aws-iam-ls 0.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.direnv/bin/nix-direnv-reload +19 -0
- package/.direnv/flake-profile-a5d5b61aa8a61b7d9d765e1daf971a9a578f1cfa.rc +2156 -0
- package/.github/workflows/publish.yml +37 -0
- package/.github/workflows/test.yml +16 -0
- package/.vscodeignore +17 -0
- package/LICENSE +21 -0
- package/package.json +53 -0
- package/readme.md +25 -0
- package/src/data/condition-keys/global.json +362 -0
- package/src/data/servicereference/actions.json +1 -0
- package/src/data/servicereference/service-principals.json +1 -0
- package/src/data/servicereference/services/a2c.json +1 -0
- package/src/data/servicereference/services/a4b.json +1 -0
- package/src/data/servicereference/services/access-analyzer.json +1 -0
- package/src/data/servicereference/services/account.json +1 -0
- package/src/data/servicereference/services/acm-pca.json +1 -0
- package/src/data/servicereference/services/acm.json +1 -0
- package/src/data/servicereference/services/aco-automation.json +1 -0
- package/src/data/servicereference/services/action-recommendations.json +1 -0
- package/src/data/servicereference/services/activate.json +1 -0
- package/src/data/servicereference/services/aidevops.json +1 -0
- package/src/data/servicereference/services/aiops.json +1 -0
- package/src/data/servicereference/services/airflow-serverless.json +1 -0
- package/src/data/servicereference/services/airflow.json +1 -0
- package/src/data/servicereference/services/amplify.json +1 -0
- package/src/data/servicereference/services/amplifybackend.json +1 -0
- package/src/data/servicereference/services/amplifyuibuilder.json +1 -0
- package/src/data/servicereference/services/aoss.json +1 -0
- package/src/data/servicereference/services/apigateway.json +1 -0
- package/src/data/servicereference/services/app-integrations.json +1 -0
- package/src/data/servicereference/services/appconfig.json +1 -0
- package/src/data/servicereference/services/appfabric.json +1 -0
- package/src/data/servicereference/services/appflow.json +1 -0
- package/src/data/servicereference/services/application-autoscaling.json +1 -0
- package/src/data/servicereference/services/application-signals.json +1 -0
- package/src/data/servicereference/services/application-transformation.json +1 -0
- package/src/data/servicereference/services/applicationinsights.json +1 -0
- package/src/data/servicereference/services/appmesh-preview.json +1 -0
- package/src/data/servicereference/services/appmesh.json +1 -0
- package/src/data/servicereference/services/apprunner.json +1 -0
- package/src/data/servicereference/services/appstream.json +1 -0
- package/src/data/servicereference/services/appstudio.json +1 -0
- package/src/data/servicereference/services/appsync.json +1 -0
- package/src/data/servicereference/services/apptest.json +1 -0
- package/src/data/servicereference/services/aps.json +1 -0
- package/src/data/servicereference/services/arc-region-switch.json +1 -0
- package/src/data/servicereference/services/arc-zonal-shift.json +1 -0
- package/src/data/servicereference/services/arsenal.json +1 -0
- package/src/data/servicereference/services/artifact.json +1 -0
- package/src/data/servicereference/services/athena.json +1 -0
- package/src/data/servicereference/services/auditmanager.json +1 -0
- package/src/data/servicereference/services/autoscaling-plans.json +1 -0
- package/src/data/servicereference/services/autoscaling.json +1 -0
- package/src/data/servicereference/services/aws-marketplace-management.json +1 -0
- package/src/data/servicereference/services/aws-marketplace.json +1 -0
- package/src/data/servicereference/services/aws-mcp.json +1 -0
- package/src/data/servicereference/services/aws-portal.json +1 -0
- package/src/data/servicereference/services/awsconnector.json +1 -0
- package/src/data/servicereference/services/b2bi.json +1 -0
- package/src/data/servicereference/services/backup-gateway.json +1 -0
- package/src/data/servicereference/services/backup-search.json +1 -0
- package/src/data/servicereference/services/backup-storage.json +1 -0
- package/src/data/servicereference/services/backup.json +1 -0
- package/src/data/servicereference/services/batch.json +1 -0
- package/src/data/servicereference/services/bcm-dashboards.json +1 -0
- package/src/data/servicereference/services/bcm-data-exports.json +1 -0
- package/src/data/servicereference/services/bcm-pricing-calculator.json +1 -0
- package/src/data/servicereference/services/bcm-recommended-actions.json +1 -0
- package/src/data/servicereference/services/bedrock-agentcore.json +1 -0
- package/src/data/servicereference/services/bedrock-mantle.json +1 -0
- package/src/data/servicereference/services/bedrock.json +1 -0
- package/src/data/servicereference/services/billing.json +1 -0
- package/src/data/servicereference/services/billingconductor.json +1 -0
- package/src/data/servicereference/services/braket.json +1 -0
- package/src/data/servicereference/services/budgets.json +1 -0
- package/src/data/servicereference/services/bugbust.json +1 -0
- package/src/data/servicereference/services/cases.json +1 -0
- package/src/data/servicereference/services/cassandra.json +1 -0
- package/src/data/servicereference/services/ce.json +1 -0
- package/src/data/servicereference/services/chatbot.json +1 -0
- package/src/data/servicereference/services/chime.json +1 -0
- package/src/data/servicereference/services/cleanrooms-ml.json +1 -0
- package/src/data/servicereference/services/cleanrooms.json +1 -0
- package/src/data/servicereference/services/cloud9.json +1 -0
- package/src/data/servicereference/services/clouddirectory.json +1 -0
- package/src/data/servicereference/services/cloudformation.json +1 -0
- package/src/data/servicereference/services/cloudfront-keyvaluestore.json +1 -0
- package/src/data/servicereference/services/cloudfront.json +1 -0
- package/src/data/servicereference/services/cloudhsm.json +1 -0
- package/src/data/servicereference/services/cloudsearch.json +1 -0
- package/src/data/servicereference/services/cloudshell.json +1 -0
- package/src/data/servicereference/services/cloudtrail-data.json +1 -0
- package/src/data/servicereference/services/cloudtrail.json +1 -0
- package/src/data/servicereference/services/cloudwatch.json +1 -0
- package/src/data/servicereference/services/codeartifact.json +1 -0
- package/src/data/servicereference/services/codebuild.json +1 -0
- package/src/data/servicereference/services/codecatalyst.json +1 -0
- package/src/data/servicereference/services/codecommit.json +1 -0
- package/src/data/servicereference/services/codeconnections.json +1 -0
- package/src/data/servicereference/services/codedeploy-commands-secure.json +1 -0
- package/src/data/servicereference/services/codedeploy.json +1 -0
- package/src/data/servicereference/services/codeguru-profiler.json +1 -0
- package/src/data/servicereference/services/codeguru-reviewer.json +1 -0
- package/src/data/servicereference/services/codeguru-security.json +1 -0
- package/src/data/servicereference/services/codeguru.json +1 -0
- package/src/data/servicereference/services/codepipeline.json +1 -0
- package/src/data/servicereference/services/codestar-connections.json +1 -0
- package/src/data/servicereference/services/codestar-notifications.json +1 -0
- package/src/data/servicereference/services/codestar.json +1 -0
- package/src/data/servicereference/services/codewhisperer.json +1 -0
- package/src/data/servicereference/services/cognito-identity.json +1 -0
- package/src/data/servicereference/services/cognito-idp.json +1 -0
- package/src/data/servicereference/services/cognito-sync.json +1 -0
- package/src/data/servicereference/services/comprehend.json +1 -0
- package/src/data/servicereference/services/comprehendmedical.json +1 -0
- package/src/data/servicereference/services/compute-optimizer.json +1 -0
- package/src/data/servicereference/services/config.json +1 -0
- package/src/data/servicereference/services/connect-campaigns.json +1 -0
- package/src/data/servicereference/services/connect.json +1 -0
