iamdata 0.1.202505111__py3-none-any.whl → 0.1.202511181__py3-none-any.whl

iamdata/data/conditionKeys/s3express.json

@@ -1,14 +1,39 @@
 {
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by the tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  },
   "s3express:accesspointnetworkorigin": {
     "key": "s3express:AccessPointNetworkOrigin",
     "description": "Filters access by the network origin (Internet or VPC)",
     "type": "String"
   },
+  "s3express:accesspointtag/${tagkey}": {
+    "key": "s3express:AccessPointTag/${TagKey}",
+    "description": "Filters access by tag key-value pairs attached to the access point",
+    "type": "String"
+  },
   "s3express:allaccessrestrictedtolocalzonegroup": {
     "key": "s3express:AllAccessRestrictedToLocalZoneGroup",
     "description": "Filters access by AWS Local Zone network border group(s) provided in this condition key",
     "type": "String"
   },
+  "s3express:buckettag/${tagkey}": {
+    "key": "s3express:BucketTag/${TagKey}",
+    "description": "Filters access by tag key-value pairs attached to the bucket",
+    "type": "String"
+  },
   "s3express:dataaccesspointaccount": {
     "key": "s3express:DataAccessPointAccount",
     "description": "Filters access by the AWS Account ID that owns the access point",
@@ -21,7 +46,7 @@
   },
   "s3express:locationname": {
     "key": "s3express:LocationName",
-    "description": "Filters access by a specific Availability Zone ID",
+    "description": "Filters access by a specific Availability Zone or Local Zone ID",
     "type": "String"
   },
   "s3express:permissions": {

iamdata/data/conditionKeys/s3tables.json

@@ -1,4 +1,19 @@
 {
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by the tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  },
   "s3tables:kmskeyarn": {
     "key": "s3tables:KMSKeyArn",
     "description": "Filters access by the AWS KMS key ARN for the key used to encrypt a table",
@@ -9,6 +24,11 @@
     "description": "Filters access by the server-side encryption algorithm used to encrypt a table",
     "type": "String"
   },
+  "s3tables:tablebuckettag/${tagkey}": {
+    "key": "s3tables:TableBucketTag/${TagKey}",
+    "description": "Filters access by the tags associated with the table bucket",
+    "type": "String"
+  },
   "s3tables:namespace": {
     "key": "s3tables:namespace",
     "description": "Filters access by the namespaces created in the table bucket",

iamdata/data/conditionKeys/s3vectors.json

@@ -0,0 +1,12 @@
+{
+  "s3vectors:kmskeyarn": {
+    "key": "s3vectors:kmsKeyArn",
+    "description": "Filters access by the AWS KMS key ARN for the key used to encrypt a vector bucket",
+    "type": "ARN"
+  },
+  "s3vectors:ssetype": {
+    "key": "s3vectors:sseType",
+    "description": "Filters access by server-side encryption type",
+    "type": "String"
+  }
+}

iamdata/data/conditionKeys/sagemaker.json

@@ -24,6 +24,21 @@
     "description": "Filters access by the app network access type associated with the resource in the request",
     "type": "String"
   },
+  "sagemaker:currentcustomermetadataproperties/${metadatakey}": {
+    "key": "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}",
+    "description": "Filters access by a current metadata key and value pair associated with the model-package resource",
+    "type": "String"
+  },
+  "sagemaker:currentmodellifecyclestage": {
+    "key": "sagemaker:CurrentModelLifeCycleStage",
+    "description": "Filters access by the current value of the Stage field in the model life cycle object associated with the model-package resource",
+    "type": "String"
+  },
+  "sagemaker:currentmodellifecyclestagestatus": {
+    "key": "sagemaker:CurrentModelLifeCycleStageStatus",
+    "description": "Filters access by the current value of the StageStatus field in the model life cycle object associated with the model-package resource",
+    "type": "String"
+  },
   "sagemaker:customermetadataproperties/${metadatakey}": {
     "key": "sagemaker:CustomerMetadataProperties/${MetadataKey}",
     "description": "Filters access by a metadata key and value pair",
@@ -184,6 +199,16 @@
     "description": "Filters access by the OwnerUserProfile arn associated with the space in the request",
     "type": "ARN"
   },
+  "sagemaker:pipelineversionid": {
+    "key": "sagemaker:PipelineVersionId",
+    "description": "Filters access to specific version IDs of a Sagemaker pipeline",
+    "type": "String"
+  },
+  "sagemaker:remoteaccess": {
+    "key": "sagemaker:RemoteAccess",
+    "description": "Filters access by the remote access flag associated with the space in the request",
+    "type": "String"
+  },
   "sagemaker:resourcetag/": {
     "key": "sagemaker:ResourceTag/",
     "description": "Filters access by the preface string for a tag key and value pair attached to a resource",

