iam-floyd 0.658.0 → 0.659.0

package/README.md

@@ -16,10 +16,10 @@
 <!-- stats -->
 Support for:
 
-- 401 Services
-- 17042 Actions
-- 1823 Resource Types
-- 1782 Condition keys
+- 417 Services
+- 18171 Actions
+- 1947 Resource Types
+- 1896 Condition keys
 <!-- /stats -->
 
 ![EXPERIMENTAL](https://img.shields.io/badge/stability-experimantal-orange?style=for-the-badge)**<br>This is an early version of the package. The API will change while I implement new features. Therefore make sure you use an exact version in your `package.json` before it reaches 1.0.0.**

package/lib/generated/aws-managed-policies/cdk-iam-floyd.d.ts

@@ -16,6 +16,14 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AdministratorAccessAmplify(): aws_iam.IManagedPolicy;
     /** Grants account administrative permissions. Explicitly allows developers and administrators to gain direct access to resources they need to manage AWS Elastic Beanstalk applications */
     AdministratorAccessAWSElasticBeanstalk(): aws_iam.IManagedPolicy;
+    /** Provides ReadOnly permissions required by the Amazon AI Operations Assistant to do analysis on customer AWS resources during investigations. */
+    AIOpsAssistantPolicy(): aws_iam.IManagedPolicy;
+    /** Grants full access to Amazon AI Operations service and its required permissions via AWS console. It also includes permissions to use identity-aware console sessions. */
+    AIOpsConsoleAdminPolicy(): aws_iam.IManagedPolicy;
+    /** Grants access to the Amazon AI Operations APIs for creating, updating, and deleting investigations, investigation events, and investigation resources. It also includes ReadOnly access to all AI Operations APIs and to use identity-aware sessions. */
+    AIOpsOperatorAccess(): aws_iam.IManagedPolicy;
+    /** Grants ReadOnly permissions to the Amazon AI Operations service and its required resources. */
+    AIOpsReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Provide device setup access to AlexaForBusiness services */
     AlexaForBusinessDeviceSetup(): aws_iam.IManagedPolicy;
     /** Grants full access to AlexaForBusiness resources and access to related AWS Services */
@@ -56,6 +64,12 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonAugmentedAIHumanLoopFullAccess(): aws_iam.IManagedPolicy;
     /** Provides access to perform all operations Amazon Augmented AI resources, including FlowDefinitions, HumanTaskUis and HumanLoops. Also provides access to those operations of services that are integrated with Amazon Augmented AI. */
     AmazonAugmentedAIIntegratedAPIAccess(): aws_iam.IManagedPolicy;
+    /** Provides console full administrative access to Aurora DSQL */
+    AmazonAuroraDSQLConsoleFullAccess(): aws_iam.IManagedPolicy;
+    /** Provides full administrative access to Aurora DSQL */
+    AmazonAuroraDSQLFullAccess(): aws_iam.IManagedPolicy;
+    /** Provides read only access to Aurora DSQL */
+    AmazonAuroraDSQLReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Provides full access to Amazon Bedrock as well as limited access to related services that are required by it */
     AmazonBedrockFullAccess(): aws_iam.IManagedPolicy;
     /** Provides read only access to Amazon Bedrock */
@@ -150,6 +164,10 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonConnectSynchronizationServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides full access to Amazon Connect Voice ID */
     AmazonConnectVoiceIDFullAccess(): aws_iam.IManagedPolicy;
+    /** Provides permissions to consume Amazon Bedrock models, including invoking Amazon Bedrock application inference profile created for particular Amazon DataZone domain. */
+    AmazonDataZoneBedrockModelConsumptionPolicy(): aws_iam.IManagedPolicy;
+    /** Provides permissions to manage Amazon Bedrock model access, including creating, tagging and deleting application inference profiles. */
+    AmazonDataZoneBedrockModelManagementPolicy(): aws_iam.IManagedPolicy;
     /** Default policy for the Amazon DataZone's DomainExecutionRole service role. This role is used by Amazon DataZone to catalog, discover, govern, share, and analyze data in the Amazon DataZone domain. */
     AmazonDataZoneDomainExecutionRolePolicy(): aws_iam.IManagedPolicy;
     /** Amazon DataZone creates IAM roles for Environments to perform data analytics actions, and uses this policy when creating these roles to define the boundary of their permissions. */
@@ -222,6 +240,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonEC2ContainerRegistryFullAccess(): aws_iam.IManagedPolicy;
     /** Provides full access to Amazon EC2 Container Registry repositories, but does not allow repository deletion or policy changes. */
     AmazonEC2ContainerRegistryPowerUser(): aws_iam.IManagedPolicy;
+    /** Provides access to pull images from Amazon EC2 Container Registry repositories. */
+    AmazonEC2ContainerRegistryPullOnly(): aws_iam.IManagedPolicy;
     /** Provides read-only access to Amazon EC2 Container Registry repositories. */
     AmazonEC2ContainerRegistryReadOnly(): aws_iam.IManagedPolicy;
     /**   Policy to enable Task Autoscaling for Amazon EC2 Container Service */
@@ -256,6 +276,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity(): aws_iam.IManagedPolicy;
     /** Provides access to other AWS service resources required to manage volumes associated with ECS workloads on your behalf. */
     AmazonECSInfrastructureRolePolicyForVolumes(): aws_iam.IManagedPolicy;
+    /** Provides access to other AWS service resources required to manage VPC Lattice feature in ECS workloads on your behalf. */
+    AmazonECSInfrastructureRolePolicyForVpcLattice(): aws_iam.IManagedPolicy;
     /** Policy to enable Amazon ECS to manage your cluster. */
     AmazonECSServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides access to other AWS service resources that are required to run Amazon ECS tasks */
@@ -264,18 +286,26 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonEFSCSIDriverPolicy(): aws_iam.IManagedPolicy;
     /** This policy provides the Amazon VPC CNI Plugin (amazon-vpc-cni-k8s) the permissions it requires to modify the IP address configuration on your EKS worker nodes. This permission set allows the CNI to list, describe, and modify Elastic Network Interfaces on your behalf. More information on the AWS VPC CNI Plugin is available here: https://github.com/aws/amazon-vpc-cni-k8s */
     AmazonEKSCNIPolicy(): aws_iam.IManagedPolicy;
+    /** Policy attached to the EKS Cluster Role that grants permissions to manage the cluster's block storage resources. */
