iamdata 0.1.202505111__py3-none-any.whl → 0.1.202512121__py3-none-any.whl

iamdata/data/conditionKeys/ebs.json

@@ -21,8 +21,8 @@
   },
   "ebs:parentsnapshot": {
     "key": "ebs:ParentSnapshot",
-    "description": "Filters access by the ID of the parent snapshot",
-    "type": "String"
+    "description": "Filters access by the ARN of the parent snapshot",
+    "type": "ARN"
   },
   "ebs:volumesize": {
     "key": "ebs:VolumeSize",

iamdata/data/conditionKeys/ec2.json

@@ -584,6 +584,11 @@
     "description": "Filters access by the ID of a volume",
     "type": "String"
   },
+  "ec2:volumeinitializationrate": {
+    "key": "ec2:VolumeInitializationRate",
+    "description": "Filters access by the initialization rate of the volume, in MiBps",
+    "type": "Numeric"
+  },
   "ec2:volumeiops": {
     "key": "ec2:VolumeIops",
     "description": "Filters access by the the number of input/output operations per second (IOPS) provisioned for the volume",
@@ -619,6 +624,11 @@
     "description": "Filters access by the ID of a VPC peering connection",
     "type": "String"
   },
+  "ec2:vpcemultiregion": {
+    "key": "ec2:VpceMultiRegion",
+    "description": "Filters access by multi region of the VPC endpoint service",
+    "type": "String"
+  },
   "ec2:vpceservicename": {
     "key": "ec2:VpceServiceName",
     "description": "Filters access by the name of the VPC endpoint service",
@@ -634,6 +644,16 @@
     "description": "Filters access by the private DNS name of the VPC endpoint service",
     "type": "String"
   },
+  "ec2:vpceserviceregion": {
+    "key": "ec2:VpceServiceRegion",
+    "description": "Filters access by the region of the VPC endpoint service",
+    "type": "String"
+  },
+  "ec2:vpcesupportedregion": {
+    "key": "ec2:VpceSupportedRegion",
+    "description": "Filters access by the supported region of the VPC endpoint service",
+    "type": "String"
+  },
   "ec2:transitgatewayattachmentid": {
     "key": "ec2:transitGatewayAttachmentId",
     "description": "Filters access by the ID of a transit gateway attachment",
@@ -668,20 +688,5 @@
     "key": "ec2:transitGatewayRouteTableId",
     "description": "Filters access by the ID of a transit gateway route table",
     "type": "String"
-  },
-  "ec2:vpcemultiregion": {
-    "key": "ec2:vpceMultiRegion",
-    "description": "Filters access by multi region of the VPC endpoint service",
-    "type": "String"
-  },
-  "ec2:vpceserviceregion": {
-    "key": "ec2:vpceServiceRegion",
-    "description": "Filters access by the region of the VPC endpoint service",
-    "type": "String"
-  },
-  "ec2:vpcesupportedregion": {
-    "key": "ec2:vpceSupportedRegion",
-    "description": "Filters access by the supported region of the VPC endpoint service",
-    "type": "String"
   }
 }

iamdata/data/conditionKeys/eks.json

@@ -74,6 +74,11 @@
     "description": "Filters access by the kubernetesGroups present in the access entry requests the user makes to the EKS service",
     "type": "ArrayOfString"
   },
+  "eks:loggingtype/${type}": {
+    "key": "eks:loggingType/${type}",
+    "description": "Filters access by the cluster logging enabled and type parameter in the create / update cluster request",
+    "type": "Bool"
+  },
   "eks:namespaces": {
     "key": "eks:namespaces",
     "description": "Filters access by the namespaces present in the associate / disassociate access policy requests the user makes to the EKS service",

iamdata/data/conditionKeys/events.json

@@ -37,7 +37,7 @@
   "events:detail-type": {
     "key": "events:detail-type",
     "description": "Filters access by the literal string of the detail-type of the event to PutEvents and PutRule actions",
-    "type": "String"
+    "type": "ArrayOfString"
   },
   "events:detail.eventtypecode": {
     "key": "events:detail.eventTypeCode",

iamdata/data/conditionKeys/evs.json

@@ -0,0 +1,17 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair that is allowed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair of a resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by a list of tag keys that are allowed in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/glacier.json