iamdata/data/conditionKeys/savingsplans.json

@@ -6,7 +6,7 @@
   },
   "aws:resourcetag/${tagkey}": {
     "key": "aws:ResourceTag/${TagKey}",
-    "description": "Filters access by tag-value assoicated with the resource",
+    "description": "Filters access by tag-value associated with the resource",
     "type": "String"
   },
   "aws:tagkeys": {

iamdata/data/conditionKeys/secretsmanager.json

@@ -86,7 +86,7 @@
   },
   "secretsmanager:secretprimaryregion": {
     "key": "secretsmanager:SecretPrimaryRegion",
-    "description": "Filters access by primary region in which the secret is created",
+    "description": "Filters access by primary region in which the secret is created if the secret is a multi-Region secret",
     "type": "String"
   },
   "secretsmanager:versionid": {

iamdata/data/conditionKeys/securityhub.json

@@ -19,6 +19,11 @@
     "description": "Filters access by the specified fields and values in the request",
     "type": "String"
   },
+  "securityhub:ocsfsyntaxpath/${ocsfsyntaxpath}": {
+    "key": "securityhub:OCSFSyntaxPath/${OCSFSyntaxPath}",
+    "description": "Filters access by the specified fields and values in the request",
+    "type": "String"
+  },
   "securityhub:targetaccount": {
     "key": "securityhub:TargetAccount",
     "description": "Filters access by the AwsAccountId field that is specified in the request",

iamdata/data/conditionKeys/servicediscovery.json

@@ -29,6 +29,11 @@
     "description": "Filters access by specifying the Amazon Resource Name (ARN) for the related service",
     "type": "ARN"
   },
+  "servicediscovery:servicecreatedbyaccount": {
+    "key": "servicediscovery:ServiceCreatedByAccount",
+    "description": "Filters access by specifying the account id of the related service creator",
+    "type": "String"
+  },
   "servicediscovery:servicename": {
     "key": "servicediscovery:ServiceName",
     "description": "Filters access by specifying the name of the related service",

iamdata/data/conditionKeys/ses.json

@@ -73,5 +73,10 @@
     "key": "ses:ReplicaRegion",
     "description": "Filters access by the replica regions for Replicating domain DKIM signing key",
     "type": "ArrayOfString"
+  },
+  "ses:tenantname": {
+    "key": "ses:TenantName",
+    "description": "Filters access by the tenant name that is used to send email",
+    "type": "String"
   }
 }

iamdata/data/conditionKeys/ssm.json

@@ -39,6 +39,11 @@
     "description": "Filters access by verifying that a user has permission to access a document belonging to a specific document type. Only available in \"aws\", \"aws-cn\", and \"aws-us-gov\" partitions",
     "type": "String"
   },
+  "ssm:inventorytypename": {
+    "key": "ssm:InventoryTypeName",
+    "description": "Filters access by verifying that a user also has access to the InventoryType specified in the request",
+    "type": "ArrayOfString"
+  },
   "ssm:overwrite": {
     "key": "ssm:Overwrite",
     "description": "Filters access by controling whether Systems Manager parameters can be overwritten",
@@ -54,6 +59,11 @@
     "description": "Filters access by Systems Manager parameters created in a hierarchical structure",
     "type": "String"
   },
+  "ssm:sessiondocumentaccesscheck": {
+    "key": "ssm:SessionDocumentAccessCheck",
+    "description": "Filters access by verifying that a user has permission to access either the default Session Manager configuration document or the custom configuration document specified in a request",
+    "type": "Bool"
+  },
   "ssm:sourceinstancearn": {
     "key": "ssm:SourceInstanceARN",
     "description": "Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile",

