iamdata 0.1.202505111__py3-none-any.whl → 0.1.202511181__py3-none-any.whl

iamdata/data/actions/workspaces-web.json

@@ -90,6 +90,27 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "associatesessionlogger": {
+    "name": "AssociateSessionLogger",
+    "description": "Grants permission to associate session logger with web portals",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "portal",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "sessionLogger",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "associatetruststore": {
     "name": "AssociateTrustStore",
     "description": "Grants permission to associate trust stores with web portals",
@@ -169,7 +190,8 @@
       "kms:CreateGrant",
       "kms:Decrypt",
       "kms:DescribeKey",
-      "kms:GenerateDataKey"
+      "kms:GenerateDataKey",
+      "workspaces-web:TagResource"
     ]
   },
   "createdataprotectionsettings": {
@@ -181,7 +203,9 @@
       "aws:TagKeys",
       "aws:RequestTag/${TagKey}"
     ],
-    "dependentActions": []
+    "dependentActions": [
+      "workspaces-web:TagResource"
+    ]
   },
   "createidentityprovider": {
     "name": "CreateIdentityProvider",
@@ -216,7 +240,9 @@
       "aws:TagKeys",
       "aws:RequestTag/${TagKey}"
     ],
-    "dependentActions": []
+    "dependentActions": [
+      "workspaces-web:TagResource"
+    ]
   },
   "createnetworksettings": {
     "name": "CreateNetworkSettings",
@@ -228,7 +254,8 @@
       "aws:RequestTag/${TagKey}"
     ],
     "dependentActions": [
-      "iam:CreateServiceLinkedRole"
+      "iam:CreateServiceLinkedRole",
+      "workspaces-web:TagResource"
     ]
   },
   "createportal": {
@@ -245,7 +272,22 @@
       "kms:CreateGrant",
       "kms:Decrypt",
       "kms:DescribeKey",
-      "kms:GenerateDataKey"
+      "kms:GenerateDataKey",
+      "workspaces-web:TagResource"
+    ]
+  },
+  "createsessionlogger": {
+    "name": "CreateSessionLogger",
+    "description": "Grants permission to create session logger",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "aws:TagKeys",
+      "aws:RequestTag/${TagKey}"
+    ],
+    "dependentActions": [
+      "s3:PutObject",
+      "workspaces-web:TagResource"
     ]
   },
   "createtruststore": {
@@ -257,7 +299,9 @@
       "aws:TagKeys",
       "aws:RequestTag/${TagKey}"
     ],
-    "dependentActions": []
+    "dependentActions": [
+      "workspaces-web:TagResource"
+    ]
   },
   "createuseraccessloggingsettings": {
     "name": "CreateUserAccessLoggingSettings",
@@ -268,7 +312,9 @@
       "aws:TagKeys",
       "aws:RequestTag/${TagKey}"
     ],
-    "dependentActions": []
+    "dependentActions": [
+      "workspaces-web:TagResource"
+    ]
   },
   "createusersettings": {
     "name": "CreateUserSettings",
@@ -279,7 +325,9 @@
       "aws:TagKeys",
       "aws:RequestTag/${TagKey}"
     ],
-    "dependentActions": []
+    "dependentActions": [
+      "workspaces-web:TagResource"
+    ]
   },
   "deletebrowsersettings": {
     "name": "DeleteBrowserSettings",
@@ -377,6 +425,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "deletesessionlogger": {
+    "name": "DeleteSessionLogger",
+    "description": "Grants permission to delete session logger",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "sessionLogger",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "deletetruststore": {
     "name": "DeleteTrustStore",
     "description": "Grants permission to delete trust stores",
@@ -482,6 +545,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "disassociatesessionlogger": {
+    "name": "DisassociateSessionLogger",
+    "description": "Grants permission to disassociate session logger from web portals",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "portal",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "disassociatetruststore": {
     "name": "DisassociateTrustStore",
     "description": "Grants permission to disassociate trust stores from web portals",
@@ -662,6 +740,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getsessionlogger": {
+    "name": "GetSessionLogger",
+    "description": "Grants permission to get details on session logger",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "sessionLogger",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "gettruststore": {
     "name": "GetTrustStore",
     "description": "Grants permission to get details on trust stores",
@@ -777,6 +870,14 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "listsessionloggers": {
+    "name": "ListSessionLoggers",
+    "description": "Grants permission to list session loggers",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listsessions": {
     "name": "ListSessions",
     "description": "Grants permission to list sessions for a Portal using optional filters",
@@ -873,6 +974,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "sessionLogger",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "trustStore",
         "required": false,
@@ -939,6 +1046,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "sessionLogger",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "trustStore",
         "required": false,
@@ -1066,6 +1179,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "updatesessionlogger": {
+    "name": "UpdateSessionLogger",
+    "description": "Grants permission to update session logger",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "sessionLogger",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "updatetruststore": {
     "name": "UpdateTrustStore",
     "description": "Grants permission to update trust stores",

