aws-iam-ls 0.0.0

package/src/data/servicereference/services/sqlworkbench.json

@@ -0,0 +1 @@
+{"name":"sqlworkbench","actions":{"AssociateConnectionWithChart":{"conditionKeys":[],"resources":[{"name":"chart"},{"name":"connection"}],"description":"Grants permission to associate connection to a chart","accessLevel":"Write","resourceTypes":[{"name":"chart","required":true},{"name":"connection","required":true}],"permissionOnly":true},"AssociateConnectionWithTab":{"conditionKeys":[],"resources":[{"name":"connection"}],"description":"Grants permission to associate connection to a tab","accessLevel":"Write","resourceTypes":[{"name":"connection","required":true}],"permissionOnly":true},"AssociateNotebookWithTab":{"conditionKeys":[],"resources":[{"name":"notebook"}],"description":"Grants permission to associate notebook to a tab","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"AssociateQueryWithTab":{"conditionKeys":[],"resources":[{"name":"query"}],"description":"Grants permission to associate query to a tab","accessLevel":"Write","resourceTypes":[{"name":"query","required":true}],"permissionOnly":true},"BatchDeleteFolder":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete folders on your account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"BatchGetNotebookCell":{"conditionKeys":[],"resources":[{"name":"notebook"}],"description":"Grants permission to get notebook cells content on your account","accessLevel":"Read","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"CreateAccount":{"conditionKeys":[],"resources":[],"description":"Grants permission to create SQLWorkbench account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"CreateChart":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"chart"}],"description":"Grants permission to create new saved chart on your account","accessLevel":"Write","resourceTypes":[{"name":"chart","required":true}],"permissionOnly":true},"CreateConnection":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"connection"}],"description":"Grants permission to create a new connection on your account","accessLevel":"Write","resourceTypes":[{"name":"connection","required":true}],"permissionOnly":true},"CreateFolder":{"conditionKeys":[],"resources":[],"description":"Grants permission to create folder on your account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"CreateNotebook":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"notebook"}],"description":"Grants permission to create a new notebook on your account","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"CreateNotebookCell":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"notebook"}],"description":"Grants permission to create a notebook cell on your account","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"CreateNotebookFromVersion":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"notebook"}],"description":"Grants permission to create a new notebook from a notebook version on your account","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"CreateNotebookVersion":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"notebook"}],"description":"Grants permission to create a notebook version on your account","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"CreateSavedQuery":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"query"}],"description":"Grants permission to create a new saved query on your account","accessLevel":"Write","resourceTypes":[{"name":"query","required":true}],"permissionOnly":true},"DeleteChart":{"conditionKeys":[],"resources":[{"name":"chart"}],"description":"Grants permission to remove charts on your account","accessLevel":"Write","resourceTypes":[{"name":"chart","required":true}],"permissionOnly":true},"DeleteConnection":{"conditionKeys":[],"resources":[{"name":"connection"}],"description":"Grants permission to remove connections on your account","accessLevel":"Write","resourceTypes":[{"name":"connection","required":true}],"permissionOnly":true},"DeleteNotebook":{"conditionKeys":[],"resources":[{"name":"notebook"}],"description":"Grants permission to remove notebooks on your account","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"DeleteNotebookCell":{"conditionKeys":[],"resources":[{"name":"notebook"}],"description":"Grants permission to remove notebooks cells on your account","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"DeleteNotebookVersion":{"conditionKeys":[],"resources":[{"name":"notebook"}],"description":"Grants permission to remove notebooks cells on your account","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"DeleteQCustomContext":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete account-wide custom context","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"DeleteSavedQuery":{"conditionKeys":[],"resources":[{"name":"query"}],"description":"Grants permission to remove saved queries on your account","accessLevel":"Write","resourceTypes":[{"name":"query","required":true}],"permissionOnly":true},"DeleteSqlGenerationContext":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete sql generation context","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"DeleteTab":{"conditionKeys":[],"resources":[],"description":"Grants permission to remove a tab on your account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"DriverExecute":{"conditionKeys":[],"resources":[{"name":"connection"}],"description":"Grants permission to execute a query in your redshift cluster","accessLevel":"Write","resourceTypes":[{"name":"connection","required":true}],"permissionOnly":true},"DuplicateNotebook":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"notebook"}],"description":"Grants permission to create a new notebook by duplicating an existing one on your account","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"ExportNotebook":{"conditionKeys":[],"resources":[{"name":"notebook"}],"description":"Grants permission to export a notebook on your account","accessLevel":"Read","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"GenerateSession":{"conditionKeys":[],"resources":[],"description":"Grants permission to generate a new session on your account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"GetAccountInfo":{"conditionKeys":[],"resources":[],"description":"Grants permission to get account info","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetAccountSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to get account settings","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetAutocompletionMetadata":{"conditionKeys":[],"resources":[],"description":"Grants permission to get database structure metadata for auto-completion","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetAutocompletionResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to get database structure information for auto-completion","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetChart":{"conditionKeys":[],"resources":[{"name":"chart"}],"description":"Grants permission to get charts on your account","accessLevel":"Read","resourceTypes":[{"name":"chart","required":true}],"permissionOnly":true},"GetConnection":{"conditionKeys":[],"resources":[{"name":"connection"}],"description":"Grants permission to get connections on your account","accessLevel":"Read","resourceTypes":[{"name":"connection","required":true}],"permissionOnly":true},"GetNotebook":{"conditionKeys":[],"resources":[{"name":"notebook"}],"description":"Grants permission to get notebook metadata on your account","accessLevel":"Read","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"GetNotebookVersion":{"conditionKeys":[],"resources":[{"name":"notebook"}],"description":"Grants permission to get the content of a notebook version on your account","accessLevel":"Read","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"GetQCustomContext":{"conditionKeys":[],"resources":[],"description":"Grants permission to get account-wide custom context","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetQSqlPromptQuotas":{"conditionKeys":[],"resources":[],"description":"Grants permission to get Q generative SQL maximum prompt quotas","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetQSqlRecommendations":{"conditionKeys":[],"resources":[],"description":"Grants permission to get text to SQL recommendations","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetQueryExecutionHistory":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the query execution history on your account","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetSavedQuery":{"conditionKeys":[],"resources":[{"name":"query"}],"description":"Grants permission to get saved query on your account","accessLevel":"Read","resourceTypes":[{"name":"query","required":true}],"permissionOnly":true},"GetSchemaInference":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the columns and data types inferred from a file","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetSqlGenerationContext":{"conditionKeys":[],"resources":[],"description":"Grants permission to get sql generation context","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetSqlRecommendations":{"conditionKeys":[],"resources":[],"description":"Grants permission to get text to SQL recommendations","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetUserInfo":{"conditionKeys":[],"resources":[],"description":"Grants permission to get user info","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetUserWorkspaceSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to get workspace settings on your account","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"ImportNotebook":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"notebook"}],"description":"Grants permission to import a notebook on your account","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"ListConnections":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the connections on your account","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListDatabases":{"conditionKeys":[],"resources":[],"description":"Grants permission to list databases of your redshift cluster","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListFiles":{"conditionKeys":[],"resources":[],"description":"Grants permission to list files and folders","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListNotebookVersions":{"conditionKeys":[],"resources":[{"name":"notebook"}],"description":"Grants permission to get notebook versions metadata on your account","accessLevel":"List","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"ListNotebooks":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the notebooks on your account","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListQueryExecutionHistory":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the query execution history on your account","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListRedshiftClusters":{"conditionKeys":[],"resources":[],"description":"Grants permission to list redshift clusters on your account","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListSampleDatabases":{"conditionKeys":[],"resources":[],"description":"Grants permission to list sample databases","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"ListSavedQueryVersions":{"conditionKeys":[],"resources":[{"name":"query"}],"description":"Grants permission to list versions of saved query on your account","accessLevel":"List","resourceTypes":[{"name":"query","required":true}],"permissionOnly":true},"ListTabs":{"conditionKeys":[],"resources":[],"description":"Grants permission to list tabs on your account","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListTaggedResources":{"conditionKeys":[],"resources":[],"description":"Grants permission to list tagged resources","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"chart"},{"name":"connection"},{"name":"notebook"},{"name":"query"}],"description":"Grants permission to list the tags of an sqlworkbench resource","accessLevel":"Read","resourceTypes":[{"name":"chart","required":false},{"name":"connection","required":false},{"name":"notebook","required":false},{"name":"query","required":false}],"permissionOnly":true},"PassAccountSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to provide account settings with the request","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"PutQCustomContext":{"conditionKeys":[],"resources":[],"description":"Grants permission to update account-wide custom context","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"PutSqlGenerationContext":{"conditionKeys":[],"resources":[],"description":"Grants permission to update sql generation context","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"PutTab":{"conditionKeys":[],"resources":[],"description":"Grants permission to create or update a tab on your account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"PutUserWorkspaceSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to update workspace settings on your account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"RestoreNotebookVersion":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"notebook"}],"description":"Grants permission to restore a notebook on your account to a version","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"chart"},{"name":"connection"},{"name":"notebook"},{"name":"query"}],"description":"Grants permission to tag an sqlworkbench resource","accessLevel":"Tagging","resourceTypes":[{"name":"chart","required":false},{"name":"connection","required":false},{"name":"notebook","required":false},{"name":"query","required":false}],"permissionOnly":true},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"chart"},{"name":"connection"},{"name":"notebook"},{"name":"query"}],"description":"Grants permission to untag an sqlworkbench resource","accessLevel":"Tagging","resourceTypes":[{"name":"chart","required":false},{"name":"connection","required":false},{"name":"notebook","required":false},{"name":"query","required":false}],"permissionOnly":true},"UpdateAccountConnectionSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to update account-wide connection settings","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"UpdateAccountExportSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to update account-wide export settings","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"UpdateAccountGeneralSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to update account-wide general settings","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"UpdateAccountQSqlSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to update account-wide text to SQL settings","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"UpdateChart":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"chart"}],"description":"Grants permission to update a chart on your account","accessLevel":"Write","resourceTypes":[{"name":"chart","required":true}],"permissionOnly":true},"UpdateConnection":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"connection"}],"description":"Grants permission to update a connection on your account","accessLevel":"Write","resourceTypes":[{"name":"connection","required":true}],"permissionOnly":true},"UpdateFileFolder":{"conditionKeys":[],"resources":[{"name":"chart"},{"name":"query"}],"description":"Grants permission to move files on your account","accessLevel":"Write","resourceTypes":[{"name":"chart","required":false},{"name":"query","required":false}],"permissionOnly":true},"UpdateFolder":{"conditionKeys":[],"resources":[],"description":"Grants permission to update a folder's name and details on your account","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"UpdateNotebook":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"notebook"}],"description":"Grants permission to update a notebook metadata on your account","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"UpdateNotebookCellContent":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"notebook"}],"description":"Grants permission to update a notebook cell content on your account","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"UpdateNotebookCellLayout":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"notebook"}],"description":"Grants permission to update a notebook cell layout on your account","accessLevel":"Write","resourceTypes":[{"name":"notebook","required":true}],"permissionOnly":true},"UpdateSavedQuery":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"query"}],"description":"Grants permission to update a saved query on your account","accessLevel":"Write","resourceTypes":[{"name":"query","required":true}],"permissionOnly":true}},"resources":[{"name":"chart","arnFormats":["arn:${Partition}:sqlworkbench:${Region}:${Account}:chart/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"connection","arnFormats":["arn:${Partition}:sqlworkbench:${Region}:${Account}:connection/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"notebook","arnFormats":["arn:${Partition}:sqlworkbench:${Region}:${Account}:notebook/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"query","arnFormats":["arn:${Partition}:sqlworkbench:${Region}:${Account}:query/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/sqs.json

