iamdata 0.1.202504261__py3-none-any.whl → 0.1.202511181__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (315) hide show
  1. iamdata/data/actions/access-analyzer.json +4 -1
  2. iamdata/data/actions/acm.json +23 -3
  3. iamdata/data/actions/action-recommendations.json +10 -0
  4. iamdata/data/actions/aiops.json +189 -1
  5. iamdata/data/actions/airflow-serverless.json +225 -0
  6. iamdata/data/actions/amplify.json +2 -12
  7. iamdata/data/actions/aoss.json +36 -4
  8. iamdata/data/actions/apigateway.json +104 -0
  9. iamdata/data/actions/app-integrations.json +108 -0
  10. iamdata/data/actions/application-signals.json +40 -0
  11. iamdata/data/actions/appstream.json +138 -103
  12. iamdata/data/actions/appsync.json +1 -1
  13. iamdata/data/actions/aps.json +309 -0
  14. iamdata/data/actions/arc-region-switch.json +334 -0
  15. iamdata/data/actions/arc-zonal-shift.json +53 -1
  16. iamdata/data/actions/artifact.json +0 -36
  17. iamdata/data/actions/athena.json +88 -1
  18. iamdata/data/actions/auditmanager.json +60 -7
  19. iamdata/data/actions/autoscaling.json +26 -3
  20. iamdata/data/actions/aws-marketplace.json +0 -32
  21. iamdata/data/actions/backup-search.json +1 -0
  22. iamdata/data/actions/backup.json +80 -0
  23. iamdata/data/actions/batch.json +183 -17
  24. iamdata/data/actions/bcm-dashboards.json +79 -0
  25. iamdata/data/actions/bcm-recommended-actions.json +10 -0
  26. iamdata/data/actions/bedrock-agentcore.json +1801 -0
  27. iamdata/data/actions/bedrock.json +814 -23
  28. iamdata/data/actions/billing.json +88 -5
  29. iamdata/data/actions/braket.json +2 -9
  30. iamdata/data/actions/budgets.json +6 -2
  31. iamdata/data/actions/cases.json +22 -2
  32. iamdata/data/actions/cassandra.json +67 -2
  33. iamdata/data/actions/ce.json +34 -0
  34. iamdata/data/actions/chatbot.json +87 -20
  35. iamdata/data/actions/cleanrooms-ml.json +11 -0
  36. iamdata/data/actions/cleanrooms.json +93 -0
  37. iamdata/data/actions/cloud9.json +4 -10
  38. iamdata/data/actions/cloudformation.json +22 -0
  39. iamdata/data/actions/cloudfront.json +457 -85
  40. iamdata/data/actions/cloudtrail.json +33 -0
  41. iamdata/data/actions/cloudwatch.json +8 -0
  42. iamdata/data/actions/codebuild.json +367 -12
  43. iamdata/data/actions/codepipeline.json +15 -0
  44. iamdata/data/actions/cognito-idp.json +83 -0
  45. iamdata/data/actions/connect-campaigns.json +16 -0
  46. iamdata/data/actions/connect.json +160 -2
  47. iamdata/data/actions/controlcatalog.json +8 -0
  48. iamdata/data/actions/cur.json +5 -1
  49. iamdata/data/actions/databrew.json +14 -7
  50. iamdata/data/actions/dataexchange.json +61 -9
  51. iamdata/data/actions/datazone.json +300 -6
  52. iamdata/data/actions/deadline.json +71 -16
  53. iamdata/data/actions/dms.json +40 -311
  54. iamdata/data/actions/ds.json +170 -0
  55. iamdata/data/actions/dsql.json +226 -22
  56. iamdata/data/actions/dynamodb.json +32 -0
  57. iamdata/data/actions/ec2.json +1466 -146
  58. iamdata/data/actions/ecs.json +59 -9
  59. iamdata/data/actions/eks-mcp.json +26 -0
  60. iamdata/data/actions/eks.json +100 -2
  61. iamdata/data/actions/elasticloadbalancing.json +9 -0
  62. iamdata/data/actions/elasticmapreduce.json +15 -0
  63. iamdata/data/actions/emr-containers.json +34 -1
  64. iamdata/data/actions/emr-serverless.json +16 -0
  65. iamdata/data/actions/entityresolution.json +16 -8
  66. iamdata/data/actions/es.json +60 -0
  67. iamdata/data/actions/events.json +40 -0
  68. iamdata/data/actions/evs.json +193 -0
  69. iamdata/data/actions/freetier.json +32 -0
  70. iamdata/data/actions/fsx.json +59 -6
  71. iamdata/data/actions/glacier.json +1 -4
  72. iamdata/data/actions/glue.json +228 -54
  73. iamdata/data/actions/groundstation.json +15 -0
  74. iamdata/data/actions/guardduty.json +199 -1
  75. iamdata/data/actions/healthlake.json +225 -0
  76. iamdata/data/actions/iam.json +13 -4
  77. iamdata/data/actions/identitystore.json +91 -19
  78. iamdata/data/actions/imagebuilder.json +198 -241
  79. iamdata/data/actions/inspector2.json +208 -12
  80. iamdata/data/actions/invoicing.json +28 -3
  81. iamdata/data/actions/iot.json +37 -5
  82. iamdata/data/actions/iotfleetwise.json +6 -63
  83. iamdata/data/actions/iotmanagedintegrations.json +507 -75
  84. iamdata/data/actions/iotsitewise.json +271 -0
  85. iamdata/data/actions/ivs.json +48 -0
  86. iamdata/data/actions/kafka.json +15 -0
  87. iamdata/data/actions/kinesis.json +163 -5
  88. iamdata/data/actions/kms.json +125 -2
  89. iamdata/data/actions/lambda.json +4 -2
  90. iamdata/data/actions/lex.json +42 -0
  91. iamdata/data/actions/license-manager.json +70 -8
  92. iamdata/data/actions/logs.json +8 -0
  93. iamdata/data/actions/mediaconnect.json +85 -26
  94. iamdata/data/actions/mediaconvert.json +15 -0
  95. iamdata/data/actions/medialive.json +26 -2
  96. iamdata/data/actions/medical-imaging.json +105 -0
  97. iamdata/data/actions/memorydb.json +18 -0
  98. iamdata/data/actions/mgn.json +20 -2
  99. iamdata/data/actions/mpa.json +313 -0
  100. iamdata/data/actions/mq.json +16 -0
  101. iamdata/data/actions/neptune-graph.json +37 -0
  102. iamdata/data/actions/network-firewall.json +236 -3
  103. iamdata/data/actions/network-security-director.json +74 -0
  104. iamdata/data/actions/notifications.json +62 -2
  105. iamdata/data/actions/observabilityadmin.json +330 -0
  106. iamdata/data/actions/odb.json +811 -0
  107. iamdata/data/actions/one.json +8 -0
  108. iamdata/data/actions/opensearch.json +1 -1
  109. iamdata/data/actions/organizations.json +39 -8
  110. iamdata/data/actions/osis.json +111 -0
  111. iamdata/data/actions/outposts.json +41 -3
  112. iamdata/data/actions/partnercentral.json +96 -32
  113. iamdata/data/actions/payment-cryptography.json +154 -11
  114. iamdata/data/actions/pcs.json +27 -1
  115. iamdata/data/actions/pi.json +6 -0
  116. iamdata/data/actions/profile.json +670 -20
  117. iamdata/data/actions/q.json +37 -0
  118. iamdata/data/actions/qapps.json +0 -78
  119. iamdata/data/actions/qbusiness.json +177 -46
  120. iamdata/data/actions/quicksight.json +484 -7
  121. iamdata/data/actions/rds.json +102 -45
  122. iamdata/data/actions/redshift-serverless.json +2 -2
  123. iamdata/data/actions/redshift.json +0 -6
  124. iamdata/data/actions/rekognition.json +1 -8
  125. iamdata/data/actions/repostspace.json +90 -0
  126. iamdata/data/actions/resiliencehub.json +19 -5
  127. iamdata/data/actions/resource-explorer-2.json +84 -2
  128. iamdata/data/actions/route53resolver.json +14 -2
  129. iamdata/data/actions/rtbfabric.json +481 -0
  130. iamdata/data/actions/s3.json +340 -143
  131. iamdata/data/actions/s3express.json +110 -6
  132. iamdata/data/actions/s3tables.json +85 -2
  133. iamdata/data/actions/s3vectors.json +242 -0
  134. iamdata/data/actions/sagemaker-mlflow.json +135 -0
  135. iamdata/data/actions/sagemaker-unified-studio-mcp.json +26 -0
  136. iamdata/data/actions/sagemaker.json +312 -11
  137. iamdata/data/actions/scn.json +151 -4
  138. iamdata/data/actions/security-ir.json +23 -8
  139. iamdata/data/actions/securityhub.json +360 -4
  140. iamdata/data/actions/securitylake.json +1 -0
  141. iamdata/data/actions/servicediscovery.json +140 -14
  142. iamdata/data/actions/servicequotas.json +40 -0
  143. iamdata/data/actions/ses.json +286 -2
  144. iamdata/data/actions/shield.json +47 -0
  145. iamdata/data/actions/snow-device-management.json +1 -0
  146. iamdata/data/actions/social-messaging.json +120 -0
  147. iamdata/data/actions/ssm-guiconnect.json +24 -0
  148. iamdata/data/actions/ssm-sap.json +51 -3
  149. iamdata/data/actions/ssm.json +63 -2
  150. iamdata/data/actions/sso-directory.json +108 -36
  151. iamdata/data/actions/sso-oauth.json +40 -2
  152. iamdata/data/actions/sso.json +369 -157
  153. iamdata/data/actions/sts.json +40 -0
  154. iamdata/data/actions/support-console.json +119 -0
  155. iamdata/data/actions/support.json +58 -0
  156. iamdata/data/actions/synthetics.json +18 -0
  157. iamdata/data/actions/tax.json +48 -0
  158. iamdata/data/actions/thinclient.json +1 -0
  159. iamdata/data/actions/transcribe.json +12 -0
  160. iamdata/data/actions/transfer.json +30 -14
  161. iamdata/data/actions/transform.json +185 -0
  162. iamdata/data/actions/user-subscriptions.json +8 -0
  163. iamdata/data/actions/uxc.json +26 -0
  164. iamdata/data/actions/verifiedpermissions.json +58 -2
  165. iamdata/data/actions/vpc-lattice-svcs.json +2 -0
  166. iamdata/data/actions/vpc-lattice.json +90 -0
  167. iamdata/data/actions/wisdom.json +31 -214
  168. iamdata/data/actions/workspaces-instances.json +186 -0
  169. iamdata/data/actions/workspaces-web.json +136 -8
  170. iamdata/data/actions/workspaces.json +98 -0
  171. iamdata/data/actions/xray.json +15 -5
  172. iamdata/data/conditionKeys/acm.json +5 -0
  173. iamdata/data/conditionKeys/airflow-serverless.json +17 -0
  174. iamdata/data/conditionKeys/apigateway.json +30 -0
  175. iamdata/data/conditionKeys/arc-region-switch.json +17 -0
  176. iamdata/data/conditionKeys/autoscaling.json +5 -0
  177. iamdata/data/conditionKeys/backup.json +6 -1
  178. iamdata/data/conditionKeys/bcm-dashboards.json +12 -0
  179. iamdata/data/conditionKeys/bedrock-agentcore.json +72 -0
  180. iamdata/data/conditionKeys/bedrock.json +10 -0
  181. iamdata/data/conditionKeys/chatbot.json +17 -1
  182. iamdata/data/conditionKeys/cloudformation.json +5 -0
  183. iamdata/data/conditionKeys/codebuild.json +550 -0
  184. iamdata/data/conditionKeys/connect.json +15 -0
  185. iamdata/data/conditionKeys/deadline.json +5 -0
  186. iamdata/data/conditionKeys/dsql.json +12 -2
  187. iamdata/data/conditionKeys/ebs.json +2 -2
  188. iamdata/data/conditionKeys/ec2.json +30 -15
  189. iamdata/data/conditionKeys/eks.json +5 -0
  190. iamdata/data/conditionKeys/events.json +1 -1
  191. iamdata/data/conditionKeys/evs.json +17 -0
  192. iamdata/data/conditionKeys/glacier.json +0 -10
  193. iamdata/data/conditionKeys/glue.json +10 -0
  194. iamdata/data/conditionKeys/iam.json +10 -0
  195. iamdata/data/conditionKeys/imagebuilder.json +2 -2
  196. iamdata/data/conditionKeys/iotmanagedintegrations.json +27 -1
  197. iamdata/data/conditionKeys/kinesis.json +15 -0
  198. iamdata/data/conditionKeys/kms.json +127 -7
  199. iamdata/data/conditionKeys/lambda.json +5 -0
  200. iamdata/data/conditionKeys/license-manager.json +5 -0
  201. iamdata/data/conditionKeys/mediaconnect.json +17 -1
  202. iamdata/data/conditionKeys/mpa.json +27 -0
  203. iamdata/data/conditionKeys/observabilityadmin.json +32 -1
  204. iamdata/data/conditionKeys/odb.json +17 -0
  205. iamdata/data/conditionKeys/quicksight.json +0 -5
  206. iamdata/data/conditionKeys/rds.json +5 -0
  207. iamdata/data/conditionKeys/route53.json +1 -1
  208. iamdata/data/conditionKeys/rtbfabric.json +47 -0
  209. iamdata/data/conditionKeys/s3.json +15 -0
  210. iamdata/data/conditionKeys/s3express.json +26 -1
  211. iamdata/data/conditionKeys/s3tables.json +20 -0
  212. iamdata/data/conditionKeys/s3vectors.json +12 -0
  213. iamdata/data/conditionKeys/sagemaker.json +25 -0
  214. iamdata/data/conditionKeys/savingsplans.json +1 -1
  215. iamdata/data/conditionKeys/secretsmanager.json +1 -1
  216. iamdata/data/conditionKeys/securityhub.json +5 -0
  217. iamdata/data/conditionKeys/servicediscovery.json +5 -0
  218. iamdata/data/conditionKeys/ses.json +5 -0
  219. iamdata/data/conditionKeys/ssm.json +15 -0
  220. iamdata/data/conditionKeys/sso.json +11 -1
  221. iamdata/data/conditionKeys/sts.json +10 -0
  222. iamdata/data/conditionKeys/transcribe.json +1 -1
  223. iamdata/data/conditionKeys/transfer.json +20 -0
  224. iamdata/data/conditionKeys/transform.json +12 -0
  225. iamdata/data/conditionKeys/uxc.json +1 -0
  226. iamdata/data/conditionKeys/verifiedpermissions.json +17 -1
  227. iamdata/data/conditionKeys/vpc-lattice-svcs.json +5 -0
  228. iamdata/data/conditionKeys/vpc-lattice.json +15 -0
  229. iamdata/data/conditionKeys/workspaces-instances.json +17 -0
  230. iamdata/data/conditionKeys/xray.json +15 -0
  231. iamdata/data/conditionPatterns.json +141 -0
  232. iamdata/data/metadata.json +2 -2
  233. iamdata/data/resourceTypes/action-recommendations.json +1 -0
  234. iamdata/data/resourceTypes/airflow-serverless.json +9 -0
  235. iamdata/data/resourceTypes/apigateway.json +12 -0
  236. iamdata/data/resourceTypes/aps.json +9 -0
  237. iamdata/data/resourceTypes/arc-region-switch.json +9 -0
  238. iamdata/data/resourceTypes/artifact.json +5 -5
  239. iamdata/data/resourceTypes/athena.json +7 -0
  240. iamdata/data/resourceTypes/auditmanager.json +8 -2
  241. iamdata/data/resourceTypes/backup-gateway.json +3 -3
  242. iamdata/data/resourceTypes/batch.json +14 -0
  243. iamdata/data/resourceTypes/bcm-dashboards.json +1 -0
  244. iamdata/data/resourceTypes/bcm-recommended-actions.json +1 -0
  245. iamdata/data/resourceTypes/bedrock-agentcore.json +87 -0
  246. iamdata/data/resourceTypes/bedrock.json +45 -3
  247. iamdata/data/resourceTypes/cassandra.json +7 -0
  248. iamdata/data/resourceTypes/chatbot.json +8 -2
  249. iamdata/data/resourceTypes/cloudformation.json +4 -0
  250. iamdata/data/resourceTypes/cloudfront.json +14 -0
  251. iamdata/data/resourceTypes/dataexchange.json +4 -1
  252. iamdata/data/resourceTypes/deadline.json +5 -1
  253. iamdata/data/resourceTypes/ec2.json +125 -6
  254. iamdata/data/resourceTypes/eks-mcp.json +1 -0
  255. iamdata/data/resourceTypes/eks.json +7 -0
  256. iamdata/data/resourceTypes/emr-containers.json +0 -4
  257. iamdata/data/resourceTypes/events.json +8 -0
  258. iamdata/data/resourceTypes/evs.json +9 -0
  259. iamdata/data/resourceTypes/guardduty.json +18 -1
  260. iamdata/data/resourceTypes/imagebuilder.json +12 -18
  261. iamdata/data/resourceTypes/inspector2.json +14 -0
  262. iamdata/data/resourceTypes/iotmanagedintegrations.json +31 -12
  263. iamdata/data/resourceTypes/iotsitewise.json +7 -0
  264. iamdata/data/resourceTypes/kinesis.json +4 -1
  265. iamdata/data/resourceTypes/license-manager.json +10 -2
  266. iamdata/data/resourceTypes/mediaconnect.json +16 -4
  267. iamdata/data/resourceTypes/mpa.json +23 -0
  268. iamdata/data/resourceTypes/network-firewall.json +7 -0
