpostsWithS3":{"conditionKeys":[],"resources":[],"description":"Grants permission to list outposts with S3 capacity","accessLevel":"List","resourceTypes":[]},"ListRegionalBuckets":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[],"description":"Grants permission to list all buckets owned by the authenticated sender of the request","accessLevel":"List","resourceTypes":[]},"ListSharedEndpoints":{"conditionKeys":[],"resources":[],"description":"Grants permission to list shared endpoints","accessLevel":"List","resourceTypes":[]},"PutAccessPointPolicy":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"accesspoint"}],"description":"Grants permission to associate an access policy with a specified access point","accessLevel":"Permissions management","resourceTypes":[{"name":"accesspoint","required":true}]},"PutBucketPolicy":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to add or replace a bucket policy on a bucket","accessLevel":"Permissions management","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketTagging":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to add a set of tags to an existing Amazon S3 bucket","accessLevel":"Tagging","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketVersioning":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to set the versioning state of an existing Amazon S3 bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutLifecycleConfiguration":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to create a new lifecycle configuration for the bucket or replace an existing lifecycle configuration","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutObject":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:RequestObjectTag/<key>","s3-outposts:RequestObjectTagKeys","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-acl","s3-outposts:x-amz-content-sha256","s3-outposts:x-amz-copy-source","s3-outposts:x-amz-metadata-directive","s3-outposts:x-amz-server-side-encryption","s3-outposts:x-amz-storage-class"],"resources":[{"name":"object"}],"description":"Grants permission to add an object to a bucket","accessLevel":"Write","resourceTypes":[{"name":"object","required":true}]},"PutObjectAcl":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:ExistingObjectTag/<key>","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-acl","s3-outposts:x-amz-content-sha256","s3-outposts:x-amz-storage-class"],"resources":[{"name":"object"}],"description":"Grants permission to set the access control list (ACL) permissions for an object that already exists in a bucket","accessLevel":"Permissions management","resourceTypes":[{"name":"object","required":true}]},"PutObjectTagging":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:ExistingObjectTag/<key>","s3-outposts:RequestObjectTag/<key>","s3-outposts:RequestObjectTagKeys","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to set the supplied tag-set to an object that already exists in a bucket","accessLevel":"Tagging","resourceTypes":[{"name":"object","required":true}]},"PutObjectVersionTagging":{"conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:ExistingObjectTag/<key>","s3-outposts:RequestObjectTag/<key>","s3-outposts:RequestObjectTagKeys","s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:versionid","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to set the supplied tag-set for a specific version of an object","accessLevel":"Tagging","resourceTypes":[{"name":"object","required":true}]},"PutReplicationConfiguration":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to create a new replication configuration or replace an existing one","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}],"dependentActions":["iam:PassRole"]},"ReplicateDelete":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to replicate delete markers to the destination bucket","accessLevel":"Write","resourceTypes":[{"name":"object","required":true}]},"ReplicateObject":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256","s3-outposts:x-amz-server-side-encryption"],"resources":[{"name":"object"}],"description":"Grants permission to replicate objects and object tags to the destination bucket","accessLevel":"Write","resourceTypes":[{"name":"object","required":true}]},"ReplicateTags":{"conditionKeys":["s3-outposts:authType","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to replicate object tags to the destination bucket","accessLevel":"Tagging","resourceTypes":[{"name":"object","required":true}]}},"resources":[{"name":"accesspoint","arnFormats":["arn:${Partition}:s3-outposts:${Region}:${Account}:outpost/${OutpostId}/accesspoint/${AccessPointName}"],"conditionKeys":[]},{"name":"bucket","arnFormats":["arn:${Partition}:s3-outposts:${Region}:${Account}:outpost/${OutpostId}/bucket/${BucketName}"],"conditionKeys":[]},{"name":"endpoint","arnFormats":["arn:${Partition}:s3-outposts:${Region}:${Account}:outpost/${OutpostId}/endpoint/${EndpointId}"],"conditionKeys":[]},{"name":"object","arnFormats":["arn:${Partition}:s3-outposts:${Region}:${Account}:outpost/${OutpostId}/bucket/${BucketName}/object/${ObjectName}"],"conditionKeys":[]}],"conditionKeys":{"s3-outposts:AccessPointNetworkOrigin":{"types":["String"],"description":"Filters access by the network origin (Internet or VPC)"},"s3-outposts:DataAccessPointAccount":{"types":["String"],"description":"Filters access by the AWS Account ID that owns the access point"},"s3-outposts:DataAccessPointArn":{"types":["ARN"],"description":"Filters access by an access point Amazon Resource Name (ARN)"},"s3-outposts:ExistingObjectTag/<key>":{"types":["String"],"description":"Filters access by requiring that an existing object tag has a specific tag key and value"},"s3-outposts:RequestObjectTag/<key>":{"types":["String"],"description":"Filters access by restricting the tag keys and values allowed on objects"},"s3-outposts:RequestObjectTagKeys":{"types":["String"],"description":"Filters access by restricting the tag keys allowed on objects"},"s3-outposts:authType":{"types":["String"],"description":"Filters access by restricting incoming requests to a specific authentication method"},"s3-outposts:delimiter":{"types":["String"],"description":"Filters access by requiring the delimiter parameter"},"s3-outposts:max-keys":{"types":["Numeric"],"description":"Filters access by limiting the maximum number of keys returned in a ListBucket request"},"s3-outposts:prefix":{"types":["String"],"description":"Filters access by key name prefix"},"s3-outposts:signatureAge":{"types":["Numeric"],"description":"Filters access by identifying the length of time, in milliseconds, that a signature is valid in an authenticated request"},"s3-outposts:signatureversion":{"types":["String"],"description":"Filters access by identifying the version of AWS Signature that is supported for authenticated requests"},"s3-outposts:versionid":{"types":["String"],"description":"Filters access by a specific object version"},"s3-outposts:x-amz-acl":{"types":["String"],"description":"Filters access by requiring the x-amz-acl header with a specific canned ACL in a request"},"s3-outposts:x-amz-content-sha256":{"types":["String"],"description":"Filters access by disallowing unsigned content in your bucket"},"s3-outposts:x-amz-copy-source":{"types":["String"],"description":"Filters access by restricting the copy source to a specific bucket, prefix, or object"},"s3-outposts:x-amz-metadata-directive":{"types":["String"],"description":"Filters access by enabling enforcement of object metadata behavior (COPY or REPLACE) when objects are copied"},"s3-outposts:x-amz-server-side-encryption":{"types":["String"],"description":"Filters access by requiring server-side encryption"},"s3-outposts:x-amz-storage-class":{"types":["String"],"description":"Filters access by storage class"}}}
package/src/data/servicereference/services/s3.json ADDED
@@ -0,0 +1 @@
1