@@ -0,0 +1 @@
+{"name":"sqs","actions":{"AddPermission":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to a queue for a specific principal","accessLevel":"Permissions management","resourceTypes":[{"name":"queue","required":true}]},"CancelMessageMoveTask":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to cancel an in progress message move task","accessLevel":"Write","resourceTypes":[{"name":"queue","required":true}]},"ChangeMessageVisibility":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to change the visibility timeout of a specified message in a queue to a new value","accessLevel":"Write","resourceTypes":[{"name":"queue","required":true}]},"CreateQueue":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"queue"}],"description":"Grants permission to create a new queue, or returns the URL of an existing one","accessLevel":"Write","resourceTypes":[{"name":"queue","required":true}]},"DeleteMessage":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to delete the specified message from the specified queue","accessLevel":"Write","resourceTypes":[{"name":"queue","required":true}]},"DeleteQueue":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to delete the queue specified by the queue URL, regardless of whether the queue is empty","accessLevel":"Write","resourceTypes":[{"name":"queue","required":true}]},"GetQueueAttributes":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to get attributes for the specified queue","accessLevel":"Read","resourceTypes":[{"name":"queue","required":true}]},"GetQueueUrl":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to return the URL of an existing queue","accessLevel":"Read","resourceTypes":[{"name":"queue","required":true}]},"ListDeadLetterSourceQueues":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to return a list of your queues that have the RedrivePolicy queue attribute configured with a dead letter queue","accessLevel":"Read","resourceTypes":[{"name":"queue","required":true}]},"ListMessageMoveTasks":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to list message move tasks","accessLevel":"Read","resourceTypes":[{"name":"queue","required":true}]},"ListQueueTags":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to list tags added to an SQS queue","accessLevel":"Read","resourceTypes":[{"name":"queue","required":true}]},"ListQueues":{"conditionKeys":[],"resources":[],"description":"Grants permission to return a list of your queues","accessLevel":"Read","resourceTypes":[]},"PurgeQueue":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to delete the messages in a queue specified by the queue URL","accessLevel":"Write","resourceTypes":[{"name":"queue","required":true}]},"ReceiveMessage":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to retrieve one or more messages, with a maximum limit of 10 messages, from the specified queue","accessLevel":"Read","resourceTypes":[{"name":"queue","required":true}]},"RemovePermission":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to revoke any permissions in the queue policy that matches the specified Label parameter","accessLevel":"Permissions management","resourceTypes":[{"name":"queue","required":true}]},"SendMessage":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to deliver a message to the specified queue","accessLevel":"Write","resourceTypes":[{"name":"queue","required":true}]},"SetQueueAttributes":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to set the value of one or more queue attributes","accessLevel":"Write","resourceTypes":[{"name":"queue","required":true}]},"StartMessageMoveTask":{"conditionKeys":[],"resources":[{"name":"queue"}],"description":"Grants permission to start a message move task","accessLevel":"Write","resourceTypes":[{"name":"queue","required":true}]},"TagQueue":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"queue"}],"description":"Grants permission to add tags to the specified SQS queue","accessLevel":"Tagging","resourceTypes":[{"name":"queue","required":true}]},"UntagQueue":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"queue"}],"description":"Grants permission to remove tags from the specified SQS queue","accessLevel":"Tagging","resourceTypes":[{"name":"queue","required":true}]}},"resources":[{"name":"queue","arnFormats":["arn:${Partition}:sqs:${Region}:${Account}:${QueueName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/ssm-contacts.json

@@ -0,0 +1 @@
+{"name":"ssm-contacts","actions":{"AcceptPage":{"conditionKeys":[],"resources":[{"name":"page"}],"description":"Grants permission to accept a page","accessLevel":"Write","resourceTypes":[{"name":"page","required":true}]},"ActivateContactChannel":{"conditionKeys":[],"resources":[{"name":"contactchannel"}],"description":"Grants permission to activate a contact's contact channel","accessLevel":"Write","resourceTypes":[{"name":"contactchannel","required":true}]},"AssociateContact":{"conditionKeys":[],"resources":[{"name":"contact"}],"description":"Grants permission to use a contact in an escalation plan","accessLevel":"Permissions management","resourceTypes":[{"name":"contact","required":true}],"permissionOnly":true},"CreateContact":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"contact"}],"description":"Grants permission to create a contact","accessLevel":"Write","resourceTypes":[{"name":"contact","required":true}],"dependentActions":["ssm-contacts:AssociateContact"]},"CreateContactChannel":{"conditionKeys":[],"resources":[{"name":"contact"}],"description":"Grants permission to create a contact channel for a contact","accessLevel":"Write","resourceTypes":[{"name":"contact","required":true}]},"CreateRotation":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"rotation"}],"description":"Grants permission to create a rotation in an on-call schedule","accessLevel":"Write","resourceTypes":[{"name":"rotation","required":true}]},"CreateRotationOverride":{"conditionKeys":[],"resources":[{"name":"rotation"}],"description":"Grants permission to create an override for a rotation in an on-call schedule","accessLevel":"Write","resourceTypes":[{"name":"rotation","required":true}]},"DeactivateContactChannel":{"conditionKeys":[],"resources":[{"name":"contactchannel"}],"description":"Grants permission to deactivate a contact's contact channel","accessLevel":"Write","resourceTypes":[{"name":"contactchannel","required":true}]},"DeleteContact":{"conditionKeys":[],"resources":[{"name":"contact"}],"description":"Grants permission to delete a contact","accessLevel":"Write","resourceTypes":[{"name":"contact","required":true}]},"DeleteContactChannel":{"conditionKeys":[],"resources":[{"name":"contactchannel"}],"description":"Grants permission to delete a contact's contact channel","accessLevel":"Write","resourceTypes":[{"name":"contactchannel","required":true}]},"DeleteRotation":{"conditionKeys":[],"resources":[{"name":"rotation"}],"description":"Grants permission to delete a rotation","accessLevel":"Write","resourceTypes":[{"name":"rotation","required":true}]},"DeleteRotationOverride":{"conditionKeys":[],"resources":[{"name":"rotation"}],"description":"Grants permission to delete a rotation's rotation override","accessLevel":"Write","resourceTypes":[{"name":"rotation","required":true}]},"DescribeEngagement":{"conditionKeys":[],"resources":[{"name":"engagement"}],"description":"Grants permission to describe an engagement","accessLevel":"Read","resourceTypes":[{"name":"engagement","required":true}]},"DescribePage":{"conditionKeys":[],"resources":[{"name":"page"}],"description":"Grants permission to describe a page","accessLevel":"Read","resourceTypes":[{"name":"page","required":true}]},"GetContact":{"conditionKeys":[],"resources":[{"name":"contact"}],"description":"Grants permission to get a contact","accessLevel":"Read","resourceTypes":[{"name":"contact","required":true}]},"GetContactChannel":{"conditionKeys":[],"resources":[{"name":"contactchannel"}],"description":"Grants permission to get a contact's contact channel","accessLevel":"Read","resourceTypes":[{"name":"contactchannel","required":true}]},"GetContactPolicy":{"conditionKeys":[],"resources":[{"name":"contact"}],"description":"Grants permission to get a contact's resource policy","accessLevel":"Read","resourceTypes":[{"name":"contact","required":true}]},"GetRotation":{"conditionKeys":[],"resources":[{"name":"rotation"}],"description":"Grants permission to retrieve information about an on-call rotation","accessLevel":"Read","resourceTypes":[{"name":"rotation","required":true}]},"GetRotationOverride":{"conditionKeys":[],"resources":[{"name":"rotation"}],"description":"Grants permission to retrieve information about an override in an on-call rotation","accessLevel":"Read","resourceTypes":[{"name":"rotation","required":true}]},"ListContactChannels":{"conditionKeys":[],"resources":[{"name":"contact"}],"description":"Grants permission to list all of a contact's contact channels","accessLevel":"List","resourceTypes":[{"name":"contact","required":true}]},"ListContacts":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all contacts","accessLevel":"List","resourceTypes":[]},"ListEngagements":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all engagements","accessLevel":"List","resourceTypes":[]},"ListPageReceipts":{"conditionKeys":[],"resources":[{"name":"page"}],"description":"Grants permission to list all receipts of a page","accessLevel":"List","resourceTypes":[{"name":"page","required":true}]},"ListPageResolutions":{"conditionKeys":[],"resources":[{"name":"page"}],"description":"Grants permission to list the resolution path of an engagement","accessLevel":"List","resourceTypes":[{"name":"page","required":true}]},"ListPagesByContact":{"conditionKeys":[],"resources":[{"name":"contact"}],"description":"Grants permission to list all pages sent to a contact","accessLevel":"List","resourceTypes":[{"name":"contact","required":true}]},"ListPagesByEngagement":{"conditionKeys":[],"resources":[{"name":"engagement"}],"description":"Grants permission to list all pages created in an engagement","accessLevel":"List","resourceTypes":[{"name":"engagement","required":true}]},"ListPreviewRotationShifts":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of shifts based on rotation configuration parameters","accessLevel":"List","resourceTypes":[]},"ListRotationOverrides":{"conditionKeys":[],"resources":[{"name":"rotation"}],"description":"Grants permission to retrieve a list of overrides currently specified for an on-call rotation","accessLevel":"List","resourceTypes":[{"name":"rotation","required":true}]},"ListRotationShifts":{"conditionKeys":[],"resources":[{"name":"rotation"}],"description":"Grants permission to retrieve a list of rotation shifts in an on-call schedule","accessLevel":"List","resourceTypes":[{"name":"rotation","required":true}]},"ListRotations":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of on-call rotations","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"contact"},{"name":"rotation"}],"description":"Grants permission to view a list of resource tags for a specified resource","accessLevel":"Read","resourceTypes":[{"name":"contact","required":false},{"name":"rotation","required":false}]},"PutContactPolicy":{"conditionKeys":[],"resources":[{"name":"contact"}],"description":"Grants permission to add a resource policy to a contact","accessLevel":"Write","resourceTypes":[{"name":"contact","required":true}]},"SendActivationCode":{"conditionKeys":[],"resources":[{"name":"contactchannel"}],"description":"Grants permission to send the activation code of a contact's contact channel","accessLevel":"Write","resourceTypes":[{"name":"contactchannel","required":true}]},"StartEngagement":{"conditionKeys":[],"resources":[{"name":"contact"}],"description":"Grants permission to start an engagement","accessLevel":"Write","resourceTypes":[{"name":"contact","required":true}]},"StopEngagement":{"conditionKeys":[],"resources":[{"name":"engagement"}],"description":"Grants permission to stop an engagement","accessLevel":"Write","resourceTypes":[{"name":"engagement","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"contact"},{"name":"rotation"}],"description":"Grants permission to add tags to the specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"contact","required":false},{"name":"rotation","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"contact"},{"name":"rotation"}],"description":"Grants permission to remove tags from the specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"contact","required":false},{"name":"rotation","required":false}]},"UpdateContact":{"conditionKeys":[],"resources":[{"name":"contact"}],"description":"Grants permission to update a contact","accessLevel":"Write","resourceTypes":[{"name":"contact","required":true}],"dependentActions":["ssm-contacts:AssociateContact"]},"UpdateContactChannel":{"conditionKeys":[],"resources":[{"name":"contactchannel"}],"description":"Grants permission to update a contact's contact channel","accessLevel":"Write","resourceTypes":[{"name":"contactchannel","required":true}]},"UpdateRotation":{"conditionKeys":[],"resources":[{"name":"rotation"}],"description":"Grants permission to update the information specified for an on-call rotation","accessLevel":"Write","resourceTypes":[{"name":"rotation","required":true}]}},"resources":[{"name":"contact","arnFormats":["arn:${Partition}:ssm-contacts:${Region}:${Account}:contact/${ContactAlias}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"contactchannel","arnFormats":["arn:${Partition}:ssm-contacts:${Region}:${Account}:contactchannel/${ContactAlias}/${ContactChannelId}"],"conditionKeys":[]},{"name":"engagement","arnFormats":["arn:${Partition}:ssm-contacts:${Region}:${Account}:engagement/${ContactAlias}/${EngagementId}"],"conditionKeys":[]},{"name":"page","arnFormats":["arn:${Partition}:ssm-contacts:${Region}:${Account}:page/${ContactAlias}/${PageId}"],"conditionKeys":[]},{"name":"rotation","arnFormats":["arn:${Partition}:ssm-contacts:${Region}:${Account}:rotation/${RotationId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/ssm-guiconnect.json