  269. iamdata/data/resourceTypes/network-security-director.json +1 -0
  270. iamdata/data/resourceTypes/observabilityadmin.json +23 -1
  271. iamdata/data/resourceTypes/odb.json +44 -0
  272. iamdata/data/resourceTypes/osis.json +7 -0
  273. iamdata/data/resourceTypes/partnercentral.json +8 -2
  274. iamdata/data/resourceTypes/pi.json +4 -1
  275. iamdata/data/resourceTypes/profile.json +21 -0
  276. iamdata/data/resourceTypes/qbusiness.json +7 -4
  277. iamdata/data/resourceTypes/quicksight.json +26 -1
  278. iamdata/data/resourceTypes/rds.json +4 -1
  279. iamdata/data/resourceTypes/redshift.json +1 -4
  280. iamdata/data/resourceTypes/route53resolver.json +7 -0
  281. iamdata/data/resourceTypes/rtbfabric.json +46 -0
  282. iamdata/data/resourceTypes/s3.json +19 -1
  283. iamdata/data/resourceTypes/s3express.json +10 -2
  284. iamdata/data/resourceTypes/s3tables.json +7 -1
  285. iamdata/data/resourceTypes/s3vectors.json +10 -0
  286. iamdata/data/resourceTypes/sagemaker-unified-studio-mcp.json +1 -0
  287. iamdata/data/resourceTypes/sagemaker.json +18 -3
  288. iamdata/data/resourceTypes/scn.json +19 -3
  289. iamdata/data/resourceTypes/securityhub.json +36 -2
  290. iamdata/data/resourceTypes/ses.json +11 -0
  291. iamdata/data/resourceTypes/sts.json +8 -0
  292. iamdata/data/resourceTypes/support-console.json +1 -0
  293. iamdata/data/resourceTypes/transform.json +10 -0
  294. iamdata/data/resourceTypes/uxc.json +1 -0
  295. iamdata/data/resourceTypes/verifiedpermissions.json +4 -1
  296. iamdata/data/resourceTypes/vpc-lattice.json +12 -0
  297. iamdata/data/resourceTypes/workspaces-instances.json +16 -0
  298. iamdata/data/resourceTypes/workspaces-web.json +7 -0
  299. iamdata/data/resourceTypes/workspaces.json +4 -0
  300. iamdata/data/serviceNames.json +23 -8
  301. iamdata/data/services.json +18 -3
  302. iamdata/data/unassociatedConditions.json +23 -0
  303. {iamdata-0.1.202504261.dist-info → iamdata-0.1.202511181.dist-info}/METADATA +1 -1
  304. {iamdata-0.1.202504261.dist-info → iamdata-0.1.202511181.dist-info}/RECORD +312 -265
  305. iamdata/data/actions/application-cost-profiler.json +0 -50
  306. iamdata/data/actions/sagemaker-groundtruth-synthetic.json +0 -110
  307. iamdata/data/actions/supportrecommendations.json +0 -20
  308. /iamdata/data/conditionKeys/{application-cost-profiler.json → action-recommendations.json} +0 -0
  309. /iamdata/data/conditionKeys/{sagemaker-groundtruth-synthetic.json → bcm-recommended-actions.json} +0 -0
  310. /iamdata/data/conditionKeys/{supportrecommendations.json → eks-mcp.json} +0 -0
  311. /iamdata/data/{resourceTypes/application-cost-profiler.json → conditionKeys/network-security-director.json} +0 -0
  312. /iamdata/data/{resourceTypes/sagemaker-groundtruth-synthetic.json → conditionKeys/sagemaker-unified-studio-mcp.json} +0 -0
  313. /iamdata/data/{resourceTypes/supportrecommendations.json → conditionKeys/support-console.json} +0 -0
  314. {iamdata-0.1.202504261.dist-info → iamdata-0.1.202511181.dist-info}/WHEEL +0 -0
  315. {iamdata-0.1.202504261.dist-info → iamdata-0.1.202511181.dist-info}/licenses/LICENSE.txt +0 -0
iamdata/data/actions/ec2.json CHANGED
@@ -63,7 +63,21 @@
63
63
  "name": "AcceptReservedInstancesExchangeQuote",
64
64
  "description": "Grants permission to accept a Convertible Reserved Instance exchange quote",
65
65
  "accessLevel": "Write",
66
- "resourceTypes": [],
66
+ "resourceTypes": [
67
+ {
68
+ "name": "reserved-instances",
69
+ "required": true,
70
+ "conditionKeys": [
71
+ "aws:ResourceTag/${TagKey}",
72
+ "ec2:AvailabilityZone",
73
+ "ec2:InstanceType",
74
+ "ec2:ReservedInstancesOfferingType",
75
+ "ec2:ResourceTag/${TagKey}",
76
+ "ec2:Tenancy"
77
+ ],
78
+ "dependentActions": []
79
+ }
80
+ ],
67
81
  "conditionKeys": [
68
82
  "ec2:Region"
69
83
  ],
@@ -153,8 +167,8 @@
153
167
  "conditionKeys": [
154
168
  "aws:ResourceTag/${TagKey}",
155
169
  "ec2:ResourceTag/${TagKey}",
156
- "ec2:vpceMultiRegion",
157
- "ec2:vpceSupportedRegion"
170
+ "ec2:VpceMultiRegion",
171
+ "ec2:VpceSupportedRegion"
158
172
  ],
159
173
  "dependentActions": []
160
174
  }
@@ -436,6 +450,7 @@
436
450
  "conditionKeys": [
437
451
  "aws:ResourceTag/${TagKey}",
438
452
  "ec2:AvailabilityZone",
453
+ "ec2:AvailabilityZoneId",
439
454
  "ec2:CpuOptionsAmdSevSnp",
440
455
  "ec2:EbsOptimized",
441
456
  "ec2:InstanceAutoRecovery",
@@ -537,6 +552,7 @@
537
552
  "required": true,
538
553
  "conditionKeys": [
539
554
  "aws:ResourceTag/${TagKey}",
555
+ "ec2:AvailabilityZoneId",
540
556
  "ec2:ResourceTag/${TagKey}",
541
557
  "ec2:SubnetID"
542
558
  ],
@@ -614,6 +630,7 @@
614
630
  "conditionKeys": [
615
631
  "aws:ResourceTag/${TagKey}",
616
632
  "ec2:AvailabilityZone",
633
+ "ec2:AvailabilityZoneId",
617
634
  "ec2:CpuOptionsAmdSevSnp",
618
635
  "ec2:EbsOptimized",
619
636
  "ec2:InstanceAutoRecovery",
@@ -746,6 +763,39 @@
746
763
  ],
747
764
  "dependentActions": []
748
765
  },
766
+ "associaterouteserver": {
767
+ "name": "AssociateRouteServer",
768
+ "description": "Grants permission to associate a route server with a VPC",
769
+ "accessLevel": "Write",
770
+ "resourceTypes": [
771
+ {
772
+ "name": "route-server",
773
+ "required": true,
774
+ "conditionKeys": [
775
+ "aws:ResourceTag/${TagKey}",
776
+ "ec2:ResourceTag/${TagKey}"
777
+ ],
778
+ "dependentActions": []
779
+ },
780
+ {
781
+ "name": "vpc",
782
+ "required": true,
783
+ "conditionKeys": [
784
+ "aws:ResourceTag/${TagKey}",
785
+ "ec2:Ipv4IpamPoolId",
786
+ "ec2:Ipv6IpamPoolId",
787
+ "ec2:ResourceTag/${TagKey}",
788
+ "ec2:Tenancy",
789
+ "ec2:VpcID"
790
+ ],
791
+ "dependentActions": []
792
+ }
793
+ ],
794
+ "conditionKeys": [
795
+ "ec2:Region"
796
+ ],
797
+ "dependentActions": []
798
+ },
749
799
  "associateroutetable": {
750
800
  "name": "AssociateRouteTable",
751
801
  "description": "Grants permission to associate a subnet or gateway with a route table",
@@ -772,12 +822,22 @@
772
822
  ],
773
823
  "dependentActions": []
774
824
  },
825
+ {
826
+ "name": "ipv4pool-ec2",
827
+ "required": false,
828
+ "conditionKeys": [
829
+ "aws:ResourceTag/${TagKey}",
830
+ "ec2:ResourceTag/${TagKey}"
831
+ ],
832
+ "dependentActions": []
833
+ },
775
834
  {
776
835
  "name": "subnet",
777
836
  "required": false,
778
837
  "conditionKeys": [
779
838
  "aws:ResourceTag/${TagKey}",
780
839
  "ec2:AvailabilityZone",
840
+ "ec2:AvailabilityZoneId",
781
841
  "ec2:ResourceTag/${TagKey}",
782
842
  "ec2:SubnetID",
783
843
  "ec2:Vpc"
@@ -845,6 +905,8 @@
845
905
  "conditionKeys": [
846
906
  "aws:ResourceTag/${TagKey}",
847
907
  "ec2:AvailabilityZone",
908
+ "ec2:AvailabilityZoneId",
909
+ "ec2:Ipv6IpamPoolId",
848
910
  "ec2:ResourceTag/${TagKey}",
849
911
  "ec2:SubnetID",
850
912
  "ec2:Vpc"
@@ -877,6 +939,7 @@
877
939
  "conditionKeys": [
878
940
  "aws:ResourceTag/${TagKey}",
879
941
  "ec2:AvailabilityZone",
942
+ "ec2:AvailabilityZoneId",
880
943
  "ec2:ResourceTag/${TagKey}",
881
944
  "ec2:SubnetID",
882
945
  "ec2:Vpc"
@@ -1055,6 +1118,7 @@
1055
1118
  "conditionKeys": [
1056
1119
  "aws:ResourceTag/${TagKey}",
1057
1120
  "ec2:AvailabilityZone",
1121
+ "ec2:AvailabilityZoneId",
1058
1122
  "ec2:CpuOptionsAmdSevSnp",
1059
1123
  "ec2:EbsOptimized",
1060
1124
  "ec2:InstanceAutoRecovery",
@@ -1146,6 +1210,7 @@
1146
1210
  "conditionKeys": [
1147
1211
  "aws:ResourceTag/${TagKey}",
1148
1212
  "ec2:AvailabilityZone",
1213
+ "ec2:AvailabilityZoneId",
1149
1214
  "ec2:CpuOptionsAmdSevSnp",
1150
1215
  "ec2:EbsOptimized",
1151
1216
  "ec2:InstanceAutoRecovery",
@@ -1227,6 +1292,7 @@
1227
1292
  "conditionKeys": [
1228
1293
  "aws:ResourceTag/${TagKey}",
1229
1294
  "ec2:AvailabilityZone",
1295
+ "ec2:AvailabilityZoneId",
1230
1296
  "ec2:CpuOptionsAmdSevSnp",
1231
1297
  "ec2:EbsOptimized",
1232
1298
  "ec2:InstanceAutoRecovery",
@@ -1254,11 +1320,14 @@
1254
1320
  "conditionKeys": [
1255
1321
  "aws:ResourceTag/${TagKey}",
1256
1322
  "ec2:AvailabilityZone",
1323
+ "ec2:AvailabilityZoneId",
1257
1324
  "ec2:Encrypted",
1258
1325
  "ec2:ManagedResourceOperator",
1259
1326
  "ec2:ParentSnapshot",
1327
+ "ec2:ParentVolume",
1260
1328
  "ec2:ResourceTag/${TagKey}",
1261
1329
  "ec2:VolumeID",
1330
+ "ec2:VolumeInitializationRate",
1262
1331
  "ec2:VolumeIops",
1263
1332
  "ec2:VolumeSize",
1264
1333
  "ec2:VolumeThroughput",
@@ -1519,7 +1588,7 @@
1519
1588
  "cancelimagelaunchpermission": {
1520
1589
  "name": "CancelImageLaunchPermission",
1521
1590
  "description": "Grants permission to remove your AWS account from the launch permissions for the specified AMI",
1522
- "accessLevel": "Write",
1591
+ "accessLevel": "Permissions management",
1523
1592
  "resourceTypes": [
1524
1593
  {
1525
1594
  "name": "image",
@@ -1684,7 +1753,7 @@
1684
1753
  },
1685
1754
  "copysnapshot": {
1686
1755
  "name": "CopySnapshot",
1687
- "description": "Grants permission to copy a point-in-time snapshot of an EBS volume and store it in Amazon S3. Resource-level permissions specified for this action apply to the new snapshot only. They do not apply to the source snapshot",
1756
+ "description": "Grants permission to copy a point-in-time snapshot of an EBS volume and store it in Amazon S3. Resource-level permissions specified for this action apply to both the snapshot copy and the source snapshot",
1688
1757
  "accessLevel": "Write",
1689
1758
  "resourceTypes": [
1690
1759
  {
@@ -1693,8 +1762,70 @@
1693
1762
  "conditionKeys": [
1694
1763
  "aws:RequestTag/${TagKey}",
1695
1764
  "aws:TagKeys",
1765
+ "ec2:Encrypted",
1696
1766
  "ec2:OutpostArn",
1697
- "ec2:SnapshotID"
1767
+ "ec2:Owner",
1768
+ "ec2:ParentSnapshot",
1769
+ "ec2:ParentVolume",
1770
+ "ec2:ProductCode",
1771
+ "ec2:SnapshotID",
1772
+ "ec2:SnapshotTime",
1773
+ "ec2:VolumeSize"
1774
+ ],
1775
+ "dependentActions": [
1776
+ "ec2:CreateTags"
1777
+ ]
1778
+ }
1779
+ ],
1780
+ "conditionKeys": [
1781
+ "ec2:Region"
1782
+ ],
1783
+ "dependentActions": []
1784
+ },
1785
+ "copyvolumes": {
1786
+ "name": "CopyVolumes",
1787
+ "description": "Grants permission to create a copy of an EBS volume. Resource-level permissions specified for this action apply to the source and copied volume. Condition keys for the copied volume correspond to parameters specified in the CopyVolumes API request",
1788
+ "accessLevel": "Write",
1789
+ "resourceTypes": [
1790
+ {
1791
+ "name": "volume",
1792
+ "required": true,
1793
+ "conditionKeys": [
1794
+ "aws:RequestTag/${TagKey}",
1795
+ "aws:TagKeys",
1796
+ "ec2:AvailabilityZone",
1797
+ "ec2:AvailabilityZoneId",
1798
+ "ec2:Encrypted",
1799
+ "ec2:ManagedResourceOperator",
1800
+ "ec2:ParentSnapshot",
1801
+ "ec2:ParentVolume",
1802
+ "ec2:VolumeInitializationRate",
1803
+ "ec2:VolumeIops",
1804
+ "ec2:VolumeSize",
1805
+ "ec2:VolumeThroughput",
1806
+ "ec2:VolumeType"
1807
+ ],
1808
+ "dependentActions": [
1809
+ "ec2:CreateTags"
1810
+ ]
1811
+ }
1812
+ ],
1813
+ "conditionKeys": [
1814
+ "ec2:Region"
1815
+ ],
1816
+ "dependentActions": []
1817
+ },
1818
+ "createcapacitymanagerdataexport": {
1819
+ "name": "CreateCapacityManagerDataExport",
1820
+ "description": "Grants permission to create a new S3 Data Export for Capacity Manager",
1821
+ "accessLevel": "Write",
1822
+ "resourceTypes": [
1823
+ {
1824
+ "name": "capacity-manager-data-export",
1825
+ "required": true,
1826
+ "conditionKeys": [
1827
+ "aws:RequestTag/${TagKey}",
1828
+ "aws:TagKeys"
1698
1829
  ],
1699
1830
  "dependentActions": [
1700
1831
  "ec2:CreateTags"
@@ -1717,7 +1848,20 @@
1717
1848
  "conditionKeys": [
1718
1849
  "aws:RequestTag/${TagKey}",
1719
1850
  "aws:TagKeys",
1720
- "ec2:CapacityReservationFleet"
1851
+ "ec2:AvailabilityZone",
1852
+ "ec2:AvailabilityZoneId",
1853
+ "ec2:CapacityReservationFleet",
1854
+ "ec2:EbsOptimized",
1855
+ "ec2:EndDate",
1856
+ "ec2:EndDateType",
1857
+ "ec2:EphemeralStorage",
1858
+ "ec2:InstanceCount",
1859
+ "ec2:InstanceMatchCriteria",
1860
+ "ec2:InstancePlatform",
1861
+ "ec2:InstanceType",
1862
+ "ec2:OutpostArn",
1863
+ "ec2:PlacementGroup",
1864
+ "ec2:Tenancy"
1721
1865
  ],
1722
1866
  "dependentActions": [
1723
1867
  "ec2:CreateTags"
@@ -1897,6 +2041,7 @@
1897
2041
  "required": true,
1898
2042
  "conditionKeys": [
1899
2043
  "aws:ResourceTag/${TagKey}",
2044
+ "ec2:AvailabilityZoneId",
1900
2045
  "ec2:ResourceTag/${TagKey}",
1901
2046
  "ec2:SubnetID"
1902
2047
  ],
@@ -1963,7 +2108,7 @@
1963
2108
  "name": "CreateCoipPoolPermission",
1964
2109
  "isPermissionOnly": true,
1965
2110
  "description": "Grants permission to allow a service to access a customer-owned IP (CoIP) pool",
1966
- "accessLevel": "Write",
2111
+ "accessLevel": "Permissions management",
1967
2112
  "resourceTypes": [
1968
2113
  {
1969
2114
  "name": "coip-pool",
@@ -2022,6 +2167,51 @@
2022
2167
  ],
2023
2168
  "dependentActions": []
2024
2169
  },
2170
+ "createdelegatemacvolumeownershiptask": {
2171
+ "name": "CreateDelegateMacVolumeOwnershipTask",
2172
+ "description": "Grants permission to create a volume ownership delegation task for an Apple silicon Mac instance",
2173
+ "accessLevel": "Write",
2174
+ "resourceTypes": [
2175
+ {
2176
+ "name": "instance",
2177
+ "required": true,
2178
+ "conditionKeys": [
2179
+ "aws:ResourceTag/${TagKey}",
2180
+ "ec2:AvailabilityZone",
2181
+ "ec2:AvailabilityZoneId",
2182
+ "ec2:EbsOptimized",
2183
+ "ec2:InstanceAutoRecovery",
2184
+ "ec2:InstanceBandwidthWeighting",
2185
+ "ec2:InstanceMarketType",
2186
+ "ec2:InstanceMetadataTags",
2187
+ "ec2:InstanceProfile",
2188
+ "ec2:InstanceType",
2189
+ "ec2:MetadataHttpEndpoint",
2190
+ "ec2:MetadataHttpPutResponseHopLimit",
2191
+ "ec2:MetadataHttpTokens",
2192
+ "ec2:ResourceTag/${TagKey}",
2193
+ "ec2:RootDeviceType",
2194
+ "ec2:Tenancy"
2195
+ ],
2196
+ "dependentActions": [
2197
+ "ec2:CreateTags"
2198
+ ]
2199
+ },
2200
+ {
2201
+ "name": "mac-modification-task",
2202
+ "required": true,
2203
+ "conditionKeys": [
2204
+ "aws:RequestTag/${TagKey}",
2205
+ "aws:TagKeys"
2206
+ ],
2207
+ "dependentActions": []
2208
+ }
2209
+ ],
2210
+ "conditionKeys": [
2211
+ "ec2:Region"
2212
+ ],
2213
+ "dependentActions": []
2214
+ },
2025
2215
  "createdhcpoptions": {
2026