iamdata/data/conditionKeys/sso.json

@@ -14,6 +14,16 @@
     "description": "Filters access by the tag keys that are passed in the request",
     "type": "ArrayOfString"
   },
+  "identitycenter:applicationarn": {
+    "key": "identitycenter:ApplicationArn",
+    "description": "Filters access by the ARN of the IAM Identity Center application",
+    "type": "ARN"
+  },
+  "identitycenter:instancearn": {
+    "key": "identitycenter:InstanceArn",
+    "description": "Filters access by the ARN of the IAM Identity Center instance",
+    "type": "ARN"
+  },
   "sso:applicationaccount": {
     "key": "sso:ApplicationAccount",
     "description": "Filters access by the account which creates the application. This condition key is not supported for customer managed SAML applications",

iamdata/data/conditionKeys/sts.json

@@ -234,6 +234,11 @@
     "description": "Filters access by the unique identifier required when you assume a role in another account",
     "type": "String"
   },
+  "sts:identitytokenaudience": {
+    "key": "sts:IdentityTokenAudience",
+    "description": "Filters access by the audience that is passed in the request",
+    "type": "String"
+  },
   "sts:requestcontext/${contextkey}": {
     "key": "sts:RequestContext/${ContextKey}",
     "description": "Filters access by the session context key-value pairs embedded in the signed context assertion retrieved from a trusted context provider",
@@ -249,6 +254,11 @@
     "description": "Filters access by the role session name required when you assume a role",
     "type": "String"
   },
+  "sts:signingalgorithm": {
+    "key": "sts:SigningAlgorithm",
+    "description": "Filters access by the signing algorithm that is passed in the request",
+    "type": "String"
+  },
   "sts:sourceidentity": {
     "key": "sts:SourceIdentity",
     "description": "Filters access by the source identity that is passed in the request",

iamdata/data/conditionKeys/transcribe.json

@@ -21,7 +21,7 @@
   },
   "transcribe:outputencryptionkmskeyid": {
     "key": "transcribe:OutputEncryptionKMSKeyId",
-    "description": "Filters access based on the KMS key id included in the request",
+    "description": "Filters access based on the KMS key id included in the request, provided in the form of a KMS key ARN",
     "type": "String"
   },
   "transcribe:outputkey": {

iamdata/data/conditionKeys/transfer.json

@@ -13,5 +13,25 @@
     "key": "aws:TagKeys",
     "description": "Filters access by the tag keys that are passed in the request",
     "type": "ArrayOfString"
+  },
+  "transfer:requestconnectorprotocol": {
+    "key": "transfer:RequestConnectorProtocol",
+    "description": "Filters access by the connector protocol that is passed in the request",
+    "type": "String"
+  },
+  "transfer:requestserverdomain": {
+    "key": "transfer:RequestServerDomain",
+    "description": "Filters access by the storage domain that is passed in the request",
+    "type": "String"
+  },
+  "transfer:requestserverendpointtype": {
+    "key": "transfer:RequestServerEndpointType",
+    "description": "Filters access by the endpoint type that is passed in the request",
+    "type": "String"
+  },
+  "transfer:requestserverprotocols": {
+    "key": "transfer:RequestServerProtocols",
+    "description": "Filters access by the server protocols that are passed in the request",
+    "type": "ArrayOfString"
   }
 }