@@ -0,0 +1 @@
+{"name":"ssm-guiconnect","actions":{"CancelConnection":{"conditionKeys":[],"resources":[],"description":"Grants permission to terminate a GUI Connect connection","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"DeleteConnectionRecordingPreferences":{"conditionKeys":[],"resources":[],"description":"Grants permission to remove GUI Connect connection recording preferences","accessLevel":"Write","resourceTypes":[]},"GetConnection":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the metadata for a GUI Connect connection","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetConnectionRecordingPreferences":{"conditionKeys":[],"resources":[],"description":"Grants permission to get GUI Connect connection recording preferences","accessLevel":"Read","resourceTypes":[]},"ListConnections":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the metadata for GUI Connect connections","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"StartConnection":{"conditionKeys":[],"resources":[],"description":"Grants permission to start a GUI Connect connection","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"UpdateConnectionRecordingPreferences":{"conditionKeys":[],"resources":[],"description":"Grants permission to update GUI Connect connection recording preferences","accessLevel":"Write","resourceTypes":[]}},"resources":[],"conditionKeys":{}}

package/src/data/servicereference/services/ssm-incidents.json

@@ -0,0 +1 @@
+{"name":"ssm-incidents","actions":{"BatchGetIncidentFindings":{"conditionKeys":[],"resources":[{"name":"incident-record"},{"name":"response-plan"}],"description":"Grants permission to retrieve details about specified findings for an incident record","accessLevel":"Read","resourceTypes":[{"name":"incident-record","required":true},{"name":"response-plan","required":true}]},"CreateReplicationSet":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a replication set","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:CreateServiceLinkedRole","ssm-incidents:TagResource"]},"CreateResponsePlan":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a response plan","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:PassRole","ssm-incidents:TagResource"]},"CreateTimelineEvent":{"conditionKeys":[],"resources":[{"name":"incident-record"},{"name":"response-plan"}],"description":"Grants permission to create a timeline event for an incident record","accessLevel":"Write","resourceTypes":[{"name":"incident-record","required":true},{"name":"response-plan","required":true}]},"DeleteIncidentRecord":{"conditionKeys":[],"resources":[{"name":"incident-record"}],"description":"Grants permission to delete an incident record","accessLevel":"Write","resourceTypes":[{"name":"incident-record","required":true}]},"DeleteReplicationSet":{"conditionKeys":[],"resources":[{"name":"replication-set"}],"description":"Grants permission to delete a replication set","accessLevel":"Write","resourceTypes":[{"name":"replication-set","required":true}]},"DeleteResourcePolicy":{"conditionKeys":[],"resources":[{"name":"response-plan"}],"description":"Grants permission to delete resource policy from a response plan","accessLevel":"Permissions management","resourceTypes":[{"name":"response-plan","required":true}]},"DeleteResponsePlan":{"conditionKeys":[],"resources":[{"name":"response-plan"}],"description":"Grants permission to delete a response plan","accessLevel":"Write","resourceTypes":[{"name":"response-plan","required":true}]},"DeleteTimelineEvent":{"conditionKeys":[],"resources":[{"name":"incident-record"}],"description":"Grants permission to delete a timeline event","accessLevel":"Write","resourceTypes":[{"name":"incident-record","required":true}]},"GetIncidentRecord":{"conditionKeys":[],"resources":[{"name":"incident-record"},{"name":"response-plan"}],"description":"Grants permission to view the contents of an incident record","accessLevel":"Read","resourceTypes":[{"name":"incident-record","required":true},{"name":"response-plan","required":true}]},"GetReplicationSet":{"conditionKeys":[],"resources":[{"name":"replication-set"}],"description":"Grants permission to view the replication set","accessLevel":"Read","resourceTypes":[{"name":"replication-set","required":true}]},"GetResourcePolicies":{"conditionKeys":[],"resources":[{"name":"response-plan"}],"description":"Grants permission to view resource policies of a response plan","accessLevel":"Read","resourceTypes":[{"name":"response-plan","required":true}]},"GetResponsePlan":{"conditionKeys":[],"resources":[{"name":"response-plan"}],"description":"Grants permission to view the contents of a specified response plan","accessLevel":"Read","resourceTypes":[{"name":"response-plan","required":true}]},"GetTimelineEvent":{"conditionKeys":[],"resources":[{"name":"incident-record"},{"name":"response-plan"}],"description":"Grants permission to view a timeline event","accessLevel":"Read","resourceTypes":[{"name":"incident-record","required":true},{"name":"response-plan","required":true}]},"ListIncidentFindings":{"conditionKeys":[],"resources":[{"name":"incident-record"},{"name":"response-plan"}],"description":"Grants permission to list findings for an incident record","accessLevel":"List","resourceTypes":[{"name":"incident-record","required":true},{"name":"response-plan","required":true}]},"ListIncidentRecords":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the contents of all incident records","accessLevel":"List","resourceTypes":[]},"ListRelatedItems":{"conditionKeys":[],"resources":[{"name":"incident-record"},{"name":"response-plan"}],"description":"Grants permission to list related items of an incident record","accessLevel":"List","resourceTypes":[{"name":"incident-record","required":true},{"name":"response-plan","required":true}]},"ListReplicationSets":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all replication sets","accessLevel":"List","resourceTypes":[]},"ListResponsePlans":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all response plans","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"incident-record"},{"name":"replication-set"},{"name":"response-plan"}],"description":"Grants permission to view a list of resource tags for a specified resource","accessLevel":"Read","resourceTypes":[{"name":"incident-record","required":false},{"name":"replication-set","required":false},{"name":"response-plan","required":false}]},"ListTimelineEvents":{"conditionKeys":[],"resources":[{"name":"incident-record"},{"name":"response-plan"}],"description":"Grants permission to list all timeline events for an incident record","accessLevel":"List","resourceTypes":[{"name":"incident-record","required":true},{"name":"response-plan","required":true}]},"PutResourcePolicy":{"conditionKeys":[],"resources":[{"name":"response-plan"}],"description":"Grants permission to put resource policy on a response plan","accessLevel":"Permissions management","resourceTypes":[{"name":"response-plan","required":true}]},"StartIncident":{"conditionKeys":[],"resources":[{"name":"response-plan"}],"description":"Grants permission to start a new incident using a response plan","accessLevel":"Write","resourceTypes":[{"name":"response-plan","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"incident-record"},{"name":"replication-set"},{"name":"response-plan"}],"description":"Grants permission to add tags to a response plan","accessLevel":"Tagging","resourceTypes":[{"name":"incident-record","required":false},{"name":"replication-set","required":false},{"name":"response-plan","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"incident-record"},{"name":"replication-set"},{"name":"response-plan"}],"description":"Grants permission to remove tags from a response plan","accessLevel":"Tagging","resourceTypes":[{"name":"incident-record","required":false},{"name":"replication-set","required":false},{"name":"response-plan","required":false}]},"UpdateDeletionProtection":{"conditionKeys":[],"resources":[{"name":"replication-set"}],"description":"Grants permission to update replication set deletion protection","accessLevel":"Write","resourceTypes":[{"name":"replication-set","required":true}]},"UpdateIncidentRecord":{"conditionKeys":[],"resources":[{"name":"incident-record"},{"name":"response-plan"}],"description":"Grants permission to update the contents of an incident record","accessLevel":"Write","resourceTypes":[{"name":"incident-record","required":true},{"name":"response-plan","required":true}]},"UpdateRelatedItems":{"conditionKeys":[],"resources":[{"name":"incident-record"},{"name":"response-plan"}],"description":"Grants permission to update related items of an incident record","accessLevel":"Write","resourceTypes":[{"name":"incident-record","required":true},{"name":"response-plan","required":true}]},"UpdateReplicationSet":{"conditionKeys":[],"resources":[{"name":"replication-set"}],"description":"Grants permission to update a replication set","accessLevel":"Write","resourceTypes":[{"name":"replication-set","required":true}]},"UpdateResponsePlan":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"response-plan"}],"description":"Grants permission to update the contents of a response plan","accessLevel":"Write","resourceTypes":[{"name":"response-plan","required":true}],"dependentActions":["iam:PassRole","ssm-incidents:TagResource"]},"UpdateTimelineEvent":{"conditionKeys":[],"resources":[{"name":"incident-record"},{"name":"response-plan"}],"description":"Grants permission to update a timeline event","accessLevel":"Write","resourceTypes":[{"name":"incident-record","required":true},{"name":"response-plan","required":true}]}},"resources":[{"name":"incident-record","arnFormats":["arn:${Partition}:ssm-incidents::${Account}:incident-record/${ResponsePlan}/${IncidentRecord}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"replication-set","arnFormats":["arn:${Partition}:ssm-incidents::${Account}:replication-set/${ReplicationSet}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"response-plan","arnFormats":["arn:${Partition}:ssm-incidents::${Account}:response-plan/${ResponsePlan}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/ssm-quicksetup.json

@@ -0,0 +1 @@
+{"name":"ssm-quicksetup","actions":{"CreateConfigurationManager":{"conditionKeys":[],"resources":[{"name":"configuration-manager"}],"description":"Grants permission to create a Quick Setup configuration manager resource","accessLevel":"Write","resourceTypes":[{"name":"configuration-manager","required":true}]},"DeleteConfigurationManager":{"conditionKeys":[],"resources":[{"name":"configuration-manager"}],"description":"Grants permission to delete a configuration manager","accessLevel":"Write","resourceTypes":[{"name":"configuration-manager","required":true}]},"GetConfiguration":{"conditionKeys":[],"resources":[{"name":"configuration-manager"}],"description":"Grants permission to get Quick Setup configuration","accessLevel":"Read","resourceTypes":[{"name":"configuration-manager","required":false}]},"GetConfigurationManager":{"conditionKeys":[],"resources":[{"name":"configuration-manager"}],"description":"Grants permission to get a configuration manager","accessLevel":"Read","resourceTypes":[{"name":"configuration-manager","required":true}]},"GetServiceSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to get settings configured for Quick Setup in the requesting AWS account and AWS Region","accessLevel":"Read","resourceTypes":[]},"ListConfigurationManagers":{"conditionKeys":[],"resources":[],"description":"Grants permission to list Quick Setup configuration managers","accessLevel":"List","resourceTypes":[]},"ListConfigurations":{"conditionKeys":[],"resources":[{"name":"configuration-manager"}],"description":"Grants permission to list Quick Setup configurations","accessLevel":"List","resourceTypes":[{"name":"configuration-manager","required":false}]},"ListQuickSetupTypes":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the available Quick Setup types","accessLevel":"Read","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"configuration-manager"}],"description":"Grants permission to list tags assigned to the resource","accessLevel":"Read","resourceTypes":[{"name":"configuration-manager","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"configuration-manager"}],"description":"Grants permission to Assign key-value pairs of metadata to AWS resources","accessLevel":"Tagging","resourceTypes":[{"name":"configuration-manager","required":true}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"configuration-manager"}],"description":"Grants permission to remove tags from the specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"configuration-manager","required":true}]},"UpdateConfigurationDefinition":{"conditionKeys":[],"resources":[{"name":"configuration-manager"}],"description":"Grants permission to update a Quick Setup configuration definition","accessLevel":"Write","resourceTypes":[{"name":"configuration-manager","required":true}]},"UpdateConfigurationManager":{"conditionKeys":[],"resources":[{"name":"configuration-manager"}],"description":"Grants permission to update a Quick Setup configuration manager","accessLevel":"Write","resourceTypes":[{"name":"configuration-manager","required":true}]},"UpdateServiceSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to update settings configured for Quick Setup","accessLevel":"Write","resourceTypes":[]}},"resources":[{"name":"configuration-manager","arnFormats":["arn:${Partition}:ssm-quicksetup:${Region}:${Account}:configuration-manager/${ConfigurationManagerId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the presence of tag key-value pairs in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tag key-value pairs attached to the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of tag keys in the request"}}}