- package/src/data/servicereference/services/consoleapp.json +1 -0
- package/src/data/servicereference/services/consolidatedbilling.json +1 -0
- package/src/data/servicereference/services/controlcatalog.json +1 -0
- package/src/data/servicereference/services/controltower.json +1 -0
- package/src/data/servicereference/services/cost-optimization-hub.json +1 -0
- package/src/data/servicereference/services/cur.json +1 -0
- package/src/data/servicereference/services/customer-verification.json +1 -0
- package/src/data/servicereference/services/databrew.json +1 -0
- package/src/data/servicereference/services/dataexchange.json +1 -0
- package/src/data/servicereference/services/datapipeline.json +1 -0
- package/src/data/servicereference/services/datasync.json +1 -0
- package/src/data/servicereference/services/datazone.json +1 -0
- package/src/data/servicereference/services/dax.json +1 -0
- package/src/data/servicereference/services/dbqms.json +1 -0
- package/src/data/servicereference/services/deadline.json +1 -0
- package/src/data/servicereference/services/detective.json +1 -0
- package/src/data/servicereference/services/devicefarm.json +1 -0
- package/src/data/servicereference/services/devops-guru.json +1 -0
- package/src/data/servicereference/services/directconnect.json +1 -0
- package/src/data/servicereference/services/discovery.json +1 -0
- package/src/data/servicereference/services/dlm.json +1 -0
- package/src/data/servicereference/services/dms.json +1 -0
- package/src/data/servicereference/services/docdb-elastic.json +1 -0
- package/src/data/servicereference/services/drs.json +1 -0
- package/src/data/servicereference/services/ds-data.json +1 -0
- package/src/data/servicereference/services/ds.json +1 -0
- package/src/data/servicereference/services/dsql.json +1 -0
- package/src/data/servicereference/services/dynamodb.json +1 -0
- package/src/data/servicereference/services/ebs.json +1 -0
- package/src/data/servicereference/services/ec2-instance-connect.json +1 -0
- package/src/data/servicereference/services/ec2.json +1 -0
- package/src/data/servicereference/services/ec2messages.json +1 -0
- package/src/data/servicereference/services/ecr-public.json +1 -0
- package/src/data/servicereference/services/ecr.json +1 -0
- package/src/data/servicereference/services/ecs-mcp.json +1 -0
- package/src/data/servicereference/services/ecs.json +1 -0
- package/src/data/servicereference/services/eks-auth.json +1 -0
- package/src/data/servicereference/services/eks-mcp.json +1 -0
- package/src/data/servicereference/services/eks.json +1 -0
- package/src/data/servicereference/services/elasticache.json +1 -0
- package/src/data/servicereference/services/elasticbeanstalk.json +1 -0
- package/src/data/servicereference/services/elasticfilesystem.json +1 -0
- package/src/data/servicereference/services/elasticloadbalancing.json +1 -0
- package/src/data/servicereference/services/elasticmapreduce.json +1 -0
- package/src/data/servicereference/services/elastictranscoder.json +1 -0
- package/src/data/servicereference/services/elemental-activations.json +1 -0
- package/src/data/servicereference/services/elemental-appliances-software.json +1 -0
- package/src/data/servicereference/services/elemental-inference.json +1 -0
- package/src/data/servicereference/services/elemental-support-cases.json +1 -0
- package/src/data/servicereference/services/elemental-support-content.json +1 -0
- package/src/data/servicereference/services/emr-containers.json +1 -0
- package/src/data/servicereference/services/emr-serverless.json +1 -0
- package/src/data/servicereference/services/entityresolution.json +1 -0
- package/src/data/servicereference/services/es.json +1 -0
- package/src/data/servicereference/services/events.json +1 -0
- package/src/data/servicereference/services/evidently.json +1 -0
- package/src/data/servicereference/services/evs.json +1 -0
- package/src/data/servicereference/services/execute-api.json +1 -0
- package/src/data/servicereference/services/finspace-api.json +1 -0
- package/src/data/servicereference/services/finspace.json +1 -0
- package/src/data/servicereference/services/firehose.json +1 -0
- package/src/data/servicereference/services/fis.json +1 -0
- package/src/data/servicereference/services/fms.json +1 -0
- package/src/data/servicereference/services/forecast.json +1 -0
- package/src/data/servicereference/services/frauddetector.json +1 -0
- package/src/data/servicereference/services/freertos.json +1 -0
- package/src/data/servicereference/services/freetier.json +1 -0
- package/src/data/servicereference/services/fsx.json +1 -0
- package/src/data/servicereference/services/gamelift.json +1 -0
- package/src/data/servicereference/services/gameliftstreams.json +1 -0
- package/src/data/servicereference/services/geo-maps.json +1 -0
- package/src/data/servicereference/services/geo-places.json +1 -0
- package/src/data/servicereference/services/geo-routes.json +1 -0
- package/src/data/servicereference/services/geo.json +1 -0
- package/src/data/servicereference/services/glacier.json +1 -0
- package/src/data/servicereference/services/globalaccelerator.json +1 -0
- package/src/data/servicereference/services/glue.json +1 -0
- package/src/data/servicereference/services/grafana.json +1 -0
- package/src/data/servicereference/services/greengrass.json +1 -0
- package/src/data/servicereference/services/groundstation.json +1 -0
- package/src/data/servicereference/services/groundtruthlabeling.json +1 -0
- package/src/data/servicereference/services/guardduty.json +1 -0
- package/src/data/servicereference/services/health-agent.json +1 -0
- package/src/data/servicereference/services/health.json +1 -0
- package/src/data/servicereference/services/healthlake.json +1 -0
- package/src/data/servicereference/services/honeycode.json +1 -0
- package/src/data/servicereference/services/iam.json +1 -0
- package/src/data/servicereference/services/identity-sync.json +1 -0
- package/src/data/servicereference/services/identitystore-auth.json +1 -0
- package/src/data/servicereference/services/identitystore.json +1 -0
- package/src/data/servicereference/services/imagebuilder.json +1 -0
- package/src/data/servicereference/services/importexport.json +1 -0
- package/src/data/servicereference/services/inspector-scan.json +1 -0
- package/src/data/servicereference/services/inspector.json +1 -0
- package/src/data/servicereference/services/inspector2-telemetry.json +1 -0
- package/src/data/servicereference/services/inspector2.json +1 -0
- package/src/data/servicereference/services/interconnect.json +1 -0
- package/src/data/servicereference/services/internetmonitor.json +1 -0
- package/src/data/servicereference/services/invoicing.json +1 -0
- package/src/data/servicereference/services/iot-device-tester.json +1 -0
- package/src/data/servicereference/services/iot.json +1 -0
- package/src/data/servicereference/services/iotanalytics.json +1 -0
- package/src/data/servicereference/services/iotdeviceadvisor.json +1 -0
- package/src/data/servicereference/services/iotevents.json +1 -0
- package/src/data/servicereference/services/iotfleethub.json +1 -0
- package/src/data/servicereference/services/iotfleetwise.json +1 -0
- package/src/data/servicereference/services/iotjobsdata.json +1 -0
- package/src/data/servicereference/services/iotmanagedintegrations.json +1 -0
- package/src/data/servicereference/services/iotsitewise.json +1 -0
- package/src/data/servicereference/services/iottwinmaker.json +1 -0
- package/src/data/servicereference/services/iotwireless.json +1 -0
- package/src/data/servicereference/services/iq-permission.json +1 -0
- package/src/data/servicereference/services/iq.json +1 -0
- package/src/data/servicereference/services/ivs.json +1 -0
- package/src/data/servicereference/services/ivschat.json +1 -0
- package/src/data/servicereference/services/kafka-cluster.json +1 -0
- package/src/data/servicereference/services/kafka.json +1 -0
- package/src/data/servicereference/services/kafkaconnect.json +1 -0
- package/src/data/servicereference/services/kendra-ranking.json +1 -0
