aws-iam-ls 0.0.0

package/src/data/servicereference/services/aws-marketplace.json

@@ -0,0 +1 @@
+{"name":"aws-marketplace","actions":{"AcceptAgreementApprovalRequest":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to approve an incoming subscription request (for providers who provide products that require subscription verification)","accessLevel":"Write","resourceTypes":[]},"AcceptAgreementPaymentRequest":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to accept a payment request","accessLevel":"Write","resourceTypes":[]},"AcceptAgreementRequest":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to accept their agreement requests. Note that this action is not applicable to Marketplace purchases","accessLevel":"Write","resourceTypes":[]},"AssociateProductsWithPrivateMarketplace":{"conditionKeys":[],"resources":[],"description":"Grants permission to approve a request for a product to be associated with the Private Marketplace. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"BatchMeterUsage":{"conditionKeys":[],"resources":[],"description":"Grants permission to post metering records for a set of customers for SaaS applications","accessLevel":"Write","resourceTypes":[]},"CancelAgreement":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to cancel their agreements. Note that this action is not applicable to Marketplace purchases","accessLevel":"Write","resourceTypes":[]},"CancelAgreementPaymentRequest":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to cancel a payment request","accessLevel":"Write","resourceTypes":[]},"CancelAgreementRequest":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to cancel pending subscription requests for products that require subscription verification","accessLevel":"Write","resourceTypes":[]},"CancelChangeSet":{"conditionKeys":[],"resources":[{"name":"ChangeSet"}],"description":"Grants permission to cancel a running change set","accessLevel":"Write","resourceTypes":[{"name":"ChangeSet","required":true}]},"CreateAgreementRequest":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to create an agreement request. Note that this action is not applicable to Marketplace purchases","accessLevel":"Write","resourceTypes":[]},"CreatePrivateMarketplaceRequests":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a new request for a product or products to be associated with the Private Marketplace. This action can be performed by any account in an in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"DeleteResourcePolicy":{"conditionKeys":[],"resources":[{"name":"Entity"}],"description":"Grants permission to delete the resource policy of an existing entity","accessLevel":"Permissions management","resourceTypes":[{"name":"Entity","required":true}]},"DescribeAgreement":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to describe the metadata about the agreement","accessLevel":"Read","resourceTypes":[]},"DescribeAssessment":{"conditionKeys":[],"resources":[{"name":"Assessment"}],"description":"Grants permission to return the details of an existing assessment","accessLevel":"Read","resourceTypes":[{"name":"Assessment","required":false}]},"DescribeBuilds":{"conditionKeys":[],"resources":[],"description":"Describes Image Builds identified by a build Id","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"DescribeChangeSet":{"conditionKeys":[],"resources":[{"name":"ChangeSet"}],"description":"Grants permission to return the details of an existing change set","accessLevel":"Read","resourceTypes":[{"name":"ChangeSet","required":true}]},"DescribeEntity":{"conditionKeys":[],"resources":[{"name":"Entity"}],"description":"Grants permission to return the details of an existing entity","accessLevel":"Read","resourceTypes":[{"name":"Entity","required":true}]},"DescribePrivateMarketplaceRequests":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe requests and associated products in the Private Marketplace. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"DescribeProcurementSystemConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe the Procurement System integration configuration (e.g. Coupa) for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"DisassociateProductsFromPrivateMarketplace":{"conditionKeys":[],"resources":[],"description":"Grants permission to decline a request for a product to be associated with the Private Marketplace. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"GetAgreementApprovalRequest":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to view the details of their incoming subscription requests (for providers who provide products that require subscription verification)","accessLevel":"Read","resourceTypes":[]},"GetAgreementEntitlements":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to view the entitlements associated with an agreement","accessLevel":"Read","resourceTypes":[]},"GetAgreementPaymentRequest":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to view details for a payment request","accessLevel":"Read","resourceTypes":[]},"GetAgreementRequest":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to view the details of their subscription requests for data products that require subscription verification","accessLevel":"Read","resourceTypes":[]},"GetAgreementTerms":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to get a list of terms for an agreement","accessLevel":"List","resourceTypes":[]},"GetBuyerDashboard":{"conditionKeys":[],"resources":[{"name":"Dashboard"}],"description":"Grants permission to view a dashboard that shows a buyer's AWS Marketplace purchase data","accessLevel":"Read","resourceTypes":[{"name":"Dashboard","required":true}]},"GetEntitlements":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve entitlement values for a given product. The results can be filtered based on customer identifier or product dimensions","accessLevel":"Read","resourceTypes":[]},"GetResourcePolicy":{"conditionKeys":[],"resources":[{"name":"Entity"}],"description":"Grants permission to get the resource policy of an existing entity","accessLevel":"Read","resourceTypes":[{"name":"Entity","required":true}]},"GetSellerDashboard":{"conditionKeys":[],"resources":[{"name":"SellerDashboard"}],"description":"Grants permission to view a seller dashboard","accessLevel":"Read","resourceTypes":[{"name":"SellerDashboard","required":true}]},"ListAgreementApprovalRequests":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to list their incoming subscription requests (for providers who provide products that require subscription verification)","accessLevel":"List","resourceTypes":[]},"ListAgreementCharges":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to view charges associated with their agreements","accessLevel":"List","resourceTypes":[]},"ListAgreementPaymentRequests":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to list payment requests for an agreement","accessLevel":"List","resourceTypes":[]},"ListAgreementRequests":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to list their subscription requests for products that require subscription verification","accessLevel":"List","resourceTypes":[]},"ListAssessments":{"conditionKeys":[],"resources":[],"description":"Grants permission to list existing assessments","accessLevel":"List","resourceTypes":[]},"ListBuilds":{"conditionKeys":[],"resources":[],"description":"Lists Image Builds.","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"ListChangeSets":{"conditionKeys":[],"resources":[],"description":"Grants permission to list existing change sets","accessLevel":"List","resourceTypes":[]},"ListEntities":{"conditionKeys":[],"resources":[],"description":"Grants permission to list existing entities","accessLevel":"List","resourceTypes":[]},"ListEntitlementDetails":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to view details of the entitlements associated with an agreement. Note that this action is not applicable to Marketplace purchases","accessLevel":"Read","resourceTypes":[]},"ListPrivateListings":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to list their private offers","accessLevel":"List","resourceTypes":[]},"ListPrivateMarketplaceRequests":{"conditionKeys":[],"resources":[],"description":"Grants permission to get a queryable list for requests and associated products in the Private Marketplace. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it","accessLevel":"List","resourceTypes":[],"permissionOnly":true},"ListTagsForResource":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"ChangeSet"},{"name":"DeploymentParameter"},{"name":"Entity"}],"description":"Grants permission to list tags on an existing entity or a change set","accessLevel":"Read","resourceTypes":[{"name":"ChangeSet","required":false},{"name":"Entity","required":false}]},"MeterUsage":{"conditionKeys":[],"resources":[],"description":"Grants permission to emit metering records","accessLevel":"Write","resourceTypes":[]},"PutDeploymentParameter":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"DeploymentParameter"}],"description":"Grants permission to create or update a deployment parameter resource","accessLevel":"Write","resourceTypes":[{"name":"DeploymentParameter","required":true}],"dependentActions":["aws-marketplace:TagResource"]},"PutProcurementSystemConfiguration":{"conditionKeys":[],"resources":[],"description":"Grants permission to create or update the Procurement System integration configuration (e.g. Coupa) for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"PutResourcePolicy":{"conditionKeys":[],"resources":[{"name":"Entity"}],"description":"Grants permission to attach a resource policy to an existing entity","accessLevel":"Permissions management","resourceTypes":[{"name":"Entity","required":true}]},"RegisterUsage":{"conditionKeys":[],"resources":[],"description":"Grants permission to to verify that the customer running your paid software is subscribed to your product on AWS Marketplace, enabling you to guard against unauthorized use. Meters software use per ECS task, per hour, with usage prorated to the second","accessLevel":"Write","resourceTypes":[]},"RejectAgreementApprovalRequest":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to decline an incoming subscription requests (for providers who provide products that require subscription verification)","accessLevel":"Write","resourceTypes":[]},"RejectAgreementPaymentRequest":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to reject a payment request","accessLevel":"Write","resourceTypes":[]},"ResolveCustomer":{"conditionKeys":[],"resources":[],"description":"Grants permission to resolve a registration token to obtain a CustomerIdentifier and product code","accessLevel":"Write","resourceTypes":[]},"SearchAgreements":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to search their agreements","accessLevel":"List","resourceTypes":[]},"SendAgreementPaymentRequest":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to send payment request","accessLevel":"Write","resourceTypes":[]},"StartBuild":{"conditionKeys":[],"resources":[],"description":"Starts an Image Build","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"StartChangeSet":{"conditionKeys":["aws-marketplace:Intent","aws:RequestTag/${TagKey}","aws:TagKeys","catalog:ChangeType"],"resources":[{"name":"Entity"}],"description":"Grants permission to request a new change set (Note: resource-level permissions for this action and condition context keys for this action are only supported when used with Catalog API and are not supported when used with AWS Marketplace Management Portal)","accessLevel":"Write","resourceTypes":[{"name":"Entity","required":true}]},"Subscribe":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to subscribe to AWS Marketplace products. Includes the ability to send a subscription request for products that require subscription verification. Includes the ability to enable auto-renewal for an existing subscription","accessLevel":"Write","resourceTypes":[]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"ChangeSet"},{"name":"DeploymentParameter"},{"name":"Entity"}],"description":"Grants permission to tag an existing entity or a change set","accessLevel":"Tagging","resourceTypes":[{"name":"ChangeSet","required":false},{"name":"Entity","required":false}]},"Unsubscribe":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to remove subscriptions to AWS Marketplace products. Includes the ability to disable auto-renewal for an existing subscription","accessLevel":"Write","resourceTypes":[]},"UntagResource":{"conditionKeys":["aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"ChangeSet"},{"name":"DeploymentParameter"},{"name":"Entity"}],"description":"Grants permission to untag an existing entity or a change set","accessLevel":"Tagging","resourceTypes":[{"name":"ChangeSet","required":false},{"name":"Entity","required":false}]},"UpdateAgreementApprovalRequest":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to make changes to an incoming subscription request, including the ability to delete the prospective subscriber's information (for providers who provide products that require subscription verification)","accessLevel":"Write","resourceTypes":[]},"UpdatePurchaseOrders":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to update purchase orders for charges associated with their agreements","accessLevel":"Write","resourceTypes":[]},"ViewSubscriptions":{"conditionKeys":[],"resources":[],"description":"Grants permission to users to see their account's subscriptions","accessLevel":"List","resourceTypes":[]}},"resources":[{"name":"Assessment","arnFormats":["arn:${Partition}:aws-marketplace:${Region}::${Catalog}/Assessment/${ResourceId}"],"conditionKeys":[]},{"name":"ChangeSet","arnFormats":["arn:${Partition}:aws-marketplace:${Region}:${Account}:${Catalog}/ChangeSet/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","catalog:ChangeType"]},{"name":"Dashboard","arnFormats":["arn:${Partition}:aws-marketplace::${Account}:${Catalog}/ReportingData/${FactTable}/Dashboard/${DashboardName}"],"conditionKeys":[]},{"name":"DeploymentParameter","arnFormats":["arn:${Partition}:aws-marketplace:${Region}:${Account}:DeploymentParameter:catalogs/${CatalogName}/products/${ProductId}/${ResourceId}"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"]},{"name":"Entity","arnFormats":["arn:${Partition}:aws-marketplace:${Region}:${Account}:${Catalog}/${EntityType}/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}","catalog:ChangeType"]},{"name":"SellerDashboard","arnFormats":["arn:${Partition}:aws-marketplace::${Account}:${Catalog}/ReportingData/${FactTable}/Dashboard/${DashboardName}"],"conditionKeys":[]}],"conditionKeys":{"aws-marketplace:AgreementType":{"types":["ArrayOfString"],"description":"Filters access by the type of the agreement"},"aws-marketplace:Intent":{"types":["String"],"description":"Filters access by the Intent parameter in the StartChangeSet request"},"aws-marketplace:PartyType":{"types":["String"],"description":"Filters access by the party type of the agreement"},"aws-marketplace:ProductId":{"types":["ArrayOfString"],"description":"Filters access by product id for AWS Marketplace RedHat OpenShift and Bedrock Products. Note: Using this condition key will not restrict access to products in AWS Marketplace"},"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"},"catalog:ChangeType":{"types":["String"],"description":"Filters access by the change type in the StartChangeSet request"}}}

package/src/data/servicereference/services/aws-mcp.json

@@ -0,0 +1 @@
+{"name":"aws-mcp","actions":{"CallReadOnlyTool":{"conditionKeys":[],"resources":[],"description":"Grants permission to call read-only tools in MCP service","accessLevel":"Read","resourceTypes":[]},"CallReadWriteTool":{"conditionKeys":[],"resources":[],"description":"Grants permission to call AWS Read and Write apis in MCP Service","accessLevel":"Write","resourceTypes":[]},"InvokeMcp":{"conditionKeys":[],"resources":[],"description":"Grants permission to use MCP service","accessLevel":"List","resourceTypes":[]}},"resources":[],"conditionKeys":{}}

package/src/data/servicereference/services/aws-portal.json

@@ -0,0 +1 @@
+{"name":"aws-portal","actions":{"GetConsoleActionSetEnforced":{"conditionKeys":[],"resources":[],"description":"Grants permission to view whether existing or fine-grained IAM actions are being used to control authorization to Billing, Cost Management, and Account consoles","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"ModifyAccount":{"conditionKeys":[],"resources":[],"description":"Allow or deny IAM users permission to modify Account Settings","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"ModifyBilling":{"conditionKeys":[],"resources":[],"description":"Allow or deny IAM users permission to modify billing settings","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"ModifyPaymentMethods":{"conditionKeys":[],"resources":[],"description":"Allow or deny IAM users permission to modify payment methods","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"UpdateConsoleActionSetEnforced":{"conditionKeys":[],"resources":[],"description":"Grants permission to change whether existing or fine-grained IAM actions will be used to control authorization to Billing, Cost Management, and Account consoles","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"ViewAccount":{"conditionKeys":[],"resources":[],"description":"Allow or deny IAM users permission to view account settings","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"ViewBilling":{"conditionKeys":[],"resources":[],"description":"Allow or deny IAM users permission to view billing pages in the console","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"ViewPaymentMethods":{"conditionKeys":[],"resources":[],"description":"Allow or deny IAM users permission to view payment methods","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"ViewUsage":{"conditionKeys":[],"resources":[],"description":"Allow or deny IAM users permission to view AWS usage reports","accessLevel":"Read","resourceTypes":[],"permissionOnly":true}},"resources":[],"conditionKeys":{}}

package/src/data/servicereference/services/awsconnector.json

@@ -0,0 +1 @@
+{"name":"awsconnector","actions":{"GetConnectorHealth":{"conditionKeys":[],"resources":[],"description":"Retrieves all health metrics that were published from the Server Migration Connector.","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"RegisterConnector":{"conditionKeys":[],"resources":[],"description":"Registers AWS Connector with AWS Connector Service.","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"ValidateConnectorId":{"conditionKeys":[],"resources":[],"description":"Validates Server Migration Connector Id that was registered with AWS Connector Service.","accessLevel":"Read","resourceTypes":[],"permissionOnly":true}},"resources":[],"conditionKeys":{}}