package/src/data/servicereference/services/ssm-sap.json

@@ -0,0 +1 @@
+{"name":"ssm-sap","actions":{"BackupDatabase":{"conditionKeys":[],"resources":[],"description":"Grants permission to perform backup operation on a specified database","accessLevel":"Write","resourceTypes":[]},"DeleteResourcePermission":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete the SSM for SAP level resource permissions associated with a SSM for SAP database resource","accessLevel":"Permissions management","resourceTypes":[]},"DeregisterApplication":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to deregister an SAP application with SSM for SAP","accessLevel":"Write","resourceTypes":[{"name":"application","required":false}]},"GetApplication":{"conditionKeys":[],"resources":[],"description":"Grants permission to access information about an application registered with SSM for SAP by providing the application ID or application ARN","accessLevel":"Read","resourceTypes":[]},"GetComponent":{"conditionKeys":[],"resources":[{"name":"component"}],"description":"Grants permission to access information about a component registered with SSM for SAP by providing the application ID and component ID","accessLevel":"Read","resourceTypes":[{"name":"component","required":false}]},"GetConfigurationCheckOperation":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the details of a configuration check operation by specifying the operation ID","accessLevel":"Read","resourceTypes":[]},"GetDatabase":{"conditionKeys":[],"resources":[],"description":"Grants permission to access information about a database registered with SSM for SAP by providing the application ID, component ID, and database ID","accessLevel":"Read","resourceTypes":[]},"GetOperation":{"conditionKeys":[],"resources":[],"description":"Grants permission to access information about an operation by providing its operation ID","accessLevel":"Read","resourceTypes":[]},"GetResourcePermission":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the SSM for SAP level resource permissions associated with a SSM for SAP database resource","accessLevel":"Permissions management","resourceTypes":[]},"ListApplications":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of all applications registered with SSM for SAP under the customer AWS account","accessLevel":"List","resourceTypes":[]},"ListComponents":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to retrieve a list of all components in the account of customer, or a specific application","accessLevel":"List","resourceTypes":[{"name":"application","required":false}]},"ListConfigurationCheckDefinitions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all configuration check types supported by AWS Systems Manager for SAP","accessLevel":"List","resourceTypes":[]},"ListConfigurationCheckOperations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list past configuration check operations","accessLevel":"List","resourceTypes":[]},"ListDatabases":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of all databases in the account of customer, or a specific application","accessLevel":"List","resourceTypes":[]},"ListOperationEvents":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of all operation events in a specified operation","accessLevel":"List","resourceTypes":[]},"ListOperations":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve a list of all operations in the account of customer, additional filters can be applied","accessLevel":"List","resourceTypes":[]},"ListSubCheckResults":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the sub-check results of a specified configuration check operation","accessLevel":"List","resourceTypes":[]},"ListSubCheckRuleResults":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the rules of a specified sub-check belonging to a configuration check operation","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the tags on a specified resource ARN","accessLevel":"Read","resourceTypes":[]},"PutResourcePermission":{"conditionKeys":[],"resources":[],"description":"Grants permission to add the SSM for SAP level resource permissions associated with a SSM for SAP database resource","accessLevel":"Permissions management","resourceTypes":[]},"RegisterApplication":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to registers an SAP application with SSM for SAP","accessLevel":"Write","resourceTypes":[]},"RestoreDatabase":{"conditionKeys":[],"resources":[],"description":"Grants permission to restore a database from another database","accessLevel":"Write","resourceTypes":[]},"StartApplication":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to start a registered SSM for SAP application","accessLevel":"Write","resourceTypes":[{"name":"application","required":false}]},"StartApplicationRefresh":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to start an on-demand discovery of a registered SSM for SAP application","accessLevel":"Write","resourceTypes":[{"name":"application","required":false}]},"StartConfigurationChecks":{"conditionKeys":[],"resources":[],"description":"Grants permission to iniitiate configuration check operations against a specified application","accessLevel":"Write","resourceTypes":[]},"StopApplication":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to stop a registered SSM for SAP application","accessLevel":"Write","resourceTypes":[{"name":"application","required":false}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"application"},{"name":"component"},{"name":"database"}],"description":"Grants permission to tag a specified resource ARN","accessLevel":"Tagging","resourceTypes":[{"name":"application","required":false},{"name":"component","required":false},{"name":"database","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"application"},{"name":"component"},{"name":"database"}],"description":"Grants permission to remove tags from a specified resource ARN","accessLevel":"Tagging","resourceTypes":[{"name":"application","required":false},{"name":"component","required":false},{"name":"database","required":false}]},"UpdateApplicationSettings":{"conditionKeys":[],"resources":[{"name":"application"}],"description":"Grants permission to update settings of a registered SSM for SAP application","accessLevel":"Write","resourceTypes":[{"name":"application","required":false}]},"UpdateHANABackupSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the HANA backup settings of a specified database","accessLevel":"Write","resourceTypes":[]}},"resources":[{"name":"application","arnFormats":["arn:${Partition}:ssm-sap:${Region}:${Account}:${ApplicationType}/${ApplicationId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"component","arnFormats":["arn:${Partition}:ssm-sap:${Region}:${Account}:${ApplicationType}/${ApplicationId}/COMPONENT/${ComponentId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"database","arnFormats":["arn:${Partition}:ssm-sap:${Region}:${Account}:${ApplicationType}/${ApplicationId}/DB/${DatabaseId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/ssm.json