+ {"name":"s3","actions":{"AbortMultipartUpload":{"conditionKeys":["s3:AccessGrantsInstanceArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to abort a multipart upload","accessLevel":"Write","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"AssociateAccessGrantsIdentityCenter":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to associate Access Grants identity center","accessLevel":"Permissions management","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"BypassGovernanceRetention":{"conditionKeys":["s3:RequestObjectTag/<key>","s3:RequestObjectTagKeys","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-acl","s3:x-amz-content-sha256","s3:x-amz-copy-source","s3:x-amz-grant-full-control","s3:x-amz-grant-read","s3:x-amz-grant-read-acp","s3:x-amz-grant-write","s3:x-amz-grant-write-acp","s3:x-amz-metadata-directive","s3:x-amz-server-side-encryption","s3:x-amz-server-side-encryption-aws-kms-key-id","s3:x-amz-server-side-encryption-customer-algorithm","s3:x-amz-storage-class","s3:x-amz-website-redirect-location"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to allow circumvention of governance-mode object retention settings","accessLevel":"Permissions management","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"CreateAccessGrant":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","s3:AccessGrantScope","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantslocation"}],"description":"Grants permission to create Access Grant","accessLevel":"Permissions management","resourceTypes":[{"name":"accessgrantslocation","required":true}]},"CreateAccessGrantsInstance":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to Create Access Grants Instance","accessLevel":"Permissions management","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"CreateAccessGrantsLocation":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","s3:AccessGrantsLocationScope","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to create Access Grants location","accessLevel":"Permissions management","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"CreateAccessPoint":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","s3:AccessPointNetworkOrigin","s3:AccessPointTag/${TagKey}","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:locationconstraint","s3:signatureAge","s3:signatureversion","s3:x-amz-acl","s3:x-amz-content-sha256"],"resources":[{"name":"accesspoint"}],"description":"Grants permission to create a new access point","accessLevel":"Write","resourceTypes":[{"name":"accesspoint","required":true}]},"CreateAccessPointForObjectLambda":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to create an object lambda enabled accesspoint","accessLevel":"Write","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"CreateBucket":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:locationconstraint","s3:signatureAge","s3:signatureversion","s3:x-amz-acl","s3:x-amz-bucket-namespace","s3:x-amz-content-sha256","s3:x-amz-grant-full-control","s3:x-amz-grant-read","s3:x-amz-grant-read-acp","s3:x-amz-grant-write","s3:x-amz-grant-write-acp","s3:x-amz-object-ownership"],"resources":[{"name":"bucket"}],"description":"Grants permission to create a new bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"CreateBucketMetadataTableConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to create a new S3 Metadata configuration for a specified general purpose bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}],"dependentActions":["kms:DescribeKey","s3tables:CreateNamespace","s3tables:CreateTable","s3tables:CreateTableBucket","s3tables:GetTable","s3tables:PutTableBucketPolicy","s3tables:PutTableEncryption","s3tables:PutTablePolicy"]},"CreateJob":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","s3:RequestJobOperation","s3:RequestJobPriority","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[],"description":"Grants permission to create a new Amazon S3 Batch Operations job","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:PassRole"]},"CreateMultiRegionAccessPoint":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion"],"resources":[{"name":"multiregionaccesspoint"}],"description":"Grants permission to create a new Multi-Region Access Point","accessLevel":"Write","resourceTypes":[{"name":"multiregionaccesspoint","required":true}]},"CreateStorageLensGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[],"description":"Grants permission to create an Amazon S3 Storage Lens group","accessLevel":"Write","resourceTypes":[]},"DeleteAccessGrant":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:AccessGrantScope","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrant"}],"description":"Grants permission to delete Access Grant","accessLevel":"Permissions management","resourceTypes":[{"name":"accessgrant","required":true}]},"DeleteAccessGrantsInstance":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to Delete Access Grants Instance","accessLevel":"Permissions management","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"DeleteAccessGrantsInstanceResourcePolicy":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to read Access grants instance resource policy","accessLevel":"Permissions management","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"DeleteAccessGrantsLocation":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:AccessGrantsLocationScope","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantslocation"}],"description":"Grants permission to delete Access Grants location","accessLevel":"Permissions management","resourceTypes":[{"name":"accessgrantslocation","required":true}]},"DeleteAccessPoint":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:AccessPointNetworkOrigin","s3:AccessPointTag/${TagKey}","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspoint"}],"description":"Grants permission to delete the access point named in the URI","accessLevel":"Write","resourceTypes":[{"name":"accesspoint","required":true}]},"DeleteAccessPointForObjectLambda":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to delete the object lambda enabled access point named in the URI","accessLevel":"Write","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"DeleteAccessPointPolicy":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:AccessPointNetworkOrigin","s3:AccessPointTag/${TagKey}","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspoint"}],"description":"Grants permission to delete the policy on a specified access point","accessLevel":"Permissions management","resourceTypes":[{"name":"accesspoint","required":true}]},"DeleteAccessPointPolicyForObjectLambda":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to delete the policy on a specified object lambda enabled access point","accessLevel":"Permissions management","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"DeleteBucket":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to delete the bucket named in the URI","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"DeleteBucketMetadataTableConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to delete the S3 Metadata configuration for a specified general purpose bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"DeleteBucketPolicy":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to delete the policy on a specified bucket","accessLevel":"Permissions management","resourceTypes":[{"name":"bucket","required":true}]},"DeleteBucketWebsite":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to remove the website configuration for a bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"DeleteJobTagging":{"conditionKeys":["s3:ExistingJobOperation","s3:ExistingJobPriority","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"job"}],"description":"Grants permission to remove tags from an existing Amazon S3 Batch Operations job","accessLevel":"Tagging","resourceTypes":[{"name":"job","required":true}]},"DeleteMultiRegionAccessPoint":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion"],"resources":[{"name":"multiregionaccesspoint"}],"description":"Grants permission to delete the Multi-Region Access Point named in the