npm - cdk-iam-floyd - Versions diffs - 0.488.0 → 0.489.0 - Mend

cdk-iam-floyd 0.488.0 → 0.489.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (383) hide show

package/.jsii +402 -36
package/lib/collection/index.js +1 -1
package/lib/generated/accountmanagement.js +1 -1
package/lib/generated/activate.js +1 -1
package/lib/generated/alexaforbusiness.js +1 -1
package/lib/generated/amplify.js +1 -1
package/lib/generated/amplifyadmin.js +1 -1
package/lib/generated/amplifyuibuilder.js +1 -1
package/lib/generated/apachekafkaapisforamazonmskclusters.js +1 -1
package/lib/generated/apigateway.js +1 -1
package/lib/generated/apigatewaymanagement.js +1 -1
package/lib/generated/apigatewaymanagementv2.js +1 -1
package/lib/generated/app2container.js +1 -1
package/lib/generated/appconfig.js +1 -1
package/lib/generated/appflow.js +1 -1
package/lib/generated/appintegrations.js +1 -1
package/lib/generated/applicationautoscaling.js +1 -1
package/lib/generated/applicationcostprofilerservice.js +1 -1
package/lib/generated/applicationdiscoveryarsenal.js +1 -1
package/lib/generated/applicationdiscoveryservice.js +1 -1
package/lib/generated/applicationmigrationservice.js +1 -1
package/lib/generated/appmesh.js +1 -1
package/lib/generated/appmeshpreview.js +1 -1
package/lib/generated/apprunner.js +1 -1
package/lib/generated/appstream2-0.js +1 -1
package/lib/generated/appsync.js +1 -1
package/lib/generated/artifact.js +1 -1
package/lib/generated/athena.js +1 -1
package/lib/generated/auditmanager.js +1 -1
package/lib/generated/autoscaling.js +1 -1
package/lib/generated/backup.js +1 -1
package/lib/generated/backupgateway.js +1 -1
package/lib/generated/backupstorage.js +1 -1
package/lib/generated/batch.js +1 -1
package/lib/generated/billing-.js +1 -1
package/lib/generated/billingconductor.js +1 -1
package/lib/generated/billingconsole.js +1 -1
package/lib/generated/braket.js +1 -1
package/lib/generated/budgetservice.js +1 -1
package/lib/generated/bugbust.js +1 -1
package/lib/generated/certificatemanager.js +1 -1
package/lib/generated/chatbot.js +1 -1
package/lib/generated/chime.js +1 -1
package/lib/generated/cleanrooms.js +1 -1
package/lib/generated/cloud9.js +1 -1
package/lib/generated/cloudcontrolapi.js +1 -1
package/lib/generated/clouddirectory.js +1 -1
package/lib/generated/cloudformation.js +1 -1
package/lib/generated/cloudfront.js +1 -1
package/lib/generated/cloudhsm.js +1 -1
package/lib/generated/cloudmap.js +1 -1
package/lib/generated/cloudsearch.js +1 -1
package/lib/generated/cloudshell.js +1 -1
package/lib/generated/cloudtrail.js +1 -1
package/lib/generated/cloudtraildata.js +1 -1
package/lib/generated/cloudwatch.js +1 -1
package/lib/generated/cloudwatchapplicationinsights.js +1 -1
package/lib/generated/cloudwatchevidently.js +1 -1
package/lib/generated/cloudwatchinternetmonitor.js +1 -1
package/lib/generated/cloudwatchlogs.js +1 -1
package/lib/generated/cloudwatchobservabilityaccessmanager.js +1 -1
package/lib/generated/cloudwatchrum.js +1 -1
package/lib/generated/cloudwatchsynthetics.js +1 -1
package/lib/generated/codeartifact.js +1 -1
package/lib/generated/codebuild.js +1 -1
package/lib/generated/codecatalyst.js +1 -1
package/lib/generated/codecommit.js +1 -1
package/lib/generated/codedeploy.js +1 -1
package/lib/generated/codedeploysecurehostcommandsservice.js +1 -1
package/lib/generated/codeguru.js +1 -1
package/lib/generated/codeguruprofiler.js +1 -1
package/lib/generated/codegurureviewer.js +1 -1
package/lib/generated/codegurusecurity.js +1 -1
package/lib/generated/codepipeline.js +1 -1
package/lib/generated/codestar.js +1 -1
package/lib/generated/codestarconnections.js +1 -1
package/lib/generated/codestarnotifications.js +1 -1
package/lib/generated/codewhisperer.js +1 -1
package/lib/generated/cognitoidentity.js +1 -1
package/lib/generated/cognitosync.js +1 -1
package/lib/generated/cognitouserpools.js +1 -1
package/lib/generated/comprehend.js +1 -1
package/lib/generated/comprehendmedical.js +1 -1
package/lib/generated/computeoptimizer.js +1 -1
package/lib/generated/config.js +1 -1
package/lib/generated/connect.js +1 -1
package/lib/generated/connectcases.js +1 -1
package/lib/generated/connectcustomerprofiles.js +1 -1
package/lib/generated/connectorservice.js +1 -1
package/lib/generated/connectvoiceid.js +1 -1
package/lib/generated/connectwisdom.js +1 -1
package/lib/generated/consolidatedbilling.js +1 -1
package/lib/generated/controltower.js +1 -1
package/lib/generated/costandusagereport.js +1 -1
package/lib/generated/costexplorerservice.js +1 -1
package/lib/generated/databasemigrationservice.js +1 -1
package/lib/generated/databasequerymetadataservice.js +1 -1
package/lib/generated/dataexchange.js +1 -1
