aws-iam-ls 0.0.0

package/src/data/servicereference/services/scn.json

@@ -0,0 +1 @@
+{"name":"scn","actions":{"AssignAdminPermissionsToUser":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to add AWS Supply Chain administrator permission to federated user","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]},"CreateBillOfMaterialsImportJob":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to create a BillOfMaterialsImportJob which will import a CSV file of BillOfMaterials records","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]},"CreateDataIntegrationFlow":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"instance"}],"description":"Grants permission to create DataIntegrationFlow that can transform from multiple sources to one target","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]},"CreateDataLakeDataset":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"instance"}],"description":"Grants permission to create the data lake dataset","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]},"CreateDataLakeNamespace":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"instance"}],"description":"Grants permission to create the data lake namespace","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]},"CreateInstance":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"instance"}],"description":"Grants permission to create a new AWS Supply Chain instance","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]},"CreateSSOApplication":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to create IAM Identity Center application for a AWS Supply Chain instance","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]},"DeleteDataIntegrationFlow":{"conditionKeys":[],"resources":[{"name":"data-integration-flow"}],"description":"Grants permission to delete the DataIntegrationFlow","accessLevel":"Write","resourceTypes":[{"name":"data-integration-flow","required":true}]},"DeleteDataLakeDataset":{"conditionKeys":[],"resources":[{"name":"dataset"}],"description":"Grants permission to delete the data lake dataset","accessLevel":"Write","resourceTypes":[{"name":"dataset","required":true}]},"DeleteDataLakeNamespace":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to delete the data lake namespace","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true}]},"DeleteInstance":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to delete an AWS Supply Chain instance","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]},"DeleteSSOApplication":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to delete IAM Identity Center application of the AWS Supply Chain instance","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]},"DescribeInstance":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to view details of an AWS Supply Chain instance","accessLevel":"Read","resourceTypes":[{"name":"instance","required":true}]},"GetBillOfMaterialsImportJob":{"conditionKeys":[],"resources":[{"name":"bill-of-materials-import-job"}],"description":"Grants permission to view status and details of a BillOfMaterialsImportJob","accessLevel":"Read","resourceTypes":[{"name":"bill-of-materials-import-job","required":true}]},"GetDataIntegrationEvent":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to get a DataIntegrationEvent","accessLevel":"Read","resourceTypes":[{"name":"instance","required":true}]},"GetDataIntegrationFlow":{"conditionKeys":[],"resources":[{"name":"data-integration-flow"}],"description":"Grants permission to get the DataIntegrationFlow details","accessLevel":"Read","resourceTypes":[{"name":"data-integration-flow","required":true}]},"GetDataIntegrationFlowExecution":{"conditionKeys":[],"resources":[{"name":"data-integration-flow"}],"description":"Grants permission to get a particular execution of one specified DataIntegrationFlow","accessLevel":"Read","resourceTypes":[{"name":"data-integration-flow","required":true}]},"GetDataLakeDataset":{"conditionKeys":[],"resources":[{"name":"dataset"}],"description":"Grants permission to get the dataset details","accessLevel":"Read","resourceTypes":[{"name":"dataset","required":true}]},"GetDataLakeNamespace":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to get the namespace details","accessLevel":"Read","resourceTypes":[{"name":"namespace","required":true}]},"GetInstance":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to view details of an AWS Supply Chain instance","accessLevel":"Read","resourceTypes":[{"name":"instance","required":true}]},"ListAdminUsers":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to list AWS Supply Chain administrators of an instance","accessLevel":"List","resourceTypes":[{"name":"instance","required":true}]},"ListDataIntegrationEvents":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to list all DataIntegrationEvents under an instance","accessLevel":"List","resourceTypes":[{"name":"instance","required":true}]},"ListDataIntegrationFlowExecutions":{"conditionKeys":[],"resources":[{"name":"data-integration-flow"}],"description":"Grants permission to list all executions of one specified DataIntegrationFlow","accessLevel":"List","resourceTypes":[{"name":"data-integration-flow","required":true}]},"ListDataIntegrationFlows":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to list all the DataIntegrationFlows in a paginated way","accessLevel":"List","resourceTypes":[{"name":"instance","required":true}]},"ListDataLakeDatasets":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to list the data lake datasets under specific instance or namespace","accessLevel":"List","resourceTypes":[{"name":"instance","required":true}]},"ListDataLakeNamespaces":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to list the data lake namespaces under specific instance","accessLevel":"List","resourceTypes":[{"name":"instance","required":true}]},"ListInstances":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to view the AWS Supply Chain instances associated with an AWS account","accessLevel":"List","resourceTypes":[{"name":"instance","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to list tags for an AWS Supply Chain resource","accessLevel":"List","resourceTypes":[{"name":"instance","required":true}]},"RemoveAdminPermissionsForUser":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to remove AWS Supply Chain administrator permission from federated user","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]},"SendDataIntegrationEvent":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to create a DataIntegrationEvent which will ingest data in real-time","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"instance"}],"description":"Grants permission to tag an AWS Supply Chain resource","accessLevel":"Tagging","resourceTypes":[{"name":"instance","required":true}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"instance"}],"description":"Grants permission to remove tag from an AWS Supply Chain resource","accessLevel":"Tagging","resourceTypes":[{"name":"instance","required":true}]},"UpdateDataIntegrationFlow":{"conditionKeys":[],"resources":[{"name":"data-integration-flow"}],"description":"Grants permission to update the DataIntegrationFlow","accessLevel":"Write","resourceTypes":[{"name":"data-integration-flow","required":true}]},"UpdateDataLakeDataset":{"conditionKeys":[],"resources":[{"name":"dataset"}],"description":"Grants permission to update the data lake dataset","accessLevel":"Write","resourceTypes":[{"name":"dataset","required":true}]},"UpdateDataLakeNamespace":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to update the data lake namespace","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true}]},"UpdateInstance":{"conditionKeys":[],"resources":[{"name":"instance"}],"description":"Grants permission to update an AWS Supply Chain instance","accessLevel":"Write","resourceTypes":[{"name":"instance","required":true}]}},"resources":[{"name":"bill-of-materials-import-job","arnFormats":["arn:${Partition}:scn:${Region}:${Account}:instance/${InstanceId}/bill-of-materials-import-job/${JobId}"],"conditionKeys":[]},{"name":"data-integration-flow","arnFormats":["arn:${Partition}:scn:${Region}:${Account}:instance/${InstanceId}/data-integration-flows/${FlowName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"dataset","arnFormats":["arn:${Partition}:scn:${Region}:${Account}:instance/${InstanceId}/namespaces/${Namespace}/datasets/${DatasetName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"instance","arnFormats":["arn:${Partition}:scn:${Region}:${Account}:instance/${InstanceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"namespace","arnFormats":["arn:${Partition}:scn:${Region}:${Account}:instance/${InstanceId}/namespaces/${Namespace}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by using tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by using tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by using tag keys in the request"}}}

package/src/data/servicereference/services/sdb.json

@@ -0,0 +1 @@
+{"name":"sdb","actions":{"BatchDeleteAttributes":{"conditionKeys":[],"resources":[{"name":"domain"}],"description":"Grants permission to perform multiple DeleteAttributes operations in a single call, which reduces round trips and latencies","accessLevel":"Write","resourceTypes":[{"name":"domain","required":true}]},"BatchPutAttributes":{"conditionKeys":[],"resources":[{"name":"domain"}],"description":"Grants permission to perform multiple PutAttribute operations in a single call, which reduces round trips and latencies","accessLevel":"Write","resourceTypes":[{"name":"domain","required":true}]},"CreateDomain":{"conditionKeys":[],"resources":[{"name":"domain"}],"description":"Grants permission to create a new domain","accessLevel":"Write","resourceTypes":[{"name":"domain","required":true}]},"DeleteAttributes":{"conditionKeys":[],"resources":[{"name":"domain"}],"description":"Grants permission to delete one or more attributes associated with the item","accessLevel":"Write","resourceTypes":[{"name":"domain","required":true}]},"DeleteDomain":{"conditionKeys":[],"resources":[{"name":"domain"}],"description":"Grants permission to delete a domain","accessLevel":"Write","resourceTypes":[{"name":"domain","required":true}]},"DomainMetadata":{"conditionKeys":[],"resources":[{"name":"domain"}],"description":"Grants permission to return information about the domain, including when the domain was created, the number of items and attributes, and the size of attribute names and values","accessLevel":"Read","resourceTypes":[{"name":"domain","required":true}]},"GetAttributes":{"conditionKeys":[],"resources":[{"name":"domain"}],"description":"Grants permission to return all of the attributes associated with the item","accessLevel":"Read","resourceTypes":[{"name":"domain","required":true}]},"GetExport":{"conditionKeys":[],"resources":[{"name":"export"}],"description":"Grants permission to return information for an existing domain export arn","accessLevel":"Read","resourceTypes":[{"name":"export","required":true}]},"ListDomains":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all domains","accessLevel":"List","resourceTypes":[]},"ListExports":{"conditionKeys":[],"resources":[{"name":"domain"}],"description":"Grants permission to list all exports that were created. The results are paginated and can be filtered by domain name","accessLevel":"List","resourceTypes":[{"name":"domain","required":false}]},"PutAttributes":{"conditionKeys":[],"resources":[{"name":"domain"}],"description":"Grants permission to create or replace attributes in an item","accessLevel":"Write","resourceTypes":[{"name":"domain","required":true}]},"Select":{"conditionKeys":[],"resources":[{"name":"domain"}],"description":"Grants permission to execute a query against the items in a domain","accessLevel":"Read","resourceTypes":[{"name":"domain","required":true}]},"StartDomainExport":{"conditionKeys":[],"resources":[{"name":"domain"}],"description":"Grants permission to initiates the export of a SimpleDB domain to an S3 bucket","accessLevel":"Write","resourceTypes":[{"name":"domain","required":true}]}},"resources":[{"name":"domain","arnFormats":["arn:${Partition}:sdb:${Region}:${Account}:domain/${DomainName}"],"conditionKeys":[]},{"name":"export","arnFormats":["arn:${Partition}:sdb:${Region}:${Account}:domain/${DomainName}/export/${ExportUUID}"],"conditionKeys":[]}],"conditionKeys":{}}