URI","accessLevel":"Write","resourceTypes":[{"name":"multiregionaccesspoint","required":true}]},"DeleteObject":{"conditionKeys":["s3:AccessGrantsInstanceArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:if-match","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the object","accessLevel":"Write","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"DeleteObjectTagging":{"conditionKeys":["s3:ExistingObjectTag/<key>","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to use the tagging subresource to remove the entire tag set from the specified object","accessLevel":"Tagging","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"DeleteObjectVersion":{"conditionKeys":["s3:AccessGrantsInstanceArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:versionid","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to remove a specific version of an object","accessLevel":"Write","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"DeleteObjectVersionTagging":{"conditionKeys":["s3:ExistingObjectTag/<key>","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:versionid","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to remove the entire tag set for a specific version of the object","accessLevel":"Tagging","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"DeleteStorageLensConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"storagelensconfiguration"}],"description":"Grants permission to delete an existing Amazon S3 Storage Lens configuration","accessLevel":"Write","resourceTypes":[{"name":"storagelensconfiguration","required":true}]},"DeleteStorageLensConfigurationTagging":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"storagelensconfiguration"}],"description":"Grants permission to remove tags from an existing Amazon S3 Storage Lens configuration","accessLevel":"Tagging","resourceTypes":[{"name":"storagelensconfiguration","required":true}]},"DeleteStorageLensGroup":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"storagelensgroup"}],"description":"Grants permission to delete an existing S3 Storage Lens group","accessLevel":"Write","resourceTypes":[{"name":"storagelensgroup","required":true}]},"DescribeJob":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"job"}],"description":"Grants permission to retrieve the configuration parameters and status for a batch operations job","accessLevel":"Read","resourceTypes":[{"name":"job","required":true}]},"DescribeMultiRegionAccessPointOperation":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion"],"resources":[{"name":"multiregionaccesspointrequestarn"}],"description":"Grants permission to retrieve the configurations for a Multi-Region Access Point","accessLevel":"Read","resourceTypes":[{"name":"multiregionaccesspointrequestarn","required":true}]},"DissociateAccessGrantsIdentityCenter":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to disassociate Access Grants identity center","accessLevel":"Permissions management","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"GetAccelerateConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to uses the accelerate subresource to return the Transfer Acceleration state of a bucket, which is either Enabled or Suspended","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetAccessGrant":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:AccessGrantScope","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrant"}],"description":"Grants permission to read Access Grant","accessLevel":"Read","resourceTypes":[{"name":"accessgrant","required":true}]},"GetAccessGrantsInstance":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to Read Access Grants Instance","accessLevel":"Read","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"GetAccessGrantsInstanceForPrefix":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to Read Access Grants Instance by prefix","accessLevel":"Read","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"GetAccessGrantsInstanceResourcePolicy":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to read Access grants instance resource policy","accessLevel":"Read","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"GetAccessGrantsLocation":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:AccessGrantsLocationScope","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantslocation"}],"description":"Grants permission to read Access Grants location","accessLevel":"Read","resourceTypes":[{"name":"accessgrantslocation","required":true}]},"GetAccessPoint":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:AccessPointNetworkOrigin","s3:AccessPointTag/${TagKey}","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[],"description":"Grants permission to return configuration information about the specified access point","accessLevel":"Read","resourceTypes":[]},"GetAccessPointConfigurationForObjectLambda":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to retrieve the configuration of the object lambda enabled access point","accessLevel":"Read","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"GetAccessPointForObjectLambda":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to create an object lambda enabled accesspoint","accessLevel":"Read","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"GetAccessPointPolicy":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:AccessPointNetworkOrigin","s3:AccessPointTag/${TagKey}","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspoint"}],"description":"Grants permission to return the access point policy associated with the specified access point","accessLevel":"Read","resourceTypes":[{"name":"accesspoint","required":true}]},"GetAccessPointPolicyForObjectLambda":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to return the access point policy associated with the specified object lambda enabled access point","accessLevel":"Read","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"GetAccessPointPolicyStatus":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:AccessPointNetworkOrigin","s3:AccessPointTag/${TagKey}","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspoint"}],"description":"Grants permission to return the policy status for a specific access point policy","accessLevel":"Read","resourceTypes":[{"name":"accesspoint","required":true}]},"GetAccessPointPolicyStatusForObjectLambda":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to return the policy status for a specific object lambda access point policy","accessLevel":"Read","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"GetAccountPublicAccessBlock":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[],"description":"Grants permission to retrieve the PublicAccessBlock configuration for an AWS account","accessLevel":"Read","resourceTypes":[]},"GetAnalyticsConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to get an analytics configuration from an Amazon S3 bucket, identified by the analytics configuration ID","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketAbac":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to retrieve ABAC configuration for a general purpose bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketAcl":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspoint"},{"name":"bucket"}],"description":"Grants permission to use the acl subresource to return the access control list (ACL) of an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"accesspoint","required":false},{"name":"bucket","required":false}]},"GetBucketCORS":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspoint"},{"name":"bucket"}],"description":"Grants permission to return the CORS configuration information set for an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"accesspoint","required":false},{"name":"bucket","required":false}]},"GetBucketLocation":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspoint"},{"name":"bucket"}],"description":"Grants permission to return the Region that an Amazon S3 bucket resides in","accessLevel":"Read","resourceTypes":[{"name":"accesspoint","required":false},{"name":"bucket","required":false}]},"GetBucketLogging":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return