package/src/data/servicereference/services/b2bi.json

@@ -0,0 +1 @@
+{"name":"b2bi","actions":{"CreateCapability":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"transformer"}],"description":"Grants permission to create a capability","accessLevel":"Write","resourceTypes":[{"name":"transformer","required":false}]},"CreatePartnership":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"capability"},{"name":"profile"}],"description":"Grants permission to create a partnership","accessLevel":"Write","resourceTypes":[{"name":"capability","required":true},{"name":"profile","required":true}]},"CreateProfile":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a profile","accessLevel":"Write","resourceTypes":[]},"CreateStarterMappingTemplate":{"conditionKeys":[],"resources":[{"name":"transformer"}],"description":"Grants permission to generate a starter JSONATA/XSLT template","accessLevel":"Write","resourceTypes":[{"name":"transformer","required":true}]},"CreateTransformer":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a transformer","accessLevel":"Write","resourceTypes":[]},"DeleteCapability":{"conditionKeys":[],"resources":[{"name":"capability"}],"description":"Grants permission to delete a capability","accessLevel":"Write","resourceTypes":[{"name":"capability","required":true}]},"DeletePartnership":{"conditionKeys":[],"resources":[{"name":"partnership"}],"description":"Grants permission to delete an partnership","accessLevel":"Write","resourceTypes":[{"name":"partnership","required":true}]},"DeleteProfile":{"conditionKeys":[],"resources":[{"name":"profile"}],"description":"Grants permission to delete a profile","accessLevel":"Write","resourceTypes":[{"name":"profile","required":true}]},"DeleteTransformer":{"conditionKeys":[],"resources":[{"name":"transformer"}],"description":"Grants permission to delete a transformer","accessLevel":"Write","resourceTypes":[{"name":"transformer","required":true}]},"GenerateMapping":{"conditionKeys":[],"resources":[{"name":"transformer"}],"description":"Grants permission to generate a starter JSONATA/XSLT mapping template from Amazon Bedrock","accessLevel":"Write","resourceTypes":[{"name":"transformer","required":true}]},"GetCapability":{"conditionKeys":[],"resources":[{"name":"capability"}],"description":"Grants permission to get a capability","accessLevel":"Read","resourceTypes":[{"name":"capability","required":true}]},"GetPartnership":{"conditionKeys":[],"resources":[{"name":"partnership"}],"description":"Grants permission to get a partnership","accessLevel":"Read","resourceTypes":[{"name":"partnership","required":true}]},"GetProfile":{"conditionKeys":[],"resources":[{"name":"profile"}],"description":"Grants permission to get a profile","accessLevel":"Read","resourceTypes":[{"name":"profile","required":true}]},"GetTransformer":{"conditionKeys":[],"resources":[{"name":"transformer"}],"description":"Grants permission to get a transformer","accessLevel":"Read","resourceTypes":[{"name":"transformer","required":true}]},"GetTransformerJob":{"conditionKeys":[],"resources":[{"name":"transformer"}],"description":"Grants permission to get a transformer job","accessLevel":"Read","resourceTypes":[{"name":"transformer","required":true}]},"ListCapabilities":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all capabilities","accessLevel":"List","resourceTypes":[]},"ListPartnerships":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all partnerships","accessLevel":"List","resourceTypes":[]},"ListProfiles":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all profiles","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"capability"},{"name":"partnership"},{"name":"profile"},{"name":"transformer"}],"description":"Grants permission to list tags for a B2Bi resource","accessLevel":"Read","resourceTypes":[{"name":"capability","required":false},{"name":"partnership","required":false},{"name":"profile","required":false},{"name":"transformer","required":false}]},"ListTransformers":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all transformers","accessLevel":"List","resourceTypes":[]},"StartTransformerJob":{"conditionKeys":[],"resources":[{"name":"transformer"}],"description":"Grants permission to transformer a document","accessLevel":"Write","resourceTypes":[{"name":"transformer","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"capability"},{"name":"partnership"},{"name":"profile"},{"name":"transformer"}],"description":"Grants permission to tag a B2Bi resource","accessLevel":"Tagging","resourceTypes":[{"name":"capability","required":false},{"name":"partnership","required":false},{"name":"profile","required":false},{"name":"transformer","required":false}]},"TestConversion":{"conditionKeys":[],"resources":[{"name":"transformer"}],"description":"Grants permission to convert a JSON/XML to an edi document","accessLevel":"Write","resourceTypes":[{"name":"transformer","required":true}]},"TestMapping":{"conditionKeys":[],"resources":[{"name":"transformer"}],"description":"Grants permission to map a sample file","accessLevel":"Write","resourceTypes":[{"name":"transformer","required":true}]},"TestParsing":{"conditionKeys":[],"resources":[{"name":"transformer"}],"description":"Grants permission to parse an edi document","accessLevel":"Write","resourceTypes":[{"name":"transformer","required":true}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"capability"},{"name":"partnership"},{"name":"profile"},{"name":"transformer"}],"description":"Grants permission to untag a B2Bi resource","accessLevel":"Tagging","resourceTypes":[{"name":"capability","required":false},{"name":"partnership","required":false},{"name":"profile","required":false},{"name":"transformer","required":false}]},"UpdateCapability":{"conditionKeys":[],"resources":[{"name":"capability"},{"name":"transformer"}],"description":"Grants permission to update a capability","accessLevel":"Write","resourceTypes":[{"name":"capability","required":true},{"name":"transformer","required":false}]},"UpdatePartnership":{"conditionKeys":[],"resources":[{"name":"capability"},{"name":"partnership"}],"description":"Grants permission to update a partnership","accessLevel":"Write","resourceTypes":[{"name":"partnership","required":true},{"name":"capability","required":false}]},"UpdateProfile":{"conditionKeys":[],"resources":[{"name":"profile"}],"description":"Grants permission to update a profile","accessLevel":"Write","resourceTypes":[{"name":"profile","required":true}]},"UpdateTransformer":{"conditionKeys":[],"resources":[{"name":"transformer"}],"description":"Grants permission to update a transformer","accessLevel":"Write","resourceTypes":[{"name":"transformer","required":true}]}},"resources":[{"name":"capability","arnFormats":["arn:${Partition}:b2bi:${Region}:${Account}:capability/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"partnership","arnFormats":["arn:${Partition}:b2bi:${Region}:${Account}:partnership/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"profile","arnFormats":["arn:${Partition}:b2bi:${Region}:${Account}:profile/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"transformer","arnFormats":["arn:${Partition}:b2bi:${Region}:${Account}:transformer/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/backup-gateway.json

@@ -0,0 +1 @@
+{"name":"backup-gateway","actions":{"AssociateGatewayToServer":{"conditionKeys":[],"resources":[{"name":"gateway"},{"name":"hypervisor"}],"description":"Grants permission to AssociateGatewayToServer","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true},{"name":"hypervisor","required":true}]},"Backup":{"conditionKeys":[],"resources":[{"name":"virtualmachine"}],"description":"Grants permission to Backup","accessLevel":"Write","resourceTypes":[{"name":"virtualmachine","required":true}]},"CreateGateway":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to to CreateGateway","accessLevel":"Write","resourceTypes":[]},"DeleteGateway":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to DeleteGateway","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true}]},"DeleteHypervisor":{"conditionKeys":[],"resources":[{"name":"hypervisor"}],"description":"Grants permission to DeleteHypervisor","accessLevel":"Write","resourceTypes":[{"name":"hypervisor","required":true}]},"DisassociateGatewayFromServer":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to DisassociateGatewayFromServer","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true}]},"GetBandwidthRateLimitSchedule":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to GetBandwidthRateLimitSchedule","accessLevel":"Read","resourceTypes":[{"name":"gateway","required":true}]},"GetGateway":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to GetGateway","accessLevel":"Read","resourceTypes":[{"name":"gateway","required":true}]},"GetHypervisor":{"conditionKeys":[],"resources":[{"name":"hypervisor"}],"description":"Grants permission to GetHypervisor","accessLevel":"Read","resourceTypes":[{"name":"hypervisor","required":true}]},"GetHypervisorPropertyMappings":{"conditionKeys":[],"resources":[{"name":"hypervisor"}],"description":"Grants permission to GetHypervisorPropertyMappings","accessLevel":"Read","resourceTypes":[{"name":"hypervisor","required":true}]},"GetVirtualMachine":{"conditionKeys":[],"resources":[{"name":"virtualmachine"}],"description":"Grants permission to GetVirtualMachine","accessLevel":"Read","resourceTypes":[{"name":"virtualmachine","required":true}]},"ImportHypervisorConfiguration":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to ImportHypervisorConfiguration","accessLevel":"Write","resourceTypes":[]},"ListGateways":{"conditionKeys":[],"resources":[],"description":"Grants permission to ListGateways","accessLevel":"Read","resourceTypes":[]},"ListHypervisors":{"conditionKeys":[],"resources":[],"description":"Grants permission to ListHypervisors","accessLevel":"Read","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"gateway"},{"name":"hypervisor"},{"name":"virtualmachine"}],"description":"Grants permission to ListTagsForResource","accessLevel":"Read","resourceTypes":[{"name":"gateway","required":false},{"name":"hypervisor","required":false},{"name":"virtualmachine","required":false}]},"ListVirtualMachines":{"conditionKeys":[],"resources":[],"description":"Grants permission to ListVirtualMachines","accessLevel":"Read","resourceTypes":[]},"PutBandwidthRateLimitSchedule":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to PutBandwidthRateLimitSchedule","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true}]},"PutHypervisorPropertyMappings":{"conditionKeys":[],"resources":[{"name":"hypervisor"}],"description":"Grants permission to PutHypervisorPropertyMappings","accessLevel":"Write","resourceTypes":[{"name":"hypervisor","required":true}],"dependentActions":["iam:PassRole"]},"PutMaintenanceStartTime":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to PutMaintenanceStartTime","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true}]},"Restore":{"conditionKeys":[],"resources":[{"name":"hypervisor"}],"description":"Grants permission to Restore","accessLevel":"Write","resourceTypes":[{"name":"hypervisor","required":true}]},"StartVirtualMachinesMetadataSync":{"conditionKeys":[],"resources":[{"name":"hypervisor"}],"description":"Grants permission to StartVirtualMachinesMetadataSync","accessLevel":"Write","resourceTypes":[{"name":"hypervisor","required":true}],"dependentActions":["iam:PassRole"]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"gateway"},{"name":"hypervisor"},{"name":"virtualmachine"}],"description":"Grants permission to TagResource","accessLevel":"Tagging","resourceTypes":[{"name":"gateway","required":false},{"name":"hypervisor","required":false},{"name":"virtualmachine","required":false}]},"TestHypervisorConfiguration":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to TestHypervisorConfiguration","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"gateway"},{"name":"hypervisor"},{"name":"virtualmachine"}],"description":"Grants permission to UntagResource","accessLevel":"Tagging","resourceTypes":[{"name":"gateway","required":false},{"name":"hypervisor","required":false},{"name":"virtualmachine","required":false}]},"UpdateGatewayInformation":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to UpdateGatewayInformation","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true}]},"UpdateGatewaySoftwareNow":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to UpdateGatewaySoftwareNow","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true}]},"UpdateHypervisor":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to UpdateHypervisor","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true}]}},"resources":[{"name":"gateway","arnFormats":["arn:${Partition}:backup-gateway:${Region}:${Account}:gateway/${GatewayId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"hypervisor","arnFormats":["arn:${Partition}:backup-gateway:${Region}:${Account}:hypervisor/${HypervisorId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"virtualmachine","arnFormats":["arn:${Partition}:backup-gateway:${Region}:${Account}:vm/${VirtualmachineId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the allowed set of values for each of the tags"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by tag-value associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of mandatory tags in the request"}}}

package/src/data/servicereference/services/backup-search.json

@@ -0,0 +1 @@
+{"name":"backup-search","actions":{"GetSearchJob":{"conditionKeys":[],"resources":[{"name":"searchJob"}],"description":"Grants permission to get details of a search job","accessLevel":"Read","resourceTypes":[{"name":"searchJob","required":true}]},"GetSearchResultExportJob":{"conditionKeys":[],"resources":[{"name":"searchExportJob"}],"description":"Grants permission to get details of a search result export job","accessLevel":"Read","resourceTypes":[{"name":"searchExportJob","required":true}]},"ListSearchJobBackups":{"conditionKeys":[],"resources":[{"name":"searchJob"}],"description":"Grants permission to list backups in scope of a search job","accessLevel":"Read","resourceTypes":[{"name":"searchJob","required":true}]},"ListSearchJobResults":{"conditionKeys":[],"resources":[{"name":"searchJob"}],"description":"Grants permission to list results of a search job","accessLevel":"Read","resourceTypes":[{"name":"searchJob","required":true}]},"ListSearchJobs":{"conditionKeys":[],"resources":[],"description":"Grants permission to list search jobs","accessLevel":"List","resourceTypes":[]},"ListSearchResultExportJobs":{"conditionKeys":[],"resources":[],"description":"Grants permission to list search result export jobs","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"searchExportJob"},{"name":"searchJob"}],"description":"Grants permission to list tags for a resource","accessLevel":"Read","resourceTypes":[{"name":"searchExportJob","required":false},{"name":"searchJob","required":false}]},"StartSearchJob":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a search job","accessLevel":"Write","resourceTypes":[]},"StartSearchResultExportJob":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"searchJob"}],"description":"Grants permission to start an export job for an existing search job","accessLevel":"Write","resourceTypes":[{"name":"searchJob","required":true}],"dependentActions":["iam:PassRole"]},"StopSearchJob":{"conditionKeys":[],"resources":[{"name":"searchJob"}],"description":"Grants permission to stop an in-progress search job","accessLevel":"Write","resourceTypes":[{"name":"searchJob","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"searchExportJob"},{"name":"searchJob"}],"description":"Grants permission to tag a resource","accessLevel":"Tagging","resourceTypes":[{"name":"searchExportJob","required":false},{"name":"searchJob","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"searchExportJob"},{"name":"searchJob"}],"description":"Grants permission to untag a resource","accessLevel":"Tagging","resourceTypes":[{"name":"searchExportJob","required":false},{"name":"searchJob","required":false}]}},"resources":[{"name":"searchExportJob","arnFormats":["arn:${Partition}:backup-search:${Region}:${Account}:search-export-job/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"searchJob","arnFormats":["arn:${Partition}:backup-search:${Region}:${Account}:search-job/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the allowed set of values for each of the tags"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of mandatory tags in the request"}}}

package/src/data/servicereference/services/backup-storage.json

@@ -0,0 +1 @@
+{"name":"backup-storage","actions":{"CommitBackupJob":{"conditionKeys":[],"resources":[],"description":"Grants permission to commit backup job","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"DeleteObjects":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete objects","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"DescribeBackupJob":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe backup job","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"GetBaseBackup":{"conditionKeys":[],"resources":[],"description":"Grants permission to get base backup","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"GetChunk":{"conditionKeys":[],"resources":[],"description":"Grants permission to get data from a recovery point for a restore job","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"GetIncrementalBaseBackup":{"conditionKeys":[],"resources":[],"description":"Grants permission to get incremental base backup","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"GetObjectMetadata":{"conditionKeys":[],"resources":[],"description":"Grants permission to get metadata from a recovery point for a restore job","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"ListChunks":{"conditionKeys":[],"resources":[],"description":"Grants permission to list data from a recovery point for a restore job","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"ListObjects":{"conditionKeys":[],"resources":[],"description":"Grants permission to list data from a recovery point for a restore job","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"MountCapsule":{"conditionKeys":[],"resources":[],"description":"Associates a KMS key to a backup vault","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"NotifyObjectComplete":{"conditionKeys":[],"resources":[],"description":"Grants permission to mark an uploaded data as completed for a backup job","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"PutChunk":{"conditionKeys":[],"resources":[],"description":"Grants permission to upload data to an AWS Backup-managed recovery point for a backup job","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"PutObject":{"conditionKeys":[],"resources":[],"description":"Grants permission to put object","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"StartObject":{"conditionKeys":[],"resources":[],"description":"Grants permission to upload data to an AWS Backup-managed recovery point for a backup job","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"UpdateObjectComplete":{"conditionKeys":[],"resources":[],"description":"Grants permission to update object complete","accessLevel":"Write","resourceTypes":[],"permissionOnly":true}},"resources":[],"conditionKeys":{}}