@@ -1,14 +1,4 @@
 {
-  "aws:requesttag/${tagkey}": {
-    "key": "aws:RequestTag/${TagKey}",
-    "description": "Filters access by the tags that are passed in the request",
-    "type": "String"
-  },
-  "aws:tagkeys": {
-    "key": "aws:TagKeys",
-    "description": "Filters access by the tag keys that are passed in the request",
-    "type": "ArrayOfString"
-  },
   "glacier:archiveageindays": {
     "key": "glacier:ArchiveAgeInDays",
     "description": "Filters access by how long an archive has been stored in the vault, in days",

iamdata/data/conditionKeys/glue.json

@@ -24,6 +24,16 @@
     "description": "Filters access by the presence of the key configured for role's identity-based policy",
     "type": "Bool"
   },
+  "glue:federatedauthorizationsource": {
+    "key": "glue:FederatedAuthorizationSource",
+    "description": "Filters access by whether the resource belongs to federated authorization",
+    "type": "String"
+  },
+  "glue:lakeformationpermissions": {
+    "key": "glue:LakeFormationPermissions",
+    "description": "Filters access by whether Lake Formation permission checks will be performed for a given caller and the Glue resource",
+    "type": "String"
+  },
   "glue:roleassumedby": {
     "key": "glue:RoleAssumedBy",
     "description": "Filters access by the service from which the credentials of the request is obtained by assuming the customer role",

iamdata/data/conditionKeys/iam.json

@@ -24,6 +24,16 @@
     "description": "Filters access by the resource that the role will be used on behalf of",
     "type": "ARN"
   },
+  "iam:delegationduration": {
+    "key": "iam:DelegationDuration",
+    "description": "Filters access based on the requested delegation duration",
+    "type": "String"
+  },
+  "iam:delegationrequestowner": {
+    "key": "iam:DelegationRequestOwner",
+    "description": "Filters access based on the delegation request owner",
+    "type": "ARN"
+  },
   "iam:fido-fips-140-2-certification": {
     "key": "iam:FIDO-FIPS-140-2-certification",
     "description": "Filters access by the MFA device FIPS-140-2 validation certification level at the time of registration of a FIDO security key",
@@ -39,6 +49,11 @@
     "description": "Filters access by the MFA device FIDO certification level at the time of registration of a FIDO security key",
     "type": "String"
   },
+  "iam:notificationchannel": {
+    "key": "iam:NotificationChannel",
+    "description": "Filters access based on the requested notification channel",
+    "type": "String"
+  },
   "iam:organizationspolicyid": {
     "key": "iam:OrganizationsPolicyId",
     "description": "Filters access by the ID of an AWS Organizations policy",
@@ -68,5 +83,20 @@
     "key": "iam:ResourceTag/${TagKey}",
     "description": "Filters access by the tags attached to an IAM entity (user or role)",
     "type": "String"
+  },
+  "iam:servicespecificcredentialagedays": {
+    "key": "iam:ServiceSpecificCredentialAgeDays",
+    "description": "Filters access by the duration until the credential's expiration",
+    "type": "Numeric"
+  },
+  "iam:servicespecificcredentialservicename": {
+    "key": "iam:ServiceSpecificCredentialServiceName",
+    "description": "Filters access by the service associated with the credential",
+    "type": "String"
+  },
+  "iam:templatearn": {
+    "key": "iam:TemplateArn",
+    "description": "Filters access based on the requested template ARN",
+    "type": "ARN"
   }
 }

iamdata/data/conditionKeys/identitystore.json

@@ -1,7 +1,32 @@
 {
+  "identitystore:groupexternalidissuers": {
+    "key": "identitystore:GroupExternalIdIssuers",
+    "description": "Filters access by Issuer present in ExternalIds for Group resources",
+    "type": "ArrayOfARN"
+  },
+  "identitystore:identitystorearn": {
+    "key": "identitystore:IdentityStoreArn",
+    "description": "Filters access by Identity Store ARN",
+    "type": "ARN"
+  },
+  "identitystore:primaryregion": {
+    "key": "identitystore:PrimaryRegion",
+    "description": "Filters access by Primary Region of Identity Store",
+    "type": "String"
+  },
+  "identitystore:reserveduserid": {
+    "key": "identitystore:ReservedUserId",
+    "description": "Filters access by a previously reserved User ID for CreateUser operation",
+    "type": "String"
+  },
+  "identitystore:userexternalidissuers": {
+    "key": "identitystore:UserExternalIdIssuers",
+    "description": "Filters access by Issuer present in ExternalIds for User resources",
+    "type": "ArrayOfARN"
+  },
   "identitystore:userid": {
     "key": "identitystore:UserId",
-    "description": "Filters access by IAM Identity Center User ID",
+    "description": "Filters access by Identity Store User ID",
     "type": "String"
   }
 }