@@ -0,0 +1 @@
+{"name":"ssm","actions":{"AddTagsToResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"association"},{"name":"automation-execution"},{"name":"document"},{"name":"instance"},{"name":"maintenancewindow"},{"name":"managed-instance"},{"name":"opsitem"},{"name":"opsmetadata"},{"name":"parameter"},{"name":"patchbaseline"},{"name":"task"}],"description":"Grants permission to add or overwrite one or more tags for a specified AWS resource","accessLevel":"Tagging","resourceTypes":[{"name":"association","required":false},{"name":"automation-execution","required":false},{"name":"document","required":false},{"name":"instance","required":false},{"name":"maintenancewindow","required":false},{"name":"managed-instance","required":false},{"name":"opsitem","required":false},{"name":"opsmetadata","required":false},{"name":"parameter","required":false},{"name":"patchbaseline","required":false},{"name":"task","required":false}]},"AssociateOpsItemRelatedItem":{"conditionKeys":[],"resources":[{"name":"opsitem"}],"description":"Grants permission to associate RelatedItem to an OpsItem","accessLevel":"Write","resourceTypes":[{"name":"opsitem","required":true}]},"CancelCommand":{"conditionKeys":[],"resources":[],"description":"Grants permission to cancel a specified Run Command command","accessLevel":"Write","resourceTypes":[]},"CancelMaintenanceWindowExecution":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"}],"description":"Grants permission to cancel an in-progress maintenance window execution","accessLevel":"Write","resourceTypes":[{"name":"maintenancewindow","required":true}]},"CreateActivation":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create an activation that is used to register on-premises servers and virtual machines (VMs) with Systems Manager","accessLevel":"Write","resourceTypes":[]},"CreateAssociation":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"association"},{"name":"document"},{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to associate a specified Systems Manager document with specified instances or other targets","accessLevel":"Write","resourceTypes":[{"name":"association","required":true},{"name":"document","required":true},{"name":"instance","required":false},{"name":"managed-instance","required":false}]},"CreateAssociationBatch":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"document"},{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to combine entries for multiple CreateAssociation operations in a single command","accessLevel":"Write","resourceTypes":[{"name":"document","required":true},{"name":"instance","required":false},{"name":"managed-instance","required":false}]},"CreateDocument":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","ssm:DocumentType"],"resources":[{"name":"document"}],"description":"Grants permission to create a Systems Manager SSM document","accessLevel":"Write","resourceTypes":[{"name":"document","required":true}],"dependentActions":["iam:PassRole"]},"CreateMaintenanceWindow":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a maintenance window","accessLevel":"Write","resourceTypes":[]},"CreateOpsItem":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create an OpsItem in OpsCenter","accessLevel":"Write","resourceTypes":[]},"CreateOpsMetadata":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create an OpsMetadata object for an AWS resource","accessLevel":"Write","resourceTypes":[]},"CreatePatchBaseline":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a patch baseline","accessLevel":"Write","resourceTypes":[]},"CreateResourceDataSync":{"conditionKeys":["ssm:SyncType"],"resources":[{"name":"resourcedatasync"}],"description":"Grants permission to create a resource data sync configuration, which regularly collects inventory data from managed instances and updates the data in an Amazon S3 bucket","accessLevel":"Write","resourceTypes":[{"name":"resourcedatasync","required":true}]},"DeleteActivation":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a specified activation for managed instances","accessLevel":"Write","resourceTypes":[]},"DeleteAssociation":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"association"},{"name":"document"},{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to disassociate a specified SSM document from a specified instance","accessLevel":"Write","resourceTypes":[{"name":"association","required":false},{"name":"document","required":false},{"name":"instance","required":false},{"name":"managed-instance","required":false}]},"DeleteDocument":{"conditionKeys":["ssm:DocumentType"],"resources":[{"name":"document"}],"description":"Grants permission to delete a specified SSM document and its instance associations","accessLevel":"Write","resourceTypes":[{"name":"document","required":true}]},"DeleteInventory":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a specified custom inventory type, or the data associated with a custom inventory type","accessLevel":"Write","resourceTypes":[]},"DeleteMaintenanceWindow":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"}],"description":"Grants permission to delete a specified maintenance window","accessLevel":"Write","resourceTypes":[{"name":"maintenancewindow","required":true}]},"DeleteOpsItem":{"conditionKeys":[],"resources":[{"name":"opsitem"}],"description":"Grants permission to delete an OpsItem","accessLevel":"Write","resourceTypes":[{"name":"opsitem","required":true}]},"DeleteOpsMetadata":{"conditionKeys":[],"resources":[{"name":"opsmetadata"}],"description":"Grants permission to delete an OpsMetadata object","accessLevel":"Write","resourceTypes":[{"name":"opsmetadata","required":true}]},"DeleteParameter":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"parameter"}],"description":"Grants permission to delete a specified SSM parameter","accessLevel":"Write","resourceTypes":[{"name":"parameter","required":true}]},"DeleteParameters":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"parameter"}],"description":"Grants permission to delete multiple specified SSM parameters","accessLevel":"Write","resourceTypes":[{"name":"parameter","required":true}]},"DeletePatchBaseline":{"conditionKeys":[],"resources":[{"name":"patchbaseline"}],"description":"Grants permission to delete a specified patch baseline","accessLevel":"Write","resourceTypes":[{"name":"patchbaseline","required":true}]},"DeleteResourceDataSync":{"conditionKeys":["ssm:SyncType"],"resources":[{"name":"resourcedatasync"}],"description":"Grants permission to delete a specified resource data sync","accessLevel":"Write","resourceTypes":[{"name":"resourcedatasync","required":true}]},"DeleteResourcePolicy":{"conditionKeys":[],"resources":[{"name":"document"},{"name":"opsitemgroup"},{"name":"parameter"}],"description":"Grants permission to delete a Systems Manager resource policy","accessLevel":"Permissions management","resourceTypes":[{"name":"document","required":false},{"name":"opsitemgroup","required":false},{"name":"parameter","required":false}]},"DeregisterManagedInstance":{"conditionKeys":["ssm:resourceTag/tag-key"],"resources":[{"name":"managed-instance"}],"description":"Grants permission to deregister a specified on-premises server or virtual machine (VM) from Systems Manager","accessLevel":"Write","resourceTypes":[{"name":"managed-instance","required":true}]},"DeregisterPatchBaselineForPatchGroup":{"conditionKeys":[],"resources":[{"name":"patchbaseline"}],"description":"Grants permission to deregister a specified patch baseline from being the default patch baseline for a specified patch group","accessLevel":"Write","resourceTypes":[{"name":"patchbaseline","required":true}]},"DeregisterTargetFromMaintenanceWindow":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"},{"name":"windowtarget"}],"description":"Grants permission to deregister a specified target from a maintenance window","accessLevel":"Write","resourceTypes":[{"name":"maintenancewindow","required":true},{"name":"windowtarget","required":true}]},"DeregisterTaskFromMaintenanceWindow":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"},{"name":"windowtask"}],"description":"Grants permission to deregister a specified task from a maintenance window","accessLevel":"Write","resourceTypes":[{"name":"maintenancewindow","required":true},{"name":"windowtask","required":true}]},"DescribeActivations":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about a specified managed instance activation, such as when it was created and the number of instances registered using the activation","accessLevel":"Read","resourceTypes":[]},"DescribeAssociation":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"association"},{"name":"document"},{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to view details about the specified association for a specified instance or target","accessLevel":"Read","resourceTypes":[{"name":"association","required":false},{"name":"document","required":false},{"name":"instance","required":false},{"name":"managed-instance","required":false}]},"DescribeAssociationExecutionTargets":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"association"}],"description":"Grants permission to view information about a specified association execution","accessLevel":"Read","resourceTypes":[{"name":"association","required":true}]},"DescribeAssociationExecutions":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"association"}],"description":"Grants permission to view all executions for a specified association","accessLevel":"Read","resourceTypes":[{"name":"association","required":true}]},"DescribeAutomationExecutions":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about all active and terminated Automation executions","accessLevel":"Read","resourceTypes":[]},"DescribeAutomationStepExecutions":{"conditionKeys":[],"resources":[{"name":"automation-execution"}],"description":"Grants permission to view information about all active and terminated step executions in an Automation workflow","accessLevel":"Read","resourceTypes":[{"name":"automation-execution","required":true}]},"DescribeAvailablePatches":{"conditionKeys":[],"resources":[],"description":"Grants permission to view all patches eligible to include in a patch baseline","accessLevel":"Read","resourceTypes":[]},"DescribeDocument":{"conditionKeys":["ssm:DocumentType"],"resources":[{"name":"document"}],"description":"Grants permission to view details about a specified SSM document","accessLevel":"Read","resourceTypes":[{"name":"document","required":true}]},"DescribeDocumentParameters":{"conditionKeys":[],"resources":[{"name":"document"}],"description":"Grants permission to display information about SSM document parameters in the Systems Manager console (internal Systems Manager action)","accessLevel":"Read","resourceTypes":[{"name":"document","required":true}]},"DescribeDocumentPermission":{"conditionKeys":["ssm:DocumentType"],"resources":[{"name":"document"}],"description":"Grants permission to view the permissions for a specified SSM document","accessLevel":"Read","resourceTypes":[{"name":"document","required":true}]},"DescribeEffectiveInstanceAssociations":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to view all current associations for a specified instance","accessLevel":"Read","resourceTypes":[{"name":"instance","required":true},{"name":"managed-instance","required":true}]},"DescribeEffectivePatchesForPatchBaseline":{"conditionKeys":[],"resources":[{"name":"patchbaseline"}],"description":"Grants permission to view details about the patches currently associated with the specified patch baseline (Windows only)","accessLevel":"Read","resourceTypes":[{"name":"patchbaseline","required":true}]},"DescribeInstanceAssociationsStatus":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to view the status of the associations for a specified instance","accessLevel":"Read","resourceTypes":[{"name":"instance","required":true},{"name":"managed-instance","required":true}]},"DescribeInstanceInformation":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about a specified instance","accessLevel":"Read","resourceTypes":[]},"DescribeInstancePatchStates":{"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:resourceTag/${TagKey}"],"resources":[{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to view status details about patches on a specified instance","accessLevel":"Read","resourceTypes":[{"name":"instance","required":true},{"name":"managed-instance","required":true}]},"DescribeInstancePatchStatesForPatchGroup":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe the high-level patch state for the instances in the specified patch group","accessLevel":"Read","resourceTypes":[]},"DescribeInstancePatches":{"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:resourceTag/${TagKey}"],"resources":[{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to view general details about the patches on a specified instance","accessLevel":"Read","resourceTypes":[{"name":"instance","required":true},{"name":"managed-instance","required":true}]},"DescribeInstanceProperties":{"conditionKeys":[],"resources":[],"description":"Grants permission to user's Amazon EC2 console to render managed instances' nodes","accessLevel":"Read","resourceTypes":[]},"DescribeInventoryDeletions":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about a specified inventory deletion","accessLevel":"Read","resourceTypes":[]},"DescribeMaintenanceWindowExecutionTaskInvocations":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details of a specified task execution for a maintenance window","accessLevel":"List","resourceTypes":[]},"DescribeMaintenanceWindowExecutionTasks":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about the tasks that ran during a specified maintenance window execution","accessLevel":"List","resourceTypes":[]},"DescribeMaintenanceWindowExecutions":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"}],"description":"Grants permission to view the executions of a specified maintenance window","accessLevel":"List","resourceTypes":[{"name":"maintenancewindow","required":true}]},"DescribeMaintenanceWindowSchedule":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about upcoming executions of a specified maintenance window","accessLevel":"List","resourceTypes":[]},"DescribeMaintenanceWindowTargets":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"}],"description":"Grants permission to view a list of the targets associated with a specified maintenance window","accessLevel":"List","resourceTypes":[{"name":"maintenancewindow","required":true}]},"DescribeMaintenanceWindowTasks":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"}],"description":"Grants permission to view a list of the tasks associated with a specified maintenance window","accessLevel":"List","resourceTypes":[{"name":"maintenancewindow","required":true}]},"DescribeMaintenanceWindows":{"conditionKeys":[],"resources":[],"description":"Grants permission to view information about all or specified maintenance windows","accessLevel":"List","resourceTypes":[]},"DescribeMaintenanceWindowsForTarget":{"conditionKeys":[],"resources":[],"description":"Grants permission to view information about the maintenance window targets and tasks associated with a specified instance","accessLevel":"List","resourceTypes":[]},"DescribeOpsItems":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about specified OpsItems","accessLevel":"Read","resourceTypes":[]},"DescribeParameters":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about a specified SSM parameter","accessLevel":"List","resourceTypes":[]},"DescribePatchBaselines":{"conditionKeys":[],"resources":[],"description":"Grants permission to view information about patch baselines that meet the specified criteria","accessLevel":"List","resourceTypes":[]},"DescribePatchGroupState":{"conditionKeys":[],"resources":[],"description":"Grants permission to view aggregated status details for patches for a specified patch group","accessLevel":"List","resourceTypes":[]},"DescribePatchGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to view information about the patch baseline for a specified patch group","accessLevel":"List","resourceTypes":[]},"DescribePatchProperties":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details of available patches for a specified operating system and patch property","accessLevel":"List","resourceTypes":[]},"DescribeSessions":{"conditionKeys":[],"resources":[],"description":"Grants permission to view a list of recent Session Manager sessions