package/src/data/servicereference/services/backup.json

@@ -0,0 +1 @@
+{"name":"backup","actions":{"AssociateBackupVaultMpaApprovalTeam":{"conditionKeys":["backup:MpaApprovalTeamArn"],"resources":[{"name":"backupVault"}],"description":"Grants permission to associate an MPA approval team with a backup vault","accessLevel":"Write","resourceTypes":[{"name":"backupVault","required":true}]},"CancelLegalHold":{"conditionKeys":[],"resources":[{"name":"legalHold"}],"description":"Grants permission to cancel a legal hold","accessLevel":"Write","resourceTypes":[{"name":"legalHold","required":true}]},"CopyFromBackupVault":{"conditionKeys":["backup:CopyTargetOrgPaths","backup:CopyTargets"],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to copy from a backup vault","accessLevel":"Write","resourceTypes":[{"name":"recoveryPoint","required":true}],"permissionOnly":true},"CopyIntoBackupVault":{"conditionKeys":["aws:RequestTag/${TagKey}"],"resources":[{"name":"backupVault"}],"description":"Grants permission to copy into a backup vault","accessLevel":"Write","resourceTypes":[{"name":"backupVault","required":true}],"permissionOnly":true},"CreateBackupAccessPoint":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to create a new access point for backup instant access","accessLevel":"Write","resourceTypes":[{"name":"recoveryPoint","required":true}],"permissionOnly":true},"CreateBackupPlan":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"backupPlan"}],"description":"Grants permission to create a new backup plan","accessLevel":"Write","resourceTypes":[{"name":"backupPlan","required":true}],"dependentActions":["iam:PassRole"]},"CreateBackupSelection":{"conditionKeys":[],"resources":[{"name":"backupPlan"}],"description":"Grants permission to create a new resource assignment in a backup plan","accessLevel":"Write","resourceTypes":[{"name":"backupPlan","required":true}],"dependentActions":["iam:PassRole"]},"CreateBackupVault":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"backupVault"}],"description":"Grants permission to create a new backup vault","accessLevel":"Write","resourceTypes":[{"name":"backupVault","required":true}]},"CreateFramework":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"framework"}],"description":"Grants permission to create a new framework","accessLevel":"Write","resourceTypes":[{"name":"framework","required":true}]},"CreateLegalHold":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"legalHold"}],"description":"Grants permission to create a new legal hold","accessLevel":"Write","resourceTypes":[{"name":"legalHold","required":true}]},"CreateLogicallyAirGappedBackupVault":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","backup:MaxRetentionDays","backup:MinRetentionDays"],"resources":[{"name":"backupVault"}],"description":"Grants permission to create a new logically air-gapped backup vault, a logical container where backups are stored","accessLevel":"Write","resourceTypes":[{"name":"backupVault","required":true}]},"CreateReportPlan":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","backup:FrameworkArns"],"resources":[{"name":"reportPlan"}],"description":"Grants permission to create a new report plan","accessLevel":"Write","resourceTypes":[{"name":"reportPlan","required":true}]},"CreateRestoreAccessBackupVault":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"backupVault"}],"description":"Grants permission to create a restore access backup vault","accessLevel":"Write","resourceTypes":[{"name":"backupVault","required":true}]},"CreateRestoreTestingPlan":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"restoreTestingPlan"}],"description":"Grants permission to create a new restore testing plan","accessLevel":"Write","resourceTypes":[{"name":"restoreTestingPlan","required":true}]},"CreateRestoreTestingSelection":{"conditionKeys":[],"resources":[{"name":"restoreTestingPlan"}],"description":"Grants permission to create a new resource assignment in a restore testing plan","accessLevel":"Write","resourceTypes":[{"name":"restoreTestingPlan","required":true}],"dependentActions":["iam:PassRole"]},"CreateTieringConfiguration":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"tieringConfiguration"}],"description":"Grants permission to create a new tiering configuration","accessLevel":"Write","resourceTypes":[{"name":"tieringConfiguration","required":true}]},"DeleteBackupAccessPoint":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete the access point","accessLevel":"Write","resourceTypes":[],"permissionOnly":true},"DeleteBackupPlan":{"conditionKeys":[],"resources":[{"name":"backupPlan"}],"description":"Grants permission to delete a backup plan","accessLevel":"Write","resourceTypes":[{"name":"backupPlan","required":true}]},"DeleteBackupSelection":{"conditionKeys":[],"resources":[{"name":"backupPlan"}],"description":"Grants permission to delete a resource assignment from a backup plan","accessLevel":"Write","resourceTypes":[{"name":"backupPlan","required":true}]},"DeleteBackupVault":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to delete a backup vault","accessLevel":"Write","resourceTypes":[{"name":"backupVault","required":true}]},"DeleteBackupVaultAccessPolicy":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to delete backup vault access policy","accessLevel":"Permissions management","resourceTypes":[{"name":"backupVault","required":true}]},"DeleteBackupVaultLockConfiguration":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to remove the lock configuration from a backup vault","accessLevel":"Write","resourceTypes":[{"name":"backupVault","required":true}]},"DeleteBackupVaultNotifications":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to remove the notifications from a backup vault","accessLevel":"Write","resourceTypes":[{"name":"backupVault","required":true}]},"DeleteBackupVaultSharingPolicy":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to delete backup vault sharing policy","accessLevel":"Permissions management","resourceTypes":[{"name":"backupVault","required":true}],"permissionOnly":true},"DeleteFramework":{"conditionKeys":[],"resources":[{"name":"framework"}],"description":"Grants permission to delete a framework","accessLevel":"Write","resourceTypes":[{"name":"framework","required":true}]},"DeleteRecoveryPoint":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to delete a recovery point from a backup vault","accessLevel":"Write","resourceTypes":[{"name":"recoveryPoint","required":true}]},"DeleteReportPlan":{"conditionKeys":[],"resources":[{"name":"reportPlan"}],"description":"Grants permission to delete a report plan","accessLevel":"Write","resourceTypes":[{"name":"reportPlan","required":true}]},"DeleteRestoreTestingPlan":{"conditionKeys":[],"resources":[{"name":"restoreTestingPlan"}],"description":"Grants permission to delete a restore testing plan","accessLevel":"Write","resourceTypes":[{"name":"restoreTestingPlan","required":true}]},"DeleteRestoreTestingSelection":{"conditionKeys":[],"resources":[{"name":"restoreTestingPlan"}],"description":"Grants permission to delete a resource assignment from a restore testing plan","accessLevel":"Write","resourceTypes":[{"name":"restoreTestingPlan","required":true}]},"DeleteTieringConfiguration":{"conditionKeys":[],"resources":[{"name":"tieringConfiguration"}],"description":"Grants permission to delete a tiering configuration","accessLevel":"Write","resourceTypes":[{"name":"tieringConfiguration","required":true}]},"DescribeBackupAccessPoint":{"conditionKeys":[],"resources":[],"description":"Grants permission to return information about the specified access point","accessLevel":"Read","resourceTypes":[],"permissionOnly":true},"DescribeBackupJob":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a backup job","accessLevel":"Read","resourceTypes":[]},"DescribeBackupVault":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to describe a new backup vault with the specified name","accessLevel":"Read","resourceTypes":[{"name":"backupVault","required":true}]},"DescribeCopyJob":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a copy job","accessLevel":"Read","resourceTypes":[]},"DescribeFramework":{"conditionKeys":[],"resources":[{"name":"framework"}],"description":"Grants permission to describe a framework with the specified name","accessLevel":"Read","resourceTypes":[{"name":"framework","required":true}]},"DescribeGlobalSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe global settings","accessLevel":"Read","resourceTypes":[]},"DescribeProtectedResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a protected resource","accessLevel":"Read","resourceTypes":[]},"DescribeRecoveryPoint":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to describe a recovery point","accessLevel":"Read","resourceTypes":[{"name":"recoveryPoint","required":true}]},"DescribeRegionSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe region settings","accessLevel":"Read","resourceTypes":[]},"DescribeReportJob":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a report job","accessLevel":"Read","resourceTypes":[]},"DescribeReportPlan":{"conditionKeys":[],"resources":[{"name":"reportPlan"}],"description":"Grants permission to describe a report plan with the specified name","accessLevel":"Read","resourceTypes":[{"name":"reportPlan","required":true}]},"DescribeRestoreJob":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a restore job","accessLevel":"Read","resourceTypes":[]},"DescribeScanJob":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a scan job","accessLevel":"Read","resourceTypes":[]},"DisassociateBackupVaultMpaApprovalTeam":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to disassociate an MPA approval team from a backup vault","accessLevel":"Write","resourceTypes":[{"name":"backupVault","required":true}]},"DisassociateRecoveryPoint":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to disassociate a recovery point from a backup vault","accessLevel":"Write","resourceTypes":[{"name":"recoveryPoint","required":true}]},"DisassociateRecoveryPointFromParent":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to disassociate a recovery point from its parent","accessLevel":"Write","resourceTypes":[{"name":"recoveryPoint","required":true}]},"ExportBackupPlanTemplate":{"conditionKeys":[],"resources":[],"description":"Grants permission to export a backup plan as a JSON","accessLevel":"Read","resourceTypes":[]},"GetBackupPlan":{"conditionKeys":[],"resources":[{"name":"backupPlan"}],"description":"Grants permission to get a backup plan","accessLevel":"Read","resourceTypes":[{"name":"backupPlan","required":true}]},"GetBackupPlanFromJSON":{"conditionKeys":[],"resources":[],"description":"Grants permission to transform a JSON to a backup plan","accessLevel":"Read","resourceTypes":[]},"GetBackupPlanFromTemplate":{"conditionKeys":[],"resources":[],"description":"Grants permission to transform a template to a backup plan","accessLevel":"Read","resourceTypes":[]},"GetBackupSelection":{"conditionKeys":[],"resources":[{"name":"backupPlan"}],"description":"Grants permission to get a backup plan resource assignment","accessLevel":"Read","resourceTypes":[{"name":"backupPlan","required":true}]},"GetBackupVaultAccessPolicy":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to get backup vault access policy","accessLevel":"Read","resourceTypes":[{"name":"backupVault","required":true}]},"GetBackupVaultNotifications":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to get backup vault notifications","accessLevel":"Read","resourceTypes":[{"name":"backupVault","required":true}]},"GetBackupVaultSharingPolicy":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to get backup vault sharing policy","accessLevel":"Read","resourceTypes":[{"name":"backupVault","required":true}],"permissionOnly":true},"GetLegalHold":{"conditionKeys":[],"resources":[{"name":"legalHold"}],"description":"Grants permission to get a legal hold","accessLevel":"Read","resourceTypes":[{"name":"legalHold","required":true}]},"GetRecoveryPointIndexDetails":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to get indexing details for a recovery point","accessLevel":"Read","resourceTypes":[{"name":"recoveryPoint","required":true}]},"GetRecoveryPointRestoreMetadata":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to get recovery point restore metadata","accessLevel":"Read","resourceTypes":[{"name":"recoveryPoint","required":true}]},"GetRestoreJobMetadata":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the restore metadata associated with a restore job","accessLevel":"Read","resourceTypes":[]},"GetRestoreTestingInferredMetadata":{"conditionKeys":[],"resources":[],"description":"Grants permission to get inferred metadata generated by restore testing","accessLevel":"Read","resourceTypes":[]},"GetRestoreTestingPlan":{"conditionKeys":[],"resources":[{"name":"restoreTestingPlan"}],"description":"Grants permission to get a restore testing plan","accessLevel":"Read","resourceTypes":[{"name":"restoreTestingPlan","required":true}]},"GetRestoreTestingSelection":{"conditionKeys":[],"resources":[{"name":"restoreTestingPlan"}],"description":"Grants permission to get a restore testing plan resource assignment","accessLevel":"Read","resourceTypes":[{"name":"restoreTestingPlan","required":true}]},"GetSupportedResourceTypes":{"conditionKeys":[],"resources":[],"description":"Grants permission to get supported resource types","accessLevel":"Read","resourceTypes":[]},"GetTieringConfiguration":{"conditionKeys":[],"resources":[{"name":"tieringConfiguration"}],"description":"Grants permission to describe a tiering configuration","accessLevel":"Read","resourceTypes":[{"name":"tieringConfiguration","required":true}]},"ListBackupJobSummaries":{"conditionKeys":[],"resources":[],"description":"Grants permission to list backup job summaries","accessLevel":"List","resourceTypes":[]},"ListBackupJobs":{"conditionKeys":[],"resources":[],"description":"Grants permission to list backup jobs","accessLevel":"List","resourceTypes":[]},"ListBackupPlanTemplates":{"conditionKeys":[],"resources":[],"description":"Grants permission to list backup plan templates provided by AWS Backup","accessLevel":"List","resourceTypes":[]},"ListBackupPlanVersions":{"conditionKeys":[],"resources":[{"name":"backupPlan"}],"description":"Grants