+    AmazonEKSBlockStoragePolicy(): aws_iam.IManagedPolicy;
     /** This policy provides Kubernetes the permissions it requires to manage resources on your behalf. Kubernetes requires Ec2:CreateTags permissions to place identifying information on EC2 resources including but not limited to Instances, Security Groups, and Elastic Network Interfaces. */
     AmazonEKSClusterPolicy(): aws_iam.IManagedPolicy;
+    /** Policy attached to the EKS Cluster Role that grants permissions to manage the cluster's compute resources. */
+    AmazonEKSComputePolicy(): aws_iam.IManagedPolicy;
     /** This policy allows Amazon EKS to manage AWS resources for EKS connector */
     AmazonEKSConnectorServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides access to other AWS service resources that are required to run Amazon EKS pods on AWS Fargate */
     AmazonEKSFargatePodExecutionRolePolicy(): aws_iam.IManagedPolicy;
     /** This policy grants necessary permissions to Amazon EKS to run fargate tasks */
     AmazonEKSForFargateServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Policy attached to the EKS Cluster Role that grants permissions to manage the cluster's load balancing resources. */
+    AmazonEKSLoadBalancingPolicy(): aws_iam.IManagedPolicy;
     /** This policy provides permissions to EKS local cluster's control-plane instances running in your account to manage resources on your behalf. */
     AmazonEKSLocalOutpostClusterPolicy(): aws_iam.IManagedPolicy;
     /** Allows Amazon EKS Local to call AWS services on your behalf. */
     AmazonEKSLocalOutpostServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Policy attached to the EKS Cluster Role that grants permissions to manage the cluster's networking resources. */
+    AmazonEKSNetworkingPolicy(): aws_iam.IManagedPolicy;
     /** This policy allows Amazon Elastic Container Service for Kubernetes to create and manage the necessary resources to operate EKS Clusters. */
     AmazonEKSServicePolicy(): aws_iam.IManagedPolicy;
     /** A Service-Linked Role required for Amazon EKS to call AWS services on your behalf. */
@@ -283,6 +313,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     /** Policy used by VPC Resource Controller to manage ENI and IPs for worker nodes. */
     AmazonEKSVPCResourceController(): aws_iam.IManagedPolicy;
     /** This policy allows Amazon EKS worker nodes to connect to Amazon EKS Clusters. */
+    AmazonEKSWorkerNodeMinimalPolicy(): aws_iam.IManagedPolicy;
+    /** This policy allows Amazon EKS worker nodes to connect to Amazon EKS Clusters. */
     AmazonEKSWorkerNodePolicy(): aws_iam.IManagedPolicy;
     /** Provides full access to Amazon ElastiCache via the AWS Management Console. */
     AmazonElastiCacheFullAccess(): aws_iam.IManagedPolicy;
@@ -580,6 +612,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonNimbleStudioStudioAdmin(): aws_iam.IManagedPolicy;
     /** This policy grants access to Amazon Nimble Studio resources associated with the studio user and related studio resources in other services. Attach this policy to the User role associated with your studio. */
     AmazonNimbleStudioStudioUser(): aws_iam.IManagedPolicy;
+    /** Allows Oracle Database@AWS to manage AWS resources on your behalf. */
+    AmazonODBServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides full access to Amazon Omics and other required AWS Services. This policy allows the user to view and accept RAM share invitations to access resources outside of the user's AWS account. */
     AmazonOmicsFullAccess(): aws_iam.IManagedPolicy;
     /** Provide read only access to Amazon Omics */
@@ -734,6 +768,10 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonS3OutpostsReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Provides read only access to all buckets via the AWS Management Console. */
     AmazonS3ReadOnlyAccess(): aws_iam.IManagedPolicy;
+    /** Provides full access to all S3 table buckets. */
+    AmazonS3TablesFullAccess(): aws_iam.IManagedPolicy;
+    /** Provides read only access to all S3 table buckets. */
+    AmazonS3TablesReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Service role policy used by the AWS Service Catalog service to provision products from Amazon SageMaker portfolio of products. Grants permissions to a set of related services including CodePipeline, CodeBuild, CodeCommit, Glue, CloudFormation, etc,. */
     AmazonSageMakerAdminServiceCatalogProductsServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides permissions for Amazon SageMaker Canvas to use AI services to support ready to use AI solutions. This policy will add more mutating permissions for services as Amazon SageMaker Canvas adds support. */
@@ -750,6 +788,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonSageMakerCanvasForecastAccess(): aws_iam.IManagedPolicy;
     /** Provides full access to Amazon SageMaker Canvas resources and operations. The policy also provides select access to related services (e.g., S3, IAM, VPC, ECR, CloudWatch Logs, Redshift, Secrets Manager, and Forecast). This policy should be attached to the Amazon SageMaker Domain/User Profile execution role. */
     AmazonSageMakerCanvasFullAccess(): aws_iam.IManagedPolicy;
+    /** Provides permissions for Amazon SageMaker Canvas to use the SageMaker Data Science Assistant service. The Data Science Assistant currently uses both Amazon SageMaker and Amazon Q Developer to process user prompts. */
+    AmazonSageMakerCanvasSMDataScienceAssistantAccess(): aws_iam.IManagedPolicy;
     /** This policy grants permissions commonly needed to use Amazon SageMaker Cluster. */
     AmazonSageMakerClusterInstanceRolePolicy(): aws_iam.IManagedPolicy;
     /** Managed policy for Service Linked Role for Amazon SageMaker Core Services */
@@ -766,6 +806,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonSageMakerGeospatialFullAccess(): aws_iam.IManagedPolicy;
     /** Provides access to AWS services that are required to run SageMaker GroundTruth Labeling job */
     AmazonSageMakerGroundTruthExecution(): aws_iam.IManagedPolicy;
+    /** This policy grants permissions to Amazon SageMaker HyperPod to related AWS services such as Amazon EKS, Amazon CloudWatch etc. */
+    AmazonSageMakerHyperPodServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides access to create Amazon Augmented AI FlowDefinition resources against any Workteam. */
     AmazonSageMakerMechanicalTurkAccess(): aws_iam.IManagedPolicy;