package/lib/generated/datalifecyclemanager.js +1 -1
package/lib/generated/datapipeline.js +1 -1
package/lib/generated/datasync.js +1 -1
package/lib/generated/deepcomposer.js +1 -1
package/lib/generated/deeplens.js +1 -1
package/lib/generated/deepracer.js +1 -1
package/lib/generated/detective.js +1 -1
package/lib/generated/devicefarm.js +1 -1
package/lib/generated/devopsguru.js +1 -1
package/lib/generated/directconnect.js +1 -1
package/lib/generated/directoryservice.js +1 -1
package/lib/generated/documentdbelasticclusters.js +1 -1
package/lib/generated/dynamodb.js +1 -1
package/lib/generated/dynamodbacceleratordax.js +1 -1
package/lib/generated/ec2.js +1 -1
package/lib/generated/ec2autoscaling.js +1 -1
package/lib/generated/ec2imagebuilder.js +1 -1
package/lib/generated/ec2instanceconnect.js +1 -1
package/lib/generated/elasticache.js +1 -1
package/lib/generated/elasticbeanstalk.js +1 -1
package/lib/generated/elasticblockstore.js +1 -1
package/lib/generated/elasticcontainerregistry.js +1 -1
package/lib/generated/elasticcontainerregistrypublic.js +1 -1
package/lib/generated/elasticcontainerservice.js +1 -1
package/lib/generated/elasticdisasterrecovery.js +1 -1
package/lib/generated/elasticfilesystem.js +1 -1
package/lib/generated/elasticinference.js +1 -1
package/lib/generated/elastickubernetesservice.js +1 -1
package/lib/generated/elasticloadbalancing.js +1 -1
package/lib/generated/elasticloadbalancingv2.js +1 -1
package/lib/generated/elasticmapreduce.js +1 -1
package/lib/generated/elastictranscoder.js +1 -1
package/lib/generated/elementalappliancesandsoftware.js +1 -1
package/lib/generated/elementalappliancesandsoftwareactivationservice.js +1 -1
package/lib/generated/elementalmediaconnect.js +1 -1
package/lib/generated/elementalmediaconvert.js +1 -1
package/lib/generated/elementalmedialive.js +1 -1
package/lib/generated/elementalmediapackage.js +1 -1
package/lib/generated/elementalmediapackagevod.js +1 -1
package/lib/generated/elementalmediastore.js +1 -1
package/lib/generated/elementalmediatailor.js +1 -1
package/lib/generated/elementalsupportcases.js +1 -1
package/lib/generated/elementalsupportcontent.js +1 -1
package/lib/generated/emroneksemrcontainers.js +1 -1
package/lib/generated/emrserverless.js +1 -1
package/lib/generated/eventbridge.js +1 -1
package/lib/generated/eventbridgepipes.js +1 -1
package/lib/generated/eventbridgescheduler.js +1 -1
package/lib/generated/eventbridgeschemas.js +1 -1
package/lib/generated/faultinjectionsimulator.js +1 -1
package/lib/generated/finspace.js +1 -1
package/lib/generated/finspaceapi.js +1 -1
package/lib/generated/firewallmanager.js +1 -1
package/lib/generated/forecast.js +1 -1
package/lib/generated/frauddetector.js +1 -1
package/lib/generated/freertos.js +1 -1
package/lib/generated/freetier.js +1 -1
package/lib/generated/fsx.js +1 -1
package/lib/generated/gamelift.js +1 -1
package/lib/generated/gamesparks.js +1 -1
package/lib/generated/globalaccelerator.js +1 -1
package/lib/generated/glue.js +1 -1
package/lib/generated/gluedatabrew.js +1 -1
package/lib/generated/groundstation.js +1 -1
package/lib/generated/groundtruthlabeling.js +1 -1
package/lib/generated/guardduty.js +1 -1
package/lib/generated/healthapisandnotifications.js +1 -1
package/lib/generated/healthlake.js +1 -1
package/lib/generated/high-volumeoutboundcommunications.js +1 -1
package/lib/generated/honeycode.js +1 -1
package/lib/generated/iamaccessanalyzer.js +1 -1
package/lib/generated/iamidentitycentersuccessortoawssinglesign-on.js +1 -1
package/lib/generated/iamidentitycentersuccessortoawssinglesign-ondirectory.js +1 -1
package/lib/generated/identityandaccessmanagement.js +1 -1
package/lib/generated/identityandaccessmanagementrolesanywhere.js +1 -1
package/lib/generated/identitystore.js +1 -1
package/lib/generated/identitystoreauth.js +1 -1
package/lib/generated/identitysync.js +1 -1
package/lib/generated/importexportdiskservice.js +1 -1
package/lib/generated/inspector.js +1 -1
package/lib/generated/inspector2.js +1 -1
package/lib/generated/interactivevideoservice.js +1 -1
package/lib/generated/interactivevideoservicechat.js +1 -1
package/lib/generated/invoicingservice.js +1 -1
package/lib/generated/iot.js +1 -1
package/lib/generated/iot1-click.js +1 -1
package/lib/generated/iotanalytics.js +1 -1
package/lib/generated/iotcoredeviceadvisor.js +1 -1
package/lib/generated/iotcoreforlorawan.js +1 -1
package/lib/generated/iotdevicetester.js +1 -1
package/lib/generated/iotevents.js +1 -1
package/lib/generated/iotfleethubfordevicemanagement.js +1 -1
package/lib/generated/iotfleetwise.js +1 -1
package/lib/generated/iotgreengrass.js +1 -1
package/lib/generated/iotgreengrassv2.js +1 -1
package/lib/generated/iotjobsdataplane.js +1 -1