package/src/data/servicereference/services/secretsmanager.json

@@ -0,0 +1 @@
+{"name":"secretsmanager","actions":{"BatchGetSecretValue":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve and decrypt a list of secrets","accessLevel":"List","resourceTypes":[]},"CancelRotateSecret":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to cancel an in-progress secret rotation","accessLevel":"Write","resourceTypes":[{"name":"Secret","required":true}]},"CreateSecret":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","secretsmanager:AddReplicaRegions","secretsmanager:Description","secretsmanager:ForceOverwriteReplicaSecret","secretsmanager:KmsKeyArn","secretsmanager:KmsKeyId","secretsmanager:Name","secretsmanager:ResourceTag/tag-key","secretsmanager:Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to create a secret that stores encrypted data that can be queried and rotated","accessLevel":"Write","resourceTypes":[{"name":"Secret","required":true}]},"DeleteResourcePolicy":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to delete the resource policy attached to a secret","accessLevel":"Permissions management","resourceTypes":[{"name":"Secret","required":true}]},"DeleteSecret":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ForceDeleteWithoutRecovery","secretsmanager:RecoveryWindowInDays","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to delete a secret","accessLevel":"Write","resourceTypes":[{"name":"Secret","required":true}]},"DescribeSecret":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to retrieve the metadata about a secret, but not the encrypted data","accessLevel":"Read","resourceTypes":[{"name":"Secret","required":true}]},"GetRandomPassword":{"conditionKeys":[],"resources":[],"description":"Grants permission to generate a random string for use in password creation","accessLevel":"Read","resourceTypes":[]},"GetResourcePolicy":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to get the resource policy attached to a secret","accessLevel":"Read","resourceTypes":[{"name":"Secret","required":true}]},"GetSecretValue":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:VersionId","secretsmanager:VersionStage","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to retrieve and decrypt the encrypted data","accessLevel":"Read","resourceTypes":[{"name":"Secret","required":true}]},"ListSecretVersionIds":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to list the available versions of a secret","accessLevel":"Read","resourceTypes":[{"name":"Secret","required":true}]},"ListSecrets":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the available secrets","accessLevel":"List","resourceTypes":[]},"PutResourcePolicy":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:BlockPublicPolicy","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to attach a resource policy to a secret","accessLevel":"Permissions management","resourceTypes":[{"name":"Secret","required":true}]},"PutSecretValue":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to create a new version of the secret with new encrypted data","accessLevel":"Write","resourceTypes":[{"name":"Secret","required":true}]},"RemoveRegionsFromReplication":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to remove regions from replication","accessLevel":"Write","resourceTypes":[{"name":"Secret","required":true}]},"ReplicateSecretToRegions":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:AddReplicaRegions","secretsmanager:ForceOverwriteReplicaSecret","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to convert an existing secret to a multi-Region secret and begin replicating the secret to a list of new regions","accessLevel":"Write","resourceTypes":[{"name":"Secret","required":true}]},"RestoreSecret":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to cancel deletion of a secret","accessLevel":"Write","resourceTypes":[{"name":"Secret","required":true}]},"RotateSecret":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ExternalSecretRotationRoleArn","secretsmanager:ModifyRotationRules","secretsmanager:ResourceTag/tag-key","secretsmanager:RotateImmediately","secretsmanager:RotationLambdaARN","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to start rotation of a secret","accessLevel":"Write","resourceTypes":[{"name":"Secret","required":true}]},"StopReplicationToReplica":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to remove the secret from replication and promote the secret to a regional secret in the replica Region","accessLevel":"Write","resourceTypes":[{"name":"Secret","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to add tags to a secret","accessLevel":"Tagging","resourceTypes":[{"name":"Secret","required":true}]},"UntagResource":{"conditionKeys":["aws:ResourceTag/${TagKey}","aws:TagKeys","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to remove tags from a secret","accessLevel":"Tagging","resourceTypes":[{"name":"Secret","required":true}]},"UpdateSecret":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:Description","secretsmanager:KmsKeyArn","secretsmanager:KmsKeyId","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:Type","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to update a secret with new metadata or with a new version of the encrypted data","accessLevel":"Write","resourceTypes":[{"name":"Secret","required":true}]},"UpdateSecretVersionStage":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:VersionStage","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to move a stage from one secret to another","accessLevel":"Write","resourceTypes":[{"name":"Secret","required":true}]},"ValidateResourcePolicy":{"conditionKeys":["aws:ResourceTag/${TagKey}","secretsmanager:ResourceTag/tag-key","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"],"resources":[{"name":"Secret"}],"description":"Grants permission to validate a resource policy before attaching policy","accessLevel":"Permissions management","resourceTypes":[{"name":"Secret","required":true}]}},"resources":[{"name":"Secret","arnFormats":["arn:${Partition}:secretsmanager:${Region}:${Account}:secret:${SecretId}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","secretsmanager:ResourceTag/tag-key","secretsmanager:resource/AllowRotationLambdaArn","secretsmanager:resource/Type"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by a key that is present in the request the user makes to the Secrets Manager service"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the list of all the tag key names present in the request the user makes to the Secrets Manager service"},"secretsmanager:AddReplicaRegions":{"types":["ArrayOfString"],"description":"Filters access by the list of Regions in which to replicate the secret"},"secretsmanager:BlockPublicPolicy":{"types":["Bool"],"description":"Filters access by whether the resource policy blocks broad AWS account access"},"secretsmanager:Description":{"types":["String"],"description":"Filters access by the description text in the request"},"secretsmanager:ExternalSecretRotationRoleArn":{"types":["ARN"],"description":"Filters access by the managed external secret rotation role ARN in the request"},"secretsmanager:ForceDeleteWithoutRecovery":{"types":["Bool"],"description":"Filters access by whether the secret is to be deleted immediately without any recovery window"},"secretsmanager:ForceOverwriteReplicaSecret":{"types":["Bool"],"description":"Filters access by whether to overwrite a secret with the same name in the destination Region"},"secretsmanager:KmsKeyArn":{"types":["ARN"],"description":"Filters access by the key ARN of the KMS key in the request"},"secretsmanager:KmsKeyId":{"types":["String"],"description":"Filters access by the key identifier of the KMS key in the request. Deprecated: Use secretsmanager:KmsKeyArn"},"secretsmanager:ModifyRotationRules":{"types":["Bool"],"description":"Filters access by whether the rotation rules of the secret are to be modified"},"secretsmanager:Name":{"types":["String"],"description":"Filters access by the friendly name of the secret in the request"},"secretsmanager:RecoveryWindowInDays":{"types":["Numeric"],"description":"Filters access by the number of days that Secrets Manager waits before it can delete the secret"},"secretsmanager:ResourceTag/tag-key":{"types":["String"],"description":"Filters access by a tag key and value pair"},"secretsmanager:RotateImmediately":{"types":["Bool"],"description":"Filters access by whether the secret is to be rotated immediately"},"secretsmanager:RotationLambdaARN":{"types":["ARN"],"description":"Filters access by the ARN of the rotation Lambda function in the request"},"secretsmanager:SecretId":{"types":["ARN"],"description":"Filters access by the SecretID value in the request"},"secretsmanager:SecretPrimaryRegion":{"types":["String"],"description":"Filters access by primary region in which the secret is created if the secret is a multi-Region secret"},"secretsmanager:Type":{"types":["String"],"description":"Filters access by the managed external secret type in the request"},"secretsmanager:VersionId":{"types":["String"],"description":"Filters access by the unique identifier of the version of the secret in the request"},"secretsmanager:VersionStage":{"types":["String"],"description":"Filters access by the list of version stages in the request"},"secretsmanager:resource/AllowRotationLambdaArn":{"types":["ARN"],"description":"Filters access by the ARN of the rotation Lambda function associated with the secret"},"secretsmanager:resource/Type":{"types":["String"],"description":"Filters access by the managed external secret type associated with the secret"}}}

package/src/data/servicereference/services/security-ir.json

@@ -0,0 +1 @@
+{"name":"security-ir","actions":{"BatchGetMemberAccountDetails":{"conditionKeys":[],"resources":[{"name":"membership"}],"description":"Grants permission to get member account details in batch","accessLevel":"Read","resourceTypes":[{"name":"membership","required":true}]},"CancelMembership":{"conditionKeys":[],"resources":[{"name":"membership"}],"description":"Grants permission to cancel a membership","accessLevel":"Write","resourceTypes":[{"name":"membership","required":true}]},"CloseCase":{"conditionKeys":[],"resources":[{"name":"case"}],"description":"Grants permission to close a case","accessLevel":"Write","resourceTypes":[{"name":"case","required":true}]},"CreateCase":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"case"}],"description":"Grants permission to create a case","accessLevel":"Write","resourceTypes":[{"name":"case","required":true}]},"CreateCaseComment":{"conditionKeys":[],"resources":[{"name":"case"}],"description":"Grants permission to create a case comment","accessLevel":"Write","resourceTypes":[{"name":"case","required":true}]},"CreateMembership":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"membership"}],"description":"Grants permission to create a membership","accessLevel":"Write","resourceTypes":[{"name":"membership","required":true}],"dependentActions":["iam:CreateServiceLinkedRole","organizations:DescribeOrganization","organizations:ListAWSServiceAccessForOrganization","organizations:ListDelegatedAdministrators"]},"GetCase":{"conditionKeys":[],"resources":[{"name":"case"}],"description":"Grants permission to get a case","accessLevel":"Read","resourceTypes":[{"name":"case","required":true}]},"GetCaseAttachmentDownloadUrl":{"conditionKeys":[],"resources":[{"name":"case"}],"description":"Grants permission to get a case attachment download URL","accessLevel":"Read","resourceTypes":[{"name":"case","required":true}]},"GetCaseAttachmentUploadUrl":{"conditionKeys":[],"resources":[{"name":"case"}],"description":"Grants permission to get a case attachment upload URL","accessLevel":"Write","resourceTypes":[{"name":"case","required":true}]},"GetMembership":{"conditionKeys":[],"resources":[{"name":"membership"}],"description":"Grants permission to get a membership","accessLevel":"Read","resourceTypes":[{"name":"membership","required":true}]},"ListCaseEdits":{"conditionKeys":[],"resources":[{"name":"case"}],"description":"Grants permission to list case edits","accessLevel":"Read","resourceTypes":[{"name":"case","required":true}]},"ListCases":{"conditionKeys":[],"resources":[],"description":"Grants permission to list cases","accessLevel":"List","resourceTypes":[]},"ListComments":{"conditionKeys":[],"resources":[{"name":"case"}],"description":"Grants permission to list case comments","accessLevel":"Read","resourceTypes":[{"name":"case","required":true}]},"ListInvestigations":{"conditionKeys":[],"resources":[{"name":"case"}],"description":"Grants permission to list investigations for a case","accessLevel":"Read","resourceTypes":[{"name":"case","required":true}]},"ListMemberships":{"conditionKeys":[],"resources":[],"description":"Grants permission to list memberships","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":["aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"case"},{"name":"membership"}],"description":"Grants permission to list the tags attached to the specified resource","accessLevel":"Read","resourceTypes":[{"name":"case","required":false},{"name":"membership","required":false}]},"SendFeedback":{"conditionKeys":[],"resources":[{"name":"case"}],"description":"Grants permission to send feedback for investigation results","accessLevel":"Write","resourceTypes":[{"name":"case","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"case"},{"name":"membership"}],"description":"Grants permission to add tags to the specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"case","required":false},{"name":"membership","required":false}]},"UntagResource":{"conditionKeys":["aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"case"},{"name":"membership"}],"description":"Grants permission to remove tags from the specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"case","required":false},{"name":"membership","required":false}]},"UpdateCase":{"conditionKeys":[],"resources":[{"name":"case"}],"description":"Grants permission to update a case","accessLevel":"Write","resourceTypes":[{"name":"case","required":true}]},"UpdateCaseComment":{"conditionKeys":[],"resources":[{"name":"case"}],"description":"Grants permission to update a case comment","accessLevel":"Write","resourceTypes":[{"name":"case","required":true}]},"UpdateCaseStatus":{"conditionKeys":[],"resources":[{"name":"case"}],"description":"Grants permission to update a case status","accessLevel":"Write","resourceTypes":[{"name":"case","required":true}]},"UpdateMembership":{"conditionKeys":[],"resources":[{"name":"membership"}],"description":"Grants permission to update memberships","accessLevel":"Write","resourceTypes":[{"name":"membership","required":true}],"dependentActions":["iam:CreateServiceLinkedRole","organizations:DescribeOrganizationalUnit"]},"UpdateResolverType":{"conditionKeys":[],"resources":[{"name":"case"}],"description":"Grants permission to update case resolver type","accessLevel":"Write","resourceTypes":[{"name":"case","required":true}]}},"resources":[{"name":"case","arnFormats":["arn:${Partition}:security-ir:${Region}:${Account}:case/${CaseId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"membership","arnFormats":["arn:${Partition}:security-ir:${Region}:${Account}:membership/${MembershipId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/securityagent.json

