iam-floyd 0.731.0 → 0.733.0

package/README.md

@@ -16,10 +16,10 @@
 <!-- stats -->
 Support for:
 
-- 431 Services
-- 19416 Actions
-- 2068 Resource Types
-- 2184 Condition keys
+- 434 Services
+- 19576 Actions
+- 2083 Resource Types
+- 2210 Condition keys
 <!-- /stats -->
 
 ![EXPERIMENTAL](https://img.shields.io/badge/stability-experimantal-orange?style=for-the-badge)**<br>This is an early version of the package. The API will change while I implement new features. Therefore make sure you use an exact version in your `package.json` before it reaches 1.0.0.**

package/lib/generated/aws-managed-policies/cdk-iam-floyd.d.ts

@@ -62,6 +62,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonAppStreamServiceAccess(): aws_iam.IManagedPolicy;
     /** Provide full access to Amazon Athena and scoped access to the dependencies needed to enable querying, writing results, and data management. */
     AmazonAthenaFullAccess(): aws_iam.IManagedPolicy;
+    /** Allows access to other AWS service resources that are required to run Amazon Athena */
+    AmazonAthenaServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides access to perform all operations Amazon Augmented AI resources, including FlowDefinitions, HumanTaskUis and HumanLoops. Does not allow access for creating FlowDefinitions against the public-crowd Workteam. */
     AmazonAugmentedAIFullAccess(): aws_iam.IManagedPolicy;
     /** Provides access to perform all operations on HumanLoops. */
@@ -332,6 +334,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonEKSLocalOutpostClusterPolicy(): aws_iam.IManagedPolicy;
     /** Allows Amazon EKS Local to call AWS services on your behalf. */
     AmazonEKSLocalOutpostServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides read-only access to the Amazon EKS MCP service. This policy grants permissions to use only read-only tools in the EKS MCP service meant for observability, troubleshooting, retrieving EKS resource information, and getting EKS-optimized suggestions. */
+    AmazonEKSMCPReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Policy attached to the EKS Cluster Role that grants permissions to manage the cluster's networking resources. */
     AmazonEKSNetworkingPolicy(): aws_iam.IManagedPolicy;
     /** This policy allows Amazon Elastic Container Service for Kubernetes to create and manage the necessary resources to operate EKS Clusters. */
@@ -638,6 +642,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonMSKFullAccess(): aws_iam.IManagedPolicy;
     /** Provide readonly access to Amazon MSK */
     AmazonMSKReadOnlyAccess(): aws_iam.IManagedPolicy;
+    /** Provides access to Amazon Airflow Serverless Service to manage networking for your workflows and access other AWS services on your behalf */
+    AmazonMWAAServerlessServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** The Service Linked Role used by Amazon Managed Workflows for Apache Airflow. */
     AmazonMWAAServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** This policy grants access to resources needed by Nimble Studio Launch Profile workers. Attach this policy to EC2 instances created by Nimble Studio Builder. */
@@ -734,6 +740,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonRedshiftAllCommandsFullAccess(): aws_iam.IManagedPolicy;
     /** This policy provides full access to Amazon Redshift Data APIs. This policy also grants scoped access to other required services. */
     AmazonRedshiftDataFullAccess(): aws_iam.IManagedPolicy;
+    /** This is an ease-of-use policy for running queries with Amazon Redshift Federated Authorization */
+    AmazonRedshiftFederatedAuthorization(): aws_iam.IManagedPolicy;
     /** Provides full access to Amazon Redshift via the AWS Management Console. */
     AmazonRedshiftFullAccess(): aws_iam.IManagedPolicy;
     /** Provides full access to the Amazon Redshift Query Editor and to saved queries via the AWS Management Console. */
@@ -886,6 +894,10 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Service role policy used by the AWS Lambda within the AWS ServiceCatalog provisioned products from Amazon SageMaker portfolio of products. Grants permissions to a set of related services including ECR, S3 and others. */
     AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Grants Systems Manager activation, session management, and KMS key operations permissions required for the SageMaker Spaces Addon to enable secure remote access to EKS SageMaker Spaces. */
+    AmazonSageMakerSpacesControllerPolicy(): aws_iam.IManagedPolicy;
+    /** Grants Systems KMS key operations permissions required for the SageMaker Spaces Router to enable secure remote access to EKS SageMaker Spaces. */
+    AmazonSageMakerSpacesRouterPolicy(): aws_iam.IManagedPolicy;
     /** This Amazon Managed Policy provides the necessary permissions to create and manage SageMaker Training Plans. It allows users to create Training Plans and Reserved Capacities, describe existing Training Plans, and perform search and listing operations. */
     AmazonSageMakerTrainingPlanCreateAccess(): aws_iam.IManagedPolicy;
     /** Provides full access to Amazon Security Lake and related services needed to administer Security Lake. */
@@ -1188,6 +1200,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSBackupFullAccess(): aws_iam.IManagedPolicy;
     /** Provides AWS BackupGateway permission to sync the metadata of Virtual Machines on your behalf */
     AWSBackupGatewayServiceRolePolicyForVirtualMachineMetadataSync(): aws_iam.IManagedPolicy;
+    /** Provides GuardDuty permission to read your AWS Backup Recovery Points for malware scans */
+    AWSBackupGuardDutyRolePolicyForScans(): aws_iam.IManagedPolicy;
     /** This policy grants users permissions to assign AWS resources to backup plans, create on-demand backups, and restore backups. This policy does not allow the user to create or edit backup plans or to delete scheduled backups after they are created. */
     AWSBackupOperatorAccess(): aws_iam.IManagedPolicy;
