iamdata 0.1.202505111__py3-none-any.whl → 0.1.202511181__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (304) hide show
  1. iamdata/data/actions/access-analyzer.json +4 -1
  2. iamdata/data/actions/acm.json +23 -3
  3. iamdata/data/actions/action-recommendations.json +10 -0
  4. iamdata/data/actions/aiops.json +189 -1
  5. iamdata/data/actions/airflow-serverless.json +225 -0
  6. iamdata/data/actions/amplify.json +2 -12
  7. iamdata/data/actions/aoss.json +36 -4
  8. iamdata/data/actions/apigateway.json +104 -0
  9. iamdata/data/actions/app-integrations.json +108 -0
  10. iamdata/data/actions/application-signals.json +40 -0
  11. iamdata/data/actions/appstream.json +138 -103
  12. iamdata/data/actions/appsync.json +1 -1
  13. iamdata/data/actions/aps.json +309 -0
  14. iamdata/data/actions/arc-region-switch.json +334 -0
  15. iamdata/data/actions/arc-zonal-shift.json +53 -1
  16. iamdata/data/actions/artifact.json +0 -36
  17. iamdata/data/actions/athena.json +88 -1
  18. iamdata/data/actions/auditmanager.json +60 -7
  19. iamdata/data/actions/autoscaling.json +26 -3
  20. iamdata/data/actions/aws-marketplace.json +0 -32
  21. iamdata/data/actions/backup-search.json +1 -0
  22. iamdata/data/actions/backup.json +80 -0
  23. iamdata/data/actions/batch.json +183 -17
  24. iamdata/data/actions/bcm-dashboards.json +79 -0
  25. iamdata/data/actions/bcm-recommended-actions.json +10 -0
  26. iamdata/data/actions/bedrock-agentcore.json +1801 -0
  27. iamdata/data/actions/bedrock.json +814 -23
  28. iamdata/data/actions/billing.json +88 -5
  29. iamdata/data/actions/braket.json +2 -9
  30. iamdata/data/actions/budgets.json +6 -2
  31. iamdata/data/actions/cases.json +22 -2
  32. iamdata/data/actions/cassandra.json +67 -2
  33. iamdata/data/actions/ce.json +34 -0
  34. iamdata/data/actions/chatbot.json +87 -20
  35. iamdata/data/actions/cleanrooms-ml.json +11 -0
  36. iamdata/data/actions/cleanrooms.json +93 -0
  37. iamdata/data/actions/cloud9.json +4 -10
  38. iamdata/data/actions/cloudformation.json +22 -0
  39. iamdata/data/actions/cloudfront.json +71 -88
  40. iamdata/data/actions/cloudtrail.json +33 -0
  41. iamdata/data/actions/cloudwatch.json +8 -0
  42. iamdata/data/actions/codebuild.json +367 -12
  43. iamdata/data/actions/codepipeline.json +15 -0
  44. iamdata/data/actions/cognito-idp.json +83 -0
  45. iamdata/data/actions/connect-campaigns.json +16 -0
  46. iamdata/data/actions/connect.json +160 -2
  47. iamdata/data/actions/controlcatalog.json +8 -0
  48. iamdata/data/actions/cur.json +5 -1
  49. iamdata/data/actions/databrew.json +14 -7
  50. iamdata/data/actions/dataexchange.json +61 -9
  51. iamdata/data/actions/datazone.json +300 -6
  52. iamdata/data/actions/deadline.json +40 -12
  53. iamdata/data/actions/dms.json +106 -8
  54. iamdata/data/actions/ds.json +170 -0
  55. iamdata/data/actions/dsql.json +212 -23
  56. iamdata/data/actions/dynamodb.json +32 -0
  57. iamdata/data/actions/ec2.json +986 -51
  58. iamdata/data/actions/ecs.json +59 -9
  59. iamdata/data/actions/eks-mcp.json +26 -0
  60. iamdata/data/actions/eks.json +100 -2
  61. iamdata/data/actions/elasticloadbalancing.json +9 -0
  62. iamdata/data/actions/elasticmapreduce.json +15 -0
  63. iamdata/data/actions/emr-containers.json +34 -1
  64. iamdata/data/actions/emr-serverless.json +16 -0
  65. iamdata/data/actions/entityresolution.json +16 -8
  66. iamdata/data/actions/es.json +60 -0
  67. iamdata/data/actions/events.json +40 -0
  68. iamdata/data/actions/evs.json +193 -0
  69. iamdata/data/actions/freetier.json +32 -0
  70. iamdata/data/actions/fsx.json +59 -6
  71. iamdata/data/actions/glacier.json +1 -4
  72. iamdata/data/actions/glue.json +228 -54
  73. iamdata/data/actions/groundstation.json +15 -0
  74. iamdata/data/actions/guardduty.json +196 -1
  75. iamdata/data/actions/healthlake.json +225 -0
  76. iamdata/data/actions/iam.json +13 -4
  77. iamdata/data/actions/identitystore.json +91 -19
  78. iamdata/data/actions/imagebuilder.json +195 -243
  79. iamdata/data/actions/inspector2.json +208 -12
  80. iamdata/data/actions/invoicing.json +28 -3
  81. iamdata/data/actions/iot.json +37 -5
  82. iamdata/data/actions/iotfleetwise.json +6 -63
  83. iamdata/data/actions/iotmanagedintegrations.json +507 -75
  84. iamdata/data/actions/iotsitewise.json +271 -0
  85. iamdata/data/actions/ivs.json +48 -0
  86. iamdata/data/actions/kafka.json +15 -0
  87. iamdata/data/actions/kinesis.json +63 -0
  88. iamdata/data/actions/kms.json +125 -2
  89. iamdata/data/actions/lambda.json +4 -2
  90. iamdata/data/actions/lex.json +42 -0
  91. iamdata/data/actions/license-manager.json +70 -8
  92. iamdata/data/actions/logs.json +8 -0
  93. iamdata/data/actions/mediaconnect.json +85 -26
  94. iamdata/data/actions/mediaconvert.json +15 -0
  95. iamdata/data/actions/medialive.json +26 -2
  96. iamdata/data/actions/medical-imaging.json +105 -0
  97. iamdata/data/actions/memorydb.json +18 -0
  98. iamdata/data/actions/mgn.json +20 -2
  99. iamdata/data/actions/mpa.json +313 -0
  100. iamdata/data/actions/mq.json +16 -0
  101. iamdata/data/actions/neptune-graph.json +37 -0
  102. iamdata/data/actions/network-firewall.json +236 -3
  103. iamdata/data/actions/network-security-director.json +74 -0
  104. iamdata/data/actions/notifications.json +62 -2
  105. iamdata/data/actions/observabilityadmin.json +330 -0
  106. iamdata/data/actions/odb.json +811 -0
  107. iamdata/data/actions/one.json +8 -0
  108. iamdata/data/actions/organizations.json +39 -8
  109. iamdata/data/actions/osis.json +111 -0
  110. iamdata/data/actions/outposts.json +41 -3
  111. iamdata/data/actions/partnercentral.json +96 -32
  112. iamdata/data/actions/pcs.json +27 -1
  113. iamdata/data/actions/pi.json +6 -0
  114. iamdata/data/actions/profile.json +670 -20
  115. iamdata/data/actions/q.json +18 -0
  116. iamdata/data/actions/qapps.json +0 -78
  117. iamdata/data/actions/qbusiness.json +156 -46
  118. iamdata/data/actions/quicksight.json +484 -7
  119. iamdata/data/actions/rds.json +102 -45
  120. iamdata/data/actions/redshift-serverless.json +2 -2
  121. iamdata/data/actions/redshift.json +0 -6
  122. iamdata/data/actions/rekognition.json +1 -8
  123. iamdata/data/actions/repostspace.json +90 -0
  124. iamdata/data/actions/resiliencehub.json +19 -5
  125. iamdata/data/actions/resource-explorer-2.json +84 -2
  126. iamdata/data/actions/rtbfabric.json +481 -0
  127. iamdata/data/actions/s3.json +340 -143
  128. iamdata/data/actions/s3express.json +109 -5
  129. iamdata/data/actions/s3tables.json +85 -2
  130. iamdata/data/actions/s3vectors.json +242 -0
  131. iamdata/data/actions/sagemaker-mlflow.json +135 -0