@@ -0,0 +1 @@
+{"name":"securityagent","actions":{"AddArtifact":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to add an Artifact for the given Agent Instance","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"AddControl":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to add a customer managed Control","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}]},"BatchDeletePentests":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to delete multiple penetration tests in a single request","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"BatchGetAgentInstances":{"conditionKeys":[],"resources":[{"name":"AgentInstance"}],"description":"Grants permission to retrieve multiple agent instances in a single request","accessLevel":"Read","resourceTypes":[{"name":"AgentInstance","required":true}]},"BatchGetAgentSpaces":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to retrieve multiple agent spaces in a single request","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"BatchGetArtifactMetadata":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to retrieve one or more Artifact Metadata records for the given Agent Instance","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"BatchGetFindings":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to retrieve multiple security testing findings in a single request","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"BatchGetPentestJobContentMetadata":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to retrieve multiple pentest job contents metadata in a single request","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"BatchGetPentestJobTasks":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to retrieve multiple pentest job tasks in a single request","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"BatchGetPentestJobs":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to retrieve multiple security testing jobs in a single request","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"BatchGetPentests":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to retrieve multiple penetration tests in a single request","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"BatchGetSecurityTestContentMetadata":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to retrieve multiple security testing contents metadata in a single request","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"BatchGetTargetDomains":{"conditionKeys":[],"resources":[{"name":"TargetDomain"}],"description":"Grants permission to retrieve multiple target domains in a single request","accessLevel":"Read","resourceTypes":[{"name":"TargetDomain","required":true}]},"BatchGetTasks":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to retrieve multiple security testing tasks in a single request","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"CreateAgentInstance":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to create an agent instance record","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}]},"CreateAgentSpace":{"conditionKeys":[],"resources":[],"description":"Grants permission to create an agent space record","accessLevel":"Write","resourceTypes":[]},"CreateApplication":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a new application","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:PassRole","sso:CreateApplication"]},"CreateDesignReview":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to create a design review","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"CreateDocumentReview":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to create a document review","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"CreateIntegration":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to create a security testing integration","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}]},"CreateMembership":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to add a single member to a agent instance with specified role","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"CreateOneTimeLoginSession":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to create a one time login session","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"CreatePentest":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to create a new penetration test configuration","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"CreateSecurityRequirement":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to add a customer managed Security Requirement","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}]},"CreateTargetDomain":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a target domain record","accessLevel":"Write","resourceTypes":[]},"DeleteAgentInstance":{"conditionKeys":[],"resources":[{"name":"AgentInstance"}],"description":"Grants permission to delete an agent instance record","accessLevel":"Write","resourceTypes":[{"name":"AgentInstance","required":true}]},"DeleteAgentSpace":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to delete an agent space record","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"DeleteApplication":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to delete application","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}]},"DeleteArtifact":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to delete an Artifact","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"DeleteControl":{"conditionKeys":[],"resources":[{"name":"Control"}],"description":"Grants permission to delete a customer managed Control","accessLevel":"Write","resourceTypes":[{"name":"Control","required":true}]},"DeleteDesignReview":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to delete a design review","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"DeleteDocumentReview":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to delete a document review","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"DeleteIntegration":{"conditionKeys":[],"resources":[{"name":"Integration"}],"description":"Grants permission to delete the integration of an application","accessLevel":"Write","resourceTypes":[{"name":"Integration","required":true}]},"DeleteMembership":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to remove a single member associated to an agent instance","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"DeleteSecurityRequirement":{"conditionKeys":[],"resources":[{"name":"SecurityRequirement"}],"description":"Grants permission to delete a customer managed Security Requirement","accessLevel":"Write","resourceTypes":[{"name":"SecurityRequirement","required":true}]},"DeleteTargetDomain":{"conditionKeys":[],"resources":[{"name":"TargetDomain"}],"description":"Grants permission to delete a target domain record","accessLevel":"Write","resourceTypes":[{"name":"TargetDomain","required":true}]},"DescribeFindings":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to retrieve security findings for a penetration test or security testing tasks in a penetration test","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"GetApplication":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to get application details by application ID","accessLevel":"Read","resourceTypes":[{"name":"Application","required":true}]},"GetArtifact":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to retrieve an Artifact for the given Agent Instance","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"GetCodeReviewTask":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to retrieve a Code Review Task","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"GetControl":{"conditionKeys":[],"resources":[{"name":"Control"}],"description":"Grants permission to retrieve a Control","accessLevel":"Read","resourceTypes":[{"name":"Control","required":true}]},"GetDesignReview":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to get the status of the associated agent space design review","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"GetDesignReviewArtifact":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to get design review artifact for a specific document","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"GetDesignReviewFeedback":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to get feedback for a design review comment","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"GetDocReviewTask":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to retrieve a document review task","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"GetDocumentReview":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to get the status of the associated agent instance document review","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"GetDocumentReviewArtifact":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to get document review artifact for a specific document","accessLevel":"Read","resourceTypes":[{"name":"AgentSpace","required":true}]},"GetIntegration":{"conditionKeys":[],"resources":[{"name":"Integration"}],"description":"Grants permission to get the integration metadata by ID","accessLevel":"Read","resourceTypes":[{"name":"Integration","required":true}]},"GetLoginSessionCredentials":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve credentials for a one time login session","accessLevel":"Read","resourceTypes":[]},"GetSecurityRequirement":{"conditionKeys":[],"resources":[{"name":"SecurityRequirement"}],"description":"Grants permission to retrieve a Security Requirement","accessLevel":"Read","resourceTypes":[{"name":"SecurityRequirement","required":true}]},"HandleOneTimeLoginSession":{"conditionKeys":[],"resources":[],"description":"Grants permission to process and invalidate a one time login session","accessLevel":"Write","resourceTypes":[]},"InitiateProviderRegistration":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to initiate the registration of Security Agent App for the given provider (eg: GitHub)","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}]},"ListAgentInstanceTasks":{"conditionKeys":[],"resources":[{"name":"AgentInstance"}],"description":"Grants permission to list tasks for a specific agent instance","accessLevel":"List","resourceTypes":[{"name":"AgentInstance","required":true}]},"ListAgentInstances":{"conditionKeys":[],"resources":[],"description":"Grants permission to list agent instances","accessLevel":"List","resourceTypes":[]},"ListAgentSpaces":{"conditionKeys":[],"resources":[],"description":"Grants permission to list agent spaces","accessLevel":"List","resourceTypes":[]},"ListApplications":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all applications in the account","accessLevel":"List","resourceTypes":[]},"ListArtifacts":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to list all artifacts for the given project","accessLevel":"List","resourceTypes":[{"name":"AgentSpace","required":true}]},"ListControls":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all Controls","accessLevel":"List","resourceTypes":[]},"ListDesignReviewComments":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to list design review comments","accessLevel":"List","resourceTypes":[{"name":"AgentSpace","required":true}]},"ListDesignReviews":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to list all design reviews for the given project","accessLevel":"List","resourceTypes":[{"name":"AgentSpace","required":true}]},"ListDiscoveredEndpoints":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to list discovered endpoints associated with a pentest job with optional URI prefix filtering","accessLevel":"List","resourceTypes":[{"name":"AgentSpace","required":true}]},"ListDocumentReviewComments":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to list document review comments","accessLevel":"List","resourceTypes":[{"name":"AgentSpace","required":true}]},"ListDocumentReviews":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to list all document reviews for the given project","accessLevel":"List","resourceTypes":[{"name":"AgentSpace","required":true}]},"ListFindings":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to list findings with filtering and pagination support","accessLevel":"List","resourceTypes":[{"name":"AgentSpace","required":true}]},"ListIntegratedResources":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to list integrated resources for an agent instance","accessLevel":"List","resourceTypes":[{"name":"AgentSpace","required":true}]},"ListIntegrations":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the integrations owned by the caller's AWS account","accessLevel":"List","resourceTypes":[]},"ListMemberships":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to list all members associated to an agent instance with pagination support","accessLevel":"List","resourceTypes":[{"name":"AgentSpace","required":true}]},"ListPentestJobTasks":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to list pentest job tasks associated with a pentest job","accessLevel":"List","resourceTypes":[{"name":"AgentSpace","required":true}]},"ListPentestJobsForPentest":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to list penetration test jobs associated with a penetration test","accessLevel":"List","resourceTypes":[{"name":"AgentSpace","required":true}]},"ListPentests":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to list penetration tests with optional filtering by status","accessLevel":"List","resourceTypes":[{"name":"AgentSpace","required":true}]},"ListResourcesFromIntegration":{"conditionKeys":[],"resources":[{"name":"Integration"}],"description":"Grants permission to list resources from Integration","accessLevel":"List","resourceTypes":[{"name":"Integration","required":true}]},"ListSecurityRequirements":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all Security Requirements","accessLevel":"List","resourceTypes":[]},"ListTargetDomains":{"conditionKeys":[],"resources":[],"description":"Grants permission to list target domains","accessLevel":"List","resourceTypes":[]},"ListTasks":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to list security testing tasks associated with a pentest job","accessLevel":"List","resourceTypes":[{"name":"AgentSpace","required":true}]},"PutDesignReviewFeedback":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to submit feedback for a design review comment","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"StartCodeRemediation":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to start code remediation for the findings","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"StartPentestExecution":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to initiate the execution of a penetration test","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"StartPentestJob":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to initiate the execution of a penetration test","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"StopPentestExecution":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to stop the execution of a running penetration test","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"StopPentestJob":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to stop the execution of a running penetration test","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"ToggleManagedControl":{"conditionKeys":[],"resources":[{"name":"Control"}],"description":"Grants permission to toggle the status","accessLevel":"Write","resourceTypes":[{"name":"Control","required":true}]},"ToggleManagedSecurityRequirement":{"conditionKeys":[],"resources":[{"name":"SecurityRequirement"}],"description":"Grants permission to toggle the status of a managed Security Requirement","accessLevel":"Write","resourceTypes":[{"name":"SecurityRequirement","required":true}]},"UpdateAgentInstance":{"conditionKeys":[],"resources":[{"name":"AgentInstance"}],"description":"Grants permission to update an agent instance record","accessLevel":"Write","resourceTypes":[{"name":"AgentInstance","required":true}]},"UpdateAgentSpace":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to update an agent space record","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"UpdateApplication":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to update application configuration","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}],"dependentActions":["iam:PassRole"]},"UpdateControl":{"conditionKeys":[],"resources":[{"name":"Control"}],"description":"Grants permission to update a customer managed Control","accessLevel":"Write","resourceTypes":[{"name":"Control","required":true}]},"UpdateFinding":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to update an existing security finding with new details or status","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"UpdateIntegratedResources":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to update integrated resources for an agent instance","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"UpdatePentest":{"conditionKeys":[],"resources":[{"name":"AgentSpace"}],"description":"Grants permission to update an existing penetration test with new configuration or settings","accessLevel":"Write","resourceTypes":[{"name":"AgentSpace","required":true}]},"UpdateSecurityRequirement":{"conditionKeys":[],"resources":[{"name":"SecurityRequirement"}],"description":"Grants permission to update a customer managed Security Requirement","accessLevel":"Write","resourceTypes":[{"name":"SecurityRequirement","required":true}]},"UpdateTargetDomain":{"conditionKeys":[],"resources":[{"name":"TargetDomain"}],"description":"Grants permission to update a target domain record","accessLevel":"Write","resourceTypes":[{"name":"TargetDomain","required":true}]},"VerifyTargetDomain":{"conditionKeys":[],"resources":[{"name":"TargetDomain"}],"description":"Grants permission to verify ownership for a registered target domain","accessLevel":"Write","resourceTypes":[{"name":"TargetDomain","required":true}]}},"resources":[{"name":"AgentInstance","arnFormats":["arn:${Partition}:securityagent:${Region}:${Account}:agent-instance/${AgentId}"],"conditionKeys":[]},{"name":"AgentSpace","arnFormats":["arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}"],"conditionKeys":[]},{"name":"Application","arnFormats":["arn:${Partition}:securityagent:${Region}:${Account}:application/${ApplicationId}"],"conditionKeys":[]},{"name":"Artifact","arnFormats":["arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}/artifact/${ArtifactId}"],"conditionKeys":[]},{"name":"Control","arnFormats":["arn:${Partition}:securityagent:${Region}:${Account}:control/${ControlId}"],"conditionKeys":[]},{"name":"Finding","arnFormats":["arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}/finding/${FindingId}"],"conditionKeys":[]},{"name":"Integration","arnFormats":["arn:${Partition}:securityagent:${Region}:${Account}:integration/${IntegrationId}"],"conditionKeys":[]},{"name":"Pentest","arnFormats":["arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}/pentest/${PentestId}"],"conditionKeys":[]},{"name":"PentestJob","arnFormats":["arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}/pentest-job/${JobId}"],"conditionKeys":[]},{"name":"PentestTask","arnFormats":["arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}/pentest-task/${TaskId}"],"conditionKeys":[]},{"name":"SecurityRequirement","arnFormats":["arn:${Partition}:securityagent:${Region}:${Account}:security-requirement/${SecurityRequirementId}"],"conditionKeys":[]},{"name":"TargetDomain","arnFormats":["arn:${Partition}:securityagent:${Region}:${Account}:target-domain/${TargetDomainId}"],"conditionKeys":[]}],"conditionKeys":{}}