2216
  "name": "CreateDhcpOptions",
2027
2217
  "description": "Grants permission to create a set of DHCP options for a VPC",
@@ -2101,6 +2291,7 @@
2101
2291
  "aws:RequestTag/${TagKey}",
2102
2292
  "aws:TagKeys",
2103
2293
  "ec2:AvailabilityZone",
2294
+ "ec2:AvailabilityZoneId",
2104
2295
  "ec2:CpuOptionsAmdSevSnp",
2105
2296
  "ec2:EbsOptimized",
2106
2297
  "ec2:InstanceBandwidthWeighting",
@@ -2153,6 +2344,7 @@
2153
2344
  "conditionKeys": [
2154
2345
  "aws:ResourceTag/${TagKey}",
2155
2346
  "ec2:AvailabilityZone",
2347
+ "ec2:AvailabilityZoneId",
2156
2348
  "ec2:ResourceTag/${TagKey}",
2157
2349
  "ec2:SubnetID",
2158
2350
  "ec2:Vpc"
@@ -2166,6 +2358,7 @@
2166
2358
  "aws:RequestTag/${TagKey}",
2167
2359
  "aws:TagKeys",
2168
2360
  "ec2:AvailabilityZone",
2361
+ "ec2:AvailabilityZoneId",
2169
2362
  "ec2:Encrypted",
2170
2363
  "ec2:KmsKeyId",
2171
2364
  "ec2:ParentSnapshot",
@@ -2293,7 +2486,7 @@
2293
2486
  },
2294
2487
  "createimage": {
2295
2488
  "name": "CreateImage",
2296
- "description": "Grants permission to create an Amazon EBS-backed AMI from a stopped or running Amazon EBS-backed instance",
2489
+ "description": "Grants permission to create an Amazon EBS-backed AMI from a stopped or running Amazon EBS-backed instance. This action can reboot instances as part of the image creation process, even without RebootInstances permissions. To prevent instance reboots during image creation, use the NoReboot parameter",
2297
2490
  "accessLevel": "Write",
2298
2491
  "resourceTypes": [
2299
2492
  {
@@ -2315,6 +2508,7 @@
2315
2508
  "conditionKeys": [
2316
2509
  "aws:ResourceTag/${TagKey}",
2317
2510
  "ec2:AvailabilityZone",
2511
+ "ec2:AvailabilityZoneId",
2318
2512
  "ec2:CpuOptionsAmdSevSnp",
2319
2513
  "ec2:EbsOptimized",
2320
2514
  "ec2:InstanceAutoRecovery",
@@ -2324,6 +2518,7 @@
2324
2518
  "ec2:InstanceMetadataTags",
2325
2519
  "ec2:InstanceProfile",
2326
2520
  "ec2:InstanceType",
2521
+ "ec2:ManagedResourceOperator",
2327
2522
  "ec2:MetadataHttpEndpoint",
2328
2523
  "ec2:MetadataHttpPutResponseHopLimit",
2329
2524
  "ec2:MetadataHttpTokens",
@@ -2356,6 +2551,42 @@
2356
2551
  ],
2357
2552
  "dependentActions": []
2358
2553
  },
2554
+ "createimageusagereport": {
2555
+ "name": "CreateImageUsageReport",
2556
+ "description": "Grants permission to create an AMI usage report",
2557
+ "accessLevel": "Write",
2558
+ "resourceTypes": [
2559
+ {
2560
+ "name": "image",
2561
+ "required": true,
2562
+ "conditionKeys": [
2563
+ "aws:ResourceTag/${TagKey}",
2564
+ "ec2:ImageID",
2565
+ "ec2:ImageType",
2566
+ "ec2:Owner",
2567
+ "ec2:Public",
2568
+ "ec2:ResourceTag/${TagKey}",
2569
+ "ec2:RootDeviceType"
2570
+ ],
2571
+ "dependentActions": [
2572
+ "ec2:CreateTags"
2573
+ ]
2574
+ },
2575
+ {
2576
+ "name": "image-usage-report",
2577
+ "required": true,
2578
+ "conditionKeys": [
2579
+ "aws:RequestTag/${TagKey}",
2580
+ "aws:TagKeys"
2581
+ ],
2582
+ "dependentActions": []
2583
+ }
2584
+ ],
2585
+ "conditionKeys": [
2586
+ "ec2:Region"
2587
+ ],
2588
+ "dependentActions": []
2589
+ },
2359
2590
  "createinstanceconnectendpoint": {
2360
2591
  "name": "CreateInstanceConnectEndpoint",
2361
2592
  "description": "Grants permission to create an EC2 Instance Connect Endpoint that allows you to connect to an instance without a public IPv4 address",
@@ -2379,6 +2610,7 @@
2379
2610
  "conditionKeys": [
2380
2611
  "aws:ResourceTag/${TagKey}",
2381
2612
  "ec2:AvailabilityZone",
2613
+ "ec2:AvailabilityZoneId",
2382
2614
  "ec2:ResourceTag/${TagKey}",
2383
2615
  "ec2:SubnetID",
2384
2616
  "ec2:Vpc"
@@ -2446,6 +2678,7 @@
2446
2678
  "conditionKeys": [
2447
2679
  "aws:ResourceTag/${TagKey}",
2448
2680
  "ec2:AvailabilityZone",
2681
+ "ec2:AvailabilityZoneId",
2449
2682
  "ec2:CpuOptionsAmdSevSnp",
2450
2683
  "ec2:EbsOptimized",
2451
2684
  "ec2:InstanceAutoRecovery",
@@ -2455,6 +2688,7 @@
2455
2688
  "ec2:InstanceMetadataTags",
2456
2689
  "ec2:InstanceProfile",
2457
2690
  "ec2:InstanceType",
2691
+ "ec2:ManagedResourceOperator",
2458
2692
  "ec2:MetadataHttpEndpoint",
2459
2693
  "ec2:MetadataHttpPutResponseHopLimit",
2460
2694
  "ec2:MetadataHttpTokens",
@@ -2689,6 +2923,7 @@
2689
2923
  "required": true,
2690
2924
  "conditionKeys": [
2691
2925
  "aws:ResourceTag/${TagKey}",
2926
+ "ec2:ManagedResourceOperator",
2692
2927
  "ec2:ResourceTag/${TagKey}"
2693
2928
  ],
2694
2929
  "dependentActions": [
@@ -2787,7 +3022,7 @@
2787
3022
  "name": "CreateLocalGatewayRouteTablePermission",
2788
3023
  "isPermissionOnly": true,
2789
3024
  "description": "Grants permission to allow a service to access a local gateway route table",
2790
- "accessLevel": "Write",
3025
+ "accessLevel": "Permissions management",
2791
3026
  "resourceTypes": [
2792
3027
  {
2793
3028
  "name": "local-gateway-route-table",
@@ -2886,6 +3121,122 @@
2886
3121
  ],
2887
3122
  "dependentActions": []
2888
3123
  },
3124
+ "createlocalgatewayvirtualinterface": {
3125
+ "name": "CreateLocalGatewayVirtualInterface",
3126
+ "description": "Grants permission to create a local gateway virtual interface",
3127
+ "accessLevel": "Write",
3128
+ "resourceTypes": [
3129
+ {
3130
+ "name": "local-gateway-virtual-interface",
3131
+ "required": true,
3132
+ "conditionKeys": [
3133
+ "aws:RequestTag/${TagKey}",
3134
+ "aws:TagKeys"
3135
+ ],
3136
+ "dependentActions": [
3137
+ "ec2:CreateTags"
3138
+ ]
3139
+ },
3140
+ {
3141
+ "name": "local-gateway-virtual-interface-group",
3142
+ "required": true,
3143
+ "conditionKeys": [
3144
+ "aws:ResourceTag/${TagKey}",
3145
+ "ec2:ResourceTag/${TagKey}"
3146
+ ],
3147
+ "dependentActions": []
3148
+ },
3149
+ {
3150
+ "name": "outpost-lag",
3151
+ "required": true,
3152
+ "conditionKeys": [
3153
+ "aws:ResourceTag/${TagKey}",
3154
+ "ec2:ResourceTag/${TagKey}"
3155
+ ],
3156
+ "dependentActions": []
3157
+ }
3158
+ ],
3159
+ "conditionKeys": [
3160
+ "ec2:Region"
3161
+ ],
3162
+ "dependentActions": []
3163
+ },
3164
+ "createlocalgatewayvirtualinterfacegroup": {
3165
+ "name": "CreateLocalGatewayVirtualInterfaceGroup",
3166
+ "description": "Grants permission to create a local gateway virtual interface group",
3167
+ "accessLevel": "Write",
3168
+ "resourceTypes": [
3169
+ {
3170
+ "name": "local-gateway",
3171
+ "required": true,
3172
+ "conditionKeys": [
3173
+ "aws:ResourceTag/${TagKey}",
3174
+ "ec2:ResourceTag/${TagKey}"
3175
+ ],
3176
+ "dependentActions": [
3177
+ "ec2:CreateTags"
3178
+ ]
3179
+ },
3180
+ {
3181
+ "name": "local-gateway-virtual-interface-group",
3182
+ "required": true,
3183
+ "conditionKeys": [
3184
+ "aws:RequestTag/${TagKey}",
3185
+ "aws:TagKeys"
3186
+ ],
3187
+ "dependentActions": []
3188
+ }
3189
+ ],
3190
+ "conditionKeys": [
3191
+ "ec2:Region"
3192
+ ],
3193
+ "dependentActions": []
3194
+ },
3195
+ "createmacsystemintegrityprotectionmodificationtask": {
3196
+ "name": "CreateMacSystemIntegrityProtectionModificationTask",
3197
+ "description": "Grants permission to create a System Integrity Protection (SIP) modification task for an Amazon EC2 Mac instance",
3198
+ "accessLevel": "Write",
3199
+ "resourceTypes": [
3200
+ {
3201
+ "name": "instance",
3202
+ "required": true,
3203
+ "conditionKeys": [
3204
+ "aws:ResourceTag/${TagKey}",
3205
+ "ec2:AvailabilityZone",
3206
+ "ec2:AvailabilityZoneId",
3207
+ "ec2:EbsOptimized",
3208
+ "ec2:InstanceAutoRecovery",
3209
+ "ec2:InstanceBandwidthWeighting",
3210
+ "ec2:InstanceMarketType",
3211
+ "ec2:InstanceMetadataTags",
3212
+ "ec2:InstanceProfile",
3213
+ "ec2:InstanceType",
3214
+ "ec2:MetadataHttpEndpoint",
3215
+ "ec2:MetadataHttpPutResponseHopLimit",
3216
+ "ec2:MetadataHttpTokens",
3217
+ "ec2:ResourceTag/${TagKey}",
3218
+ "ec2:RootDeviceType",
3219
+ "ec2:Tenancy"
3220
+ ],
3221
+ "dependentActions": [
3222
+ "ec2:CreateTags"
3223
+ ]
3224
+ },
3225
+ {
3226
+ "name": "mac-modification-task",
3227
+ "required": true,
3228
+ "conditionKeys": [
3229
+ "aws:RequestTag/${TagKey}",
3230
+ "aws:TagKeys"
3231
+ ],
3232
+ "dependentActions": []
3233
+ }
3234
+ ],
3235
+ "conditionKeys": [
3236
+ "ec2:Region"
3237
+ ],
3238
+ "dependentActions": []
3239
+ },
2889
3240
  "createmanagedprefixlist": {
2890
3241
  "name": "CreateManagedPrefixList",
2891
3242
  "description": "Grants permission to create a managed prefix list",
@@ -2930,6 +3281,7 @@
2930
3281
  "conditionKeys": [
2931
3282
  "aws:ResourceTag/${TagKey}",
2932
3283
  "ec2:AvailabilityZone",
3284
+ "ec2:AvailabilityZoneId",
2933
3285
  "ec2:ResourceTag/${TagKey}",
2934
3286
  "ec2:SubnetID",
2935
3287
  "ec2:Vpc"
@@ -3054,6 +3406,7 @@
3054
3406
  "conditionKeys": [
3055
3407
  "aws:ResourceTag/${TagKey}",
3056
3408
  "ec2:AvailabilityZone",
3409
+ "ec2:AvailabilityZoneId",
3057
3410
  "ec2:CpuOptionsAmdSevSnp",
3058
3411
  "ec2:EbsOptimized",
3059
3412
  "ec2:InstanceAutoRecovery",
@@ -3175,6 +3528,7 @@
3175
3528
  "conditionKeys": [
3176
3529
  "aws:ResourceTag/${TagKey}",
3177
3530
  "ec2:AvailabilityZone",
3531
+ "ec2:AvailabilityZoneId",
3178
3532
  "ec2:ResourceTag/${TagKey}",
3179
3533
  "ec2:SubnetID",
3180
3534
  "ec2:Vpc"
@@ -3211,6 +3565,7 @@
3211
3565
  "ec2:AuthorizedService",
3212
3566
  "ec2:AuthorizedUser",
3213
3567
  "ec2:AvailabilityZone",
3568
+ "ec2:ManagedResourceOperator",
3214
3569
  "ec2:NetworkInterfaceID",
3215
3570
  "ec2:Permission",
3216
3571
  "ec2:ResourceTag/${TagKey}",
@@ -3282,6 +3637,7 @@
3282
3637
  "conditionKeys": [
3283
3638
  "aws:ResourceTag/${TagKey}",
3284
3639
  "ec2:AvailabilityZone",
3640
+ "ec2:AvailabilityZoneId",
3285
3641
  "ec2:CpuOptionsAmdSevSnp",
3286
3642
  "ec2:EbsOptimized",
3287
3643
  "ec2:InstanceAutoRecovery",
@@ -3291,6 +3647,7 @@
3291
3647
  "ec2:InstanceMetadataTags",
3292
3648
  "ec2:InstanceProfile",
3293
3649
  "ec2:InstanceType",
3650
+ "ec2:ManagedResourceOperator",
3294
3651
  "ec2:MetadataHttpEndpoint",
3295
3652
  "ec2:MetadataHttpPutResponseHopLimit",
3296
3653
  "ec2:MetadataHttpTokens",
@@ -3319,7 +3676,8 @@
3319
3676
  "conditionKeys": [
3320
3677
  "aws:RequestTag/${TagKey}",
3321
3678
  "aws:TagKeys",
3322
- "ec2:VolumeID"
3679
+ "ec2:VolumeID",
3680
+ "ec2:VolumeInitializationRate"
3323
3681
  ],
3324
3682
  "dependentActions": []
3325
3683
  },
@@ -3413,6 +3771,113 @@
3413
3771
  ],
3414
3772
  "dependentActions": []
3415
3773
  },
3774
+ "createrouteserver": {
3775
+ "name": "CreateRouteServer",
3776
+ "description": "Grants permission to create a route server",
3777
+ "accessLevel": "Write",
3778
+ "resourceTypes": [
3779
+ {
3780
+ "name": "route-server",
3781
+ "required": true,
3782
+ "conditionKeys": [
3783
+ "aws:RequestTag/${TagKey}",
3784
+ "aws:TagKeys"
3785
+ ],
3786
+ "dependentActions": [
3787
+ "ec2:CreateTags",
3788
+ "sns:CreateTopic"
3789
+ ]
3790
+ }
3791
+ ],
3792
+ "conditionKeys": [
3793
+ "ec2:Region"
3794
+ ],
3795
+ "dependentActions": []
3796
+ },
3797
+ "createrouteserverendpoint": {
3798
+ "name": "CreateRouteServerEndpoint",
3799
+ "description": "Grants permission to create a route server endpoint",
3800
+ "accessLevel": "Write",
3801
+ "resourceTypes": [
3802
+ {
3803
+ "name": "route-server",
3804
+ "required": true,
3805
+ "conditionKeys": [
3806
+ "aws:ResourceTag/${TagKey}",
3807
+ "ec2:ResourceTag/${TagKey}"
3808
+ ],
3809
+ "dependentActions": [
3810
+ "ec2:AuthorizeSecurityGroupIngress",
3811
+ "ec2:CreateNetworkInterface",
3812
+ "ec2:CreateNetworkInterfacePermission",
3813
+ "ec2:CreateSecurityGroup",
3814
+ "ec2:CreateTags",
3815
+ "ec2:DescribeSecurityGroups"
3816
+ ]
3817
+ },
3818
+ {
3819
+ "name": "route-server-endpoint",
3820
+ "required": true,
3821
+ "conditionKeys": [
3822
+ "aws:RequestTag/${TagKey}",
3823
+ "aws:TagKeys",
3824
+ "ec2:AvailabilityZone"
3825
+ ],
3826
+ "dependentActions": []
3827
+ },
3828
+ {
3829
+ "name": "subnet",
3830
+ "required": true,
3831
+ "conditionKeys": [
3832
+ "aws:ResourceTag/${TagKey}",
3833
+ "ec2:AvailabilityZone",
3834
+ "ec2:AvailabilityZoneId",
3835
+ "ec2:ResourceTag/${TagKey}",
3836
+ "ec2:SubnetID",
3837
+ "ec2:Vpc"
3838
+ ],
3839
+ "dependentActions": []
3840
+ }
3841
+ ],
3842
+ "conditionKeys": [
3843
+ "ec2:Region"
3844
+ ],
3845
+ "dependentActions": []
3846
+ },
3847
+ "createrouteserverpeer": {
3848
+ "name": "CreateRouteServerPeer",
3849
+ "description": "Grants permission to create a route server peer",
3850
+ "accessLevel": "Write",
3851
+ "resourceTypes": [
3852
+ {
3853
+ "name": "route-server-endpoint",
3854
+ "required": true,
3855
+ "conditionKeys": [
3856
+ "aws:ResourceTag/${TagKey}",
3857
+ "ec2:AvailabilityZone",
3858
+ "ec2:ResourceTag/${TagKey}"
3859
+ ],
3860
+ "dependentActions": [
3861
+ "ec2:AuthorizeSecurityGroupIngress",
3862
+ "ec2:CreateTags"
3863
+ ]
3864
+ },
3865
+ {
3866
+ "name": "route-server-peer",
3867
+ "required": true,
3868
+ "conditionKeys": [
3869
+ "aws:RequestTag/${TagKey}",
3870
+ "aws:TagKeys",
3871
+ "ec2:AvailabilityZone"
3872
+ ],
3873
+ "dependentActions": []
3874
+ }
3875
+ ],
3876
+ "conditionKeys": [
3877
+ "ec2:Region"
3878
+ ],
3879
+ "dependentActions": []
3880
+ },
3416
3881
  "createroutetable": {
3417
3882
  "name": "CreateRouteTable",
3418
3883
  "description": "Grants permission to create a route table for a VPC",
@@ -3509,9 +3974,13 @@
3509
3974
  "required": true,
3510
3975
  "conditionKeys": [
3511
3976
  "aws:ResourceTag/${TagKey}",
3977
+ "ec2:AvailabilityZoneId",
3512
3978
  "ec2:Encrypted",
3979
+ "ec2:ManagedResourceOperator",
3980
+ "ec2:ParentVolume",
3513
3981
  "ec2:ResourceTag/${TagKey}",
3514
3982
  "ec2:VolumeID",
3983
+ "ec2:VolumeInitializationRate",
3515
3984
  "ec2:VolumeIops",
3516
3985
  "ec2:VolumeSize",
3517
3986
  "ec2:VolumeThroughput",
@@ -3575,6 +4044,7 @@
3575
4044
  "ec2:Encrypted",
3576
4045
  "ec2:ResourceTag/${TagKey}",
3577
4046
  "ec2:VolumeID",
4047
+ "ec2:VolumeInitializationRate",
3578
4048
  "ec2:VolumeIops",
3579
4049
  "ec2:VolumeSize",
3580
4050
  "ec2:VolumeThroughput",
@@ -3634,6 +4104,8 @@
3634
4104
  "conditionKeys": [
3635
4105
  "aws:RequestTag/${TagKey}",
3636
4106
  "aws:TagKeys",
4107
+ "ec2:Ipv4IpamPoolId",
4108
+ "ec2:Ipv6IpamPoolId",
3637
4109
  "ec2:SubnetID"
3638
4110
  ],
3639
4111
  "dependentActions": [
@@ -3670,7 +4142,23 @@
3670
4142