- package/src/data/servicereference/services/kendra.json +1 -0
- package/src/data/servicereference/services/kinesis.json +1 -0
- package/src/data/servicereference/services/kinesisanalytics.json +1 -0
- package/src/data/servicereference/services/kinesisvideo.json +1 -0
- package/src/data/servicereference/services/kms.json +1 -0
- package/src/data/servicereference/services/lakeformation.json +1 -0
- package/src/data/servicereference/services/lambda.json +1 -0
- package/src/data/servicereference/services/launchwizard.json +1 -0
- package/src/data/servicereference/services/lex.json +1 -0
- package/src/data/servicereference/services/license-manager-linux-subscriptions.json +1 -0
- package/src/data/servicereference/services/license-manager-user-subscriptions.json +1 -0
- package/src/data/servicereference/services/license-manager.json +1 -0
- package/src/data/servicereference/services/lightsail.json +1 -0
- package/src/data/servicereference/services/logs.json +1 -0
- package/src/data/servicereference/services/lookoutequipment.json +1 -0
- package/src/data/servicereference/services/lookoutmetrics.json +1 -0
- package/src/data/servicereference/services/lookoutvision.json +1 -0
- package/src/data/servicereference/services/m2.json +1 -0
- package/src/data/servicereference/services/machinelearning.json +1 -0
- package/src/data/servicereference/services/macie2.json +1 -0
- package/src/data/servicereference/services/managedblockchain-query.json +1 -0
- package/src/data/servicereference/services/managedblockchain.json +1 -0
- package/src/data/servicereference/services/mapcredits.json +1 -0
- package/src/data/servicereference/services/marketplacecommerceanalytics.json +1 -0
- package/src/data/servicereference/services/mechanicalturk.json +1 -0
- package/src/data/servicereference/services/mediaconnect.json +1 -0
- package/src/data/servicereference/services/mediaconvert.json +1 -0
- package/src/data/servicereference/services/mediaimport.json +1 -0
- package/src/data/servicereference/services/medialive.json +1 -0
- package/src/data/servicereference/services/mediapackage-vod.json +1 -0
- package/src/data/servicereference/services/mediapackage.json +1 -0
- package/src/data/servicereference/services/mediapackagev2.json +1 -0
- package/src/data/servicereference/services/mediastore.json +1 -0
- package/src/data/servicereference/services/mediatailor.json +1 -0
- package/src/data/servicereference/services/medical-imaging.json +1 -0
- package/src/data/servicereference/services/memorydb.json +1 -0
- package/src/data/servicereference/services/mgh.json +1 -0
- package/src/data/servicereference/services/mgn.json +1 -0
- package/src/data/servicereference/services/migrationhub-orchestrator.json +1 -0
- package/src/data/servicereference/services/migrationhub-strategy.json +1 -0
- package/src/data/servicereference/services/mobileanalytics.json +1 -0
- package/src/data/servicereference/services/mobiletargeting.json +1 -0
- package/src/data/servicereference/services/monitron.json +1 -0
- package/src/data/servicereference/services/mpa.json +1 -0
- package/src/data/servicereference/services/mq.json +1 -0
- package/src/data/servicereference/services/neptune-db.json +1 -0
- package/src/data/servicereference/services/neptune-graph.json +1 -0
- package/src/data/servicereference/services/network-firewall.json +1 -0
- package/src/data/servicereference/services/network-security-director.json +1 -0
- package/src/data/servicereference/services/networkflowmonitor.json +1 -0
- package/src/data/servicereference/services/networkmanager-chat.json +1 -0
- package/src/data/servicereference/services/networkmanager.json +1 -0
- package/src/data/servicereference/services/networkmonitor.json +1 -0
- package/src/data/servicereference/services/nimble.json +1 -0
- package/src/data/servicereference/services/notifications-contacts.json +1 -0
- package/src/data/servicereference/services/notifications.json +1 -0
- package/src/data/servicereference/services/nova-act.json +1 -0
- package/src/data/servicereference/services/oam.json +1 -0
- package/src/data/servicereference/services/observabilityadmin.json +1 -0
- package/src/data/servicereference/services/odb.json +1 -0
- package/src/data/servicereference/services/omics.json +1 -0
- package/src/data/servicereference/services/one.json +1 -0
- package/src/data/servicereference/services/opensearch.json +1 -0
- package/src/data/servicereference/services/opsworks-cm.json +1 -0
- package/src/data/servicereference/services/opsworks.json +1 -0
- package/src/data/servicereference/services/organizations.json +1 -0
- package/src/data/servicereference/services/osis.json +1 -0
- package/src/data/servicereference/services/outposts.json +1 -0
- package/src/data/servicereference/services/panorama.json +1 -0
- package/src/data/servicereference/services/partnercentral-account-management.json +1 -0
- package/src/data/servicereference/services/partnercentral.json +1 -0
- package/src/data/servicereference/services/payment-cryptography.json +1 -0
- package/src/data/servicereference/services/payments.json +1 -0
- package/src/data/servicereference/services/pca-connector-ad.json +1 -0
- package/src/data/servicereference/services/pca-connector-scep.json +1 -0
- package/src/data/servicereference/services/pcs.json +1 -0
- package/src/data/servicereference/services/personalize.json +1 -0
- package/src/data/servicereference/services/pi.json +1 -0
- package/src/data/servicereference/services/pipes.json +1 -0
- package/src/data/servicereference/services/polly.json +1 -0
- package/src/data/servicereference/services/pricing.json +1 -0
- package/src/data/servicereference/services/pricingplanmanager.json +1 -0
- package/src/data/servicereference/services/private-networks.json +1 -0
- package/src/data/servicereference/services/profile.json +1 -0
- package/src/data/servicereference/services/proton.json +1 -0
- package/src/data/servicereference/services/purchase-orders.json +1 -0
- package/src/data/servicereference/services/q.json +1 -0
- package/src/data/servicereference/services/qapps.json +1 -0
- package/src/data/servicereference/services/qbusiness.json +1 -0
- package/src/data/servicereference/services/qdeveloper.json +1 -0
- package/src/data/servicereference/services/qldb.json +1 -0
- package/src/data/servicereference/services/quicksight.json +1 -0
- package/src/data/servicereference/services/ram.json +1 -0
- package/src/data/servicereference/services/rbin.json +1 -0
- package/src/data/servicereference/services/rds-data.json +1 -0
- package/src/data/servicereference/services/rds-db.json +1 -0
- package/src/data/servicereference/services/rds.json +1 -0
- package/src/data/servicereference/services/redshift-data.json +1 -0
- package/src/data/servicereference/services/redshift-serverless.json +1 -0
- package/src/data/servicereference/services/redshift.json +1 -0
- package/src/data/servicereference/services/refactor-spaces.json +1 -0
- package/src/data/servicereference/services/rekognition.json +1 -0
- package/src/data/servicereference/services/repostspace.json +1 -0
- package/src/data/servicereference/services/resiliencehub.json +1 -0
- package/src/data/servicereference/services/resource-explorer-2.json +1 -0
- package/src/data/servicereference/services/resource-explorer.json +1 -0
- package/src/data/servicereference/services/resource-groups.json +1 -0
- package/src/data/servicereference/services/rhelkb.json +1 -0
- package/src/data/servicereference/services/robomaker.json +1 -0
- package/src/data/servicereference/services/rolesanywhere.json +1 -0
- package/src/data/servicereference/services/route53-recovery-cluster.json +1 -0
- package/src/data/servicereference/services/route53-recovery-control-config.json +1 -0
- package/src/data/servicereference/services/route53-recovery-readiness.json +1 -0
- package/src/data/servicereference/services/route53.json +1 -0
- package/src/data/servicereference/services/route53domains.json +1 -0
- package/src/data/servicereference/services/route53globalresolver.json +1 -0