package/lib/generated/iotroborunner.js +1 -1
package/lib/generated/iotsitewise.js +1 -1
package/lib/generated/iottwinmaker.js +1 -1
package/lib/generated/iq.js +1 -1
package/lib/generated/iqpermissions.js +1 -1
package/lib/generated/kendra.js +1 -1
package/lib/generated/kendraintelligentranking.js +1 -1
package/lib/generated/keymanagementservice.js +1 -1
package/lib/generated/keyspacesforapachecassandra.js +1 -1
package/lib/generated/kinesis.js +1 -1
package/lib/generated/kinesisanalytics.js +1 -1
package/lib/generated/kinesisanalyticsv2.js +1 -1
package/lib/generated/kinesisfirehose.js +1 -1
package/lib/generated/kinesisvideostreams.js +1 -1
package/lib/generated/lakeformation.js +1 -1
package/lib/generated/lambda.js +1 -1
package/lib/generated/launchwizard.js +1 -1
package/lib/generated/lex.js +1 -1
package/lib/generated/lexv2.js +1 -1
package/lib/generated/licensemanager.js +1 -1
package/lib/generated/licensemanagerlinuxsubscriptionsmanager.js +1 -1
package/lib/generated/licensemanagerusersubscriptions.js +1 -1
package/lib/generated/lightsail.js +1 -1
package/lib/generated/location.js +1 -1
package/lib/generated/lookoutforequipment.js +1 -1
package/lib/generated/lookoutformetrics.js +1 -1
package/lib/generated/lookoutforvision.js +1 -1
package/lib/generated/machinelearning.js +1 -1
package/lib/generated/macie.js +1 -1
package/lib/generated/mainframemodernizationservice.js +1 -1
package/lib/generated/managedblockchain.js +1 -1
package/lib/generated/managedgrafana.js +1 -1
package/lib/generated/managedserviceforprometheus.js +1 -1
package/lib/generated/managedstreamingforapachekafka.js +1 -1
package/lib/generated/managedstreamingforkafkaconnect.js +1 -1
package/lib/generated/managedworkflowsforapacheairflow.js +1 -1
package/lib/generated/marketplace.js +1 -1
package/lib/generated/marketplacecatalog.js +1 -1
package/lib/generated/marketplacecommerceanalyticsservice.js +1 -1
package/lib/generated/marketplacediscovery.js +1 -1
package/lib/generated/marketplaceentitlementservice.js +1 -1
package/lib/generated/marketplaceimagebuildingservice.js +1 -1
package/lib/generated/marketplacemanagementportal.js +1 -1
package/lib/generated/marketplacemeteringservice.js +1 -1
package/lib/generated/marketplaceprivatemarketplace.js +1 -1
package/lib/generated/marketplaceprocurementsystemsintegration.js +1 -1
package/lib/generated/marketplacesellerreporting.js +1 -1
package/lib/generated/marketplacevendorinsights.js +1 -1
package/lib/generated/mechanicalturk.js +1 -1
package/lib/generated/mediaimport.js +1 -1
package/lib/generated/memorydb.js +1 -1
package/lib/generated/messagedeliveryservice.js +1 -1
package/lib/generated/microserviceextractorfor-net.js +1 -1
package/lib/generated/migrationhub.js +1 -1
package/lib/generated/migrationhuborchestrator.js +1 -1
package/lib/generated/migrationhubrefactorspaces.js +1 -1
package/lib/generated/migrationhubstrategyrecommendations.js +1 -1
package/lib/generated/mobileanalytics.js +1 -1
package/lib/generated/mobilehub.js +1 -1
package/lib/generated/monitron.js +1 -1
package/lib/generated/mq.js +1 -1
package/lib/generated/neptune.js +1 -1
package/lib/generated/networkfirewall.js +1 -1
package/lib/generated/networkmanager.js +1 -1
package/lib/generated/nimblestudio.js +1 -1
package/lib/generated/omics.js +1 -1
package/lib/generated/opensearchserverless.js +1 -1
package/lib/generated/opensearchservice.js +1 -1
package/lib/generated/opsworks.js +1 -1
package/lib/generated/opsworksconfigurationmanagement.js +1 -1
package/lib/generated/organizations.js +1 -1
package/lib/generated/outposts.js +1 -1
package/lib/generated/panorama.js +1 -1
package/lib/generated/payments.js +1 -1
package/lib/generated/performanceinsights.js +1 -1
package/lib/generated/personalize.js +1 -1
package/lib/generated/pinpoint.js +1 -1
package/lib/generated/pinpointemailservice.js +1 -1
package/lib/generated/pinpointsmsandvoiceservice.js +1 -1
package/lib/generated/pinpointsmsvoicev2.js +1 -1
package/lib/generated/polly.js +1 -1
package/lib/generated/pricelist.js +1 -1
package/lib/generated/privatecertificateauthority.js +1 -1
package/lib/generated/proton.js +1 -1
package/lib/generated/purchaseordersconsole.js +1 -1
package/lib/generated/qldb.js +1 -1
package/lib/generated/quicksight.js +1 -1
package/lib/generated/rds.js +1 -1
package/lib/generated/rdsdataapi.js +1 -1
package/lib/generated/rdsiamauthentication.js +1 -1
package/lib/generated/recyclebin.js +1 -1
package/lib/generated/redshift.js +1 -1
package/lib/generated/redshiftdataapi.js +1 -1
package/lib/generated/redshiftserverless.js +1 -1
package/lib/generated/rekognition.js +1 -1
package/lib/generated/resiliencehubservice.js +1 -1