permission to list backup plan versions","accessLevel":"List","resourceTypes":[{"name":"backupPlan","required":true}]},"ListBackupPlans":{"conditionKeys":[],"resources":[],"description":"Grants permission to list backup plans","accessLevel":"List","resourceTypes":[]},"ListBackupSelections":{"conditionKeys":[],"resources":[{"name":"backupPlan"}],"description":"Grants permission to list resource assignments for a specific backup plan","accessLevel":"List","resourceTypes":[{"name":"backupPlan","required":true}]},"ListBackupVaults":{"conditionKeys":[],"resources":[],"description":"Grants permission to list backup vaults","accessLevel":"List","resourceTypes":[]},"ListCopyJobSummaries":{"conditionKeys":[],"resources":[],"description":"Grants permission to list copy job summaries","accessLevel":"List","resourceTypes":[]},"ListCopyJobs":{"conditionKeys":[],"resources":[],"description":"Grants permission to list copy jobs","accessLevel":"List","resourceTypes":[]},"ListFrameworks":{"conditionKeys":[],"resources":[],"description":"Grants permission to list frameworks","accessLevel":"List","resourceTypes":[]},"ListIndexedRecoveryPoints":{"conditionKeys":[],"resources":[],"description":"Grants permission to get list indexed recovery points","accessLevel":"List","resourceTypes":[]},"ListIndexedRecoveryPointsForSearch":{"conditionKeys":[],"resources":[],"description":"Grants permission to list indexed recovery points to search","accessLevel":"Permissions management","resourceTypes":[],"permissionOnly":true},"ListLegalHolds":{"conditionKeys":[],"resources":[],"description":"Grants permission to list legal holds","accessLevel":"List","resourceTypes":[]},"ListProtectedResources":{"conditionKeys":[],"resources":[],"description":"Grants permission to list protected resources by AWS Backup","accessLevel":"List","resourceTypes":[]},"ListProtectedResourcesByBackupVault":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to list protected resources inside a backup vault","accessLevel":"List","resourceTypes":[{"name":"backupVault","required":true}]},"ListRecoveryPointsByBackupVault":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to list recovery points inside a backup vault","accessLevel":"List","resourceTypes":[{"name":"backupVault","required":true}]},"ListRecoveryPointsByLegalHold":{"conditionKeys":[],"resources":[{"name":"legalHold"}],"description":"Grants permission to list recovery points by legal hold","accessLevel":"List","resourceTypes":[{"name":"legalHold","required":true}]},"ListRecoveryPointsByResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to list recovery points for a resource","accessLevel":"List","resourceTypes":[]},"ListReportJobs":{"conditionKeys":[],"resources":[],"description":"Grants permission to list report jobs","accessLevel":"List","resourceTypes":[]},"ListReportPlans":{"conditionKeys":[],"resources":[],"description":"Grants permission to list report plans","accessLevel":"List","resourceTypes":[]},"ListRestoreAccessBackupVaults":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to list a restore access backup vaults associated with a backup vault","accessLevel":"List","resourceTypes":[{"name":"backupVault","required":true}]},"ListRestoreJobSummaries":{"conditionKeys":[],"resources":[],"description":"Grants permission to list restore job summaries","accessLevel":"List","resourceTypes":[]},"ListRestoreJobs":{"conditionKeys":[],"resources":[],"description":"Grants permission to list restore jobs","accessLevel":"List","resourceTypes":[]},"ListRestoreJobsByProtectedResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to list restore jobs for a protected resource","accessLevel":"List","resourceTypes":[]},"ListRestoreTestingPlans":{"conditionKeys":[],"resources":[],"description":"Grants permission to list restore testing plans","accessLevel":"List","resourceTypes":[]},"ListRestoreTestingSelections":{"conditionKeys":[],"resources":[{"name":"restoreTestingPlan"}],"description":"Grants permission to list resource assignments for a specific restore testing plan","accessLevel":"List","resourceTypes":[{"name":"restoreTestingPlan","required":true}]},"ListScanJobSummaries":{"conditionKeys":[],"resources":[],"description":"Grants permission to list scan job summaries","accessLevel":"List","resourceTypes":[]},"ListScanJobs":{"conditionKeys":[],"resources":[],"description":"Grants permission to list scan jobs","accessLevel":"List","resourceTypes":[]},"ListTags":{"conditionKeys":[],"resources":[{"name":"backupPlan"},{"name":"backupVault"},{"name":"framework"},{"name":"legalHold"},{"name":"recoveryPoint"},{"name":"reportPlan"},{"name":"restoreTestingPlan"},{"name":"tieringConfiguration"}],"description":"Grants permission to list tags for a resource","accessLevel":"Read","resourceTypes":[{"name":"backupPlan","required":false},{"name":"backupVault","required":false},{"name":"framework","required":false},{"name":"legalHold","required":false},{"name":"recoveryPoint","required":false},{"name":"reportPlan","required":false},{"name":"restoreTestingPlan","required":false},{"name":"tieringConfiguration","required":false}]},"ListTieringConfigurations":{"conditionKeys":[],"resources":[],"description":"Grants permission to list tiering configurations","accessLevel":"List","resourceTypes":[]},"PutBackupVaultAccessPolicy":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to add an access policy to the backup vault","accessLevel":"Permissions management","resourceTypes":[{"name":"backupVault","required":true}]},"PutBackupVaultLockConfiguration":{"conditionKeys":["backup:ChangeableForDays","backup:MaxRetentionDays","backup:MinRetentionDays"],"resources":[{"name":"backupVault"}],"description":"Grants permission to add a lock configuration to the backup vault","accessLevel":"Write","resourceTypes":[{"name":"backupVault","required":true}]},"PutBackupVaultNotifications":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to add an SNS topic to the backup vault","accessLevel":"Write","resourceTypes":[{"name":"backupVault","required":true}]},"PutBackupVaultSharingPolicy":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to add a sharing policy to the backup vault","accessLevel":"Permissions management","resourceTypes":[{"name":"backupVault","required":true}],"permissionOnly":true},"PutRestoreValidationResult":{"conditionKeys":[],"resources":[],"description":"Grants permission to put a restore validation result","accessLevel":"Write","resourceTypes":[]},"RevokeRestoreAccessBackupVault":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to revoke a restore access backup vault","accessLevel":"Write","resourceTypes":[{"name":"backupVault","required":true}]},"SearchRecoveryPoint":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to search a recovery point","accessLevel":"Permissions management","resourceTypes":[{"name":"recoveryPoint","required":true}],"permissionOnly":true},"StartBackupJob":{"conditionKeys":[],"resources":[{"name":"backupVault"}],"description":"Grants permission to start a new backup job","accessLevel":"Write","resourceTypes":[{"name":"backupVault","required":true}],"dependentActions":["iam:PassRole"]},"StartCopyJob":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to copy a backup from a source backup vault to a destination backup vault","accessLevel":"Write","resourceTypes":[{"name":"recoveryPoint","required":true}],"dependentActions":["iam:PassRole"]},"StartReportJob":{"conditionKeys":[],"resources":[{"name":"reportPlan"}],"description":"Grants permission to start a new report job","accessLevel":"Write","resourceTypes":[{"name":"reportPlan","required":true}]},"StartRestoreJob":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to start a new restore job","accessLevel":"Write","resourceTypes":[{"name":"recoveryPoint","required":true}],"dependentActions":["iam:PassRole"]},"StartScanJob":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to start a new scan job","accessLevel":"Write","resourceTypes":[{"name":"recoveryPoint","required":true}],"dependentActions":["iam:PassRole"]},"StopBackupJob":{"conditionKeys":[],"resources":[],"description":"Grants permission to stop a backup job","accessLevel":"Write","resourceTypes":[]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"backupPlan"},{"name":"backupVault"},{"name":"framework"},{"name":"legalHold"},{"name":"recoveryPoint"},{"name":"reportPlan"},{"name":"restoreTestingPlan"},{"name":"tieringConfiguration"}],"description":"Grants permission to tag a resource","accessLevel":"Tagging","resourceTypes":[{"name":"backupPlan","required":false},{"name":"backupVault","required":false},{"name":"framework","required":false},{"name":"legalHold","required":false},{"name":"recoveryPoint","required":false},{"name":"reportPlan","required":false},{"name":"restoreTestingPlan","required":false},{"name":"tieringConfiguration","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"backupPlan"},{"name":"backupVault"},{"name":"framework"},{"name":"legalHold"},{"name":"recoveryPoint"},{"name":"reportPlan"},{"name":"restoreTestingPlan"},{"name":"tieringConfiguration"}],"description":"Grants permission to untag a resource","accessLevel":"Tagging","resourceTypes":[{"name":"backupPlan","required":false},{"name":"backupVault","required":false},{"name":"framework","required":false},{"name":"legalHold","required":false},{"name":"recoveryPoint","required":false},{"name":"reportPlan","required":false},{"name":"restoreTestingPlan","required":false},{"name":"tieringConfiguration","required":false}]},"UpdateBackupPlan":{"conditionKeys":[],"resources":[{"name":"backupPlan"}],"description":"Grants permission to update a backup plan","accessLevel":"Write","resourceTypes":[{"name":"backupPlan","required":true}],"dependentActions":["iam:PassRole"]},"UpdateFramework":{"conditionKeys":[],"resources":[{"name":"framework"}],"description":"Grants permission to update a framework","accessLevel":"Write","resourceTypes":[{"name":"framework","required":true}]},"UpdateGlobalSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the current global settings for the AWS Account","accessLevel":"Write","resourceTypes":[]},"UpdateRecoveryPointIndexSettings":{"conditionKeys":["backup:Index"],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to update recovery point index settings","accessLevel":"Write","resourceTypes":[{"name":"recoveryPoint","required":true}]},"UpdateRecoveryPointLifecycle":{"conditionKeys":[],"resources":[{"name":"recoveryPoint"}],"description":"Grants permission to update the lifecycle of the recovery point","accessLevel":"Write","resourceTypes":[{"name":"recoveryPoint","required":true}]},"UpdateRegionSettings":{"conditionKeys":[],"resources":[],"description":"Grants permission to update the current service opt-in settings for the Region","accessLevel":"Write","resourceTypes":[]},"UpdateReportPlan":{"conditionKeys":["backup:FrameworkArns"],"resources":[{"name":"reportPlan"}],"description":"Grants permission to update a report plan","accessLevel":"Write","resourceTypes":[{"name":"reportPlan","required":true}]},"UpdateRestoreTestingPlan":{"conditionKeys":[],"resources":[{"name":"restoreTestingPlan"}],"description":"Grants permission to update a restore testing plan","accessLevel":"Write","resourceTypes":[{"name":"restoreTestingPlan","required":true}]},"UpdateRestoreTestingSelection":{"conditionKeys":[],"resources":[{"name":"restoreTestingPlan"}],"description":"Grants permission to update a resource assignment in a restore testing plan","accessLevel":"Write","resourceTypes":[{"name":"restoreTestingPlan","required":true}],"dependentActions":["iam:PassRole"]},"UpdateTieringConfiguration":{"conditionKeys":[],"resources":[{"name":"tieringConfiguration"}],"description":"Grants permission to update a tiering configuration","accessLevel":"Write","resourceTypes":[{"name":"tieringConfiguration","required":true}]}},"resources":[{"name":"backupPlan","arnFormats":["arn:${Partition}:backup:${Region}:${Account}:backup-plan:${BackupPlanId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"backupVault","arnFormats":["arn:${Partition}:backup:${Region}:${Account}:backup-vault:${BackupVaultName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"framework","arnFormats":["arn:${Partition}:backup:${Region}:${Account}:framework:${FrameworkName}-${FrameworkId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"legalHold","arnFormats":["arn:${Partition}:backup:${Region}:${Account}:legal-hold:${LegalHoldId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"recoveryPoint","arnFormats":["arn:${Partition}:${Vendor}:${Region}:*:${ResourceType}:${RecoveryPointId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"reportPlan","arnFormats":["arn:${Partition}:backup:${Region}:${Account}:report-plan:${ReportPlanName}-${ReportPlanId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"restoreTestingPlan","arnFormats":["arn:${Partition}:backup:${Region}:${Account}:restore-testing-plan:${RestoreTestingPlanName}-${RestoreTestingPlanId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"tieringConfiguration","arnFormats":["arn:${Partition}:backup:${Region}:${Account}:tiering-configuration:${TieringConfigurationName}-${TieringConfigurationId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the allowed set of values for each of the tags"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the presence of mandatory tags in the request"},"backup:ChangeableForDays":{"types":["Numeric"],"description":"Filters access by the value of the ChangeableForDays parameter"},"backup:CopyTargetOrgPaths":{"types":["ArrayOfString"],"description":"Filters access by the organization unit"},"backup:CopyTargets":{"types":["ArrayOfARN"],"description":"Filters access by the ARN of a backup vault"},"backup:FrameworkArns":{"types":["ArrayOfARN"],"description":"Filters access by the Framework ARNs"},"backup:Index":{"types":["String"],"description":"Filters access by the value of Index parameter"},"backup:MaxRetentionDays":{"types":["Numeric"],"description":"Filters access by the value of the MaxRetentionDays parameter"},"backup:MinRetentionDays":{"types":["Numeric"],"description":"Filters access by the value of the MinRetentionDays parameter"},"backup:MpaApprovalTeamArn":{"types":["ARN"],"description":"Filters access by the MPA Approval Team ARN of a backup vault"}}}