  "name": "CreateSubnetCidrReservation",
3671
4143
  "description": "Grants permission to create a subnet CIDR reservation",
3672
4144
  "accessLevel": "Write",
3673
- "resourceTypes": [],
4145
+ "resourceTypes": [
4146
+ {
4147
+ "name": "subnet",
4148
+ "required": true,
4149
+ "conditionKeys": [
4150
+ "aws:ResourceTag/${TagKey}",
4151
+ "ec2:AvailabilityZone",
4152
+ "ec2:AvailabilityZoneId",
4153
+ "ec2:ResourceTag/${TagKey}",
4154
+ "ec2:SubnetID",
4155
+ "ec2:Vpc"
4156
+ ],
4157
+ "dependentActions": [
4158
+ "ec2:CreateTags"
4159
+ ]
4160
+ }
4161
+ ],
3674
4162
  "conditionKeys": [
3675
4163
  "ec2:Region"
3676
4164
  ],
@@ -3681,6 +4169,28 @@
3681
4169
  "description": "Grants permission to add or overwrite one or more tags for Amazon EC2 resources",
3682
4170
  "accessLevel": "Tagging",
3683
4171
  "resourceTypes": [
4172
+ {
4173
+ "name": "capacity-block",
4174
+ "required": false,
4175
+ "conditionKeys": [
4176
+ "aws:RequestTag/${TagKey}",
4177
+ "aws:ResourceTag/${TagKey}",
4178
+ "aws:TagKeys",
4179
+ "ec2:ResourceTag/${TagKey}"
4180
+ ],
4181
+ "dependentActions": []
4182
+ },
4183
+ {
4184
+ "name": "capacity-manager-data-export",
4185
+ "required": false,
4186
+ "conditionKeys": [
4187
+ "aws:RequestTag/${TagKey}",
4188
+ "aws:ResourceTag/${TagKey}",
4189
+ "aws:TagKeys",
4190
+ "ec2:ResourceTag/${TagKey}"
4191
+ ],
4192
+ "dependentActions": []
4193
+ },
3684
4194
  {
3685
4195
  "name": "capacity-reservation",
3686
4196
  "required": false,
@@ -3903,6 +4413,17 @@
3903
4413
  ],
3904
4414
  "dependentActions": []
3905
4415
  },
4416
+ {
4417
+ "name": "image-usage-report",
4418
+ "required": false,
4419
+ "conditionKeys": [
4420
+ "aws:RequestTag/${TagKey}",
4421
+ "aws:ResourceTag/${TagKey}",
4422
+ "aws:TagKeys",
4423
+ "ec2:ResourceTag/${TagKey}"
4424
+ ],
4425
+ "dependentActions": []
4426
+ },
3906
4427
  {
3907
4428
  "name": "import-image-task",
3908
4429
  "required": false,
@@ -3933,6 +4454,7 @@
3933
4454
  "aws:ResourceTag/${TagKey}",
3934
4455
  "aws:TagKeys",
3935
4456
  "ec2:AvailabilityZone",
4457
+ "ec2:AvailabilityZoneId",
3936
4458
  "ec2:CpuOptionsAmdSevSnp",
3937
4459
  "ec2:EbsOptimized",
3938
4460
  "ec2:InstanceAutoRecovery",
@@ -3942,6 +4464,7 @@
3942
4464
  "ec2:InstanceMetadataTags",
3943
4465
  "ec2:InstanceProfile",
3944
4466
  "ec2:InstanceType",
4467
+ "ec2:ManagedResourceOperator",
3945
4468
  "ec2:MetadataHttpEndpoint",
3946
4469
  "ec2:MetadataHttpPutResponseHopLimit",
3947
4470
  "ec2:MetadataHttpTokens",
@@ -4096,6 +4619,7 @@
4096
4619
  "aws:RequestTag/${TagKey}",
4097
4620
  "aws:ResourceTag/${TagKey}",
4098
4621
  "aws:TagKeys",
4622
+ "ec2:ManagedResourceOperator",
4099
4623
  "ec2:ResourceTag/${TagKey}"
4100
4624
  ],
4101
4625
  "dependentActions": []
@@ -4243,6 +4767,7 @@
4243
4767
  "aws:TagKeys",
4244
4768
  "ec2:AuthorizedUser",
4245
4769
  "ec2:AvailabilityZone",
4770
+ "ec2:ManagedResourceOperator",
4246
4771
  "ec2:NetworkInterfaceID",
4247
4772
  "ec2:Permission",
4248
4773
  "ec2:ResourceTag/${TagKey}",
@@ -4301,6 +4826,39 @@
4301
4826
  ],
4302
4827
  "dependentActions": []
4303
4828
  },
4829
+ {
4830
+ "name": "route-server",
4831
+ "required": false,
4832
+ "conditionKeys": [
4833
+ "aws:RequestTag/${TagKey}",
4834
+ "aws:ResourceTag/${TagKey}",
4835
+ "aws:TagKeys",
4836
+ "ec2:ResourceTag/${TagKey}"
4837
+ ],
4838
+ "dependentActions": []
4839
+ },
4840
+ {
4841
+ "name": "route-server-endpoint",
4842
+ "required": false,
4843
+ "conditionKeys": [
4844
+ "aws:RequestTag/${TagKey}",
4845
+ "aws:ResourceTag/${TagKey}",
4846
+ "aws:TagKeys",
4847
+ "ec2:ResourceTag/${TagKey}"
4848
+ ],
4849
+ "dependentActions": []
4850
+ },
4851
+ {
4852
+ "name": "route-server-peer",
4853
+ "required": false,
4854
+ "conditionKeys": [
4855
+ "aws:RequestTag/${TagKey}",
4856
+ "aws:ResourceTag/${TagKey}",
4857
+ "aws:TagKeys",
4858
+ "ec2:ResourceTag/${TagKey}"
4859
+ ],
4860
+ "dependentActions": []
4861
+ },
4304
4862
  {
4305
4863
  "name": "route-table",
4306
4864
  "required": false,
@@ -4385,6 +4943,7 @@
4385
4943
  "aws:ResourceTag/${TagKey}",
4386
4944
  "aws:TagKeys",
4387
4945
  "ec2:AvailabilityZone",
4946
+ "ec2:AvailabilityZoneId",
4388
4947
  "ec2:ResourceTag/${TagKey}",
4389
4948
  "ec2:SubnetID",
4390
4949
  "ec2:Vpc"
@@ -4604,10 +5163,14 @@
4604
5163
  "aws:ResourceTag/${TagKey}",
4605
5164
  "aws:TagKeys",
4606
5165
  "ec2:AvailabilityZone",
5166
+ "ec2:AvailabilityZoneId",
4607
5167
  "ec2:Encrypted",
5168
+ "ec2:ManagedResourceOperator",
4608
5169
  "ec2:ParentSnapshot",
5170
+ "ec2:ParentVolume",
4609
5171
  "ec2:ResourceTag/${TagKey}",
4610
5172
  "ec2:VolumeID",
5173
+ "ec2:VolumeInitializationRate",
4611
5174
  "ec2:VolumeIops",
4612
5175
  "ec2:VolumeSize",
4613
5176
  "ec2:VolumeThroughput",
@@ -4669,9 +5232,9 @@
4669
5232
  "aws:ResourceTag/${TagKey}",
4670
5233
  "aws:TagKeys",
4671
5234
  "ec2:ResourceTag/${TagKey}",
4672
- "ec2:vpceMultiRegion",
4673
- "ec2:vpceServiceRegion",
4674
- "ec2:vpceSupportedRegion"
5235
+ "ec2:VpceMultiRegion",
5236
+ "ec2:VpceServiceRegion",
5237
+ "ec2:VpceSupportedRegion"
4675
5238
  ],
4676
5239
  "dependentActions": []
4677
5240
  },
@@ -4822,6 +5385,7 @@
4822
5385
  "conditionKeys": [
4823
5386
  "aws:ResourceTag/${TagKey}",
4824
5387
  "ec2:AvailabilityZone",
5388
+ "ec2:ManagedResourceOperator",
4825
5389
  "ec2:NetworkInterfaceID",
4826
5390
  "ec2:ResourceTag/${TagKey}",
4827
5391
  "ec2:Subnet",
@@ -5345,6 +5909,7 @@
5345
5909
  "conditionKeys": [
5346
5910
  "aws:ResourceTag/${TagKey}",
5347
5911
  "ec2:AvailabilityZone",
5912
+ "ec2:AvailabilityZoneId",
5348
5913
  "ec2:ResourceTag/${TagKey}",
5349
5914
  "ec2:SubnetID",
5350
5915
  "ec2:Vpc"
@@ -5444,10 +6009,12 @@
5444
6009
  "aws:RequestTag/${TagKey}",
5445
6010
  "aws:TagKeys",
5446
6011
  "ec2:AvailabilityZone",
6012
+ "ec2:AvailabilityZoneId",
5447
6013
  "ec2:Encrypted",
5448
6014
  "ec2:KmsKeyId",
5449
6015
  "ec2:ParentSnapshot",
5450
6016
  "ec2:VolumeID",
6017
+ "ec2:VolumeInitializationRate",
5451
6018
  "ec2:VolumeIops",
5452
6019
  "ec2:VolumeSize",
5453
6020
  "ec2:VolumeThroughput",
@@ -5542,6 +6109,7 @@
5542
6109
  "conditionKeys": [
5543
6110
  "aws:ResourceTag/${TagKey}",
5544
6111
  "ec2:AvailabilityZone",
6112
+ "ec2:AvailabilityZoneId",
5545
6113
  "ec2:ResourceTag/${TagKey}",
5546
6114
  "ec2:SubnetID",
5547
6115
  "ec2:Vpc"
@@ -5582,6 +6150,9 @@
5582
6150
  ],
5583
6151
  "dependentActions": [
5584
6152
  "ec2:CreateTags",
6153
+ "ec2:DescribeSecurityGroups",
6154
+ "ec2:DescribeSubnets",
6155
+ "ec2:DescribeVpcs",
5585
6156
  "route53:AssociateVPCWithHostedZone"
5586
6157
  ]
5587
6158
  },
@@ -5591,8 +6162,10 @@
5591
6162
  "conditionKeys": [
5592
6163
  "aws:RequestTag/${TagKey}",
5593
6164
  "aws:TagKeys",
6165
+ "ec2:VpceMultiRegion",
5594
6166
  "ec2:VpceServiceName",
5595
- "ec2:VpceServiceOwner"
6167
+ "ec2:VpceServiceOwner",
6168
+ "ec2:VpceServiceRegion"
5596
6169
  ],
5597
6170
  "dependentActions": []
5598
6171
  },
@@ -5652,8 +6225,8 @@
5652
6225
  "conditionKeys": [
5653
6226
  "aws:ResourceTag/${TagKey}",
5654
6227
  "ec2:ResourceTag/${TagKey}",
5655
- "ec2:vpceMultiRegion",
5656
- "ec2:vpceServiceRegion"
6228
+ "ec2:VpceMultiRegion",
6229
+ "ec2:VpceServiceRegion"
5657
6230
  ],
5658
6231
  "dependentActions": []
5659
6232
  }
@@ -5674,9 +6247,9 @@
5674
6247
  "conditionKeys": [
5675
6248
  "aws:RequestTag/${TagKey}",
5676
6249
  "aws:TagKeys",
6250
+ "ec2:VpceMultiRegion",
5677
6251
  "ec2:VpceServicePrivateDnsName",
5678
- "ec2:vpceMultiRegion",
5679
- "ec2:vpceServiceRegion"
6252
+ "ec2:VpceServiceRegion"
5680
6253
  ],
5681
6254
  "dependentActions": [
5682
6255
  "ec2:CreateTags"
@@ -5844,6 +6417,26 @@
5844
6417
  ],
5845
6418
  "dependentActions": []
5846
6419
  },
6420
+ "deletecapacitymanagerdataexport": {
6421
+ "name": "DeleteCapacityManagerDataExport",
6422
+ "description": "Grants permission to delete an existing Capacity Manager data export configuration",
6423
+ "accessLevel": "Write",
6424
+ "resourceTypes": [
6425
+ {
6426
+ "name": "capacity-manager-data-export",
6427
+ "required": true,
6428
+ "conditionKeys": [
6429
+ "aws:ResourceTag/${TagKey}",
6430
+ "ec2:ResourceTag/${TagKey}"
6431
+ ],
6432
+ "dependentActions": []
6433
+ }
6434
+ ],
6435
+ "conditionKeys": [
6436
+ "ec2:Region"
6437
+ ],
6438
+ "dependentActions": []
6439
+ },
5847
6440
  "deletecarriergateway": {
5848
6441
  "name": "DeleteCarrierGateway",
5849
6442
  "description": "Grants permission to delete a carrier gateway",
@@ -5916,6 +6509,7 @@
5916
6509
  "conditionKeys": [
5917
6510
  "aws:ResourceTag/${TagKey}",
5918
6511
  "ec2:AvailabilityZone",
6512
+ "ec2:AvailabilityZoneId",
5919
6513
  "ec2:ResourceTag/${TagKey}",
5920
6514
  "ec2:SubnetID",
5921
6515
  "ec2:Vpc"
@@ -5972,7 +6566,7 @@
5972
6566
  "name": "DeleteCoipPoolPermission",
5973
6567
  "isPermissionOnly": true,
5974
6568
  "description": "Grants permission to deny a service from accessing a customer-owned IP (CoIP) pool",
5975
- "accessLevel": "Write",
6569
+ "accessLevel": "Permissions management",
5976
6570
  "resourceTypes": [
5977
6571
  {
5978
6572
  "name": "coip-pool",
@@ -6112,6 +6706,26 @@
6112
6706
  ],
6113
6707
  "dependentActions": []
6114
6708
  },
6709
+ "deleteimageusagereport": {
6710
+ "name": "DeleteImageUsageReport",
6711
+ "description": "Grants permission to delete an AMI usage report",
6712
+ "accessLevel": "Write",
6713
+ "resourceTypes": [
6714
+ {
6715
+ "name": "image-usage-report",
6716
+ "required": true,
6717
+ "conditionKeys": [
6718
+ "aws:ResourceTag/${TagKey}",
6719
+ "ec2:ResourceTag/${TagKey}"
6720
+ ],
6721
+ "dependentActions": []
6722
+ }
6723
+ ],
6724
+ "conditionKeys": [
6725
+ "ec2:Region"
6726
+ ],
6727
+ "dependentActions": []
6728
+ },
6115
6729
  "deleteinstanceconnectendpoint": {
6116
6730
  "name": "DeleteInstanceConnectEndpoint",
6117
6731
  "description": "Grants permission to delete an EC2 Instance Connect Endpoint",
@@ -6391,7 +7005,7 @@
6391
7005
  "name": "DeleteLocalGatewayRouteTablePermission",
6392
7006
  "isPermissionOnly": true,
6393
7007
  "description": "Grants permission to deny a service from accessing a local gateway route table",
6394
- "accessLevel": "Write",
7008
+ "accessLevel": "Permissions management",
6395
7009
  "resourceTypes": [
6396
7010
  {
6397
7011
  "name": "local-gateway-route-table",
@@ -6448,6 +7062,46 @@
6448
7062
  ],
6449
7063
  "dependentActions": []
6450
7064
  },
7065
+ "deletelocalgatewayvirtualinterface": {
7066
+ "name": "DeleteLocalGatewayVirtualInterface",
7067
+ "description": "Grants permission to delete a local gateway virtual interface",
7068
+ "accessLevel": "Write",
7069
+ "resourceTypes": [
7070
+ {
7071
+ "name": "local-gateway-virtual-interface",
7072
+ "required": true,
7073
+ "conditionKeys": [
7074
+ "aws:ResourceTag/${TagKey}",
7075
+ "ec2:ResourceTag/${TagKey}"
7076
+ ],
7077
+ "dependentActions": []
7078
+ }
7079
+ ],
7080
+ "conditionKeys": [
7081
+ "ec2:Region"
7082
+ ],
7083
+ "dependentActions": []
7084
+ },
7085
+ "deletelocalgatewayvirtualinterfacegroup": {
7086
+ "name": "DeleteLocalGatewayVirtualInterfaceGroup",
7087
+ "description": "Grants permission to delete a local gateway virtual interface group",
7088
+ "accessLevel": "Write",
7089
+ "resourceTypes": [
7090
+ {
7091
+ "name": "local-gateway-virtual-interface-group",
7092
+ "required": true,
7093
+ "conditionKeys": [
7094
+ "aws:ResourceTag/${TagKey}",
7095
+ "ec2:ResourceTag/${TagKey}"
7096
+ ],
7097
+ "dependentActions": []
7098
+ }
7099
+ ],
7100
+ "conditionKeys": [
7101
+ "ec2:Region"
7102
+ ],
7103
+ "dependentActions": []
7104
+ },
6451
7105
  "deletemanagedprefixlist": {
6452
7106
  "name": "DeleteManagedPrefixList",
6453
7107
  "description": "Grants permission to delete a managed prefix list",
@@ -6708,7 +7362,20 @@
6708
7362
  "name": "DeleteQueuedReservedInstances",
6709
7363
  "description": "Grants permission to delete the queued purchases for the specified Reserved Instances",
6710
7364
  "accessLevel": "Write",
6711
- "resourceTypes": [],
7365
+ "resourceTypes": [
7366
+ {
7367
+ "name": "reserved-instances",
7368
+ "required": true,
7369
+ "conditionKeys": [
7370
+ "aws:ResourceTag/${TagKey}",
7371
+ "ec2:InstanceType",
7372
+ "ec2:ReservedInstancesOfferingType",
7373
+ "ec2:ResourceTag/${TagKey}",
7374
+ "ec2:Tenancy"
7375
+ ],
7376
+ "dependentActions": []
7377
+ }
7378
+ ],
6712
7379
  "conditionKeys": [
6713
7380
  "ec2:Region"
6714
7381
  ],
@@ -6718,7 +7385,7 @@
6718
7385
  "name": "DeleteResourcePolicy",
6719
7386
  "isPermissionOnly": true,
6720
7387
  "description": "Grants permission to remove an IAM policy that enables cross-account sharing from a resource",
6721
- "accessLevel": "Write",
7388
+ "accessLevel": "Permissions management",
6722
7389
  "resourceTypes": [
6723
7390
  {
6724
7391
  "name": "ipam-pool",
@@ -6777,6 +7444,76 @@
6777
7444
  ],
6778
7445
  "dependentActions": []
6779
7446
  },
7447
+ "deleterouteserver": {
7448
+ "name": "DeleteRouteServer",
7449
+ "description": "Grants permission to delete a route server",
7450
+ "accessLevel": "Write",
7451
+ "resourceTypes": [
7452
+ {
7453
+ "name": "route-server",
7454
+ "required": true,
7455
+ "conditionKeys": [
7456
+ "aws:ResourceTag/${TagKey}",
7457
+ "ec2:ResourceTag/${TagKey}"
7458
+ ],
7459
+ "dependentActions": [
7460
+ "sns:DeleteTopic"
7461
+ ]
7462
+ }
7463
+ ],
7464
+ "conditionKeys": [
7465
+ "ec2:Region"
7466
+ ],
7467
+ "dependentActions": []
7468
+ },
7469
+ "deleterouteserverendpoint": {
7470
+ "name": "DeleteRouteServerEndpoint",
7471
+ "description": "Grants permission to delete a route server endpoint",
7472
+ "accessLevel": "Write",
7473
+ "resourceTypes": [
7474
+ {
7475
+ "name": "route-server-endpoint",
7476
+ "required": true,
7477
+ "conditionKeys": [
7478
+ "aws:ResourceTag/${TagKey}",
7479
+ "ec2:AvailabilityZone",
7480
+ "ec2:ResourceTag/${TagKey}"
7481
+ ],
7482
+ "dependentActions": [
7483
+ "ec2:DeleteNetworkInterface",
7484
+ "ec2:DeleteSecurityGroup",
7485
+ "ec2:RevokeSecurityGroupIngress"
7486
+ ]
7487
+ }
7488
+ ],
7489
+ "conditionKeys": [
7490
+ "ec2:Region"
7491
+ ],
7492
+ "dependentActions": []
7493
+ },
7494