package/lib/generated/resourceaccessmanager.js +1 -1
package/lib/generated/resourceexplorer.js +1 -1
package/lib/generated/resourcegroups.js +1 -1
package/lib/generated/resourcegrouptaggingapi.js +1 -1
package/lib/generated/rhelknowledgebaseportal.js +1 -1
package/lib/generated/robomaker.js +1 -1
package/lib/generated/route53.js +1 -1
package/lib/generated/route53applicationrecoverycontroller-zonalshift.js +1 -1
package/lib/generated/route53domains.js +1 -1
package/lib/generated/route53recoverycluster.js +1 -1
package/lib/generated/route53recoverycontrols.js +1 -1
package/lib/generated/route53recoveryreadiness.js +1 -1
package/lib/generated/route53resolver.js +1 -1
package/lib/generated/s3.js +1 -1
package/lib/generated/s3glacier.js +1 -1
package/lib/generated/s3objectlambda.js +1 -1
package/lib/generated/s3onoutposts.js +1 -1
package/lib/generated/sagemaker.js +1 -1
package/lib/generated/sagemakergeospatialcapabilities.js +1 -1
package/lib/generated/sagemakergroundtruthsynthetic.js +1 -1
package/lib/generated/savingsplans.js +1 -1
package/lib/generated/secretsmanager.js +1 -1
package/lib/generated/securityhub.js +1 -1
package/lib/generated/securitylake.js +1 -1
package/lib/generated/securitytokenservice.js +1 -1
package/lib/generated/serverlessapplicationrepository.js +1 -1
package/lib/generated/servermigrationservice.js +1 -1
package/lib/generated/servicecatalog.js +1 -1
package/lib/generated/serviceprovidingmanagedprivatenetworks.js +1 -1
package/lib/generated/servicequotas.js +1 -1
package/lib/generated/ses.js +1 -1
package/lib/generated/sessionmanagermessagegatewayservice.js +1 -1
package/lib/generated/shield.js +1 -1
package/lib/generated/signer.js +1 -1
package/lib/generated/simpledb.js +1 -1
package/lib/generated/simpleemailservicev2.js +1 -1
package/lib/generated/simpleworkflowservice.js +1 -1
package/lib/generated/simspaceweaver.js +1 -1
package/lib/generated/snowball.js +1 -1
package/lib/generated/snowdevicemanagement.js +1 -1
package/lib/generated/sns.js +1 -1
package/lib/generated/sqlworkbench.js +1 -1
package/lib/generated/sqs.js +1 -1
package/lib/generated/stepfunctions.js +1 -1
package/lib/generated/storagegateway.js +1 -1
package/lib/generated/sumerian.js +1 -1
package/lib/generated/supplychain.js +1 -1
package/lib/generated/support.js +1 -1
package/lib/generated/supportappinslack.js +1 -1
package/lib/generated/supportplans.js +1 -1
package/lib/generated/sustainability.js +1 -1
package/lib/generated/systemsmanager.js +1 -1
package/lib/generated/systemsmanagerforsap.js +1 -1
package/lib/generated/systemsmanagerguiconnect.js +1 -1
package/lib/generated/systemsmanagerincidentmanager.js +1 -1
package/lib/generated/systemsmanagerincidentmanagercontacts.js +1 -1
package/lib/generated/tageditor.js +1 -1
package/lib/generated/taxsettings.js +1 -1
package/lib/generated/telconetworkbuilder.js +1 -1
package/lib/generated/textract.js +1 -1
package/lib/generated/timestream.js +1 -1
package/lib/generated/tiros.js +1 -1
package/lib/generated/transcribe.js +1 -1
package/lib/generated/transferfamily.js +1 -1
package/lib/generated/translate.js +1 -1
package/lib/generated/trustedadvisor.js +1 -1
package/lib/generated/vpclattice.js +1 -1
package/lib/generated/vpclatticeservices.js +1 -1
package/lib/generated/waf.js +1 -1
package/lib/generated/wafregional.js +1 -1
package/lib/generated/wafv2.js +1 -1
package/lib/generated/well-architectedtool.js +1 -1
package/lib/generated/wickr.js +1 -1
package/lib/generated/workdocs.js +1 -1
package/lib/generated/worklink.js +1 -1
package/lib/generated/workmail.js +1 -1
package/lib/generated/workmailmessageflow.js +1 -1
package/lib/generated/workspaces.js +1 -1
package/lib/generated/workspacesapplicationmanager.js +1 -1
package/lib/generated/workspacesweb.js +1 -1
package/lib/generated/x-ray.js +1 -1
package/lib/shared/all.js +1 -1
package/lib/shared/operators.js +1 -1
package/lib/shared/policy-statement/1-base.js +1 -1
package/lib/shared/policy-statement/2-conditions.d.ts +123 -0
package/lib/shared/policy-statement/2-conditions.js +137 -2
package/lib/shared/policy-statement/3-actions.js +1 -1
package/lib/shared/policy-statement/4-resources.js +1 -1
package/lib/shared/policy-statement/5-effect.js +1 -1
package/lib/shared/policy-statement/6-principals.js +1 -1
package/lib/shared/policy-statement/7-principals-CDK.js +1 -1
package/lib/shared/policy-statement/9-final.js +1 -1
package/package.json +1 -1

package/.jsii CHANGED Viewed

@@ -284365,7 +284365,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 132
+            "line": 131
           },
           "name": "ifAwsCalledVia",
           "parameters": [
@@ -284426,7 +284426,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 153
+            "line": 152