package/src/data/servicereference/services/batch.json

@@ -0,0 +1 @@
+{"name":"batch","actions":{"CancelJob":{"conditionKeys":[],"resources":[{"name":"job"}],"description":"Grants permission to cancel a job in an AWS Batch job queue in your account","accessLevel":"Write","resourceTypes":[{"name":"job","required":true}]},"CreateComputeEnvironment":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"compute-environment"}],"description":"Grants permission to create an AWS Batch compute environment in your account","accessLevel":"Write","resourceTypes":[{"name":"compute-environment","required":true}]},"CreateConsumableResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"consumable-resource"}],"description":"Grants permission to create an AWS Batch consumable resource in your account","accessLevel":"Write","resourceTypes":[{"name":"consumable-resource","required":true}]},"CreateJobQueue":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"compute-environment"},{"name":"job-queue"},{"name":"scheduling-policy"},{"name":"service-environment"}],"description":"Grants permission to create an AWS Batch job queue in your account","accessLevel":"Write","resourceTypes":[{"name":"job-queue","required":true},{"name":"compute-environment","required":false},{"name":"scheduling-policy","required":false},{"name":"service-environment","required":false}]},"CreateQuotaShare":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"job-queue"},{"name":"quota-share"}],"description":"Grants permission to create an AWS Batch quota share in your account","accessLevel":"Write","resourceTypes":[{"name":"job-queue","required":true},{"name":"quota-share","required":true}]},"CreateSchedulingPolicy":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"scheduling-policy"}],"description":"Grants permission to create an AWS Batch scheduling policy in your account","accessLevel":"Write","resourceTypes":[{"name":"scheduling-policy","required":true}]},"CreateServiceEnvironment":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"service-environment"}],"description":"Grants permission to create an AWS Batch service environment in your account","accessLevel":"Write","resourceTypes":[{"name":"service-environment","required":true}],"dependentActions":["iam:CreateServiceLinkedRole"]},"DeleteComputeEnvironment":{"conditionKeys":[],"resources":[{"name":"compute-environment"}],"description":"Grants permission to delete an AWS Batch compute environment in your account","accessLevel":"Write","resourceTypes":[{"name":"compute-environment","required":true}]},"DeleteConsumableResource":{"conditionKeys":[],"resources":[{"name":"consumable-resource"}],"description":"Grants permission to delete an AWS Batch consumable resource in your account","accessLevel":"Write","resourceTypes":[{"name":"consumable-resource","required":true}]},"DeleteJobQueue":{"conditionKeys":[],"resources":[{"name":"job-queue"}],"description":"Grants permission to delete an AWS Batch job queue in your account","accessLevel":"Write","resourceTypes":[{"name":"job-queue","required":true}]},"DeleteQuotaShare":{"conditionKeys":[],"resources":[{"name":"quota-share"}],"description":"Grants permission to delete an AWS Batch quota share in your account","accessLevel":"Write","resourceTypes":[{"name":"quota-share","required":true}]},"DeleteSchedulingPolicy":{"conditionKeys":[],"resources":[{"name":"scheduling-policy"}],"description":"Grants permission to delete an AWS Batch scheduling policy in your account","accessLevel":"Write","resourceTypes":[{"name":"scheduling-policy","required":true}]},"DeleteServiceEnvironment":{"conditionKeys":[],"resources":[{"name":"service-environment"}],"description":"Grants permission to delete an AWS Batch service environment in your account","accessLevel":"Write","resourceTypes":[{"name":"service-environment","required":true}]},"DeregisterJobDefinition":{"conditionKeys":[],"resources":[{"name":"job-definition-revision"}],"description":"Grants permission to deregister an AWS Batch job definition in your account","accessLevel":"Write","resourceTypes":[{"name":"job-definition-revision","required":true}]},"DescribeComputeEnvironments":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe one or more AWS Batch compute environments in your account","accessLevel":"Read","resourceTypes":[]},"DescribeConsumableResource":{"conditionKeys":[],"resources":[{"name":"consumable-resource"}],"description":"Grants permission to describe one or more AWS Batch consumable resource in your account","accessLevel":"Read","resourceTypes":[{"name":"consumable-resource","required":true}]},"DescribeJobDefinitions":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe one or more AWS Batch job definitions in your account","accessLevel":"Read","resourceTypes":[]},"DescribeJobQueues":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe one or more AWS Batch job queues in your account","accessLevel":"Read","resourceTypes":[]},"DescribeJobs":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a list of AWS Batch jobs in your account","accessLevel":"Read","resourceTypes":[]},"DescribeQuotaShare":{"conditionKeys":[],"resources":[{"name":"quota-share"}],"description":"Grants permission to describe an AWS Batch quota share in your account","accessLevel":"Read","resourceTypes":[{"name":"quota-share","required":true}]},"DescribeSchedulingPolicies":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe one or more AWS Batch scheduling policies in your account","accessLevel":"Read","resourceTypes":[]},"DescribeServiceEnvironments":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe one or more AWS Batch service environments in your account","accessLevel":"Read","resourceTypes":[]},"DescribeServiceJob":{"conditionKeys":[],"resources":[],"description":"Grants permission to describe a AWS Batch service job in your account","accessLevel":"Read","resourceTypes":[]},"GetJobQueueSnapshot":{"conditionKeys":[],"resources":[{"name":"job-queue"}],"description":"Grants permission to get a snapshot of an AWS Batch job queue in your account","accessLevel":"Read","resourceTypes":[{"name":"job-queue","required":true}]},"ListConsumableResources":{"conditionKeys":[],"resources":[],"description":"Grants permission to list AWS Batch consumable resources in your account","accessLevel":"List","resourceTypes":[]},"ListJobs":{"conditionKeys":[],"resources":[],"description":"Grants permission to list jobs for a specified AWS Batch job queue in your account","accessLevel":"List","resourceTypes":[]},"ListJobsByConsumableResource":{"conditionKeys":[],"resources":[{"name":"consumable-resource"}],"description":"Grants permission to list AWS Batch jobs that require a specific consumable resource in your account","accessLevel":"List","resourceTypes":[{"name":"consumable-resource","required":true}]},"ListQuotaShares":{"conditionKeys":[],"resources":[{"name":"job-queue"}],"description":"Grants permission to list AWS Batch quota shares in your account","accessLevel":"List","resourceTypes":[{"name":"job-queue","required":true}]},"ListSchedulingPolicies":{"conditionKeys":[],"resources":[],"description":"Grants permission to list AWS Batch scheduling policies in your account","accessLevel":"Read","resourceTypes":[]},"ListServiceJobs":{"conditionKeys":[],"resources":[],"description":"Grants permission to list service jobs for a specified AWS Batch job queue in your account","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"compute-environment"},{"name":"consumable-resource"},{"name":"job"},{"name":"job-definition-revision"},{"name":"job-queue"},{"name":"quota-share"},{"name":"scheduling-policy"},{"name":"service-environment"},{"name":"service-job"}],"description":"Grants permission to list tags for an AWS Batch resource in your account","accessLevel":"Read","resourceTypes":[{"name":"compute-environment","required":false},{"name":"consumable-resource","required":false},{"name":"job","required":false},{"name":"job-definition-revision","required":false},{"name":"job-queue","required":false},{"name":"quota-share","required":false},{"name":"scheduling-policy","required":false},{"name":"service-environment","required":false},{"name":"service-job","required":false}]},"RegisterJobDefinition":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","batch:AWSLogsCreateGroup","batch:AWSLogsGroup","batch:AWSLogsRegion","batch:AWSLogsStreamPrefix","batch:EKSImage","batch:EKSNamespace","batch:EKSPrivileged","batch:EKSRunAsGroup","batch:EKSRunAsUser","batch:EKSServiceAccountName","batch:Image","batch:LogDriver","batch:Privileged","batch:User"],"resources":[{"name":"consumable-resource"},{"name":"job-definition"}],"description":"Grants permission to register an AWS Batch job definition in your account","accessLevel":"Write","resourceTypes":[{"name":"job-definition","required":true},{"name":"consumable-resource","required":false}]},"SubmitJob":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"consumable-resource"},{"name":"job"},{"name":"job-definition"},{"name":"job-definition-revision"},{"name":"job-queue"}],"description":"Grants permission to submit an AWS Batch job from a job definition in your account","accessLevel":"Write","resourceTypes":[{"name":"job","required":true},{"name":"job-queue","required":true},{"name":"consumable-resource","required":false},{"name":"job-definition","required":false},{"name":"job-definition-revision","required":false}]},"SubmitServiceJob":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","batch:SchedulingPriority"],"resources":[{"name":"job-queue"},{"name":"quota-share"},{"name":"service-job"}],"description":"Grants permission to submit an AWS Batch service job","accessLevel":"Write","resourceTypes":[{"name":"job-queue","required":true},{"name":"service-job","required":true},{"name":"quota-share","required":false}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"compute-environment"},{"name":"consumable-resource"},{"name":"job"},{"name":"job-definition-revision"},{"name":"job-queue"},{"name":"quota-share"},{"name":"scheduling-policy"},{"name":"service-environment"},{"name":"service-job"}],"description":"Grants permission to tag an AWS Batch resource in your account","accessLevel":"Tagging","resourceTypes":[{"name":"compute-environment","required":false},{"name":"consumable-resource","required":false},{"name":"job","required":false},{"name":"job-definition-revision","required":false},{"name":"job-queue","required":false},{"name":"quota-share","required":false},{"name":"scheduling-policy","required":false},{"name":"service-environment","required":false},{"name":"service-job","required":false}]},"TerminateJob":{"conditionKeys":[],"resources":[{"name":"job"}],"description":"Grants permission to terminate a job in an AWS Batch job queue in your account","accessLevel":"Write","resourceTypes":[{"name":"job","required":true}]},"TerminateServiceJob":{"conditionKeys":[],"resources":[{"name":"service-job"}],"description":"Grants permission to terminate a service job in an AWS Batch job queue in your account","accessLevel":"Write","resourceTypes":[{"name":"service-job","required":true}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"compute-environment"},{"name":"consumable-resource"},{"name":"job"},{"name":"job-definition-revision"},{"name":"job-queue"},{"name":"quota-share"},{"name":"scheduling-policy"},{"name":"service-environment"},{"name":"service-job"}],"description":"Grants permission to untag an AWS Batch resource in your account","accessLevel":"Tagging","resourceTypes":[{"name":"compute-environment","required":false},{"name":"consumable-resource","required":false},{"name":"job","required":false},{"name":"job-definition-revision","required":false},{"name":"job-queue","required":false},{"name":"quota-share","required":false},{"name":"scheduling-policy","required":false},{"name":"service-environment","required":false},{"name":"service-job","required":false}]},"UpdateComputeEnvironment":{"conditionKeys":[],"resources":[{"name":"compute-environment"}],"description":"Grants permission to update an AWS Batch compute environment in your account","accessLevel":"Write","resourceTypes":[{"name":"compute-environment","required":true}]},"UpdateConsumableResource":{"conditionKeys":[],"resources":[{"name":"consumable-resource"}],"description":"Grants permission to update an AWS Batch consumable resource in your account","accessLevel":"Write","resourceTypes":[{"name":"consumable-resource","required":true}]},"UpdateJobQueue":{"conditionKeys":[],"resources":[{"name":"compute-environment"},{"name":"job-queue"},{"name":"scheduling-policy"}],"description":"Grants permission to update an AWS Batch job queue in your account","accessLevel":"Write","resourceTypes":[{"name":"job-queue","required":true},{"name":"compute-environment","required":false},{"name":"scheduling-policy","required":false}]},"UpdateQuotaShare":{"conditionKeys":[],"resources":[{"name":"quota-share"}],"description":"Grants permission to update an AWS Batch quota share in your account","accessLevel":"Write","resourceTypes":[{"name":"quota-share","required":true}]},"UpdateSchedulingPolicy":{"conditionKeys":[],"resources":[{"name":"scheduling-policy"}],"description":"Grants permission to update an AWS Batch scheduling policy in your account","accessLevel":"Write","resourceTypes":[{"name":"scheduling-policy","required":true}]},"UpdateServiceEnvironment":{"conditionKeys":[],"resources":[{"name":"service-environment"}],"description":"Grants permission to update an AWS Batch service environment in your account","accessLevel":"Write","resourceTypes":[{"name":"service-environment","required":true}]},"UpdateServiceJob":{"conditionKeys":["batch:SchedulingPriority"],"resources":[{"name":"service-job"}],"description":"Grants permission to update a service job in an AWS Batch job queue in your account","accessLevel":"Write","resourceTypes":[{"name":"service-job","required":true}]}},"resources":[{"name":"compute-environment","arnFormats":["arn:${Partition}:batch:${Region}:${Account}:compute-environment/${ComputeEnvironmentName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"consumable-resource","arnFormats":["arn:${Partition}:batch:${Region}:${Account}:consumable-resource/${ConsumableResourceName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"job","arnFormats":["arn:${Partition}:batch:${Region}:${Account}:job/${JobId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"job-definition","arnFormats":["arn:${Partition}:batch:${Region}:${Account}:job-definition/${JobDefinitionName}"],"conditionKeys":[]},{"name":"job-definition-revision","arnFormats":["arn:${Partition}:batch:${Region}:${Account}:job-definition/${JobDefinitionName}:${Revision}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"job-queue","arnFormats":["arn:${Partition}:batch:${Region}:${Account}:job-queue/${JobQueueName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"quota-share","arnFormats":["arn:${Partition}:batch:${Region}:${Account}:job-queue/${JobQueueName}/quota-share/${QuotaShareName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"scheduling-policy","arnFormats":["arn:${Partition}:batch:${Region}:${Account}:scheduling-policy/${SchedulingPolicyName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"service-environment","arnFormats":["arn:${Partition}:batch:${Region}:${Account}:service-environment/${ServiceEnvironmentName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"service-job","arnFormats":["arn:${Partition}:batch:${Region}:${Account}:service-job/${JobId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"},"batch:AWSLogsCreateGroup":{"types":["Bool"],"description":"Filters access by the specified logging driver to determine whether awslogs group will be created for the logs"},"batch:AWSLogsGroup":{"types":["String"],"description":"Filters access by the awslogs group where the logs are located"},"batch:AWSLogsRegion":{"types":["String"],"description":"Filters access by the region where the logs are sent to"},"batch:AWSLogsStreamPrefix":{"types":["String"],"description":"Filters access by the awslogs log stream prefix"},"batch:EKSImage":{"types":["String"],"description":"Filters access by the image used to start a container for an Amazon EKS job"},"batch:EKSNamespace":{"types":["String"],"description":"Filters access by the namespace of a cluster used to run the pod for an Amazon EKS job"},"batch:EKSPrivileged":{"types":["Bool"],"description":"Filters access by the specified privileged parameter value that determines whether the container is given elevated privileges on the host container instance (similar to the root user) for an Amazon EKS job"},"batch:EKSRunAsGroup":{"types":["Numeric"],"description":"Filters access by the specified group numeric ID (gid) used to start a container in an Amazon EKS job"},"batch:EKSRunAsUser":{"types":["Numeric"],"description":"Filters access by the specified user numeric ID (uid) used to start a a container in an Amazon EKS job"},"batch:EKSServiceAccountName":{"types":["String"],"description":"Filters access by the name of the service account used to run the pod for an Amazon EKS job"},"batch:Image":{"types":["String"],"description":"Filters access by the image used to start a container"},"batch:LogDriver":{"types":["String"],"description":"Filters access by the log driver used for the container"},"batch:Privileged":{"types":["Bool"],"description":"Filters access by the specified privileged parameter value that determines whether the container is given elevated privileges on the host container instance (similar to the root user)"},"batch:SchedulingPriority":{"types":["Numeric"],"description":"Filters access by the scheduling priority for jobs in the job queue"},"batch:ShareIdentifier":{"types":["String"],"description":"Filters access by the shareIdentifier used inside submit job"},"batch:User":{"types":["String"],"description":"Filters access by user name or numeric uid used inside the container"}}}

package/src/data/servicereference/services/bcm-dashboards.json

@@ -0,0 +1 @@
+{"name":"bcm-dashboards","actions":{"CreateDashboard":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a dashboard","accessLevel":"Write","resourceTypes":[]},"DeleteDashboard":{"conditionKeys":[],"resources":[],"description":"Grants permission to delete a dashboard","accessLevel":"Write","resourceTypes":[]},"GetDashboard":{"conditionKeys":[],"resources":[],"description":"Grants permission to get dashboard information","accessLevel":"Read","resourceTypes":[]},"GetResourcePolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to get the resource policy for a dashboard","accessLevel":"Read","resourceTypes":[]},"ListDashboards":{"conditionKeys":[],"resources":[],"description":"Grants permission to list information about all of the dashboards for a user","accessLevel":"Read","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all of the tags for a resource","accessLevel":"Read","resourceTypes":[]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a tag for a resource","accessLevel":"Tagging","resourceTypes":[]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[],"description":"Grants permission to remove a tag for a resource","accessLevel":"Tagging","resourceTypes":[]},"UpdateDashboard":{"conditionKeys":[],"resources":[],"description":"Grants permission to update an existing dashboard","accessLevel":"Write","resourceTypes":[]}},"resources":[],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/bcm-data-exports.json

@@ -0,0 +1 @@
+{"name":"bcm-data-exports","actions":{"CreateExport":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"billingview"},{"name":"table"}],"description":"Grants permission to create an export","accessLevel":"Write","resourceTypes":[{"name":"table","required":true},{"name":"billingview","required":false}]},"DeleteExport":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"export"}],"description":"Grants permission to delete an export","accessLevel":"Write","resourceTypes":[{"name":"export","required":true}]},"GetExecution":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"export"}],"description":"Grants permission to get the execution of an export","accessLevel":"Read","resourceTypes":[{"name":"export","required":true}]},"GetExport":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"export"}],"description":"Grants permission to get an export","accessLevel":"Read","resourceTypes":[{"name":"export","required":true}]},"GetTable":{"conditionKeys":[],"resources":[{"name":"table"}],"description":"Grants permission to get the details of a table","accessLevel":"Read","resourceTypes":[{"name":"table","required":true}]},"ListExecutions":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"export"}],"description":"Grants permission to list all executions of an export","accessLevel":"List","resourceTypes":[{"name":"export","required":true}]},"ListExports":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all exports","accessLevel":"List","resourceTypes":[]},"ListTables":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all available tables","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"export"}],"description":"Grants permission to list tags for a resource","accessLevel":"Read","resourceTypes":[{"name":"export","required":true}]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"export"}],"description":"Grants permission to tag a resource","accessLevel":"Tagging","resourceTypes":[{"name":"export","required":true}]},"UntagResource":{"conditionKeys":["aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"export"}],"description":"Grants permission to untag a resource","accessLevel":"Tagging","resourceTypes":[{"name":"export","required":true}]},"UpdateExport":{"conditionKeys":["aws:ResourceTag/${TagKey}"],"resources":[{"name":"billingview"},{"name":"export"},{"name":"table"}],"description":"Grants permission to update an export","accessLevel":"Write","resourceTypes":[{"name":"export","required":true},{"name":"table","required":true},{"name":"billingview","required":false}]}},"resources":[{"name":"billingview","arnFormats":["arn:${Partition}:billing::${Account}:billingview/${ResourceId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"export","arnFormats":["arn:${Partition}:bcm-data-exports:${Region}:${Account}:export/${Identifier}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"table","arnFormats":["arn:${Partition}:bcm-data-exports:${Region}:${Account}:table/${Identifier}"],"conditionKeys":[]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/bcm-pricing-calculator.json