iamdata/data/conditionKeys/imagebuilder.json

@@ -14,8 +14,8 @@
     "description": "Filters access by the presence of tag keys in the request",
     "type": "ArrayOfString"
   },
-  "imagebuilder:createdresourcetag/<key>": {
-    "key": "imagebuilder:CreatedResourceTag/<key>",
+  "imagebuilder:createdresourcetag/${tagkey}": {
+    "key": "imagebuilder:CreatedResourceTag/${TagKey}",
     "description": "Filters access by the tag key-value pairs attached to the resource created by Image Builder",
     "type": "String"
   },

iamdata/data/conditionKeys/iotmanagedintegrations.json

@@ -1 +1,27 @@
-{}
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair that is allowed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair of a resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  },
+  "iotmanagedintegrations:cloudconnectorid": {
+    "key": "iotmanagedintegrations:cloudConnectorId",
+    "description": "Filters access by the CloudConnectorId",
+    "type": "String"
+  },
+  "iotmanagedintegrations:connectordestinationid": {
+    "key": "iotmanagedintegrations:connectorDestinationId",
+    "description": "Filters access by the ConnectorDestinationId",
+    "type": "String"
+  }
+}

iamdata/data/conditionKeys/kinesis.json

@@ -13,5 +13,20 @@
     "key": "aws:TagKeys",
     "description": "Filters access by the presence of tag keys in the request",
     "type": "ArrayOfString"
+  },
+  "kinesis:fisactionid": {
+    "key": "kinesis:FisActionId",
+    "description": "Filters access by the ID of an AWS FIS action",
+    "type": "String"
+  },
+  "kinesis:fisinjectpercentage": {
+    "key": "kinesis:FisInjectPercentage",
+    "description": "Filters access by the percentage of calls being affected by an AWS FIS action",
+    "type": "Numeric"
+  },
+  "kinesis:fistargetarns": {
+    "key": "kinesis:FisTargetArns",
+    "description": "Filters access by the ARN of an AWS FIS target",
+    "type": "ArrayOfARN"
   }
 }