package/src/data/servicereference/services/securityhub.json

@@ -0,0 +1 @@
+{"name":"securityhub","actions":{"AcceptAdministratorInvitation":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to accept Security Hub invitations to become a member account","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"AcceptInvitation":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to accept Security Hub invitations to become a member account","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"AllowVendedLogDeliveryForResource":{"conditionKeys":[],"resources":[{"name":"hub"},{"name":"hubv2"}],"description":"Grants permission to log delivery for resources","accessLevel":"Permissions management","resourceTypes":[{"name":"hub","required":false},{"name":"hubv2","required":false}],"permissionOnly":true},"BatchDeleteAutomationRules":{"conditionKeys":[],"resources":[{"name":"automation-rule"}],"description":"Grants permission to delete one or more automation rules in Security Hub","accessLevel":"Write","resourceTypes":[{"name":"automation-rule","required":true}]},"BatchDisableStandards":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to disable standards in Security Hub","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"BatchEnableStandards":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to enable standards in Security Hub","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"BatchGetAutomationRules":{"conditionKeys":[],"resources":[{"name":"automation-rule"}],"description":"Grants permission to retrieve a list of details for automation rules from Security Hub based on rule Amazon Resource Names (ARNs)","accessLevel":"Read","resourceTypes":[{"name":"automation-rule","required":true}]},"BatchGetConfigurationPolicyAssociations":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about configuration policies associated with a specific list of member accounts and organizational units of the calling account's organization","accessLevel":"Read","resourceTypes":[]},"BatchGetControlEvaluations":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to get the enablement and compliance status of controls, the findings count for controls, and the overall security score for controls on the Security Hub console","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}],"permissionOnly":true},"BatchGetSecurityControls":{"conditionKeys":[],"resources":[],"description":"Grants permission to get details about specific security controls identified by ID or ARN","accessLevel":"Read","resourceTypes":[],"dependentActions":["securityhub:DescribeStandardsControls"]},"BatchGetStandardsControlAssociations":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the enablement status of a batch of security controls in standards","accessLevel":"Read","resourceTypes":[],"dependentActions":["securityhub:DescribeStandardsControls"]},"BatchImportFindings":{"conditionKeys":["securityhub:TargetAccount"],"resources":[{"name":"product"}],"description":"Grants permission to import findings into Security Hub from an integrated product","accessLevel":"Write","resourceTypes":[{"name":"product","required":true}]},"BatchUpdateAutomationRules":{"conditionKeys":[],"resources":[{"name":"automation-rule"}],"description":"Grants permission to update one or more automation rules from Security Hub based on rule Amazon Resource Names (ARNs) and input parameters","accessLevel":"Write","resourceTypes":[{"name":"automation-rule","required":true}]},"BatchUpdateFindings":{"conditionKeys":["securityhub:ASFFSyntaxPath/${ASFFSyntaxPath}","securityhub:OCSFSyntaxPath/${OCSFSyntaxPath}"],"resources":[{"name":"hub"},{"name":"hubv2"}],"description":"Grants permission to update customer-controlled fields for a selected set of Security Hub findings","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false},{"name":"hubv2","required":false}]},"BatchUpdateStandardsControlAssociations":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the enablement status of a batch of security controls in standards","accessLevel":"Write","resourceTypes":[],"dependentActions":["securityhub:UpdateStandardsControl"]},"ConnectorRegistrationsV2":{"conditionKeys":[],"resources":[],"description":"Grants permission to complete the OAuth 2.0 authorization code flow based on input parameters","accessLevel":"Write","resourceTypes":[]},"CreateActionTarget":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to create custom actions in Security Hub","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"CreateAggregatorV2":{"conditionKeys":[],"resources":[],"description":"Grants permission to create an aggregatorV2, which configures data aggregation across Regions","accessLevel":"Write","resourceTypes":[]},"CreateAutomationRule":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create an automation rule based on input parameters","accessLevel":"Write","resourceTypes":[]},"CreateAutomationRuleV2":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create an automation rule V2 based on input parameters","accessLevel":"Write","resourceTypes":[]},"CreateConfigurationPolicy":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a configuration policy to manage organization member settings in Security Hub","accessLevel":"Write","resourceTypes":[]},"CreateConnectorV2":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a connector V2 based on input parameters","accessLevel":"Write","resourceTypes":[]},"CreateFindingAggregator":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a finding aggregator, which contains the cross-Region finding aggregation configuration","accessLevel":"Write","resourceTypes":[]},"CreateInsight":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to create insights in Security Hub. Insights are collections of related findings","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"CreateMembers":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to create member accounts in Security Hub","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"CreateTicketV2":{"conditionKeys":[],"resources":[{"name":"connectorv2"}],"description":"Grants permission to create ticket for a selected OCSF finding","accessLevel":"Write","resourceTypes":[{"name":"connectorv2","required":false}]},"DeclineInvitations":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to decline Security Hub invitations to become a member account","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"DeleteActionTarget":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to delete custom actions in Security Hub","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"DeleteAggregatorV2":{"conditionKeys":[],"resources":[{"name":"aggregatorv2"}],"description":"Grants permission to delete an aggregatorV2, which configures data aggregation across Regions","accessLevel":"Write","resourceTypes":[{"name":"aggregatorv2","required":true}]},"DeleteAutomationRuleV2":{"conditionKeys":[],"resources":[{"name":"automation-rulev2"}],"description":"Grants permission to delete an automation rule V2 in Security Hub","accessLevel":"Write","resourceTypes":[{"name":"automation-rulev2","required":true}]},"DeleteConfigurationPolicy":{"conditionKeys":[],"resources":[{"name":"configuration-policy"}],"description":"Grants permission to delete an existing configuration policy","accessLevel":"Write","resourceTypes":[{"name":"configuration-policy","required":true}]},"DeleteConnectorV2":{"conditionKeys":[],"resources":[{"name":"connectorv2"}],"description":"Grants permission to delete a connector V2 in Security Hub","accessLevel":"Write","resourceTypes":[{"name":"connectorv2","required":true}]},"DeleteFindingAggregator":{"conditionKeys":[],"resources":[{"name":"finding-aggregator"}],"description":"Grants permission to delete a finding aggregator, which disables finding aggregation across Regions","accessLevel":"Write","resourceTypes":[{"name":"finding-aggregator","required":true}]},"DeleteInsight":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to delete insights from Security Hub","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"DeleteInvitations":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to delete Security Hub invitations to become a member account","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"DeleteMembers":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to delete Security Hub member accounts","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"DescribeActionTargets":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve a list of custom actions using the API","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}]},"DescribeHub":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve information about the hub resource in your account","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}]},"DescribeOrganizationConfiguration":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to describe the organization configuration for Security Hub","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}]},"DescribeProducts":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve information about the available Security Hub product integrations","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}]},"DescribeProductsV2":{"conditionKeys":[],"resources":[{"name":"hubv2"}],"description":"Grants permission to retrieve information about the available Security Hub V2 product integrations","accessLevel":"Read","resourceTypes":[{"name":"hubv2","required":false}]},"DescribeSecurityHubV2":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about the hub V2 resource in your account","accessLevel":"Read","resourceTypes":[]},"DescribeStandards":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve information about Security Hub standards","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}]},"DescribeStandardsControls":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve information about Security Hub standards controls","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}]},"DisableImportFindingsForProduct":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to disable the findings importing for a Security Hub integrated product","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"DisableOrganizationAdminAccount":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to remove the Security Hub administrator account for your organization","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}],"dependentActions":["organizations:DeregisterDelegatedAdministrator","organizations:DescribeOrganization","organizations:ListDelegatedAdministrators"]},"DisableSecurityHub":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to disable Security Hub","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"DisableSecurityHubV2":{"conditionKeys":[],"resources":[],"description":"Grants permission to disable Security Hub V2","accessLevel":"Write","resourceTypes":[]},"DisassociateFromAdministratorAccount":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to a Security Hub member account to disassociate from the associated administrator account","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"DisassociateFromMasterAccount":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to a Security Hub member account to disassociate from the associated master account","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"DisassociateMembers":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to disassociate Security Hub member accounts from the associated administrator account","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"EnableImportFindingsForProduct":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to enable the findings importing for a Security Hub integrated product","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"EnableOrganizationAdminAccount":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to designate a Security Hub administrator account for your organization","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}],"dependentActions":["organizations:DescribeOrganization","organizations:EnableAWSServiceAccess","organizations:ListAWSServiceAccessForOrganization","organizations:ListDelegatedAdministrators","organizations:RegisterDelegatedAdministrator"]},"EnableSecurityHub":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"hub"}],"description":"Grants permission to enable Security Hub","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"EnableSecurityHubV2":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to enable Security Hub V2","accessLevel":"Write","resourceTypes":[]},"GetAdhocInsightResults":{"conditionKeys":[],"resources":[{"name":"hub"},{"name":"hubv2"}],"description":"Grants permission to retrieve aggregated statistical data about the findings","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false},{"name":"hubv2","required":false}],"permissionOnly":true},"GetAdministratorAccount":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve details about the Security Hub administrator account","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}]},"GetAggregatorV2":{"conditionKeys":[],"resources":[{"name":"aggregatorv2"}],"description":"Grants permission to retrieve details for an aggregatorV2, which configures data aggregation across Regions","accessLevel":"Read","resourceTypes":[{"name":"aggregatorv2","required":true}]},"GetAutomationRuleV2":{"conditionKeys":[],"resources":[{"name":"automation-rulev2"}],"description":"Grants permission to retrieve details for an automation rule V2 from Security Hub based on rule Amazon Resource Name (ARN)","accessLevel":"Read","resourceTypes":[{"name":"automation-rulev2","required":true}]},"GetConfigurationPolicy":{"conditionKeys":[],"resources":[{"name":"configuration-policy"}],"description":"Grants permission to get a complete overview of one configuration policy created by the calling account","accessLevel":"Read","resourceTypes":[{"name":"configuration-policy","required":true}]},"GetConfigurationPolicyAssociation":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about a configuration policy associated with a member account or organizational unit of the calling account's organization","accessLevel":"Read","resourceTypes":[]},"GetConnectorV2":{"conditionKeys":[],"resources":[{"name":"connectorv2"}],"description":"Grants permission to retrieve details for a connector V2 from Security Hub based on connector id","accessLevel":"Read","resourceTypes":[{"name":"connectorv2","required":true}]},"GetControlFindingSummary":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve a security score and counts of finding and control statuses for a security standard","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}],"permissionOnly":true},"GetEnabledStandards":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve a list of the standards that are enabled in Security Hub","accessLevel":"List","resourceTypes":[{"name":"hub","required":false}]},"GetFindingAggregator":{"conditionKeys":[],"resources":[{"name":"finding-aggregator"}],"description":"Grants permission to retrieve details for a finding aggregator, which configures finding aggregation across Regions","accessLevel":"Read","resourceTypes":[{"name":"finding-aggregator","required":true}]},"GetFindingHistory":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve a list of finding history from Security Hub","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}]},"GetFindings":{"conditionKeys":[],"resources":[{"name":"hub"},{"name":"hubv2"}],"description":"Grants permission to retrieve a list of findings from Security Hub","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false},{"name":"hubv2","required":false}]},"GetFindingsTrendsV2":{"conditionKeys":[],"resources":[{"name":"hubv2"}],"description":"Grants permission to retrieve findings trends","accessLevel":"Read","resourceTypes":[{"name":"hubv2","required":false}]},"GetFreeTrialEndDate":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve the end date for an account's free trial of Security Hub","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}],"permissionOnly":true},"GetFreeTrialUsage":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve information about Security Hub usage during the free trial period","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}],"permissionOnly":true},"GetInsightFindingTrend":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve an insight finding trend from Security Hub in order to generate a graph","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}],"permissionOnly":true},"GetInsightResults":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve insight results from Security Hub","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}]},"GetInsights":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve Security Hub insights","accessLevel":"List","resourceTypes":[{"name":"hub","required":false}]},"GetInvitationsCount":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve the count of Security Hub membership invitations sent to the account","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}]},"GetMasterAccount":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve details about the Security Hub master account","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}]},"GetMembers":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve the details of Security Hub member accounts","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}]},"GetResourcesStatisticsV2":{"conditionKeys":[],"resources":[{"name":"hubv2"}],"description":"Grants permission to retrieve aggregate statistics about resources","accessLevel":"Read","resourceTypes":[{"name":"hubv2","required":false}]},"GetResourcesTrendsV2":{"conditionKeys":[],"resources":[{"name":"hubv2"}],"description":"Grants permission to retrieve resources trends","accessLevel":"Read","resourceTypes":[{"name":"hubv2","required":false}]},"GetResourcesV2":{"conditionKeys":[],"resources":[{"name":"hubv2"}],"description":"Grants permission to retrieve a list of resources","accessLevel":"Read","resourceTypes":[{"name":"hubv2","required":false}]},"GetSecurityControlDefinition":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the definition details of a specific security control identified by ID","accessLevel":"Read","resourceTypes":[],"dependentActions":["securityhub:DescribeStandardsControls"]},"GetUsage":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve information about Security Hub usage by accounts","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}],"permissionOnly":true},"InviteMembers":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to invite other AWS accounts to become Security Hub member accounts","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"ListAggregatorsV2":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of aggregatorsV2, which configures data aggregation across Regions","accessLevel":"List","resourceTypes":[]},"ListAutomationRules":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of automation rules and their metadata for the calling account from Security Hub","accessLevel":"List","resourceTypes":[]},"ListAutomationRulesV2":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of automation rules V2 and their metadata for the calling account from Security Hub","accessLevel":"List","resourceTypes":[]},"ListConfigurationPolicies":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the summaries of all configuration policies created by the calling account","accessLevel":"List","resourceTypes":[]},"ListConfigurationPolicyAssociations":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about all configuration policies associationed with all member accounts and organizational units of the calling account's organization","accessLevel":"List","resourceTypes":[]},"ListConnectorsV2":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of connectors V2 and their metadata for the calling account from Security Hub","accessLevel":"List","resourceTypes":[]},"ListControlEvaluationSummaries":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve a list of controls for a standard, including the control IDs, statuses and finding counts","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}],"permissionOnly":true},"ListEnabledProductsForImport":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve the Security Hub integrated products that are currently enabled","accessLevel":"List","resourceTypes":[{"name":"hub","required":false}]},"ListFindingAggregators":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of finding aggregators, which contain the cross-Region finding aggregation configuration","accessLevel":"List","resourceTypes":[]},"ListInvitations":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve the Security Hub invitations sent to the account","accessLevel":"List","resourceTypes":[{"name":"hub","required":false}]},"ListMembers":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to retrieve details about Security Hub member accounts associated with the administrator account","accessLevel":"List","resourceTypes":[{"name":"hub","required":false}]},"ListOrganizationAdminAccounts":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to list the Security Hub administrator accounts for your organization","accessLevel":"List","resourceTypes":[{"name":"hub","required":false}],"dependentActions":["organizations:DescribeOrganization","organizations:ListDelegatedAdministrators"]},"ListSecurityControlDefinitions":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of security control definitions, which contain details for security controls in the current region","accessLevel":"List","resourceTypes":[]},"ListStandardsControlAssociations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the enablement status of a security control in standards","accessLevel":"List","resourceTypes":[],"dependentActions":["securityhub:DescribeStandardsControls"]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"automation-rule"},{"name":"configuration-policy"},{"name":"hub"}],"description":"Grants permission to list of tags associated with a resource","accessLevel":"Read","resourceTypes":[{"name":"automation-rule","required":false},{"name":"configuration-policy","required":false},{"name":"hub","required":false}]},"SendFindingEvents":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to use a custom action to send Security Hub findings to Amazon EventBridge","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}],"permissionOnly":true},"SendInsightEvents":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to use a custom action to send Security Hub insights to Amazon EventBridge","accessLevel":"Read","resourceTypes":[{"name":"hub","required":false}],"permissionOnly":true},"StartConfigurationPolicyAssociation":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to associate a configuration policy with a member account or organizational unit in the calling account's organization","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"StartConfigurationPolicyDisassociation":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to remove a configuration policy association from a member account or organizational unit in the calling account's organization","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"TagResource":{"conditionKeys":[],"resources":[{"name":"aggregatorv2"},{"name":"automation-rule"},{"name":"automation-rulev2"},{"name":"configuration-policy"},{"name":"connectorv2"},{"name":"hub"},{"name":"hubv2"}],"description":"Grants permission to add tags to a Security Hub resource","accessLevel":"Tagging","resourceTypes":[{"name":"aggregatorv2","required":false},{"name":"automation-rule","required":false},{"name":"automation-rulev2","required":false},{"name":"configuration-policy","required":false},{"name":"connectorv2","required":false},{"name":"hub","required":false},{"name":"hubv2","required":false}]},"UntagResource":{"conditionKeys":[],"resources":[{"name":"aggregatorv2"},{"name":"automation-rule"},{"name":"automation-rulev2"},{"name":"configuration-policy"},{"name":"connectorv2"},{"name":"hub"},{"name":"hubv2"}],"description":"Grants permission to remove tags from a Security Hub resource","accessLevel":"Tagging","resourceTypes":[{"name":"aggregatorv2","required":false},{"name":"automation-rule","required":false},{"name":"automation-rulev2","required":false},{"name":"configuration-policy","required":false},{"name":"connectorv2","required":false},{"name":"hub","required":false},{"name":"hubv2","required":false}]},"UpdateActionTarget":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to update custom actions in Security Hub","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"UpdateAggregatorV2":{"conditionKeys":[],"resources":[{"name":"aggregatorv2"}],"description":"Grants permission to update an aggregatorV2, which configures data aggregation across Regions","accessLevel":"Write","resourceTypes":[{"name":"aggregatorv2","required":true}]},"UpdateAutomationRuleV2":{"conditionKeys":[],"resources":[{"name":"automation-rulev2"}],"description":"Grants permission to update an automation rule V2 in Security Hub based on rule Amazon Resource Name (ARN) and input parameters","accessLevel":"Write","resourceTypes":[{"name":"automation-rulev2","required":true}]},"UpdateConfigurationPolicy":{"conditionKeys":[],"resources":[{"name":"configuration-policy"}],"description":"Grants permission to update an existing configuration policy","accessLevel":"Write","resourceTypes":[{"name":"configuration-policy","required":true}]},"UpdateConnectorV2":{"conditionKeys":[],"resources":[{"name":"connectorv2"}],"description":"Grants permission to update a connector V2 in Security Hub based on connector id and input parameters","accessLevel":"Write","resourceTypes":[{"name":"connectorv2","required":true}]},"UpdateFindingAggregator":{"conditionKeys":[],"resources":[{"name":"finding-aggregator"}],"description":"Grants permission to update a finding aggregator, which contains the cross-Region finding aggregation configuration","accessLevel":"Write","resourceTypes":[{"name":"finding-aggregator","required":true}]},"UpdateFindings":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to update Security Hub findings","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"UpdateInsight":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to update insights in Security Hub","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"UpdateOrganizationConfiguration":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to update the organization configuration for Security Hub","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"UpdateSecurityControl":{"conditionKeys":[],"resources":[],"description":"Grants permission to update properties of a specific security control identified by ID or ARN","accessLevel":"Write","resourceTypes":[],"dependentActions":["securityhub:UpdateStandardsControl"]},"UpdateSecurityHubConfiguration":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to update Security Hub configuration","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]},"UpdateStandardsControl":{"conditionKeys":[],"resources":[{"name":"hub"}],"description":"Grants permission to update Security Hub standards controls","accessLevel":"Write","resourceTypes":[{"name":"hub","required":false}]}},"resources":[{"name":"aggregatorv2","arnFormats":["arn:${Partition}:securityhub:${Region}:${Account}:aggregatorv2/${AggregatorV2Id}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"automation-rule","arnFormats":["arn:${Partition}:securityhub:${Region}:${Account}:automation-rule/${AutomationRuleId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"automation-rulev2","arnFormats":["arn:${Partition}:securityhub:${Region}:${Account}:automation-rulev2/${AutomationRuleV2Id}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"configuration-policy","arnFormats":["arn:${Partition}:securityhub:${Region}:${Account}:configuration-policy/${ConfigurationPolicyId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"connectorv2","arnFormats":["arn:${Partition}:securityhub:${Region}:${Account}:connectorv2/${ConnectorV2Id}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"finding-aggregator","arnFormats":["arn:${Partition}:securityhub:${Region}:${Account}:finding-aggregator/${FindingAggregatorId}"],"conditionKeys":[]},{"name":"hub","arnFormats":["arn:${Partition}:securityhub:${Region}:${Account}:hub/default"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"hubv2","arnFormats":["arn:${Partition}:securityhub:${Region}:${Account}:hubv2/${HubV2Id}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"product","arnFormats":["arn:${Partition}:securityhub:${Region}:${Account}:product/${Company}/${ProductId}"],"conditionKeys":[]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by actions based on the presence of tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by actions based on tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by actions based on the presence of tag keys in the request"},"securityhub:ASFFSyntaxPath/${ASFFSyntaxPath}":{"types":["String"],"description":"Filters access by the specified fields and values in the request"},"securityhub:OCSFSyntaxPath/${OCSFSyntaxPath}":{"types":["String"],"description":"Filters access by the specified fields and values in the request"},"securityhub:TargetAccount":{"types":["String"],"description":"Filters access by the AwsAccountId field that is specified in the request"}}}