iamdata/data/conditionKeys/transform.json

@@ -0,0 +1,12 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/uxc.json

@@ -0,0 +1 @@
+{}

iamdata/data/conditionKeys/vpc-lattice-svcs.json

@@ -14,6 +14,11 @@
     "description": "Filters access by the method of the request",
     "type": "String"
   },
+  "vpc-lattice-svcs:requestpath": {
+    "key": "vpc-lattice-svcs:RequestPath",
+    "description": "Filters access by the path portion of the request URL",
+    "type": "String"
+  },
   "vpc-lattice-svcs:requestquerystring/${querystringkey}": {
     "key": "vpc-lattice-svcs:RequestQueryString/${QueryStringKey}",
     "description": "Filters access by the query string key-value pairs in the request URL",

iamdata/data/conditionKeys/vpc-lattice.json

@@ -19,6 +19,21 @@
     "description": "Filters access by the auth type specified in the request",
     "type": "String"
   },
+  "vpc-lattice:domainname": {
+    "key": "vpc-lattice:DomainName",
+    "description": "Filters access by the domain name",
+    "type": "String"
+  },
+  "vpc-lattice:privatednspreference": {
+    "key": "vpc-lattice:PrivateDnsPreference",
+    "description": "Filters access by the private dns preference",
+    "type": "String"
+  },
+  "vpc-lattice:privatednsspecifieddomains": {
+    "key": "vpc-lattice:PrivateDnsSpecifiedDomains",
+    "description": "Filters access by the private dns domains",
+    "type": "ArrayOfString"
+  },
   "vpc-lattice:protocol": {
     "key": "vpc-lattice:Protocol",
     "description": "Filters access by the protocol specified in the request",

iamdata/data/conditionKeys/workspaces-instances.json

@@ -0,0 +1,17 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access based on the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access based on the tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access based on the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/xray.json

@@ -13,5 +13,20 @@
     "key": "aws:TagKeys",
     "description": "Filters access by the tag keys that are passed in the request",
     "type": "ArrayOfString"
+  },
+  "logs:loggeneratingresourcearns": {
+    "key": "logs:LogGeneratingResourceArns",
+    "description": "Filters access by LogGeneratingResourceArn in the request",
+    "type": "ArrayOfARN"
+  },
+  "xray:resourcepolicyname": {
+    "key": "xray:ResourcePolicyName",
+    "description": "Filters access by PolicyName in the request",
+    "type": "String"
+  },
+  "xray:tracesegmentdestination": {
+    "key": "xray:TraceSegmentDestination",
+    "description": "Filters access by TraceSegmentDestination type in the request",
+    "type": "String"
   }
 }

