cdk-iam-floyd 0.777.0 → 0.779.0

package/README.md

@@ -16,9 +16,9 @@
 Support for:
 
 - 447 Services
-- 20637 Actions
-- 2194 Resource Types
-- 2333 Condition keys
+- 20666 Actions
+- 2200 Resource Types
+- 2334 Condition keys
 <!-- /stats -->
 
 ![EXPERIMENTAL](https://img.shields.io/badge/stability-experimantal-orange?style=for-the-badge)**<br>This is an early version of the package. The API will change while I implement new features. Therefore make sure you use an exact version in your `package.json` before it reaches 1.0.0.**

package/lib/generated/policy-statements/bedrockagentcore.d.ts

@@ -96,6 +96,7 @@ export declare class BedrockAgentcore extends PolicyStatement {
      * - .ifAwsTagKeys()
      * - .ifSubnets()
      * - .ifSecurityGroups()
+     * - .ifRuntimeAuthorizerType()
      *
      * Dependent actions:
      * - iam:PassRole
@@ -215,6 +216,23 @@ export declare class BedrockAgentcore extends PolicyStatement {
      * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGatewayTarget.html
      */
     toCreateGatewayTarget(): this;
+    /**
+     * Grants permission to create a new harness
+     *
+     * Access Level: Write
+     *
+     * Possible conditions:
+     * - .ifAwsRequestTag()
+     * - .ifAwsTagKeys()
+     *
+     * Dependent actions:
+     * - bedrock-agentcore:CreateAgentRuntime
+     * - bedrock-agentcore:GetAgentRuntime
+     * - iam:PassRole
+     *
+     * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateHarness.html
+     */
+    toCreateHarness(): this;
     /**
      * Grants permission to create a Memory resource
      *
@@ -387,6 +405,19 @@ export declare class BedrockAgentcore extends PolicyStatement {
      * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGatewayTarget.html
      */
     toDeleteGatewayTarget(): this;
+    /**
+     * Grants permission to delete a harness
+     *
+     * Access Level: Write
+     *
+     * Dependent actions:
+     * - bedrock-agentcore:DeleteAgentRuntime
+     * - bedrock-agentcore:GetAgentRuntime
+     * - iam:PassRole
+     *
+     * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteHarness.html
+     */
+    toDeleteHarness(): this;
     /**
      * Grants permission to delete a Memory resource
      *
@@ -583,6 +614,14 @@ export declare class BedrockAgentcore extends PolicyStatement {
      * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGatewayTarget.html
      */
     toGetGatewayTarget(): this;
+    /**
+     * Grants permission to get details of a harness
+     *
+     * Access Level: Read
+     *
+     * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetHarness.html
+     */
+    toGetHarness(): this;
     /**
      * Grants permission to fetch details for a Memory resource
      *
@@ -785,6 +824,17 @@ export declare class BedrockAgentcore extends PolicyStatement {
      * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html
      */
     toInvokeGateway(): this;
+    /**
+     * Grants permission to invoke a harness
+     *
+     * Access Level: Write
+     *
+     * Dependent actions:
+     * - bedrock-agentcore:InvokeAgentRuntime
+     *
+     * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeHarness.html
+     */
+    toInvokeHarness(): this;
     /**
      * Grants permission to invoke an MCP operation against an existing registry
      *
@@ -909,6 +959,14 @@ export declare class BedrockAgentcore extends PolicyStatement {
      * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGateways.html
      */
     toListGateways(): this;
+    /**
+     * Grants permission to list harnesses
+     *
+     * Access Level: List
+     *
+     * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListHarnesses.html
+     */
+    toListHarnesses(): this;
     /**
      * Grants permission to list memory resources
      *
@@ -1204,6 +1262,7 @@ export declare class BedrockAgentcore extends PolicyStatement {
      * Possible conditions:
      * - .ifSubnets()
      * - .ifSecurityGroups()
+     * - .ifRuntimeAuthorizerType()
      *
      * Dependent actions:
      * - iam:PassRole
@@ -1262,6 +1321,19 @@ export declare class BedrockAgentcore extends PolicyStatement {
      * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateGatewayTarget.html
      */
     toUpdateGatewayTarget(): this;
+    /**
+     * Grants permission to update a harness
+     *
+     * Access Level: Write
+     *
+     * Dependent actions:
+     * - bedrock-agentcore:GetAgentRuntime
+     * - bedrock-agentcore:UpdateAgentRuntime
+     * - iam:PassRole
+     *
+     * https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateHarness.html
+     */
+    toUpdateHarness(): this;
     /**
      * Grants permission to update a Memory resource
      *
@@ -1619,6 +1691,20 @@ export declare class BedrockAgentcore extends PolicyStatement {
      * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
      */
     onRegistryRecord(registryId: string, recordId: string, account?: string, region?: string, partition?: string): this;
+    /**
+     * Adds a resource of type harness to the statement
+     *
+     * https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/harness.html
+     *
+     * @param harnessId - Identifier for the harnessId.
+     * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+     * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+     * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+     *
+     * Possible conditions:
+     * - .ifAwsResourceTag()
+     */
+    onHarness(harnessId: string, account?: string, region?: string, partition?: string): this;
     /**
      * Filters access by creating requests based on the allowed set of values for each of the mandatory tags
      *
@@ -1633,6 +1719,7 @@ export declare class BedrockAgentcore extends PolicyStatement {
      * - .toCreateCodeInterpreter()
      * - .toCreateEvaluator()
      * - .toCreateGateway()
+     * - .toCreateHarness()
      * - .toCreateMemory()
      * - .toCreateOauth2CredentialProvider()
      * - .toCreateOnlineEvaluationConfig()
@@ -1668,6 +1755,7 @@ export declare class BedrockAgentcore extends PolicyStatement {
      * - browser-profile
      * - workload-identity-directory
      * - token-vault
+     * - harness
      *
      * @param tagKey The tag key to check
      * @param value The value(s) to check
@@ -1688,6 +1776,7 @@ export declare class BedrockAgentcore extends PolicyStatement {
      * - .toCreateCodeInterpreter()
      * - .toCreateEvaluator()
      * - .toCreateGateway()
+     * - .toCreateHarness()
      * - .toCreateMemory()
      * - .toCreateOauth2CredentialProvider()
      * - .toCreateOnlineEvaluationConfig()
@@ -1785,6 +1874,19 @@ export declare class BedrockAgentcore extends PolicyStatement {
      * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
      */
     ifKmsKeyArn(value: string | string[], operator?: Operator | string): this;
+    /**
+     * Filters access by the authorizer type configured for the AgentCore runtime
+     *
+     * https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-authorizer-type-condition-key.html
+     *
+     * Applies to actions:
+     * - .toCreateAgentRuntime()
+     * - .toUpdateAgentRuntime()
+     *
+     * @param value The value(s) to check
+     * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
+     */
+    ifRuntimeAuthorizerType(value: string | string[], operator?: Operator | string): this;
     /**
      * Filters access by Actor Id
      *