package/src/data/servicereference/services/securitylake.json

@@ -0,0 +1 @@
+{"name":"securitylake","actions":{"CreateAwsLogSource":{"conditionKeys":[],"resources":[{"name":"data-lake"}],"description":"Grants permission to enable any source type in any region for accounts that are either part of a trusted organization or standalone account","accessLevel":"Write","resourceTypes":[{"name":"data-lake","required":true}],"dependentActions":["glue:CreateDatabase","glue:CreateTable","glue:GetDatabase","glue:GetTable","iam:CreateServiceLinkedRole","kms:CreateGrant","kms:DescribeKey"]},"CreateCustomLogSource":{"conditionKeys":[],"resources":[{"name":"data-lake"}],"description":"Grants permission to add a custom source","accessLevel":"Write","resourceTypes":[{"name":"data-lake","required":true}],"dependentActions":["glue:CreateCrawler","glue:CreateDatabase","glue:CreateTable","glue:StartCrawlerSchedule","iam:DeleteRolePolicy","iam:GetRole","iam:PassRole","iam:PutRolePolicy","kms:CreateGrant","kms:DescribeKey","kms:GenerateDataKey","lakeformation:GrantPermissions","lakeformation:RegisterResource","s3:ListBucket","s3:PutObject"]},"CreateDataLake":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"data-lake"}],"description":"Grants permission to create a new security data lake","accessLevel":"Write","resourceTypes":[{"name":"data-lake","required":true}],"dependentActions":["events:PutRule","events:PutTargets","iam:CreateServiceLinkedRole","iam:DeleteRolePolicy","iam:GetRole","iam:ListAttachedRolePolicies","iam:PassRole","iam:PutRolePolicy","kms:CreateGrant","kms:DescribeKey","lakeformation:GetDataLakeSettings","lakeformation:PutDataLakeSettings","lambda:AddPermission","lambda:CreateEventSourceMapping","lambda:CreateFunction","organizations:DescribeOrganization","organizations:ListAccounts","organizations:ListDelegatedServicesForAccount","s3:CreateBucket","s3:GetObject","s3:GetObjectVersion","s3:ListBucket","s3:PutBucketPolicy","s3:PutBucketPublicAccessBlock","s3:PutBucketVersioning","sqs:CreateQueue","sqs:GetQueueAttributes","sqs:SetQueueAttributes"]},"CreateDataLakeExceptionSubscription":{"conditionKeys":[],"resources":[],"description":"Grants permission to get instant notifications about exceptions. Subscribes to the SNS topics for exception notifications","accessLevel":"Write","resourceTypes":[]},"CreateDataLakeOrganizationConfiguration":{"conditionKeys":[],"resources":[{"name":"data-lake"}],"description":"Grants permission to automatically enable Amazon Security Lake for new member accounts in your organization","accessLevel":"Write","resourceTypes":[{"name":"data-lake","required":true}]},"CreateSubscriber":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a subscriber","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:CreateRole","iam:DeleteRolePolicy","iam:GetRole","iam:PutRolePolicy","lakeformation:GrantPermissions","lakeformation:ListPermissions","lakeformation:RegisterResource","lakeformation:RevokePermissions","ram:GetResourceShareAssociations","ram:GetResourceShares","ram:UpdateResourceShare","s3:PutObject"]},"CreateSubscriberNotification":{"conditionKeys":[],"resources":[{"name":"subscriber"}],"description":"Grants permission to create a webhook invocation to notify a client when there is new data in the data lake","accessLevel":"Write","resourceTypes":[{"name":"subscriber","required":true}],"dependentActions":["events:CreateApiDestination","events:CreateConnection","events:DescribeRule","events:ListApiDestinations","events:ListConnections","events:PutRule","events:PutTargets","iam:DeleteRolePolicy","iam:GetRole","iam:PassRole","s3:GetBucketNotification","s3:PutBucketNotification","sqs:CreateQueue","sqs:DeleteQueue","sqs:GetQueueAttributes","sqs:GetQueueUrl","sqs:SetQueueAttributes"]},"DeleteAwsLogSource":{"conditionKeys":[],"resources":[{"name":"data-lake"}],"description":"Grants permission to disable any source type in any region for accounts that are part of a trusted organization or standalone accounts","accessLevel":"Write","resourceTypes":[{"name":"data-lake","required":true}]},"DeleteCustomLogSource":{"conditionKeys":[],"resources":[{"name":"data-lake"}],"description":"Grants permission to remove a custom source","accessLevel":"Write","resourceTypes":[{"name":"data-lake","required":true}],"dependentActions":["glue:StopCrawlerSchedule"]},"DeleteDataLake":{"conditionKeys":[],"resources":[{"name":"data-lake"}],"description":"Grants permission to delete security data lake","accessLevel":"Write","resourceTypes":[{"name":"data-lake","required":true}],"dependentActions":["organizations:DescribeOrganization","organizations:ListDelegatedAdministrators","organizations:ListDelegatedServicesForAccount"]},"DeleteDataLakeExceptionSubscription":{"conditionKeys":[],"resources":[],"description":"Grants permission to unsubscribe from SNS topics for exception notifications. Removes exception notifications for the SNS topic","accessLevel":"Write","resourceTypes":[]},"DeleteDataLakeOrganizationConfiguration":{"conditionKeys":[],"resources":[{"name":"data-lake"}],"description":"Grants permission to remove the automatic enablement of Amazon Security Lake access for new organization accounts","accessLevel":"Write","resourceTypes":[{"name":"data-lake","required":true}]},"DeleteSubscriber":{"conditionKeys":[],"resources":[{"name":"subscriber"}],"description":"Grants permission to delete the specified subscriber","accessLevel":"Write","resourceTypes":[{"name":"subscriber","required":true}],"dependentActions":["events:DeleteApiDestination","events:DeleteConnection","events:DeleteRule","events:DescribeRule","events:ListApiDestinations","events:ListTargetsByRule","events:RemoveTargets","iam:DeleteRole","iam:DeleteRolePolicy","iam:GetRole","iam:ListRolePolicies","lakeformation:ListPermissions","lakeformation:RevokePermissions","sqs:DeleteQueue","sqs:GetQueueUrl"]},"DeleteSubscriberNotification":{"conditionKeys":[],"resources":[{"name":"subscriber"}],"description":"Grants permission to remove a webhook invocation to notify a client when there is new data in the data lake","accessLevel":"Write","resourceTypes":[{"name":"subscriber","required":true}],"dependentActions":["events:DeleteApiDestination","events:DeleteConnection","events:DeleteRule","events:DescribeRule","events:ListApiDestinations","events:ListTargetsByRule","events:RemoveTargets","iam:DeleteRole","iam:DeleteRolePolicy","iam:GetRole","iam:ListRolePolicies","lakeformation:RevokePermissions","sqs:DeleteQueue","sqs:GetQueueUrl"]},"DeregisterDataLakeDelegatedAdministrator":{"conditionKeys":[],"resources":[],"description":"Grants permission to remove the Delegated Administrator account and disable Amazon Security Lake as a service for this organization","accessLevel":"Write","resourceTypes":[],"dependentActions":["organizations:DeregisterDelegatedAdministrator","organizations:DescribeOrganization","organizations:ListDelegatedServicesForAccount"]},"GetDataLakeExceptionSubscription":{"conditionKeys":[],"resources":[],"description":"Grants permission to query the protocol and endpoint that were provided when subscribing to SNS topics for exception notifications","accessLevel":"Read","resourceTypes":[]},"GetDataLakeOrganizationConfiguration":{"conditionKeys":[],"resources":[{"name":"data-lake"}],"description":"Grants permission to get an organization's configuration setting for automatically enabling Amazon Security Lake access for new organization accounts","accessLevel":"Read","resourceTypes":[{"name":"data-lake","required":true}],"dependentActions":["organizations:DescribeOrganization"]},"GetDataLakeSources":{"conditionKeys":[],"resources":[{"name":"data-lake"}],"description":"Grants permission to get a static snapshot of the security data lake in the current region. The snapshot includes enabled accounts and log sources","accessLevel":"Read","resourceTypes":[{"name":"data-lake","required":true}]},"GetSubscriber":{"conditionKeys":[],"resources":[{"name":"subscriber"}],"description":"Grants permission to get information about subscriber that is already created","accessLevel":"Read","resourceTypes":[{"name":"subscriber","required":true}]},"ListDataLakeExceptions":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the list of all non-retryable failures","accessLevel":"List","resourceTypes":[]},"ListDataLakes":{"conditionKeys":[],"resources":[],"description":"Grants permission to list information about the security data lakes","accessLevel":"List","resourceTypes":[]},"ListLogSources":{"conditionKeys":[],"resources":[],"description":"Grants permission to view the enabled accounts. You can view the enabled sources in the enabled regions","accessLevel":"List","resourceTypes":[]},"ListSubscribers":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all subscribers","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"data-lake"},{"name":"subscriber"}],"description":"Grants permission to list all tags for the resource","accessLevel":"List","resourceTypes":[{"name":"data-lake","required":false},{"name":"subscriber","required":false}]},"RegisterDataLakeDelegatedAdministrator":{"conditionKeys":[],"resources":[],"description":"Grants permission to designate an account as the Amazon Security Lake administrator account for the organization","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:CreateServiceLinkedRole","organizations:DescribeOrganization","organizations:EnableAWSServiceAccess","organizations:ListDelegatedAdministrators","organizations:ListDelegatedServicesForAccount","organizations:RegisterDelegatedAdministrator"]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"data-lake"},{"name":"subscriber"}],"description":"Grants permission to add tags to the resource","accessLevel":"Tagging","resourceTypes":[{"name":"data-lake","required":false},{"name":"subscriber","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"data-lake"},{"name":"subscriber"}],"description":"Grants permission to remove tags from the resource","accessLevel":"Tagging","resourceTypes":[{"name":"data-lake","required":false},{"name":"subscriber","required":false}]},"UpdateDataLake":{"conditionKeys":[],"resources":[{"name":"data-lake"}],"description":"Grants permission to update a security data lake","accessLevel":"Write","resourceTypes":[{"name":"data-lake","required":true}],"dependentActions":["events:PutRule","events:PutTargets","iam:CreateServiceLinkedRole","iam:DeleteRolePolicy","iam:GetRole","iam:ListAttachedRolePolicies","iam:PutRolePolicy","kms:CreateGrant","kms:DescribeKey","lakeformation:GetDataLakeSettings","lakeformation:PutDataLakeSettings","lambda:AddPermission","lambda:CreateEventSourceMapping","lambda:CreateFunction","organizations:DescribeOrganization","organizations:ListDelegatedServicesForAccount","s3:CreateBucket","s3:GetObject","s3:GetObjectVersion","s3:ListBucket","s3:PutBucketPolicy","s3:PutBucketPublicAccessBlock","s3:PutBucketVersioning","sqs:CreateQueue","sqs:GetQueueAttributes","sqs:SetQueueAttributes"]},"UpdateDataLakeExceptionSubscription":{"conditionKeys":[],"resources":[],"description":"Grants permission to update subscriptions to the SNS topics for exception notifications","accessLevel":"Write","resourceTypes":[]},"UpdateSubscriber":{"conditionKeys":[],"resources":[{"name":"subscriber"}],"description":"Grants permission to update subscriber","accessLevel":"Write","resourceTypes":[{"name":"subscriber","required":true}],"dependentActions":["events:CreateApiDestination","events:CreateConnection","events:DescribeRule","events:ListApiDestinations","events:ListConnections","events:PutRule","events:PutTargets","iam:DeleteRolePolicy","iam:GetRole","iam:PutRolePolicy"]},"UpdateSubscriberNotification":{"conditionKeys":[],"resources":[{"name":"subscriber"}],"description":"Grants permission to update a webhook invocation to notify a client when there is new data in the data lake","accessLevel":"Write","resourceTypes":[{"name":"subscriber","required":true}],"dependentActions":["events:CreateApiDestination","events:CreateConnection","events:DescribeRule","events:ListApiDestinations","events:ListConnections","events:PutRule","events:PutTargets","iam:CreateServiceLinkedRole","iam:DeleteRolePolicy","iam:GetRole","iam:PassRole","iam:PutRolePolicy","s3:CreateBucket","s3:GetBucketNotification","s3:ListBucket","s3:PutBucketNotification","s3:PutBucketPolicy","s3:PutBucketPublicAccessBlock","s3:PutBucketVersioning","s3:PutLifecycleConfiguration","sqs:CreateQueue","sqs:DeleteQueue","sqs:GetQueueAttributes","sqs:GetQueueUrl","sqs:SetQueueAttributes"]}},"resources":[{"name":"data-lake","arnFormats":["arn:${Partition}:securitylake:${Region}:${Account}:data-lake/default"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}"]},{"name":"subscriber","arnFormats":["arn:${Partition}:securitylake:${Region}:${Account}:subscriber/${SubscriberId}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by a tag key and value pair of a resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by tag keys that are passed in the request"}}}