     /** This policy is for backup administators who use cross-account backup management to manage backups for the organization. */
@@ -1212,6 +1226,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSBackupServiceRolePolicyForS3Backup(): aws_iam.IManagedPolicy;
     /** Policy containing permissions necessary for AWS Backup to restore a S3 backup to a bucket. This includes read/write permissions to all S3 buckets, and permissions to GenerateDataKey and DescribeKey for all KMS keys. */
     AWSBackupServiceRolePolicyForS3Restore(): aws_iam.IManagedPolicy;
+    /** Provides AWS Backup permission to perform malware scans on your AWS Backup Recovery Points */
+    AWSBackupServiceRolePolicyForScans(): aws_iam.IManagedPolicy;
     /** Provides full access for AWS Batch resources. */
     AWSBatchFullAccess(): aws_iam.IManagedPolicy;
     /** Policy to enable CloudWatch Event Target for AWS Batch Job Submission */
@@ -1678,6 +1694,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSHealthImagingReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Provides the list of actions that are allowed for roles assumed with the IAM Identity Center identity context. AWS Security Token Service (AWS STS) automatically attaches this policy to assumed roles. The identity context is passed as ProvidedContext. */
     AWSIAMIdentityCenterAllowListForIdentityContext(): aws_iam.IManagedPolicy;
+    /** Provides access to manage IAM Identity Center users from an external provider. */
+    AWSIdentityCenterExternalManagementPolicy(): aws_iam.IManagedPolicy;
     /** Grants full access to the Identity Sync service */
     AWSIdentitySyncFullAccess(): aws_iam.IManagedPolicy;
     /** Read only access to the Identity Sync service */
@@ -1874,6 +1892,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSMarketplaceSellerProductsFullAccess(): aws_iam.IManagedPolicy;
     /** Provide sellers read-only access to AWS Marketplace Management Products page. */
     AWSMarketplaceSellerProductsReadOnly(): aws_iam.IManagedPolicy;
+    /** Provides full access to all MCP service actions. This policy does not grant access to the actions taken by the MCP, only the MCP actions themselves. */
+    AWSMcpServiceActionsFullAccess(): aws_iam.IManagedPolicy;
     /** The default policy that enables access to AWS Services and Resources used or managed by MediaConnect. */
     AWSMediaConnectServicePolicy(): aws_iam.IManagedPolicy;
     /** Allows MediaLive Anywhere to create and manage AWS resources on your behalf. */
@@ -1912,6 +1932,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSMigrationHubStrategyServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Grants permissions to Amazon MSK Replicator to replicate data between MSK Clusters. */
     AWSMSKReplicatorExecutionRole(): aws_iam.IManagedPolicy;
+    /** Provides permissions to manage VPC resources for the configuration and management of NAT Gateways. */
+    AWSNATGatewayServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Grants full access to AWS Network Firewall service, including permissions to create, configure, manage, and delete firewall resources, policies, and rule groups. Additionally includes permissions to modify VPC endpoints, S3 bucket policies, CloudWatch Logs configurations, and create service-linked roles for Network Firewall and log delivery services */
     AWSNetworkFirewallFullAccess(): aws_iam.IManagedPolicy;
     /** Provides read-only access to AWS Network Firewall resources via the AWS Management Console, CLI, and SDKs. This policy allows users to view and monitor firewall configurations, policies, rule groups, and associated resources, without the ability to make changes. */
@@ -1956,6 +1978,10 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSPanoramaServiceLinkedRolePolicy(): aws_iam.IManagedPolicy;
     /** Allows AWS Panorama to manage resources in Amazon S3, AWS IoT, AWS IoT GreenGrass, AWS Lambda, Amazon SageMaker, and Amazon CloudWatch Logs, and to pass service roles to AWS IoT, AWS IoT GreenGrass, and Amazon SageMaker. */
     AWSPanoramaServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides necessary access for channel handshake approval management activities. */
+    AWSPartnerCentralChannelHandshakeApprovalManagement(): aws_iam.IManagedPolicy;
+    /** Provides necessary access for channel management activities. */
+    AWSPartnerCentralChannelManagement(): aws_iam.IManagedPolicy;
     /** Provides full access to AWS Partner Central and related AWS Services. */
     AWSPartnerCentralFullAccess(): aws_iam.IManagedPolicy;
     /** Provides necessary access for opportunity management activities. */
@@ -2474,6 +2500,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     ComprehendMedicalFullAccess(): aws_iam.IManagedPolicy;
     /** Provides read-only access to Amazon Comprehend. */
     ComprehendReadOnly(): aws_iam.IManagedPolicy;
+    /** The ComputeOptimizerAutomationServiceRolePolicy managed policy is attached to a service-linked role that allows Compute Optimizer to perform actions on your behalf */
+    ComputeOptimizerAutomationServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Provides read only access to ComputeOptimizer. */
     ComputeOptimizerReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Allows ComputeOptimizer to call AWS services and collect workload details on your behalf. */
@@ -2782,6 +2810,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     ServiceQuotasReadOnlyAccess(): aws_iam.IManagedPolicy;
     /** Allows Service Quotas to create support cases on your behalf */
     ServiceQuotasServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Provides permissions for programmatic access to AWS through the AWS Sign-in service, including OAuth2 token creation for developer tools and applications. */
+    SignInLocalDevelopmentAccess(): aws_iam.IManagedPolicy;
     /** Provides full access to the Simple Workflow configuration service. */
     SimpleWorkflowFullAccess(): aws_iam.IManagedPolicy;
     /** Allows SMSVoice to publish metrics to CloudWatch on your behalf */