  132. iamdata/data/actions/sagemaker-unified-studio-mcp.json +26 -0
  133. iamdata/data/actions/sagemaker.json +312 -11
  134. iamdata/data/actions/scn.json +151 -4
  135. iamdata/data/actions/security-ir.json +23 -8
  136. iamdata/data/actions/securityhub.json +360 -4
  137. iamdata/data/actions/securitylake.json +1 -0
  138. iamdata/data/actions/servicediscovery.json +140 -14
  139. iamdata/data/actions/servicequotas.json +40 -0
  140. iamdata/data/actions/ses.json +286 -2
  141. iamdata/data/actions/shield.json +47 -0
  142. iamdata/data/actions/snow-device-management.json +1 -0
  143. iamdata/data/actions/social-messaging.json +120 -0
  144. iamdata/data/actions/ssm-sap.json +51 -3
  145. iamdata/data/actions/ssm.json +4 -1
  146. iamdata/data/actions/sso-directory.json +108 -36
  147. iamdata/data/actions/sso-oauth.json +40 -2
  148. iamdata/data/actions/sso.json +369 -157
  149. iamdata/data/actions/sts.json +40 -0
  150. iamdata/data/actions/support-console.json +119 -0
  151. iamdata/data/actions/support.json +58 -0
  152. iamdata/data/actions/synthetics.json +18 -0
  153. iamdata/data/actions/tax.json +48 -0
  154. iamdata/data/actions/thinclient.json +1 -0
  155. iamdata/data/actions/transcribe.json +12 -0
  156. iamdata/data/actions/transfer.json +30 -14
  157. iamdata/data/actions/transform.json +185 -0
  158. iamdata/data/actions/user-subscriptions.json +8 -0
  159. iamdata/data/actions/uxc.json +26 -0
  160. iamdata/data/actions/vpc-lattice-svcs.json +2 -0
  161. iamdata/data/actions/vpc-lattice.json +90 -0
  162. iamdata/data/actions/wisdom.json +31 -214
  163. iamdata/data/actions/workspaces-instances.json +186 -0
  164. iamdata/data/actions/workspaces-web.json +136 -8
  165. iamdata/data/actions/workspaces.json +98 -0
  166. iamdata/data/actions/xray.json +15 -5
  167. iamdata/data/conditionKeys/acm.json +5 -0
  168. iamdata/data/conditionKeys/airflow-serverless.json +17 -0
  169. iamdata/data/conditionKeys/apigateway.json +30 -0
  170. iamdata/data/conditionKeys/arc-region-switch.json +17 -0
  171. iamdata/data/conditionKeys/autoscaling.json +5 -0
  172. iamdata/data/conditionKeys/backup.json +6 -1
  173. iamdata/data/conditionKeys/bcm-dashboards.json +12 -0
  174. iamdata/data/conditionKeys/bedrock-agentcore.json +72 -0
  175. iamdata/data/conditionKeys/bedrock.json +5 -0
  176. iamdata/data/conditionKeys/chatbot.json +17 -1
  177. iamdata/data/conditionKeys/cloudformation.json +5 -0
  178. iamdata/data/conditionKeys/codebuild.json +550 -0
  179. iamdata/data/conditionKeys/connect.json +15 -0
  180. iamdata/data/conditionKeys/dsql.json +12 -2
  181. iamdata/data/conditionKeys/ebs.json +2 -2
  182. iamdata/data/conditionKeys/ec2.json +20 -15
  183. iamdata/data/conditionKeys/eks.json +5 -0
  184. iamdata/data/conditionKeys/events.json +1 -1
  185. iamdata/data/conditionKeys/evs.json +17 -0
  186. iamdata/data/conditionKeys/glacier.json +0 -10
  187. iamdata/data/conditionKeys/glue.json +10 -0
  188. iamdata/data/conditionKeys/iam.json +10 -0
  189. iamdata/data/conditionKeys/imagebuilder.json +2 -2
  190. iamdata/data/conditionKeys/iotmanagedintegrations.json +27 -1
  191. iamdata/data/conditionKeys/kinesis.json +15 -0
  192. iamdata/data/conditionKeys/kms.json +127 -7
  193. iamdata/data/conditionKeys/lambda.json +5 -0
  194. iamdata/data/conditionKeys/license-manager.json +5 -0
  195. iamdata/data/conditionKeys/mediaconnect.json +17 -1
  196. iamdata/data/conditionKeys/mpa.json +27 -0
  197. iamdata/data/conditionKeys/observabilityadmin.json +32 -1
  198. iamdata/data/conditionKeys/odb.json +17 -0
  199. iamdata/data/conditionKeys/quicksight.json +0 -5
  200. iamdata/data/conditionKeys/rds.json +5 -0
  201. iamdata/data/conditionKeys/route53.json +1 -1
  202. iamdata/data/conditionKeys/rtbfabric.json +47 -0
  203. iamdata/data/conditionKeys/s3.json +15 -0
  204. iamdata/data/conditionKeys/s3express.json +26 -1
  205. iamdata/data/conditionKeys/s3tables.json +20 -0
  206. iamdata/data/conditionKeys/s3vectors.json +12 -0
  207. iamdata/data/conditionKeys/sagemaker.json +25 -0
  208. iamdata/data/conditionKeys/savingsplans.json +1 -1
  209. iamdata/data/conditionKeys/secretsmanager.json +1 -1
  210. iamdata/data/conditionKeys/securityhub.json +5 -0
  211. iamdata/data/conditionKeys/servicediscovery.json +5 -0
  212. iamdata/data/conditionKeys/ses.json +5 -0
  213. iamdata/data/conditionKeys/ssm.json +10 -0
  214. iamdata/data/conditionKeys/sso.json +10 -0
  215. iamdata/data/conditionKeys/sts.json +10 -0
  216. iamdata/data/conditionKeys/transcribe.json +1 -1
  217. iamdata/data/conditionKeys/transfer.json +20 -0
  218. iamdata/data/conditionKeys/transform.json +12 -0
  219. iamdata/data/conditionKeys/uxc.json +1 -0
  220. iamdata/data/conditionKeys/vpc-lattice-svcs.json +5 -0
  221. iamdata/data/conditionKeys/vpc-lattice.json +15 -0
  222. iamdata/data/conditionKeys/workspaces-instances.json +17 -0
  223. iamdata/data/conditionKeys/xray.json +15 -0
  224. iamdata/data/conditionPatterns.json +141 -0
  225. iamdata/data/metadata.json +2 -2
  226. iamdata/data/resourceTypes/action-recommendations.json +1 -0
  227. iamdata/data/resourceTypes/airflow-serverless.json +9 -0
  228. iamdata/data/resourceTypes/apigateway.json +12 -0
  229. iamdata/data/resourceTypes/aps.json +9 -0
  230. iamdata/data/resourceTypes/arc-region-switch.json +9 -0
  231. iamdata/data/resourceTypes/artifact.json +5 -5
  232. iamdata/data/resourceTypes/athena.json +7 -0
  233. iamdata/data/resourceTypes/auditmanager.json +8 -2
  234. iamdata/data/resourceTypes/batch.json +14 -0
  235. iamdata/data/resourceTypes/bcm-dashboards.json +1 -0
  236. iamdata/data/resourceTypes/bcm-recommended-actions.json +1 -0
  237. iamdata/data/resourceTypes/bedrock-agentcore.json +87 -0
  238. iamdata/data/resourceTypes/bedrock.json +45 -3
  239. iamdata/data/resourceTypes/cassandra.json +7 -0
  240. iamdata/data/resourceTypes/chatbot.json +8 -2
  241. iamdata/data/resourceTypes/cloudformation.json +4 -0
  242. iamdata/data/resourceTypes/dataexchange.json +4 -1
  243. iamdata/data/resourceTypes/deadline.json +4 -1
  244. iamdata/data/resourceTypes/ec2.json +88 -6
  245. iamdata/data/resourceTypes/eks-mcp.json +1 -0
  246. iamdata/data/resourceTypes/eks.json +7 -0
  247. iamdata/data/resourceTypes/emr-containers.json +0 -4
  248. iamdata/data/resourceTypes/events.json +8 -0
  249. iamdata/data/resourceTypes/evs.json +9 -0
  250. iamdata/data/resourceTypes/guardduty.json +18 -1
  251. iamdata/data/resourceTypes/imagebuilder.json +12 -18
  252. iamdata/data/resourceTypes/inspector2.json +14 -0
  253. iamdata/data/resourceTypes/iotmanagedintegrations.json +31 -12
