iam-floyd 0.773.0 → 0.775.0

package/README.md

@@ -16,9 +16,9 @@
 Support for:
 
 - 447 Services
-- 20597 Actions
+- 20608 Actions
 - 2189 Resource Types
-- 2319 Condition keys
+- 2329 Condition keys
 <!-- /stats -->
 
 ![EXPERIMENTAL](https://img.shields.io/badge/stability-experimantal-orange?style=for-the-badge)**<br>This is an early version of the package. The API will change while I implement new features. Therefore make sure you use an exact version in your `package.json` before it reaches 1.0.0.**

package/lib/generated/aws-managed-policies/cdk-iam-floyd.d.ts

@@ -264,8 +264,12 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AmazonDynamoDBFullAccesswithDataPipeline(): aws_iam.IManagedPolicy;
     /** Provides read only access to Amazon DynamoDB via the AWS Management Console. */
     AmazonDynamoDBReadOnlyAccess(): aws_iam.IManagedPolicy;
+    /** IAM Policy that allows the CSI driver service account to make calls to related services such as EC2 on your behalf. This policy restricts the Amazon EBS CSI driver to only managing EBS volumes and snapshots that belong to a specific EKS cluster. It requires the resource tag ebs.csi.aws.com/cluster-name to match the eks-cluster-name tag on the IAM principal, preventing cross-cluster access when multiple clusters share the same AWS account. Attach and detach operations on instances are restricted to instances tagged with either the eks:cluster-name tag (set automatically by EKS on managed node groups) or the ebs.csi.aws.com/cluster-name tag (for manually tagged instances). */
+    AmazonEBSCSIDriverEKSClusterScopedPolicy(): aws_iam.IManagedPolicy;
     /** IAM Policy that allows the CSI driver service account to make calls to related services such as EC2 on your behalf. */
     AmazonEBSCSIDriverPolicy(): aws_iam.IManagedPolicy;
+    /** IAM Policy that allows the EBS CSI driver service account to make calls to related services such as EC2 on your behalf. It limits the Amazon EBS CSI driver to only managing EBS volumes and snapshots that are tagged with the key ebs.csi.aws.com/cluster set to true. Volumes provisioned by the in-tree Kubernetes volume plugin (CSI-migrated volumes) are also supported through the kubernetes.io/created-for/pvc/name resource tag. */
+    AmazonEBSCSIDriverPolicyV2(): aws_iam.IManagedPolicy;
     /** Provides administrative access to Amazon ECR resources */
     AmazonEC2ContainerRegistryFullAccess(): aws_iam.IManagedPolicy;
     /** Provides full access to Amazon EC2 Container Registry repositories, but does not allow repository deletion or policy changes. */
@@ -1292,6 +1296,8 @@ export declare class AwsManagedPolicy extends AwsManagedPolicyStatic {
     AWSBCMDataExportsServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Allows Bedrock AgentCore Gateway to managed VPC Lattice resources on your behalf */
     AWSBedrockAgentCoreGatewayNetworkServiceRolePolicy(): aws_iam.IManagedPolicy;
+    /** Allows Bedrock AgentCore Identity to managed VPC Lattice resources on your behalf */
+    AWSBedrockAgentCoreIdentityNetworkServiceRolePolicy(): aws_iam.IManagedPolicy;
     /** Use the AWSBillingConductorFullAccess managed policy to allow complete access to AWS Billing Conductor (ABC) console and APIs. This policy allows users to list, create and delete ABC resources. */
     AWSBillingConductorFullAccess(): aws_iam.IManagedPolicy;
     /** Use the AWSBillingConductorReadOnlyAccess managed policy to allow read only access to AWS Billing Conductor (ABC) console and APIs. This policy grants permission to view and list all ABC resources. It does not include the ability to create or delete resources. */