package/src/data/servicereference/services/serverlessrepo.json

@@ -0,0 +1 @@
+{"name":"serverlessrepo","actions":{"CreateApplication":{"conditionKeys":[],"resources":[],"description":"Grants permission to create an application, optionally including an AWS SAM file to create the first application version in the same call","accessLevel":"Write","resourceTypes":[]},"CreateApplicationVersion":{"conditionKeys":[],"resources":[{"name":"applications"}],"description":"Grants permission to create an application version","accessLevel":"Write","resourceTypes":[{"name":"applications","required":true}]},"CreateCloudFormationChangeSet":{"conditionKeys":["serverlessrepo:applicationType"],"resources":[{"name":"applications"}],"description":"Grants permission to create an AWS CloudFormation ChangeSet for the given application","accessLevel":"Write","resourceTypes":[{"name":"applications","required":true}]},"CreateCloudFormationTemplate":{"conditionKeys":["serverlessrepo:applicationType"],"resources":[{"name":"applications"}],"description":"Grants permission to create an AWS CloudFormation template","accessLevel":"Write","resourceTypes":[{"name":"applications","required":true}]},"DeleteApplication":{"conditionKeys":[],"resources":[{"name":"applications"}],"description":"Grants permission to delete the specified application","accessLevel":"Write","resourceTypes":[{"name":"applications","required":true}]},"GetApplication":{"conditionKeys":["serverlessrepo:applicationType"],"resources":[{"name":"applications"}],"description":"Grants permission to get the specified application","accessLevel":"Read","resourceTypes":[{"name":"applications","required":true}]},"GetApplicationPolicy":{"conditionKeys":[],"resources":[{"name":"applications"}],"description":"Grants permission to get the policy for the specified application","accessLevel":"Read","resourceTypes":[{"name":"applications","required":true}]},"GetCloudFormationTemplate":{"conditionKeys":[],"resources":[{"name":"applications"}],"description":"Grants permission to get the specified AWS CloudFormation template","accessLevel":"Read","resourceTypes":[{"name":"applications","required":true}]},"ListApplicationDependencies":{"conditionKeys":["serverlessrepo:applicationType"],"resources":[{"name":"applications"}],"description":"Grants permission to retrieve the list of applications nested in the containing application","accessLevel":"List","resourceTypes":[{"name":"applications","required":true}]},"ListApplicationVersions":{"conditionKeys":["serverlessrepo:applicationType"],"resources":[{"name":"applications"}],"description":"Grants permission to list versions for the specified application owned by the requester","accessLevel":"List","resourceTypes":[{"name":"applications","required":true}]},"ListApplications":{"conditionKeys":[],"resources":[],"description":"Grants permission to list applications owned by the requester","accessLevel":"List","resourceTypes":[]},"PutApplicationPolicy":{"conditionKeys":[],"resources":[{"name":"applications"}],"description":"Grants permission to put the policy for the specified application","accessLevel":"Write","resourceTypes":[{"name":"applications","required":true}]},"SearchApplications":{"conditionKeys":["serverlessrepo:applicationType"],"resources":[],"description":"Grants permission to get all applications authorized for this user","accessLevel":"Read","resourceTypes":[]},"UnshareApplication":{"conditionKeys":[],"resources":[{"name":"applications"}],"description":"Grants permission to unshare the specified application","accessLevel":"Write","resourceTypes":[{"name":"applications","required":true}]},"UpdateApplication":{"conditionKeys":[],"resources":[{"name":"applications"}],"description":"Grants permission to update meta-data of the application","accessLevel":"Write","resourceTypes":[{"name":"applications","required":true}]}},"resources":[{"name":"applications","arnFormats":["arn:${Partition}:serverlessrepo:${Region}:${Account}:applications/${ResourceId}"],"conditionKeys":[]}],"conditionKeys":{"serverlessrepo:applicationType":{"types":["String"],"description":"Filters access by application type"}}}