           },
           "name": "ifAwsCalledViaFirst",
           "parameters": [
@@ -284487,7 +284487,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 170
+            "line": 169
           },
           "name": "ifAwsCalledViaLast",
           "parameters": [
@@ -284548,7 +284548,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 187
+            "line": 186
           },
           "name": "ifAwsCurrentTime",
           "parameters": [
@@ -284614,6 +284614,128 @@
             }
           }
         },
+        {
+          "docs": {
+            "remarks": "You must use this condition key with its companion key `aws:Ec2InstanceSourceVpc` to ensure that you have a globally unique combination of VPC ID and source private IP. Use this key with `aws:Ec2InstanceSourceVpc` to ensure that a request was made from the same private IP address that the credentials were delivered to.\n\n**Availability:** This key is included in the request context whenever the requester is signing requests with an Amazon EC2 role credential. It can be used in IAM policies, service control policies, VPC endpoint policies, and resource policies.\n\n**Note:** This condition key is not available in EC2-Classic.\n\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-vpcsourceip",
+            "stability": "experimental",
+            "summary": "This key identifies the private IPv4 address of the primary elastic network interface to which Amazon EC2 IAM role credentials were delivered."
+          },
+          "locationInModule": {
+            "filename": "lib/shared/policy-statement/2-conditions.ts",
+            "line": 240
+          },
+          "name": "ifAwsEc2InstanceSourcePrivateIPv4",
+          "parameters": [
+            {
+              "docs": {
+                "summary": "The private IPv4 address."
+              },
+              "name": "value",
+              "type": {
+                "union": {
+                  "types": [
+                    {
+                      "primitive": "string"
+                    },
+                    {
+                      "collection": {
+                        "elementtype": {
+                          "primitive": "string"
+                        },
+                        "kind": "array"
+                      }
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "docs": {
+                "summary": "Works with IP [address operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_IPAddress). **Default:** `IpAddress`."
+              },
+              "name": "operator",
+              "optional": true,
+              "type": {
+                "union": {
+                  "types": [
+                    {
+                      "primitive": "string"
+                    },
+                    {
+                      "fqn": "cdk-iam-floyd.Operator"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "returns": {
+            "type": {
+              "fqn": "cdk-iam-floyd.PolicyStatementWithCondition"
+            }
+          }
+        },
+        {
+          "docs": {
+            "remarks": "You can use this key in a policy with the [aws:SourceVPC](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcevpc) global key to check if a call is made from a VPC (`aws:SourceVPC`) that matches the VPC where a credential was delivered to (`aws:Ec2InstanceSourceVpc`).\n\n**Availability:** This key is included in the request context whenever the requester is signing requests with an Amazon EC2 role credential. It can be used in IAM policies, service control policies, VPC endpoint policies, and resource policies.\n\nThis key can be used with VPC identifier values, but is most useful when used as a variable combined with the `aws:SourceVpc` context key. The `aws:SourceVpc` context key is included in the request context only if the requester uses a VPC endpoint to make the request. Using `aws:Ec2InstanceSourceVpc` with `aws:SourceVpc` allows you to use `aws:Ec2InstanceSourceVpc` more broadly since it compares values that typically change together.\n\n**Note:** This condition key is not available in EC2-Classic.\n\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-ec2instancesourcevpc",
+            "stability": "experimental",
+            "summary": "This key identifies the VPC to which Amazon EC2 IAM role credentials were delivered to."
+          },
+          "locationInModule": {
+            "filename": "lib/shared/policy-statement/2-conditions.ts",
+            "line": 221
+          },
+          "name": "ifAwsEc2InstanceSourceVpc",
+          "parameters": [
+            {
+              "docs": {
+                "summary": "The VPS ID."