@@ -0,0 +1 @@
+{"name":"bcm-pricing-calculator","actions":{"CreateBillEstimate":{"conditionKeys":[],"resources":[{"name":"bill-scenario"}],"description":"Grants permission to create a new bill estimate. Charge is incurred for successful bill estimates","accessLevel":"Write","resourceTypes":[{"name":"bill-scenario","required":false}]},"CreateBillScenario":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a new bill scenario","accessLevel":"Write","resourceTypes":[]},"CreateBillScenarioCommitmentModification":{"conditionKeys":[],"resources":[{"name":"bill-scenario"}],"description":"Grants permission to create new commitments or remove existing commitment from a specified bill scenario","accessLevel":"Write","resourceTypes":[{"name":"bill-scenario","required":true}]},"CreateBillScenarioUsageModification":{"conditionKeys":[],"resources":[{"name":"bill-scenario"}],"description":"Grants permission to create usage in the specified bill scenario","accessLevel":"Write","resourceTypes":[{"name":"bill-scenario","required":true}]},"CreateWorkloadEstimate":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a new Workload estimate","accessLevel":"Write","resourceTypes":[]},"CreateWorkloadEstimateUsage":{"conditionKeys":[],"resources":[{"name":"workload-estimate"}],"description":"Grants permission to create usage in the specified workload estimate","accessLevel":"Write","resourceTypes":[{"name":"workload-estimate","required":true}]},"DeleteBillEstimate":{"conditionKeys":[],"resources":[{"name":"bill-estimate"}],"description":"Grants permission to delete bill estimate","accessLevel":"Write","resourceTypes":[{"name":"bill-estimate","required":true}]},"DeleteBillScenario":{"conditionKeys":[],"resources":[{"name":"bill-scenario"}],"description":"Grants permission to delete a bill scenario","accessLevel":"Write","resourceTypes":[{"name":"bill-scenario","required":true}]},"DeleteBillScenarioCommitmentModification":{"conditionKeys":[],"resources":[{"name":"bill-scenario"}],"description":"Grants permission to delete newly added commitments from the specified bill scenario","accessLevel":"Write","resourceTypes":[{"name":"bill-scenario","required":true}]},"DeleteBillScenarioUsageModification":{"conditionKeys":[],"resources":[{"name":"bill-scenario"}],"description":"Grants permission to delete newly added usage from the specified bill scenario","accessLevel":"Write","resourceTypes":[{"name":"bill-scenario","required":true}]},"DeleteWorkloadEstimate":{"conditionKeys":[],"resources":[{"name":"workload-estimate"}],"description":"Grants permission to delete the specified workload estimate","accessLevel":"Write","resourceTypes":[{"name":"workload-estimate","required":true}]},"DeleteWorkloadEstimateUsage":{"conditionKeys":[],"resources":[{"name":"workload-estimate"}],"description":"Grants permission to delete newly added usage from the specified workload estimate","accessLevel":"Write","resourceTypes":[{"name":"workload-estimate","required":true}]},"GetBillEstimate":{"conditionKeys":[],"resources":[{"name":"bill-estimate"}],"description":"Grants permission to retrieve details of a bill estimate including estimated cost","accessLevel":"Read","resourceTypes":[{"name":"bill-estimate","required":true}]},"GetBillScenario":{"conditionKeys":[],"resources":[{"name":"bill-scenario"}],"description":"Grants permission to retrieve information associated with a bill scenario","accessLevel":"Read","resourceTypes":[{"name":"bill-scenario","required":true}]},"GetPreferences":{"conditionKeys":[],"resources":[],"description":"Grants permission to retrieve applicable rate type preferences for the account","accessLevel":"Read","resourceTypes":[]},"GetWorkloadEstimate":{"conditionKeys":[],"resources":[{"name":"workload-estimate"}],"description":"Grants permission to retrieve information associated with a workload estimate","accessLevel":"Read","resourceTypes":[{"name":"workload-estimate","required":true}]},"ListBillEstimateCommitments":{"conditionKeys":[],"resources":[{"name":"bill-estimate"}],"description":"Grants permission to list commitments associated with the specified bill estimate","accessLevel":"List","resourceTypes":[{"name":"bill-estimate","required":true}]},"ListBillEstimateInputCommitmentModifications":{"conditionKeys":[],"resources":[{"name":"bill-estimate"}],"description":"Grants permission to list added or removed commitments for a specified bill estimate","accessLevel":"List","resourceTypes":[{"name":"bill-estimate","required":true}]},"ListBillEstimateInputUsageModifications":{"conditionKeys":[],"resources":[{"name":"bill-estimate"}],"description":"Grants permission to list added or modified usage for a specified bill estimate","accessLevel":"List","resourceTypes":[{"name":"bill-estimate","required":true}]},"ListBillEstimateLineItems":{"conditionKeys":[],"resources":[{"name":"bill-estimate"}],"description":"Grants permission to list result line items for a specified bill estimate","accessLevel":"List","resourceTypes":[{"name":"bill-estimate","required":true}]},"ListBillEstimates":{"conditionKeys":[],"resources":[],"description":"Grants permission to list bill estimates","accessLevel":"List","resourceTypes":[]},"ListBillScenarioCommitmentModifications":{"conditionKeys":[],"resources":[{"name":"bill-scenario"}],"description":"Grants permission to list commitments included in a bill scenario","accessLevel":"List","resourceTypes":[{"name":"bill-scenario","required":true}]},"ListBillScenarioUsageModifications":{"conditionKeys":[],"resources":[{"name":"bill-scenario"}],"description":"Grants permission to list usage lines of a specified bill scenario","accessLevel":"List","resourceTypes":[{"name":"bill-scenario","required":true}]},"ListBillScenarios":{"conditionKeys":[],"resources":[],"description":"Grants permission to list bill scenarios","accessLevel":"List","resourceTypes":[]},"ListTagsForResource":{"conditionKeys":[],"resources":[],"description":"Grants permission to return a list of tags for a resource","accessLevel":"Tagging","resourceTypes":[]},"ListWorkloadEstimateUsage":{"conditionKeys":[],"resources":[{"name":"workload-estimate"}],"description":"Grants permission to list usage lines for the specified workload estimate","accessLevel":"List","resourceTypes":[{"name":"workload-estimate","required":true}]},"ListWorkloadEstimates":{"conditionKeys":[],"resources":[],"description":"Grants permission to list workload estimates","accessLevel":"List","resourceTypes":[]},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"bill-scenario"},{"name":"workload-estimate"}],"description":"Grants permission to add a tag to a resource","accessLevel":"Tagging","resourceTypes":[{"name":"bill-scenario","required":false},{"name":"workload-estimate","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"bill-scenario"},{"name":"workload-estimate"}],"description":"Grants permission to remove a tag from a resource","accessLevel":"Tagging","resourceTypes":[{"name":"bill-scenario","required":false},{"name":"workload-estimate","required":false}]},"UpdateBillEstimate":{"conditionKeys":[],"resources":[{"name":"bill-estimate"}],"description":"Grants permission to update bill estimate name and expiration date time","accessLevel":"Write","resourceTypes":[{"name":"bill-estimate","required":true}]},"UpdateBillScenario":{"conditionKeys":[],"resources":[{"name":"bill-scenario"}],"description":"Grants permission to update name and expiration date time of the specified bill scenario","accessLevel":"Write","resourceTypes":[{"name":"bill-scenario","required":true}]},"UpdateBillScenarioCommitmentModification":{"conditionKeys":[],"resources":[{"name":"bill-scenario"}],"description":"Grants permission to update commitment group of commitments in the specified bill scenario","accessLevel":"Write","resourceTypes":[{"name":"bill-scenario","required":true}]},"UpdateBillScenarioUsageModification":{"conditionKeys":[],"resources":[{"name":"bill-scenario"}],"description":"Grants permission to update usage amount, usage hour, and usage group in the specified bill scenario","accessLevel":"Write","resourceTypes":[{"name":"bill-scenario","required":true}]},"UpdatePreferences":{"conditionKeys":[],"resources":[],"description":"Grants permission to update rate type preferences for the account","accessLevel":"Write","resourceTypes":[]},"UpdateWorkloadEstimate":{"conditionKeys":[],"resources":[{"name":"workload-estimate"}],"description":"Grants permission to update name and expiration date time of the specified workload estimate","accessLevel":"Write","resourceTypes":[{"name":"workload-estimate","required":true}]},"UpdateWorkloadEstimateUsage":{"conditionKeys":[],"resources":[{"name":"workload-estimate"}],"description":"Grants permission to update usage amount and usage group in the specified workload estimate based on the usage id","accessLevel":"Write","resourceTypes":[{"name":"workload-estimate","required":true}]}},"resources":[{"name":"bill-estimate","arnFormats":["arn:${Partition}:bcm-pricing-calculator::${Account}:bill-estimate/${BillEstimateId}"],"conditionKeys":[]},{"name":"bill-scenario","arnFormats":["arn:${Partition}:bcm-pricing-calculator::${Account}:bill-scenario/${BillScenarioId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"workload-estimate","arnFormats":["arn:${Partition}:bcm-pricing-calculator::${Account}:workload-estimate/${WorkloadEstimateId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags that are passed in the request"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by the tags associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by the tag keys that are passed in the request"}}}

package/src/data/servicereference/services/bcm-recommended-actions.json

@@ -0,0 +1 @@
+{"name":"bcm-recommended-actions","actions":{"ListRecommendedActions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list all recommended actions","accessLevel":"List","resourceTypes":[]}},"resources":[],"conditionKeys":{}}