     /** This AWS managed policy grants permissions needed to use all Amazon SageMaker Governance features. The policy also provides select access to related services (e.g., S3, KMS). */
@@ -800,6 +842,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Service role policy used by the AWS Lambda within the AWS ServiceCatalog provisioned products from Amazon SageMaker portfolio of products. Grants permissions to a set of related services including ECR, S3 and others. */
     AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** This Amazon Managed Policy provides the necessary permissions to create and manage SageMaker Training Plans. It allows users to create Training Plans and Reserved Capacities, describe existing Training Plans, and perform search and listing operations. */
+    AmazonSageMakerTrainingPlanCreateAccess(): aws_iam.IManagedPolicy;
     /** Provides full access to Amazon Security Lake and related services needed to administer Security Lake. */
     AmazonSecurityLakeAdministrator(): aws_iam.IManagedPolicy;
     /** Policy for Amazon SecurityLake meta store manager lambda which allows the access to cloudwatch, S3, Glue and SQS. */
@@ -860,6 +904,10 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonTranscribeFullAccess(): aws_iam.IManagedPolicy;
     /** Provides access to read only operation for Amazon Transcribe */
     AmazonTranscribeReadOnlyAccess(): aws_iam.IManagedPolicy;
+    /** Provides full access to Verified Permissions */
+    AmazonVerifiedPermissionsFullAccess(): aws_iam.IManagedPolicy;
+    /** Provides read-only access to the Verified Permissions service. */
+    AmazonVerifiedPermissionsReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Provides access to create network interfaces and attach them to cross-account resources */
     AmazonVPCCrossAccountNetworkInterfaceOperations(): aws_iam.IManagedPolicy;
     /** Provides full access to Amazon VPC via the AWS Management Console. */
@@ -900,6 +948,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonWorkSpacesSelfServiceAccess(): aws_iam.IManagedPolicy;
     /** Provides customer account access to AWS WorkSpaces service for launching a Workspace. */
     AmazonWorkSpacesServiceAccess(): aws_iam.IManagedPolicy;
+    /** Provides full access to Amazon WorkSpaces Thin Client as well as limited access to required related services */
+    AmazonWorkSpacesThinClientFullAccess(): aws_iam.IManagedPolicy;
     /** Provides read-only access to Amazon WorkSpaces Thin Client and its dependencies */
     AmazonWorkSpacesThinClientReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Provides read-only access to Amazon WorkSpaces Web and its dependencies through the AWS Management Console, SDK, and CLI. */
@@ -926,6 +976,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AppRunnerServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Allows AppStudio to manage associated AWS resources on your behalf. */
     AppStudioServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Policy for Amazon Aurora DSQL Service Linked Role */
+    AuroraDsqlServiceLinkedRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides full access to Auto Scaling via the AWS Management Console. */
     AutoScalingConsoleFullAccess(): aws_iam.IManagedPolicy;
     /** Provides read-only access to Auto Scaling via the AWS Management Console. */
@@ -940,6 +992,20 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AutoScalingServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Default policy for AWS Config service role. Provides permissions required for AWS Config to track changes to your AWS resources. */
     AWSConfigRole(): aws_iam.IManagedPolicy;
+    /** Provides permissions to access the SSM Diagnosis S3 bucket for diagnosis and remediation of issues. */
+    AWSSSMAutomationDiagnosisBucketPolicy(): aws_iam.IManagedPolicy;
+    /** Provide permission for Diagnosing issues with SSM services by executing activities defined within Automation Documents, primarily used for running the Automation documents in a cross-account cross-region setup by triggering child automations within member accounts. */
+    AWSSSMDiagnosisAutomationAdministrationRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provide permission for Diagnosing issues with SSM services by executing activities defined within Automation Documents, primarily used for running the Automation documents in a target account/region setup by diagnosing SSM service health across all nodes. */
+    AWSSSMDiagnosisAutomationExecutionRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides permissions for operational accounts to diagnose unmanaged nodes by providing Organisation specific permissions required by SSM automation to pull the list of member accounts within a root of an Organisation to trigger cross-account cross-region execution by allowing assuming Execution roles in target account/region. */
+    AWSSSMDiagnosisAutomationOperationalAccountAdministrationRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provide permission for Remediating issues with SSM services by executing activities defined within Automation Documents, primarily used for running the Automation documents in a cross-account cross-region setup by triggering child automations within member accounts. */
+    AWSSSMRemediationAutomationAdministrationRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides permissions for Remediating issues with SSM services by executing activities defined within Automation Documents, primarily used for running the Automation documents in a target account/region setup by remediating SSM services health across all nodes. */
+    AWSSSMRemediationAutomationExecutionRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides permissions for operational accounts to Remediate unmanaged nodes by providing Organisation specific permissions required by SSM automation to pull the list of member accounts within a root of an Organisation to trigger cross-account cross-region execution by allowing assuming Execution roles in target account/region. */
+    AWSSSMRemediationAutomationOperationalAccountAdministrationRolePolicy(): aws_iam.IManagedPolicy;
     /** Allows users to access the Account Activity page. */
     AWSAccountActivityAccess(): aws_iam.IManagedPolicy;
     /** Provides full access to AWS Account Management. */
@@ -1048,6 +1114,10 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSAppSyncServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Allows AWS Artifact read-only access to operations in AWS Organizations. */