- package/src/data/servicereference/services/route53profiles.json +1 -0
- package/src/data/servicereference/services/route53resolver.json +1 -0
- package/src/data/servicereference/services/rtbfabric.json +1 -0
- package/src/data/servicereference/services/rum.json +1 -0
- package/src/data/servicereference/services/s3-object-lambda.json +1 -0
- package/src/data/servicereference/services/s3-outposts.json +1 -0
- package/src/data/servicereference/services/s3.json +1 -0
- package/src/data/servicereference/services/s3express.json +1 -0
- package/src/data/servicereference/services/s3tables.json +1 -0
- package/src/data/servicereference/services/s3vectors.json +1 -0
- package/src/data/servicereference/services/sagemaker-data-science-assistant.json +1 -0
- package/src/data/servicereference/services/sagemaker-geospatial.json +1 -0
- package/src/data/servicereference/services/sagemaker-mlflow.json +1 -0
- package/src/data/servicereference/services/sagemaker-unified-studio-mcp.json +1 -0
- package/src/data/servicereference/services/sagemaker.json +1 -0
- package/src/data/servicereference/services/savingsplans.json +1 -0
- package/src/data/servicereference/services/scheduler.json +1 -0
- package/src/data/servicereference/services/schemas.json +1 -0
- package/src/data/servicereference/services/scn.json +1 -0
- package/src/data/servicereference/services/sdb.json +1 -0
- package/src/data/servicereference/services/secretsmanager.json +1 -0
- package/src/data/servicereference/services/security-ir.json +1 -0
- package/src/data/servicereference/services/securityagent.json +1 -0
- package/src/data/servicereference/services/securityhub.json +1 -0
- package/src/data/servicereference/services/securitylake.json +1 -0
- package/src/data/servicereference/services/serverlessrepo.json +1 -0
- package/src/data/servicereference/services/servicecatalog.json +1 -0
- package/src/data/servicereference/services/servicediscovery.json +1 -0
- package/src/data/servicereference/services/serviceextract.json +1 -0
- package/src/data/servicereference/services/servicequotas.json +1 -0
- package/src/data/servicereference/services/ses.json +1 -0
- package/src/data/servicereference/services/shield.json +1 -0
- package/src/data/servicereference/services/signer.json +1 -0
- package/src/data/servicereference/services/signin.json +1 -0
- package/src/data/servicereference/services/simspaceweaver.json +1 -0
- package/src/data/servicereference/services/sms-voice.json +1 -0
- package/src/data/servicereference/services/sms.json +1 -0
- package/src/data/servicereference/services/snow-device-management.json +1 -0
- package/src/data/servicereference/services/snowball.json +1 -0
- package/src/data/servicereference/services/sns.json +1 -0
- package/src/data/servicereference/services/social-messaging.json +1 -0
- package/src/data/servicereference/services/sqlworkbench.json +1 -0
- package/src/data/servicereference/services/sqs.json +1 -0
- package/src/data/servicereference/services/ssm-contacts.json +1 -0
- package/src/data/servicereference/services/ssm-guiconnect.json +1 -0
- package/src/data/servicereference/services/ssm-incidents.json +1 -0
- package/src/data/servicereference/services/ssm-quicksetup.json +1 -0
- package/src/data/servicereference/services/ssm-sap.json +1 -0
- package/src/data/servicereference/services/ssm.json +1 -0
- package/src/data/servicereference/services/ssmmessages.json +1 -0
- package/src/data/servicereference/services/sso-directory.json +1 -0
- package/src/data/servicereference/services/sso-oauth.json +1 -0
- package/src/data/servicereference/services/sso.json +1 -0
- package/src/data/servicereference/services/states.json +1 -0
- package/src/data/servicereference/services/storagegateway.json +1 -0
- package/src/data/servicereference/services/sts.json +1 -0
- package/src/data/servicereference/services/support-console.json +1 -0
- package/src/data/servicereference/services/support.json +1 -0
- package/src/data/servicereference/services/supportapp.json +1 -0
- package/src/data/servicereference/services/supportplans.json +1 -0
- package/src/data/servicereference/services/sustainability.json +1 -0
- package/src/data/servicereference/services/swf.json +1 -0
- package/src/data/servicereference/services/synthetics.json +1 -0
- package/src/data/servicereference/services/tag.json +1 -0
- package/src/data/servicereference/services/tax.json +1 -0
- package/src/data/servicereference/services/textract.json +1 -0
- package/src/data/servicereference/services/thinclient.json +1 -0
- package/src/data/servicereference/services/timestream-influxdb.json +1 -0
- package/src/data/servicereference/services/timestream.json +1 -0
- package/src/data/servicereference/services/tiros.json +1 -0
- package/src/data/servicereference/services/tnb.json +1 -0
- package/src/data/servicereference/services/transcribe.json +1 -0
- package/src/data/servicereference/services/transfer.json +1 -0
- package/src/data/servicereference/services/transform-custom.json +1 -0
- package/src/data/servicereference/services/transform.json +1 -0
- package/src/data/servicereference/services/translate.json +1 -0
- package/src/data/servicereference/services/trustedadvisor.json +1 -0
- package/src/data/servicereference/services/ts.json +1 -0
- package/src/data/servicereference/services/user-subscriptions.json +1 -0
- package/src/data/servicereference/services/uxc.json +1 -0
- package/src/data/servicereference/services/vendor-insights.json +1 -0
- package/src/data/servicereference/services/verified-access.json +1 -0
- package/src/data/servicereference/services/verifiedpermissions.json +1 -0
- package/src/data/servicereference/services/voiceid.json +1 -0
- package/src/data/servicereference/services/vpc-lattice-svcs.json +1 -0
- package/src/data/servicereference/services/vpc-lattice.json +1 -0
- package/src/data/servicereference/services/vpce.json +1 -0
- package/src/data/servicereference/services/waf-regional.json +1 -0
- package/src/data/servicereference/services/waf.json +1 -0
- package/src/data/servicereference/services/wafv2.json +1 -0
- package/src/data/servicereference/services/wam.json +1 -0
- package/src/data/servicereference/services/wellarchitected.json +1 -0
- package/src/data/servicereference/services/wickr.json +1 -0
- package/src/data/servicereference/services/wisdom.json +1 -0
- package/src/data/servicereference/services/workdocs.json +1 -0
- package/src/data/servicereference/services/worklink.json +1 -0
- package/src/data/servicereference/services/workmail.json +1 -0
- package/src/data/servicereference/services/workmailmessageflow.json +1 -0
- package/src/data/servicereference/services/workspaces-instances.json +1 -0
- package/src/data/servicereference/services/workspaces-web.json +1 -0
- package/src/data/servicereference/services/workspaces.json +1 -0
- package/src/data/servicereference/services/xray.json +1 -0
- package/src/data/servicereference/services.json +1 -0
- package/src/extension.d.ts +3 -0
- package/src/extension.js +23 -0
- package/src/grammars/tree-sitter-hcl.wasm +0 -0
- package/src/grammars/tree-sitter-json.wasm +0 -0
- package/src/grammars/tree-sitter-yaml.wasm +0 -0
- package/src/handlers/completion/action-value.d.ts +4 -0
- package/src/handlers/completion/action-value.js +46 -0
- package/src/handlers/completion/condition-block.d.ts +4 -0
- package/src/handlers/completion/condition-block.js +31 -0
- package/src/handlers/completion/condition-key.d.ts +4 -0
- package/src/handlers/completion/condition-key.js +80 -0
- package/src/handlers/completion/condition-operator.d.ts +4 -0
- package/src/handlers/completion/condition-operator.js +22 -0
- package/src/handlers/completion/effect-value.d.ts +4 -0
- package/src/handlers/completion/effect-value.js +14 -0
- package/src/handlers/completion/index.d.ts +14 -0
- package/src/handlers/completion/index.js +96 -0
- package/src/handlers/completion/principal-block-identifier.d.ts +4 -0
- package/src/handlers/completion/principal-block-identifier.js +4 -0
- package/src/handlers/completion/principal-block-type.d.ts +4 -0