+ "deleterouteserverpeer": {
7495
+ "name": "DeleteRouteServerPeer",
7496
+ "description": "Grants permission to delete a route server peer",
7497
+ "accessLevel": "Write",
7498
+ "resourceTypes": [
7499
+ {
7500
+ "name": "route-server-peer",
7501
+ "required": true,
7502
+ "conditionKeys": [
7503
+ "aws:ResourceTag/${TagKey}",
7504
+ "ec2:AvailabilityZone",
7505
+ "ec2:ResourceTag/${TagKey}"
7506
+ ],
7507
+ "dependentActions": [
7508
+ "ec2:RevokeSecurityGroupIngress"
7509
+ ]
7510
+ }
7511
+ ],
7512
+ "conditionKeys": [
7513
+ "ec2:Region"
7514
+ ],
7515
+ "dependentActions": []
7516
+ },
6780
7517
  "deleteroutetable": {
6781
7518
  "name": "DeleteRouteTable",
6782
7519
  "description": "Grants permission to delete a route table",
@@ -6869,6 +7606,7 @@
6869
7606
  "conditionKeys": [
6870
7607
  "aws:ResourceTag/${TagKey}",
6871
7608
  "ec2:AvailabilityZone",
7609
+ "ec2:AvailabilityZoneId",
6872
7610
  "ec2:ResourceTag/${TagKey}",
6873
7611
  "ec2:SubnetID",
6874
7612
  "ec2:Vpc"
@@ -6896,6 +7634,28 @@
6896
7634
  "description": "Grants permission to delete one or more tags from Amazon EC2 resources",
6897
7635
  "accessLevel": "Tagging",
6898
7636
  "resourceTypes": [
7637
+ {
7638
+ "name": "capacity-block",
7639
+ "required": false,
7640
+ "conditionKeys": [
7641
+ "aws:RequestTag/${TagKey}",
7642
+ "aws:ResourceTag/${TagKey}",
7643
+ "aws:TagKeys",
7644
+ "ec2:ResourceTag/${TagKey}"
7645
+ ],
7646
+ "dependentActions": []
7647
+ },
7648
+ {
7649
+ "name": "capacity-manager-data-export",
7650
+ "required": false,
7651
+ "conditionKeys": [
7652
+ "aws:RequestTag/${TagKey}",
7653
+ "aws:ResourceTag/${TagKey}",
7654
+ "aws:TagKeys",
7655
+ "ec2:ResourceTag/${TagKey}"
7656
+ ],
7657
+ "dependentActions": []
7658
+ },
6899
7659
  {
6900
7660
  "name": "capacity-reservation",
6901
7661
  "required": false,
@@ -7094,6 +7854,17 @@
7094
7854
  ],
7095
7855
  "dependentActions": []
7096
7856
  },
7857
+ {
7858
+ "name": "image-usage-report",
7859
+ "required": false,
7860
+ "conditionKeys": [
7861
+ "aws:RequestTag/${TagKey}",
7862
+ "aws:ResourceTag/${TagKey}",
7863
+ "aws:TagKeys",
7864
+ "ec2:ResourceTag/${TagKey}"
7865
+ ],
7866
+ "dependentActions": []
7867
+ },
7097
7868
  {
7098
7869
  "name": "import-image-task",
7099
7870
  "required": false,
@@ -7457,6 +8228,39 @@
7457
8228
  ],
7458
8229
  "dependentActions": []
7459
8230
  },
8231
+ {
8232
+ "name": "route-server",
8233
+ "required": false,
8234
+ "conditionKeys": [
8235
+ "aws:RequestTag/${TagKey}",
8236
+ "aws:ResourceTag/${TagKey}",
8237
+ "aws:TagKeys",
8238
+ "ec2:ResourceTag/${TagKey}"
8239
+ ],
8240
+ "dependentActions": []
8241
+ },
8242
+ {
8243
+ "name": "route-server-endpoint",
8244
+ "required": false,
8245
+ "conditionKeys": [
8246
+ "aws:RequestTag/${TagKey}",
8247
+ "aws:ResourceTag/${TagKey}",
8248
+ "aws:TagKeys",
8249
+ "ec2:ResourceTag/${TagKey}"
8250
+ ],
8251
+ "dependentActions": []
8252
+ },
8253
+ {
8254
+ "name": "route-server-peer",
8255
+ "required": false,
8256
+ "conditionKeys": [
8257
+ "aws:RequestTag/${TagKey}",
8258
+ "aws:ResourceTag/${TagKey}",
8259
+ "aws:TagKeys",
8260
+ "ec2:ResourceTag/${TagKey}"
8261
+ ],
8262
+ "dependentActions": []
8263
+ },
7460
8264
  {
7461
8265
  "name": "route-table",
7462
8266
  "required": false,
@@ -8280,11 +9084,14 @@
8280
9084
  "conditionKeys": [
8281
9085
  "aws:ResourceTag/${TagKey}",
8282
9086
  "ec2:AvailabilityZone",
9087
+ "ec2:AvailabilityZoneId",
8283
9088
  "ec2:Encrypted",
8284
9089
  "ec2:ManagedResourceOperator",
8285
9090
  "ec2:ParentSnapshot",
9091
+ "ec2:ParentVolume",
8286
9092
  "ec2:ResourceTag/${TagKey}",
8287
9093
  "ec2:VolumeID",
9094
+ "ec2:VolumeInitializationRate",
8288
9095
  "ec2:VolumeIops",
8289
9096
  "ec2:VolumeSize",
8290
9097
  "ec2:VolumeThroughput",
@@ -8360,8 +9167,8 @@
8360
9167
  "conditionKeys": [
8361
9168
  "aws:ResourceTag/${TagKey}",
8362
9169
  "ec2:ResourceTag/${TagKey}",
8363
- "ec2:vpceMultiRegion",
8364
- "ec2:vpceSupportedRegion"
9170
+ "ec2:VpceMultiRegion",
9171
+ "ec2:VpceSupportedRegion"
8365
9172
  ],
8366
9173
  "dependentActions": []
8367
9174
  }
@@ -8382,8 +9189,8 @@
8382
9189
  "conditionKeys": [
8383
9190
  "aws:ResourceTag/${TagKey}",
8384
9191
  "ec2:ResourceTag/${TagKey}",
8385
- "ec2:vpceMultiRegion",
8386
- "ec2:vpceSupportedRegion"
9192
+ "ec2:VpceMultiRegion",
9193
+ "ec2:VpceSupportedRegion"
8387
9194
  ],
8388
9195
  "dependentActions": []
8389
9196
  }
@@ -8404,7 +9211,9 @@
8404
9211
  "conditionKeys": [
8405
9212
  "aws:ResourceTag/${TagKey}",
8406
9213
  "ec2:ResourceTag/${TagKey}",
8407
- "ec2:VpceServiceName"
9214
+ "ec2:VpceMultiRegion",
9215
+ "ec2:VpceServiceName",
9216
+ "ec2:VpceServiceRegion"
8408
9217
  ],
8409
9218
  "dependentActions": []
8410
9219
  }
@@ -8742,56 +9551,31 @@
8742
9551
  ],
8743
9552
  "dependentActions": []
8744
9553
  },
8745
- "describebundletasks": {
8746
- "name": "DescribeBundleTasks",
8747
- "description": "Grants permission to describe one or more bundling tasks",
8748
- "accessLevel": "List",
8749
- "resourceTypes": [],
8750
- "conditionKeys": [
8751
- "ec2:Region"
8752
- ],
8753
- "dependentActions": []
8754
- },
8755
- "describebyoipcidrs": {
8756
- "name": "DescribeByoipCidrs",
8757
- "description": "Grants permission to describe the IP address ranges that were provisioned through bring your own IP addresses (BYOIP)",
8758
- "accessLevel": "List",
8759
- "resourceTypes": [],
8760
- "conditionKeys": [
8761
- "ec2:Region"
8762
- ],
8763
- "dependentActions": []
8764
- },
8765
- "describecapacityblockextensionhistory": {
8766
- "name": "DescribeCapacityBlockExtensionHistory",
8767
- "description": "Grants permission to describe Capacity Block extensions history",
8768
- "accessLevel": "List",
8769
- "resourceTypes": [
8770
- {
8771
- "name": "capacity-reservation",
8772
- "required": false,
8773
- "conditionKeys": [
8774
- "aws:ResourceTag/${TagKey}",
8775
- "ec2:AvailabilityZone",
8776
- "ec2:CapacityReservationFleet",
8777
- "ec2:CreateDate",
8778
- "ec2:DestinationCapacityReservationId",
8779
- "ec2:EbsOptimized",
8780
- "ec2:EndDate",
8781
- "ec2:EndDateType",
8782
- "ec2:InstanceCount",
8783
- "ec2:InstanceMatchCriteria",
8784
- "ec2:InstancePlatform",
8785
- "ec2:InstanceType",
8786
- "ec2:OutpostArn",
8787
- "ec2:PlacementGroup",
8788
- "ec2:ResourceTag/${TagKey}",
8789
- "ec2:SourceCapacityReservationId",
8790
- "ec2:Tenancy"
8791
- ],
8792
- "dependentActions": []
8793
- }
9554
+ "describebundletasks": {
9555
+ "name": "DescribeBundleTasks",
9556
+ "description": "Grants permission to describe one or more bundling tasks",
9557
+ "accessLevel": "List",
9558
+ "resourceTypes": [],
9559
+ "conditionKeys": [
9560
+ "ec2:Region"
9561
+ ],
9562
+ "dependentActions": []
9563
+ },
9564
+ "describebyoipcidrs": {
9565
+ "name": "DescribeByoipCidrs",
9566
+ "description": "Grants permission to describe the IP address ranges that were provisioned through bring your own IP addresses (BYOIP)",
9567
+ "accessLevel": "List",
9568
+ "resourceTypes": [],
9569
+ "conditionKeys": [
9570
+ "ec2:Region"
8794
9571
  ],
9572
+ "dependentActions": []
9573
+ },
9574
+ "describecapacityblockextensionhistory": {
9575
+ "name": "DescribeCapacityBlockExtensionHistory",
9576
+ "description": "Grants permission to describe Capacity Block extensions history",
9577
+ "accessLevel": "List",
9578
+ "resourceTypes": [],
8795
9579
  "conditionKeys": [
8796
9580
  "ec2:Region"
8797
9581
  ],
@@ -8842,6 +9626,36 @@
8842
9626
  ],
8843
9627
  "dependentActions": []
8844
9628
  },
9629
+ "describecapacityblockstatus": {
9630
+ "name": "DescribeCapacityBlockStatus",
9631
+ "description": "Grants permission to describe the availability of capacity for the specified Capacity blocks, or all of your Capacity Blocks",
9632
+ "accessLevel": "List",
9633
+ "resourceTypes": [],
9634
+ "conditionKeys": [
9635
+ "ec2:Region"
9636
+ ],
9637
+ "dependentActions": []
9638
+ },
9639
+ "describecapacityblocks": {
9640
+ "name": "DescribeCapacityBlocks",
9641
+ "description": "Grants permission to describe details about Capacity Blocks in the AWS Region that you're currently using",
9642
+ "accessLevel": "List",
9643
+ "resourceTypes": [],
9644
+ "conditionKeys": [
9645
+ "ec2:Region"
9646
+ ],
9647
+ "dependentActions": []
9648
+ },
9649
+ "describecapacitymanagerdataexports": {
9650
+ "name": "DescribeCapacityManagerDataExports",
9651
+ "description": "Grants permission to describe one or more Capacity Manager data export configurations",
9652
+ "accessLevel": "List",
9653
+ "resourceTypes": [],
9654
+ "conditionKeys": [
9655
+ "ec2:Region"
9656
+ ],
9657
+ "dependentActions": []
9658
+ },
8845
9659
  "describecapacityreservationbillingrequests": {
8846
9660
  "name": "DescribeCapacityReservationBillingRequests",
8847
9661
  "description": "Grants permission to describe one or more requests to assign the billing of the unused capacity of a Capacity Reservation",
@@ -8942,23 +9756,7 @@
8942
9756
  "name": "DescribeClientVpnEndpoints",
8943
9757
  "description": "Grants permission to describe one or more Client VPN endpoints",
8944
9758
  "accessLevel": "List",
8945
- "resourceTypes": [
8946
- {
8947
- "name": "client-vpn-endpoint",
8948
- "required": false,
8949
- "conditionKeys": [
8950
- "aws:ResourceTag/${TagKey}",
8951
- "ec2:ClientRootCertificateChainArn",
8952
- "ec2:CloudwatchLogGroupArn",
8953
- "ec2:CloudwatchLogStreamArn",
8954
- "ec2:DirectoryArn",
8955
- "ec2:ResourceTag/${TagKey}",
8956
- "ec2:SamlProviderArn",
8957
- "ec2:ServerCertificateArn"
8958
- ],
8959
- "dependentActions": []
8960
- }
8961
- ],
9759
+ "resourceTypes": [],
8962
9760
  "conditionKeys": [
8963
9761
  "ec2:Region"
8964
9762
  ],
@@ -9302,6 +10100,36 @@
9302
10100
  ],
9303
10101
  "dependentActions": []
9304
10102
  },
10103
+ "describeimagereferences": {
10104
+ "name": "DescribeImageReferences",
10105
+ "description": "Grants permission to describe your AWS resources that are referencing specified images",
10106
+ "accessLevel": "List",
10107
+ "resourceTypes": [],
10108
+ "conditionKeys": [
10109
+ "ec2:Region"
10110
+ ],
10111
+ "dependentActions": []
10112
+ },
10113
+ "describeimageusagereportentries": {
10114
+ "name": "DescribeImageUsageReportEntries",
10115
+ "description": "Grants permission to describe the entries of an AMI usage report",
10116
+ "accessLevel": "List",
10117
+ "resourceTypes": [],
10118
+ "conditionKeys": [
10119
+ "ec2:Region"
10120
+ ],
10121
+ "dependentActions": []
10122
+ },
10123
+ "describeimageusagereports": {
10124
+ "name": "DescribeImageUsageReports",
10125
+ "description": "Grants permission to describe the configuration and status of an AMI usage report",
10126
+ "accessLevel": "List",
10127
+ "resourceTypes": [],
10128
+ "conditionKeys": [
10129
+ "ec2:Region"
10130
+ ],
10131
+ "dependentActions": []
10132
+ },
9305
10133
  "describeimages": {
9306
10134
  "name": "DescribeImages",
9307
10135
  "description": "Grants permission to describe one or more images (AMIs, AKIs, and ARIs)",
@@ -9343,6 +10171,7 @@
9343
10171
  "conditionKeys": [
9344
10172
  "aws:ResourceTag/${TagKey}",
9345
10173
  "ec2:AvailabilityZone",
10174
+ "ec2:AvailabilityZoneId",
9346
10175
  "ec2:CpuOptionsAmdSevSnp",
9347
10176
  "ec2:EbsOptimized",
9348
10177
  "ec2:InstanceAutoRecovery",
@@ -9683,6 +10512,16 @@
9683
10512
  ],
9684
10513
  "dependentActions": []
9685
10514
  },
10515
+ "describemacmodificationtasks": {
10516
+ "name": "DescribeMacModificationTasks",
10517
+ "description": "Grants permission to describe a System Integrity Protection (SIP) modification task or volume ownership delegation task for an Amazon EC2 Mac instance",
10518
+ "accessLevel": "List",
10519
+ "resourceTypes": [],
10520
+ "conditionKeys": [
10521
+ "ec2:Region"
10522
+ ],
10523
+ "dependentActions": []
10524
+ },
9686
10525
  "describemanagedprefixlists": {
9687
10526
  "name": "DescribeManagedPrefixLists",
9688
10527
  "description": "Grants permission to describe your managed prefix lists and any AWS-managed prefix lists",
@@ -9793,6 +10632,16 @@
9793
10632
  ],
9794
10633
  "dependentActions": []
9795
10634
  },
10635
+ "describeoutpostlags": {
10636
+ "name": "DescribeOutpostLags",
10637
+ "description": "Grants permission to describe Outpost LAGs",
10638
+ "accessLevel": "List",
10639
+ "resourceTypes": [],
10640
+ "conditionKeys": [
10641
+ "ec2:Region"
10642
+ ],
10643
+ "dependentActions": []
10644
+ },
9796
10645
  "describeplacementgroups": {
9797
10646
  "name": "DescribePlacementGroups",
9798
10647
  "description": "Grants permission to describe one or more placement groups",
@@ -9893,6 +10742,36 @@
9893
10742
  ],
9894
10743
  "dependentActions": []
9895
10744
  },
10745
+ "describerouteserverendpoints": {
10746
+ "name": "DescribeRouteServerEndpoints",
10747
+ "description": "Grants permission to describe one or more route server endpoints",
10748
+ "accessLevel": "List",
10749
+ "resourceTypes": [],
10750
+ "conditionKeys": [
10751
+ "ec2:Region"
10752
+ ],
10753
+ "dependentActions": []
10754
+ },
10755
+ "describerouteserverpeers": {
10756
+ "name": "DescribeRouteServerPeers",
10757
+ "description": "Grants permission to describe one or more route server peers",
10758
+ "accessLevel": "List",
10759
+ "resourceTypes": [],
10760
+ "conditionKeys": [
10761
+ "ec2:Region"
10762
+ ],
10763
+ "dependentActions": []
10764
+ },
10765
+ "describerouteservers": {
10766
+ "name": "DescribeRouteServers",
10767
+ "description": "Grants permission to describe one or more route servers",
10768
+ "accessLevel": "List",
10769
+ "resourceTypes": [],
10770
+ "conditionKeys": [
10771
+ "ec2:Region"
10772
+ ],
10773
+ "dependentActions": []
10774
+ },
9896
10775
  "describeroutetables": {
9897
10776
  "name": "DescribeRouteTables",
9898
10777
  "description": "Grants permission to describe one or more route tables",
@@ -9975,6 +10854,16 @@
9975
10854
  ],
9976
10855
  "dependentActions": []
9977
10856
  },
10857
+ "describeservicelinkvirtualinterfaces": {
10858
+ "name": "DescribeServiceLinkVirtualInterfaces",
10859
+ "description": "Grants permission to describe service link virtual interfaces",
10860
+ "accessLevel": "List",