package/src/data/servicereference/services/bedrock-agentcore.json

@@ -0,0 +1 @@
+{"name":"bedrock-agentcore","actions":{"AllowVendedLogDeliveryForResource":{"conditionKeys":[],"resources":[{"name":"memory"}],"description":"Grants permission to configure vended telemetry for a resource","accessLevel":"Permissions management","resourceTypes":[{"name":"memory","required":true}],"permissionOnly":true},"AuthorizeAction":{"conditionKeys":[],"resources":[{"name":"gateway"},{"name":"policy-engine"}],"description":"Grants permission to evaluate Cedar policies for authorization requests","accessLevel":"Permissions management","resourceTypes":[{"name":"gateway","required":true},{"name":"policy-engine","required":true}],"permissionOnly":true},"BatchCreateMemoryRecords":{"conditionKeys":["bedrock-agentcore:namespace"],"resources":[{"name":"memory"}],"description":"Grants permission to create one or more memory records","accessLevel":"Write","resourceTypes":[{"name":"memory","required":true}]},"BatchDeleteMemoryRecords":{"conditionKeys":[],"resources":[{"name":"memory"}],"description":"Grants permission to delete one or more memory records","accessLevel":"Write","resourceTypes":[{"name":"memory","required":true}]},"BatchUpdateMemoryRecords":{"conditionKeys":["bedrock-agentcore:namespace"],"resources":[{"name":"memory"}],"description":"Grants permission to update one or more memory records","accessLevel":"Write","resourceTypes":[{"name":"memory","required":true}]},"CompleteResourceTokenAuth":{"conditionKeys":["bedrock-agentcore:InboundJwtClaim/aud","bedrock-agentcore:InboundJwtClaim/client_id","bedrock-agentcore:InboundJwtClaim/iss","bedrock-agentcore:InboundJwtClaim/scope","bedrock-agentcore:InboundJwtClaim/sub","bedrock-agentcore:userid"],"resources":[{"name":"oauth2credentialprovider"},{"name":"token-vault"},{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to retrieve access token with OAuth2 for 3LO flow to access external resource","accessLevel":"Read","resourceTypes":[{"name":"oauth2credentialprovider","required":true},{"name":"token-vault","required":true},{"name":"workload-identity","required":true},{"name":"workload-identity-directory","required":true}]},"ConnectBrowserAutomationStream":{"conditionKeys":[],"resources":[],"description":"Grants permission to connect to a browser automation stream","accessLevel":"Read","resourceTypes":[]},"ConnectBrowserLiveViewStream":{"conditionKeys":[],"resources":[],"description":"Grants permission to connect to a browser live view stream","accessLevel":"Read","resourceTypes":[]},"CreateAgentRuntime":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","bedrock-agentcore:securityGroups","bedrock-agentcore:subnets"],"resources":[],"description":"Grants permission to create a new agent runtime","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:PassRole"]},"CreateAgentRuntimeEndpoint":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"runtime"}],"description":"Grants permission to create a new agent runtime endpoint","accessLevel":"Write","resourceTypes":[{"name":"runtime","required":true}]},"CreateApiKeyCredentialProvider":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"apikeycredentialprovider"},{"name":"token-vault"}],"description":"Grants permission to create a new API Key Credential Provider","accessLevel":"Write","resourceTypes":[{"name":"apikeycredentialprovider","required":true},{"name":"token-vault","required":true}]},"CreateBrowser":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","bedrock-agentcore:securityGroups","bedrock-agentcore:subnets"],"resources":[],"description":"Grants permission to create a new custom browser","accessLevel":"Write","resourceTypes":[]},"CreateBrowserProfile":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a new browser profile","accessLevel":"Write","resourceTypes":[]},"CreateCodeInterpreter":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","bedrock-agentcore:securityGroups","bedrock-agentcore:subnets"],"resources":[],"description":"Grants permission to create a new custom code interpreter","accessLevel":"Write","resourceTypes":[]},"CreateEvaluator":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a new evaluator","accessLevel":"Write","resourceTypes":[]},"CreateEvent":{"conditionKeys":["bedrock-agentcore:actorId","bedrock-agentcore:sessionId"],"resources":[{"name":"memory"}],"description":"Grants permission to create an Event","accessLevel":"Write","resourceTypes":[{"name":"memory","required":true}]},"CreateGateway":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a new gateway","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:PassRole"]},"CreateGatewayTarget":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to create a new target in an existing gateway","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true}]},"CreateMemory":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","bedrock-agentcore:KmsKeyArn"],"resources":[],"description":"Grants permission to create a Memory resource","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:PassRole"]},"CreateOauth2CredentialProvider":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"oauth2credentialprovider"},{"name":"token-vault"}],"description":"Grants permission to create a new Credential Provider to access external resources with OAuth2 protocol","accessLevel":"Write","resourceTypes":[{"name":"oauth2credentialprovider","required":true},{"name":"token-vault","required":true}]},"CreateOnlineEvaluationConfig":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"resources":[],"description":"Grants permission to create a new online evaluation configuration","accessLevel":"Write","resourceTypes":[],"dependentActions":["iam:PassRole"]},"CreatePolicy":{"conditionKeys":[],"resources":[{"name":"policy-engine"}],"description":"Grants permission to create a new policy within a policy engine","accessLevel":"Write","resourceTypes":[{"name":"policy-engine","required":true}]},"CreatePolicyEngine":{"conditionKeys":[],"resources":[],"description":"Grants permission to create a new policy engine","accessLevel":"Write","resourceTypes":[]},"CreateWorkloadIdentity":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to create a new Workload Identity","accessLevel":"Write","resourceTypes":[{"name":"workload-identity","required":true},{"name":"workload-identity-directory","required":true}]},"DeleteAgentRuntime":{"conditionKeys":[],"resources":[{"name":"runtime"}],"description":"Grants permission to delete an agent runtime","accessLevel":"Write","resourceTypes":[{"name":"runtime","required":true}]},"DeleteAgentRuntimeEndpoint":{"conditionKeys":[],"resources":[{"name":"runtime"},{"name":"runtime-endpoint"}],"description":"Grants permission to delete an agent runtime endpoint","accessLevel":"Write","resourceTypes":[{"name":"runtime","required":true},{"name":"runtime-endpoint","required":true}]},"DeleteApiKeyCredentialProvider":{"conditionKeys":[],"resources":[{"name":"apikeycredentialprovider"},{"name":"token-vault"}],"description":"Grants permission to delete a registered API Key Credential Provider","accessLevel":"Write","resourceTypes":[{"name":"apikeycredentialprovider","required":true},{"name":"token-vault","required":true}]},"DeleteBrowser":{"conditionKeys":[],"resources":[{"name":"browser-custom"}],"description":"Grants permission to delete a custom browser","accessLevel":"Write","resourceTypes":[{"name":"browser-custom","required":true}]},"DeleteBrowserProfile":{"conditionKeys":[],"resources":[{"name":"browser-profile"}],"description":"Grants permission to delete a browser profile","accessLevel":"Write","resourceTypes":[{"name":"browser-profile","required":true}]},"DeleteCodeInterpreter":{"conditionKeys":[],"resources":[{"name":"code-interpreter-custom"}],"description":"Grants permission to delete a custom code interpreter","accessLevel":"Write","resourceTypes":[{"name":"code-interpreter-custom","required":true}]},"DeleteEvaluator":{"conditionKeys":[],"resources":[{"name":"evaluator"}],"description":"Grants permission to delete an evaluator","accessLevel":"Write","resourceTypes":[{"name":"evaluator","required":true}]},"DeleteEvent":{"conditionKeys":["bedrock-agentcore:actorId","bedrock-agentcore:sessionId"],"resources":[{"name":"memory"}],"description":"Grants permission to delete an Event","accessLevel":"Write","resourceTypes":[{"name":"memory","required":true}]},"DeleteGateway":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to delete an existing gateway","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true}]},"DeleteGatewayTarget":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to delete an existing gateway target","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true}]},"DeleteMemory":{"conditionKeys":[],"resources":[{"name":"memory"}],"description":"Grants permission to delete a Memory resource","accessLevel":"Write","resourceTypes":[{"name":"memory","required":true}]},"DeleteMemoryRecord":{"conditionKeys":[],"resources":[{"name":"memory"}],"description":"Grants permission to delete a Memory Record","accessLevel":"Write","resourceTypes":[{"name":"memory","required":true}]},"DeleteOauth2CredentialProvider":{"conditionKeys":[],"resources":[{"name":"oauth2credentialprovider"},{"name":"token-vault"}],"description":"Grants permission to delete a registered OAuth2 Credential Provider","accessLevel":"Write","resourceTypes":[{"name":"oauth2credentialprovider","required":true},{"name":"token-vault","required":true}]},"DeleteOnlineEvaluationConfig":{"conditionKeys":[],"resources":[{"name":"online-evaluation-config"}],"description":"Grants permission to delete an online evaluation configuration","accessLevel":"Write","resourceTypes":[{"name":"online-evaluation-config","required":true}]},"DeletePolicy":{"conditionKeys":[],"resources":[{"name":"policy"},{"name":"policy-engine"}],"description":"Grants permission to delete a policy","accessLevel":"Write","resourceTypes":[{"name":"policy","required":true},{"name":"policy-engine","required":true}]},"DeletePolicyEngine":{"conditionKeys":[],"resources":[{"name":"policy-engine"}],"description":"Grants permission to delete a policy engine","accessLevel":"Write","resourceTypes":[{"name":"policy-engine","required":true}]},"DeleteResourcePolicy":{"conditionKeys":[],"resources":[{"name":"gateway"},{"name":"runtime"},{"name":"runtime-endpoint"}],"description":"Grants permission to delete the resource-based policy for a Bedrock resource","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":false},{"name":"runtime","required":false},{"name":"runtime-endpoint","required":false}]},"DeleteWorkloadIdentity":{"conditionKeys":[],"resources":[{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to delete a registered Workload Identity","accessLevel":"Write","resourceTypes":[{"name":"workload-identity","required":true},{"name":"workload-identity-directory","required":true}]},"Evaluate":{"conditionKeys":[],"resources":[{"name":"evaluator"}],"description":"Grants permission to run an evaluation using an evaluator","accessLevel":"Write","resourceTypes":[{"name":"evaluator","required":true}]},"GetAgentCard":{"conditionKeys":[],"resources":[{"name":"runtime"},{"name":"runtime-endpoint"}],"description":"Grants permission to retrieve an agent card for A2A","accessLevel":"Read","resourceTypes":[{"name":"runtime","required":true},{"name":"runtime-endpoint","required":true}]},"GetAgentRuntime":{"conditionKeys":[],"resources":[{"name":"runtime"}],"description":"Grants permission to get details of an agent runtime","accessLevel":"Read","resourceTypes":[{"name":"runtime","required":true}]},"GetAgentRuntimeEndpoint":{"conditionKeys":[],"resources":[{"name":"runtime"},{"name":"runtime-endpoint"}],"description":"Grants permission to get details of an agent runtime endpoint","accessLevel":"Read","resourceTypes":[{"name":"runtime","required":true},{"name":"runtime-endpoint","required":true}]},"GetApiKeyCredentialProvider":{"conditionKeys":[],"resources":[{"name":"apikeycredentialprovider"},{"name":"token-vault"}],"description":"Grants permission to fetch a registered API Key Credential Provider by its name","accessLevel":"Read","resourceTypes":[{"name":"apikeycredentialprovider","required":true},{"name":"token-vault","required":true}]},"GetBrowser":{"conditionKeys":[],"resources":[{"name":"browser-custom"}],"description":"Grants permission to get details of a browser","accessLevel":"Read","resourceTypes":[{"name":"browser-custom","required":true}]},"GetBrowserProfile":{"conditionKeys":[],"resources":[{"name":"browser-profile"}],"description":"Grants permission to get details of a browser profile","accessLevel":"Read","resourceTypes":[{"name":"browser-profile","required":true}]},"GetBrowserSession":{"conditionKeys":[],"resources":[{"name":"browser"},{"name":"browser-custom"}],"description":"Grants permission to get details of a browser session","accessLevel":"Read","resourceTypes":[{"name":"browser","required":true},{"name":"browser-custom","required":true}]},"GetCodeInterpreter":{"conditionKeys":[],"resources":[{"name":"code-interpreter-custom"}],"description":"Grants permission to get details of a code interpreter","accessLevel":"Read","resourceTypes":[{"name":"code-interpreter-custom","required":true}]},"GetCodeInterpreterSession":{"conditionKeys":[],"resources":[{"name":"code-interpreter"},{"name":"code-interpreter-custom"}],"description":"Grants permission to get details of a code interpreter session","accessLevel":"Read","resourceTypes":[{"name":"code-interpreter","required":true},{"name":"code-interpreter-custom","required":true}]},"GetEvaluator":{"conditionKeys":[],"resources":[{"name":"evaluator"}],"description":"Grants permission to get details of an evaluator","accessLevel":"Read","resourceTypes":[{"name":"evaluator","required":true}]},"GetEvent":{"conditionKeys":["bedrock-agentcore:actorId","bedrock-agentcore:sessionId"],"resources":[{"name":"memory"}],"description":"Grants permission to fetch an Event","accessLevel":"Read","resourceTypes":[{"name":"memory","required":true}]},"GetGateway":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to retrieve an existing gateway","accessLevel":"Read","resourceTypes":[{"name":"gateway","required":true}]},"GetGatewayTarget":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to retrieve an existing gateway target","accessLevel":"Read","resourceTypes":[{"name":"gateway","required":true}]},"GetMemory":{"conditionKeys":[],"resources":[{"name":"memory"}],"description":"Grants permission to fetch details for a Memory resource","accessLevel":"Read","resourceTypes":[{"name":"memory","required":true}]},"GetMemoryRecord":{"conditionKeys":[],"resources":[{"name":"memory"}],"description":"Grants permission to fetch a Memory Record","accessLevel":"Read","resourceTypes":[{"name":"memory","required":true}]},"GetOauth2CredentialProvider":{"conditionKeys":[],"resources":[{"name":"oauth2credentialprovider"},{"name":"token-vault"}],"description":"Grants permission to fetch a registered OAuth2 Credential Provider by its name","accessLevel":"Read","resourceTypes":[{"name":"oauth2credentialprovider","required":true},{"name":"token-vault","required":true}]},"GetOnlineEvaluationConfig":{"conditionKeys":[],"resources":[{"name":"online-evaluation-config"}],"description":"Grants permission to get details of an online evaluation configuration","accessLevel":"Read","resourceTypes":[{"name":"online-evaluation-config","required":true}]},"GetPolicy":{"conditionKeys":[],"resources":[{"name":"policy"},{"name":"policy-engine"}],"description":"Grants permission to retrieve a policy","accessLevel":"Read","resourceTypes":[{"name":"policy","required":true},{"name":"policy-engine","required":true}]},"GetPolicyEngine":{"conditionKeys":[],"resources":[{"name":"policy-engine"}],"description":"Grants permission to retrieve a policy engine","accessLevel":"Read","resourceTypes":[{"name":"policy-engine","required":true}]},"GetPolicyGeneration":{"conditionKeys":[],"resources":[{"name":"policy-engine"},{"name":"policy-generation"}],"description":"Grants permission to retrieve status and results of a policy generation request","accessLevel":"Read","resourceTypes":[{"name":"policy-engine","required":true},{"name":"policy-generation","required":true}]},"GetResourceApiKey":{"conditionKeys":[],"resources":[{"name":"apikeycredentialprovider"},{"name":"token-vault"},{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to retrieve an API Key associated with an Api Key Credential Provider","accessLevel":"Read","resourceTypes":[{"name":"apikeycredentialprovider","required":true},{"name":"token-vault","required":true},{"name":"workload-identity","required":true},{"name":"workload-identity-directory","required":true}]},"GetResourceOauth2Token":{"conditionKeys":[],"resources":[{"name":"oauth2credentialprovider"},{"name":"token-vault"},{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to retrieve access token with OAuth2 2LO or 3LO flow to access external resource","accessLevel":"Read","resourceTypes":[{"name":"oauth2credentialprovider","required":true},{"name":"token-vault","required":true},{"name":"workload-identity","required":true},{"name":"workload-identity-directory","required":true}]},"GetResourcePolicy":{"conditionKeys":[],"resources":[{"name":"gateway"},{"name":"runtime"},{"name":"runtime-endpoint"}],"description":"Grants permission to retrieve the resource-based policy for a Bedrock resource","accessLevel":"Read","resourceTypes":[{"name":"gateway","required":false},{"name":"runtime","required":false},{"name":"runtime-endpoint","required":false}]},"GetTokenVault":{"conditionKeys":[],"resources":[{"name":"token-vault"}],"description":"Grants permission to fetch the current configuration of the TokenVault, including encryption settings","accessLevel":"Read","resourceTypes":[{"name":"token-vault","required":true}]},"GetWorkloadAccessToken":{"conditionKeys":[],"resources":[{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to retrieve an Workload access token for agentic workloads not acting on behalf of a user","accessLevel":"Write","resourceTypes":[{"name":"workload-identity","required":true},{"name":"workload-identity-directory","required":true}]},"GetWorkloadAccessTokenForJWT":{"conditionKeys":["bedrock-agentcore:InboundJwtClaim/aud","bedrock-agentcore:InboundJwtClaim/client_id","bedrock-agentcore:InboundJwtClaim/iss","bedrock-agentcore:InboundJwtClaim/scope","bedrock-agentcore:InboundJwtClaim/sub"],"resources":[{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with JWT token","accessLevel":"Write","resourceTypes":[{"name":"workload-identity","required":true},{"name":"workload-identity-directory","required":true}]},"GetWorkloadAccessTokenForUserId":{"conditionKeys":["bedrock-agentcore:userid"],"resources":[{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with User Id","accessLevel":"Write","resourceTypes":[{"name":"workload-identity","required":true},{"name":"workload-identity-directory","required":true}]},"GetWorkloadIdentity":{"conditionKeys":[],"resources":[{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to fetch details for a specific Workload identity, including its name and allowed OAuth2 return URLs","accessLevel":"Read","resourceTypes":[{"name":"workload-identity","required":true},{"name":"workload-identity-directory","required":true}]},"InvokeAgentRuntime":{"conditionKeys":[],"resources":[{"name":"runtime"},{"name":"runtime-endpoint"}],"description":"Grants permission to invoke an agent runtime endpoint","accessLevel":"Write","resourceTypes":[{"name":"runtime","required":true},{"name":"runtime-endpoint","required":true}]},"InvokeAgentRuntimeCommand":{"conditionKeys":[],"resources":[{"name":"runtime"},{"name":"runtime-endpoint"}],"description":"Grants permission to invoke commands on an agent runtime endpoint","accessLevel":"Write","resourceTypes":[{"name":"runtime","required":true},{"name":"runtime-endpoint","required":true}]},"InvokeAgentRuntimeForUser":{"conditionKeys":[],"resources":[{"name":"runtime"},{"name":"runtime-endpoint"}],"description":"Grants permission to invoke an agent runtime endpoint with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header","accessLevel":"Write","resourceTypes":[{"name":"runtime","required":true},{"name":"runtime-endpoint","required":true}]},"InvokeAgentRuntimeWithWebSocketStream":{"conditionKeys":[],"resources":[{"name":"runtime"},{"name":"runtime-endpoint"}],"description":"Grants permission to invoke an agent runtime endpoint with WebSocket stream","accessLevel":"Write","resourceTypes":[{"name":"runtime","required":true},{"name":"runtime-endpoint","required":true}]},"InvokeAgentRuntimeWithWebSocketStreamForUser":{"conditionKeys":[],"resources":[{"name":"runtime"},{"name":"runtime-endpoint"}],"description":"Grants permission to invoke an agent runtime endpoint with WebSocket stream and with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header","accessLevel":"Write","resourceTypes":[{"name":"runtime","required":true},{"name":"runtime-endpoint","required":true}]},"InvokeCodeInterpreter":{"conditionKeys":[],"resources":[{"name":"code-interpreter"},{"name":"code-interpreter-custom"}],"description":"Grants permission to invoke a code interpreter session","accessLevel":"Write","resourceTypes":[{"name":"code-interpreter","required":true},{"name":"code-interpreter-custom","required":true}]},"InvokeGateway":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to invoke a gateway","accessLevel":"Permissions management","resourceTypes":[{"name":"gateway","required":true}],"permissionOnly":true},"ListActors":{"conditionKeys":[],"resources":[{"name":"memory"}],"description":"Grants permission to list Actors","accessLevel":"List","resourceTypes":[{"name":"memory","required":true}]},"ListAgentRuntimeEndpoints":{"conditionKeys":[],"resources":[],"description":"Grants permission to list agent runtime