iamdata/data/actions/workspaces.json

@@ -154,6 +154,22 @@
     ],
     "dependentActions": []
   },
+  "createrootclientcertificate": {
+    "name": "CreateRootClientCertificate",
+    "isPermissionOnly": true,
+    "description": "Grants permission to create a root client certificate",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "certificateid",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "createstandbyworkspaces": {
     "name": "CreateStandbyWorkspaces",
     "description": "Grants permission to create one or more Standby WorkSpaces",
@@ -379,6 +395,22 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "deleterootclientcertificate": {
+    "name": "DeleteRootClientCertificate",
+    "isPermissionOnly": true,
+    "description": "Grants permission to delete root client certificate",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "certificateid",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "deletetags": {
     "name": "DeleteTags",
     "description": "Grants permission to delete tags from WorkSpaces resources",
@@ -578,6 +610,23 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "describeconsent": {
+    "name": "DescribeConsent",
+    "isPermissionOnly": true,
+    "description": "Grants permission to retrieve information about consent agreement to BYOL minimum requirements",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "describecustomworkspaceimageimport": {
+    "name": "DescribeCustomWorkspaceImageImport",
+    "description": "Grants permission to retrieve information about WorkSpace BYOL image import task",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "describeimageassociations": {
     "name": "DescribeImageAssociations",
     "description": "Grants permission to retrieve information about resources associated with a WorkSpace image",
@@ -728,6 +777,22 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "directoryaccessmanagement": {
+    "name": "DirectoryAccessManagement",
+    "isPermissionOnly": true,
+    "description": "Grants permission to directory management actions while managing and provisioning workspaces",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "directoryid",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "disassociateconnectionalias": {
     "name": "DisassociateConnectionAlias",
     "description": "Grants permission to disassociate connection aliases from directories",
@@ -810,6 +875,14 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "importcustomworkspaceimage": {
+    "name": "ImportCustomWorkspaceImage",
+    "description": "Grants permission to import Bring Your Own License (BYOL) images into Amazon WorkSpaces",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "importworkspaceimage": {
     "name": "ImportWorkspaceImage",
     "description": "Grants permission to import Bring Your Own License (BYOL) images into Amazon WorkSpaces",
@@ -1249,6 +1322,31 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "updateconsent": {
+    "name": "UpdateConsent",
+    "isPermissionOnly": true,
+    "description": "Grants permission to update the consent agreement to BYOL minimum requirements",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "updaterootclientcertificate": {
+    "name": "UpdateRootClientCertificate",
+    "isPermissionOnly": true,
+    "description": "Grants permission to update a root client certificate",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "certificateid",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "updaterulesofipgroup": {
     "name": "UpdateRulesOfIpGroup",
     "description": "Grants permission to replace rules for IP access control groups",

iamdata/data/actions/xray.json

@@ -82,7 +82,9 @@
     "description": "Grants permission to delete resource policies",
     "accessLevel": "Write",
     "resourceTypes": [],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "xray:ResourcePolicyName"
+    ],
     "dependentActions": []
   },
   "deletesamplingrule": {
@@ -315,7 +317,9 @@
     "description": "Grants permission to create or update resource policies",
     "accessLevel": "Write",
     "resourceTypes": [],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "xray:ResourcePolicyName"
+    ],
     "dependentActions": []
   },
   "putspans": {
@@ -323,7 +327,9 @@
     "description": "Grants permission to upload OpenTelemetry spans to AWS X-Ray",
     "accessLevel": "Write",
     "resourceTypes": [],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "logs:LogGeneratingResourceArns"
+    ],
     "dependentActions": []
   },
   "putspansforindexing": {
@@ -348,7 +354,9 @@
     "description": "Grants permission to upload segment documents to AWS X-Ray. The X-Ray SDK generates segment documents and sends them to the X-Ray daemon, which uploads them in batches",
     "accessLevel": "Write",
     "resourceTypes": [],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "logs:LogGeneratingResourceArns"
+    ],
     "dependentActions": []
   },
   "starttraceretrieval": {
@@ -453,7 +461,9 @@
     "description": "Grants permission to modify the destination of data sent to PutTraceSegments and OpenTelemetry API",
     "accessLevel": "Write",
     "resourceTypes": [],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "xray:TraceSegmentDestination"
+    ],
     "dependentActions": []
   }
 }