10861
+ "resourceTypes": [],
10862
+ "conditionKeys": [
10863
+ "ec2:Region"
10864
+ ],
10865
+ "dependentActions": []
10866
+ },
9978
10867
  "describesnapshotattribute": {
9979
10868
  "name": "DescribeSnapshotAttribute",
9980
10869
  "description": "Grants permission to describe an attribute of a snapshot",
@@ -10365,11 +11254,14 @@
10365
11254
  "conditionKeys": [
10366
11255
  "aws:ResourceTag/${TagKey}",
10367
11256
  "ec2:AvailabilityZone",
11257
+ "ec2:AvailabilityZoneId",
10368
11258
  "ec2:Encrypted",
10369
11259
  "ec2:ManagedResourceOperator",
10370
11260
  "ec2:ParentSnapshot",
11261
+ "ec2:ParentVolume",
10371
11262
  "ec2:ResourceTag/${TagKey}",
10372
11263
  "ec2:VolumeID",
11264
+ "ec2:VolumeInitializationRate",
10373
11265
  "ec2:VolumeIops",
10374
11266
  "ec2:VolumeSize",
10375
11267
  "ec2:VolumeThroughput",
@@ -10479,19 +11371,7 @@
10479
11371
  "name": "DescribeVpcEndpointAssociations",
10480
11372
  "description": "Grants permission to describe the VPC endpoint associations",
10481
11373
  "accessLevel": "List",
10482
- "resourceTypes": [
10483
- {
10484
- "name": "vpc-endpoint",
10485
- "required": false,
10486
- "conditionKeys": [
10487
- "aws:ResourceTag/${TagKey}",
10488
- "ec2:ResourceTag/${TagKey}",
10489
- "ec2:VpceServiceName",
10490
- "ec2:VpceServiceOwner"
10491
- ],
10492
- "dependentActions": []
10493
- }
10494
- ],
11374
+ "resourceTypes": [],
10495
11375
  "conditionKeys": [
10496
11376
  "ec2:Region"
10497
11377
  ],
@@ -10538,8 +11418,8 @@
10538
11418
  "conditionKeys": [
10539
11419
  "aws:ResourceTag/${TagKey}",
10540
11420
  "ec2:ResourceTag/${TagKey}",
10541
- "ec2:vpceMultiRegion",
10542
- "ec2:vpceSupportedRegion"
11421
+ "ec2:VpceMultiRegion",
11422
+ "ec2:VpceSupportedRegion"
10543
11423
  ],
10544
11424
  "dependentActions": []
10545
11425
  }
@@ -10698,6 +11578,7 @@
10698
11578
  "conditionKeys": [
10699
11579
  "aws:ResourceTag/${TagKey}",
10700
11580
  "ec2:AvailabilityZone",
11581
+ "ec2:AvailabilityZoneId",
10701
11582
  "ec2:CpuOptionsAmdSevSnp",
10702
11583
  "ec2:EbsOptimized",
10703
11584
  "ec2:InstanceAutoRecovery",
@@ -10779,11 +11660,14 @@
10779
11660
  "conditionKeys": [
10780
11661
  "aws:ResourceTag/${TagKey}",
10781
11662
  "ec2:AvailabilityZone",
11663
+ "ec2:AvailabilityZoneId",
10782
11664
  "ec2:Encrypted",
10783
11665
  "ec2:ManagedResourceOperator",
10784
11666
  "ec2:ParentSnapshot",
11667
+ "ec2:ParentVolume",
10785
11668
  "ec2:ResourceTag/${TagKey}",
10786
11669
  "ec2:VolumeID",
11670
+ "ec2:VolumeInitializationRate",
10787
11671
  "ec2:VolumeIops",
10788
11672
  "ec2:VolumeSize",
10789
11673
  "ec2:VolumeThroughput",
@@ -10797,6 +11681,7 @@
10797
11681
  "conditionKeys": [
10798
11682
  "aws:ResourceTag/${TagKey}",
10799
11683
  "ec2:AvailabilityZone",
11684
+ "ec2:AvailabilityZoneId",
10800
11685
  "ec2:CpuOptionsAmdSevSnp",
10801
11686
  "ec2:EbsOptimized",
10802
11687
  "ec2:InstanceAutoRecovery",
@@ -10898,6 +11783,16 @@
10898
11783
  ],
10899
11784
  "dependentActions": []
10900
11785
  },
11786
+ "disablecapacitymanager": {
11787
+ "name": "DisableCapacityManager",
11788
+ "description": "Grants permission to disable EC2 Capacity Manager for your account",
11789
+ "accessLevel": "Write",
11790
+ "resourceTypes": [],
11791
+ "conditionKeys": [
11792
+ "ec2:Region"
11793
+ ],
11794
+ "dependentActions": []
11795
+ },
10901
11796
  "disableebsencryptionbydefault": {
10902
11797
  "name": "DisableEbsEncryptionByDefault",
10903
11798
  "description": "Grants permission to disable EBS encryption by default for your account",
@@ -10988,7 +11883,7 @@
10988
11883
  "disableimageblockpublicaccess": {
10989
11884
  "name": "DisableImageBlockPublicAccess",
10990
11885
  "description": "Grants permission to disable block public access for AMIs at the account level in the specified AWS Region",
10991
- "accessLevel": "Write",
11886
+ "accessLevel": "Permissions management",
10992
11887
  "resourceTypes": [],
10993
11888
  "conditionKeys": [
10994
11889
  "ec2:Region"
@@ -11057,6 +11952,37 @@
11057
11952
  "organizations:DeregisterDelegatedAdministrator"
11058
11953
  ]
11059
11954
  },
11955
+ "disablerouteserverpropagation": {
11956
+ "name": "DisableRouteServerPropagation",
11957
+ "description": "Grants permission to disable route server propagation",
11958
+ "accessLevel": "Write",
11959
+ "resourceTypes": [
11960
+ {
11961
+ "name": "route-server",
11962
+ "required": true,
11963
+ "conditionKeys": [
11964
+ "aws:ResourceTag/${TagKey}",
11965
+ "ec2:ResourceTag/${TagKey}"
11966
+ ],
11967
+ "dependentActions": []
11968
+ },
11969
+ {
11970
+ "name": "route-table",
11971
+ "required": true,
11972
+ "conditionKeys": [
11973
+ "aws:ResourceTag/${TagKey}",
11974
+ "ec2:ResourceTag/${TagKey}",
11975
+ "ec2:RouteTableID",
11976
+ "ec2:Vpc"
11977
+ ],
11978
+ "dependentActions": []
11979
+ }
11980
+ ],
11981
+ "conditionKeys": [
11982
+ "ec2:Region"
11983
+ ],
11984
+ "dependentActions": []
11985
+ },
11060
11986
  "disableserialconsoleaccess": {
11061
11987
  "name": "DisableSerialConsoleAccess",
11062
11988
  "description": "Grants permission to disable access to the EC2 serial console of all instances for your account",
@@ -11070,7 +11996,7 @@
11070
11996
  "disablesnapshotblockpublicaccess": {
11071
11997
  "name": "DisableSnapshotBlockPublicAccess",
11072
11998
  "description": "Grants permission to disable the block public access for snapshots setting for a Region",
11073
- "accessLevel": "Write",
11999
+ "accessLevel": "Permissions management",
11074
12000
  "resourceTypes": [],
11075
12001
  "conditionKeys": [
11076
12002
  "ec2:Region"
@@ -11325,6 +12251,7 @@
11325
12251
  "conditionKeys": [
11326
12252
  "aws:ResourceTag/${TagKey}",
11327
12253
  "ec2:AvailabilityZone",
12254
+ "ec2:AvailabilityZoneId",
11328
12255
  "ec2:CpuOptionsAmdSevSnp",
11329
12256
  "ec2:EbsOptimized",
11330
12257
  "ec2:InstanceAutoRecovery",
@@ -11430,7 +12357,7 @@
11430
12357
  },
11431
12358
  {
11432
12359
  "name": "network-interface",
11433
- "required": true,
12360
+ "required": false,
11434
12361
  "conditionKeys": [
11435
12362
  "aws:ResourceTag/${TagKey}",
11436
12363
  "ec2:AuthorizedUser",
@@ -11450,6 +12377,39 @@
11450
12377
  ],
11451
12378
  "dependentActions": []
11452
12379
  },
12380
+ "disassociaterouteserver": {
12381
+ "name": "DisassociateRouteServer",
12382
+ "description": "Grants permission to disassociate a route server from a VPC",
12383
+ "accessLevel": "Write",
12384
+ "resourceTypes": [
12385
+ {
12386
+ "name": "route-server",
12387
+ "required": true,
12388
+ "conditionKeys": [
12389
+ "aws:ResourceTag/${TagKey}",
12390
+ "ec2:ResourceTag/${TagKey}"
12391
+ ],
12392
+ "dependentActions": []
12393
+ },
12394
+ {
12395
+ "name": "vpc",
12396
+ "required": true,
12397
+ "conditionKeys": [
12398
+ "aws:ResourceTag/${TagKey}",
12399
+ "ec2:Ipv4IpamPoolId",
12400
+ "ec2:Ipv6IpamPoolId",
12401
+ "ec2:ResourceTag/${TagKey}",
12402
+ "ec2:Tenancy",
12403
+ "ec2:VpcID"
12404
+ ],
12405
+ "dependentActions": []
12406
+ }
12407
+ ],
12408
+ "conditionKeys": [
12409
+ "ec2:Region"
12410
+ ],
12411
+ "dependentActions": []
12412
+ },
11453
12413
  "disassociateroutetable": {
11454
12414
  "name": "DisassociateRouteTable",
11455
12415
  "description": "Grants permission to disassociate a subnet from a route table",
@@ -11500,6 +12460,7 @@
11500
12460
  "conditionKeys": [
11501
12461
  "aws:ResourceTag/${TagKey}",
11502
12462
  "ec2:AvailabilityZone",
12463
+ "ec2:AvailabilityZoneId",
11503
12464
  "ec2:ResourceTag/${TagKey}",
11504
12465
  "ec2:SubnetID",
11505
12466
  "ec2:Vpc"
@@ -11567,6 +12528,7 @@
11567
12528
  "conditionKeys": [
11568
12529
  "aws:ResourceTag/${TagKey}",
11569
12530
  "ec2:AvailabilityZone",
12531
+ "ec2:AvailabilityZoneId",
11570
12532
  "ec2:ResourceTag/${TagKey}",
11571
12533
  "ec2:SubnetID",
11572
12534
  "ec2:Vpc"
@@ -11590,6 +12552,7 @@
11590
12552
  "conditionKeys": [
11591
12553
  "aws:ResourceTag/${TagKey}",
11592
12554
  "ec2:AvailabilityZone",
12555
+ "ec2:AvailabilityZoneId",
11593
12556
  "ec2:ResourceTag/${TagKey}",
11594
12557
  "ec2:SubnetID",
11595
12558
  "ec2:Vpc"
@@ -11780,6 +12743,16 @@
11780
12743
  ],
11781
12744
  "dependentActions": []
11782
12745
  },
12746
+ "enablecapacitymanager": {
12747
+ "name": "EnableCapacityManager",
12748
+ "description": "Grants permission to enable EC2 Capacity Manager for your account",
12749
+ "accessLevel": "Write",
12750
+ "resourceTypes": [],
12751
+ "conditionKeys": [
12752
+ "ec2:Region"
12753
+ ],
12754
+ "dependentActions": []
12755
+ },
11783
12756
  "enableebsencryptionbydefault": {
11784
12757
  "name": "EnableEbsEncryptionByDefault",
11785
12758
  "description": "Grants permission to enable EBS encryption by default for your account",
@@ -11898,7 +12871,7 @@
11898
12871
  "enableimageblockpublicaccess": {
11899
12872
  "name": "EnableImageBlockPublicAccess",
11900
12873
  "description": "Grants permission to enable block public access for AMIs at the account level in the specified AWS Region",
11901
- "accessLevel": "Write",
12874
+ "accessLevel": "Permissions management",
11902
12875
  "resourceTypes": [],
11903
12876
  "conditionKeys": [
11904
12877
  "ec2:Region"
@@ -11963,24 +12936,55 @@
11963
12936
  "conditionKeys": [
11964
12937
  "ec2:Region"
11965
12938
  ],
11966
- "dependentActions": [
11967
- "iam:CreateServiceLinkedRole",
11968
- "organizations:EnableAWSServiceAccess",
11969
- "organizations:RegisterDelegatedAdministrator"
11970
- ]
11971
- },
11972
- "enablereachabilityanalyzerorganizationsharing": {
11973
- "name": "EnableReachabilityAnalyzerOrganizationSharing",
11974
- "description": "Grants permission to enable organization sharing of reachability analyzer",
11975
- "accessLevel": "Write",
11976
- "resourceTypes": [],
12939
+ "dependentActions": [
12940
+ "iam:CreateServiceLinkedRole",
12941
+ "organizations:EnableAWSServiceAccess",
12942
+ "organizations:RegisterDelegatedAdministrator"
12943
+ ]
12944
+ },
12945
+ "enablereachabilityanalyzerorganizationsharing": {
12946
+ "name": "EnableReachabilityAnalyzerOrganizationSharing",
12947
+ "description": "Grants permission to enable organization sharing of reachability analyzer",
12948
+ "accessLevel": "Write",
12949
+ "resourceTypes": [],
12950
+ "conditionKeys": [
12951
+ "ec2:Region"
12952
+ ],
12953
+ "dependentActions": [
12954
+ "iam:CreateServiceLinkedRole",
12955
+ "organizations:EnableAWSServiceAccess"
12956
+ ]
12957
+ },
12958
+ "enablerouteserverpropagation": {
12959
+ "name": "EnableRouteServerPropagation",
12960
+ "description": "Grants permission to enable route server propagation",
12961
+ "accessLevel": "Write",
12962
+ "resourceTypes": [
12963
+ {
12964
+ "name": "route-server",
12965
+ "required": true,
12966
+ "conditionKeys": [
12967
+ "aws:ResourceTag/${TagKey}",
12968
+ "ec2:ResourceTag/${TagKey}"
12969
+ ],
12970
+ "dependentActions": []
12971
+ },
12972
+ {
12973
+ "name": "route-table",
12974
+ "required": true,
12975
+ "conditionKeys": [
12976
+ "aws:ResourceTag/${TagKey}",
12977
+ "ec2:ResourceTag/${TagKey}",
12978
+ "ec2:RouteTableID",
12979
+ "ec2:Vpc"
12980
+ ],
12981
+ "dependentActions": []
12982
+ }
12983
+ ],
11977
12984
  "conditionKeys": [
11978
12985
  "ec2:Region"
11979
12986
  ],
11980
- "dependentActions": [
11981
- "iam:CreateServiceLinkedRole",
11982
- "organizations:EnableAWSServiceAccess"
11983
- ]
12987
+ "dependentActions": []
11984
12988
  },
11985
12989
  "enableserialconsoleaccess": {
11986
12990
  "name": "EnableSerialConsoleAccess",
@@ -11995,7 +12999,7 @@
11995
12999
  "enablesnapshotblockpublicaccess": {
11996
13000
  "name": "EnableSnapshotBlockPublicAccess",
11997
13001
  "description": "Grants permission to enable or modify the block public access for snapshots setting for a Region",
11998
- "accessLevel": "Write",
13002
+ "accessLevel": "Permissions management",
11999
13003
  "resourceTypes": [],
12000
13004
  "conditionKeys": [
12001
13005
  "ec2:Region"
@@ -12085,6 +13089,7 @@
12085
13089
  "conditionKeys": [
12086
13090
  "aws:ResourceTag/${TagKey}",
12087
13091
  "ec2:AvailabilityZone",
13092
+ "ec2:AvailabilityZoneId",
12088
13093
  "ec2:Encrypted",
12089
13094
  "ec2:ManagedResourceOperator",
12090
13095
  "ec2:ParentSnapshot",
@@ -12265,6 +13270,25 @@
12265
13270
  ],
12266
13271
  "dependentActions": []
12267
13272
  },
13273
+ "getactivevpntunnelstatus": {
13274
+ "name": "GetActiveVpnTunnelStatus",
13275
+ "description": "Grants permission to retrieve the current security parameters for an active VPN tunnel",
13276
+ "accessLevel": "Read",
13277
+ "resourceTypes": [
13278
+ {
13279
+ "name": "vpn-connection",
13280
+ "required": true,
13281
+ "conditionKeys": [
13282
+ "ec2:ResourceTag/${TagKey}"
13283
+ ],
13284
+ "dependentActions": []
13285
+ }
13286
+ ],
13287
+ "conditionKeys": [
13288
+ "ec2:Region"
13289
+ ],
13290
+ "dependentActions": []
13291
+ },
12268
13292
  "getallowedimagessettings": {
12269
13293
  "name": "GetAllowedImagesSettings",
12270
13294
  "description": "Grants permission to get the allowed settings for images",
@@ -12296,7 +13320,17 @@
12296
13320
  "name": "GetAssociatedIpv6PoolCidrs",
12297
13321
  "description": "Grants permission to get information about the IPv6 CIDR block associations for a specified IPv6 address pool",
12298
13322
  "accessLevel": "Read",
12299
- "resourceTypes": [],
13323
+ "resourceTypes": [
13324
+ {
13325
+ "name": "ipv6pool-ec2",
13326
+ "required": true,
13327
+ "conditionKeys": [
13328
+ "aws:ResourceTag/${TagKey}",
13329
+ "ec2:ResourceTag/${TagKey}"
13330
+ ],
13331
+ "dependentActions": []
13332
+ }
13333
+ ],
12300
13334
  "conditionKeys": [
12301
13335
  "ec2:Region"
12302
13336
  ],
@@ -12312,6 +13346,36 @@
12312
13346
  ],
12313
13347
  "dependentActions": []
12314
13348
  },
13349
+ "getcapacitymanagerattributes": {
13350
+ "name": "GetCapacityManagerAttributes",
13351
+ "description": "Grants permission to retrieve the current configuration and status of EC2 Capacity Manager",
13352
+ "accessLevel": "Read",
13353
+ "resourceTypes": [],
13354
+ "conditionKeys": [
13355
+ "ec2:Region"
13356
+ ],
13357
+ "dependentActions": []
13358