that meet the specified search criteria","accessLevel":"List","resourceTypes":[]},"DisassociateOpsItemRelatedItem":{"conditionKeys":[],"resources":[{"name":"opsitem"}],"description":"Grants permission to disassociate RelatedItem from an OpsItem","accessLevel":"Write","resourceTypes":[{"name":"opsitem","required":true}]},"ExecuteAPI":{"conditionKeys":[],"resources":[],"description":"Grants permission to a Systems Manager delegated administrator to view related resource details about OpsItems across multiple AWS accounts in the AWS Management Console","accessLevel":"Read","resourceTypes":[]},"GetAccessToken":{"conditionKeys":[],"resources":[{"name":"opsitem"}],"description":"Grants permission to return a credentials set to be used with just-in-time node access","accessLevel":"Read","resourceTypes":[{"name":"opsitem","required":true}]},"GetAutomationExecution":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"automation-execution"}],"description":"Grants permission to view details of a specified Automation execution","accessLevel":"Read","resourceTypes":[{"name":"automation-execution","required":true}]},"GetCalendar":{"conditionKeys":[],"resources":[{"name":"document"}],"description":"Grants permission to view details of a specific calendar","accessLevel":"Read","resourceTypes":[{"name":"document","required":true}],"permissionOnly":true},"GetCalendarState":{"conditionKeys":[],"resources":[{"name":"document"}],"description":"Grants permission to view the calendar state for a change calendar or a list of change calendars","accessLevel":"Read","resourceTypes":[{"name":"document","required":true}]},"GetCommandInvocation":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about the command execution of a specified invocation or plugin","accessLevel":"Read","resourceTypes":[]},"GetConnectionStatus":{"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:resourceTag/${TagKey}"],"resources":[{"name":"instance"},{"name":"managed-instance"},{"name":"task"}],"description":"Grants permission to view the Session Manager connection status for a specified managed instance","accessLevel":"Read","resourceTypes":[{"name":"instance","required":false},{"name":"managed-instance","required":false},{"name":"task","required":false}]},"GetDefaultPatchBaseline":{"conditionKeys":[],"resources":[{"name":"patchbaseline"}],"description":"Grants permission to view the current default patch baseline for a specified operating system type","accessLevel":"Read","resourceTypes":[{"name":"patchbaseline","required":true}]},"GetDeployablePatchSnapshotForInstance":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the current patch baseline snapshot for a specified instance","accessLevel":"Read","resourceTypes":[]},"GetDocument":{"conditionKeys":["ssm:DocumentCategories","ssm:DocumentType"],"resources":[{"name":"document"}],"description":"Grants permission to view the contents of a specified SSM document","accessLevel":"Read","resourceTypes":[{"name":"document","required":true}]},"GetExecutionPreview":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve an existing preview that shows the effects that running a specified Automation runbook would have on the targeted resources","accessLevel":"Read","resourceTypes":[]},"GetInventory":{"conditionKeys":[],"resources":[],"description":"Grants permission to view instance inventory details per the specified criteria","accessLevel":"Read","resourceTypes":[]},"GetInventorySchema":{"conditionKeys":[],"resources":[],"description":"Grants permission to view a list of inventory types or attribute names for a specified inventory item type","accessLevel":"Read","resourceTypes":[]},"GetMaintenanceWindow":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"}],"description":"Grants permission to view details about a specified maintenance window","accessLevel":"Read","resourceTypes":[{"name":"maintenancewindow","required":true}]},"GetMaintenanceWindowExecution":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about a specified maintenance window execution","accessLevel":"Read","resourceTypes":[]},"GetMaintenanceWindowExecutionTask":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about a specified maintenance window execution task","accessLevel":"Read","resourceTypes":[]},"GetMaintenanceWindowExecutionTaskInvocation":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about a specific maintenance window task running on a specific target","accessLevel":"Read","resourceTypes":[]},"GetMaintenanceWindowTask":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"}],"description":"Grants permission to view details about tasks registered with a specified maintenance window","accessLevel":"Read","resourceTypes":[{"name":"maintenancewindow","required":true}]},"GetManifest":{"conditionKeys":[],"resources":[],"description":"Grants permission to Systems Manager and SSM Agent to determine package installation requirements for an instance (internal Systems Manager call)","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"GetOpsItem":{"conditionKeys":[],"resources":[{"name":"opsitem"}],"description":"Grants permission to view information about a specified OpsItem","accessLevel":"Read","resourceTypes":[{"name":"opsitem","required":true}]},"GetOpsMetadata":{"conditionKeys":[],"resources":[{"name":"opsmetadata"}],"description":"Grants permission to retrieve an OpsMetadata object","accessLevel":"Read","resourceTypes":[{"name":"opsmetadata","required":true}]},"GetOpsSummary":{"conditionKeys":[],"resources":[{"name":"resourcedatasync"}],"description":"Grants permission to view summary information about OpsItems based on specified filters and aggregators","accessLevel":"Read","resourceTypes":[{"name":"resourcedatasync","required":true}]},"GetParameter":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"parameter"}],"description":"Grants permission to view information about a specified parameter","accessLevel":"Read","resourceTypes":[{"name":"parameter","required":true}]},"GetParameterHistory":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"parameter"}],"description":"Grants permission to view details and changes for a specified parameter","accessLevel":"Read","resourceTypes":[{"name":"parameter","required":true}]},"GetParameters":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"parameter"}],"description":"Grants permission to view information about multiple specified parameters","accessLevel":"Read","resourceTypes":[{"name":"parameter","required":true}]},"GetParametersByPath":{"conditionKeys":["ssm:Recursive"],"resources":[{"name":"parameter"}],"description":"Grants permission to view information about parameters in a specified hierarchy","accessLevel":"Read","resourceTypes":[{"name":"parameter","required":true}]},"GetPatchBaseline":{"conditionKeys":[],"resources":[{"name":"patchbaseline"}],"description":"Grants permission to view information about a specified patch baseline","accessLevel":"Read","resourceTypes":[{"name":"patchbaseline","required":true}]},"GetPatchBaselineForPatchGroup":{"conditionKeys":[],"resources":[],"description":"Grants permission to view the ID of the current patch baseline for a specified patch group","accessLevel":"Read","resourceTypes":[]},"GetResourcePolicies":{"conditionKeys":[],"resources":[{"name":"document"},{"name":"opsitemgroup"},{"name":"parameter"}],"description":"Grants permission to retrieve lists of Systems Manager resource policies","accessLevel":"List","resourceTypes":[{"name":"document","required":false},{"name":"opsitemgroup","required":false},{"name":"parameter","required":false}]},"GetServiceSetting":{"conditionKeys":[],"resources":[{"name":"servicesetting"}],"description":"Grants permission to view the account-level setting for an AWS service","accessLevel":"Read","resourceTypes":[{"name":"servicesetting","required":true}]},"LabelParameterVersion":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"parameter"}],"description":"Grants permission to apply an identifying label to a specified version of a parameter","accessLevel":"Write","resourceTypes":[{"name":"parameter","required":true}]},"ListAssociationVersions":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"association"}],"description":"Grants permission to list versions of the specified association","accessLevel":"List","resourceTypes":[{"name":"association","required":true}]},"ListAssociations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the associations for a specified SSM document or managed instance","accessLevel":"List","resourceTypes":[]},"ListCommandInvocations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list information about command invocations sent to a specified instance","accessLevel":"List","resourceTypes":[]},"ListCommands":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the commands sent to a specified instance","accessLevel":"List","resourceTypes":[]},"ListComplianceItems":{"conditionKeys":[],"resources":[],"description":"Grants permission to list compliance status for specified resource types on a specified resource","accessLevel":"List","resourceTypes":[]},"ListComplianceSummaries":{"conditionKeys":[],"resources":[],"description":"Grants permission to list a summary count of compliant and noncompliant resources for a specified compliance type","accessLevel":"List","resourceTypes":[]},"ListDocumentMetadataHistory":{"conditionKeys":["ssm:DocumentType"],"resources":[{"name":"document"}],"description":"Grants permission to view metadata history about a specified SSM document","accessLevel":"List","resourceTypes":[{"name":"document","required":true}]},"ListDocumentVersions":{"conditionKeys":["ssm:DocumentType"],"resources":[{"name":"document"}],"description":"Grants permission to list all versions of a specified document","accessLevel":"List","resourceTypes":[{"name":"document","required":true}]},"ListDocuments":{"conditionKeys":[],"resources":[],"description":"Grants permission to view information about a specified SSM document","accessLevel":"List","resourceTypes":[]},"ListInstanceAssociations":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to SSM Agent to check for new State Manager associations (internal Systems Manager call)","accessLevel":"List","resourceTypes":[{"name":"instance","required":false},{"name":"managed-instance","required":false}]},"ListInventoryEntries":{"conditionKeys":[],"resources":[],"description":"Grants permission to view a list of specified inventory types for a specified instance","accessLevel":"List","resourceTypes":[]},"ListNodes":{"conditionKeys":[],"resources":[{"name":"resourcedatasync"}],"description":"Grants permission to view details about managed nodes based on specified filters","accessLevel":"List","resourceTypes":[{"name":"resourcedatasync","required":true}]},"ListNodesSummary":{"conditionKeys":[],"resources":[{"name":"resourcedatasync"}],"description":"Grants permission to view summary information about managed nodes based on specified filters and aggregators","accessLevel":"List","resourceTypes":[{"name":"resourcedatasync","required":true}]},"ListOpsItemEvents":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about OpsItemEvents","accessLevel":"List","resourceTypes":[]},"ListOpsItemRelatedItems":{"conditionKeys":[],"resources":[],"description":"Grants permission to view details about OpsItem RelatedItems","accessLevel":"List","resourceTypes":[]},"ListOpsMetadata":{"conditionKeys":[],"resources":[],"description":"Grants permission to view a list of OpsMetadata objects","accessLevel":"List","resourceTypes":[]},"ListResourceComplianceSummaries":{"conditionKeys":[],"resources":[],"description":"Grants permission to list resource-level summary count","accessLevel":"List","resourceTypes":[]},"ListResourceDataSync":{"conditionKeys":["ssm:SyncType"],"resources":[],"description":"Grants permission to list information about resource data sync configurations in an account","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"association"},{"name":"automation-execution"},{"name":"document"},{"name":"maintenancewindow"},{"name":"managed-instance"},{"name":"opsitem"},{"name":"opsmetadata"},{"name":"parameter"},{"name":"patchbaseline"}],"description":"Grants permission to view a list of resource tags for a specified resource","accessLevel":"List","resourceTypes":[{"name":"association","required":false},{"name":"automation-execution","required":false},{"name":"document","required":false},{"name":"maintenancewindow","required":false},{"name":"managed-instance","required":false},{"name":"opsitem","required":false},{"name":"opsmetadata","required":false},{"name":"parameter","required":false},{"name":"patchbaseline","required":false}]},"ModifyDocumentPermission":{"conditionKeys":["ssm:DocumentType"],"resources":[{"name":"document"}],"description":"Grants permission to share a custom SSM document publicly or privately with specified AWS accounts","accessLevel":"Permissions management","resourceTypes":[{"name":"document","required":true}]},"PutCalendar":{"conditionKeys":[],"resources":[{"name":"document"}],"description":"Grants permission to create/edit a specific calendar","accessLevel":"Write","resourceTypes":[{"name":"document","required":true}],"permissionOnly":true},"PutComplianceItems":{"conditionKeys":["ec2:SourceInstanceARN","ssm:SourceInstanceARN"],"resources":[{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to register a compliance type and other compliance details on a specified resource","accessLevel":"Write","resourceTypes":[{"name":"instance","required":false},{"name":"managed-instance","required":false}]},"PutConfigurePackageResult":{"conditionKeys":[],"resources":[],"description":"Grants permission to SSM Agent to generate a report of the results of specific agent requests (internal Systems Manager call)","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"PutInventory":{"conditionKeys":["ssm:InventoryTypeName"],"resources":[],"description":"Grants permission to add or update inventory items on multiple specified managed instances","accessLevel":"Write","resourceTypes":[]},"PutParameter":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","ssm:Overwrite","ssm:Policies"],"resources":[{"name":"parameter"}],"description":"Grants permission to create an SSM parameter","accessLevel":"Write","resourceTypes":[{"name":"parameter","required":true}]},"PutResourcePolicy":{"conditionKeys":[],"resources":[{"name":"document"},{"name":"opsitemgroup"},{"name":"parameter"}],"description":"Grants permission to create or update a Systems Manager resource policy","accessLevel":"Permissions management","resourceTypes":[{"name":"document","required":false},{"name":"opsitemgroup","required":false},{"name":"parameter","required":false}]},"RegisterDefaultPatchBaseline":{"conditionKeys":[],"resources":[{"name":"patchbaseline"}],"description":"Grants permission to specify the default patch baseline for an operating system type","accessLevel":"Write","resourceTypes":[{"name":"patchbaseline","required":true}]},"RegisterManagedInstance":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to register a Systems Manager Agent","accessLevel":"Write","resourceTypes":[]},"RegisterPatchBaselineForPatchGroup":{"conditionKeys":[],"resources":[{"name":"patchbaseline"}],"description":"Grants permission to specify the default patch baseline for a specified patch group","accessLevel":"Write","resourceTypes":[{"name":"patchbaseline","required":true}]},"RegisterTargetWithMaintenanceWindow":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"}],"description":"Grants permission to register a target with a specified maintenance window","accessLevel":"Write","resourceTypes":[{"name":"maintenancewindow","required":true}]},"RegisterTaskWithMaintenanceWindow":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"}],"description":"Grants permission to register a task with a specified maintenance window","accessLevel":"Write","resourceTypes":[{"name":"maintenancewindow","required":true}]},"RemoveTagsFromResource":{"conditionKeys":["aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"association"},{"name":"automation-execution"},{"name":"document"},{"name":"instance"},{"name":"maintenancewindow"},{"name":"managed-instance"},{"name":"opsitem"},{"name":"opsmetadata"},{"name":"parameter"},{"name":"patchbaseline"},{"name":"task"}],"description":"Grants permission to remove a specified tag key from a specified