- package/src/handlers/completion/principal-block-type.js +24 -0
- package/src/handlers/completion/principal-block.d.ts +4 -0
- package/src/handlers/completion/principal-block.js +28 -0
- package/src/handlers/completion/principal-identifier-completions.d.ts +2 -0
- package/src/handlers/completion/principal-identifier-completions.js +131 -0
- package/src/handlers/completion/principal-type.d.ts +4 -0
- package/src/handlers/completion/principal-type.js +23 -0
- package/src/handlers/completion/principal-typed-value.d.ts +4 -0
- package/src/handlers/completion/principal-typed-value.js +4 -0
- package/src/handlers/completion/principal-value.d.ts +4 -0
- package/src/handlers/completion/principal-value.js +18 -0
- package/src/handlers/completion/resource-value.d.ts +4 -0
- package/src/handlers/completion/resource-value.js +144 -0
- package/src/handlers/completion/statement-block.d.ts +10 -0
- package/src/handlers/completion/statement-block.js +51 -0
- package/src/handlers/completion/statement-key.d.ts +4 -0
- package/src/handlers/completion/statement-key.js +41 -0
- package/src/lib/iam-policy/condition-operators.d.ts +317 -0
- package/src/lib/iam-policy/condition-operators.js +129 -0
- package/src/lib/iam-policy/location.d.ts +71 -0
- package/src/lib/iam-policy/location.js +82 -0
- package/src/lib/iam-policy/partitions.d.ts +116 -0
- package/src/lib/iam-policy/partitions.js +51 -0
- package/src/lib/iam-policy/principals.d.ts +21 -0
- package/src/lib/iam-policy/principals.js +37 -0
- package/src/lib/iam-policy/reference/services.d.ts +22 -0
- package/src/lib/iam-policy/reference/services.js +99 -0
- package/src/lib/iam-policy/reference/types.d.ts +71 -0
- package/src/lib/iam-policy/reference/types.js +1 -0
- package/src/lib/iam-policy/statement-keys.d.ts +8 -0
- package/src/lib/iam-policy/statement-keys.js +159 -0
- package/src/lib/iam-policy/wildcard.d.ts +2 -0
- package/src/lib/iam-policy/wildcard.js +14 -0
- package/src/lib/treesitter/base.d.ts +35 -0
- package/src/lib/treesitter/base.js +50 -0
- package/src/lib/treesitter/hcl.d.ts +9 -0
- package/src/lib/treesitter/hcl.js +888 -0
- package/src/lib/treesitter/json.d.ts +9 -0
- package/src/lib/treesitter/json.js +376 -0
- package/src/lib/treesitter/manager.d.ts +9 -0
- package/src/lib/treesitter/manager.js +66 -0
- package/src/lib/treesitter/yaml.d.ts +9 -0
- package/src/lib/treesitter/yaml.js +878 -0
- package/src/server.d.ts +2 -0
- package/src/server.js +26 -0
|
@@ -0,0 +1,116 @@
|
|
|
1
|
+
export declare const partitions: {
|
|
2
|
+
readonly aws: {
|
|
3
|
+
readonly name: "AWS Commercial Regions";
|
|
4
|
+
readonly regions: readonly [{
|
|
5
|
+
readonly id: "us-east-1";
|
|
6
|
+
readonly name: "US East (N. Virginia)";
|
|
7
|
+
}, {
|
|
8
|
+
readonly id: "us-east-2";
|
|
9
|
+
readonly name: "US East (Ohio)";
|
|
10
|
+
}, {
|
|
11
|
+
readonly id: "us-west-1";
|
|
12
|
+
readonly name: "US West (N. California)";
|
|
13
|
+
}, {
|
|
14
|
+
readonly id: "us-west-2";
|
|
15
|
+
readonly name: "US West (Oregon)";
|
|
16
|
+
}, {
|
|
17
|
+
readonly id: "af-south-1";
|
|
18
|
+
readonly name: "Africa (Cape Town)";
|
|
19
|
+
}, {
|
|
20
|
+
readonly id: "ap-east-1";
|
|
21
|
+
readonly name: "Asia Pacific (Hong Kong)";
|
|
22
|
+
}, {
|
|
23
|
+
readonly id: "ap-south-1";
|
|
24
|
+
readonly name: "Asia Pacific (Mumbai)";
|
|
25
|
+
}, {
|
|
26
|
+
readonly id: "ap-south-2";
|
|
27
|
+
readonly name: "Asia Pacific (Hyderabad)";
|
|
28
|
+
}, {
|
|
29
|
+
readonly id: "ap-southeast-1";
|
|
30
|
+
readonly name: "Asia Pacific (Singapore)";
|
|
31
|
+
}, {
|
|
32
|
+
readonly id: "ap-southeast-2";
|
|
33
|
+
readonly name: "Asia Pacific (Sydney)";
|
|
34
|
+
}, {
|
|
35
|
+
readonly id: "ap-southeast-3";
|
|
36
|
+
readonly name: "Asia Pacific (Jakarta)";
|
|
37
|
+
}, {
|
|
38
|
+
readonly id: "ap-southeast-4";
|
|
39
|
+
readonly name: "Asia Pacific (Melbourne)";
|
|
40
|
+
}, {
|
|
41
|
+
readonly id: "ap-southeast-5";
|
|
42
|
+
readonly name: "Asia Pacific (Malaysia)";
|
|
43
|
+
}, {
|
|
44
|
+
readonly id: "ap-northeast-1";
|
|
45
|
+
readonly name: "Asia Pacific (Tokyo)";
|
|
46
|
+
}, {
|
|
47
|
+
readonly id: "ap-northeast-2";
|
|
48
|
+
readonly name: "Asia Pacific (Seoul)";
|
|
49
|
+
}, {
|
|
50
|
+
readonly id: "ap-northeast-3";
|
|
51
|
+
readonly name: "Asia Pacific (Osaka)";
|
|
52
|
+
}, {
|
|
53
|
+
readonly id: "ca-central-1";
|
|
54
|
+
readonly name: "Canada (Central)";
|
|
55
|
+
}, {
|
|
56
|
+
readonly id: "ca-west-1";
|
|
57
|
+
readonly name: "Canada West (Calgary)";
|
|
58
|
+
}, {
|
|
59
|
+
readonly id: "eu-central-1";
|
|
60
|
+
readonly name: "Europe (Frankfurt)";
|
|
61
|
+
}, {
|
|
62
|
+
readonly id: "eu-central-2";
|
|
63
|
+
readonly name: "Europe (Zurich)";
|
|
64
|
+
}, {
|
|
65
|
+
readonly id: "eu-west-1";
|
|
66
|
+
readonly name: "Europe (Ireland)";
|
|
67
|
+
}, {
|
|
68
|
+
readonly id: "eu-west-2";
|
|
69
|
+
readonly name: "Europe (London)";
|
|
70
|
+
}, {
|
|
71
|
+
readonly id: "eu-west-3";
|
|
72
|
+
readonly name: "Europe (Paris)";
|
|
73
|
+
}, {
|
|
74
|
+
readonly id: "eu-south-1";
|
|
75
|
+
readonly name: "Europe (Milan)";
|
|
76
|
+
}, {
|
|
77
|
+
readonly id: "eu-south-2";
|
|
78
|
+
readonly name: "Europe (Spain)";
|
|
79
|
+
}, {
|
|
80
|
+
readonly id: "eu-north-1";
|
|
81
|
+
readonly name: "Europe (Stockholm)";
|
|
82
|
+
}, {
|
|
83
|
+
readonly id: "il-central-1";
|
|
84
|
+
readonly name: "Israel (Tel Aviv)";
|
|
85
|
+
}, {
|
|
86
|
+
readonly id: "me-south-1";
|
|
87
|
+
readonly name: "Middle East (Bahrain)";
|
|
88
|
+
}, {
|
|
89
|
+
readonly id: "me-central-1";
|
|
90
|
+
readonly name: "Middle East (UAE)";
|
|
91
|
+
}, {
|
|
92
|
+
readonly id: "sa-east-1";
|
|
93
|
+
readonly name: "South America (São Paulo)";
|
|
94
|
+
}];
|
|
95
|
+
};
|
|
96
|
+
readonly 'aws-us-gov': {
|
|
97
|
+
readonly name: "AWS GovCloud (US) Regions";
|
|
98
|
+
readonly regions: readonly [{
|
|
99
|
+
readonly id: "us-gov-west-1";
|
|
100
|
+
readonly name: "AWS GovCloud (US-West)";
|
|
101
|
+
}, {
|
|
102
|
+
readonly id: "us-gov-east-1";
|
|
103
|
+
readonly name: "AWS GovCloud (US-East)";
|
|
104
|
+
}];
|
|
105
|
+
};
|
|
106
|
+
readonly 'aws-cn': {
|
|
107
|
+
readonly name: "AWS China Regions";
|
|
108
|
+
readonly regions: readonly [{
|
|
109
|
+
readonly id: "cn-north-1";
|
|
110
|
+
readonly name: "China (Beijing)";
|
|
111
|
+
}, {
|
|
112
|
+
readonly id: "cn-northwest-1";
|
|
113
|
+
readonly name: "China (Ningxia)";
|
|
114
|
+
}];
|
|
115
|
+
};
|
|
116
|
+
};
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
export const partitions = {
|
|
2
|
+
aws: {
|
|
3
|
+
name: 'AWS Commercial Regions',
|
|
4
|
+
regions: [
|
|
5
|
+
{ id: 'us-east-1', name: 'US East (N. Virginia)' },
|
|
6
|
+
{ id: 'us-east-2', name: 'US East (Ohio)' },
|
|
7
|
+
{ id: 'us-west-1', name: 'US West (N. California)' },
|
|
8
|
+
{ id: 'us-west-2', name: 'US West (Oregon)' },
|
|
9
|
+
{ id: 'af-south-1', name: 'Africa (Cape Town)' },
|
|
10
|
+
{ id: 'ap-east-1', name: 'Asia Pacific (Hong Kong)' },
|
|
11
|
+
{ id: 'ap-south-1', name: 'Asia Pacific (Mumbai)' },
|
|
12
|
+
{ id: 'ap-south-2', name: 'Asia Pacific (Hyderabad)' },
|
|
13
|
+
{ id: 'ap-southeast-1', name: 'Asia Pacific (Singapore)' },
|
|
14
|
+
{ id: 'ap-southeast-2', name: 'Asia Pacific (Sydney)' },
|
|
15
|
+
{ id: 'ap-southeast-3', name: 'Asia Pacific (Jakarta)' },
|
|
16
|
+
{ id: 'ap-southeast-4', name: 'Asia Pacific (Melbourne)' },
|
|
17
|
+
{ id: 'ap-southeast-5', name: 'Asia Pacific (Malaysia)' },
|
|
18
|
+
{ id: 'ap-northeast-1', name: 'Asia Pacific (Tokyo)' },
|
|
19
|
+
{ id: 'ap-northeast-2', name: 'Asia Pacific (Seoul)' },
|
|
20
|
+
{ id: 'ap-northeast-3', name: 'Asia Pacific (Osaka)' },
|
|
21
|
+
{ id: 'ca-central-1', name: 'Canada (Central)' },
|
|
22
|
+
{ id: 'ca-west-1', name: 'Canada West (Calgary)' },
|
|
23
|
+
{ id: 'eu-central-1', name: 'Europe (Frankfurt)' },
|
|
24
|
+
{ id: 'eu-central-2', name: 'Europe (Zurich)' },
|
|
25
|
+
{ id: 'eu-west-1', name: 'Europe (Ireland)' },
|
|
26
|
+