     AWSArtifactAccountSync(): aws_iam.IManagedPolicy;
+    /** This policy grants full permissions to list, download, accept, and terminate AWS Artifact agreements. It also includes permissions to list and enable AWS service access in the Organization service, as well as describe the organization details. Additionally, the policy provides the ability to check if the required service-linked role exists and creates one if it doesn't */
+    AWSArtifactAgreementsFullAccess(): aws_iam.IManagedPolicy;
+    /** This policy grants read-only access to list the AWS Artifact service agreements and to download the accepted agreements.. It also includes permissions to list as well as describe the organization details. Additionally, the policy provides the ability to check if the required service-linked role exists. */
+    AWSArtifactAgreementsReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Provides read-only access to the AWS Artifact service reports. */
     AWSArtifactReportsReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Allows AWS Artifact to gather information about an organization via AWS Organizations service. */
@@ -1078,6 +1148,10 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSBackupServiceLinkedRolePolicyForBackupTest(): aws_iam.IManagedPolicy;
     /** Provides AWS Backup permission to create backups on your behalf across AWS services */
     AWSBackupServiceRolePolicyForBackup(): aws_iam.IManagedPolicy;
+    /** Policy containing permissions necessary for AWS Backup to index recovery points. */
+    AWSBackupServiceRolePolicyForIndexing(): aws_iam.IManagedPolicy;
+    /** Policy containing permissions necessary for AWS Backup to restore individual items in a recovery point */
+    AWSBackupServiceRolePolicyForItemRestores(): aws_iam.IManagedPolicy;
     /** Provides AWS Backup permission to perform restores on your behalf across AWS services. This policy includes permissions to create and delete AWS resources, such as EBS volumes, RDS instances, and EFS file systems, which are part of the restore process. */
     AWSBackupServiceRolePolicyForRestores(): aws_iam.IManagedPolicy;
     /** Policy containing permissions necessary for AWS Backup to backup data in any S3 bucket. This includes read access to all S3 objects and any decrypt access for all KMS keys. */
@@ -1152,6 +1226,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSCloudFormationReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Grants CloudFront Logger write permissions to CloudWatch Logs. */
     AWSCloudFrontLogger(): aws_iam.IManagedPolicy;
+    /** Allows CloudFront to manage EC2 Elastic Network Interfaces and Security Groups on your behalf. */
+    AWSCloudFrontVPCOriginServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides full access to all CloudHSM resources. */
     AWSCloudHSMFullAccess(): aws_iam.IManagedPolicy;
     /** Provides read only access to all CloudHSM resources. */
@@ -1226,6 +1302,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSCompromisedKeyQuarantine(): aws_iam.IManagedPolicy;
     /** Denies access to certain actions, applied by the AWS team in the event that an IAM user's credentials have been compromised or exposed publicly. Do NOT remove this policy. Instead, please follow the instructions specified in the support case created for you regarding this event. */
     AWSCompromisedKeyQuarantineV2(): aws_iam.IManagedPolicy;
+    /** Denies access to certain actions, applied by AWS in the event that an IAM user's credentials have been compromised or exposed publicly. The policy aims to limit the potential damage that may be caused by fraud-related activity leading to unauthorized charges, while not impacting the existing resources. Do NOT remove this policy. Instead, please follow the instructions specified in the support case created for you regarding this event. */
+    AWSCompromisedKeyQuarantineV3(): aws_iam.IManagedPolicy;
     /** Allows Config to call AWS services and deploy config resources across organization */
     AWSConfigMultiAccountSetupPolicy(): aws_iam.IManagedPolicy;
     /** Allows AWS Config to remediate noncompliant resources on your behalf. */
@@ -1246,12 +1324,20 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSControlTowerServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Grants permissions to to describe the organization of the account, create S3 buckets for the MAP program and apply tags to it, create a Cost and Usage Report, and describe Cost and Usage Report definitions. */
     AWSCostAndUsageReportAutomationPolicy(): aws_iam.IManagedPolicy;
+    /** Gives Data Grant owners access to AWS Data Exchange actions using the AWS Management Console and SDK. */
+    AWSDataExchangeDataGrantOwnerFullAccess(): aws_iam.IManagedPolicy;
+    /** Gives Data Grant receiver access to AWS Data Exchange actions using the AWS Management Console and SDK. */
+    AWSDataExchangeDataGrantReceiverFullAccess(): aws_iam.IManagedPolicy;
     /** Grants full access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange. */
     AWSDataExchangeFullAccess(): aws_iam.IManagedPolicy;
     /** Grants data provider access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange. */
     AWSDataExchangeProviderFullAccess(): aws_iam.IManagedPolicy;
     /** Grants read-only access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. */
     AWSDataExchangeReadOnly(): aws_iam.IManagedPolicy;
+    /** Allows AWS Data Exchange to access AWS Services and Resources used or managed by AWS Data Exchange for license management. */
+    AWSDataExchangeServiceRolePolicyForLicenseManagement(): aws_iam.IManagedPolicy;
+    /** Allows AWS Data Exchange to read data about your AWS Organization to determine eligibility for AWS Data Exchange data grants license distribution. */
+    AWSDataExchangeServiceRolePolicyForOrganizationDiscovery(): aws_iam.IManagedPolicy;
     /** Grants data subscriber access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange. */
     AWSDataExchangeSubscriberFullAccess(): aws_iam.IManagedPolicy;
     /** Provides appropriate permissions to AWS Data Lifecycle Manager to take actions on AWS resources */
@@ -1270,6 +1356,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSDataSyncFullAccess(): aws_iam.IManagedPolicy;
     /** Provides read-only access to AWS DataSync */
     AWSDataSyncReadOnlyAccess(): aws_iam.IManagedPolicy;