endpoints","accessLevel":"List","resourceTypes":[]},"ListAgentRuntimeVersions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list agent runtime versions","accessLevel":"List","resourceTypes":[]},"ListAgentRuntimes":{"conditionKeys":[],"resources":[],"description":"Grants permission to list agent runtimes","accessLevel":"List","resourceTypes":[]},"ListApiKeyCredentialProviders":{"conditionKeys":[],"resources":[{"name":"apikeycredentialprovider"},{"name":"token-vault"}],"description":"Grants permission to list all API Key Credential Providers in the Token Vault","accessLevel":"Read","resourceTypes":[{"name":"apikeycredentialprovider","required":true},{"name":"token-vault","required":true}]},"ListBrowserProfiles":{"conditionKeys":[],"resources":[],"description":"Grants permission to list browser profiles","accessLevel":"List","resourceTypes":[]},"ListBrowserSessions":{"conditionKeys":[],"resources":[],"description":"Grants permission to list browser sessions","accessLevel":"List","resourceTypes":[]},"ListBrowsers":{"conditionKeys":[],"resources":[],"description":"Grants permission to list browsers","accessLevel":"List","resourceTypes":[]},"ListCodeInterpreterSessions":{"conditionKeys":[],"resources":[{"name":"code-interpreter"},{"name":"code-interpreter-custom"}],"description":"Grants permission to list code interpreter sessions","accessLevel":"List","resourceTypes":[{"name":"code-interpreter","required":true},{"name":"code-interpreter-custom","required":true}]},"ListCodeInterpreters":{"conditionKeys":[],"resources":[],"description":"Grants permission to list code interpreters","accessLevel":"List","resourceTypes":[]},"ListEvaluators":{"conditionKeys":[],"resources":[],"description":"Grants permission to list evaluators","accessLevel":"List","resourceTypes":[]},"ListEvents":{"conditionKeys":["bedrock-agentcore:actorId","bedrock-agentcore:sessionId"],"resources":[{"name":"memory"}],"description":"Grants permission to list events","accessLevel":"List","resourceTypes":[{"name":"memory","required":true}]},"ListGatewayTargets":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to list existing gateway targets","accessLevel":"List","resourceTypes":[{"name":"gateway","required":true}]},"ListGateways":{"conditionKeys":[],"resources":[],"description":"Grants permission to list existing gateways","accessLevel":"List","resourceTypes":[]},"ListMemories":{"conditionKeys":[],"resources":[],"description":"Grants permission to list memory resources","accessLevel":"List","resourceTypes":[]},"ListMemoryExtractionJobs":{"conditionKeys":[],"resources":[{"name":"memory"}],"description":"Grants permission to list extraction jobs for this memory","accessLevel":"List","resourceTypes":[{"name":"memory","required":true}]},"ListMemoryRecords":{"conditionKeys":["bedrock-agentcore:namespace","bedrock-agentcore:strategyId"],"resources":[{"name":"memory"}],"description":"Grants permission to list memory records","accessLevel":"List","resourceTypes":[{"name":"memory","required":true}]},"ListOauth2CredentialProviders":{"conditionKeys":[],"resources":[{"name":"oauth2credentialprovider"},{"name":"token-vault"}],"description":"Grants permission to list all OAuth2 Credential Providers in the Token Vault","accessLevel":"Read","resourceTypes":[{"name":"oauth2credentialprovider","required":true},{"name":"token-vault","required":true}]},"ListOnlineEvaluationConfigs":{"conditionKeys":[],"resources":[],"description":"Grants permission to list online evaluation configurations","accessLevel":"List","resourceTypes":[]},"ListPolicies":{"conditionKeys":[],"resources":[{"name":"policy-engine"}],"description":"Grants permission to list policies within a policy engine","accessLevel":"List","resourceTypes":[{"name":"policy-engine","required":true}]},"ListPolicyEngines":{"conditionKeys":[],"resources":[],"description":"Grants permission to list policy engines","accessLevel":"List","resourceTypes":[]},"ListPolicyGenerationAssets":{"conditionKeys":[],"resources":[{"name":"policy-engine"},{"name":"policy-generation"}],"description":"Grants permission to list generated policy assets from a generation request","accessLevel":"List","resourceTypes":[{"name":"policy-engine","required":true},{"name":"policy-generation","required":true}]},"ListPolicyGenerations":{"conditionKeys":[],"resources":[{"name":"policy-engine"}],"description":"Grants permission to list policy generation requests","accessLevel":"List","resourceTypes":[{"name":"policy-engine","required":true}]},"ListSessions":{"conditionKeys":["bedrock-agentcore:actorId"],"resources":[{"name":"memory"}],"description":"Grants permission to list sessions","accessLevel":"List","resourceTypes":[{"name":"memory","required":true}]},"ListTagsForResource":{"conditionKeys":[],"resources":[{"name":"apikeycredentialprovider"},{"name":"browser-custom"},{"name":"browser-profile"},{"name":"code-interpreter-custom"},{"name":"evaluator"},{"name":"gateway"},{"name":"memory"},{"name":"oauth2credentialprovider"},{"name":"online-evaluation-config"},{"name":"runtime"},{"name":"runtime-endpoint"},{"name":"token-vault"},{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to list tags for a Bedrock-AgentCore resource","accessLevel":"List","resourceTypes":[{"name":"apikeycredentialprovider","required":false},{"name":"browser-custom","required":false},{"name":"browser-profile","required":false},{"name":"code-interpreter-custom","required":false},{"name":"evaluator","required":false},{"name":"gateway","required":false},{"name":"memory","required":false},{"name":"oauth2credentialprovider","required":false},{"name":"online-evaluation-config","required":false},{"name":"runtime","required":false},{"name":"runtime-endpoint","required":false},{"name":"token-vault","required":false},{"name":"workload-identity","required":false},{"name":"workload-identity-directory","required":false}]},"ListWorkloadIdentities":{"conditionKeys":[],"resources":[{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to list all Workload Identities in the caller's AWS account","accessLevel":"Read","resourceTypes":[{"name":"workload-identity","required":true},{"name":"workload-identity-directory","required":true}]},"ManageAdminPolicy":{"conditionKeys":[],"resources":[],"description":"Grants permission to create or modify wildcard policies that apply to gateway resources","accessLevel":"Permissions management","resourceTypes":[],"permissionOnly":true},"ManageResourceScopedPolicy":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to create or modify policies that apply to specific gateway resources","accessLevel":"Permissions management","resourceTypes":[{"name":"gateway","required":true}],"permissionOnly":true},"PartiallyAuthorizeActions":{"conditionKeys":[],"resources":[{"name":"gateway"},{"name":"policy-engine"}],"description":"Grants permission to perform partial evaluation of Cedar policies to authorize a caller to list tools they are allowed to call","accessLevel":"Permissions management","resourceTypes":[{"name":"gateway","required":true},{"name":"policy-engine","required":true}],"permissionOnly":true},"PutResourcePolicy":{"conditionKeys":[],"resources":[{"name":"gateway"},{"name":"runtime"},{"name":"runtime-endpoint"}],"description":"Grants permission to create or update the resource-based policy for a Bedrock resource","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":false},{"name":"runtime","required":false},{"name":"runtime-endpoint","required":false}]},"RetrieveMemoryRecords":{"conditionKeys":["bedrock-agentcore:namespace","bedrock-agentcore:strategyId"],"resources":[{"name":"memory"}],"description":"Grants permission to retrieve memory records through sematic query","accessLevel":"List","resourceTypes":[{"name":"memory","required":true}]},"SaveBrowserSessionProfile":{"conditionKeys":[],"resources":[{"name":"browser"},{"name":"browser-custom"},{"name":"browser-profile"}],"description":"Grants permission to save a browser session profile","accessLevel":"Write","resourceTypes":[{"name":"browser","required":true},{"name":"browser-custom","required":true},{"name":"browser-profile","required":true}]},"SetTokenVaultCMK":{"conditionKeys":[],"resources":[{"name":"token-vault"}],"description":"Grants permission to associate a Customer Managed Key (CMK) or a Service Managed Key with a specific TokenVault","accessLevel":"Read","resourceTypes":[{"name":"token-vault","required":true}]},"StartBrowserSession":{"conditionKeys":[],"resources":[{"name":"browser"},{"name":"browser-custom"},{"name":"browser-profile"}],"description":"Grants permission to start a new browser session","accessLevel":"Write","resourceTypes":[{"name":"browser","required":true},{"name":"browser-custom","required":true},{"name":"browser-profile","required":false}]},"StartCodeInterpreterSession":{"conditionKeys":[],"resources":[{"name":"code-interpreter"},{"name":"code-interpreter-custom"}],"description":"Grants permission to start a new code interpreter session","accessLevel":"Write","resourceTypes":[{"name":"code-interpreter","required":true},{"name":"code-interpreter-custom","required":true}]},"StartMemoryExtractionJob":{"conditionKeys":["bedrock-agentcore:actorId","bedrock-agentcore:sessionId","bedrock-agentcore:strategyId"],"resources":[{"name":"memory"}],"description":"Grants permission to start memory extraction job","accessLevel":"Write","resourceTypes":[{"name":"memory","required":true}]},"StartPolicyGeneration":{"conditionKeys":[],"resources":[{"name":"policy-engine"}],"description":"Grants permission to start an AI-powered policy generation request","accessLevel":"Write","resourceTypes":[{"name":"policy-engine","required":true}]},"StopBrowserSession":{"conditionKeys":[],"resources":[{"name":"browser"},{"name":"browser-custom"}],"description":"Grants permission to stop a browser session","accessLevel":"Write","resourceTypes":[{"name":"browser","required":true},{"name":"browser-custom","required":true}]},"StopCodeInterpreterSession":{"conditionKeys":[],"resources":[{"name":"code-interpreter"},{"name":"code-interpreter-custom"}],"description":"Grants permission to stop a code interpreter session","accessLevel":"Write","resourceTypes":[{"name":"code-interpreter","required":true},{"name":"code-interpreter-custom","required":true}]},"StopRuntimeSession":{"conditionKeys":[],"resources":[{"name":"runtime"},{"name":"runtime-endpoint"}],"description":"Grants permission to stop a runtime session","accessLevel":"Write","resourceTypes":[{"name":"runtime","required":true},{"name":"runtime-endpoint","required":true}]},"SynchronizeGatewayTargets":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to enable search on gateways","accessLevel":"Permissions management","resourceTypes":[{"name":"gateway","required":true}],"permissionOnly":true},"TagResource":{"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys"],"resources":[{"name":"apikeycredentialprovider"},{"name":"browser-custom"},{"name":"browser-profile"},{"name":"code-interpreter-custom"},{"name":"evaluator"},{"name":"gateway"},{"name":"memory"},{"name":"oauth2credentialprovider"},{"name":"online-evaluation-config"},{"name":"runtime"},{"name":"runtime-endpoint"},{"name":"token-vault"},{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to Tag a Bedrock-AgentCore resource","accessLevel":"Tagging","resourceTypes":[{"name":"apikeycredentialprovider","required":false},{"name":"browser-custom","required":false},{"name":"browser-profile","required":false},{"name":"code-interpreter-custom","required":false},{"name":"evaluator","required":false},{"name":"gateway","required":false},{"name":"memory","required":false},{"name":"oauth2credentialprovider","required":false},{"name":"online-evaluation-config","required":false},{"name":"runtime","required":false},{"name":"runtime-endpoint","required":false},{"name":"token-vault","required":false},{"name":"workload-identity","required":false},{"name":"workload-identity-directory","required":false}]},"UntagResource":{"conditionKeys":["aws:TagKeys"],"resources":[{"name":"apikeycredentialprovider"},{"name":"browser-custom"},{"name":"browser-profile"},{"name":"code-interpreter-custom"},{"name":"evaluator"},{"name":"gateway"},{"name":"memory"},{"name":"oauth2credentialprovider"},{"name":"online-evaluation-config"},{"name":"runtime"},{"name":"runtime-endpoint"},{"name":"token-vault"},{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to Untag a Bedrock-AgentCore resource","accessLevel":"Tagging","resourceTypes":[{"name":"apikeycredentialprovider","required":false},{"name":"browser-custom","required":false},{"name":"browser-profile","required":false},{"name":"code-interpreter-custom","required":false},{"name":"evaluator","required":false},{"name":"gateway","required":false},{"name":"memory","required":false},{"name":"oauth2credentialprovider","required":false},{"name":"online-evaluation-config","required":false},{"name":"runtime","required":false},{"name":"runtime-endpoint","required":false},{"name":"token-vault","required":false},{"name":"workload-identity","required":false},{"name":"workload-identity-directory","required":false}]},"UpdateAgentRuntime":{"conditionKeys":["bedrock-agentcore:securityGroups","bedrock-agentcore:subnets"],"resources":[{"name":"runtime"}],"description":"Grants permission to update an agent runtime","accessLevel":"Write","resourceTypes":[{"name":"runtime","required":true}],"dependentActions":["iam:PassRole"]},"UpdateAgentRuntimeEndpoint":{"conditionKeys":[],"resources":[{"name":"runtime"},{"name":"runtime-endpoint"}],"description":"Grants permission to update an agent runtime endpoint","accessLevel":"Write","resourceTypes":[{"name":"runtime","required":true},{"name":"runtime-endpoint","required":true}]},"UpdateApiKeyCredentialProvider":{"conditionKeys":[],"resources":[{"name":"apikeycredentialprovider"},{"name":"token-vault"}],"description":"Grants permission to update an existing API Key Credential Provider","accessLevel":"Write","resourceTypes":[{"name":"apikeycredentialprovider","required":true},{"name":"token-vault","required":true}]},"UpdateBrowserStream":{"conditionKeys":[],"resources":[{"name":"browser"},{"name":"browser-custom"}],"description":"Grants permission to update the status of browser session stream","accessLevel":"Write","resourceTypes":[{"name":"browser","required":true},{"name":"browser-custom","required":true}]},"UpdateEvaluator":{"conditionKeys":[],"resources":[{"name":"evaluator"}],"description":"Grants permission to update an evaluator","accessLevel":"Write","resourceTypes":[{"name":"evaluator","required":true}]},"UpdateGateway":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to update an existing gateway","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true}],"dependentActions":["iam:PassRole"]},"UpdateGatewayTarget":{"conditionKeys":[],"resources":[{"name":"gateway"}],"description":"Grants permission to update an existing gateway target","accessLevel":"Write","resourceTypes":[{"name":"gateway","required":true}]},"UpdateMemory":{"conditionKeys":[],"resources":[{"name":"memory"}],"description":"Grants permission to update a Memory resource","accessLevel":"Write","resourceTypes":[{"name":"memory","required":true}],"dependentActions":["iam:PassRole"]},"UpdateOauth2CredentialProvider":{"conditionKeys":[],"resources":[{"name":"oauth2credentialprovider"},{"name":"token-vault"}],"description":"Grants permission to update an existing OAuth2 Credential Provider","accessLevel":"Write","resourceTypes":[{"name":"oauth2credentialprovider","required":true},{"name":"token-vault","required":true}]},"UpdateOnlineEvaluationConfig":{"conditionKeys":[],"resources":[{"name":"online-evaluation-config"}],"description":"Grants permission to update an online evaluation configuration","accessLevel":"Write","resourceTypes":[{"name":"online-evaluation-config","required":true}],"dependentActions":["iam:PassRole"]},"UpdatePolicy":{"conditionKeys":[],"resources":[{"name":"policy"},{"name":"policy-engine"}],"description":"Grants permission to update an existing policy","accessLevel":"Write","resourceTypes":[{"name":"policy","required":true},{"name":"policy-engine","required":true}]},"UpdatePolicyEngine":{"conditionKeys":[],"resources":[{"name":"policy-engine"}],"description":"Grants permission to update a policy engine","accessLevel":"Write","resourceTypes":[{"name":"policy-engine","required":true}]},"UpdateWorkloadIdentity":{"conditionKeys":[],"resources":[{"name":"workload-identity"},{"name":"workload-identity-directory"}],"description":"Grants permission to update the metadata of an existing Workload Identity","accessLevel":"Write","resourceTypes":[{"name":"workload-identity","required":true},{"name":"workload-identity-directory","required":true}]}},"resources":[{"name":"apikeycredentialprovider","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}/apikeycredentialprovider/${Name}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"browser","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:aws:browser/${BrowserId}"],"conditionKeys":[]},{"name":"browser-custom","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:browser-custom/${BrowserId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"browser-profile","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:browser-profile/${BrowserProfileId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"code-interpreter","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:aws:code-interpreter/${CodeInterpreterId}"],"conditionKeys":[]},{"name":"code-interpreter-custom","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:code-interpreter-custom/${CodeInterpreterId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"evaluator","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:evaluator/${EvaluatorId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"gateway","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:gateway/${GatewayId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"memory","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:memory/${MemoryId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"oauth2credentialprovider","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}/oauth2credentialprovider/${Name}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"online-evaluation-config","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:online-evaluation-config/${OnlineEvaluationConfigId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"policy","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:policy-engine/${PolicyEngineId}/policy/${PolicyId}"],"conditionKeys":[]},{"name":"policy-engine","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:policy-engine/${PolicyEngineId}"],"conditionKeys":[]},{"name":"policy-generation","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:policy-engine/${PolicyEngineId}/policy-generation/${PolicyGenerationId}"],"conditionKeys":[]},{"name":"runtime","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:runtime/${RuntimeId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"runtime-endpoint","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:runtime/${RuntimeId}/runtime-endpoint/${Name}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"token-vault","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"workload-identity","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:workload-identity-directory/${DirectoryId}/workload-identity/${WorkloadIdentityName}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]},{"name":"workload-identity-directory","arnFormats":["arn:${Partition}:bedrock-agentcore:${Region}:${Account}:workload-identity-directory/${DirectoryId}"],"conditionKeys":["aws:ResourceTag/${TagKey}"]}],"conditionKeys":{"aws:RequestTag/${TagKey}":{"types":["String"],"description":"Filters access by creating requests based on the allowed set of values for each of the mandatory tags"},"aws:ResourceTag/${TagKey}":{"types":["String"],"description":"Filters access by having actions based on the tag value associated with the resource"},"aws:TagKeys":{"types":["ArrayOfString"],"description":"Filters access by creating requests based on the presence of mandatory tags in the request"},"bedrock-agentcore:GatewayAuthorizerType":{"types":["String"],"description":"Filters access by the authorizerType attribute on a Gateway"},"bedrock-agentcore:InboundJwtClaim/aud":{"types":["ArrayOfString"],"description":"Filters access by the audience claim (aud) in the JWT passed in the request"},"bedrock-agentcore:InboundJwtClaim/client_id":{"types":["String"],"description":"Filters access by the client_id claim in the JWT passed in the request"},"bedrock-agentcore:InboundJwtClaim/iss":{"types":["String"],"description":"Filters access by the issuer (iss) claim present in the JWT passed in the request"},"bedrock-agentcore:InboundJwtClaim/scope":{"types":["ArrayOfString"],"description":"Filters access by the scope claim in the JWT passed in the request"},"bedrock-agentcore:InboundJwtClaim/sub":{"types":["String"],"description":"Filters access by the subject claim (sub) in the JWT passed in the request"},"bedrock-agentcore:KmsKeyArn":{"types":["String"],"description":"Filters access by KMS Key arn provided"},"bedrock-agentcore:actorId":{"types":["String"],"description":"Filters access by Actor Id"},"bedrock-agentcore:namespace":{"types":["String"],"description":"Filters access by namespace"},"bedrock-agentcore:securityGroups":{"types":["ArrayOfString"],"description":"Filters access by the ID of security groups configured for the AgentCore runtime"},"bedrock-agentcore:sessionId":{"types":["String"],"description":"Filters access by Session Id"},"bedrock-agentcore:strategyId":{"types":["String"],"description":"Filters access by Memory Strategy Id"},"bedrock-agentcore:subnets":{"types":["ArrayOfString"],"description":"Filters access by the ID of subnets configured for the AgentCore runtime"},"bedrock-agentcore:userid":{"types":["String"],"description":"Filters access by the static user ID value passed in the request"}}}