the logging status of an Amazon S3 bucket and the permissions users have to view or modify that status","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketMetadataTableConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return the S3 Metadata configuration for a specified general purpose bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketNotification":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspoint"},{"name":"bucket"}],"description":"Grants permission to get the notification configuration of an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"accesspoint","required":false},{"name":"bucket","required":false}]},"GetBucketObjectLockConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:signatureversion"],"resources":[{"name":"bucket"}],"description":"Grants permission to get the Object Lock configuration of an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketOwnershipControls":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to retrieve ownership controls on a bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketPolicy":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspoint"},{"name":"bucket"}],"description":"Grants permission to return the policy of the specified bucket","accessLevel":"Read","resourceTypes":[{"name":"accesspoint","required":false},{"name":"bucket","required":false}]},"GetBucketPolicyStatus":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to retrieve the policy status for a specific Amazon S3 bucket, which indicates whether the bucket is public","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketPublicAccessBlock":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to retrieve the PublicAccessBlock configuration for an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketRequestPayment":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return the request payment configuration for an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketTagging":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return the tag set associated with an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketVersioning":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return the versioning state of an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetBucketWebsite":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return the website configuration for an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetDataAccess":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to get Access","accessLevel":"Read","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"GetEncryptionConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return the default encryption configuration an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetIntelligentTieringConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to get an or list all Amazon S3 Intelligent Tiering configuration in a S3 Bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetInventoryConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return an inventory configuration from an Amazon S3 bucket, identified by the inventory configuration ID","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetJobTagging":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"job"}],"description":"Grants permission to return the tag set of an existing Amazon S3 Batch Operations job","accessLevel":"Read","resourceTypes":[{"name":"job","required":true}]},"GetLifecycleConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to return the lifecycle configuration information set on an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetMetricsConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to get a metrics configuration from an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetMultiRegionAccessPoint":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion"],"resources":[{"name":"multiregionaccesspoint"}],"description":"Grants permission to return configuration information about the specified Multi-Region Access Point","accessLevel":"Read","resourceTypes":[{"name":"multiregionaccesspoint","required":true}]},"GetMultiRegionAccessPointPolicy":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion"],"resources":[{"name":"multiregionaccesspoint"}],"description":"Grants permission to return the access point policy associated with the specified Multi-Region Access Point","accessLevel":"Read","resourceTypes":[{"name":"multiregionaccesspoint","required":true}]},"GetMultiRegionAccessPointPolicyStatus":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion"],"resources":[{"name":"multiregionaccesspoint"}],"description":"Grants permission to return the policy status for a specific Multi-Region Access Point policy","accessLevel":"Read","resourceTypes":[{"name":"multiregionaccesspoint","required":true}]},"GetMultiRegionAccessPointRoutes":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion"],"resources":[{"name":"multiregionaccesspoint"}],"description":"Grants permission to return the route configuration for a Multi-Region Access Point","accessLevel":"Read","resourceTypes":[{"name":"multiregionaccesspoint","required":true}]},"GetObject":{"conditionKeys":["s3:AccessGrantsInstanceArn","s3:ExistingObjectTag/<key>","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to retrieve objects from Amazon S3","accessLevel":"Read","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"GetObjectAcl":{"conditionKeys":["s3:AccessGrantsInstanceArn","s3:ExistingObjectTag/<key>","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to return the access control list (ACL) of an object","accessLevel":"Read","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"GetObjectAttributes":{"conditionKeys":["s3:ExistingObjectTag/<key>","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to retrieve attributes related to a specific object","accessLevel":"Read","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"GetObjectLegalHold":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to get an object's current Legal Hold status","accessLevel":"Read","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"GetObjectRetention":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to retrieve the retention settings for an object","accessLevel":"Read","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"GetObjectTagging":{"conditionKeys":["s3:ExistingObjectTag/<key>","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to return the tag set of an object","accessLevel":"Read","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"GetObjectTorrent":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to return torrent files from an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"object","required":true}]},"GetObjectVersion":{"conditionKeys":["s3:AccessGrantsInstanceArn","s3:ExistingObjectTag/<key>","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:versionid","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to retrieve a specific version of an object","accessLevel":"Read","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"GetObjectVersionAcl":{"conditionKeys":["s3:AccessGrantsInstanceArn","s3:ExistingObjectTag/<key>","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:versionid","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to return the access control list (ACL) of a specific object version","accessLevel":"Read","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"GetObjectVersionAttributes":{"conditionKeys":["s3:ExistingObjectTag/<key>","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:versionid","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to retrieve attributes related to a specific version of an object","accessLevel":"Read","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"GetObjectVersionForReplication":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to replicate both unencrypted objects and objects encrypted with SSE-S3 or