+ },
13359
+ "getcapacitymanagermetricdata": {
13360
+ "name": "GetCapacityManagerMetricData",
13361
+ "description": "Grants permission to retrieve capacity usage metrics for your EC2 resources",
13362
+ "accessLevel": "Read",
13363
+ "resourceTypes": [],
13364
+ "conditionKeys": [
13365
+ "ec2:Region"
13366
+ ],
13367
+ "dependentActions": []
13368
+ },
13369
+ "getcapacitymanagermetricdimensions": {
13370
+ "name": "GetCapacityManagerMetricDimensions",
13371
+ "description": "Grants permission to retrieve the available dimension values for capacity metrics within a specified time range",
13372
+ "accessLevel": "Read",
13373
+ "resourceTypes": [],
13374
+ "conditionKeys": [
13375
+ "ec2:Region"
13376
+ ],
13377
+ "dependentActions": []
13378
+ },
12315
13379
  "getcapacityreservationusage": {
12316
13380
  "name": "GetCapacityReservationUsage",
12317
13381
  "description": "Grants permission to get usage information about a Capacity Reservation",
@@ -12363,6 +13427,7 @@
12363
13427
  "conditionKeys": [
12364
13428
  "aws:ResourceTag/${TagKey}",
12365
13429
  "ec2:AvailabilityZone",
13430
+ "ec2:AvailabilityZoneId",
12366
13431
  "ec2:CpuOptionsAmdSevSnp",
12367
13432
  "ec2:EbsOptimized",
12368
13433
  "ec2:InstanceAutoRecovery",
@@ -12401,6 +13466,7 @@
12401
13466
  "conditionKeys": [
12402
13467
  "aws:ResourceTag/${TagKey}",
12403
13468
  "ec2:AvailabilityZone",
13469
+ "ec2:AvailabilityZoneId",
12404
13470
  "ec2:CpuOptionsAmdSevSnp",
12405
13471
  "ec2:EbsOptimized",
12406
13472
  "ec2:InstanceAutoRecovery",
@@ -12560,6 +13626,7 @@
12560
13626
  "conditionKeys": [
12561
13627
  "aws:ResourceTag/${TagKey}",
12562
13628
  "ec2:AvailabilityZone",
13629
+ "ec2:AvailabilityZoneId",
12563
13630
  "ec2:CpuOptionsAmdSevSnp",
12564
13631
  "ec2:EbsOptimized",
12565
13632
  "ec2:InstanceAutoRecovery",
@@ -12606,6 +13673,7 @@
12606
13673
  "conditionKeys": [
12607
13674
  "aws:ResourceTag/${TagKey}",
12608
13675
  "ec2:AvailabilityZone",
13676
+ "ec2:AvailabilityZoneId",
12609
13677
  "ec2:CpuOptionsAmdSevSnp",
12610
13678
  "ec2:EbsOptimized",
12611
13679
  "ec2:InstanceAutoRecovery",
@@ -12794,6 +13862,7 @@
12794
13862
  "conditionKeys": [
12795
13863
  "aws:ResourceTag/${TagKey}",
12796
13864
  "ec2:AvailabilityZone",
13865
+ "ec2:AvailabilityZoneId",
12797
13866
  "ec2:CpuOptionsAmdSevSnp",
12798
13867
  "ec2:EbsOptimized",
12799
13868
  "ec2:InstanceAutoRecovery",
@@ -12912,6 +13981,7 @@
12912
13981
  "conditionKeys": [
12913
13982
  "aws:ResourceTag/${TagKey}",
12914
13983
  "ec2:AvailabilityZone",
13984
+ "ec2:AvailabilityZoneId",
12915
13985
  "ec2:CpuOptionsAmdSevSnp",
12916
13986
  "ec2:EbsOptimized",
12917
13987
  "ec2:InstanceAutoRecovery",
@@ -12943,7 +14013,21 @@
12943
14013
  "name": "GetReservedInstancesExchangeQuote",
12944
14014
  "description": "Grants permission to return a quote and exchange information for exchanging one or more Convertible Reserved Instances for a new Convertible Reserved Instance",
12945
14015
  "accessLevel": "Read",
12946
- "resourceTypes": [],
14016
+ "resourceTypes": [
14017
+ {
14018
+ "name": "reserved-instances",
14019
+ "required": true,
14020
+ "conditionKeys": [
14021
+ "aws:ResourceTag/${TagKey}",
14022
+ "ec2:AvailabilityZone",
14023
+ "ec2:InstanceType",
14024
+ "ec2:ReservedInstancesOfferingType",
14025
+ "ec2:ResourceTag/${TagKey}",
14026
+ "ec2:Tenancy"
14027
+ ],
14028
+ "dependentActions": []
14029
+ }
14030
+ ],
12947
14031
  "conditionKeys": [
12948
14032
  "ec2:Region"
12949
14033
  ],
@@ -12990,6 +14074,77 @@
12990
14074
  ],
12991
14075
  "dependentActions": []
12992
14076
  },
14077
+ "getrouteserverassociations": {
14078
+ "name": "GetRouteServerAssociations",
14079
+ "description": "Grants permission to get associations for a route server",
14080
+ "accessLevel": "Read",
14081
+ "resourceTypes": [
14082
+ {
14083
+ "name": "route-server",
14084
+ "required": true,
14085
+ "conditionKeys": [
14086
+ "aws:ResourceTag/${TagKey}",
14087
+ "ec2:ResourceTag/${TagKey}"
14088
+ ],
14089
+ "dependentActions": []
14090
+ }
14091
+ ],
14092
+ "conditionKeys": [
14093
+ "ec2:Region"
14094
+ ],
14095
+ "dependentActions": []
14096
+ },
14097
+ "getrouteserverpropagations": {
14098
+ "name": "GetRouteServerPropagations",
14099
+ "description": "Grants permission to get propagations for a route server",
14100
+ "accessLevel": "Read",
14101
+ "resourceTypes": [
14102
+ {
14103
+ "name": "route-server",
14104
+ "required": true,
14105
+ "conditionKeys": [
14106
+ "aws:ResourceTag/${TagKey}",
14107
+ "ec2:ResourceTag/${TagKey}"
14108
+ ],
14109
+ "dependentActions": []
14110
+ },
14111
+ {
14112
+ "name": "route-table",
14113
+ "required": false,
14114
+ "conditionKeys": [
14115
+ "aws:ResourceTag/${TagKey}",
14116
+ "ec2:ResourceTag/${TagKey}",
14117
+ "ec2:RouteTableID",
14118
+ "ec2:Vpc"
14119
+ ],
14120
+ "dependentActions": []
14121
+ }
14122
+ ],
14123
+ "conditionKeys": [
14124
+ "ec2:Region"
14125
+ ],
14126
+ "dependentActions": []
14127
+ },
14128
+ "getrouteserverroutingdatabase": {
14129
+ "name": "GetRouteServerRoutingDatabase",
14130
+ "description": "Grants permission to get the routing database for a route server",
14131
+ "accessLevel": "Read",
14132
+ "resourceTypes": [
14133
+ {
14134
+ "name": "route-server",
14135
+ "required": true,
14136
+ "conditionKeys": [
14137
+ "aws:ResourceTag/${TagKey}",
14138
+ "ec2:ResourceTag/${TagKey}"
14139
+ ],
14140
+ "dependentActions": []
14141
+ }
14142
+ ],
14143
+ "conditionKeys": [
14144
+ "ec2:Region"
14145
+ ],
14146
+ "dependentActions": []
14147
+ },
12993
14148
  "getsecuritygroupsforvpc": {
12994
14149
  "name": "GetSecurityGroupsForVpc",
12995
14150
  "description": "Grants permission to retrieve a list of security groups for a specified VPC",
@@ -13524,6 +14679,7 @@
13524
14679
  "conditionKeys": [
13525
14680
  "aws:ResourceTag/${TagKey}",
13526
14681
  "ec2:AvailabilityZone",
14682
+ "ec2:AvailabilityZoneId",
13527
14683
  "ec2:Encrypted",
13528
14684
  "ec2:ManagedResourceOperator",
13529
14685
  "ec2:ParentSnapshot",
@@ -13800,6 +14956,7 @@
13800
14956
  "conditionKeys": [
13801
14957
  "aws:ResourceTag/${TagKey}",
13802
14958
  "ec2:AvailabilityZone",
14959
+ "ec2:AvailabilityZoneId",
13803
14960
  "ec2:ResourceTag/${TagKey}",
13804
14961
  "ec2:SubnetID",
13805
14962
  "ec2:Vpc"
@@ -13918,6 +15075,7 @@
13918
15075
  "ec2:Attribute",
13919
15076
  "ec2:Attribute/${AttributeName}",
13920
15077
  "ec2:AvailabilityZone",
15078
+ "ec2:AvailabilityZoneId",
13921
15079
  "ec2:CpuOptionsAmdSevSnp",
13922
15080
  "ec2:EbsOptimized",
13923
15081
  "ec2:InstanceAutoRecovery",
@@ -13956,11 +15114,13 @@
13956
15114
  "conditionKeys": [
13957
15115
  "aws:ResourceTag/${TagKey}",
13958
15116
  "ec2:AvailabilityZone",
15117
+ "ec2:AvailabilityZoneId",
13959
15118
  "ec2:Encrypted",
13960
15119
  "ec2:ManagedResourceOperator",
13961
15120
  "ec2:ParentSnapshot",
13962
15121
  "ec2:ResourceTag/${TagKey}",
13963
15122
  "ec2:VolumeID",
15123
+ "ec2:VolumeInitializationRate",
13964
15124
  "ec2:VolumeIops",
13965
15125
  "ec2:VolumeSize",
13966
15126
  "ec2:VolumeThroughput",
@@ -13987,6 +15147,7 @@
13987
15147
  "ec2:Attribute",
13988
15148
  "ec2:Attribute/${AttributeName}",
13989
15149
  "ec2:AvailabilityZone",
15150
+ "ec2:AvailabilityZoneId",
13990
15151
  "ec2:CpuOptionsAmdSevSnp",
13991
15152
  "ec2:EbsOptimized",
13992
15153
  "ec2:InstanceAutoRecovery",
@@ -14022,6 +15183,39 @@
14022
15183
  ],
14023
15184
  "dependentActions": []
14024
15185
  },
15186
+ "modifyinstanceconnectendpoint": {
15187
+ "name": "ModifyInstanceConnectEndpoint",
15188
+ "description": "Grants permission to modify an existing EC2 Instance Connect Endpoint",
15189
+ "accessLevel": "Write",
15190
+ "resourceTypes": [
15191
+ {
15192
+ "name": "instance-connect-endpoint",
15193
+ "required": true,
15194
+ "conditionKeys": [
15195
+ "aws:ResourceTag/${TagKey}",
15196
+ "ec2:Attribute",
15197
+ "ec2:Attribute/${AttributeName}",
15198
+ "ec2:ResourceTag/${TagKey}"
15199
+ ],
15200
+ "dependentActions": []
15201
+ },
15202
+ {
15203
+ "name": "security-group",
15204
+ "required": false,
15205
+ "conditionKeys": [
15206
+ "aws:ResourceTag/${TagKey}",
15207
+ "ec2:ResourceTag/${TagKey}",
15208
+ "ec2:SecurityGroupID",
15209
+ "ec2:Vpc"
15210
+ ],
15211
+ "dependentActions": []
15212
+ }
15213
+ ],
15214
+ "conditionKeys": [
15215
+ "ec2:Region"
15216
+ ],
15217
+ "dependentActions": []
15218
+ },
14025
15219
  "modifyinstancecpuoptions": {
14026
15220
  "name": "ModifyInstanceCpuOptions",
14027
15221
  "description": "Grants permission to modify the CPU options on an instance",
@@ -14035,6 +15229,7 @@
14035
15229
  "ec2:Attribute",
14036
15230
  "ec2:Attribute/${AttributeName}",
14037
15231
  "ec2:AvailabilityZone",
15232
+ "ec2:AvailabilityZoneId",
14038
15233
  "ec2:CpuOptionsAmdSevSnp",
14039
15234
  "ec2:EbsOptimized",
14040
15235
  "ec2:InstanceAutoRecovery",
@@ -14075,6 +15270,7 @@
14075
15270
  "ec2:Attribute",
14076
15271
  "ec2:Attribute/${AttributeName}",
14077
15272
  "ec2:AvailabilityZone",
15273
+ "ec2:AvailabilityZoneId",
14078
15274
  "ec2:CpuOptionsAmdSevSnp",
14079
15275
  "ec2:EbsOptimized",
14080
15276
  "ec2:InstanceAutoRecovery",
@@ -14114,6 +15310,7 @@
14114
15310
  "aws:ResourceTag/${TagKey}",
14115
15311
  "ec2:Attribute/${AttributeName}",
14116
15312
  "ec2:AvailabilityZone",
15313
+ "ec2:AvailabilityZoneId",
14117
15314
  "ec2:CpuOptionsAmdSevSnp",
14118
15315
  "ec2:EbsOptimized",
14119
15316
  "ec2:InstanceAutoRecovery",
@@ -14151,6 +15348,8 @@
14151
15348
  "required": true,
14152
15349
  "conditionKeys": [
14153
15350
  "aws:ResourceTag/${TagKey}",
15351
+ "ec2:Attribute",
15352
+ "ec2:Attribute/${AttributeName}",
14154
15353
  "ec2:ResourceTag/${TagKey}"
14155
15354
  ],
14156
15355
  "dependentActions": []
@@ -14174,6 +15373,7 @@
14174
15373
  "ec2:Attribute",
14175
15374
  "ec2:Attribute/${AttributeName}",
14176
15375
  "ec2:AvailabilityZone",
15376
+ "ec2:AvailabilityZoneId",
14177
15377
  "ec2:CpuOptionsAmdSevSnp",
14178
15378
  "ec2:EbsOptimized",
14179
15379
  "ec2:InstanceAutoRecovery",
@@ -14225,6 +15425,7 @@
14225
15425
  "ec2:Attribute",
14226
15426
  "ec2:Attribute/${AttributeName}",
14227
15427
  "ec2:AvailabilityZone",
15428
+ "ec2:AvailabilityZoneId",
14228
15429
  "ec2:CpuOptionsAmdSevSnp",
14229
15430
  "ec2:EbsOptimized",
14230
15431
  "ec2:InstanceAutoRecovery",
@@ -14265,6 +15466,7 @@
14265
15466
  "ec2:Attribute",
14266
15467
  "ec2:Attribute/${AttributeName}",
14267
15468
  "ec2:AvailabilityZone",
15469
+ "ec2:AvailabilityZoneId",
14268
15470
  "ec2:CpuOptionsAmdSevSnp",
14269
15471
  "ec2:EbsOptimized",
14270
15472
  "ec2:InstanceAutoRecovery",
@@ -14305,6 +15507,7 @@
14305
15507
  "ec2:Attribute",
14306
15508
  "ec2:Attribute/${AttributeName}",
14307
15509
  "ec2:AvailabilityZone",
15510
+ "ec2:AvailabilityZoneId",
14308
15511
  "ec2:CpuOptionsAmdSevSnp",
14309
15512
  "ec2:EbsOptimized",
14310
15513
  "ec2:InstanceAutoRecovery",
@@ -14428,6 +15631,8 @@
14428
15631
  "required": true,
14429
15632
  "conditionKeys": [
14430
15633
  "aws:ResourceTag/${TagKey}",
15634
+ "ec2:Attribute",
15635
+ "ec2:Attribute/${AttributeName}",
14431
15636
  "ec2:ResourceTag/${TagKey}"
14432
15637
  ],
14433
15638
  "dependentActions": []
@@ -14493,6 +15698,7 @@
14493
15698
  "required": true,
14494
15699
  "conditionKeys": [
14495
15700
  "aws:ResourceTag/${TagKey}",
15701
+ "ec2:Attribute/${AttributeName}",
14496
15702
  "ec2:ResourceTag/${TagKey}"
14497
15703
  ],
14498
15704
  "dependentActions": []
@@ -14586,6 +15792,7 @@
14586
15792
  "conditionKeys": [
14587
15793
  "aws:ResourceTag/${TagKey}",
14588
15794
  "ec2:AvailabilityZone",
15795
+ "ec2:AvailabilityZoneId",
14589
15796
  "ec2:CpuOptionsAmdSevSnp",
14590
15797
  "ec2:EbsOptimized",
14591
15798
  "ec2:InstanceAutoRecovery",
@@ -14617,6 +15824,18 @@
14617
15824
  "ec2:Vpc"
14618
15825
  ],
14619
15826
  "dependentActions": []
15827
+ },
15828
+ {
15829
+ "name": "subnet",
15830
+ "required": false,
15831
+ "conditionKeys": [
15832
+ "aws:ResourceTag/${TagKey}",
15833
+ "ec2:AvailabilityZone",
15834
+ "ec2:AvailabilityZoneId",
15835
+ "ec2:ResourceTag/${TagKey}",
15836
+ "ec2:Vpc"
15837
+ ],
15838
+ "dependentActions": []
14620
15839
  }
14621
15840
  ],
14622
15841
  "conditionKeys": [
@@ -14637,6 +15856,7 @@
14637
15856
  "ec2:Attribute",
14638
15857
  "ec2:Attribute/${AttributeName}",
14639
15858
  "ec2:AvailabilityZone",
15859
+ "ec2:AvailabilityZoneId",
14640
15860
  "ec2:CpuOptionsAmdSevSnp",
14641
15861
  "ec2:EbsOptimized",
14642
15862
  "ec2:InstanceAutoRecovery",
@@ -14665,6 +15885,31 @@
14665
15885
  ],
14666
15886
  "dependentActions": []
14667
15887
  },
15888
+ "modifypublicipdnsnameoptions": {
15889
+ "name": "ModifyPublicIpDnsNameOptions",
15890
+ "description": "Grants permission to modify public hostname options for a network interface",
15891
+ "accessLevel": "Write",
15892
+ "resourceTypes": [
15893
+ {
15894
+ "name": "network-interface",
15895
+ "required": true,
15896
+ "conditionKeys": [
15897
+ "aws:ResourceTag/${TagKey}",
15898
+ "ec2:Attribute",
15899
+ "ec2:Attribute/${AttributeName}",
15900
+ "ec2:AvailabilityZone",
15901
+ "ec2:ResourceTag/${TagKey}",
15902
+ "ec2:Subnet",
15903
+ "ec2:Vpc"
15904
+ ],
15905
+ "dependentActions": []
15906
+ }
15907
+ ],
15908
+ "conditionKeys": [
15909
+ "ec2:Region"
15910
+ ],
15911
+ "dependentActions": []
15912
+ },
14668
15913
  "modifyreservedinstances": {
14669
15914
  "name": "ModifyReservedInstances",
14670
15915
  "description": "Grants permission to modify attributes of one or more Reserved Instances",
@@ -14691,6 +15936,26 @@
14691
15936
  ],
14692
15937
  "dependentActions": []
14693
15938
  },
15939
+ "modifyrouteserver": {
15940
+ "name": "ModifyRouteServer",
15941
+ "description": "Grants permission to modify a route server",
15942
+ "accessLevel": "Write",
15943
+ "resourceTypes": [
15944
+ {
15945
+ "name": "route-server",
15946
+ "required": true,
15947
+ "conditionKeys": [
15948
+ "aws:ResourceTag/${TagKey}",
15949
+ "ec2:ResourceTag/${TagKey}"
15950
+ ],
15951
+ "dependentActions": []
15952
+ }
15953
+ ],
15954
+ "conditionKeys": [