  254. iamdata/data/resourceTypes/iotsitewise.json +7 -0
  255. iamdata/data/resourceTypes/kinesis.json +4 -1
  256. iamdata/data/resourceTypes/license-manager.json +10 -2
  257. iamdata/data/resourceTypes/mediaconnect.json +16 -4
  258. iamdata/data/resourceTypes/mpa.json +23 -0
  259. iamdata/data/resourceTypes/network-firewall.json +7 -0
  260. iamdata/data/resourceTypes/network-security-director.json +1 -0
  261. iamdata/data/resourceTypes/observabilityadmin.json +23 -1
  262. iamdata/data/resourceTypes/odb.json +44 -0
  263. iamdata/data/resourceTypes/osis.json +7 -0
  264. iamdata/data/resourceTypes/partnercentral.json +8 -2
  265. iamdata/data/resourceTypes/pi.json +4 -1
  266. iamdata/data/resourceTypes/profile.json +21 -0
  267. iamdata/data/resourceTypes/qbusiness.json +7 -4
  268. iamdata/data/resourceTypes/quicksight.json +26 -1
  269. iamdata/data/resourceTypes/rds.json +4 -1
  270. iamdata/data/resourceTypes/redshift.json +1 -4
  271. iamdata/data/resourceTypes/rtbfabric.json +46 -0
  272. iamdata/data/resourceTypes/s3.json +19 -1
  273. iamdata/data/resourceTypes/s3express.json +10 -2
  274. iamdata/data/resourceTypes/s3tables.json +7 -1
  275. iamdata/data/resourceTypes/s3vectors.json +10 -0
  276. iamdata/data/resourceTypes/sagemaker-unified-studio-mcp.json +1 -0
  277. iamdata/data/resourceTypes/sagemaker.json +18 -3
  278. iamdata/data/resourceTypes/scn.json +19 -3
  279. iamdata/data/resourceTypes/securityhub.json +36 -2
  280. iamdata/data/resourceTypes/ses.json +11 -0
  281. iamdata/data/resourceTypes/sts.json +4 -0
  282. iamdata/data/resourceTypes/support-console.json +1 -0
  283. iamdata/data/resourceTypes/transform.json +10 -0
  284. iamdata/data/resourceTypes/uxc.json +1 -0
  285. iamdata/data/resourceTypes/vpc-lattice.json +12 -0
  286. iamdata/data/resourceTypes/workspaces-instances.json +16 -0
  287. iamdata/data/resourceTypes/workspaces-web.json +7 -0
  288. iamdata/data/resourceTypes/workspaces.json +4 -0
  289. iamdata/data/serviceNames.json +22 -7
  290. iamdata/data/services.json +18 -3
  291. iamdata/data/unassociatedConditions.json +23 -0
  292. {iamdata-0.1.202505111.dist-info → iamdata-0.1.202511181.dist-info}/METADATA +1 -1
  293. {iamdata-0.1.202505111.dist-info → iamdata-0.1.202511181.dist-info}/RECORD +301 -254
  294. iamdata/data/actions/application-cost-profiler.json +0 -50
  295. iamdata/data/actions/sagemaker-groundtruth-synthetic.json +0 -110
  296. iamdata/data/actions/supportrecommendations.json +0 -20
  297. /iamdata/data/conditionKeys/{application-cost-profiler.json → action-recommendations.json} +0 -0
  298. /iamdata/data/conditionKeys/{sagemaker-groundtruth-synthetic.json → bcm-recommended-actions.json} +0 -0
  299. /iamdata/data/conditionKeys/{supportrecommendations.json → eks-mcp.json} +0 -0
  300. /iamdata/data/{resourceTypes/application-cost-profiler.json → conditionKeys/network-security-director.json} +0 -0
  301. /iamdata/data/{resourceTypes/sagemaker-groundtruth-synthetic.json → conditionKeys/sagemaker-unified-studio-mcp.json} +0 -0
  302. /iamdata/data/{resourceTypes/supportrecommendations.json → conditionKeys/support-console.json} +0 -0
  303. {iamdata-0.1.202505111.dist-info → iamdata-0.1.202511181.dist-info}/WHEEL +0 -0
  304. {iamdata-0.1.202505111.dist-info → iamdata-0.1.202511181.dist-info}/licenses/LICENSE.txt +0 -0
iamdata/data/actions/s3.json CHANGED
@@ -4,18 +4,21 @@
4
4
  "description": "Grants permission to abort a multipart upload",
5
5
  "accessLevel": "Write",
6
6
  "resourceTypes": [
7
+ {
8
+ "name": "accesspointobject",
9
+ "required": false,
10
+ "conditionKeys": [],
11
+ "dependentActions": []
12
+ },
7
13
  {
8
14
  "name": "object",
9
- "required": true,
15
+ "required": false,
10
16
  "conditionKeys": [],
11
17
  "dependentActions": []
12
18
  }
13
19
  ],
14
20
  "conditionKeys": [
15
- "s3:DataAccessPointArn",
16
21
  "s3:AccessGrantsInstanceArn",
17
- "s3:DataAccessPointAccount",
18
- "s3:AccessPointNetworkOrigin",
19
22
  "s3:authType",
20
23
  "s3:ResourceAccount",
21
24
  "s3:signatureAge",
@@ -28,7 +31,7 @@
28
31
  "associateaccessgrantsidentitycenter": {
29
32
  "name": "AssociateAccessGrantsIdentityCenter",
30
33
  "description": "Grants permission to associate Access Grants identity center",
31
- "accessLevel": "Write",
34
+ "accessLevel": "Permissions management",
32
35
  "resourceTypes": [
33
36
  {
34
37
  "name": "accessgrantsinstance",
@@ -53,17 +56,20 @@
53
56
  "description": "Grants permission to allow circumvention of governance-mode object retention settings",
54
57
  "accessLevel": "Permissions management",
55
58
  "resourceTypes": [
59
+ {
60
+ "name": "accesspointobject",
61
+ "required": false,
62
+ "conditionKeys": [],
63
+ "dependentActions": []
64
+ },
56
65
  {
57
66
  "name": "object",
58
- "required": true,
67
+ "required": false,
59
68
  "conditionKeys": [],
60
69
  "dependentActions": []
61
70
  }
62
71
  ],
63
72
  "conditionKeys": [
64
- "s3:DataAccessPointAccount",
65
- "s3:DataAccessPointArn",
66
- "s3:AccessPointNetworkOrigin",
67
73
  "s3:RequestObjectTag/<key>",
68
74
  "s3:RequestObjectTagKeys",
69
75
  "s3:authType",
@@ -91,7 +97,7 @@
91
97
  "createaccessgrant": {
92
98
  "name": "CreateAccessGrant",
93
99
  "description": "Grants permission to create Access Grant",
94
- "accessLevel": "Write",
100
+ "accessLevel": "Permissions management",
95
101
  "resourceTypes": [
96
102
  {
97
103
  "name": "accessgrantslocation",
@@ -101,6 +107,7 @@
101
107
  }
102
108
  ],
103
109
  "conditionKeys": [
110
+ "s3:AccessGrantScope",
104
111
  "s3:authType",
105
112
  "s3:ResourceAccount",
106
113
  "s3:signatureAge",
@@ -116,7 +123,7 @@
116
123
  "createaccessgrantsinstance": {
117
124
  "name": "CreateAccessGrantsInstance",
118
125
  "description": "Grants permission to Create Access Grants Instance",
119
- "accessLevel": "Write",
126
+ "accessLevel": "Permissions management",
120
127
  "resourceTypes": [
121
128
  {
122
129
  "name": "accessgrantsinstance",
@@ -141,7 +148,7 @@
141
148
  "createaccessgrantslocation": {
142
149
  "name": "CreateAccessGrantsLocation",
143
150
  "description": "Grants permission to create Access Grants location",
144
- "accessLevel": "Write",
151
+ "accessLevel": "Permissions management",
145
152
  "resourceTypes": [
146
153
  {
147
154
  "name": "accessgrantsinstance",
@@ -151,6 +158,7 @@
151
158
  }
152
159
  ],
153
160
  "conditionKeys": [
161
+ "s3:AccessGrantsLocationScope",
154
162
  "s3:authType",
155
163
  "s3:ResourceAccount",
156
164
  "s3:signatureAge",
@@ -186,7 +194,11 @@
186
194
  "s3:signatureversion",
187
195
  "s3:TlsVersion",
188