iamdata/data/conditionKeys/acm.json

@@ -14,6 +14,11 @@
     "description": "Filters access by domainNames in the request. This key can be used to restrict which domains can be in certificate requests",
     "type": "ArrayOfString"
   },
+  "acm:export": {
+    "key": "acm:Export",
+    "description": "Filters access by the export option in the request. Can be used to restrict creation of certificates that can be exported",
+    "type": "String"
+  },
   "acm:keyalgorithm": {
     "key": "acm:KeyAlgorithm",
     "description": "Filters access by keyAlgorithm in the request",

iamdata/data/conditionKeys/airflow-serverless.json

@@ -0,0 +1,17 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the presence of tag key-value pairs in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by tag key-value pairs that are attached to the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by tag keys in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/apigateway.json

@@ -29,6 +29,11 @@
     "description": "Filters access by URI of a Lambda authorizer function. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString",
     "type": "ArrayOfString"
   },
+  "apigateway:request/conditionbasepaths": {
+    "key": "apigateway:Request/ConditionBasePaths",
+    "description": "Filters access by base paths defined on the condition of a routing rule. Available during the CreateRoutingRule and UpdateRoutingRule operations",
+    "type": "ArrayOfString"
+  },
   "apigateway:request/disableexecuteapiendpoint": {
     "key": "apigateway:Request/DisableExecuteApiEndpoint",
     "description": "Filters access by status of the default execute-api endpoint. Available during the CreateRestApi and DeleteRestApi operations",
@@ -49,11 +54,21 @@
     "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during the CreateDomainName and UpdateDomainName operations",
     "type": "String"
   },
+  "apigateway:request/priority": {
+    "key": "apigateway:Request/Priority",
+    "description": "Filters access by priority of the routing rule. Available during the CreateRoutingRule and UpdateRoutingRule operations",
+    "type": "Numeric"
+  },
   "apigateway:request/routeauthorizationtype": {
     "key": "apigateway:Request/RouteAuthorizationType",
     "description": "Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the CreateMethod and PutMethod operations Also available as a collection during import",
     "type": "ArrayOfString"
   },
+  "apigateway:request/routingmode": {
+    "key": "apigateway:Request/RoutingMode",
+    "description": "Filters access by routing mode of the domain name. Available during the CreateDomainName and UpdateDomainName operations",
+    "type": "String"
+  },
   "apigateway:request/securitypolicy": {
     "key": "apigateway:Request/SecurityPolicy",
     "description": "Filters access by TLS version. Available during the CreateDomain and UpdateDomain operations",
@@ -94,6 +109,11 @@
     "description": "Filters access by URI of a Lambda authorizer function. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during reimport as an ArrayOfString",
     "type": "ArrayOfString"
   },
+  "apigateway:resource/conditionbasepaths": {
+    "key": "apigateway:Resource/ConditionBasePaths",
+    "description": "Filters access by base paths defined on the condition of the existing routing rule. Available during the UpdateRoutingRule and DeleteRoutingRule operations",
+    "type": "ArrayOfString"
+  },
   "apigateway:resource/disableexecuteapiendpoint": {
     "key": "apigateway:Resource/DisableExecuteApiEndpoint",
     "description": "Filters access by status of the default execute-api endpoint of the current RestApi resource. Available during UpdateRestApi and DeleteRestApi operations",
@@ -114,11 +134,21 @@
     "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations",
     "type": "String"
   },
+  "apigateway:resource/priority": {
+    "key": "apigateway:Resource/Priority",
+    "description": "Filters access by priority of the existing routing rule. Available during the UpdateRoutingRule and DeleteRoutingRule operations",
+    "type": "Numeric"
+  },
   "apigateway:resource/routeauthorizationtype": {
     "key": "apigateway:Resource/RouteAuthorizationType",
     "description": "Filters access by authorization type of the existing Method resource, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport",
     "type": "ArrayOfString"
   },
+  "apigateway:resource/routingmode": {
+    "key": "apigateway:Resource/RoutingMode",
+    "description": "Filters access by routing mode of the domain name. Available during the UpdateDomainName and DeleteDomainName operations",
+    "type": "String"
+  },
   "apigateway:resource/securitypolicy": {
     "key": "apigateway:Resource/SecurityPolicy",
     "description": "Filters access by TLS version. Available during UpdateDomain and DeleteDomain operations",

iamdata/data/conditionKeys/arc-region-switch.json

@@ -0,0 +1,17 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by tag key-value pairs attached to the resource",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by a tag's key and value in a request",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the presence of tag keys in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/autoscaling.json