resource","accessLevel":"Tagging","resourceTypes":[{"name":"association","required":false},{"name":"automation-execution","required":false},{"name":"document","required":false},{"name":"instance","required":false},{"name":"maintenancewindow","required":false},{"name":"managed-instance","required":false},{"name":"opsitem","required":false},{"name":"opsmetadata","required":false},{"name":"parameter","required":false},{"name":"patchbaseline","required":false},{"name":"task","required":false}]},"ResetServiceSetting":{"conditionKeys":[],"resources":[{"name":"servicesetting"}],"description":"Grants permission to reset the service setting for an AWS account to the default value","accessLevel":"Write","resourceTypes":[{"name":"servicesetting","required":true}]},"ResumeSession":{"conditionKeys":["ssm:resourceTag/aws:ssmmessages:session-id","ssm:resourceTag/aws:ssmmessages:target-id"],"resources":[{"name":"session"}],"description":"Grants permission to reconnect a Session Manager session to a managed instance","accessLevel":"Write","resourceTypes":[{"name":"session","required":true}]},"SendAutomationSignal":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"automation-execution"}],"description":"Grants permission to send a signal to change the current behavior or status of a specified Automation execution","accessLevel":"Write","resourceTypes":[{"name":"automation-execution","required":true}]},"SendCommand":{"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:resourceTag/${TagKey}"],"resources":[{"name":"bucket"},{"name":"document"},{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to run commands on one or more specified managed instances","accessLevel":"Write","resourceTypes":[{"name":"document","required":true},{"name":"bucket","required":false},{"name":"instance","required":false},{"name":"managed-instance","required":false}]},"StartAccessRequest":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to start the workflow for just-in-time node access sessions","accessLevel":"Write","resourceTypes":[{"name":"instance","required":false},{"name":"managed-instance","required":false}]},"StartAssociationsOnce":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"association"}],"description":"Grants permission to run a specified association manually","accessLevel":"Write","resourceTypes":[{"name":"association","required":true}]},"StartAutomationExecution":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ssm:DocumentVersion"],"resources":[{"name":"automation-definition"},{"name":"automation-execution"},{"name":"document"}],"description":"Grants permission to initiate the execution of an Automation document","accessLevel":"Write","resourceTypes":[{"name":"automation-execution","required":true},{"name":"document","required":true},{"name":"automation-definition","required":false}]},"StartChangeRequestExecution":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ssm:AutoApprove","ssm:DocumentVersion"],"resources":[{"name":"automation-definition"},{"name":"automation-execution"},{"name":"document"}],"description":"Grants permission to initiate the execution of an Automation Change Template document","accessLevel":"Write","resourceTypes":[{"name":"automation-execution","required":true},{"name":"document","required":true},{"name":"automation-definition","required":false}]},"StartExecutionPreview":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a preview showing the effects that running a specified Automation runbook would have on the targeted resources","accessLevel":"Read","resourceTypes":[]},"StartSession":{"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:AccessRequestId","ssm:SessionDocumentAccessCheck","ssm:resourceTag/${TagKey}"],"resources":[{"name":"document"},{"name":"instance"},{"name":"managed-instance"},{"name":"task"}],"description":"Grants permission to initiate a connection to a specified target for a Session Manager session","accessLevel":"Write","resourceTypes":[{"name":"document","required":false},{"name":"instance","required":false},{"name":"managed-instance","required":false},{"name":"task","required":false}]},"StopAutomationExecution":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"automation-execution"}],"description":"Grants permission to stop a specified Automation execution that is already in progress","accessLevel":"Write","resourceTypes":[{"name":"automation-execution","required":true}]},"TerminateSession":{"conditionKeys":["ssm:resourceTag/aws:ssmmessages:session-id","ssm:resourceTag/aws:ssmmessages:target-id"],"resources":[{"name":"session"}],"description":"Grants permission to permanently end a Session Manager connection to an instance","accessLevel":"Write","resourceTypes":[{"name":"session","required":true}]},"UnlabelParameterVersion":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"parameter"}],"description":"Grants permission to remove an identifying label from a specified version of a parameter","accessLevel":"Write","resourceTypes":[{"name":"parameter","required":true}]},"UpdateAssociation":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"association"},{"name":"document"},{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to update an association and immediately run the association on the specified targets","accessLevel":"Write","resourceTypes":[{"name":"association","required":true},{"name":"document","required":false},{"name":"instance","required":false},{"name":"managed-instance","required":false}]},"UpdateAssociationStatus":{"conditionKeys":["aws:ResourceTag/${TagKey}","ec2:SourceInstanceARN","ssm:SourceInstanceARN"],"resources":[{"name":"document"},{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to update the status of the SSM document associated with a specified instance","accessLevel":"Write","resourceTypes":[{"name":"document","required":true},{"name":"instance","required":false},{"name":"managed-instance","required":false}]},"UpdateDocument":{"conditionKeys":["ssm:DocumentType"],"resources":[{"name":"document"}],"description":"Grants permission to update one or more values for an SSM document","accessLevel":"Write","resourceTypes":[{"name":"document","required":true}]},"UpdateDocumentDefaultVersion":{"conditionKeys":["ssm:DocumentType"],"resources":[{"name":"document"}],"description":"Grants permission to change the default version of an SSM document","accessLevel":"Write","resourceTypes":[{"name":"document","required":true}]},"UpdateDocumentMetadata":{"conditionKeys":["ssm:DocumentType"],"resources":[{"name":"document"}],"description":"Grants permission to update the metadata of an SSM document","accessLevel":"Write","resourceTypes":[{"name":"document","required":true}]},"UpdateInstanceAssociationStatus":{"conditionKeys":["aws:ResourceTag/${TagKey}","ec2:SourceInstanceARN","ssm:SourceInstanceARN"],"resources":[{"name":"association"},{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to SSM Agent to update the status of the association that it is currently running (internal Systems Manager call)","accessLevel":"Write","resourceTypes":[{"name":"association","required":true},{"name":"instance","required":false},{"name":"managed-instance","required":false}],"permissionOnly":true},"UpdateInstanceInformation":{"conditionKeys":["ec2:SourceInstanceARN","ssm:SourceInstanceARN"],"resources":[{"name":"instance"},{"name":"managed-instance"}],"description":"Grants permission to SSM Agent to send a heartbeat signal to the Systems Manager service in the cloud","accessLevel":"Write","resourceTypes":[{"name":"instance","required":false},{"name":"managed-instance","required":false}]},"UpdateMaintenanceWindow":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"}],"description":"Grants permission to update a specified maintenance window","accessLevel":"Write","resourceTypes":[{"name":"maintenancewindow","required":true}]},"UpdateMaintenanceWindowTarget":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"},{"name":"windowtarget"}],"description":"Grants permission to update a specified maintenance window target","accessLevel":"Write","resourceTypes":[{"name":"maintenancewindow","required":true},{"name":"windowtarget","required":true}]},"UpdateMaintenanceWindowTask":{"conditionKeys":[],"resources":[{"name":"maintenancewindow"},{"name":"windowtask"}],"description":"Grants permission to update a specified maintenance window task","accessLevel":"Write","resourceTypes":[{"name":"maintenancewindow","required":true},{"name":"windowtask","required":true}]},"UpdateManagedInstanceRole":{"conditionKeys":["ssm:resourceTag/tag-key"],"resources":[{"name":"iam-role"},{"name":"managed-instance"}],"description":"Grants permission to assign or change the IAM role assigned to a specified managed instance","accessLevel":"Write","resourceTypes":[{"name":"iam-role","required":true},{"name":"managed-instance","required":true}]},"UpdateOpsItem":{"conditionKeys":[],"resources":[{"name":"opsitem"}],"description":"Grants permission to edit or change an OpsItem","accessLevel":"Write","resourceTypes":[{"name":"opsitem","required":true}]},"UpdateOpsMetadata":{"conditionKeys":[],"resources":[{"name":"opsmetadata"}],"description":"Grants permission to update an OpsMetadata object","accessLevel":"Write","resourceTypes":[{"name":"opsmetadata","required":true}]},"UpdatePatchBaseline":{"conditionKeys":[],"resources":[{"name":"patchbaseline"}],"description":"Grants permission to update a specified patch baseline","accessLevel":"Write","resourceTypes":[{"name":"patchbaseline","required":true}]},"UpdateResourceDataSync":{"conditionKeys":["ssm:SyncType"],"resources":[{"name":"resourcedatasync"}],"description":"Grants permission to update a resource data sync","accessLevel":"Write","resourceTypes":[{"name":"resourcedatasync","required":true}]},"UpdateServiceSetting":{"conditionKeys":[],"resources":[{"name":"servicesetting"}],"description":"Grants permission to update the service setting for an AWS account","accessLevel":"Write","resourceTypes":[{"name":"servicesetting","required":true}]}},"resources":[{"name":"association","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:association/${AssociationId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"automation-definition","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:automation-definition/${AutomationDefinitionName}:${VersionId}"],"conditionKeys":["ssm:DocumentType"]},{"name":"automation-execution","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:automation-execution/${AutomationExecutionId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:resourceTag/tag-key"]},{"name":"bucket","arnFormats":["arn:${Partition}:s3:::${BucketName}"],"conditionKeys":[]},{"name":"document","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:document/${DocumentName}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:DocumentCategories","ssm:DocumentType","ssm:resourceTag/${TagKey}"]},{"name":"iam-role","arnFormats":["arn:${Partition}:iam::${Account}:role/${RoleName}"],"conditionKeys":[]},{"name":"instance","arnFormats":["arn:${Partition}:ec2:${Region}:${Account}:instance/${InstanceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:resourceTag/${TagKey}"]},{"name":"maintenancewindow","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:maintenancewindow/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:resourceTag/tag-key"]},{"name":"managed-instance","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:managed-instance/${InstanceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:resourceTag/tag-key"]},{"name":"managed-instance-inventory","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:managed-instance-inventory/${InstanceId}"],"conditionKeys":[]},{"name":"opsitem","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:opsitem/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"opsitemgroup","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:opsitemgroup/default"],"conditionKeys":[]},{"name":"opsmetadata","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:opsmetadata/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:resourceTag/${TagKey}"]},{"name":"parameter","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:parameter/${ParameterNameWithoutLeadingSlash}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:resourceTag/tag-key"]},{"name":"patchbaseline","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:patchbaseline/${PatchBaselineIdResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:resourceTag/tag-key"]},{"name":"resourcedatasync","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:resource-data-sync/${SyncName}"],"conditionKeys":[]},{"name":"servicesetting","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:servicesetting/${ResourceId}"],"conditionKeys":[]},{"name":"session","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:session/${SessionId}"],"conditionKeys":["ssm:resourceTag/aws:ssmmessages:session-id","ssm:resourceTag/aws:ssmmessages:target-id"]},{"name":"task","arnFormats":["arn:${Partition}:ecs:${Region}:${Account}:task/${TaskId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"windowtarget","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:windowtarget/${WindowTargetId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:resourceTag/tag-key"]},{"name":"windowtask","arnFormats":["arn:${Partition}:ssm:${Region}:${Account}:windowtask/${WindowTaskId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","ssm:resourceTag/tag-key"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by 'Create' requests based on the allowed set of values for a specified tags"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by based on a tag key-value pair assigned to the AWS resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by 'Create' requests based on whether mandatory tags are included in the request"},"ec2:SourceInstanceARN":{"types":["ARN"],"description":"Filters access by the ARN of the instance from which the request originated"},"ssm:AccessRequestId":{"types":["String"],"description":"Filters access by verifying that a user has access to the access request ID specified in the request"},"ssm:AutoApprove":{"types":["Bool"],"description":"Filters access by verifying that a user has permission to start Change Manager workflows without a review step (with the exception of change freeze events)"},"ssm:DocumentCategories":{"types":["ArrayOfString"],"description":"Filters access by verifying that a user has permission to access a document belonging to a specific category enum"},"ssm:DocumentType":{"types":["String"],"description":"Filters access by verifying that a user has permission to access a document belonging to a specific document type. Only available in \"aws\", \"aws-cn\", and \"aws-us-gov\" partitions"},"ssm:DocumentVersion":{"types":["ArrayOfString"],"description":"Filters access by verifying that a user has permission to access a specific version of a document"},"ssm:InventoryTypeName":{"types":["ArrayOfString"],"description":"Filters access by verifying that a user also has access to the InventoryType specified in the request"},"ssm:Overwrite":{"types":["String"],"description":"Filters access by controling whether Systems Manager parameters can be overwritten"},"ssm:Policies":{"types":["String"],"description":"Filters access by controlling whether an IAM Entity (user or role) can create or update a parameter that includes a parameter policy"},"ssm:Recursive":{"types":["String"],"description":"Filters access by Systems Manager parameters created in a hierarchical structure"},"ssm:SessionDocumentAccessCheck":{"types":["Bool"],"description":"Filters access by verifying that a user has permission to access either the default Session Manager configuration document or the custom configuration document specified in a request"},"ssm:SourceInstanceARN":{"types":["ARN"],"description":"Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile"},"ssm:SyncType":{"types":["String"],"description":"Filters access by verifying that a user also has access to the ResourceDataSync SyncType specified in the request"},"ssm:resourceTag/${TagKey}":{"types":["String"],"description":"Filters access by a tag key-value pair assigned to the Systems Manager resource"},"ssm:resourceTag/aws:ssmmessages:session-id":{"types":["String"],"description":"Filters access by based on a tag key-value pair assigned to the Systems Manager session resource"},"ssm:resourceTag/aws:ssmmessages:target-id":{"types":["String"],"description":"Filters access by based on a tag key-value pair assigned to the Systems Manager session resource"},"ssm:resourceTag/tag-key":{"types":["String"],"description":"Filters access by based on a tag key-value pair assigned to the Systems Manager resource"}}}