196
  "s3:x-amz-acl",
189
- "s3:x-amz-content-sha256"
197
+ "s3:x-amz-content-sha256",
198
+ "s3:AccessPointTag/${TagKey}",
199
+ "aws:RequestTag/${TagKey}",
200
+ "aws:ResourceTag/${TagKey}",
201
+ "aws:TagKeys"
190
202
  ],
191
203
  "dependentActions": []
192
204
  },
@@ -247,7 +259,7 @@
247
259
  },
248
260
  "createbucketmetadatatableconfiguration": {
249
261
  "name": "CreateBucketMetadataTableConfiguration",
250
- "description": "Grants permission to create a new S3 Metadata configuration for a specified bucket",
262
+ "description": "Grants permission to create a new S3 Metadata configuration for a specified general purpose bucket",
251
263
  "accessLevel": "Write",
252
264
  "resourceTypes": [
253
265
  {
@@ -255,9 +267,12 @@
255
267
  "required": true,
256
268
  "conditionKeys": [],
257
269
  "dependentActions": [
270
+ "kms:DescribeKey",
258
271
  "s3tables:CreateNamespace",
259
272
  "s3tables:CreateTable",
273
+ "s3tables:CreateTableBucket",
260
274
  "s3tables:GetTable",
275
+ "s3tables:PutTableEncryption",
261
276
  "s3tables:PutTablePolicy"
262
277
  ]
263
278
  }
@@ -337,7 +352,7 @@
337
352
  "deleteaccessgrant": {
338
353
  "name": "DeleteAccessGrant",
339
354
  "description": "Grants permission to delete Access Grant",
340
- "accessLevel": "Write",
355
+ "accessLevel": "Permissions management",
341
356
  "resourceTypes": [
342
357
  {
343
358
  "name": "accessgrant",
@@ -347,6 +362,7 @@
347
362
  }
348
363
  ],
349
364
  "conditionKeys": [
365
+ "s3:AccessGrantScope",
350
366
  "s3:authType",
351
367
  "s3:ResourceAccount",
352
368
  "s3:signatureAge",
@@ -360,7 +376,7 @@
360
376
  "deleteaccessgrantsinstance": {
361
377
  "name": "DeleteAccessGrantsInstance",
362
378
  "description": "Grants permission to Delete Access Grants Instance",
363
- "accessLevel": "Write",
379
+ "accessLevel": "Permissions management",
364
380
  "resourceTypes": [
365
381
  {
366
382
  "name": "accessgrantsinstance",
@@ -383,7 +399,7 @@
383
399
  "deleteaccessgrantsinstanceresourcepolicy": {
384
400
  "name": "DeleteAccessGrantsInstanceResourcePolicy",
385
401
  "description": "Grants permission to read Access grants instance resource policy",
386
- "accessLevel": "Write",
402
+ "accessLevel": "Permissions management",
387
403
  "resourceTypes": [
388
404
  {
389
405
  "name": "accessgrantsinstance",
@@ -406,7 +422,7 @@
406
422
  "deleteaccessgrantslocation": {
407
423
  "name": "DeleteAccessGrantsLocation",
408
424
  "description": "Grants permission to delete Access Grants location",
409
- "accessLevel": "Write",
425
+ "accessLevel": "Permissions management",
410
426
  "resourceTypes": [
411
427
  {
412
428
  "name": "accessgrantslocation",
@@ -416,6 +432,7 @@
416
432
  }
417
433
  ],
418
434
  "conditionKeys": [
435
+ "s3:AccessGrantsLocationScope",
419
436
  "s3:authType",
420
437
  "s3:ResourceAccount",
421
438
  "s3:signatureAge",
@@ -447,7 +464,9 @@
447
464
  "s3:signatureAge",
448
465
  "s3:signatureversion",
449
466
  "s3:TlsVersion",
450
- "s3:x-amz-content-sha256"
467
+ "s3:x-amz-content-sha256",
468
+ "s3:AccessPointTag/${TagKey}",
469
+ "aws:ResourceTag/${TagKey}"
451
470
  ],
452
471
  "dependentActions": []
453
472
  },
@@ -497,7 +516,9 @@
497
516
  "s3:signatureAge",
498
517
  "s3:signatureversion",
499
518
  "s3:TlsVersion",
500
- "s3:x-amz-content-sha256"
519
+ "s3:x-amz-content-sha256",
520
+ "s3:AccessPointTag/${TagKey}",
521
+ "aws:ResourceTag/${TagKey}"
501
522
  ],
502
523
  "dependentActions": []
503
524
  },
@@ -550,7 +571,7 @@
550
571
  },
551
572
  "deletebucketmetadatatableconfiguration": {
552
573
  "name": "DeleteBucketMetadataTableConfiguration",
553
- "description": "Grants permission to delete the S3 Metadata configuration for a specified bucket",
574
+ "description": "Grants permission to delete the S3 Metadata configuration for a specified general purpose bucket",
554
575
  "accessLevel": "Write",
555
576
  "resourceTypes": [
556
577
  {
@@ -667,24 +688,28 @@
667
688
  "description": "Grants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the object",
668
689
  "accessLevel": "Write",
669
690
  "resourceTypes": [
691
+ {
692
+ "name": "accesspointobject",
693
+ "required": false,
694
+ "conditionKeys": [],
695
+ "dependentActions": []
696
+ },
670
697
  {
671
698
  "name": "object",
672
- "required": true,
699
+ "required": false,
673
700
  "conditionKeys": [],
674
701
  "dependentActions": []
675
702
  }
676
703
  ],
677
704
  "conditionKeys": [
678
705
  "s3:AccessGrantsInstanceArn",
679
- "s3:DataAccessPointAccount",
680
- "s3:DataAccessPointArn",
681
- "s3:AccessPointNetworkOrigin",
682
706
  "s3:authType",
683
707
  "s3:ResourceAccount",
684
708
  "s3:signatureAge",
685
709
  "s3:signatureversion",
686
710
  "s3:TlsVersion",
687
- "s3:x-amz-content-sha256"
711
+ "s3:x-amz-content-sha256",
712
+ "s3:if-match"
688
713
  ],
689
714
  "dependentActions": []
690
715
  },
@@ -693,17 +718,20 @@
693
718
  "description": "Grants permission to use the tagging subresource to remove the entire tag set from the specified object",
694
719
  "accessLevel": "Tagging",
695
720
  "resourceTypes": [
721
+ {
722
+ "name": "accesspointobject",
723
+ "required": false,
724
+ "conditionKeys": [],
725
+ "dependentActions": []
726
+ },
696
727
  {
697
728
  "name": "object",
698
- "required": true,
729
+ "required": false,
699
730
  "conditionKeys": [],
700
731
  "dependentActions": []
701
732
  }
702
733
  ],
703
734
  "conditionKeys": [
704
- "s3:DataAccessPointAccount",
705
- "s3:DataAccessPointArn",
706
- "s3:AccessPointNetworkOrigin",
707
735
  "s3:ExistingObjectTag/<key>",
708
736
  "s3:authType",
709
737
  "s3:ResourceAccount",
@@ -719,18 +747,21 @@
719
747
  "description": "Grants permission to remove a specific version of an object",
720
748
  "accessLevel": "Write",
721
749
  "resourceTypes": [
750
+ {
751
+ "name": "accesspointobject",
752
+ "required": false,
753
+ "conditionKeys": [],
754
+ "dependentActions": []
755
+ },
722
756
  {
723
757
  "name": "object",
724
- "required": true,
758
+ "required": false,
725
759
  "conditionKeys": [],
726
760
  "dependentActions": []
727
761
  }
728
762
  ],
729
763
  "conditionKeys": [
730
764
  "s3:AccessGrantsInstanceArn",
731
- "s3:DataAccessPointAccount",
732
- "s3:DataAccessPointArn",
733
- "s3:AccessPointNetworkOrigin",
734
765
  "s3:authType",
735
766
  "s3:ResourceAccount",
736
767
  "s3:signatureAge",
@@ -746,17 +777,20 @@
746
777
  "description": "Grants permission to remove the entire tag set for a specific version of the object",
747
778
  "accessLevel": "Tagging",
748
779
  "resourceTypes": [
780
+ {
781
+ "name": "accesspointobject",