{ id: 'eu-west-2', name: 'Europe (London)' },
|
|
27
|
+
{ id: 'eu-west-3', name: 'Europe (Paris)' },
|
|
28
|
+
{ id: 'eu-south-1', name: 'Europe (Milan)' },
|
|
29
|
+
{ id: 'eu-south-2', name: 'Europe (Spain)' },
|
|
30
|
+
{ id: 'eu-north-1', name: 'Europe (Stockholm)' },
|
|
31
|
+
{ id: 'il-central-1', name: 'Israel (Tel Aviv)' },
|
|
32
|
+
{ id: 'me-south-1', name: 'Middle East (Bahrain)' },
|
|
33
|
+
{ id: 'me-central-1', name: 'Middle East (UAE)' },
|
|
34
|
+
{ id: 'sa-east-1', name: 'South America (São Paulo)' },
|
|
35
|
+
],
|
|
36
|
+
},
|
|
37
|
+
'aws-us-gov': {
|
|
38
|
+
name: 'AWS GovCloud (US) Regions',
|
|
39
|
+
regions: [
|
|
40
|
+
{ id: 'us-gov-west-1', name: 'AWS GovCloud (US-West)' },
|
|
41
|
+
{ id: 'us-gov-east-1', name: 'AWS GovCloud (US-East)' },
|
|
42
|
+
],
|
|
43
|
+
},
|
|
44
|
+
'aws-cn': {
|
|
45
|
+
name: 'AWS China Regions',
|
|
46
|
+
regions: [
|
|
47
|
+
{ id: 'cn-north-1', name: 'China (Beijing)' },
|
|
48
|
+
{ id: 'cn-northwest-1', name: 'China (Ningxia)' },
|
|
49
|
+
],
|
|
50
|
+
},
|
|
51
|
+
};
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
export declare const principalTypes: {
|
|
2
|
+
readonly aws: {
|
|
3
|
+
readonly value: "AWS";
|
|
4
|
+
readonly description: "An AWS account root user, IAM user, or IAM role.";
|
|
5
|
+
readonly patterns: readonly ["*", "${Account}", "arn:${Partition}:iam::${Account}:root", "arn:${Partition}:iam::${Account}:role/${RoleName}", "arn:${Partition}:sts::${Account}:assumed-role/${RoleName}/${RoleSessionName}", "arn:${Partition}:iam::${Account}:user/${UserName}", "arn:${Partition}:iam::${Account}:federated-user/${UserName}"];
|
|
6
|
+
};
|
|
7
|
+
readonly canonicalUser: {
|
|
8
|
+
readonly value: "CanonicalUser";
|
|
9
|
+
readonly description: "An Amazon S3 canonical user ID.";
|
|
10
|
+
};
|
|
11
|
+
readonly federated: {
|
|
12
|
+
readonly value: "Federated";
|
|
13
|
+
readonly description: "A SAML provider or an OpenID Connect provider.";
|
|
14
|
+
readonly patterns: readonly ["cognito-identity.amazonaws.com", "www.amazon.com", "graph.facebook.com", "accounts.google.com", "arn:${Partition}:iam::${Account}:oidc-provider/${OidcProviderUrl}", "arn:${Partition}:iam::${Account}:saml-provider/${SamlProviderName}"];
|
|
15
|
+
};
|
|
16
|
+
readonly service: {
|
|
17
|
+
readonly value: "Service";
|
|
18
|
+
readonly description: "An AWS service principal.";
|
|
19
|
+
readonly patterns: string[];
|
|
20
|
+
};
|
|
21
|
+
};
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import { ServiceReference } from "./reference/services.js";
|
|
2
|
+
export const principalTypes = {
|
|
3
|
+
aws: {
|
|
4
|
+
value: 'AWS',
|
|
5
|
+
description: 'An AWS account root user, IAM user, or IAM role.',
|
|
6
|
+
patterns: [
|
|
7
|
+
`*`,
|
|
8
|
+
`\${Account}`,
|
|
9
|
+
`arn:\${Partition}:iam::\${Account}:root`,
|
|
10
|
+
`arn:\${Partition}:iam::\${Account}:role/\${RoleName}`,
|
|
11
|
+
`arn:\${Partition}:sts::\${Account}:assumed-role/\${RoleName}/\${RoleSessionName}`,
|
|
12
|
+
`arn:\${Partition}:iam::\${Account}:user/\${UserName}`,
|
|
13
|
+
`arn:\${Partition}:iam::\${Account}:federated-user/\${UserName}`,
|
|
14
|
+
],
|
|
15
|
+
},
|
|
16
|
+
canonicalUser: {
|
|
17
|
+
value: 'CanonicalUser',
|
|
18
|
+
description: 'An Amazon S3 canonical user ID.',
|
|
19
|
+
},
|
|
20
|
+
federated: {
|
|
21
|
+
value: 'Federated',
|
|
22
|
+
description: 'A SAML provider or an OpenID Connect provider.',
|
|
23
|
+
patterns: [
|
|
24
|
+
'cognito-identity.amazonaws.com',
|
|
25
|
+
'www.amazon.com',
|
|
26
|
+
'graph.facebook.com',
|
|
27
|
+
'accounts.google.com',
|
|
28
|
+
`arn:\${Partition}:iam::\${Account}:oidc-provider/\${OidcProviderUrl}`,
|
|
29
|
+
`arn:\${Partition}:iam::\${Account}:saml-provider/\${SamlProviderName}`,
|
|
30
|
+
],
|
|
31
|
+
},
|
|
32
|
+
service: {
|
|
33
|
+
value: 'Service',
|
|
34
|
+
description: 'An AWS service principal.',
|
|
35
|
+
patterns: ServiceReference.getServicePrincipals(),
|
|
36
|
+
},
|
|
37
|
+
};
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import type { Action, ConditionKey, GlobalConditionKey, ServiceData } from './types.ts';
|
|
2
|
+
export declare class ServiceReference {
|
|
3
|
+
#private;
|
|
4
|
+
static getServiceData(service: string): ServiceData;
|
|
5
|
+
static getServicePrincipals(): string[];
|
|
6
|
+
static getAllActions(): Array<string>;
|
|
7
|
+
static getAllServices(): Array<string>;
|
|
8
|
+
static getActionsForService(service: string): Array<string>;
|
|
9
|
+
static getConditionKeysForActions(actions: string[]): Array<{
|
|
10
|
+
name: string;
|
|
11
|
+
types: string[];
|
|
12
|
+
}>;
|
|
13
|
+
static getGlobalConditionKeys(): Array<GlobalConditionKey>;
|
|
14
|
+
static getAction(service: string, actionName: string): Action | undefined;
|
|
15
|
+
static getConditionKey(service: string, keyName: string): ConditionKey | undefined;
|
|
16
|
+
static getResourcesForActions(actions: string[]): Map<string, {
|
|
17
|
+
service: string;
|
|
18
|
+
name: string;
|
|
19
|
+
arn: string;
|
|
20
|
+
conditionKeys: Array<string>;
|
|
21
|
+
}>;
|
|
22
|
+
}
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
import { readFileSync } from 'node:fs';
|
|
2
|
+
export class ServiceReference {
|
|
3
|
+
static #serviceDataMap = {};
|
|
4
|
+
static #allActions;
|
|
5
|
+
static #allServices;
|
|
6
|
+
static #servicePrincipals;
|
|
7
|
+
static #globalConditionKeys;
|
|
8
|
+
static getServiceData(service) {
|
|
9
|
+
if (!ServiceReference.#serviceDataMap[service]) {
|
|
10
|
+
ServiceReference.#serviceDataMap[service] = JSON.parse(readFileSync(`${import.meta.dirname}/../../../data/servicereference/services/${service}.json`, 'utf-8'));
|
|
11
|
+
}
|
|
12
|
+
return ServiceReference.#serviceDataMap[service];
|
|
13
|
+
}
|
|
14
|
+
static getServicePrincipals() {
|
|
15
|
+
if (!ServiceReference.#servicePrincipals) {
|
|
16
|
+
ServiceReference.#servicePrincipals = JSON.parse(readFileSync(`${import.meta.dirname}/../../../data/servicereference/service-principals.json`, 'utf-8'));
|
|
17
|
+
}
|
|
18
|
+
return ServiceReference.#servicePrincipals;
|
|
19
|
+
}
|
|
20
|
+
static getAllActions() {
|
|
21
|
+
if (!ServiceReference.#allActions) {
|
|
22
|
+
ServiceReference.#allActions = JSON.parse(readFileSync(`${import.meta.dirname}/../../../data/servicereference/actions.json`, 'utf-8'));
|
|
23
|
+
}
|
|
24
|
+
return ServiceReference.#allActions;
|
|
25
|
+
}
|
|
26
|
+
static getAllServices() {
|
|
27
|
+
if (!ServiceReference.#allServices) {
|
|
28
|
+
ServiceReference.#allServices = JSON.parse(readFileSync(`${import.meta.dirname}/../../../data/servicereference/services.json`, 'utf-8'));
|
|
29
|
+
}
|
|
30
|
+
return ServiceReference.#allServices;
|
|
31
|
+
}
|
|
32
|
+
static getActionsForService(service) {
|
|
33
|
+
return Object.keys(ServiceReference.getServiceData(service).actions);
|
|
34
|
+
}
|
|
35
|
+
static getConditionKeysForActions(actions) {
|
|
36
|
+
const keys = new Map();
|
|
37
|
+
for (const action of actions) {
|
|
38
|
+
const [service, actionName] = action.split(':');
|
|
39
|
+
const serviceData = ServiceReference.getServiceData(service);
|
|
40
|
+
const actionDef = serviceData.actions[actionName];
|
|
41
|
+
if (actionDef?.conditionKeys) {
|
|
42
|
+
for (const keyName of actionDef.conditionKeys) {
|
|
43
|
+
if (!keys.has(keyName)) {
|
|
44
|
+
const keyDef = serviceData.conditionKeys[keyName];
|
|
45
|
+
keys.set(keyName, keyDef?.types ?? []);
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
const sorted = [...keys.entries()].sort((a, b) => a[0].localeCompare(b[0]));
|
|
51
|
+
return sorted.map(([name, types]) => ({ name, types }));
|
|
52
|
+
}
|
|
53
|
+
static getGlobalConditionKeys() {
|
|
54
|
+
if (!ServiceReference.#globalConditionKeys) {
|
|
55
|
+
ServiceReference.#globalConditionKeys = JSON.parse(readFileSync(`${import.meta.dirname}/../../../data/condition-keys/global.json`, 'utf-8'));
|
|
56
|
+
}
|
|
57
|
+
return ServiceReference.#globalConditionKeys;
|
|
58
|