iamdata/data/conditionKeys/kms.json

@@ -134,14 +134,134 @@
     "description": "Filters access to the API operations based on the image hash in the attestation document in the request",
     "type": "String"
   },
+  "kms:recipientattestation:nitrotpmpcr0": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR0",
+    "description": "Filters access by the platform configuration register (PCR) 0 in the attestation document in the request. PCR0 is a contiguous measure of core system firmware executable code",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr1": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR1",
+    "description": "Filters access by the platform configuration register (PCR) 1 in the attestation document in the request. PCR1 is a contiguous measure of core system firmware data/host platform configuration, typically including serial and model numbers",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr10": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR10",
+    "description": "Filters access by the platform configuration register (PCR) 10 in the attestation document in the request. PCR10 is a contiguous measure of protection of the IMA measurement log",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr11": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR11",
+    "description": "Filters access by the platform configuration register (PCR) 11 in the attestation document in the request. PCR11 is a contiguous measure of all components of unified kernel images (UKIs)",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr12": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR12",
+    "description": "Filters access by the platform configuration register (PCR) 12 in the attestation document in the request. PCR12 is a contiguous measure of kernel command line, system credentials and system configuration images",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr13": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR13",
+    "description": "Filters access by the platform configuration register (PCR) 13 in the attestation document in the request. PCR13 is a contiguous measure of all system extension images for the initrd",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr14": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR14",
+    "description": "Filters access by the platform configuration register (PCR) 14 in the attestation document in the request. PCR14 is a contiguous measure of \"MOK\" certificates and hashes",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr15": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR15",
+    "description": "Filters access by the platform configuration register (PCR) 15 in the attestation document in the request. PCR15 is a contiguous measure of root file system volume encryption key",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr16": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR16",
+    "description": "Filters access by the platform configuration register (PCR) 16 in the attestation document in the request. PCR16 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr17": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR17",
+    "description": "Filters access by the platform configuration register (PCR) 17 in the attestation document in the request. PCR17 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr18": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR18",
+    "description": "Filters access by the platform configuration register (PCR) 18 in the attestation document in the request. PCR18 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr19": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR19",
+    "description": "Filters access by the platform configuration register (PCR) 19 in the attestation document in the request. PCR19 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr2": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR2",
+    "description": "Filters access by the platform configuration register (PCR) 2 in the attestation document in the request. PCR2 is a contiguous measure of extended or pluggable executable code, including option ROMs on pluggable hardware",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr20": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR20",
+    "description": "Filters access by the platform configuration register (PCR) 20 in the attestation document in the request. PCR20 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr21": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR21",
+    "description": "Filters access by the platform configuration register (PCR) 21 in the attestation document in the request. PCR21 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr22": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR22",
+    "description": "Filters access by the platform configuration register (PCR) 22 in the attestation document in the request. PCR22 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr23": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR23",
+    "description": "Filters access by the platform configuration register (PCR) 23 in the attestation document in the request. PCR23 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr3": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR3",
+    "description": "Filters access by the platform configuration register (PCR) 3 in the attestation document in the request. PCR3 is a contiguous measure of extended or pluggable firmware data, including information about pluggable hardware",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr4": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR4",
+    "description": "Filters access by the platform configuration register (PCR) 4 in the attestation document in the request. PCR4 is a contiguous measure of boot loader and additional drivers, including binaries and extensions loaded by the boot loader",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr5": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR5",
+    "description": "Filters access by the platform configuration register (PCR) 5 in the attestation document in the request. PCR5 is a contiguous measure of GPT/Partition table",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr6": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR6",
+    "description": "Filters access by the platform configuration register (PCR) 6 in the attestation document in the request. PCR6 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr7": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR7",
+    "description": "Filters access by the platform configuration register (PCR) 7 in the attestation document in the request. PCR7 is a contiguous measure of SecureBoot state",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr8": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR8",
+    "description": "Filters access by the platform configuration register (PCR) 8 in the attestation document in the request. PCR8 is a contiguous measure of commands and kernel command line",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr9": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR9",
+    "description": "Filters access by the platform configuration register (PCR) 9 in the attestation document in the request. PCR9 is a contiguous measure of all files read (including kernel image)",
+    "type": "String"
+  },
   "kms:recipientattestation:pcr0": {
     "key": "kms:RecipientAttestation:PCR0",
-    "description": "Filters access by the platform configuration register (PCR) 0 in the attestation document. PCR0 is a contiguous measure of the contents of the enclave image file, without the section data",
+    "description": "Filters access by the platform configuration register (PCR) 0 in the attestation document in the request. PCR0 is a contiguous measure of the contents of the enclave image file, without the section data",
     "type": "String"
   },
   "kms:recipientattestation:pcr1": {
     "key": "kms:RecipientAttestation:PCR1",
-    "description": "Filters access by the platform configuration register (PCR) 1 in the attestation document. PCR1 is a contiguous measurement of the Linux kernel and bootstrap data",
+    "description": "Filters access by the platform configuration register (PCR) 1 in the attestation document in the request. PCR1 is a contiguous measurement of the Linux kernel and bootstrap data",
     "type": "String"
   },
   "kms:recipientattestation:pcr10": {
@@ -196,7 +316,7 @@
   },
   "kms:recipientattestation:pcr2": {
     "key": "kms:RecipientAttestation:PCR2",
-    "description": "Filters access by the platform configuration register (PCR) 2 in the attestation document. PCR2 is a contiguous, in-order measurement of the user applications, without the boot ramfs",
+    "description": "Filters access by the platform configuration register (PCR) 2 in the attestation document in the request. PCR2 is a contiguous, in-order measurement of the user applications, without the boot ramfs",
     "type": "String"
   },
   "kms:recipientattestation:pcr20": {
@@ -251,7 +371,7 @@
   },
   "kms:recipientattestation:pcr3": {
     "key": "kms:RecipientAttestation:PCR3",
-    "description": "Filters access by the platform configuration register (PCR) 3 in the attestation document. PCR3 is a contiguous measurement of the IAM role assigned to the parent instance",
+    "description": "Filters access by the platform configuration register (PCR) 3 in the attestation document in the request. PCR3 is a contiguous measurement of the IAM role assigned to the parent instance",
     "type": "String"
   },
   "kms:recipientattestation:pcr30": {
@@ -266,7 +386,7 @@
   },
   "kms:recipientattestation:pcr4": {
     "key": "kms:RecipientAttestation:PCR4",
-    "description": "Filters access by the platform configuration register (PCR) 4 in the attestation document. PCR4 is a contiguous measurement of the ID of the parent instance",
+    "description": "Filters access by the platform configuration register (PCR) 4 in the attestation document in the request. PCR4 is a contiguous measurement of the ID of the parent instance",
     "type": "String"
   },
   "kms:recipientattestation:pcr5": {
@@ -281,12 +401,12 @@
   },
   "kms:recipientattestation:pcr7": {
     "key": "kms:RecipientAttestation:PCR7",
-    "description": "Filters access by platform configuration register (PCR) 7 in the attestation document in the request. PCR7 is a custom PCR that can be defined by the user for specific use cases",
+    "description": "Filters access by the platform configuration register (PCR) 7 in the attestation document in the request. PCR7 is a custom PCR that can be defined by the user for specific use cases",
     "type": "String"
   },
   "kms:recipientattestation:pcr8": {
     "key": "kms:RecipientAttestation:PCR8",
-    "description": "Filters access by the platform configuration register (PCR) 8 in the attestation document. PCR8 is a measure of the signing certificate specified for the enclave image file",
+    "description": "Filters access by the platform configuration register (PCR) 8 in the attestation document in the request. PCR8 is a measure of the signing certificate specified for the enclave image file",
     "type": "String"
   },
   "kms:recipientattestation:pcr9": {