782
+ "required": false,
783
+ "conditionKeys": [],
784
+ "dependentActions": []
785
+ },
749
786
  {
750
787
  "name": "object",
751
- "required": true,
788
+ "required": false,
752
789
  "conditionKeys": [],
753
790
  "dependentActions": []
754
791
  }
755
792
  ],
756
793
  "conditionKeys": [
757
- "s3:DataAccessPointAccount",
758
- "s3:DataAccessPointArn",
759
- "s3:AccessPointNetworkOrigin",
760
794
  "s3:ExistingObjectTag/<key>",
761
795
  "s3:authType",
762
796
  "s3:ResourceAccount",
@@ -880,7 +914,7 @@
880
914
  "dissociateaccessgrantsidentitycenter": {
881
915
  "name": "DissociateAccessGrantsIdentityCenter",
882
916
  "description": "Grants permission to disassociate Access Grants identity center",
883
- "accessLevel": "Write",
917
+ "accessLevel": "Permissions management",
884
918
  "resourceTypes": [
885
919
  {
886
920
  "name": "accessgrantsinstance",
@@ -935,6 +969,7 @@
935
969
  }
936
970
  ],
937
971
  "conditionKeys": [
972
+ "s3:AccessGrantScope",
938
973
  "s3:authType",
939
974
  "s3:ResourceAccount",
940
975
  "s3:signatureAge",
@@ -1027,6 +1062,7 @@
1027
1062
  }
1028
1063
  ],
1029
1064
  "conditionKeys": [
1065
+ "s3:AccessGrantsLocationScope",
1030
1066
  "s3:authType",
1031
1067
  "s3:ResourceAccount",
1032
1068
  "s3:signatureAge",
@@ -1051,7 +1087,9 @@
1051
1087
  "s3:signatureAge",
1052
1088
  "s3:signatureversion",
1053
1089
  "s3:TlsVersion",
1054
- "s3:x-amz-content-sha256"
1090
+ "s3:x-amz-content-sha256",
1091
+ "s3:AccessPointTag/${TagKey}",
1092
+ "aws:ResourceTag/${TagKey}"
1055
1093
  ],
1056
1094
  "dependentActions": []
1057
1095
  },
@@ -1126,7 +1164,9 @@
1126
1164
  "s3:signatureAge",
1127
1165
  "s3:signatureversion",
1128
1166
  "s3:TlsVersion",
1129
- "s3:x-amz-content-sha256"
1167
+ "s3:x-amz-content-sha256",
1168
+ "s3:AccessPointTag/${TagKey}",
1169
+ "aws:ResourceTag/${TagKey}"
1130
1170
  ],
1131
1171
  "dependentActions": []
1132
1172
  },
@@ -1176,7 +1216,9 @@
1176
1216
  "s3:signatureAge",
1177
1217
  "s3:signatureversion",
1178
1218
  "s3:TlsVersion",
1179
- "s3:x-amz-content-sha256"
1219
+ "s3:x-amz-content-sha256",
1220
+ "s3:AccessPointTag/${TagKey}",
1221
+ "aws:ResourceTag/${TagKey}"
1180
1222
  ],
1181
1223
  "dependentActions": []
1182
1224
  },
@@ -1247,9 +1289,15 @@
1247
1289
  "description": "Grants permission to use the acl subresource to return the access control list (ACL) of an Amazon S3 bucket",
1248
1290
  "accessLevel": "Read",
1249
1291
  "resourceTypes": [
1292
+ {
1293
+ "name": "accesspoint",
1294
+ "required": false,
1295
+ "conditionKeys": [],
1296
+ "dependentActions": []
1297
+ },
1250
1298
  {
1251
1299
  "name": "bucket",
1252
- "required": true,
1300
+ "required": false,
1253
1301
  "conditionKeys": [],
1254
1302
  "dependentActions": []
1255
1303
  }
@@ -1269,9 +1317,15 @@
1269
1317
  "description": "Grants permission to return the CORS configuration information set for an Amazon S3 bucket",
1270
1318
  "accessLevel": "Read",
1271
1319
  "resourceTypes": [
1320
+ {
1321
+ "name": "accesspoint",
1322
+ "required": false,
1323
+ "conditionKeys": [],
1324
+ "dependentActions": []
1325
+ },
1272
1326
  {
1273
1327
  "name": "bucket",
1274
- "required": true,
1328
+ "required": false,
1275
1329
  "conditionKeys": [],
1276
1330
  "dependentActions": []
1277
1331
  }
@@ -1291,9 +1345,15 @@
1291
1345
  "description": "Grants permission to return the Region that an Amazon S3 bucket resides in",
1292
1346
  "accessLevel": "Read",
1293
1347
  "resourceTypes": [
1348
+ {
1349
+ "name": "accesspoint",
1350
+ "required": false,
1351
+ "conditionKeys": [],
1352
+ "dependentActions": []
1353
+ },
1294
1354
  {
1295
1355
  "name": "bucket",
1296
- "required": true,
1356
+ "required": false,
1297
1357
  "conditionKeys": [],
1298
1358
  "dependentActions": []
1299
1359
  }
@@ -1332,7 +1392,7 @@
1332
1392
  },
1333
1393
  "getbucketmetadatatableconfiguration": {
1334
1394
  "name": "GetBucketMetadataTableConfiguration",
1335
- "description": "Grants permission to return the S3 Metadata configuration for a specified bucket",
1395
+ "description": "Grants permission to return the S3 Metadata configuration for a specified general purpose bucket",
1336
1396
  "accessLevel": "Read",
1337
1397
  "resourceTypes": [
1338
1398
  {
@@ -1357,9 +1417,15 @@
1357
1417
  "description": "Grants permission to get the notification configuration of an Amazon S3 bucket",
1358
1418
  "accessLevel": "Read",
1359
1419
  "resourceTypes": [
1420
+ {
1421
+ "name": "accesspoint",
1422
+ "required": false,
1423
+ "conditionKeys": [],
1424
+ "dependentActions": []
1425
+ },
1360
1426
  {
1361
1427
  "name": "bucket",
1362
- "required": true,
1428
+ "required": false,
1363
1429
  "conditionKeys": [],
1364
1430
  "dependentActions": []
1365
1431
  }
@@ -1423,9 +1489,15 @@
1423
1489
  "description": "Grants permission to return the policy of the specified bucket",
1424
1490
  "accessLevel": "Read",
1425
1491
  "resourceTypes": [
1492
+ {
1493
+ "name": "accesspoint",
1494
+ "required": false,
1495
+ "conditionKeys": [],
1496
+ "dependentActions": []
1497
+ },
1426
1498
  {
1427
1499
  "name": "bucket",
1428
- "required": true,
1500
+ "required": false,
1429
1501
  "conditionKeys": [],
1430
1502
  "dependentActions": []
1431
1503
  }
@@ -1828,27 +1900,28 @@
1828
1900
  "description": "Grants permission to retrieve objects from Amazon S3",
1829
1901
  "accessLevel": "Read",
1830
1902
  "resourceTypes": [
1903
+ {
1904
+ "name": "accesspointobject",
1905
+ "required": false,
1906
+ "conditionKeys": [],
1907
+ "dependentActions": []
1908
+ },
1831
1909
  {
1832
1910
  "name": "object",
1833
- "required": true,
1911
+ "required": false,
1834
1912
  "conditionKeys": [],
1835
1913
  "dependentActions": []
1836
1914
  }
1837
1915
  ],
1838
1916
  "conditionKeys": [
1839
1917
  "s3:AccessGrantsInstanceArn",
1840
- "s3:DataAccessPointAccount",
1841
- "s3:DataAccessPointArn",
1842
- "s3:AccessPointNetworkOrigin",
1843
1918
  "s3:ExistingObjectTag/<key>",
1844
1919
  "s3:authType",
1845
1920
  "s3:ResourceAccount",
1846
1921
  "s3:signatureAge",
1847
1922
  "s3:signatureversion",
1848
1923
  "s3:TlsVersion",
1849
- "s3:x-amz-content-sha256",
1850
- "s3:if-match",
1851
- "s3:if-none-match"
1924
+ "s3:x-amz-content-sha256"
1852
1925
  ],
1853
1926
  "dependentActions": []
1854
1927
  },
@@ -1857,18 +1930,21 @@
1857
1930
  "description": "Grants permission to return the access control list (ACL) of an object",
1858
1931
  "accessLevel": "Read",
1859
1932
  "resourceTypes": [
1933
+ {
1934
+ "name": "accesspointobject",
1935
+ "required": false,
1936
+ "conditionKeys": [],
1937
+ "dependentActions": []