+              },
+              "name": "value",
+              "type": {
+                "union": {
+                  "types": [
+                    {
+                      "primitive": "string"
+                    },
+                    {
+                      "collection": {
+                        "elementtype": {
+                          "primitive": "string"
+                        },
+                        "kind": "array"
+                      }
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "docs": {
+                "summary": "Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`."
+              },
+              "name": "operator",
+              "optional": true,
+              "type": {
+                "union": {
+                  "types": [
+                    {
+                      "primitive": "string"
+                    },
+                    {
+                      "fqn": "cdk-iam-floyd.Operator"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "returns": {
+            "type": {
+              "fqn": "cdk-iam-floyd.PolicyStatementWithCondition"
+            }
+          }
+        },
         {
           "docs": {
             "remarks": "This key also accepts the number of seconds since January 1, 1970.\n\n**Availability:** This key is always included in the request context.\n\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-epochtime",
@@ -284622,7 +284744,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 218
+            "line": 261
           },
           "name": "ifAwsEpochTime",
           "parameters": [
@@ -284694,6 +284816,67 @@
             }
           }
         },
+        {
+          "docs": {
+            "remarks": "This means that an IAM role was assumed using the `AssumeRoleWithWebIdentity` or `AssumeRoleWithSAML` AWS STS operations. When the resulting role session's temporary credentials are used to make a request, the request context identifies the IdP that authenticated the original federated identity.\n\n**Availability:** This key is present when the principal is a role session principal and that session was issued using a third-party identity provider.\n\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-federatedprovider",
+            "stability": "experimental",
+            "summary": "Use this key to compare the principal's issuing identity provider (IdP) with the IdP that you specify in the policy."
+          },
+          "locationInModule": {
+            "filename": "lib/shared/policy-statement/2-conditions.ts",
+            "line": 292
+          },
+          "name": "ifAwsFederatedProvider",
+          "parameters": [
+            {
+              "docs": {
+                "summary": "The principal's issuing identity provider (IdP)."
+              },
+              "name": "value",
+              "type": {
+                "union": {
+                  "types": [
+                    {
+                      "primitive": "string"
+                    },
+                    {
+                      "collection": {
+                        "elementtype": {
+                          "primitive": "string"
+                        },
+                        "kind": "array"
+                      }
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "docs": {
+                "summary": "Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`."
+              },
+              "name": "operator",
+              "optional": true,
+              "type": {
+                "union": {
+                  "types": [
+                    {
+                      "primitive": "string"
+                    },
+                    {
+                      "fqn": "cdk-iam-floyd.Operator"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "returns": {
+            "type": {
+              "fqn": "cdk-iam-floyd.PolicyStatementWithCondition"
+            }
+          }
+        },
         {
           "docs": {
             "remarks": "For more information about MFA, see [Using Multi-Factor Authentication (MFA) in AWS](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html).\n\n**Availability:** This key is included in the request context only if the principal was authenticated using MFA. If MFA was not used, this key is not present.\n\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-multifactorauthage",
@@ -284702,7 +284885,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 250
+            "line": 309
           },
           "name": "ifAwsMultiFactorAuthAge",
           "parameters": [
@@ -284763,7 +284946,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 274
+            "line": 333
           },
           "name": "ifAwsMultiFactorAuthPresent",
           "parameters": [
@@ -284793,7 +284976,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 292
+            "line": 351
           },
           "name": "ifAwsPrincipalAccount",
           "parameters": [
@@ -284854,7 +285037,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 311
+            "line": 370
           },
           "name": "ifAwsPrincipalArn",
           "parameters": [
@@ -284915,7 +285098,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 331
+            "line": 390
           },
           "name": "ifAwsPrincipalIsAWSService",
           "parameters": [
@@ -284945,7 +285128,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 351
+            "line": 410
           },
           "name": "ifAwsPrincipalOrgID",
           "parameters": [
@@ -285006,7 +285189,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 374
+            "line": 433
           },
           "name": "ifAwsPrincipalOrgPaths",
           "parameters": [
@@ -285067,7 +285250,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 397
+            "line": 456
           },
           "name": "ifAwsPrincipalServiceName",
           "parameters": [
@@ -285114,7 +285297,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 420
+            "line": 479
           },
           "name": "ifAwsPrincipalServiceNamesList",
           "parameters": [
@@ -285166,7 +285349,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 444
+            "line": 503
           },
           "name": "ifAwsPrincipalTag",
           "parameters": [
@@ -285236,7 +285419,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 462
+            "line": 521
           },
           "name": "ifAwsPrincipalType",
           "parameters": [
@@ -285298,7 +285481,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 483
+            "line": 542
           },
           "name": "ifAwsReferer",
           "parameters": [
@@ -285359,7 +285542,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 501
+            "line": 560
           },
           "name": "ifAwsRequestedRegion",
           "parameters": [
@@ -285420,7 +285603,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 521
+            "line": 580
           },
           "name": "ifAwsRequestTag",
           "parameters": [
@@ -285482,6 +285665,189 @@
             }
           }
         },
+        {
+          "docs": {
+            "remarks": "This key is equal to the AWS account ID for the account with the resources evaluated in the request.\n\nFor most resources in your account, the ARN contains the owner account ID for that resource. For certain resources, such as Amazon S3 buckets, the resource ARN does not include the account ID. The following two examples show the difference between a resource with an account ID in the ARN, and an Amazon S3 ARN without an account ID:\n\n- `arn:aws:iam::123456789012:role/AWSExampleRole` - IAM role created and owned within the account 123456789012.\n- `arn:aws:s3:::DOC-EXAMPLE-BUCKET2` - Amazon S3 bucket created and owned within the account 111122223333, not displayed in the ARN.\n\n**Availability:** This key is always included in the request context for most service actions. The following actions don't support this key:\n\n   - Amazon Elastic Block Store - All actions\n   - Amazon EC2\n     - `ec2:CopyFpgaImage`\n     - `ec2:CopyImage`\n     - `ec2:CopySnapshot`\n     - `ec2:CreateTransitGatewayPeeringAttachment`\n     - `ec2:CreateVolume`\n     - `ec2:CreateVpcPeeringConnection`\n   - Amazon EventBridge - All actions\n   - Amazon WorkSpaces\n     - `workspaces:CopyWorkspaceImage`\n     - `workspaces:DescribeWorkspaceImages`\n\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourceaccount",
+            "stability": "experimental",
+            "summary": "Use this key to compare the requested resource owner's [AWS account ID](https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html) with the resource account in the policy. You can then allow or deny access to that resource based on the account that owns the resource."