package/src/data/servicereference/services/servicecatalog.json

@@ -0,0 +1 @@
+{"name":"servicecatalog","actions":{"AcceptPortfolioShare":{"conditionKeys":[],"resources":[{"name":"Portfolio"}],"description":"Grants permission to accept a portfolio that has been shared with you","accessLevel":"Write","resourceTypes":[{"name":"Portfolio","required":true}]},"AssociateAttributeGroup":{"conditionKeys":[],"resources":[{"name":"Application"},{"name":"AttributeGroup"}],"description":"Grants permission to associate an attribute group with an application","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true},{"name":"AttributeGroup","required":true}]},"AssociateBudgetWithResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to associate a budget with a resource","accessLevel":"Write","resourceTypes":[]},"AssociatePrincipalWithPortfolio":{"conditionKeys":[],"resources":[{"name":"Portfolio"}],"description":"Grants permission to associate an IAM principal with a portfolio, giving the specified principal access to any products associated with the specified portfolio","accessLevel":"Write","resourceTypes":[{"name":"Portfolio","required":true}]},"AssociateProductWithPortfolio":{"conditionKeys":[],"resources":[],"description":"Grants permission to associate a product with a portfolio","accessLevel":"Write","resourceTypes":[]},"AssociateResource":{"conditionKeys":["servicecatalog:Resource","servicecatalog:ResourceType"],"resources":[{"name":"Application"}],"description":"Grants permission to associate a resource with an application","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}],"dependentActions":["cloudformation:DescribeStacks","resource-groups:CreateGroup","resource-groups:GetGroup","resource-groups:Tag"]},"AssociateServiceActionWithProvisioningArtifact":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to associate an action with a provisioning artifact","accessLevel":"Write","resourceTypes":[{"name":"Product","required":true}]},"AssociateTagOptionWithResource":{"conditionKeys":[],"resources":[{"name":"Portfolio"},{"name":"Product"}],"description":"Grants permission to associate the specified TagOption with the specified portfolio or product","accessLevel":"Write","resourceTypes":[{"name":"Portfolio","required":false},{"name":"Product","required":false}]},"BatchAssociateServiceActionWithProvisioningArtifact":{"conditionKeys":[],"resources":[],"description":"Grants permission to associate multiple self-service actions with provisioning artifacts","accessLevel":"Write","resourceTypes":[]},"BatchDisassociateServiceActionFromProvisioningArtifact":{"conditionKeys":[],"resources":[],"description":"Grants permission to disassociate a batch of self-service actions from the specified provisioning artifact","accessLevel":"Write","resourceTypes":[]},"CopyProduct":{"conditionKeys":[],"resources":[],"description":"Grants permission to copy the specified source product to the specified target product or a new product","accessLevel":"Write","resourceTypes":[]},"CreateApplication":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"Application"}],"description":"Grants permission to create an application","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}],"dependentActions":["iam:CreateServiceLinkedRole"]},"CreateAttributeGroup":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"AttributeGroup"}],"description":"Grants permission to create an attribute group","accessLevel":"Write","resourceTypes":[{"name":"AttributeGroup","required":true}]},"CreateConstraint":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to create a constraint on an associated product and portfolio","accessLevel":"Write","resourceTypes":[{"name":"Product","required":true}]},"CreatePortfolio":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"Portfolio"}],"description":"Grants permission to create a portfolio","accessLevel":"Write","resourceTypes":[{"name":"Portfolio","required":true}]},"CreatePortfolioShare":{"conditionKeys":[],"resources":[{"name":"Portfolio"}],"description":"Grants permission to share a portfolio you own with another AWS account","accessLevel":"Permissions management","resourceTypes":[{"name":"Portfolio","required":true}]},"CreateProduct":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"Product"}],"description":"Grants permission to create a product and that product's first provisioning artifact","accessLevel":"Write","resourceTypes":[{"name":"Product","required":true}]},"CreateProvisionedProductPlan":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to add a new provisioned product plan","accessLevel":"Write","resourceTypes":[]},"CreateProvisioningArtifact":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to add a new provisioning artifact to an existing product","accessLevel":"Write","resourceTypes":[{"name":"Product","required":true}]},"CreateServiceAction":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a self-service action","accessLevel":"Write","resourceTypes":[]},"CreateTagOption":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a TagOption","accessLevel":"Write","resourceTypes":[]},"DeleteApplication":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to delete an application if all associations have been removed from the application","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}]},"DeleteAttributeGroup":{"conditionKeys":[],"resources":[{"name":"AttributeGroup"}],"description":"Grants permission to delete an attribute group if all associations have been removed from the attribute group","accessLevel":"Write","resourceTypes":[{"name":"AttributeGroup","required":true}]},"DeleteConstraint":{"conditionKeys":[],"resources":[],"description":"Grants permission to remove and delete an existing constraint from an associated product and portfolio","accessLevel":"Write","resourceTypes":[]},"DeletePortfolio":{"conditionKeys":[],"resources":[{"name":"Portfolio"}],"description":"Grants permission to delete a portfolio if all associations and shares have been removed from the portfolio","accessLevel":"Write","resourceTypes":[{"name":"Portfolio","required":true}]},"DeletePortfolioShare":{"conditionKeys":[],"resources":[{"name":"Portfolio"}],"description":"Grants permission to unshare a portfolio you own from an AWS account you previously shared the portfolio with","accessLevel":"Permissions management","resourceTypes":[{"name":"Portfolio","required":true}]},"DeleteProduct":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to delete a product if all associations have been removed from the product","accessLevel":"Write","resourceTypes":[{"name":"Product","required":true}]},"DeleteProvisionedProductPlan":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to delete a provisioned product plan","accessLevel":"Write","resourceTypes":[]},"DeleteProvisioningArtifact":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to delete a provisioning artifact from a product","accessLevel":"Write","resourceTypes":[{"name":"Product","required":true}]},"DeleteResourcePolicy":{"conditionKeys":[],"resources":[{"name":"Application"},{"name":"AttributeGroup"}],"description":"Grants permission to delete a resource-based policy for the specified resource","accessLevel":"Write","resourceTypes":[{"name":"Application","required":false},{"name":"AttributeGroup","required":false}],"permissionOnly":true},"DeleteServiceAction":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a self-service action","accessLevel":"Write","resourceTypes":[]},"DeleteTagOption":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete the specified TagOption","accessLevel":"Write","resourceTypes":[]},"DescribeConstraint":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a constraint","accessLevel":"Read","resourceTypes":[]},"DescribeCopyProductStatus":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the status of the specified copy product operation","accessLevel":"Read","resourceTypes":[]},"DescribePortfolio":{"conditionKeys":[],"resources":[{"name":"Portfolio"}],"description":"Grants permission to describe a portfolio","accessLevel":"Read","resourceTypes":[{"name":"Portfolio","required":true}]},"DescribePortfolioShareStatus":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the status of the specified portfolio share operation","accessLevel":"Read","resourceTypes":[]},"DescribePortfolioShares":{"conditionKeys":[],"resources":[{"name":"Portfolio"}],"description":"Grants permission to view a summary of each of the portfolio shares that were created for the specified portfolio","accessLevel":"List","resourceTypes":[{"name":"Portfolio","required":true}]},"DescribeProduct":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to describe a product as an end-user","accessLevel":"Read","resourceTypes":[{"name":"Product","required":true}]},"DescribeProductAsAdmin":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to describe a product as an admin","accessLevel":"Read","resourceTypes":[{"name":"Product","required":true}]},"DescribeProductView":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a product as an end-user","accessLevel":"Read","resourceTypes":[]},"DescribeProvisionedProduct":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to describe a provisioned product","accessLevel":"Read","resourceTypes":[]},"DescribeProvisionedProductPlan":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to describe a provisioned product plan","accessLevel":"Read","resourceTypes":[]},"DescribeProvisioningArtifact":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to describe a provisioning artifact","accessLevel":"Read","resourceTypes":[{"name":"Product","required":true}]},"DescribeProvisioningParameters":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to describe the parameters that you need to specify to successfully provision a specified provisioning artifact","accessLevel":"Read","resourceTypes":[{"name":"Product","required":true}]},"DescribeRecord":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to describe a record and lists any outputs","accessLevel":"Read","resourceTypes":[]},"DescribeServiceAction":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a self-service action","accessLevel":"Read","resourceTypes":[]},"DescribeServiceActionExecutionParameters":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to get the default parameters if you executed the specified Service Action on the specified Provisioned Product","accessLevel":"Read","resourceTypes":[]},"DescribeTagOption":{"conditionKeys":[],"resources":[],"description":"Grants permission to get information about the specified TagOption","accessLevel":"Read","resourceTypes":[]},"DisableAWSOrganizationsAccess":{"conditionKeys":[],"resources":[],"description":"Grants permission to disable portfolio sharing through AWS Organizations feature","accessLevel":"Write","resourceTypes":[]},"DisassociateAttributeGroup":{"conditionKeys":[],"resources":[{"name":"Application"},{"name":"AttributeGroup"}],"description":"Grants permission to disassociate an attribute group from an application","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true},{"name":"AttributeGroup","required":true}]},"DisassociateBudgetFromResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to disassociate a budget from a resource","accessLevel":"Write","resourceTypes":[]},"DisassociatePrincipalFromPortfolio":{"conditionKeys":[],"resources":[{"name":"Portfolio"}],"description":"Grants permission to disassociate an IAM principal from a portfolio","accessLevel":"Write","resourceTypes":[{"name":"Portfolio","required":true}]},"DisassociateProductFromPortfolio":{"conditionKeys":[],"resources":[],"description":"Grants permission to disassociate a product from a portfolio","accessLevel":"Write","resourceTypes":[]},"DisassociateResource":{"conditionKeys":["servicecatalog:Resource","servicecatalog:ResourceType"],"resources":[{"name":"Application"}],"description":"Grants permission to disassociate a resource from an application","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}],"dependentActions":["resource-groups:DeleteGroup"]},"DisassociateServiceActionFromProvisioningArtifact":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to disassociate the specified self-service action association from the specified provisioning artifact","accessLevel":"Write","resourceTypes":[{"name":"Product","required":true}]},"DisassociateTagOptionFromResource":{"conditionKeys":[],"resources":[{"name":"Portfolio"},{"name":"Product"}],"description":"Grants permission to disassociate the specified TagOption from the specified resource","accessLevel":"Write","resourceTypes":[{"name":"Portfolio","required":false},{"name":"Product","required":false}]},"EnableAWSOrganizationsAccess":{"conditionKeys":[],"resources":[],"description":"Grants permission to enable portfolio sharing feature through AWS Organizations","accessLevel":"Write","resourceTypes":[]},"ExecuteProvisionedProductPlan":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to execute a provisioned product plan","accessLevel":"Write","resourceTypes":[]},"ExecuteProvisionedProductServiceAction":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to executes a provisioned product plan","accessLevel":"Write","resourceTypes":[]},"GetAWSOrganizationsAccessStatus":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the access status of AWS Organization portfolio share feature","accessLevel":"Read","resourceTypes":[]},"GetApplication":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to get an application","accessLevel":"Read","resourceTypes":[{"name":"Application","required":true}]},"GetAssociatedResource":{"conditionKeys":["servicecatalog:Resource","servicecatalog:ResourceType"],"resources":[{"name":"Application"}],"description":"Grants permission to get information about a resource associated to an application","accessLevel":"Read","resourceTypes":[{"name":"Application","required":true}]},"GetAttributeGroup":{"conditionKeys":[],"resources":[{"name":"AttributeGroup"}],"description":"Grants permission to get an attribute group","accessLevel":"Read","resourceTypes":[{"name":"AttributeGroup","required":true}]},"GetConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to read AppRegistry configurations","accessLevel":"Read","resourceTypes":[]},"GetProvisionedProductOutputs":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the provisioned product output with either provisioned product id or name","accessLevel":"Read","resourceTypes":[]},"GetResourcePolicy":{"conditionKeys":[],"resources":[{"name":"Application"},{"name":"AttributeGroup"}],"description":"Grants permission to get a resource-based policy for the specified resource","accessLevel":"Read","resourceTypes":[{"name":"Application","required":false},{"name":"AttributeGroup","required":false}],"permissionOnly":true},"ImportAsProvisionedProduct":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to import a resource into a provisioned product","accessLevel":"Write","resourceTypes":[{"name":"Product","required":true}]},"ListAcceptedPortfolioShares":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the portfolios that have been shared with you and you have accepted","accessLevel":"List","resourceTypes":[]},"ListApplications":{"conditionKeys":[],"resources":[],"description":"Grants permission to list your applications","accessLevel":"List","resourceTypes":[]},"ListAssociatedAttributeGroups":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to list the attribute groups associated with an application","accessLevel":"List","resourceTypes":[{"name":"Application","required":true}]},"ListAssociatedResources":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to list the resources associated with an application","accessLevel":"List","resourceTypes":[{"name":"Application","required":true}]},"ListAttributeGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to list your attribute groups","accessLevel":"List","resourceTypes":[]},"ListAttributeGroupsForApplication":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to list the associated attribute groups for a given application","accessLevel":"List","resourceTypes":[{"name":"Application","required":true}]},"ListBudgetsForResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all the budgets associated to a resource","accessLevel":"List","resourceTypes":[]},"ListConstraintsForPortfolio":{"conditionKeys":[],"resources":[],"description":"Grants permission to list constraints associated with a given portfolio","accessLevel":"List","resourceTypes":[]},"ListLaunchPaths":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to list the different ways to launch a given product as an end-user","accessLevel":"List","resourceTypes":[{"name":"Product","required":true}]},"ListOrganizationPortfolioAccess":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the organization nodes that have access to the specified portfolio","accessLevel":"List","resourceTypes":[]},"ListPortfolioAccess":{"conditionKeys":[],"resources":[{"name":"Portfolio"}],"description":"Grants permission to list the AWS accounts you have shared a given portfolio with","accessLevel":"List","resourceTypes":[{"name":"Portfolio","required":true}]},"ListPortfolios":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the portfolios in your account","accessLevel":"List","resourceTypes":[]},"ListPortfoliosForProduct":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to list the portfolios associated with a given product","accessLevel":"List","resourceTypes":[{"name":"Product","required":true}]},"ListPrincipalsForPortfolio":{"conditionKeys":[],"resources":[{"name":"Portfolio"}],"description":"Grants permission to list the IAM principals associated with a given portfolio","accessLevel":"List","resourceTypes":[{"name":"Portfolio","required":true}]},"ListProvisionedProductPlans":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to list the provisioned product plans","accessLevel":"List","resourceTypes":[]},"ListProvisioningArtifacts":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to list the provisioning artifacts associated with a given product","accessLevel":"List","resourceTypes":[{"name":"Product","required":true}]},"ListProvisioningArtifactsForServiceAction":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all provisioning artifacts for the specified self-service action","accessLevel":"List","resourceTypes":[]},"ListRecordHistory":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to list all the records in your account or all the records related to a given provisioned product","accessLevel":"List","resourceTypes":[]},"ListResourcesForTagOption":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the resources associated with the specified TagOption","accessLevel":"List","resourceTypes":[]},"ListServiceActions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all self-service actions","accessLevel":"List","resourceTypes":[]},"ListServiceActionsForProvisioningArtifact":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[{"name":"Product"}],"description":"Grants permission to list all the service actions associated with the specified provisioning artifact in your account","accessLevel":"List","resourceTypes":[{"name":"Product","required":true}]},"ListStackInstancesForProvisionedProduct":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to list account, region and status of each stack instances that are associated with a CFN_STACKSET type provisioned product","accessLevel":"List","resourceTypes":[]},"ListTagOptions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the specified TagOptions or all TagOptions","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"Application"},{"name":"AttributeGroup"}],"description":"Grants permission to list the tags for a service catalog appregistry resource","accessLevel":"Read","resourceTypes":[{"name":"Application","required":false},{"name":"AttributeGroup","required":false}]},"NotifyProvisionProductEngineWorkflowResult":{"conditionKeys":[],"resources":[],"description":"Grants permission to notify the result of the provisioning engine execution","accessLevel":"Write","resourceTypes":[]},"NotifyTerminateProvisionedProductEngineWorkflowResult":{"conditionKeys":[],"resources":[],"description":"Grants permission to notify the result of the terminate engine execution","accessLevel":"Write","resourceTypes":[]},"NotifyUpdateProvisionedProductEngineWorkflowResult":{"conditionKeys":[],"resources":[],"description":"Grants permission to notify the result of the update engine execution","accessLevel":"Write","resourceTypes":[]},"ProvisionProduct":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to provision a product with a specified provisioning artifact and launch parameters","accessLevel":"Write","resourceTypes":[{"name":"Product","required":true}]},"PutConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to assign AppRegistry configurations","accessLevel":"Write","resourceTypes":[]},"PutResourcePolicy":{"conditionKeys":[],"resources":[{"name":"Application"},{"name":"AttributeGroup"}],"description":"Grants permission to add a resource-based policy for the specified resource","accessLevel":"Write","resourceTypes":[{"name":"Application","required":false},{"name":"AttributeGroup","required":false}],"permissionOnly":true},"RejectPortfolioShare":{"conditionKeys":[],"resources":[{"name":"Portfolio"}],"description":"Grants permission to reject a portfolio that has been shared with you that you previously accepted","accessLevel":"Write","resourceTypes":[{"name":"Portfolio","required":true}]},"ScanProvisionedProducts":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to list all the provisioned products in your account","accessLevel":"List","resourceTypes":[]},"SearchProducts":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the products available to you as an end-user","accessLevel":"List","resourceTypes":[]},"SearchProductsAsAdmin":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all the products in your account or all the products associated with a given portfolio","accessLevel":"List","resourceTypes":[]},"SearchProvisionedProducts":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to list all the provisioned products in your account","accessLevel":"List","resourceTypes":[]},"SyncResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to sync a resource with its current state in AppRegistry","accessLevel":"Write","resourceTypes":[],"dependentActions":["cloudformation:UpdateStack"]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"Application"},{"name":"AttributeGroup"}],"description":"Grants permission to tag a service catalog appregistry resource","accessLevel":"Tagging","resourceTypes":[{"name":"Application","required":false},{"name":"AttributeGroup","required":false}]},"TerminateProvisionedProduct":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to terminate an existing provisioned product","accessLevel":"Write","resourceTypes":[]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"Application"},{"name":"AttributeGroup"}],"description":"Grants permission to remove a tag from a service catalog appregistry resource","accessLevel":"Tagging","resourceTypes":[{"name":"Application","required":false},{"name":"AttributeGroup","required":false}]},"UpdateApplication":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to update the attributes of an existing application","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}],"dependentActions":["iam:CreateServiceLinkedRole"]},"UpdateAttributeGroup":{"conditionKeys":[],"resources":[{"name":"AttributeGroup"}],"description":"Grants permission to update the attributes of an existing attribute group","accessLevel":"Write","resourceTypes":[{"name":"AttributeGroup","required":true}]},"UpdateConstraint":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the metadata fields of an existing constraint","accessLevel":"Write","resourceTypes":[]},"UpdatePortfolio":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"Portfolio"}],"description":"Grants permission to update the metadata fields and/or tags of an existing portfolio","accessLevel":"Write","resourceTypes":[{"name":"Portfolio","required":true}]},"UpdatePortfolioShare":{"conditionKeys":[],"resources":[{"name":"Portfolio"}],"description":"Grants permission to enable or disable resource sharing for an existing portfolio share","accessLevel":"Permissions management","resourceTypes":[{"name":"Portfolio","required":true}]},"UpdateProduct":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"Product"}],"description":"Grants permission to update the metadata fields and/or tags of an existing product","accessLevel":"Write","resourceTypes":[{"name":"Product","required":true}]},"UpdateProvisionedProduct":{"conditionKeys":["servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"resources":[],"description":"Grants permission to update an existing provisioned product","accessLevel":"Write","resourceTypes":[]},"UpdateProvisionedProductProperties":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the properties of an existing provisioned product","accessLevel":"Write","resourceTypes":[]},"UpdateProvisioningArtifact":{"conditionKeys":[],"resources":[{"name":"Product"}],"description":"Grants permission to update the metadata fields of an existing provisioning artifact","accessLevel":"Write","resourceTypes":[{"name":"Product","required":true}]},"UpdateServiceAction":{"conditionKeys":[],"resources":[],"description":"Grants permission to update a self-service action","accessLevel":"Write","resourceTypes":[]},"UpdateTagOption":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the specified TagOption","accessLevel":"Write","resourceTypes":[]}},"resources":[{"name":"Application","arnFormats":["arn:${Partition}:servicecatalog:${Region}:${Account}:/applications/${ApplicationId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"AttributeGroup","arnFormats":["arn:${Partition}:servicecatalog:${Region}:${Account}:/attribute-groups/${AttributeGroupId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"Portfolio","arnFormats":["arn:${Partition}:catalog:${Region}:${Account}:portfolio/${PortfolioId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"Product","arnFormats":["arn:${Partition}:catalog:${Region}:${Account}:product/${ProductId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the presence of tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of tag keys in the request"},"servicecatalog:Resource":{"types":["String"],"description":"Filters access by controlling what value can be specified as the Resource parameter in an AppRegistry associate resource API"},"servicecatalog:ResourceType":{"types":["String"],"description":"Filters access by controlling what value can be specified as the ResourceType parameter in an AppRegistry associate resource API"},"servicecatalog:accountLevel":{"types":["String"],"description":"Filters access by user to see and perform actions on resources created by anyone in the account"},"servicecatalog:roleLevel":{"types":["String"],"description":"Filters access by user to see and perform actions on resources created either by them or by anyone federating into the same role as them"},"servicecatalog:userLevel":{"types":["String"],"description":"Filters access by user to see and perform actions on only resources that they created"}}}