1938
+ },
1860
1939
  {
1861
1940
  "name": "object",
1862
- "required": true,
1941
+ "required": false,
1863
1942
  "conditionKeys": [],
1864
1943
  "dependentActions": []
1865
1944
  }
1866
1945
  ],
1867
1946
  "conditionKeys": [
1868
1947
  "s3:AccessGrantsInstanceArn",
1869
- "s3:DataAccessPointAccount",
1870
- "s3:DataAccessPointArn",
1871
- "s3:AccessPointNetworkOrigin",
1872
1948
  "s3:ExistingObjectTag/<key>",
1873
1949
  "s3:authType",
1874
1950
  "s3:ResourceAccount",
@@ -1885,22 +1961,19 @@
1885
1961
  "accessLevel": "Read",
1886
1962
  "resourceTypes": [
1887
1963
  {
1888
- "name": "accesspoint",
1889
- "required": true,
1964
+ "name": "accesspointobject",
1965
+ "required": false,
1890
1966
  "conditionKeys": [],
1891
1967
  "dependentActions": []
1892
1968
  },
1893
1969
  {
1894
1970
  "name": "object",
1895
- "required": true,
1971
+ "required": false,
1896
1972
  "conditionKeys": [],
1897
1973
  "dependentActions": []
1898
1974
  }
1899
1975
  ],
1900
1976
  "conditionKeys": [
1901
- "s3:DataAccessPointAccount",
1902
- "s3:DataAccessPointArn",
1903
- "s3:AccessPointNetworkOrigin",
1904
1977
  "s3:ExistingObjectTag/<key>",
1905
1978
  "s3:authType",
1906
1979
  "s3:ResourceAccount",
@@ -1916,17 +1989,20 @@
1916
1989
  "description": "Grants permission to get an object's current Legal Hold status",
1917
1990
  "accessLevel": "Read",
1918
1991
  "resourceTypes": [
1992
+ {
1993
+ "name": "accesspointobject",
1994
+ "required": false,
1995
+ "conditionKeys": [],
1996
+ "dependentActions": []
1997
+ },
1919
1998
  {
1920
1999
  "name": "object",
1921
- "required": true,
2000
+ "required": false,
1922
2001
  "conditionKeys": [],
1923
2002
  "dependentActions": []
1924
2003
  }
1925
2004
  ],
1926
2005
  "conditionKeys": [
1927
- "s3:DataAccessPointAccount",
1928
- "s3:DataAccessPointArn",
1929
- "s3:AccessPointNetworkOrigin",
1930
2006
  "s3:authType",
1931
2007
  "s3:ResourceAccount",
1932
2008
  "s3:signatureAge",
@@ -1941,17 +2017,20 @@
1941
2017
  "description": "Grants permission to retrieve the retention settings for an object",
1942
2018
  "accessLevel": "Read",
1943
2019
  "resourceTypes": [
2020
+ {
2021
+ "name": "accesspointobject",
2022
+ "required": false,
2023
+ "conditionKeys": [],
2024
+ "dependentActions": []
2025
+ },
1944
2026
  {
1945
2027
  "name": "object",
1946
- "required": true,
2028
+ "required": false,
1947
2029
  "conditionKeys": [],
1948
2030
  "dependentActions": []
1949
2031
  }
1950
2032
  ],
1951
2033
  "conditionKeys": [
1952
- "s3:DataAccessPointAccount",
1953
- "s3:DataAccessPointArn",
1954
- "s3:AccessPointNetworkOrigin",
1955
2034
  "s3:authType",
1956
2035
  "s3:ResourceAccount",
1957
2036
  "s3:signatureAge",
@@ -1966,17 +2045,20 @@
1966
2045
  "description": "Grants permission to return the tag set of an object",
1967
2046
  "accessLevel": "Read",
1968
2047
  "resourceTypes": [
2048
+ {
2049
+ "name": "accesspointobject",
2050
+ "required": false,
2051
+ "conditionKeys": [],
2052
+ "dependentActions": []
2053
+ },
1969
2054
  {
1970
2055
  "name": "object",
1971
- "required": true,
2056
+ "required": false,
1972
2057
  "conditionKeys": [],
1973
2058
  "dependentActions": []
1974
2059
  }
1975
2060
  ],
1976
2061
  "conditionKeys": [
1977
- "s3:DataAccessPointAccount",
1978
- "s3:DataAccessPointArn",
1979
- "s3:AccessPointNetworkOrigin",
1980
2062
  "s3:ExistingObjectTag/<key>",
1981
2063
  "s3:authType",
1982
2064
  "s3:ResourceAccount",
@@ -2014,18 +2096,21 @@
2014
2096
  "description": "Grants permission to retrieve a specific version of an object",
2015
2097
  "accessLevel": "Read",
2016
2098
  "resourceTypes": [
2099
+ {
2100
+ "name": "accesspointobject",
2101
+ "required": false,
2102
+ "conditionKeys": [],
2103
+ "dependentActions": []
2104
+ },
2017
2105
  {
2018
2106
  "name": "object",
2019
- "required": true,
2107
+ "required": false,
2020
2108
  "conditionKeys": [],
2021
2109
  "dependentActions": []
2022
2110
  }
2023
2111
  ],
2024
2112
  "conditionKeys": [
2025
2113
  "s3:AccessGrantsInstanceArn",
2026
- "s3:DataAccessPointAccount",
2027
- "s3:DataAccessPointArn",
2028
- "s3:AccessPointNetworkOrigin",
2029
2114
  "s3:ExistingObjectTag/<key>",
2030
2115
  "s3:authType",
2031
2116
  "s3:ResourceAccount",
@@ -2042,18 +2127,21 @@
2042
2127
  "description": "Grants permission to return the access control list (ACL) of a specific object version",
2043
2128
  "accessLevel": "Read",
2044
2129
  "resourceTypes": [
2130
+ {
2131
+ "name": "accesspointobject",
2132
+ "required": false,
2133
+ "conditionKeys": [],
2134
+ "dependentActions": []
2135
+ },
2045
2136
  {
2046
2137
  "name": "object",
2047
- "required": true,
2138
+ "required": false,
2048
2139
  "conditionKeys": [],
2049
2140
  "dependentActions": []
2050
2141
  }
2051
2142
  ],
2052
2143
  "conditionKeys": [
2053
2144
  "s3:AccessGrantsInstanceArn",
2054
- "s3:DataAccessPointAccount",
2055
- "s3:DataAccessPointArn",
2056
- "s3:AccessPointNetworkOrigin",
2057
2145
  "s3:ExistingObjectTag/<key>",
2058
2146
  "s3:authType",
2059
2147
  "s3:ResourceAccount",
@@ -2070,17 +2158,20 @@
2070
2158
  "description": "Grants permission to retrieve attributes related to a specific version of an object",
2071
2159
  "accessLevel": "Read",
2072
2160
  "resourceTypes": [
2161
+ {
2162
+ "name": "accesspointobject",
2163
+ "required": false,
2164
+ "conditionKeys": [],
2165
+ "dependentActions": []
2166
+ },
2073
2167
  {
2074
2168
  "name": "object",
2075
- "required": true,
2169
+ "required": false,
2076
2170
  "conditionKeys": [],
2077
2171
  "dependentActions": []
2078
2172
  }
2079
2173
  ],
2080
2174
  "conditionKeys": [
2081
- "s3:DataAccessPointAccount",
2082
- "s3:DataAccessPointArn",
2083
- "s3:AccessPointNetworkOrigin",
2084
2175
  "s3:ExistingObjectTag/<key>",
2085
2176
  "s3:authType",
2086
2177
  "s3:ResourceAccount",
@@ -2119,17 +2210,20 @@
2119
2210
  "description": "Grants permission to return the tag set for a specific version of the object",
2120
2211
  "accessLevel": "Read",
2121
2212
  "resourceTypes": [
2213
+ {
2214
+ "name": "accesspointobject",
2215
+ "required": false,
2216
+ "conditionKeys": [],
2217
+ "dependentActions": []
2218
+ },
2122
2219
  {
2123
2220
  "name": "object",
2124
- "required": true,
2221
+ "required": false,
2125
2222
  "conditionKeys": [],
2126
2223
  "dependentActions": []
2127
2224
  }
2128
2225
  ],
2129
2226
  "conditionKeys": [
2130
- "s3:DataAccessPointAccount",
2131
- "s3:DataAccessPointArn",
2132
- "s3:AccessPointNetworkOrigin",
2133
2227
  "s3:ExistingObjectTag/<key>",
2134
2228
  "s3:authType",
2135
2229
  "s3:ResourceAccount",
@@ -2403,18 +2497,21 @@