SSE-KMS","accessLevel":"Read","resourceTypes":[{"name":"object","required":true}]},"GetObjectVersionTagging":{"conditionKeys":["s3:ExistingObjectTag/<key>","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:versionid","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to return the tag set for a specific version of the object","accessLevel":"Read","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"GetObjectVersionTorrent":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:versionid","s3:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to get Torrent files about a different version using the versionId subresource","accessLevel":"Read","resourceTypes":[{"name":"object","required":true}]},"GetReplicationConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to get the replication configuration information set on an Amazon S3 bucket","accessLevel":"Read","resourceTypes":[{"name":"bucket","required":true}]},"GetStorageLensConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"storagelensconfiguration"}],"description":"Grants permission to get an Amazon S3 Storage Lens configuration","accessLevel":"Read","resourceTypes":[{"name":"storagelensconfiguration","required":true}]},"GetStorageLensConfigurationTagging":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"storagelensconfiguration"}],"description":"Grants permission to get the tag set of an existing Amazon S3 Storage Lens configuration","accessLevel":"Read","resourceTypes":[{"name":"storagelensconfiguration","required":true}]},"GetStorageLensDashboard":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"storagelensconfiguration"}],"description":"Grants permission to get an Amazon S3 Storage Lens dashboard","accessLevel":"Read","resourceTypes":[{"name":"storagelensconfiguration","required":true}]},"GetStorageLensGroup":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"storagelensgroup"}],"description":"Grants permission to get an Amazon S3 Storage Lens group","accessLevel":"Read","resourceTypes":[{"name":"storagelensgroup","required":true}]},"InitiateReplication":{"conditionKeys":["s3:ResourceAccount"],"resources":[{"name":"object"}],"description":"Grants permission to initiate the replication process by setting replication status of an object to pending","accessLevel":"Write","resourceTypes":[{"name":"object","required":true}],"permissionOnly":true},"ListAccessGrants":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to list Access Grant","accessLevel":"List","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"ListAccessGrantsInstances":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[],"description":"Grants permission to List Access Grants Instances","accessLevel":"List","resourceTypes":[]},"ListAccessGrantsLocations":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to list Access Grants locations","accessLevel":"List","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"ListAccessPoints":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[],"description":"Grants permission to list access points","accessLevel":"List","resourceTypes":[]},"ListAccessPointsForObjectLambda":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[],"description":"Grants permission to list object lambda enabled accesspoints","accessLevel":"List","resourceTypes":[]},"ListAllMyBuckets":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[],"description":"Grants permission to list all buckets owned by the authenticated sender of the request","accessLevel":"List","resourceTypes":[]},"ListBucket":{"conditionKeys":["s3:AccessGrantsInstanceArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:delimiter","s3:max-keys","s3:prefix","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspoint"},{"name":"bucket"}],"description":"Grants permission to list some or all of the objects in an Amazon S3 bucket (up to 1000)","accessLevel":"List","resourceTypes":[{"name":"accesspoint","required":false},{"name":"bucket","required":false}]},"ListBucketMultipartUploads":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:AccessGrantsInstanceArn","s3:AccessPointNetworkOrigin","s3:AccessPointTag/${TagKey}","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to list in-progress multipart uploads","accessLevel":"List","resourceTypes":[{"name":"bucket","required":true}]},"ListBucketVersions":{"conditionKeys":["s3:AccessGrantsInstanceArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:delimiter","s3:max-keys","s3:prefix","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspoint"},{"name":"bucket"}],"description":"Grants permission to list metadata about all the versions of objects in an Amazon S3 bucket","accessLevel":"List","resourceTypes":[{"name":"accesspoint","required":false},{"name":"bucket","required":false}]},"ListCallerAccessGrants":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to list caller's Access Grant","accessLevel":"List","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"ListJobs":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[],"description":"Grants permission to list current jobs and jobs that have ended recently","accessLevel":"List","resourceTypes":[]},"ListMultiRegionAccessPoints":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion"],"resources":[],"description":"Grants permission to list Multi-Region Access Points","accessLevel":"List","resourceTypes":[]},"ListMultipartUploadParts":{"conditionKeys":["s3:AccessGrantsInstanceArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to list the parts that have been uploaded for a specific multipart upload","accessLevel":"List","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"ListStorageLensConfigurations":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[],"description":"Grants permission to list Amazon S3 Storage Lens configurations","accessLevel":"List","resourceTypes":[]},"ListStorageLensGroups":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[],"description":"Grants permission to list S3 Storage Lens groups","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrant"},{"name":"accessgrantsinstance"},{"name":"accessgrantslocation"},{"name":"accesspoint"},{"name":"bucket"},{"name":"storagelensgroup"}],"description":"Grants permission to list the tags attached to the specified resource","accessLevel":"List","resourceTypes":[{"name":"accessgrant","required":false},{"name":"accessgrantsinstance","required":false},{"name":"accessgrantslocation","required":false},{"name":"accesspoint","required":false},{"name":"bucket","required":false},{"name":"storagelensgroup","required":false}]},"ObjectOwnerOverrideToBucketOwner":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to change replica ownership","accessLevel":"Permissions management","resourceTypes":[{"name":"object","required":true}]},"PauseReplication":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:destinationRegion","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to pause S3 Replication from target source buckets to destination buckets","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}],"dependentActions":["s3:GetReplicationConfiguration","s3:PutReplicationConfiguration"],"permissionOnly":true},"PutAccelerateConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to use the accelerate subresource to set the Transfer Acceleration state of an existing S3 bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutAccessGrantsInstanceResourcePolicy":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantsinstance"}],"description":"Grants permission to put Access grants instance resource policy","accessLevel":"Permissions management","resourceTypes":[{"name":"accessgrantsinstance","required":true}]},"PutAccessPointConfigurationForObjectLambda":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to set the configuration of the object lambda enabled access point","accessLevel":"Write","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"PutAccessPointPolicy":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspoint"}],"description":"Grants permission to associate an access policy with a specified access point","accessLevel":"Permissions