+    /** Allows DataSync to integrate with other AWS services on your behalf */
+    AWSDataSyncServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides AWS Deadline Cloud workers with access to run tasks on a farm. */
     AWSDeadlineCloudFleetWorker(): aws_iam.IManagedPolicy;
     /** Provides user workstation access to AWS Deadline Cloud farms with limited Read-Only permissions to call other necessary services. Attach this policy to the user role associated with your studio. */
@@ -1312,6 +1400,10 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSDirectConnectReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Provides AWS Direct Connect permission to create and manage AWS resources on your behalf. */
     AWSDirectConnectServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides full access to AWS Directory Service Data. */
+    AWSDirectoryServiceDataFullAccess(): aws_iam.IManagedPolicy;
+    /** Provides read-only access to AWS Directory Service Data */
+    AWSDirectoryServiceDataReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Provides full access to AWS Directory Service. */
     AWSDirectoryServiceFullAccess(): aws_iam.IManagedPolicy;
     /** Provides read only access to AWS Directory Service. */
@@ -1698,6 +1790,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSMarketplaceResaleAuthorizationServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides full access to all seller operations on the AWS Marketplace and other AWS services such as AMI management. */
     AWSMarketplaceSellerFullAccess(): aws_iam.IManagedPolicy;
+    /** Provides sellers access to Offers and Agreements management activities. */
+    AWSMarketplaceSellerOfferManagement(): aws_iam.IManagedPolicy;
     /** Provides sellers full access to AWS Marketplace Management Products page and other AWS services such as AMI management. */
     AWSMarketplaceSellerProductsFullAccess(): aws_iam.IManagedPolicy;
     /** Provide sellers read-only access to AWS Marketplace Management Products page. */
@@ -1748,6 +1842,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSNetworkManagerReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Allow NetworkManager to access resources associated with your Global Networks */
     AWSNetworkManagerServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides access to manage AWS Config Configuration Recorder, manage AWS Config Configuration Aggregator, create AWS Config Service Linked Role for Configuration Recorder functionality, consume recorder configuration data, and read AWS Organizations data for organizational features. */
+    AWSObservabilityAdminServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides full access to AWS OpsWorks. */
     AWSOpsWorksFullAccess(): aws_iam.IManagedPolicy;
     /** Enables OpsWorks instances with the CWLogs integration enabled to ship logs and create required log groups */
@@ -1786,6 +1882,18 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSPanoramaServiceLinkedRolePolicy(): aws_iam.IManagedPolicy;
     /** Allows AWS Panorama to manage resources in Amazon S3, AWS IoT, AWS IoT GreenGrass, AWS Lambda, Amazon SageMaker, and Amazon CloudWatch Logs, and to pass service roles to AWS IoT, AWS IoT GreenGrass, and Amazon SageMaker. */
     AWSPanoramaServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides full access to AWS Partner Central and related AWS Services. */
+    AWSPartnerCentralFullAccess(): aws_iam.IManagedPolicy;
+    /** Provides necessary access for opportunity management activities. */
+    AWSPartnerCentralOpportunityManagement(): aws_iam.IManagedPolicy;
+    /** Provides necessary access for developer testing in the Sandbox catalog. */
+    AWSPartnerCentralSandboxFullAccess(): aws_iam.IManagedPolicy;
+    /** Provides access to the ResourceSnapshotJob to read a resource and snapshot it in the target engagement. */
+    AWSPartnerCentralSellingResourceSnapshotJobExecutionRolePolicy(): aws_iam.IManagedPolicy;
+    /** This policy can be used to grant read-only access to APIs that can read service metadata for services in your AWS account. You can use this policy to provide your partners in the Partner-Led Support Program with access to the services specified in the permissions details section below. */
+    AWSPartnerLedSupportReadOnlyAccess(): aws_iam.IManagedPolicy;
+    /** Grants permissions to PCS to manage resources on your behalf. */
+    AWSPCSServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides full access to AWS Price List Service. */
     AWSPriceListServiceFullAccess(): aws_iam.IManagedPolicy;
     /** Provides auditor access to AWS Private Certificate Authority */
@@ -1828,6 +1936,12 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSQuickSetupDevOpsGuruPermissionsBoundary(): aws_iam.IManagedPolicy;
     /** QuickSetup creates IAM roles which enable it to configure the Systems Manager Distributor feature on your behalf, and uses this policy when creating such roles to define the boundary of their permissions. */
     AWSQuickSetupDistributorPermissionsBoundary(): aws_iam.IManagedPolicy;
+    /** This policy grants permissions that allow Systems Manager to run the AWSQuickSetupType-EnableAREX Automation runbook, which enables AWS Resource Explorer for use with Systems Manager. */
+    AWSQuickSetupEnableAREXExecutionPolicy(): aws_iam.IManagedPolicy;
+    /** This policy grants permissions that allow principals to run the AWSQuickSetupType-EnableDHMC Automation runbook, which enables Default Host Management Configuration. */
+    AWSQuickSetupEnableDHMCExecutionPolicy(): aws_iam.IManagedPolicy;
+    /** This policy grants administrative permissions that allow Systems Manager to create a default IAM instance profile for the Quick Setup capability and attach it to Amazon EC2 instances that don't already have an instance. profile attached. */
+    AWSQuickSetupManagedInstanceProfileExecutionPolicy(): aws_iam.IManagedPolicy;
     /** Provides read-only permissions to access patch baselines that have been configured by an administrator in the current AWS account or organization using Quick Setup. */
     AWSQuickSetupPatchPolicyBaselineAccess(): aws_iam.IManagedPolicy;
     /** Provides permissions that allow Quick Setup to create resources associated with a patch policy configuration. */
@@ -1836,8 +1950,16 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSQuickSetupPatchPolicyPermissionsBoundary(): aws_iam.IManagedPolicy;