2403
2497
  "description": "Grants permission to list some or all of the objects in an Amazon S3 bucket (up to 1000)",
2404
2498
  "accessLevel": "List",
2405
2499
  "resourceTypes": [
2500
+ {
2501
+ "name": "accesspoint",
2502
+ "required": false,
2503
+ "conditionKeys": [],
2504
+ "dependentActions": []
2505
+ },
2406
2506
  {
2407
2507
  "name": "bucket",
2408
- "required": true,
2508
+ "required": false,
2409
2509
  "conditionKeys": [],
2410
2510
  "dependentActions": []
2411
2511
  }
2412
2512
  ],
2413
2513
  "conditionKeys": [
2414
2514
  "s3:AccessGrantsInstanceArn",
2415
- "s3:DataAccessPointAccount",
2416
- "s3:DataAccessPointArn",
2417
- "s3:AccessPointNetworkOrigin",
2418
2515
  "s3:authType",
2419
2516
  "s3:delimiter",
2420
2517
  "s3:max-keys",
@@ -2449,7 +2546,9 @@
2449
2546
  "s3:signatureAge",
2450
2547
  "s3:signatureversion",
2451
2548
  "s3:TlsVersion",
2452
- "s3:x-amz-content-sha256"
2549
+ "s3:x-amz-content-sha256",
2550
+ "s3:AccessPointTag/${TagKey}",
2551
+ "aws:ResourceTag/${TagKey}"
2453
2552
  ],
2454
2553
  "dependentActions": []
2455
2554
  },
@@ -2458,18 +2557,21 @@
2458
2557
  "description": "Grants permission to list metadata about all the versions of objects in an Amazon S3 bucket",
2459
2558
  "accessLevel": "List",
2460
2559
  "resourceTypes": [
2560
+ {
2561
+ "name": "accesspoint",
2562
+ "required": false,
2563
+ "conditionKeys": [],
2564
+ "dependentActions": []
2565
+ },
2461
2566
  {
2462
2567
  "name": "bucket",
2463
- "required": true,
2568
+ "required": false,
2464
2569
  "conditionKeys": [],
2465
2570
  "dependentActions": []
2466
2571
  }
2467
2572
  ],
2468
2573
  "conditionKeys": [
2469
2574
  "s3:AccessGrantsInstanceArn",
2470
- "s3:DataAccessPointAccount",
2471
- "s3:DataAccessPointArn",
2472
- "s3:AccessPointNetworkOrigin",
2473
2575
  "s3:authType",
2474
2576
  "s3:delimiter",
2475
2577
  "s3:max-keys",
@@ -2539,18 +2641,21 @@
2539
2641
  "description": "Grants permission to list the parts that have been uploaded for a specific multipart upload",
2540
2642
  "accessLevel": "List",
2541
2643
  "resourceTypes": [
2644
+ {
2645
+ "name": "accesspointobject",
2646
+ "required": false,
2647
+ "conditionKeys": [],
2648
+ "dependentActions": []
2649
+ },
2542
2650
  {
2543
2651
  "name": "object",
2544
- "required": true,
2652
+ "required": false,
2545
2653
  "conditionKeys": [],
2546
2654
  "dependentActions": []
2547
2655
  }
2548
2656
  ],
2549
2657
  "conditionKeys": [
2550
2658
  "s3:AccessGrantsInstanceArn",
2551
- "s3:DataAccessPointAccount",
2552
- "s3:DataAccessPointArn",
2553
- "s3:AccessPointNetworkOrigin",
2554
2659
  "s3:authType",
2555
2660
  "s3:ResourceAccount",
2556
2661
  "s3:signatureAge",
@@ -2613,6 +2718,12 @@
2613
2718
  "conditionKeys": [],
2614
2719
  "dependentActions": []
2615
2720
  },
2721
+ {
2722
+ "name": "accesspoint",
2723
+ "required": false,
2724
+ "conditionKeys": [],
2725
+ "dependentActions": []
2726
+ },
2616
2727
  {
2617
2728
  "name": "storagelensgroup",
2618
2729
  "required": false,
@@ -2704,7 +2815,7 @@
2704
2815
  "putaccessgrantsinstanceresourcepolicy": {
2705
2816
  "name": "PutAccessGrantsInstanceResourcePolicy",
2706
2817
  "description": "Grants permission to put Access grants instance resource policy",
2707
- "accessLevel": "Write",
2818
+ "accessLevel": "Permissions management",
2708
2819
  "resourceTypes": [
2709
2820
  {
2710
2821
  "name": "accessgrantsinstance",
@@ -2762,9 +2873,6 @@
2762
2873
  }
2763
2874
  ],
2764
2875
  "conditionKeys": [
2765
- "s3:DataAccessPointAccount",
2766
- "s3:DataAccessPointArn",
2767
- "s3:AccessPointNetworkOrigin",
2768
2876
  "s3:authType",
2769
2877
  "s3:ResourceAccount",
2770
2878
  "s3:signatureAge",
@@ -3279,18 +3387,21 @@
3279
3387
  "description": "Grants permission to add an object to a bucket",
3280
3388
  "accessLevel": "Write",
3281
3389
  "resourceTypes": [
3390
+ {
3391
+ "name": "accesspointobject",
3392
+ "required": false,
3393
+ "conditionKeys": [],
3394
+ "dependentActions": []
3395
+ },
3282
3396
  {
3283
3397
  "name": "object",
3284
- "required": true,
3398
+ "required": false,
3285
3399
  "conditionKeys": [],
3286
3400
  "dependentActions": []
3287
3401
  }
3288
3402
  ],
3289
3403
  "conditionKeys": [
3290
3404
  "s3:AccessGrantsInstanceArn",
3291
- "s3:DataAccessPointAccount",
3292
- "s3:DataAccessPointArn",
3293
- "s3:AccessPointNetworkOrigin",
3294
3405
  "s3:RequestObjectTag/<key>",
3295
3406
  "s3:RequestObjectTagKeys",
3296
3407
  "s3:authType",
@@ -3327,18 +3438,21 @@
3327
3438
  "description": "Grants permission to set the access control list (ACL) permissions for new or existing objects in an S3 bucket",
3328
3439
  "accessLevel": "Permissions management",
3329
3440
  "resourceTypes": [
3441
+ {
3442
+ "name": "accesspointobject",
3443
+ "required": false,
3444
+ "conditionKeys": [],
3445
+ "dependentActions": []
3446
+ },
3330
3447
  {
3331
3448
  "name": "object",
3332
- "required": true,
3449
+ "required": false,
3333
3450
  "conditionKeys": [],
3334
3451
  "dependentActions": []
3335
3452
  }
3336
3453
  ],
3337
3454
  "conditionKeys": [
3338
3455
  "s3:AccessGrantsInstanceArn",
3339
- "s3:DataAccessPointAccount",
3340
- "s3:DataAccessPointArn",
3341
- "s3:AccessPointNetworkOrigin",
3342
3456
  "s3:ExistingObjectTag/<key>",
3343
3457
  "s3:authType",
3344
3458
  "s3:ResourceAccount",
@@ -3361,17 +3475,20 @@
3361
3475
  "description": "Grants permission to apply a Legal Hold configuration to the specified object",
3362
3476
  "accessLevel": "Write",
3363
3477
  "resourceTypes": [
3478
+ {
3479
+ "name": "accesspointobject",
3480
+ "required": false,
3481
+ "conditionKeys": [],
3482
+ "dependentActions": []
3483
+ },
3364
3484
  {
3365
3485
  "name": "object",
3366
- "required": true,
3486
+ "required": false,
3367
3487
  "conditionKeys": [],
3368
3488
  "dependentActions": []
3369
3489
  }
3370
3490
  ],
3371
3491
  "conditionKeys": [
3372
- "s3:DataAccessPointAccount",
3373
- "s3:DataAccessPointArn",
3374
- "s3:AccessPointNetworkOrigin",
3375
3492
  "s3:authType",
3376
3493
  "s3:ResourceAccount",
3377
3494
  "s3:signatureAge",
@@ -3387,17 +3504,20 @@
3387
3504
  "description": "Grants permission to place an Object Retention configuration on an object",
3388
3505
  "accessLevel": "Write",
3389
3506
  "resourceTypes": [
3507
+ {
3508
+ "name": "accesspointobject",
3509
+ "required": false,
3510
+ "conditionKeys": [],
3511
+ "dependentActions": []
3512
+ },
3390
3513
  {
3391
3514
  "name": "object",
3392
- "required": true,
3515
+ "required": false,
3393
3516
  "conditionKeys": [],
3394
3517
  "dependentActions": []
3395
3518
  }
3396
3519
  ],