iamdata/data/conditionPatterns.json

@@ -0,0 +1,141 @@
+{
+  "account": {
+    "account:AccountResourceOrgTags/.+?": "account:AccountResourceOrgTags/${TagKey}"
+  },
+  "codebuild": {
+    "codebuild:environment.environmentVariables/.+?.value": "codebuild:environment.environmentVariables/${name}.value",
+    "codebuild:fileSystemLocations/.+?.location": "codebuild:fileSystemLocations/${identifier}.location",
+    "codebuild:fileSystemLocations/.+?.type": "codebuild:fileSystemLocations/${identifier}.type",
+    "codebuild:secondaryArtifacts/.+?.bucketOwnerAccess": "codebuild:secondaryArtifacts/${artifactIdentifier}.bucketOwnerAccess",
+    "codebuild:secondaryArtifacts/.+?.encryptionDisabled": "codebuild:secondaryArtifacts/${artifactIdentifier}.encryptionDisabled",
+    "codebuild:secondaryArtifacts/.+?.location": "codebuild:secondaryArtifacts/${artifactIdentifier}.location",
+    "codebuild:secondarySources/.+?.auth.resource": "codebuild:secondarySources/${sourceIdentifier}.auth.resource",
+    "codebuild:secondarySources/.+?.auth.type": "codebuild:secondarySources/${sourceIdentifier}.auth.type",
+    "codebuild:secondarySources/.+?.buildStatusConfig.context": "codebuild:secondarySources/${sourceIdentifier}.buildStatusConfig.context",
+    "codebuild:secondarySources/.+?.buildStatusConfig.targetUrl": "codebuild:secondarySources/${sourceIdentifier}.buildStatusConfig.targetUrl",
+    "codebuild:secondarySources/.+?.buildspec": "codebuild:secondarySources/${sourceIdentifier}.buildspec",
+    "codebuild:secondarySources/.+?.insecureSsl": "codebuild:secondarySources/${sourceIdentifier}.insecureSsl",
+    "codebuild:secondarySources/.+?.location": "codebuild:secondarySources/${sourceIdentifier}.location"
+  },
+  "iam": {
+    "iam:ResourceTag/.+?": "iam:ResourceTag/${TagKey}"
+  },
+  "datapipeline": {
+    "datapipeline:Tag/.+?": "datapipeline:Tag/${TagKey}"
+  },
+  "dms": {
+    "dms:assessment-run-tag/.+?": "dms:assessment-run-tag/${TagKey}",
+    "dms:cert-tag/.+?": "dms:cert-tag/${TagKey}",
+    "dms:data-migration-tag/.+?": "dms:data-migration-tag/${TagKey}",
+    "dms:data-provider-tag/.+?": "dms:data-provider-tag/${TagKey}",
+    "dms:endpoint-tag/.+?": "dms:endpoint-tag/${TagKey}",
+    "dms:es-tag/.+?": "dms:es-tag/${TagKey}",
+    "dms:individual-assessment-tag/.+?": "dms:individual-assessment-tag/${TagKey}",
+    "dms:instance-profile-tag/.+?": "dms:instance-profile-tag/${TagKey}",
+    "dms:migration-project-tag/.+?": "dms:migration-project-tag/${TagKey}",
+    "dms:rep-tag/.+?": "dms:rep-tag/${TagKey}",
+    "dms:replication-config-tag/.+?": "dms:replication-config-tag/${TagKey}",
+    "dms:req-tag/.+?": "dms:req-tag/${TagKey}",
+    "dms:subgrp-tag/.+?": "dms:subgrp-tag/${TagKey}",
+    "dms:task-tag/.+?": "dms:task-tag/${TagKey}"
+  },
+  "elasticloadbalancing": {
+    "elasticloadbalancing:ResourceTag/.+?": "elasticloadbalancing:ResourceTag/${TagKey}"
+  },
+  "iotanalytics": {
+    "iotanalytics:ResourceTag/.+?": "iotanalytics:ResourceTag/${TagKey}"
+  },
+  "iot": {
+    "iot:CommandExecutionParameterBoolean/.+?": "iot:CommandExecutionParameterBoolean/${CommandParameterName}",
+    "iot:CommandExecutionParameterNumber/.+?": "iot:CommandExecutionParameterNumber/${CommandParameterName}",
+    "iot:CommandExecutionParameterString/.+?": "iot:CommandExecutionParameterString/${CommandParameterName}"
+  },
+  "kms": {
+    "kms:EncryptionContext:.+?": "kms:EncryptionContext:${EncryptionContextKey}"