     /** The AWSQuickSetupSchedulerPermissionsBoundary policy defines the list of permissions that are permitted in an IAM role created by Quick Setup. Quick Setup uses a role created with this policy to enable and configure scheduled operations on Amazon EC2 instances and other resources. */
     AWSQuickSetupSchedulerPermissionsBoundary(): aws_iam.IManagedPolicy;
+    /** This policy grants administrative permssions that allow Quick Setup to create resources that are used during the Systems Manager onboarding process. */
+    AWSQuickSetupSSMDeploymentRolePolicy(): aws_iam.IManagedPolicy;
+    /** This policy grants permissions for listing all S3 buckets in an account; and for managing and retrieving information about specific buckets in the principal account that are managed through AWS CloudFormation templates. */
+    AWSQuickSetupSSMDeploymentS3BucketRolePolicy(): aws_iam.IManagedPolicy;
     /** Quick Setup creates IAM roles which enable it to configure the Host Manager Quick Setup type on your behalf, and uses this policy when creating such roles to define the boundary of their permissions. */
     AWSQuickSetupSSMHostMgmtPermissionsBoundary(): aws_iam.IManagedPolicy;
+    /** The policy grants administrative permissions that allow Quick Setup to run the a AWS CloudFormation custom resource on lifecycle events during Quick Setup deployment in Systems Manager. */
+    AWSQuickSetupSSMLifecycleManagementExecutionPolicy(): aws_iam.IManagedPolicy;
+    /** This policy grants permissions that allow Systems Manager to create prerequisites such as IAM roles required for Systems Manager onboarding. */
+    AWSQuickSetupSSMManageResourcesExecutionPolicy(): aws_iam.IManagedPolicy;
     /** Provides the set of permissions required to perform QuickSight Asset Bundle Export Operations */
     AWSQuickSightAssetBundleExportPolicy(): aws_iam.IManagedPolicy;
     /** Provides the set of permissions required to perform QuickSight Asset Bundle Import Operations */
@@ -1914,6 +2036,16 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSSecurityHubReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** A service-linked role required for AWS Security Hub to access your resources. */
     AWSSecurityHubServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Policy provides customers with Read and Write permissions to case resources that are created through the Security Incident Response service. */
+    AWSSecurityIncidentResponseCaseFullAccess(): aws_iam.IManagedPolicy;
+    /** Policy provides customers with Read and Write permissions to all resources associated to the Security Incident Response service. */
+    AWSSecurityIncidentResponseFullAccess(): aws_iam.IManagedPolicy;
+    /** Policy provides customers with Read-only permissions to all resources associated to the Security Incident Response service. Permission includes access to GetCaseAttachmentDownloadUrl as well for the ability to get case attachment download URLs. */
+    AWSSecurityIncidentResponseReadOnlyAccess(): aws_iam.IManagedPolicy;
+    /** Provides access to AWS Resources managed or used by Security Incident Response */
+    AWSSecurityIncidentResponseServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides access to AWS Security Incident Response to continuously monitor your environment for security threats, tune security services to reduce alert noise, and gather information to investigate potential incidents. */
+    AWSSecurityIncidentResponseTriageServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides full access to service catalog admin capabilities */
     AWSServiceCatalogAdminFullAccess(): aws_iam.IManagedPolicy;
     /** Provides read-only access to Service Catalog admin capabilities */
@@ -1960,6 +2092,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSServiceRoleForNeptuneGraphPolicy(): aws_iam.IManagedPolicy;
     /** Provides permissions to describe and update Private Marketplace resources and describe AWS Organizations */
     AWSServiceRoleForPrivateMarketplaceAdminPolicy(): aws_iam.IManagedPolicy;
+    /** Policy for Procurement Insights to obtain Organization Account details */
+    AWSServiceRoleForProcurementInsightsPolicy(): aws_iam.IManagedPolicy;
     /** Provides access to AWS services and resources necessary to migrate service instances into AWS including EC2, S3 and Cloudformation. */
     AWSServiceRoleForSMS(): aws_iam.IManagedPolicy;
     /** Provides access to the User Subscriptions service to your Identity Center resources to automatically update your subscriptions. */
@@ -1972,6 +2106,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSShieldDRTAccessPolicy(): aws_iam.IManagedPolicy;
     /** Allows AWS Shield to access AWS resources on your behalf to provide DDoS protection. */
     AWSShieldServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides access to publish metrics and provide insights for your social message sending. */
+    AWSSocialMessagingServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides AWS Systems Manager for SAP with the permissions needed to manage and integrate SAP software with AWS. */
     AWSSSMForSAPServiceLinkedRolePolicy(): aws_iam.IManagedPolicy;
     /** Policy for Service Linked Role AWSServiceRoleForAmazonSSM_OpsInsights */
@@ -2168,8 +2304,14 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     CloudWatchFullAccess(): aws_iam.IManagedPolicy;
     /** Provides full access to CloudWatch. */
     CloudWatchFullAccessV2(): aws_iam.IManagedPolicy;
+    /** Provides full access to actions for working with Amazon CloudWatch Internet Monitor. Also provides access to other services, such as Amazon CloudWatch, Amazon EC2, Amazon CloudFront, Amazon WorkSpaces, and Elastic Load Balancing, that are necessary to use the Internet Monitor service for monitoring and storing information about application traffic. */
+    CloudWatchInternetMonitorFullAccess(): aws_iam.IManagedPolicy;
+    /** Provides read only access to actions for working with Amazon CloudWatch Internet Monitor. Also provides access to other services in Amazon CloudWatch, including policies to retrieve information on CloudWatch metrics and to manage log queries, that are necessary to use the Internet Monitor service for monitoring and storing information about application traffic. */
+    CloudWatchInternetMonitorReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Allows Internet Monitor to access EC2, Workspaces, and CloudFront resources, and other required services on your behalf. */
     CloudWatchInternetMonitorServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides write access to X-Ray and CloudWatch Application Signals log group. */
+    CloudWatchLambdaApplicationSignalsExecutionRolePolicy(): aws_iam.IManagedPolicy;
     /** Policy required for the Lambda Insights Extension */
     CloudWatchLambdaInsightsExecutionRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides capabilities to manage Observability Access Manager links and establish sharing of CloudWatch Logs resources */
@@ -2178,8 +2320,18 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     CloudWatchLogsFullAccess(): aws_iam.IManagedPolicy;
     /** Provides read only access to CloudWatch Logs */
     CloudWatchLogsReadOnlyAccess(): aws_iam.IManagedPolicy;
+    /** You can use this policy in IAM roles that are attached to Amazon EC2 and Amazon EKS instance resources to send telemetry reports (metrics) to a Network Flow Monitor endpoint. */
+    CloudWatchNetworkFlowMonitorAgentPublishPolicy(): aws_iam.IManagedPolicy;
+    /** You can't attach CloudWatchNetworkFlowMonitorServiceRolePolicy to your IAM entities. This policy is attached to a service-linked role named AWSServiceRoleForNetworkFlowMonitor, which publishes network telemetry aggregation results, collected by Network Flow Monitor agents, to CloudWatch. It also allows the service to use AWS Organizations to get information for multi-account scenarios. */
+    CloudWatchNetworkFlowMonitorServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** You can't attach CloudWatchNetworkFlowMonitorTopologyServiceRolePolicy to your IAM entities. This policy is attached to a service-linked role named AWSServiceRoleForNetworkFlowMonitor_Topology, which generates topology snapshots of resources used by Network Flow Monitor in your account. */
+    CloudWatchNetworkFlowMonitorTopologyServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Allows CloudWatch Network Monitor to access and manage EC2 and VPC resources, publish data to CloudWatch and access other required services on your behalf. */
     CloudWatchNetworkMonitorServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** This policy provides user access to view OpenSearch dashboards on the CloudWatch Logs console. */
+    CloudWatchOpenSearchDashboardAccess(): aws_iam.IManagedPolicy;
+    /** This policy provides user access to create integration with OpenSearch to create, update, delete or view dashboards on the CloudWatch Logs console. */
+    CloudWatchOpenSearchDashboardsFullAccess(): aws_iam.IManagedPolicy;
     /** Provides read only access to CloudWatch. */
     CloudWatchReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Provides full access to CloudWatch Synthetics. */
@@ -2214,6 +2366,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     DataScientist(): aws_iam.IManagedPolicy;
     /** This policy allows DAX to create and manage Network interface, Security group, Subnet and Vpc on behalf of customer */
     DAXServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides access to read-only APIs needed to run EC2 Declarative Policies Account Status Report. */
+    DeclarativePoliciesEC2Report(): aws_iam.IManagedPolicy;
     /** Permissions required to support Amazon CloudWatch Contributor Insights for Amazon DynamoDB. */
     DynamoDBCloudWatchContributorInsightsServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provide AWS DynamoDB access to KinesisDataStreams */
@@ -2268,6 +2422,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     FMSServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Allows Amazon FSx to delete its Service Linked Roles for Amazon S3 access */
     FSxDeleteServiceLinkedRoleAccess(): aws_iam.IManagedPolicy;
+    /** Grants the required permissions for compute actions in an Amazon GameLift container fleet, including access to dependencies such as Amazon S3. */
+    GameLiftContainerFleetPolicy(): aws_iam.IManagedPolicy;
     /** Policy to allow Gamelift GameServerGroups to manage customer resources */
     GameLiftGameServerGroupPolicy(): aws_iam.IManagedPolicy;
     /** Allow GlobalAccelerator Users full Access to all APIs */
@@ -2288,6 +2444,12 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     IAMAccessAnalyzerFullAccess(): aws_iam.IManagedPolicy;
     /** Provides read only access to IAM Access Analyzer resources */
     IAMAccessAnalyzerReadOnlyAccess(): aws_iam.IManagedPolicy;
+    /** Provides access required to check the presence of root user credentials such as root user password and root user access keys using the Security Token Service (STS) AssumeRoot API. Use this managed policy only with the STS AssumeRoot action. */
+    IAMAuditRootUserCredentials(): aws_iam.IManagedPolicy;
+    /** Provides access required to create a root user password using the Security Token Service (STS) AssumeRoot API.  Use this managed policy only with the STS AssumeRoot action. */
+    IAMCreateRootUserPassword(): aws_iam.IManagedPolicy;
+    /** Provides access required to delete all root user credentials such as root password and root access keys using the Security Token Service (STS) AssumeRoot API.  Use this managed policy only with the STS AssumeRoot action. */
+    IAMDeleteRootUserCredentials(): aws_iam.IManagedPolicy;
     /** Provides full access to IAM via the AWS Management Console. */
     IAMFullAccess(): aws_iam.IManagedPolicy;
     /** Provides read only access to IAM via the AWS Management Console. */
@@ -2352,6 +2514,10 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     PartnerCentralAccountManagementUserRoleAssociation(): aws_iam.IManagedPolicy;
     /** Provides full access to AWS services and resources, but does not allow management of Users and groups. */
     PowerUserAccess(): aws_iam.IManagedPolicy;
+    /** Grants permissions to AWS Services and Resources used or managed by Amazon Q Apps. */
+    QAppsServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Grants permissions to QBusiness to call QuickSight APIs for the QuickSight plugin */
+    QBusinessQuicksightPluginPolicy(): aws_iam.IManagedPolicy;
     /** Grants permissions to AWS Services and Resources used or managed by Amazon Q */
     QBusinessServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Policy used by QuickSight team to access customer data produced by S3 Storage Management Analytics. */
@@ -2366,6 +2532,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     ResourceGroupsandTagEditorReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Allows AWS Resource Groups to query the AWS services that own your resources to keep the group up-to-date */
     ResourceGroupsServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides permissions to tag and untag all the resources supported by Resource Groups Tagging API. This policy also grants the permissions required to retrieve all tagged, or previously tagged, resources through the Resource Groups Tagging API. */
+    ResourceGroupsTaggingAPITagUntagSupportedResources(): aws_iam.IManagedPolicy;
     /** Allows the OpenShift Amazon EBS Container Storage Interface (CSI) Driver Operator to install and maintain the Amazon EBS CSI driver on a Red Hat OpenShift Service on AWS (ROSA) cluster. The Amazon EBS CSI driver allows ROSA clusters to manage the lifecycle of Amazon EBS volumes for persistent volumes. */
     ROSAAmazonEBSCSIDriverOperatorPolicy(): aws_iam.IManagedPolicy;
     /** Allows the OpenShift Cloud Network Config Controller Operator to provision and manage networking resources for use by the Red Hat OpenShift Service on AWS (ROSA) cluster networking overlay. The OpenShift Cloud Network Operator interfaces with AWS APIs on behalf of the network plugins via CustomResourceDefinitions. The operator uses these policy permissions to manage private IP addresses for Amazon EC2 instances as part of the ROSA cluster. */
@@ -2396,14 +2564,30 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     Route53ResolverServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Enables access to AWS Services and Resources used or managed by S3 Storage Lens */
     S3StorageLensServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides access required to unlock a S3 bucket policy using the Security Token Service (STS) AssumeRoot API. Use this managed policy only with the STS AssumeRoot action. */
+    S3UnlockBucketPolicy(): aws_iam.IManagedPolicy;
+    /** This policy is used by Amazon SageMaker Studio to catalog, discover, govern, share, and analyze data in the Amazon SageMaker Studio domain. */
+    SageMakerStudioDomainExecutionRolePolicy(): aws_iam.IManagedPolicy;
+    /** Service role for domain level actions in the portal that are performed by Amazon SageMaker Studio. */
+    SageMakerStudioDomainServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** This policy provides full access to Amazon SageMaker Unified Studio via the Amazon SageMaker management console. */
+    SageMakerStudioFullAccess(): aws_iam.IManagedPolicy;
+    /** Amazon SageMaker Studio uses this policy to provision and manage resources in your account. */
+    SageMakerStudioProjectProvisioningRolePolicy(): aws_iam.IManagedPolicy;
+    /** Amazon SageMaker Studio creates IAM roles for projects users to perform data analytics, artificial intelligence, and machine learning actions, and uses this policy when creating these roles to define the permissions related to SageMaker. */
+    SageMakerStudioProjectRoleMachineLearningPolicy(): aws_iam.IManagedPolicy;
+    /** Amazon SageMaker creates IAM roles for Projects users to perform data analytics, artificial intelligence, and machine learning actions, and uses this policy when creating these roles to define the boundary of their permissions. */
+    SageMakerStudioProjectUserRolePermissionsBoundary(): aws_iam.IManagedPolicy;
+    /** Amazon SageMaker Studio creates IAM roles for projects users to perform data analytics, artificial intelligence, and machine learning actions, and uses this policy when creating these roles to define the permissions. */
+    SageMakerStudioProjectUserRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides read/write access to AWS Secrets Manager via the AWS Management Console. Note: this exludes IAM actions, so combine with IAMFullAccess if rotation configuration is required. */
     SecretsManagerReadWrite(): aws_iam.IManagedPolicy;
     /** The security audit template grants access to read security configuration metadata. It is useful for software that audits the configuration of an AWS account. */
     SecurityAudit(): aws_iam.IManagedPolicy;
+    /** Provides access to manage resources created by Security Lake. */
+    SecurityLakeResourceManagementServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** This policy grants permissions to operate the Amazon Security Lake service on your behalf */
     SecurityLakeServiceLinkedRole(): aws_iam.IManagedPolicy;
-    /** Permissions to allow the AWS Server Migration Service to migrate VMs to EC2: allows the Server Migration Service to place the migrated resources into the customer's EC2 account. */
-    ServerMigrationServiceRole(): aws_iam.IManagedPolicy;
     /** Permissions to allow the AWS Server Migration Connector to migrate VMs to EC2. Allows communication with the AWS Server Migration Service, read/write access to S3 buckets starting with 'sms-b-' and 'import-to-ec2-' as well as the buckets used for AWS Server Migration Connector upgrade, AWS Server Migration Connector registration with AWS, and metrics upload to AWS. */
     ServerMigrationConnector(): aws_iam.IManagedPolicy;
     /** Required permissions to use all features of the Server Migration Service Console */
@@ -2420,8 +2604,12 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     ServiceQuotasServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides full access to the Simple Workflow configuration service. */
     SimpleWorkflowFullAccess(): aws_iam.IManagedPolicy;
+    /** Allows SMSVoice to publish metrics to CloudWatch on your behalf */
+    SMSVoiceServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Allows split cost allocation data to retrieve AWS Organizations information, if applicable, and collect telemetry data for the split cost allocation data services that the customer has opted in to. */
     SplitCostAllocationDataServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides access required to unlock a SQS queue policy using the Security Token Service (STS) AssumeRoot API. Use this managed policy only with the STS AssumeRoot action. */
+    SQSUnlockQueuePolicy(): aws_iam.IManagedPolicy;
     /** Provides permissions to check Quick Setup configuration health, ensure consistent use of parameters and provisioned resources, and remediate resources when drift is detected. */
     SSMQuickSetupRolePolicy(): aws_iam.IManagedPolicy;
     /** This policy grants permissions to troubleshoot and resolve issues in an AWS account. This policy also enables the user to contact AWS support to create and manage cases. */