3397
3520
  "conditionKeys": [
3398
- "s3:DataAccessPointAccount",
3399
- "s3:DataAccessPointArn",
3400
- "s3:AccessPointNetworkOrigin",
3401
3521
  "s3:authType",
3402
3522
  "s3:ResourceAccount",
3403
3523
  "s3:signatureAge",
@@ -3415,17 +3535,20 @@
3415
3535
  "description": "Grants permission to set the supplied tag-set to an object that already exists in a bucket",
3416
3536
  "accessLevel": "Tagging",
3417
3537
  "resourceTypes": [
3538
+ {
3539
+ "name": "accesspointobject",
3540
+ "required": false,
3541
+ "conditionKeys": [],
3542
+ "dependentActions": []
3543
+ },
3418
3544
  {
3419
3545
  "name": "object",
3420
- "required": true,
3546
+ "required": false,
3421
3547
  "conditionKeys": [],
3422
3548
  "dependentActions": []
3423
3549
  }
3424
3550
  ],
3425
3551
  "conditionKeys": [
3426
- "s3:DataAccessPointAccount",
3427
- "s3:DataAccessPointArn",
3428
- "s3:AccessPointNetworkOrigin",
3429
3552
  "s3:ExistingObjectTag/<key>",
3430
3553
  "s3:RequestObjectTag/<key>",
3431
3554
  "s3:RequestObjectTagKeys",
@@ -3443,18 +3566,21 @@
3443
3566
  "description": "Grants permission to use the acl subresource to set the access control list (ACL) permissions for an object that already exists in a bucket",
3444
3567
  "accessLevel": "Permissions management",
3445
3568
  "resourceTypes": [
3569
+ {
3570
+ "name": "accesspointobject",
3571
+ "required": false,
3572
+ "conditionKeys": [],
3573
+ "dependentActions": []
3574
+ },
3446
3575
  {
3447
3576
  "name": "object",
3448
- "required": true,
3577
+ "required": false,
3449
3578
  "conditionKeys": [],
3450
3579
  "dependentActions": []
3451
3580
  }
3452
3581
  ],
3453
3582
  "conditionKeys": [
3454
3583
  "s3:AccessGrantsInstanceArn",
3455
- "s3:DataAccessPointAccount",
3456
- "s3:DataAccessPointArn",
3457
- "s3:AccessPointNetworkOrigin",
3458
3584
  "s3:ExistingObjectTag/<key>",
3459
3585
  "s3:authType",
3460
3586
  "s3:ResourceAccount",
@@ -3478,17 +3604,20 @@
3478
3604
  "description": "Grants permission to set the supplied tag-set for a specific version of an object",
3479
3605
  "accessLevel": "Tagging",
3480
3606
  "resourceTypes": [
3607
+ {
3608
+ "name": "accesspointobject",
3609
+ "required": false,
3610
+ "conditionKeys": [],
3611
+ "dependentActions": []
3612
+ },
3481
3613
  {
3482
3614
  "name": "object",
3483
- "required": true,
3615
+ "required": false,
3484
3616
  "conditionKeys": [],
3485
3617
  "dependentActions": []
3486
3618
  }
3487
3619
  ],
3488
3620
  "conditionKeys": [
3489
- "s3:DataAccessPointAccount",
3490
- "s3:DataAccessPointArn",
3491
- "s3:AccessPointNetworkOrigin",
3492
3621
  "s3:ExistingObjectTag/<key>",
3493
3622
  "s3:RequestObjectTag/<key>",
3494
3623
  "s3:RequestObjectTagKeys",
@@ -3642,17 +3771,20 @@
3642
3771
  "description": "Grants permission to restore an archived copy of an object back into Amazon S3",
3643
3772
  "accessLevel": "Write",
3644
3773
  "resourceTypes": [
3774
+ {
3775
+ "name": "accesspointobject",
3776
+ "required": false,
3777
+ "conditionKeys": [],
3778
+ "dependentActions": []
3779
+ },
3645
3780
  {
3646
3781
  "name": "object",
3647
- "required": true,
3782
+ "required": false,
3648
3783
  "conditionKeys": [],
3649
3784
  "dependentActions": []
3650
3785
  }
3651
3786
  ],
3652
3787
  "conditionKeys": [
3653
- "s3:DataAccessPointAccount",
3654
- "s3:DataAccessPointArn",
3655
- "s3:AccessPointNetworkOrigin",
3656
3788
  "s3:authType",
3657
3789
  "s3:ResourceAccount",
3658
3790
  "s3:signatureAge",
@@ -3709,6 +3841,12 @@
3709
3841
  "conditionKeys": [],
3710
3842
  "dependentActions": []
3711
3843
  },
3844
+ {
3845
+ "name": "accesspoint",
3846
+ "required": false,
3847
+ "conditionKeys": [],
3848
+ "dependentActions": []
3849
+ },
3712
3850
  {
3713
3851
  "name": "storagelensgroup",
3714
3852
  "required": false,
@@ -3751,6 +3889,12 @@
3751
3889
  "conditionKeys": [],
3752
3890
  "dependentActions": []
3753
3891
  },
3892
+ {
3893
+ "name": "accesspoint",
3894
+ "required": false,
3895
+ "conditionKeys": [],
3896
+ "dependentActions": []
3897
+ },
3754
3898
  {
3755
3899
  "name": "storagelensgroup",
3756
3900
  "required": false,
@@ -3772,7 +3916,7 @@
3772
3916
  "updateaccessgrantslocation": {
3773
3917
  "name": "UpdateAccessGrantsLocation",
3774
3918
  "description": "Grants permission to update Access Grants location",
3775
- "accessLevel": "Write",
3919
+ "accessLevel": "Permissions management",
3776
3920
  "resourceTypes": [
3777
3921
  {
3778
3922
  "name": "accessgrantslocation",
@@ -3782,6 +3926,7 @@
3782
3926
  }
3783
3927
  ],
3784
3928
  "conditionKeys": [
3929
+ "s3:AccessGrantsLocationScope",
3785
3930
  "s3:authType",
3786
3931
  "s3:ResourceAccount",
3787
3932
  "s3:signatureAge",
@@ -3792,6 +3937,58 @@
3792
3937
  ],
3793
3938
  "dependentActions": []
3794
3939
  },
3940
+ "updatebucketmetadatainventorytableconfiguration": {
3941
+ "name": "UpdateBucketMetadataInventoryTableConfiguration",
3942
+ "description": "Grants permission to update the inventory table configuration on an existing S3 Metadata configuration for a specified general purpose bucket",
3943
+ "accessLevel": "Write",
3944
+ "resourceTypes": [
3945
+ {
3946
+ "name": "bucket",
3947
+ "required": true,
3948
+ "conditionKeys": [],
3949
+ "dependentActions": [
3950
+ "kms:DescribeKey",
3951
+ "s3tables:CreateNamespace",
3952
+ "s3tables:CreateTable",
3953
+ "s3tables:CreateTableBucket",
3954
+ "s3tables:GetTable",
3955
+ "s3tables:PutTableEncryption",
3956
+ "s3tables:PutTablePolicy"
3957
+ ]
3958
+ }
3959
+ ],
3960
+ "conditionKeys": [
3961
+ "s3:authType",
3962
+ "s3:ResourceAccount",
3963
+ "s3:signatureAge",
3964
+ "s3:signatureversion",
3965
+ "s3:TlsVersion",
3966
+ "s3:x-amz-content-sha256"
3967
+ ],
3968
+ "dependentActions": []
3969
+ },
3970
+ "updatebucketmetadatajournaltableconfiguration": {
3971
+ "name": "UpdateBucketMetadataJournalTableConfiguration",
3972
+ "description": "Grants permission to update the journal table configuration on an existing S3 Metadata configuration for a specified general purpose bucket",
3973
+ "accessLevel": "Write",
3974
+ "resourceTypes": [
3975
+ {
3976
+ "name": "bucket",
3977
+ "required": true,
3978
+ "conditionKeys": [],
3979
+ "dependentActions": []
3980
+ }
3981
+ ],
3982
+ "conditionKeys": [
3983
+ "s3:authType",
3984
+ "s3:ResourceAccount",
3985
+ "s3:signatureAge",
3986
+ "s3:signatureversion",
3987
+ "s3:TlsVersion",
3988
+ "s3:x-amz-content-sha256"
3989
+ ],
3990
+ "dependentActions": []
3991
+ },
3795
3992
  "updatejobpriority": {
3796
3993
  "name": "UpdateJobPriority",
3797
3994
  "description": "Grants permission to update the priority of an existing job",