+
}
|
|
59
|
+
static getAction(service, actionName) {
|
|
60
|
+
try {
|
|
61
|
+
return ServiceReference.getServiceData(service).actions[actionName];
|
|
62
|
+
}
|
|
63
|
+
catch {
|
|
64
|
+
return undefined;
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
static getConditionKey(service, keyName) {
|
|
68
|
+
try {
|
|
69
|
+
return ServiceReference.getServiceData(service).conditionKeys[keyName];
|
|
70
|
+
}
|
|
71
|
+
catch {
|
|
72
|
+
return undefined;
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
static getResourcesForActions(actions) {
|
|
76
|
+
const resources = new Map();
|
|
77
|
+
for (const action of actions) {
|
|
78
|
+
const [service, actionName] = action.split(':');
|
|
79
|
+
const serviceData = ServiceReference.getServiceData(service);
|
|
80
|
+
const actionDef = serviceData.actions[actionName];
|
|
81
|
+
if (!actionDef?.resources)
|
|
82
|
+
continue;
|
|
83
|
+
for (const actionResource of actionDef.resources) {
|
|
84
|
+
const resourceDef = serviceData.resources.find((r) => r.name === actionResource.name);
|
|
85
|
+
if (resourceDef) {
|
|
86
|
+
for (const arn of resourceDef.arnFormats) {
|
|
87
|
+
resources.set(arn, {
|
|
88
|
+
service,
|
|
89
|
+
name: resourceDef.name,
|
|
90
|
+
arn,
|
|
91
|
+
conditionKeys: resourceDef.conditionKeys,
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
return resources;
|
|
98
|
+
}
|
|
99
|
+
}
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
export type Services = Array<{
|
|
2
|
+
service: string;
|
|
3
|
+
url: string;
|
|
4
|
+
}>;
|
|
5
|
+
export type GlobalConditionKey = {
|
|
6
|
+
name: string;
|
|
7
|
+
valueType: 'single' | 'multi';
|
|
8
|
+
availability: string;
|
|
9
|
+
description: string;
|
|
10
|
+
};
|
|
11
|
+
export type RawReference = {
|
|
12
|
+
Name: string;
|
|
13
|
+
Version: string;
|
|
14
|
+
Operations: Array<unknown>;
|
|
15
|
+
Actions: Array<{
|
|
16
|
+
Name: string;
|
|
17
|
+
Annotations: {
|
|
18
|
+
Properties: {
|
|
19
|
+
IsList: boolean;
|
|
20
|
+
IsPermissionManagement: boolean;
|
|
21
|
+
IsTaggingOnly: boolean;
|
|
22
|
+
IsWrite: boolean;
|
|
23
|
+
};
|
|
24
|
+
};
|
|
25
|
+
SupportedBy: {
|
|
26
|
+
'IAM Access Analyzer Policy Generation': boolean;
|
|
27
|
+
'IAM Action Last Accessed': boolean;
|
|
28
|
+
};
|
|
29
|
+
Resources?: Array<{
|
|
30
|
+
Name: string;
|
|
31
|
+
}>;
|
|
32
|
+
ActionConditionKeys?: Array<string>;
|
|
33
|
+
}>;
|
|
34
|
+
Resources?: Array<{
|
|
35
|
+
Name: string;
|
|
36
|
+
ARNFormats: Array<string>;
|
|
37
|
+
ConditionKeys?: Array<string>;
|
|
38
|
+
}>;
|
|
39
|
+
ConditionKeys: Array<{
|
|
40
|
+
Name: string;
|
|
41
|
+
Types: Array<string>;
|
|
42
|
+
}>;
|
|
43
|
+
};
|
|
44
|
+
export type ServiceData = {
|
|
45
|
+
name: string;
|
|
46
|
+
actions: Record<string, Action>;
|
|
47
|
+
resources: Array<{
|
|
48
|
+
name: string;
|
|
49
|
+
arnFormats: Array<string>;
|
|
50
|
+
conditionKeys: Array<string>;
|
|
51
|
+
}>;
|
|
52
|
+
conditionKeys: Record<string, ConditionKey>;
|
|
53
|
+
};
|
|
54
|
+
export type Action = {
|
|
55
|
+
conditionKeys: Array<string>;
|
|
56
|
+
resources: Array<{
|
|
57
|
+
name: string;
|
|
58
|
+
}>;
|
|
59
|
+
description?: string;
|
|
60
|
+
accessLevel?: string;
|
|
61
|
+
resourceTypes?: Array<{
|
|
62
|
+
name: string;
|
|
63
|
+
required: boolean;
|
|
64
|
+
}>;
|
|
65
|
+
dependentActions?: Array<string>;
|
|
66
|
+
permissionOnly?: boolean;
|
|
67
|
+
};
|
|
68
|
+
export type ConditionKey = {
|
|
69
|
+
types: Array<string>;
|
|
70
|
+
description?: string;
|
|
71
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,159 @@
|
|
|
1
|
+
export const StatementKeys = {
|
|
2
|
+
Sid: {
|
|
3
|
+
policyTypes: ['identity', 'resource'],
|
|
4
|
+
description: `An optional identifier for a policy statement.
|
|
5
|
+
Use it as a descriptive label to distinguish statements within a policy.
|
|
6
|
+
|
|
7
|
+
The \`Sid\` value must be unique within a policy document.
|
|
8
|
+
It may only contain ASCII uppercase letters (A-Z), lowercase letters (a-z), and numbers (0-9).
|
|
9
|
+
|
|
10
|
+
In services that support an \`Id\` element (such as SQS and SNS), the \`Sid\` serves as a sub-ID of the policy document's \`Id\`.
|
|
11
|
+
These services may require \`Sid\` and enforce additional uniqueness constraints — consult the service-specific documentation.
|
|
12
|
+
|
|
13
|
+
> **Note:** The IAM API does not expose the \`Sid\`.
|
|
14
|
+
> You cannot retrieve a specific statement by its ID.`,
|
|
15
|
+
hclKey: 'sid',
|
|
16
|
+
group: 'sid',
|
|
17
|
+
},
|
|
18
|
+
Effect: {
|
|
19
|
+
policyTypes: ['identity', 'resource'],
|
|
20
|
+
description: `A required element that specifies whether the statement allows or explicitly denies access.
|
|
21
|
+
Valid values are \`Allow\` and \`Deny\` (case-sensitive).
|
|
22
|
+
|
|
23
|
+
By default, access to resources is implicitly denied.
|
|
24
|
+
Set \`Effect\` to \`Allow\` to grant access.
|
|
25
|
+
Set \`Effect\` to \`Deny\` to explicitly deny access — an explicit deny always overrides any allow.`,
|
|
26
|
+
hclKey: 'effect',
|
|
27
|
+
group: 'effect',
|
|
28
|
+
},
|
|
29
|
+
Principal: {
|
|
30
|
+
policyTypes: ['resource'],
|
|
31
|
+
description: `Specifies the principal that is allowed or denied access to a resource.
|
|
32
|
+
Required in resource-based policies (e.g. S3 bucket policies, KMS key policies, role trust policies).
|
|
33
|
+
Cannot be used in identity-based policies — the principal is implicitly the identity the policy is attached to.
|
|
34
|
+
|
|
35
|
+
The value can be an AWS account, IAM user, IAM role, federated identity, AWS service, or canonical user:
|
|
36
|
+
|
|
37
|
+
- **AWS account** — \`{ "AWS": "arn:aws:iam::123456789012:root" }\` or \`{ "AWS": "123456789012" }\`
|
|
38
|
+
- **IAM role** — \`{ "AWS": "arn:aws:iam::123456789012:role/role-name" }\`
|
|
39
|
+
- **IAM user** — \`{ "AWS": "arn:aws:iam::123456789012:user/user-name" }\`
|
|
40
|
+
- **AWS service** — \`{ "Service": "ecs.amazonaws.com" }\`
|
|
41
|
+
- **Federated (OIDC/SAML)** — \`{ "Federated": "cognito-identity.amazonaws.com" }\` or a SAML provider ARN
|
|
42
|
+
- **Canonical user** — \`{ "CanonicalUser": "64-char-hex-id" }\` (S3-specific, equivalent to an account ID)
|
|
43
|
+
- **All principals** — \`"*"\` or \`{ "AWS": "*" }\`
|
|
44
|
+
|
|
45
|
+
Use arrays to specify multiple principals of the same type.
|
|
46
|
+
Multiple principals are evaluated as a logical OR.
|
|
47
|
+
|
|
48
|
+
> **Warning:** Using \`"Principal": "*"\` with \`"Effect": "Allow"\` grants public access.
|
|
49
|
+
> Always scope with a \`Condition\` element unless public access is intended.
|
|
50
|
+
|
|
51
|
+
> **Note:** IAM resolves role and user ARNs in trust policies to unique principal IDs.
|
|
52
|
+
> If you delete and recreate the role or user, the trust relationship breaks.
|
|
53
|
+
> Use the \`aws:PrincipalArn\` condition key to avoid this.`,
|
|
54
|
+
group: 'principal',
|
|
55
|
+
hclKey: 'principals',
|
|
56
|
+
},
|
|
57
|
+
NotPrincipal: {
|
|
58
|
+
policyTypes: ['resource'],
|
|
59
|
+
description: `Matches every principal *except* the ones specified.
|
|
60
|
+
Must be used with \`"Effect": "Deny"\` — using it with \`"Effect": "Allow"\` is not supported.
|
|
61
|
+
Only valid in resource-based policies; not supported in identity-based policies, role trust policies, SCPs, or RCPs.
|
|
62
|
+
|
|
63
|
+
When specifying an IAM user or role, you must also include the account ARN.
|
|
64
|
+
Otherwise the policy may deny access to the entire account.
|
|
65
|
+
|
|
66
|
+
> **Warning:** Do not use \`NotPrincipal\` with \`Deny\` for principals that have a permissions boundary attached.
|
|
67
|
+
> The \`NotPrincipal\` element will always deny those principals regardless of the values specified.
|
|
68
|
+
|
|
69
|
+
> **Recommended alternative:** Use \`"Principal": "*"\` with a \`Condition\` using \`ArnNotEquals\` on \`aws:PrincipalArn\` (or \`StringNotEquals\` on \`aws:PrincipalServiceName\` for services).