package/src/data/servicereference/services/servicediscovery.json

@@ -0,0 +1 @@
+{"name":"servicediscovery","actions":{"CreateHttpNamespace":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create an HTTP namespace","accessLevel":"Write","resourceTypes":[]},"CreatePrivateDnsNamespace":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a private namespace based on DNS, which will be visible only inside a specified Amazon VPC","accessLevel":"Write","resourceTypes":[]},"CreatePublicDnsNamespace":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a public namespace based on DNS, which will be visible on the internet","accessLevel":"Write","resourceTypes":[]},"CreateService":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","servicediscovery:NamespaceArn"],"resources":[{"name":"namespace"},{"name":"service"}],"description":"Grants permission to create a service","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true},{"name":"service","required":true}]},"DeleteNamespace":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to delete a specified namespace","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true}]},"DeleteResourcePolicy":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to delete the RAM access control policy for a namespace","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true}],"permissionOnly":true},"DeleteService":{"conditionKeys":["servicediscovery:ServiceCreatedByAccount"],"resources":[{"name":"service"}],"description":"Grants permission to delete a specified service","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]},"DeleteServiceAttributes":{"conditionKeys":["servicediscovery:ServiceCreatedByAccount"],"resources":[{"name":"service"}],"description":"Grants permission to delete specified attributes from a service","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]},"DeregisterInstance":{"conditionKeys":["servicediscovery:ServiceArn","servicediscovery:ServiceCreatedByAccount"],"resources":[{"name":"service"}],"description":"Grants permission to delete the records and the health check, if any, that Amazon Route 53 created for the specified instance","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]},"DiscoverInstances":{"conditionKeys":["servicediscovery:NamespaceName","servicediscovery:ServiceName"],"resources":[{"name":"namespace"},{"name":"service"}],"description":"Grants permission to discover registered instances for a specified namespace and service","accessLevel":"Read","resourceTypes":[{"name":"namespace","required":true},{"name":"service","required":true}]},"DiscoverInstancesRevision":{"conditionKeys":["servicediscovery:NamespaceName","servicediscovery:ServiceName"],"resources":[{"name":"namespace"},{"name":"service"}],"description":"Grants permission to discover the revision of the instances for a specified namespace and service","accessLevel":"Read","resourceTypes":[{"name":"namespace","required":true},{"name":"service","required":true}]},"GetInstance":{"conditionKeys":["servicediscovery:ServiceArn"],"resources":[{"name":"service"}],"description":"Grants permission to get information about a specified instance","accessLevel":"Read","resourceTypes":[{"name":"service","required":true}]},"GetInstancesHealthStatus":{"conditionKeys":["servicediscovery:ServiceArn"],"resources":[{"name":"service"}],"description":"Grants permission to get the current health status (Healthy, Unhealthy, or Unknown) of one or more instances","accessLevel":"Read","resourceTypes":[{"name":"service","required":true}]},"GetNamespace":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to get information about a namespace","accessLevel":"Read","resourceTypes":[{"name":"namespace","required":true}]},"GetOperation":{"conditionKeys":[],"resources":[{"name":"namespace"},{"name":"service"}],"description":"Grants permission to get information about a specific operation","accessLevel":"Read","resourceTypes":[{"name":"namespace","required":true},{"name":"service","required":false}]},"GetResourcePolicy":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to read the RAM access control policy for a namespace","accessLevel":"Read","resourceTypes":[{"name":"namespace","required":true}],"permissionOnly":true},"GetService":{"conditionKeys":[],"resources":[{"name":"service"}],"description":"Grants permission to get the settings for a specified service","accessLevel":"Read","resourceTypes":[{"name":"service","required":true}]},"GetServiceAttributes":{"conditionKeys":[],"resources":[{"name":"service"}],"description":"Grants permission to get the attributes for a specified service","accessLevel":"Read","resourceTypes":[{"name":"service","required":true}]},"ListInstances":{"conditionKeys":["servicediscovery:ServiceArn"],"resources":[{"name":"service"}],"description":"Grants permission to get summary information about the instances that were registered with a specified service","accessLevel":"Read","resourceTypes":[{"name":"service","required":true}]},"ListNamespaces":{"conditionKeys":[],"resources":[],"description":"Grants permission to get information about the namespaces","accessLevel":"Read","resourceTypes":[]},"ListOperations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list operations that match the criteria that you specify","accessLevel":"List","resourceTypes":[]},"ListServices":{"conditionKeys":[],"resources":[],"description":"Grants permission to get settings for all the services that match specified filters","accessLevel":"Read","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to lists tags for the specified resource","accessLevel":"Read","resourceTypes":[]},"PutResourcePolicy":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to define the RAM access control policy for a namespace","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true}],"permissionOnly":true},"RegisterInstance":{"conditionKeys":["servicediscovery:ServiceArn","servicediscovery:ServiceCreatedByAccount"],"resources":[{"name":"service"}],"description":"Grants permission to register an instance based on the settings in a specified service","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to add one or more tags to the specified resource","accessLevel":"Tagging","resourceTypes":[]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[],"description":"Grants permission to remove one or more tags from the specified resource","accessLevel":"Tagging","resourceTypes":[]},"UpdateHttpNamespace":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to update the settings for a HTTP namespace","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true}]},"UpdateInstanceCustomHealthStatus":{"conditionKeys":["servicediscovery:ServiceArn","servicediscovery:ServiceCreatedByAccount"],"resources":[{"name":"service"}],"description":"Grants permission to update the current health status for an instance that has a custom health check","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]},"UpdatePrivateDnsNamespace":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to update the settings for a private DNS namespace","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true}]},"UpdatePublicDnsNamespace":{"conditionKeys":[],"resources":[{"name":"namespace"}],"description":"Grants permission to update the settings for a public DNS namespace","accessLevel":"Write","resourceTypes":[{"name":"namespace","required":true}]},"UpdateService":{"conditionKeys":["servicediscovery:ServiceCreatedByAccount"],"resources":[{"name":"service"}],"description":"Grants permission to update the settings in a specified service","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]},"UpdateServiceAttributes":{"conditionKeys":["servicediscovery:ServiceCreatedByAccount"],"resources":[{"name":"service"}],"description":"Grants permission to update the attributes in a specified service","accessLevel":"Write","resourceTypes":[{"name":"service","required":true}]}},"resources":[{"name":"namespace","arnFormats":["arn:${Partition}:servicediscovery:${Region}:${Account}:namespace/${NamespaceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"service","arnFormats":["arn:${Partition}:servicediscovery:${Region}:${Account}:service/${ServiceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters actions based on the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters actions based on the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters actions based on the tag keys that are passed in the request"},"servicediscovery:NamespaceArn":{"types":["ARN"],"description":"Filters access by specifying the Amazon Resource Name (ARN) for the related namespace"},"servicediscovery:NamespaceName":{"types":["String"],"description":"Filters access by specifying the name of the related namespace"},"servicediscovery:ServiceArn":{"types":["ARN"],"description":"Filters access by specifying the Amazon Resource Name (ARN) for the related service"},"servicediscovery:ServiceCreatedByAccount":{"types":["String"],"description":"Filters access by specifying the account id of the related service creator"},"servicediscovery:ServiceName":{"types":["String"],"description":"Filters access by specifying the name of the related service"}}}

package/src/data/servicereference/services/serviceextract.json

@@ -0,0 +1 @@
+{"name":"serviceextract","actions":{"GetConfig":{"conditionKeys":[],"resources":[],"description":"Grants permission to get required configuration for the AWS Microservice Extractor for .NET desktop client","accessLevel":"Read","resourceTypes":[],"permissionOnly":true}},"resources":[],"conditionKeys":{}}

package/src/data/servicereference/services/servicequotas.json

@@ -0,0 +1 @@
+{"name":"servicequotas","actions":{"AssociateServiceQuotaTemplate":{"conditionKeys":[],"resources":[],"description":"Grants permission to associate the Service Quotas template with your organization","accessLevel":"Write","resourceTypes":[],"dependentActions":["organizations:DescribeOrganization","organizations:EnableAWSServiceAccess"]},"CreateSupportCase":{"conditionKeys":[],"resources":[],"description":"Grants permission to submit a request to create a support case for an existing quota increase request","accessLevel":"Write","resourceTypes":[]},"DeleteServiceQuotaIncreaseRequestFromTemplate":{"conditionKeys":[],"resources":[],"description":"Grants permission to remove the specified service quota from the service quota template","accessLevel":"Write","resourceTypes":[],"dependentActions":["organizations:DescribeOrganization"]},"DisassociateServiceQuotaTemplate":{"conditionKeys":[],"resources":[],"description":"Grants permission to disassociate the Service Quotas template from your organization","accessLevel":"Write","resourceTypes":[],"dependentActions":["organizations:DescribeOrganization"]},"GetAWSDefaultServiceQuota":{"conditionKeys":[],"resources":[],"description":"Grants permission to return the details for the specified service quota, including the AWS default value","accessLevel":"Read","resourceTypes":[]},"GetAssociationForServiceQuotaTemplate":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the ServiceQuotaTemplateAssociationStatus value, which tells you if the Service Quotas template is associated with an organization","accessLevel":"Read","resourceTypes":[],"dependentActions":["organizations:DescribeOrganization"]},"GetAutoManagementConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the automatic management of Service Quotas configuration, including notification settings, opt-in type, and excluded quotas","accessLevel":"Read","resourceTypes":[]},"GetQuotaUtilizationReport":{"conditionKeys":[],"resources":[],"description":"Grants permission to view the generated report","accessLevel":"Read","resourceTypes":[]},"GetRequestedServiceQuotaChange":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the details for a particular service quota increase request","accessLevel":"Read","resourceTypes":[]},"GetServiceQuota":{"conditionKeys":["servicequotas:service"],"resources":[{"name":"quota"}],"description":"Grants permission to return the details for the specified service quota, including the applied value","accessLevel":"Read","resourceTypes":[{"name":"quota","required":false}],"dependentActions":["autoscaling:DescribeAccountLimits","cloudformation:DescribeAccountLimits","dynamodb:DescribeLimits","elasticloadbalancing:DescribeAccountLimits","iam:GetAccountSummary","kinesis:DescribeLimits","rds:DescribeAccountAttributes","route53:GetAccountLimit"]},"GetServiceQuotaIncreaseRequestFromTemplate":{"conditionKeys":["servicequotas:service"],"resources":[{"name":"quota"}],"description":"Grants permission to retrieve the details for a service quota increase request from the service quota template","accessLevel":"Read","resourceTypes":[{"name":"quota","required":false}],"dependentActions":["organizations:DescribeOrganization"]},"ListAWSDefaultServiceQuotas":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all default service quotas for the specified AWS service","accessLevel":"Read","resourceTypes":[]},"ListRequestedServiceQuotaChangeHistory":{"conditionKeys":[],"resources":[],"description":"Grants permission to request a list of the changes to quotas for a service","accessLevel":"Read","resourceTypes":[]},"ListRequestedServiceQuotaChangeHistoryByQuota":{"conditionKeys":["servicequotas:service"],"resources":[{"name":"quota"}],"description":"Grants permission to request a list of the changes to specific service quotas","accessLevel":"Read","resourceTypes":[{"name":"quota","required":false}]},"ListServiceQuotaIncreaseRequestsInTemplate":{"conditionKeys":[],"resources":[],"description":"Grants permission to return a list of the service quota increase requests from the service quota template","accessLevel":"Read","resourceTypes":[],"dependentActions":["organizations:DescribeOrganization"]},"ListServiceQuotas":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all service quotas for the specified AWS service, in that account, in that Region","accessLevel":"Read","resourceTypes":[],"dependentActions":["autoscaling:DescribeAccountLimits","cloudformation:DescribeAccountLimits","dynamodb:DescribeLimits","elasticloadbalancing:DescribeAccountLimits","iam:GetAccountSummary","kinesis:DescribeLimits","rds:DescribeAccountAttributes","route53:GetAccountLimit"]},"ListServices":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the AWS services available in Service Quotas","accessLevel":"Read","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to view the existing tags on a SQ resource","accessLevel":"Read","resourceTypes":[]},"PutServiceQuotaIncreaseRequestIntoTemplate":{"conditionKeys":["servicequotas:service"],"resources":[{"name":"quota"}],"description":"Grants permission to define and add a quota to the service quota template","accessLevel":"Write","resourceTypes":[{"name":"quota","required":false}],"dependentActions":["organizations:DescribeOrganization"]},"RequestServiceQuotaIncrease":{"conditionKeys":["servicequotas:service"],"resources":[{"name":"quota"}],"description":"Grants permission to submit the request for a service quota increase","accessLevel":"Write","resourceTypes":[{"name":"quota","required":false}]},"StartAutoManagement":{"conditionKeys":[],"resources":[],"description":"Grants permission to enable automatic management of Service Quotas for an AWS account, including notification preferences and excluded quotas configurations","accessLevel":"Write","resourceTypes":[]},"StartQuotaUtilizationReport":{"conditionKeys":[],"resources":[],"description":"Grants permission to query quota utilization and create a report for your account","accessLevel":"Read","resourceTypes":[]},"StopAutoManagement":{"conditionKeys":[],"resources":[],"description":"Grants permission to stop automatic management of Service Quotas for an AWS account and remove all associated configurations","accessLevel":"Write","resourceTypes":[]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to associate a set of tags with an existing SQ resource","accessLevel":"Tagging","resourceTypes":[]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[],"description":"Grants permission to remove a set of tags from a SQ resource, where tags to be removed match a set of customer-supplied tag keys","accessLevel":"Tagging","resourceTypes":[]},"UpdateAutoManagement":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the automatic management of Service Quotas configuration, including notification preferences and excluded quotas","accessLevel":"Write","resourceTypes":[]}},"resources":[{"name":"quota","arnFormats":["arn:${Partition}:servicequotas:${Region}:${Account}:${ServiceCode}/${QuotaCode}"],"conditionKeys":[]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"},"servicequotas:service":{"types":["String"],"description":"Filters access by the specified AWS service"}}}