15955
+ "ec2:Region"
15956
+ ],
15957
+ "dependentActions": []
15958
+ },
14694
15959
  "modifysecuritygrouprules": {
14695
15960
  "name": "ModifySecurityGroupRules",
14696
15961
  "description": "Grants permission to modify the rules of a security group",
@@ -14823,6 +16088,7 @@
14823
16088
  "conditionKeys": [
14824
16089
  "aws:ResourceTag/${TagKey}",
14825
16090
  "ec2:AvailabilityZone",
16091
+ "ec2:AvailabilityZoneId",
14826
16092
  "ec2:ResourceTag/${TagKey}",
14827
16093
  "ec2:SubnetID",
14828
16094
  "ec2:Vpc"
@@ -14848,6 +16114,7 @@
14848
16114
  "ec2:Attribute",
14849
16115
  "ec2:Attribute/${AttributeName}",
14850
16116
  "ec2:AvailabilityZone",
16117
+ "ec2:AvailabilityZoneId",
14851
16118
  "ec2:ResourceTag/${TagKey}",
14852
16119
  "ec2:SubnetID",
14853
16120
  "ec2:Vpc"
@@ -15055,6 +16322,7 @@
15055
16322
  "conditionKeys": [
15056
16323
  "aws:ResourceTag/${TagKey}",
15057
16324
  "ec2:AvailabilityZone",
16325
+ "ec2:AvailabilityZoneId",
15058
16326
  "ec2:ResourceTag/${TagKey}",
15059
16327
  "ec2:SubnetID",
15060
16328
  "ec2:Vpc"
@@ -15077,6 +16345,7 @@
15077
16345
  "required": true,
15078
16346
  "conditionKeys": [
15079
16347
  "aws:ResourceTag/${TagKey}",
16348
+ "ec2:Attribute/${AttributeName}",
15080
16349
  "ec2:ResourceTag/${TagKey}"
15081
16350
  ],
15082
16351
  "dependentActions": []
@@ -15087,6 +16356,7 @@
15087
16356
  "conditionKeys": [
15088
16357
  "aws:ResourceTag/${TagKey}",
15089
16358
  "ec2:AvailabilityZone",
16359
+ "ec2:AvailabilityZoneId",
15090
16360
  "ec2:ResourceTag/${TagKey}",
15091
16361
  "ec2:SubnetID",
15092
16362
  "ec2:Vpc"
@@ -15118,6 +16388,7 @@
15118
16388
  "required": true,
15119
16389
  "conditionKeys": [
15120
16390
  "aws:ResourceTag/${TagKey}",
16391
+ "ec2:Attribute/${AttributeName}",
15121
16392
  "ec2:ResourceTag/${TagKey}"
15122
16393
  ],
15123
16394
  "dependentActions": []
@@ -15138,6 +16409,8 @@
15138
16409
  "required": true,
15139
16410
  "conditionKeys": [
15140
16411
  "aws:ResourceTag/${TagKey}",
16412
+ "ec2:Attribute",
16413
+ "ec2:Attribute/${AttributeName}",
15141
16414
  "ec2:ResourceTag/${TagKey}"
15142
16415
  ],
15143
16416
  "dependentActions": []
@@ -15167,6 +16440,7 @@
15167
16440
  "required": true,
15168
16441
  "conditionKeys": [
15169
16442
  "aws:ResourceTag/${TagKey}",
16443
+ "ec2:Attribute/${AttributeName}",
15170
16444
  "ec2:ResourceTag/${TagKey}"
15171
16445
  ],
15172
16446
  "dependentActions": []
@@ -15187,6 +16461,8 @@
15187
16461
  "required": true,
15188
16462
  "conditionKeys": [
15189
16463
  "aws:ResourceTag/${TagKey}",
16464
+ "ec2:Attribute",
16465
+ "ec2:Attribute/${AttributeName}",
15190
16466
  "ec2:ResourceTag/${TagKey}"
15191
16467
  ],
15192
16468
  "dependentActions": []
@@ -15207,6 +16483,7 @@
15207
16483
  "required": true,
15208
16484
  "conditionKeys": [
15209
16485
  "aws:ResourceTag/${TagKey}",
16486
+ "ec2:Attribute/${AttributeName}",
15210
16487
  "ec2:ResourceTag/${TagKey}"
15211
16488
  ],
15212
16489
  "dependentActions": []
@@ -15227,6 +16504,8 @@
15227
16504
  "required": true,
15228
16505
  "conditionKeys": [
15229
16506
  "aws:ResourceTag/${TagKey}",
16507
+ "ec2:Attribute",
16508
+ "ec2:Attribute/${AttributeName}",
15230
16509
  "ec2:ResourceTag/${TagKey}"
15231
16510
  ],
15232
16511
  "dependentActions": []
@@ -15250,11 +16529,14 @@
15250
16529
  "ec2:Attribute",
15251
16530
  "ec2:Attribute/${AttributeName}",
15252
16531
  "ec2:AvailabilityZone",
16532
+ "ec2:AvailabilityZoneId",
15253
16533
  "ec2:Encrypted",
15254
16534
  "ec2:ManagedResourceOperator",
15255
16535
  "ec2:ParentSnapshot",
16536
+ "ec2:ParentVolume",
15256
16537
  "ec2:ResourceTag/${TagKey}",
15257
16538
  "ec2:VolumeID",
16539
+ "ec2:VolumeInitializationRate",
15258
16540
  "ec2:VolumeIops",
15259
16541
  "ec2:VolumeSize",
15260
16542
  "ec2:VolumeThroughput",
@@ -15281,11 +16563,14 @@
15281
16563
  "ec2:Attribute",
15282
16564
  "ec2:Attribute/${AttributeName}",
15283
16565
  "ec2:AvailabilityZone",
16566
+ "ec2:AvailabilityZoneId",
15284
16567
  "ec2:Encrypted",
15285
16568
  "ec2:ManagedResourceOperator",
15286
16569
  "ec2:ParentSnapshot",
16570
+ "ec2:ParentVolume",
15287
16571
  "ec2:ResourceTag/${TagKey}",
15288
16572
  "ec2:VolumeID",
16573
+ "ec2:VolumeInitializationRate",
15289
16574
  "ec2:VolumeIops",
15290
16575
  "ec2:VolumeSize",
15291
16576
  "ec2:VolumeThroughput",
@@ -15333,6 +16618,8 @@
15333
16618
  "required": true,
15334
16619
  "conditionKeys": [
15335
16620
  "aws:ResourceTag/${TagKey}",
16621
+ "ec2:Attribute",
16622
+ "ec2:Attribute/${AttributeName}",
15336
16623
  "ec2:ResourceTag/${TagKey}"
15337
16624
  ],
15338
16625
  "dependentActions": []
@@ -15365,7 +16652,9 @@
15365
16652
  "aws:ResourceTag/${TagKey}",
15366
16653
  "ec2:Attribute",
15367
16654
  "ec2:Attribute/${AttributeName}",
15368
- "ec2:ResourceTag/${TagKey}"
16655
+ "ec2:ResourceTag/${TagKey}",
16656
+ "ec2:VpceMultiRegion",
16657
+ "ec2:VpceServiceRegion"
15369
16658
  ],
15370
16659
  "dependentActions": []
15371
16660
  },
@@ -15396,6 +16685,7 @@
15396
16685
  "conditionKeys": [
15397
16686
  "aws:ResourceTag/${TagKey}",
15398
16687
  "ec2:AvailabilityZone",
16688
+ "ec2:AvailabilityZoneId",
15399
16689
  "ec2:ResourceTag/${TagKey}",
15400
16690
  "ec2:SubnetID",
15401
16691
  "ec2:Vpc"
@@ -15428,8 +16718,8 @@
15428
16718
  "conditionKeys": [
15429
16719
  "aws:ResourceTag/${TagKey}",
15430
16720
  "ec2:ResourceTag/${TagKey}",
15431
- "ec2:vpceMultiRegion",
15432
- "ec2:vpceSupportedRegion"
16721
+ "ec2:VpceMultiRegion",
16722
+ "ec2:VpceSupportedRegion"
15433
16723
  ],
15434
16724
  "dependentActions": []
15435
16725
  }
@@ -15452,9 +16742,9 @@
15452
16742
  "ec2:Attribute",
15453
16743
  "ec2:Attribute/${AttributeName}",
15454
16744
  "ec2:ResourceTag/${TagKey}",
16745
+ "ec2:VpceMultiRegion",
15455
16746
  "ec2:VpceServicePrivateDnsName",
15456
- "ec2:vpceMultiRegion",
15457
- "ec2:vpceSupportedRegion"
16747
+ "ec2:VpceSupportedRegion"
15458
16748
  ],
15459
16749
  "dependentActions": []
15460
16750
  }
@@ -15477,8 +16767,8 @@
15477
16767
  "ec2:Attribute",
15478
16768
  "ec2:Attribute/${AttributeName}",
15479
16769
  "ec2:ResourceTag/${TagKey}",
15480
- "ec2:vpceMultiRegion",
15481
- "ec2:vpceSupportedRegion"
16770
+ "ec2:VpceMultiRegion",
16771
+ "ec2:VpceSupportedRegion"
15482
16772
  ],
15483
16773
  "dependentActions": []
15484
16774
  }
@@ -15501,8 +16791,8 @@
15501
16791
  "ec2:Attribute",
15502
16792
  "ec2:Attribute/${AttributeName}",
15503
16793
  "ec2:ResourceTag/${TagKey}",
15504
- "ec2:vpceMultiRegion",
15505
- "ec2:vpceSupportedRegion"
16794
+ "ec2:VpceMultiRegion",
16795
+ "ec2:VpceSupportedRegion"
15506
16796
  ],
15507
16797
  "dependentActions": []
15508
16798
  }
@@ -15696,6 +16986,7 @@
15696
16986
  "conditionKeys": [
15697
16987
  "aws:ResourceTag/${TagKey}",
15698
16988
  "ec2:AvailabilityZone",
16989
+ "ec2:AvailabilityZoneId",
15699
16990
  "ec2:CpuOptionsAmdSevSnp",
15700
16991
  "ec2:EbsOptimized",
15701
16992
  "ec2:InstanceAutoRecovery",
@@ -15800,6 +17091,7 @@
15800
17091
  "conditionKeys": [
15801
17092
  "aws:ResourceTag/${TagKey}",
15802
17093
  "ec2:AvailabilityZone",
17094
+ "ec2:AvailabilityZoneId",
15803
17095
  "ec2:Encrypted",
15804
17096
  "ec2:ManagedResourceOperator",
15805
17097
  "ec2:ParentSnapshot",
@@ -16020,7 +17312,7 @@
16020
17312
  "name": "PutResourcePolicy",
16021
17313
  "isPermissionOnly": true,
16022
17314
  "description": "Grants permission to attach an IAM policy that enables cross-account sharing to a resource",
16023
- "accessLevel": "Write",
17315
+ "accessLevel": "Permissions management",
16024
17316
  "resourceTypes": [
16025
17317
  {
16026
17318
  "name": "ipam-pool",
@@ -16068,6 +17360,7 @@
16068
17360
  "conditionKeys": [
16069
17361
  "aws:ResourceTag/${TagKey}",
16070
17362
  "ec2:AvailabilityZone",
17363
+ "ec2:AvailabilityZoneId",
16071
17364
  "ec2:CpuOptionsAmdSevSnp",
16072
17365
  "ec2:EbsOptimized",
16073
17366
  "ec2:InstanceAutoRecovery",
@@ -16334,8 +17627,8 @@
16334
17627
  "conditionKeys": [
16335
17628
  "aws:ResourceTag/${TagKey}",
16336
17629
  "ec2:ResourceTag/${TagKey}",
16337
- "ec2:vpceMultiRegion",
16338
- "ec2:vpceSupportedRegion"
17630
+ "ec2:VpceMultiRegion",
17631
+ "ec2:VpceSupportedRegion"
16339
17632
  ],
16340
17633
  "dependentActions": []
16341
17634
  }
@@ -16442,6 +17735,7 @@
16442
17735
  "conditionKeys": [
16443
17736
  "aws:ResourceTag/${TagKey}",
16444
17737
  "ec2:AvailabilityZone",
17738
+ "ec2:AvailabilityZoneId",
16445
17739
  "ec2:CpuOptionsAmdSevSnp",
16446
17740
  "ec2:EbsOptimized",
16447
17741
  "ec2:InstanceAutoRecovery",
@@ -16504,6 +17798,7 @@
16504
17798
  "conditionKeys": [
16505
17799
  "aws:ResourceTag/${TagKey}",
16506
17800
  "ec2:AvailabilityZone",
17801
+ "ec2:AvailabilityZoneId",
16507
17802
  "ec2:ResourceTag/${TagKey}",
16508
17803
  "ec2:SubnetID",
16509
17804
  "ec2:Vpc"
@@ -16610,6 +17905,7 @@
16610
17905
  "conditionKeys": [
16611
17906
  "aws:ResourceTag/${TagKey}",
16612
17907
  "ec2:AvailabilityZone",
17908
+ "ec2:AvailabilityZoneId",
16613
17909
  "ec2:ResourceTag/${TagKey}",
16614
17910
  "ec2:SubnetID",
16615
17911
  "ec2:Vpc"
@@ -16691,6 +17987,7 @@
16691
17987
  "name": "instance",
16692
17988
  "required": true,
16693
17989
  "conditionKeys": [
17990
+ "ec2:AvailabilityZoneId",
16694
17991
  "ec2:InstanceBandwidthWeighting",
16695
17992
  "ec2:InstanceID"
16696
17993
  ],
@@ -16797,6 +18094,7 @@
16797
18094
  "conditionKeys": [
16798
18095
  "aws:ResourceTag/${TagKey}",
16799
18096
  "ec2:AvailabilityZone",
18097
+ "ec2:AvailabilityZoneId",
16800
18098
  "ec2:ResourceTag/${TagKey}",
16801
18099
  "ec2:SubnetID",
16802
18100
  "ec2:Vpc"
@@ -16911,6 +18209,7 @@
16911
18209
  "conditionKeys": [
16912
18210
  "aws:ResourceTag/${TagKey}",
16913
18211
  "ec2:AvailabilityZone",
18212
+ "ec2:AvailabilityZoneId",
16914
18213
  "ec2:ResourceTag/${TagKey}",
16915
18214
  "ec2:SubnetID",
16916
18215
  "ec2:Vpc"
@@ -17020,6 +18319,7 @@
17020
18319
  "conditionKeys": [
17021
18320
  "aws:ResourceTag/${TagKey}",
17022
18321
  "ec2:AvailabilityZone",
18322
+ "ec2:AvailabilityZoneId",
17023
18323
  "ec2:CpuOptionsAmdSevSnp",
17024
18324
  "ec2:EbsOptimized",
17025
18325
  "ec2:InstanceAutoRecovery",
@@ -17307,6 +18607,7 @@
17307
18607
  "aws:RequestTag/${TagKey}",
17308
18608
  "aws:TagKeys",
17309
18609
  "ec2:AvailabilityZone",
18610
+ "ec2:AvailabilityZoneId",
17310
18611
  "ec2:CpuOptionsAmdSevSnp",
17311
18612
  "ec2:EbsOptimized",
17312
18613
  "ec2:InstanceAutoRecovery",
@@ -17366,6 +18667,7 @@
17366
18667
  "conditionKeys": [
17367
18668
  "aws:ResourceTag/${TagKey}",
17368
18669
  "ec2:AvailabilityZone",
18670
+ "ec2:AvailabilityZoneId",
17369
18671
  "ec2:IsLaunchTemplateResource",
17370
18672
  "ec2:LaunchTemplate",
17371
18673
  "ec2:ResourceTag/${TagKey}",
@@ -17475,12 +18777,14 @@
17475
18777
  "aws:RequestTag/${TagKey}",
17476
18778
  "aws:TagKeys",
17477
18779
  "ec2:AvailabilityZone",
18780
+ "ec2:AvailabilityZoneId",
17478
18781
  "ec2:Encrypted",
17479
18782
  "ec2:IsLaunchTemplateResource",
17480
18783
  "ec2:LaunchTemplate",
17481
18784
  "ec2:ManagedResourceOperator",
17482
18785
  "ec2:ParentSnapshot",
17483
18786
  "ec2:VolumeID",
18787
+ "ec2:VolumeInitializationRate",
17484
18788
  "ec2:VolumeIops",
17485
18789
  "ec2:VolumeSize",
17486
18790
  "ec2:VolumeThroughput",
@@ -17789,6 +19093,7 @@
17789
19093
  "conditionKeys": [
17790
19094
  "aws:ResourceTag/${TagKey}",
17791
19095
  "ec2:AvailabilityZone",
19096
+ "ec2:AvailabilityZoneId",
17792
19097
  "ec2:CpuOptionsAmdSevSnp",
17793
19098
  "ec2:EbsOptimized",
17794
19099
  "ec2:InstanceAutoRecovery",
@@ -17826,6 +19131,7 @@
17826
19131
  "conditionKeys": [
17827
19132
  "aws:ResourceTag/${TagKey}",
17828
19133
  "ec2:AvailabilityZone",
19134
+ "ec2:AvailabilityZoneId",
17829
19135
  "ec2:CpuOptionsAmdSevSnp",
17830
19136
  "ec2:EbsOptimized",
17831
19137
  "ec2:InstanceAutoRecovery",
@@ -17872,6 +19178,7 @@
17872
19178
  "conditionKeys": [
17873
19179
  "aws:ResourceTag/${TagKey}",
17874
19180
  "ec2:AvailabilityZone",
19181
+ "ec2:AvailabilityZoneId",
17875
19182
  "ec2:CpuOptionsAmdSevSnp",
17876
19183
  "ec2:EbsOptimized",
17877
19184
  "ec2:InstanceBandwidthWeighting",
@@ -17975,8 +19282,8 @@
17975
19282
  "conditionKeys": [
17976
19283
  "aws:ResourceTag/${TagKey}",
17977
19284
  "ec2:ResourceTag/${TagKey}",
17978
- "ec2:vpceMultiRegion",
17979
- "ec2:vpceSupportedRegion"
19285
+ "ec2:VpceMultiRegion",
19286
+ "ec2:VpceSupportedRegion"
17980
19287
  ],
17981
19288
  "dependentActions": []
17982
19289
  }
@@ -17997,6 +19304,7 @@
17997
19304
  "conditionKeys": [
17998
19305
  "aws:ResourceTag/${TagKey}",
17999
19306
  "ec2:AvailabilityZone",
19307
+ "ec2:AvailabilityZoneId",
18000
19308
  "ec2:CpuOptionsAmdSevSnp",
18001
19309
  "ec2:EbsOptimized",
18002
19310
  "ec2:InstanceAutoRecovery",
@@ -18060,6 +19368,7 @@
18060
19368
  "conditionKeys": [
18061
19369
  "aws:ResourceTag/${TagKey}",
18062
19370
  "ec2:AvailabilityZone",
19371
+ "ec2:AvailabilityZoneId",
18063
19372
  "ec2:CpuOptionsAmdSevSnp",
18064
19373
  "ec2:EbsOptimized",
18065
19374
  "ec2:InstanceAutoRecovery",
@@ -18196,6 +19505,7 @@
18196
19505
  "conditionKeys": [
18197
19506
  "aws:ResourceTag/${TagKey}",
18198
19507
  "ec2:AvailabilityZone",
19508
+ "ec2:AvailabilityZoneId",
18199
19509
  "ec2:CpuOptionsAmdSevSnp",
18200
19510
  "ec2:EbsOptimized",
18201
19511
  "ec2:InstanceAutoRecovery",
@@ -18223,6 +19533,16 @@
18223
19533
  ],
18224
19534
  "dependentActions": []
18225
19535
  },
19536
+ "updatecapacitymanagerorganizationsaccess": {
19537
+ "name": "UpdateCapacityManagerOrganizationsAccess",
19538
+ "description": "Grants permission to update the Organizations access setting for EC2 Capacity Manager",
19539
+ "accessLevel": "Write",
19540
+ "resourceTypes": [],
19541
+ "conditionKeys": [
19542
+ "ec2:Region"
19543
+ ],
19544
+ "dependentActions": []
19545
+ },
18226
19546
  "updatesecuritygroupruledescriptionsegress": {
18227
19547
  "name": "UpdateSecurityGroupRuleDescriptionsEgress",
18228
19548
  "description": "Grants permission to update descriptions for one or more outbound rules in a VPC security group",