+          },
+          "locationInModule": {
+            "filename": "lib/shared/policy-statement/2-conditions.ts",
+            "line": 618
+          },
+          "name": "ifAwsResourceAccount",
+          "parameters": [
+            {
+              "docs": {
+                "summary": "The account ID."
+              },
+              "name": "value",
+              "type": {
+                "union": {
+                  "types": [
+                    {
+                      "primitive": "string"
+                    },
+                    {
+                      "collection": {
+                        "elementtype": {
+                          "primitive": "string"
+                        },
+                        "kind": "array"
+                      }
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "docs": {
+                "summary": "Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`."
+              },
+              "name": "operator",
+              "optional": true,
+              "type": {
+                "union": {
+                  "types": [
+                    {
+                      "primitive": "string"
+                    },
+                    {
+                      "fqn": "cdk-iam-floyd.Operator"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "returns": {
+            "type": {
+              "fqn": "cdk-iam-floyd.PolicyStatementWithCondition"
+            }
+          }
+        },
+        {
+          "docs": {
+            "remarks": "This global key returns the resource organization ID for a given request. It allows you to create rules that apply to all resources in an organization that are specified in the Resource element of an [identity-based policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html). You can specify the [organization ID](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_details.html) in the condition element. When you add and remove accounts, policies that include the aws:ResourceOrgID key automatically include the correct accounts and you don't have to manually update it.\n\n**Note:** Some AWS services require access to AWS owned resources that are hosted in another AWS account. Using `aws:ResourceOrgID` in your identity-based policies might impact your identity's ability to access these resources.\n\n**Availability:** This key is included in the request context only if the account that owns the resource is a member of an organization. This global condition key does not support the following actions:\n\n- Amazon Elastic Block Store - All actions\n- Amazon EC2\n   - `ec2:CopyFpgaImage`\n   - `ec2:CopyImage`\n   - `ec2:CopySnapshot`\n   - `ec2:CreateTransitGatewayPeeringAttachment`\n   - `ec2:CreateVolume`\n   - `ec2:CreateVpcPeeringConnection`\n- Amazon EventBridge - All actions\n\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourceorgid",
+            "stability": "experimental",
+            "summary": "Use this key to compare the identifier of the organization in AWS Organizations to which the requested resource belongs with the identifier specified in the policy."
+          },
+          "locationInModule": {
+            "filename": "lib/shared/policy-statement/2-conditions.ts",
+            "line": 649
+          },
+          "name": "ifAwsResourceOrgID",
+          "parameters": [
+            {
+              "docs": {
+                "summary": "ID of an organization."
+              },
+              "name": "value",
+              "type": {
+                "union": {
+                  "types": [
+                    {
+                      "primitive": "string"
+                    },
+                    {
+                      "collection": {
+                        "elementtype": {
+                          "primitive": "string"
+                        },
+                        "kind": "array"
+                      }
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "docs": {
+                "summary": "Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`."