|
|
70
|
+
> AWS does not recommend \`NotPrincipal\` for new resource-based policies due to the difficulty of troubleshooting interactions across multiple policy types.`,
|
|
71
|
+
group: 'principal',
|
|
72
|
+
hclKey: 'not_principals',
|
|
73
|
+
},
|
|
74
|
+
Action: {
|
|
75
|
+
policyTypes: ['identity', 'resource'],
|
|
76
|
+
description: `Specifies the actions that the statement allows or denies.
|
|
77
|
+
Each statement must include either \`Action\` or \`NotAction\`.
|
|
78
|
+
|
|
79
|
+
Actions use the format \`service:action\` (e.g. \`s3:GetObject\`, \`iam:CreateUser\`).
|
|
80
|
+
Action names are case-insensitive.
|
|
81
|
+
Use an array to specify multiple actions.
|
|
82
|
+
|
|
83
|
+
Wildcards are supported:
|
|
84
|
+
- \`*\` matches any combination of characters (e.g. \`s3:*\` for all S3 actions, \`iam:*AccessKey*\` for all access key actions)
|
|
85
|
+
- \`?\` matches any single character`,
|
|
86
|
+
group: 'action',
|
|
87
|
+
hclKey: 'actions',
|
|
88
|
+
},
|
|
89
|
+
NotAction: {
|
|
90
|
+
policyTypes: ['identity', 'resource'],
|
|
91
|
+
description: `Matches every action *except* the ones specified.
|
|
92
|
+
Each statement must include either \`Action\` or \`NotAction\`.
|
|
93
|
+
|
|
94
|
+
With \`"Effect": "Allow"\`, grants access to all applicable actions except those listed.
|
|
95
|
+
With \`"Effect": "Deny"\`, denies all applicable actions except those listed.
|
|
96
|
+
The \`Resource\` element determines which actions and services are applicable.
|
|
97
|
+
|
|
98
|
+
> **Warning:** \`NotAction\` with \`"Effect": "Allow"\` can grant more permissions than intended, since it allows all actions not explicitly excluded — including actions in other services.
|
|
99
|
+
> Prefer using \`NotAction\` with \`"Effect": "Deny"\` to restrict access while still requiring explicit allows elsewhere.`,
|
|
100
|
+
group: 'action',
|
|
101
|
+
hclKey: 'not_actions',
|
|
102
|
+
},
|
|
103
|
+
Resource: {
|
|
104
|
+
policyTypes: ['identity', 'resource'],
|
|
105
|
+
description: `Specifies the object or objects that the statement applies to.
|
|
106
|
+
Each statement must include either \`Resource\` or \`NotResource\`.
|
|
107
|
+
|
|
108
|
+
Resources are identified by ARN (e.g. \`arn:aws:s3:::my-bucket/*\`).
|
|
109
|
+
The ARN format varies by service — consult the service documentation for the correct format.
|
|
110
|
+
Use an array to specify multiple resources.
|
|
111
|
+
|
|
112
|
+
Wildcards are supported within ARNs:
|
|
113
|
+
|
|
114
|
+
- \`*\` matches any combination of characters, including \`/\`
|
|
115
|
+
- \`?\` matches any single character
|
|
116
|
+
- Wildcards cannot be used in the service segment of an ARN
|
|
117
|
+
|
|
118
|
+
Some actions do not support resource-level permissions.
|
|
119
|
+
In those cases, use \`"Resource": "*"\` to apply the statement to all resources.
|
|
120
|
+
|
|
121
|
+
Policy variables (e.g. \`\${aws:username}\`) can be used in the resource-specific portion of the ARN.`,
|
|
122
|
+
group: 'resource',
|
|
123
|
+
hclKey: 'resources',
|
|
124
|
+
},
|
|
125
|
+
NotResource: {
|
|
126
|
+
policyTypes: ['identity', 'resource'],
|
|
127
|
+
description: `Matches every resource *except* the ones specified.
|
|
128
|
+
Each statement must include either \`Resource\` or \`NotResource\`.
|
|
129
|
+
|
|
130
|
+
With \`"Effect": "Deny"\`, denies access to all resources except those listed.
|
|
131
|
+
With \`"Effect": "Allow"\`, grants access to all resources except those listed.
|
|
132
|
+
|
|
133
|
+
> **Warning:** \`NotResource\` with \`"Effect": "Allow"\` can grant far more permissions than intended — including actions across other services and resources.
|
|
134
|
+
> Never combine \`"Effect": "Allow"\`, \`"Action": "*"\`, and \`NotResource\`, as this grants access to nearly everything in the account.
|
|
135
|
+
> Prefer using \`NotResource\` with \`"Effect": "Deny"\`.`,
|
|
136
|
+
group: 'resource',
|
|
137
|
+
hclKey: 'not_resources',
|
|
138
|
+
},
|
|
139
|
+
Condition: {
|
|
140
|
+
policyTypes: ['identity', 'resource'],
|
|
141
|
+
description: `An optional element that specifies conditions under which the statement is in effect.
|
|
142
|
+
|
|
143
|
+
The structure is \`{ "Operator": { "ConditionKey": "Value" } }\`:
|
|
144
|
+
- **Condition operator** — the type of comparison (e.g. \`StringEquals\`, \`ArnLike\`, \`IpAddress\`, \`NumericLessThan\`, \`Bool\`, \`Null\`)
|
|
145
|
+
- **Condition key** — a value from the request context to evaluate (e.g. \`aws:SourceIp\`, \`s3:prefix\`, \`aws:PrincipalArn\`)
|
|
146
|
+
- **Condition value** — the value to compare against
|
|
147
|
+
|
|
148
|
+
Condition keys are either **global** (prefixed with \`aws:\`, available across all services) or **service-specific** (prefixed with the service namespace).
|
|
149
|
+
Condition key names are case-insensitive; values are case-sensitive unless using a case-insensitive operator like \`StringEqualsIgnoreCase\`.
|
|
150
|
+
|
|
151
|
+
When multiple values are specified for a single key, they are evaluated as **OR**.
|
|
152
|
+
When multiple keys or operators are specified, they are evaluated as **AND**.
|
|
153
|
+
|
|
154
|
+
If a condition key is not present in the request context, it does not match — except when using \`ForAllValues\`, which may return true for a missing key.
|
|
155
|
+
Use the \`Null\` condition operator to explicitly check whether a key exists.`,
|
|
156
|
+
hclKey: 'condition',
|
|
157
|
+
group: 'condition',
|
|
158
|
+
},
|
|
159
|
+
};
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { ServiceReference } from "./reference/services.js";
|
|
2
|
+
export function wildcardToRegExp(pattern) {
|
|
3
|
+
const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, '\\$&');
|
|
4
|
+
const regexStr = escaped.replace(/\*/g, '.*').replace(/\?/g, '.');
|
|
5
|
+
return new RegExp(`^${regexStr}$`, 'i');
|
|
6
|
+
}
|
|
7
|
+
export function expandActionPattern(pattern) {
|
|
8
|
+
const allActions = ServiceReference.getAllActions();
|
|
9
|
+
if (!pattern.includes('*') && !pattern.includes('?')) {
|
|
10
|
+
return allActions.some((a) => a.toLowerCase() === pattern.toLowerCase()) ? [pattern] : [];
|
|
11
|
+
}
|
|
12
|
+
const regex = wildcardToRegExp(pattern);
|
|
13
|
+
return allActions.filter((a) => regex.test(a));
|
|
14
|
+
}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
import type { Language, Tree } from 'web-tree-sitter';
|
|
2
|
+
export type Position = {
|
|
3
|
+
line: number;
|
|
4
|
+
column: number;
|
|
5
|
+
};
|
|
6
|
+
export type PolicyFormat = 'standard' | 'hcl-block';
|
|
7
|
+
export type CursorContext = {
|
|
8
|
+
keys: string[];
|
|
9
|
+
role: 'key' | 'value';
|
|
10
|
+
partial: string;
|
|
11
|
+
policyFormat: PolicyFormat;
|
|
12
|
+
};
|
|
13
|
+
export type StatementContext = {
|
|
14
|
+
Sid?: string;
|
|
15
|
+
Effect?: string;
|
|
16
|
+
Action?: string[];
|
|
17
|
+
NotAction?: string[];
|
|
18
|
+
Resource?: string[];
|
|
19
|
+
NotResource?: string[];
|
|
20
|
+
Principal?: Record<string, string[]> | string;
|
|
21
|
+
NotPrincipal?: Record<string, string[]> | string;
|
|
22
|
+
Condition?: Record<string, Record<string, string[]>>;
|
|
23
|
+
};
|
|
24
|
+
export declare class TreeBase {
|
|
25
|
+
#private;
|
|
26
|
+
constructor(language: Language);
|
|
27
|
+
getTree(uri: string): Tree | undefined;
|
|
28
|
+
openDocument(uri: string, content: string): void;
|
|
29
|
+
updateDocument(uri: string, content: string): void;
|
|
30
|
+
closeDocument(uri: string): void;
|
|
31
|
+
getNodeAtPosition(uri: string, position: Position): import("web-tree-sitter").Node | null;
|
|
32
|
+
getCursorContext(_uri: string, _position: Position): CursorContext | null;
|
|
33
|
+
getStatementContext(_uri: string, _position: Position): StatementContext | null;
|
|
34
|
+
getSiblingKeys(_uri: string, _position: Position): string[];
|
|
35
|
+
}
|