iamdata/data/conditionKeys/lambda.json

@@ -34,6 +34,11 @@
     "description": "Filters access by authorization type specified in request. Available during CreateFunctionUrlConfig, UpdateFunctionUrlConfig, DeleteFunctionUrlConfig, GetFunctionUrlConfig, ListFunctionUrlConfig, AddPermission and RemovePermission operations",
     "type": "String"
   },
+  "lambda:invokedviafunctionurl": {
+    "key": "lambda:InvokedViaFunctionUrl",
+    "description": "Limits the scope of lambda:InvokeFunction action to Function URLs only. Available during AddPermission operation",
+    "type": "Bool"
+  },
   "lambda:layer": {
     "key": "lambda:Layer",
     "description": "Filters access by the ARN of a version of an AWS Lambda layer",

iamdata/data/conditionKeys/license-manager.json

@@ -4,6 +4,11 @@
     "description": "Filters access by the tags that are passed in the request",
     "type": "String"
   },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by the tags associated with the resource",
+    "type": "String"
+  },
   "aws:tagkeys": {
     "key": "aws:TagKeys",
     "description": "Filters access by tag keys that are passed in the request",

iamdata/data/conditionKeys/mediaconnect.json

@@ -1 +1,17 @@
-{}
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/mpa.json

@@ -0,0 +1,27 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair that is allowed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair of a resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by a list of tag keys that are allowed in the request",
+    "type": "ArrayOfString"
+  },
+  "mpa:protectedresourceaccount": {
+    "key": "mpa:ProtectedResourceAccount",
+    "description": "Filters access by the account that owns the resource that is the target of the operation that requires approval",
+    "type": "String"
+  },
+  "mpa:requestedoperation": {
+    "key": "mpa:RequestedOperation",
+    "description": "Filters access by a requested operation that requires team approval before it can be executed",
+    "type": "String"
+  }
+}

iamdata/data/conditionKeys/observabilityadmin.json

@@ -1 +1,37 @@
-{}
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by the tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  },
+  "observabilityadmin:centralizationbackupregion": {
+    "key": "observabilityadmin:CentralizationBackupRegion",
+    "description": "Filters access by the backup region that is passed in the request",
+    "type": "String"
+  },
+  "observabilityadmin:centralizationdestinationregion": {
+    "key": "observabilityadmin:CentralizationDestinationRegion",
+    "description": "Filters access by the destination region that is passed in the request",
+    "type": "String"
+  },
+  "observabilityadmin:centralizationsourceregions": {
+    "key": "observabilityadmin:CentralizationSourceRegions",
+    "description": "Filters access by the source regions that are passed in the request",
+    "type": "ArrayOfString"
+  },
+  "observabilityadmin:sourcetype": {
+    "key": "observabilityadmin:SourceType",
+    "description": "Filters access by the source type that is passed in the request",
+    "type": "String"
+  }
+}

iamdata/data/conditionKeys/odb.json

@@ -0,0 +1,17 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair that is allowed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair of a resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by a list of tag keys that are allowed in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/organizations.json

@@ -23,5 +23,15 @@
     "key": "organizations:ServicePrincipal",
     "description": "Filters access by the specified service principal names",
     "type": "String"
+  },
+  "organizations:transferdirection": {
+    "key": "organizations:TransferDirection",
+    "description": "Filters access by the specified responsibility transfer by the direction",
+    "type": "String"
+  },
+  "organizations:transfertype": {
+    "key": "organizations:TransferType",
+    "description": "Filters access by the specified responsibility transfer type names",
+    "type": "String"
   }
 }

iamdata/data/conditionKeys/partnercentral-account-management.json

@@ -1 +1,12 @@
-{}
+{
+  "partnercentral-account-management:legacypartnercentralrole": {
+    "key": "partnercentral-account-management:LegacyPartnerCentralRole",
+    "description": "Filters access by the Legacy Partner Central role",
+    "type": "ArrayOfString"
+  },
+  "partnercentral-account-management:marketingcentralrole": {
+    "key": "partnercentral-account-management:MarketingCentralRole",
+    "description": "Filters access by Marketing Central role",
+    "type": "ArrayOfString"
+  }
+}