management","resourceTypes":[{"name":"accesspoint","required":true}]},"PutAccessPointPolicyForObjectLambda":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"objectlambdaaccesspoint"}],"description":"Grants permission to associate an access policy with a specified object lambda enabled access point","accessLevel":"Permissions management","resourceTypes":[{"name":"objectlambdaaccesspoint","required":true}]},"PutAccessPointPublicAccessBlock":{"conditionKeys":[],"resources":[],"description":"Grants permission to associate public access block configurations with a specified access point, while creating a access point","accessLevel":"Permissions management","resourceTypes":[]},"PutAccountPublicAccessBlock":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[],"description":"Grants permission to create or modify the PublicAccessBlock configuration for an AWS account","accessLevel":"Permissions management","resourceTypes":[]},"PutAnalyticsConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to set an analytics configuration for the bucket, specified by the analytics configuration ID","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketAbac":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to set ABAC configuration for a general purpose bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketAcl":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-acl","s3:x-amz-content-sha256","s3:x-amz-grant-full-control","s3:x-amz-grant-read","s3:x-amz-grant-read-acp","s3:x-amz-grant-write","s3:x-amz-grant-write-acp"],"resources":[{"name":"bucket"}],"description":"Grants permission to set the permissions on an existing bucket using access control lists (ACLs)","accessLevel":"Permissions management","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketCORS":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to set the CORS configuration for an Amazon S3 bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketLogging":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to set the logging parameters for an Amazon S3 bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketNotification":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to receive notifications when certain events happen in an Amazon S3 bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketObjectLockConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion"],"resources":[{"name":"bucket"}],"description":"Grants permission to put Object Lock configuration on a specific bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketOwnershipControls":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to add, replace or delete ownership controls on a bucket","accessLevel":"Permissions management","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketPolicy":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to add or replace a bucket policy on a bucket","accessLevel":"Permissions management","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketPublicAccessBlock":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to create or modify the PublicAccessBlock configuration for a specific Amazon S3 bucket","accessLevel":"Permissions management","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketRequestPayment":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to set the request payment configuration of a bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketTagging":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to add a set of tags to an existing Amazon S3 bucket","accessLevel":"Tagging","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketVersioning":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to set the versioning state of an existing Amazon S3 bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutBucketWebsite":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to set the configuration of the website that is specified in the website subresource","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutEncryptionConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to set the encryption configuration for an Amazon S3 bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutIntelligentTieringConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to create new or update or delete an existing Amazon S3 Intelligent Tiering configuration","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutInventoryConfiguration":{"conditionKeys":["s3:InventoryAccessibleOptionalFields","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to add an inventory configuration to the bucket, identified by the inventory ID","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutJobTagging":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","s3:ExistingJobOperation","s3:ExistingJobPriority","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"job"}],"description":"Grants permission to replace tags on an existing Amazon S3 Batch Operations job","accessLevel":"Tagging","resourceTypes":[{"name":"job","required":true}]},"PutLifecycleConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to create a new lifecycle configuration for the bucket or replace an existing lifecycle configuration","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutMetricsConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to set or update a metrics configuration for the CloudWatch request metrics from an Amazon S3 bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"PutMultiRegionAccessPointPolicy":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion"],"resources":[{"name":"multiregionaccesspoint"}],"description":"Grants permission to associate an access policy with a specified Multi-Region Access Point","accessLevel":"Permissions management","resourceTypes":[{"name":"multiregionaccesspoint","required":true}]},"PutObject":{"conditionKeys":["s3:AccessGrantsInstanceArn","s3:ObjectCreationOperation","s3:RequestObjectTag/<key>","s3:RequestObjectTagKeys","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:if-match","s3:if-none-match","s3:object-lock-legal-hold","s3:object-lock-mode","s3:object-lock-remaining-retention-days","s3:object-lock-retain-until-date","s3:signatureAge","s3:signatureversion","s3:x-amz-acl","s3:x-amz-content-sha256","s3:x-amz-copy-source","s3:x-amz-grant-full-control","s3:x-amz-grant-read","s3:x-amz-grant-read-acp","s3:x-amz-grant-write","s3:x-amz-grant-write-acp","s3:x-amz-metadata-directive","s3:x-amz-server-side-encryption","s3:x-amz-server-side-encryption-aws-kms-key-id","s3:x-amz-server-side-encryption-customer-algorithm","s3:x-amz-storage-class","s3:x-amz-website-redirect-location"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to add an object to a bucket","accessLevel":"Write","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"PutObjectAcl":{"conditionKeys":["s3:AccessGrantsInstanceArn","s3:ExistingObjectTag/<key>","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-acl","s3:x-amz-content-sha256","s3:x-amz-grant-full-control","s3:x-amz-grant-read","s3:x-amz-grant-read-acp","s3:x-amz-grant-write","s3:x-amz-grant-write-acp","s3:x-amz-storage-class"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to set the access control list (ACL) permissions for new or existing objects in an S3 bucket","accessLevel":"Permissions management","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"PutObjectLegalHold":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:object-lock-legal-hold","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to apply a Legal Hold configuration to the specified object","accessLevel":"Write","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"PutObjectRetention":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:object-lock-mode","s3:object-lock-remaining-retention-days","s3:object-lock-retain-until-date","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to place an Object Retention configuration on an object","accessLevel":"Write","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"PutObjectTagging":{"conditionKeys":["s3:ExistingObjectTag/<key>","s3:RequestObjectTag/<key>","s3:RequestObjectTagKeys","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to