+  },
+  "license-manager": {
+    "license-manager:ResourceTag/.+?": "license-manager:ResourceTag/${TagKey}"
+  },
+  "ram": {
+    "ram:ResourceTag/.+?": "ram:ResourceTag/${TagKey}"
+  },
+  "securityhub": {
+    "securityhub:ASFFSyntaxPath/.+?": "securityhub:ASFFSyntaxPath/${ASFFSyntaxPath}",
+    "securityhub:OCSFSyntaxPath/.+?": "securityhub:OCSFSyntaxPath/${OCSFSyntaxPath}"
+  },
+  "sts": {
+    "sts:RequestContext/.+?": "sts:RequestContext/${ContextKey}"
+  },
+  "ssm": {
+    "ssm:resourceTag/.+?": "ssm:resourceTag/${TagKey}"
+  },
+  "connect": {
+    "connect:SearchTag/.+?": "connect:SearchTag/${TagKey}"
+  },
+  "autoscaling": {
+    "autoscaling:ResourceTag/.+?": "autoscaling:ResourceTag/${TagKey}"
+  },
+  "imagebuilder": {
+    "imagebuilder:CreatedResourceTag/.+?": "imagebuilder:CreatedResourceTag/${TagKey}"
+  },
+  "ec2": {
+    "ec2:ResourceTag/.+?": "ec2:ResourceTag/${TagKey}",
+    "ec2:Attribute/.+?": "ec2:Attribute/${AttributeName}"
+  },
+  "ecr-public": {
+    "ecr-public:ResourceTag/.+?": "ecr-public:ResourceTag/${TagKey}"
+  },
+  "ecr": {
+    "ecr:ResourceTag/.+?": "ecr:ResourceTag/${TagKey}"
+  },
+  "ecs": {
+    "ecs:ResourceTag/.+?": "ecs:ResourceTag/${TagKey}"
+  },
+  "eks": {
+    "eks:loggingType/.+?": "eks:loggingType/${type}"
+  },
+  "elasticmapreduce": {
+    "elasticmapreduce:RequestTag/.+?": "elasticmapreduce:RequestTag/${TagKey}",
+    "elasticmapreduce:ResourceTag/.+?": "elasticmapreduce:ResourceTag/${TagKey}"
+  },
+  "rds": {
+    "rds:cluster-pg-tag/.+?": "rds:cluster-pg-tag/${TagKey}",
+    "rds:cluster-snapshot-tag/.+?": "rds:cluster-snapshot-tag/${TagKey}",
+    "rds:cluster-tag/.+?": "rds:cluster-tag/${TagKey}",
+    "rds:db-tag/.+?": "rds:db-tag/${TagKey}",
+    "rds:es-tag/.+?": "rds:es-tag/${TagKey}",
+    "rds:og-tag/.+?": "rds:og-tag/${TagKey}",
+    "rds:pg-tag/.+?": "rds:pg-tag/${TagKey}",
+    "rds:req-tag/.+?": "rds:req-tag/${TagKey}",
+    "rds:ri-tag/.+?": "rds:ri-tag/${TagKey}",
+    "rds:secgrp-tag/.+?": "rds:secgrp-tag/${TagKey}",
+    "rds:snapshot-tag/.+?": "rds:snapshot-tag/${TagKey}",
+    "rds:subgrp-tag/.+?": "rds:subgrp-tag/${TagKey}"
+  },
+  "s3express": {
+    "s3express:AccessPointTag/.+?": "s3express:AccessPointTag/${TagKey}",
+    "s3express:BucketTag/.+?": "s3express:BucketTag/${TagKey}"
+  },
+  "s3tables": {
+    "s3tables:TableBucketTag/.+?": "s3tables:TableBucketTag/${TagKey}"
+  },
+  "s3-outposts": {
+    "s3-outposts:ExistingObjectTag/.+?": "s3-outposts:ExistingObjectTag/<key>",
+    "s3-outposts:RequestObjectTag/.+?": "s3-outposts:RequestObjectTag/<key>"
+  },
+  "s3": {
+    "s3:AccessPointTag/.+?": "s3:AccessPointTag/${TagKey}",
+    "s3:ExistingObjectTag/.+?": "s3:ExistingObjectTag/<key>",
+    "s3:RequestObjectTag/.+?": "s3:RequestObjectTag/<key>"
+  },
+  "sagemaker": {
+    "sagemaker:ResourceTag/.+?": "sagemaker:ResourceTag/${TagKey}",
+    "sagemaker:CurrentCustomerMetadataProperties/.+?": "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}",
+    "sagemaker:CustomerMetadataProperties/.+?": "sagemaker:CustomerMetadataProperties/${MetadataKey}",
+    "sagemaker:SearchVisibilityCondition/.+?": "sagemaker:SearchVisibilityCondition/${FilterKey}"
+  },
+  "vpc-lattice-svcs": {
+    "vpc-lattice-svcs:RequestHeader/.+?": "vpc-lattice-svcs:RequestHeader/${HeaderName}",
+    "vpc-lattice-svcs:RequestQueryString/.+?": "vpc-lattice-svcs:RequestQueryString/${QueryStringKey}"
+  }
+}