+              },
+              "name": "operator",
+              "optional": true,
+              "type": {
+                "union": {
+                  "types": [
+                    {
+                      "primitive": "string"
+                    },
+                    {
+                      "fqn": "cdk-iam-floyd.Operator"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "returns": {
+            "type": {
+              "fqn": "cdk-iam-floyd.PolicyStatementWithCondition"
+            }
+          }
+        },
+        {
+          "docs": {
+            "remarks": "In a policy, this condition key ensures that the resource belongs to an account member within the specified organization root or organizational units (OUs) in AWS Organizations. An AWS Organizations path is a text representation of the structure of an Organizations entity. For more information about using and understanding paths, see [Understand the AWS Organizations entity path](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor-view-data-orgs.html#access_policies_access-advisor-viewing-orgs-entity-path).\n\n`aws:ResourceOrgPaths` is a multivalued condition key. Multivalued keys can have multiple values in the request context. You must use the `ForAnyValue` or `ForAllValues` set operators with [string condition operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String) for this key. For more information about multivalued condition keys, see [Using multiple keys and values](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_multi-value-conditions.html#reference_policies_multi-key-or-value-conditions).\n\n**Note:** Some AWS services require access to AWS owned resources that are hosted in another AWS account. Using aws:ResourceOrgPaths in your identity-based policies might impact your identity's ability to access these resources.\n\n**Availability:** This key is included in the request context only if the account that owns the resource is a member of an organization. This global condition key does not support the following actions:\n\n- Amazon Elastic Block Store - All actions\n- Amazon EC2\n   - `ec2:CopyFpgaImage`\n   - `ec2:CopyImage`\n   - `ec2:CopySnapshot`\n   - `ec2:CreateTransitGatewayPeeringAttachment`\n   - `ec2:CreateVolume`\n   - `ec2:CreateVpcPeeringConnection`\n- Amazon EventBridge - All actions\n- Amazon WorkSpaces\n   - `workspaces:CopyWorkspaceImage`\n   - `workspaces:DescribeWorkspaceImages`\n\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourceorgpaths",
+            "stability": "experimental",
+            "summary": "Use this key to compare the AWS Organizations path for the accessed resource to the path in the policy."
+          },
+          "locationInModule": {
+            "filename": "lib/shared/policy-statement/2-conditions.ts",
+            "line": 683
+          },
+          "name": "ifAwsResourceOrgPaths",
+          "parameters": [
+            {
+              "docs": {
+                "summary": "The path of an organization."
+              },
+              "name": "value",
+              "type": {
+                "union": {
+                  "types": [
+                    {
+                      "primitive": "string"
+                    },
+                    {
+                      "collection": {
+                        "elementtype": {
+                          "primitive": "string"
+                        },
+                        "kind": "array"
+                      }
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "docs": {
+                "summary": "Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`."
+              },
+              "name": "operator",
+              "optional": true,
+              "type": {
+                "union": {
+                  "types": [
+                    {
+                      "primitive": "string"
+                    },
+                    {
+                      "fqn": "cdk-iam-floyd.Operator"
+                    }
+                  ]
+                }
+              }
+            }
+          ],
+          "returns": {
+            "type": {
+              "fqn": "cdk-iam-floyd.PolicyStatementWithCondition"
+            }
+          }
+        },
         {
           "docs": {
             "remarks": "For example, you could require that access to a resource is allowed only if the resource has the attached tag key `Dept` with the value `Marketing`. For more information, see [Controlling Access to AWS Resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html#access_tags_control-resources).\n\n**Availability:** This key is included in the request context when the requested resource already has attached tags. This key is returned only for resources that [support authorization based on tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html). There is one context key for each tag key-value pair.\n\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag",
@@ -285490,7 +285856,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 540
+            "line": 701
           },
           "name": "ifAwsResourceTag",
           "parameters": [
@@ -285560,7 +285926,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 557
+            "line": 718
           },
           "name": "ifAwsSecureTransport",
           "parameters": [
@@ -285590,7 +285956,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 577
+            "line": 738
           },
           "name": "ifAwsSourceAccount",
           "parameters": [
@@ -285651,7 +286017,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 598
+            "line": 759
           },
           "name": "ifAwsSourceArn",
           "parameters": [
@@ -285712,7 +286078,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 625
+            "line": 786
           },
           "name": "ifAwsSourceIdentity",
           "parameters": [
@@ -285773,7 +286139,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 644
+            "line": 805
           },
           "name": "ifAwsSourceIp",
           "parameters": [
@@ -285834,7 +286200,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 662
+            "line": 823
           },
           "name": "ifAwsSourceVpc",
           "parameters": [
@@ -285895,7 +286261,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 679
+            "line": 840
           },
           "name": "ifAwsSourceVpce",
           "parameters": [
@@ -285956,7 +286322,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 700
+            "line": 861
           },
           "name": "ifAwsTagKeys",
           "parameters": [
@@ -286017,7 +286383,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 716
+            "line": 877
           },
           "name": "ifAwsTokenIssueTime",
           "parameters": [
@@ -286074,7 +286440,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 739
+            "line": 900
           },
           "name": "ifAwsUserAgent",
           "parameters": [
@@ -286135,7 +286501,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 756
+            "line": 917
           },
           "name": "ifAwsUserid",
           "parameters": [
@@ -286196,7 +286562,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 770
+            "line": 931
           },
           "name": "ifAwsUsername",
           "parameters": [
@@ -286257,7 +286623,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 793
+            "line": 954
           },
           "name": "ifAwsViaAWSService",
           "parameters": [
@@ -286287,7 +286653,7 @@
           },
           "locationInModule": {
             "filename": "lib/shared/policy-statement/2-conditions.ts",
-            "line": 813
+            "line": 974
           },
           "name": "ifAwsVpcSourceIp",
           "parameters": [
@@ -412943,6 +413309,6 @@
       "symbolId": "lib/generated/x-ray:Xray"
     }
   },
-  "version": "0.488.0",
-  "fingerprint": "UUEj1qo9BsnAuwwpjko/+7TkaWR41bcS9njqEjeEjik="
+  "version": "0.489.0",
+  "fingerprint": "ju4ZkQUg7oP/KG5TuMkCAv2hIMfD2bzeruA1LecMx5k="
 }