set the supplied tag-set to an object that already exists in a bucket","accessLevel":"Tagging","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"PutObjectVersionAcl":{"conditionKeys":["s3:AccessGrantsInstanceArn","s3:ExistingObjectTag/<key>","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:versionid","s3:x-amz-acl","s3:x-amz-content-sha256","s3:x-amz-grant-full-control","s3:x-amz-grant-read","s3:x-amz-grant-read-acp","s3:x-amz-grant-write","s3:x-amz-grant-write-acp","s3:x-amz-storage-class"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to use the acl subresource to set the access control list (ACL) permissions for an object that already exists in a bucket","accessLevel":"Permissions management","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"PutObjectVersionTagging":{"conditionKeys":["s3:ExistingObjectTag/<key>","s3:RequestObjectTag/<key>","s3:RequestObjectTagKeys","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:versionid","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to set the supplied tag-set for a specific version of an object","accessLevel":"Tagging","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"PutReplicationConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:isReplicationPauseRequest","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to create a new replication configuration or replace an existing one","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}],"dependentActions":["iam:PassRole"]},"PutStorageLensConfiguration":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[],"description":"Grants permission to create or update an Amazon S3 Storage Lens configuration","accessLevel":"Write","resourceTypes":[]},"PutStorageLensConfigurationTagging":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"storagelensconfiguration"}],"description":"Grants permission to put or replace tags on an existing Amazon S3 Storage Lens configuration","accessLevel":"Tagging","resourceTypes":[{"name":"storagelensconfiguration","required":true}]},"ReplicateDelete":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to replicate delete markers to the destination bucket","accessLevel":"Write","resourceTypes":[{"name":"object","required":true}]},"ReplicateObject":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256","s3:x-amz-server-side-encryption","s3:x-amz-server-side-encryption-aws-kms-key-id","s3:x-amz-server-side-encryption-customer-algorithm"],"resources":[{"name":"object"}],"description":"Grants permission to replicate objects and object tags to the destination bucket","accessLevel":"Write","resourceTypes":[{"name":"object","required":true}]},"ReplicateTags":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"object"}],"description":"Grants permission to replicate object tags to the destination bucket","accessLevel":"Tagging","resourceTypes":[{"name":"object","required":true}]},"RestoreObject":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to restore an archived copy of an object back into Amazon S3","accessLevel":"Write","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"SubmitMultiRegionAccessPointRoutes":{"conditionKeys":["s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion"],"resources":[{"name":"multiregionaccesspoint"}],"description":"Grants permission to submit a route configuration update for a Multi-Region Access Point","accessLevel":"Write","resourceTypes":[{"name":"multiregionaccesspoint","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrant"},{"name":"accessgrantsinstance"},{"name":"accessgrantslocation"},{"name":"accesspoint"},{"name":"bucket"},{"name":"storagelensgroup"}],"description":"Grants permission to add tags to the specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"accessgrant","required":false},{"name":"accessgrantsinstance","required":false},{"name":"accessgrantslocation","required":false},{"name":"accesspoint","required":false},{"name":"bucket","required":false},{"name":"storagelensgroup","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrant"},{"name":"accessgrantsinstance"},{"name":"accessgrantslocation"},{"name":"accesspoint"},{"name":"bucket"},{"name":"storagelensgroup"}],"description":"Grants permission to remove tags from the specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"accessgrant","required":false},{"name":"accessgrantsinstance","required":false},{"name":"accessgrantslocation","required":false},{"name":"accesspoint","required":false},{"name":"bucket","required":false},{"name":"storagelensgroup","required":false}]},"UpdateAccessGrantsLocation":{"conditionKeys":["aws:ResourceTag/${TagKey}","s3:AccessGrantsLocationScope","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"accessgrantslocation"}],"description":"Grants permission to update Access Grants location","accessLevel":"Permissions management","resourceTypes":[{"name":"accessgrantslocation","required":true}]},"UpdateBucketMetadataInventoryTableConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to update the inventory table configuration on an existing S3 Metadata configuration for a specified general purpose bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}],"dependentActions":["kms:DescribeKey","s3tables:CreateNamespace","s3tables:CreateTable","s3tables:CreateTableBucket","s3tables:GetTable","s3tables:PutTableEncryption","s3tables:PutTablePolicy"]},"UpdateBucketMetadataJournalTableConfiguration":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"bucket"}],"description":"Grants permission to update the journal table configuration on an existing S3 Metadata configuration for a specified general purpose bucket","accessLevel":"Write","resourceTypes":[{"name":"bucket","required":true}]},"UpdateJobPriority":{"conditionKeys":["s3:ExistingJobOperation","s3:ExistingJobPriority","s3:RequestJobPriority","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"job"}],"description":"Grants permission to update the priority of an existing job","accessLevel":"Write","resourceTypes":[{"name":"job","required":true}]},"UpdateJobStatus":{"conditionKeys":["s3:ExistingJobOperation","s3:ExistingJobPriority","s3:JobSuspendedCause","s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"job"}],"description":"Grants permission to update the status for the specified job","accessLevel":"Write","resourceTypes":[{"name":"job","required":true}]},"UpdateObjectEncryption":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256","s3:x-amz-server-side-encryption","s3:x-amz-server-side-encryption-aws-kms-key-id"],"resources":[{"name":"accesspointobject"},{"name":"object"}],"description":"Grants permission to update the server-side encryption type of an existing object in a general purpose bucket","accessLevel":"Write","resourceTypes":[{"name":"accesspointobject","required":false},{"name":"object","required":false}]},"UpdateStorageLensGroup":{"conditionKeys":["s3:ResourceAccount","s3:TlsVersion","s3:authType","s3:signatureAge","s3:signatureversion","s3:x-amz-content-sha256"],"resources":[{"name":"storagelensgroup"}],"description":"Grants permission to update an existing S3 Storage Lens