@@ -9,6 +9,11 @@
     "description": "Filters access based on the ARN of a Capacity Reservation resource group",
     "type": "ArrayOfString"
   },
+  "autoscaling:forcedelete": {
+    "key": "autoscaling:ForceDelete",
+    "description": "Filters access based on whether the force delete option is specified when deleting an Auto Scaling group",
+    "type": "Bool"
+  },
   "autoscaling:imageid": {
     "key": "autoscaling:ImageId",
     "description": "Filters access based on the AMI ID for the launch configuration",

iamdata/data/conditionKeys/backup.json

@@ -26,7 +26,7 @@
   },
   "backup:copytargets": {
     "key": "backup:CopyTargets",
-    "description": "Filters access by the ARN of an backup vault",
+    "description": "Filters access by the ARN of a backup vault",
     "type": "ArrayOfARN"
   },
   "backup:frameworkarns": {
@@ -48,5 +48,10 @@
     "key": "backup:MinRetentionDays",
     "description": "Filters access by the value of the MinRetentionDays parameter",
     "type": "Numeric"
+  },
+  "backup:mpaapprovalteamarn": {
+    "key": "backup:MpaApprovalTeamArn",
+    "description": "Filters access by the MPA Approval Team ARN of a backup vault",
+    "type": "ARN"
   }
 }

iamdata/data/conditionKeys/bcm-dashboards.json

@@ -0,0 +1,12 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/bedrock-agentcore.json

@@ -0,0 +1,72 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by creating requests based on the allowed set of values for each of the mandatory tags",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by having actions based on the tag value associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by creating requests based on the presence of mandatory tags in the request",
+    "type": "ArrayOfString"
+  },
+  "bedrock-agentcore:gatewayauthorizertype": {
+    "key": "bedrock-agentcore:GatewayAuthorizerType",
+    "description": "Filters access by the authorizerType attribute on a Gateway",
+    "type": "String"
+  },
+  "bedrock-agentcore:inboundjwtclaim/aud": {
+    "key": "bedrock-agentcore:InboundJwtClaim/aud",
+    "description": "Filters access by the audience claim (aud) in the JWT passed in the request",
+    "type": "ArrayOfString"
+  },
+  "bedrock-agentcore:inboundjwtclaim/client_id": {
+    "key": "bedrock-agentcore:InboundJwtClaim/client_id",
+    "description": "Filters access by the client_id claim in the JWT passed in the request",
+    "type": "String"
+  },
+  "bedrock-agentcore:inboundjwtclaim/iss": {
+    "key": "bedrock-agentcore:InboundJwtClaim/iss",
+    "description": "Filters access by the issuer (iss) claim present in the JWT passed in the request",
+    "type": "String"
+  },
+  "bedrock-agentcore:inboundjwtclaim/scope": {
+    "key": "bedrock-agentcore:InboundJwtClaim/scope",
+    "description": "Filters access by the scope claim in the JWT passed in the request",
+    "type": "ArrayOfString"
+  },
+  "bedrock-agentcore:inboundjwtclaim/sub": {
+    "key": "bedrock-agentcore:InboundJwtClaim/sub",
+    "description": "Filters access by the subject claim (sub) in the JWT passed in the request",
+    "type": "String"
+  },
+  "bedrock-agentcore:actorid": {
+    "key": "bedrock-agentcore:actorId",
+    "description": "Filters access by Actor Id",
+    "type": "String"
+  },
+  "bedrock-agentcore:namespace": {
+    "key": "bedrock-agentcore:namespace",
+    "description": "Filters access by namespace",
+    "type": "String"
+  },
+  "bedrock-agentcore:sessionid": {
+    "key": "bedrock-agentcore:sessionId",
+    "description": "Filters access by Session Id",
+    "type": "String"
+  },
+  "bedrock-agentcore:strategyid": {
+    "key": "bedrock-agentcore:strategyId",
+    "description": "Filters access by Memory Strategy Id",
+    "type": "String"
+  },
+  "bedrock-agentcore:userid": {
+    "key": "bedrock-agentcore:userid",
+    "description": "Filters access by the static user ID value passed in the request",
+    "type": "String"
+  }
+}