iamdata/data/metadata.json

@@ -1,4 +1,4 @@
 {
-  "version": "0.1.202505111",
-  "updatedAt": "2025-05-11T04:47:52.922Z"
+  "version": "0.1.202511181",
+  "updatedAt": "2025-11-18T04:49:04.415Z"
 }

iamdata/data/resourceTypes/action-recommendations.json

@@ -0,0 +1 @@
+{}

iamdata/data/resourceTypes/airflow-serverless.json

@@ -0,0 +1,9 @@
+{
+  "workflow": {
+    "key": "Workflow",
+    "arn": "arn:${Partition}:airflow-serverless:${Region}:${Account}:workflow/${WorkflowId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  }
+}

iamdata/data/resourceTypes/apigateway.json

@@ -211,6 +211,15 @@
       "aws:ResourceTag/${TagKey}"
     ]
   },
+  "routingrule": {
+    "key": "RoutingRule",
+    "arn": "arn:${Partition}:apigateway:${Region}:${Account}:/domainnames/${DomainName}/routingrules/${RoutingRuleId}",
+    "conditionKeys": [
+      "apigateway:Resource/ConditionBasePaths",
+      "apigateway:Resource/Priority",
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
   "stage": {
     "key": "Stage",
     "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages/${StageName}",
@@ -330,6 +339,7 @@
       "apigateway:Resource/EndpointType",
       "apigateway:Resource/MtlsTrustStoreUri",
       "apigateway:Resource/MtlsTrustStoreVersion",
+      "apigateway:Resource/RoutingMode",
       "apigateway:Resource/SecurityPolicy",
       "aws:ResourceTag/${TagKey}"
     ]
@@ -342,6 +352,7 @@
       "apigateway:Request/MtlsTrustStoreUri",
       "apigateway:Request/MtlsTrustStoreVersion",
       "apigateway:Request/SecurityPolicy",
+      "apigateway:Resource/RoutingMode",
       "aws:ResourceTag/${TagKey}"
     ]
   },
@@ -410,6 +421,7 @@
     "conditionKeys": [
       "apigateway:Request/EndpointType",
       "apigateway:Resource/EndpointType",
+      "apigateway:Resource/RoutingMode",
       "aws:ResourceTag/${TagKey}"
     ]
   },

iamdata/data/resourceTypes/aps.json

@@ -17,6 +17,15 @@
       "aws:TagKeys"
     ]
   },
+  "anomalydetector": {
+    "key": "anomalydetector",
+    "arn": "arn:${Partition}:aps:${Region}:${Account}:anomalydetector/${WorkspaceId}/${AnomalyDetectorId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys"
+    ]
+  },
   "scraper": {
     "key": "scraper",
     "arn": "arn:${Partition}:aps:${Region}:${Account}:scraper/${ScraperId}",

iamdata/data/resourceTypes/arc-region-switch.json

@@ -0,0 +1,9 @@
+{
+  "plan": {
+    "key": "plan",
+    "arn": "arn:${Partition}:arc-region-switch:${Region}:${Account}:plan/${ResourceId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  }
+}

iamdata/data/resourceTypes/artifact.json

@@ -1,8 +1,4 @@
 {
-  "report-package": {
-    "key": "report-package",
-    "arn": "arn:${Partition}:artifact:::report-package/*"
-  },
   "customer-agreement": {
     "key": "customer-agreement",
     "arn": "arn:${Partition}:artifact::${Account}:customer-agreement/*"
@@ -13,6 +9,10 @@
   },
   "report": {
     "key": "report",
-    "arn": "arn:${Partition}:artifact:${Region}::report/${ReportId}:${Version}"
+    "arn": "arn:${Partition}:artifact:${Region}::report/${ReportId}:${Version}",
+    "conditionKeys": [
+      "artifact:ReportCategory",
+      "artifact:ReportSeries"
+    ]
   }
 }