group","accessLevel":"Write","resourceTypes":[{"name":"storagelensgroup","required":true}]}},"resources":[{"name":"accessgrant","arnFormats":["arn:${Partition}:s3:${Region}:${Account}:access-grants/default/grant/${Token}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"]},{"name":"accessgrantsinstance","arnFormats":["arn:${Partition}:s3:${Region}:${Account}:access-grants/default"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"]},{"name":"accessgrantslocation","arnFormats":["arn:${Partition}:s3:${Region}:${Account}:access-grants/default/location/${Token}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"]},{"name":"accesspoint","arnFormats":["arn:${Partition}:s3:${Region}:${Account}:accesspoint/${AccessPointName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","s3:AccessPointNetworkOrigin","s3:AccessPointTag/${TagKey}","s3:DataAccessPointAccount","s3:DataAccessPointArn"]},{"name":"accesspointobject","arnFormats":["arn:${Partition}:s3:${Region}:${Account}:accesspoint/${AccessPointName}/object/${ObjectName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","s3:AccessPointNetworkOrigin","s3:AccessPointTag/${TagKey}","s3:BucketTag/${TagKey}","s3:DataAccessPointAccount","s3:DataAccessPointArn"]},{"name":"bucket","arnFormats":["arn:${Partition}:s3:::${BucketName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","s3:BucketTag/${TagKey}"]},{"name":"job","arnFormats":["arn:${Partition}:s3:${Region}:${Account}:job/${JobId}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"]},{"name":"multiregionaccesspoint","arnFormats":["arn:${Partition}:s3::${Account}:accesspoint/${AccessPointAlias}"],"conditionKeys":[]},{"name":"multiregionaccesspointrequestarn","arnFormats":["arn:${Partition}:s3:us-west-2:${Account}:async-request/mrap/${Operation}/${Token}"],"conditionKeys":[]},{"name":"object","arnFormats":["arn:${Partition}:s3:::${BucketName}/${ObjectName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","s3:BucketTag/${TagKey}"]},{"name":"objectlambdaaccesspoint","arnFormats":["arn:${Partition}:s3-object-lambda:${Region}:${Account}:accesspoint/${AccessPointName}"],"conditionKeys":[]},{"name":"storagelensconfiguration","arnFormats":["arn:${Partition}:s3:${Region}:${Account}:storage-lens/${ConfigId}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"]},{"name":"storagelensgroup","arnFormats":["arn:${Partition}:s3:${Region}:${Account}:storage-lens-group/${Name}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"},"s3:AccessGrantScope":{"types":["String"],"description":"Filters access by the grant scope of access grants grant"},"s3:AccessGrantsInstanceArn":{"types":["ARN"],"description":"Filters access by access grants instance ARN"},"s3:AccessGrantsLocationScope":{"types":["String"],"description":"Filters access by the location scope of access grants location"},"s3:AccessPointNetworkOrigin":{"types":["String"],"description":"Filters access by the network origin (Internet or VPC)"},"s3:AccessPointTag/${TagKey}":{"types":["String"],"description":"Filters access by existing access point tag key and value"},"s3:BucketTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the bucket"},"s3:DataAccessPointAccount":{"types":["String"],"description":"Filters access by the AWS Account ID that owns the access point"},"s3:DataAccessPointArn":{"types":["ARN"],"description":"Filters access by an access point Amazon Resource Name (ARN)"},"s3:ExistingJobOperation":{"types":["String"],"description":"Filters access by operation to updating the job priority"},"s3:ExistingJobPriority":{"types":["Numeric"],"description":"Filters access by priority range to cancelling existing jobs"},"s3:ExistingObjectTag/<key>":{"types":["String"],"description":"Filters access by existing object tag key and value"},"s3:InventoryAccessibleOptionalFields":{"types":["ArrayOfString"],"description":"Filters access by restricting which optional metadata fields a user can add when configuring S3 Inventory reports"},"s3:JobSuspendedCause":{"types":["String"],"description":"Filters access by a specific job suspended cause (for example, AWAITING_CONFIRMATION) to cancelling suspended jobs"},"s3:ObjectCreationOperation":{"types":["Bool"],"description":"Filters access by whether or not the operation creates an object"},"s3:RequestJobOperation":{"types":["String"],"description":"Filters access by operation to creating jobs"},"s3:RequestJobPriority":{"types":["Numeric"],"description":"Filters access by priority range to creating new jobs"},"s3:RequestObjectTag/<key>":{"types":["String"],"description":"Filters access by the tag keys and values to be added to objects"},"s3:RequestObjectTagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys to be added to objects"},"s3:ResourceAccount":{"types":["String"],"description":"Filters access by the resource owner AWS account ID"},"s3:TlsVersion":{"types":["Numeric"],"description":"Filters access by the TLS version used by the client"},"s3:authType":{"types":["String"],"description":"Filters access by authentication method"},"s3:delimiter":{"types":["String"],"description":"Filters access by delimiter parameter"},"s3:destinationRegion":{"types":["String"],"description":"Filters access by a specific replication destination region for targeted buckets of the AWS FIS action aws:s3:bucket-pause-replication"},"s3:if-match":{"types":["String"],"description":"Filters access by the request's 'If-Match' conditional header"},"s3:if-none-match":{"types":["String"],"description":"Filters access by the request's 'If-None-Match' conditional header"},"s3:isReplicationPauseRequest":{"types":["Bool"],"description":"Filters access by request made via AWS FIS action aws:s3:bucket-pause-replication"},"s3:locationconstraint":{"types":["String"],"description":"Filters access by a specific Region"},"s3:max-keys":{"types":["Numeric"],"description":"Filters access by maximum number of keys returned in a ListBucket request"},"s3:object-lock-legal-hold":{"types":["String"],"description":"Filters access by object legal hold status"},"s3:object-lock-mode":{"types":["String"],"description":"Filters access by object retention mode (COMPLIANCE or GOVERNANCE)"},"s3:object-lock-remaining-retention-days":{"types":["Numeric"],"description":"Filters access by remaining object retention days"},"s3:object-lock-retain-until-date":{"types":["Date"],"description":"Filters access by object retain-until date"},"s3:prefix":{"types":["String"],"description":"Filters access by key name prefix"},"s3:signatureAge":{"types":["Numeric"],"description":"Filters access by the age in milliseconds of the request signature"},"s3:signatureversion":{"types":["String"],"description":"Filters access by the version of AWS Signature used on the request"},"s3:versionid":{"types":["String"],"description":"Filters access by a specific object version"},"s3:x-amz-acl":{"types":["String"],"description":"Filters access by canned ACL in the request's x-amz-acl header"},"s3:x-amz-bucket-namespace":{"types":["String"],"description":"Filters access by general purpose bucket namespace type"},"s3:x-amz-content-sha256":{"types":["String"],"description":"Filters access by unsigned content in your bucket"},"s3:x-amz-copy-source":{"types":["String"],"description":"Filters access by copy source bucket, prefix, or object in the copy object requests"},"s3:x-amz-grant-full-control":{"types":["String"],"description":"Filters access by x-amz-grant-full-control (full control) header"},"s3:x-amz-grant-read":{"types":["String"],"description":"Filters access by x-amz-grant-read (read access) header"},"s3:x-amz-grant-read-acp":{"types":["String"],"description":"Filters access by the x-amz-grant-read-acp (read permissions for the ACL) header"},"s3:x-amz-grant-write":{"types":["String"],"description":"Filters access by the x-amz-grant-write (write access) header"},"s3:x-amz-grant-write-acp":{"types":["String"],"description":"Filters access by the x-amz-grant-write-acp (write permissions for the ACL) header"},"s3:x-amz-metadata-directive":{"types":["String"],"description":"Filters access by object metadata behavior (COPY or REPLACE) when objects are copied"},"s3:x-amz-object-ownership":{"types":["String"],"description":"Filters access by Object Ownership"},"s3:x-amz-server-side-encryption":{"types":["String"],"description":"Filters access by server-side encryption"},"s3:x-amz-server-side-encryption-aws-kms-key-id":{"types":["ARN"],"description":"Filters access by AWS KMS customer managed CMK for server-side encryption"},"s3:x-amz-server-side-encryption-customer-algorithm":{"types":["String"],"description":"Filters access by customer specified algorithm for server-side encryption"},"s3:x-amz-storage-class":{"types":["String"],"description":"Filters access by storage class"},"s3:x-amz-website-redirect-location":{"types":["String"],"description":"Filters access by a specific website redirect location for buckets that are configured as static websites"}}}