package/src/data/servicereference/services/ssmmessages.json

@@ -0,0 +1 @@
+{"name":"ssmmessages","actions":{"CreateControlChannel":{"conditionKeys":["ec2:SourceInstanceARN","ssm:SourceInstanceARN"],"resources":[],"description":"Grants permission to register a control channel for an instance to send control messages to Systems Manager service","accessLevel":"Write","resourceTypes":[]},"CreateDataChannel":{"conditionKeys":[],"resources":[],"description":"Grants permission to register a data channel for an instance to send data messages to Systems Manager service","accessLevel":"Write","resourceTypes":[]},"OpenControlChannel":{"conditionKeys":[],"resources":[],"description":"Grants permission to open a websocket connection for a registered control channel stream from an instance to Systems Manager service","accessLevel":"Write","resourceTypes":[]},"OpenDataChannel":{"conditionKeys":[],"resources":[],"description":"Grants permission to open a websocket connection for a registered data channel stream from an instance to Systems Manager service","accessLevel":"Write","resourceTypes":[]}},"resources":[],"conditionKeys":{"ec2:SourceInstanceARN":{"types":["ARN"],"description":"Filters access by the ARN of the instance from which the request originated"},"ssm:SourceInstanceARN":{"types":["ARN"],"description":"Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile"}}}

package/src/data/servicereference/services/sso-directory.json

@@ -0,0 +1 @@
+{"name":"sso-directory","actions":{"AddMemberToGroup":{"conditionKeys":[],"resources":[],"description":"Grants permission to add a member to a group in the directory that AWS IAM Identity Center provides by default","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"CompleteVirtualMfaDeviceRegistration":{"conditionKeys":[],"resources":[],"description":"Grants permission to complete the creation process of a virtual MFA device","accessLevel":"Write","resourceTypes":[]},"CompleteWebAuthnDeviceRegistration":{"conditionKeys":[],"resources":[],"description":"Grants permission to complete the registration process of a WebAuthn device","accessLevel":"Write","resourceTypes":[]},"CreateAlias":{"conditionKeys":[],"resources":[],"description":"Grants permission to create an alias for the directory that AWS IAM Identity Center provides by default","accessLevel":"Write","resourceTypes":[]},"CreateBearerToken":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a bearer token for a given provisioning tenant","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"CreateExternalIdPConfigurationForDirectory":{"conditionKeys":[],"resources":[],"description":"Grants permission to create an External Identity Provider configuration for the directory","accessLevel":"Write","resourceTypes":[]},"CreateGroup":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a group in the directory that AWS IAM Identity Center provides by default","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"CreateProvisioningTenant":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a provisioning tenant for a given directory","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"CreateUser":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a user in the directory that AWS IAM Identity Center provides by default","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"DeleteBearerToken":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a bearer token","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"DeleteExternalIdPCertificate":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete the given external IdP certificate","accessLevel":"Write","resourceTypes":[]},"DeleteExternalIdPConfigurationForDirectory":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete an External Identity Provider configuration associated with the directory","accessLevel":"Write","resourceTypes":[]},"DeleteGroup":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a group from the directory that AWS IAM Identity Center provides by default","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"DeleteMfaDeviceForUser":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a MFA device by device name for a given user","accessLevel":"Write","resourceTypes":[]},"DeleteProvisioningTenant":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete the provisioning tenant","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"DeleteUser":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a user from the directory that AWS IAM Identity Center provides by default","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"DescribeDirectory":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about the directory that AWS IAM Identity Center provides by default","accessLevel":"Read","resourceTypes":[]},"DescribeGroup":{"conditionKeys":[],"resources":[],"description":"Grants permission to query the group data, not including user and group members","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"DescribeGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about groups from the directory that AWS IAM Identity Center provides by default","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"DescribeProvisioningTenant":{"conditionKeys":[],"resources":[],"description":"Grants permission to describes the provisioning tenant","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"DescribeUser":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about a user from the directory that AWS IAM Identity Center provides by default","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"DescribeUserByUniqueAttribute":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe user with a valid unique attribute represented for the user","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"DescribeUsers":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve information about user from the directory that AWS IAM Identity Center provides by default","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"DisableExternalIdPConfigurationForDirectory":{"conditionKeys":[],"resources":[],"description":"Grants permission to disable authentication of end users with an External Identity Provider","accessLevel":"Write","resourceTypes":[]},"DisableUser":{"conditionKeys":[],"resources":[],"description":"Grants permission to deactivate a user in the directory that AWS IAM Identity Center provides by default","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"EnableExternalIdPConfigurationForDirectory":{"conditionKeys":[],"resources":[],"description":"Grants permission to enable authentication of end users with an External Identity Provider","accessLevel":"Write","resourceTypes":[]},"EnableUser":{"conditionKeys":[],"resources":[],"description":"Grants permission to activate user in the directory that AWS IAM Identity Center provides by default","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"GetAWSSPConfigurationForDirectory":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve the AWS IAM Identity Center Service Provider configurations for the directory","accessLevel":"Read","resourceTypes":[]},"GetGroupId":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve ID information about group from the directory that AWS IAM Identity Center provides by default","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"GetUserId":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve ID information about user from the directory that AWS IAM Identity Center provides by default","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"GetUserPoolInfo":{"conditionKeys":[],"resources":[],"description":"(Deprecated) Grants permission to get UserPool Info","accessLevel":"Read","resourceTypes":[]},"ImportExternalIdPCertificate":{"conditionKeys":[],"resources":[],"description":"Grants permission to import the IdP certificate used for verifying external IdP responses","accessLevel":"Write","resourceTypes":[]},"IsMemberInGroup":{"conditionKeys":[],"resources":[],"description":"Grants permission to check if a member is a part of the group in the directory that AWS IAM Identity Center provides by default","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"IsMemberInGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to check if a member is a part of multiple groups in the directory that AWS IAM Identity Center provides by default","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"ListBearerTokens":{"conditionKeys":[],"resources":[],"description":"Grants permission to list bearer tokens for a given provisioning tenant","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"ListExternalIdPCertificates":{"conditionKeys":[],"resources":[],"description":"Grants permission to list the external IdP certificates of a given directory and IdP","accessLevel":"Read","resourceTypes":[]},"ListExternalIdPConfigurationsForDirectory":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all the External Identity Provider configurations created for the directory","accessLevel":"Read","resourceTypes":[]},"ListGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to list groups from the directory that AWS IAM Identity Center provides by default","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"ListGroupsForMember":{"conditionKeys":[],"resources":[],"description":"Grants permission to list groups of the target member","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"ListGroupsForUser":{"conditionKeys":[],"resources":[],"description":"Grants permission to list groups for a user from the directory that AWS IAM Identity Center provides by default","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"ListMembersInGroup":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve all members that are part of a group in the directory that AWS IAM Identity Center provides by default","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"ListMfaDevicesForUser":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all active MFA devices and their MFA device metadata for a user","accessLevel":"Read","resourceTypes":[]},"ListProvisioningTenants":{"conditionKeys":[],"resources":[],"description":"Grants permission to list provisioning tenants for a given directory","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"ListUsers":{"conditionKeys":[],"resources":[],"description":"Grants permission to list users from the directory that AWS IAM Identity Center provides by default","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"RemoveMemberFromGroup":{"conditionKeys":[],"resources":[],"description":"Grants permission to remove a member that is part of a group in the directory that AWS IAM Identity Center provides by default","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"SearchGroups":{"conditionKeys":[],"resources":[],"description":"Grants permission to search for groups within the associated directory","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"SearchUsers":{"conditionKeys":[],"resources":[],"description":"Grants permission to search for users within the associated directory","accessLevel":"Read","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"StartVirtualMfaDeviceRegistration":{"conditionKeys":[],"resources":[],"description":"Grants permission to begin the creation process of virtual mfa device","accessLevel":"Write","resourceTypes":[]},"StartWebAuthnDeviceRegistration":{"conditionKeys":[],"resources":[],"description":"Grants permission to begin the registration process of a WebAuthn device","accessLevel":"Write","resourceTypes":[]},"UpdateExternalIdPConfigurationForDirectory":{"conditionKeys":[],"resources":[],"description":"Grants permission to update an External Identity Provider configuration associated with the directory","accessLevel":"Write","resourceTypes":[]},"UpdateGroup":{"conditionKeys":[],"resources":[],"description":"Grants permission to update information about a group in the directory that AWS IAM Identity Center provides by default","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"UpdateGroupDisplayName":{"conditionKeys":[],"resources":[],"description":"Grants permission to update group display name update group display name response","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"UpdateMfaDeviceForUser":{"conditionKeys":[],"resources":[],"description":"Grants permission to update MFA device information","accessLevel":"Write","resourceTypes":[]},"UpdatePassword":{"conditionKeys":[],"resources":[],"description":"Grants permission to update a password by sending password reset link via email or generating one time password for a user in the directory that AWS IAM Identity Center provides by default","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"UpdateUser":{"conditionKeys":[],"resources":[],"description":"Grants permission to update user information in the directory that AWS IAM Identity Center provides by default","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"UpdateUserName":{"conditionKeys":[],"resources":[],"description":"Grants permission to update user name update user name response","accessLevel":"Write","resourceTypes":[],"dependentActions":["kms:Decrypt"]},"VerifyEmail":{"conditionKeys":[],"resources":[],"description":"Grants permission to verify an email address of an User","accessLevel":"Write","resourceTypes":[]}},"resources":[],"conditionKeys":{}}

package/src/data/servicereference/services/sso-oauth.json

@@ -0,0 +1 @@
+{"name":"sso-oauth","actions":{"CreateTokenWithIAM":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to create and return OAuth 2.0 access tokens and refresh tokens for authorized client applications. These tokens might contain defined scopes that specify permissions such as `read:profile` or `write:data`","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}],"dependentActions":["kms:Decrypt"]},"IntrospectTokenWithIAM":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to validate and retrieve information about active OAuth 2.0 access tokens and refresh tokens, including their associated scopes and permissions. This permission is used only by AWS managed applications and is not documented in the IAM Identity Center OIDC API Reference","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}],"dependentActions":["kms:Decrypt"],"permissionOnly":true},"RevokeTokenWithIAM":{"conditionKeys":[],"resources":[{"name":"Application"}],"description":"Grants permission to revoke OAuth 2.0 access tokens and refresh tokens, invalidating them before their normal expiration. This permission is used only by AWS managed applications and is not documented in the IAM Identity Center OIDC API Reference","accessLevel":"Write","resourceTypes":[{"name":"Application","required":true}],"dependentActions":["kms:Decrypt"],"permissionOnly":true}},"resources":[{"name":"Application","arnFormats":["arn:${Partition}:sso::${AccountId}:application/${InstanceId}/${ApplicationId}"],"conditionKeys":[]}],"conditionKeys":{}}