iamdata 0.1.202505111__py3-none-any.whl → 0.1.202512121__py3-none-any.whl

iamdata/data/conditionKeys/partnercentral.json

@@ -16,12 +16,32 @@
   },
   "partnercentral:catalog": {
     "key": "partnercentral:Catalog",
-    "description": "Filters access by a specific Catalog. Accepted values: [AWS, Sandbox]",
+    "description": "Filters access by a specific Catalog",
     "type": "String"
   },
+  "partnercentral:channelhandshaketype": {
+    "key": "partnercentral:ChannelHandshakeType",
+    "description": "Filters access by channel handshake types",
+    "type": "String"
+  },
+  "partnercentral:fulfillmenttypes": {
+    "key": "partnercentral:FulfillmentTypes",
+    "description": "Filters access by benefit fulfillment types",
+    "type": "ArrayOfString"
+  },
+  "partnercentral:programs": {
+    "key": "partnercentral:Programs",
+    "description": "Filters access by program",
+    "type": "ArrayOfString"
+  },
   "partnercentral:relatedentitytype": {
     "key": "partnercentral:RelatedEntityType",
-    "description": "Filters access by entity types for Opportunity association. Accepted values: [Solutions, AwsProducts, AwsMarketplaceOffers]",
+    "description": "Filters access by entity types for Opportunity association",
+    "type": "String"
+  },
+  "partnercentral:verificationtype": {
+    "key": "partnercentral:VerificationType",
+    "description": "Filters access by the type of verification being performed",
     "type": "String"
   }
 }

iamdata/data/conditionKeys/pricingplanmanager.json

@@ -0,0 +1 @@
+{}

iamdata/data/conditionKeys/quicksight.json

@@ -14,11 +14,6 @@
     "description": "Filters access by tag keys",
     "type": "ArrayOfString"
   },
-  "identitystore:groupid": {
-    "key": "identitystore:GroupId",
-    "description": "Filters access by IdentityStore group ARN",
-    "type": "ARN"
-  },
   "quicksight:allowedembeddingdomains": {
     "key": "quicksight:AllowedEmbeddingDomains",
     "description": "Filters access by the allowed embedding domains",

iamdata/data/conditionKeys/rds.json

@@ -59,6 +59,11 @@
     "description": "Filters access by the value that contains the number of Provisioned IOPS (PIOPS) that the instance supports. To indicate a DB instance that does not have PIOPS enabled, specify 0",
     "type": "Numeric"
   },
+  "rds:publiclyaccessible": {
+    "key": "rds:PubliclyAccessible",
+    "description": "Filters access by the value that specifies whether the DB Instance or DB ShardGroup is publicly accessible",
+    "type": "Bool"
+  },
   "rds:storageencrypted": {
     "key": "rds:StorageEncrypted",
     "description": "Filters access by the value that specifies whether the DB instance storage should be encrypted. To enforce storage encryption, specify true",

iamdata/data/conditionKeys/route53.json

@@ -17,6 +17,6 @@
   "route53:vpcs": {
     "key": "route53:VPCs",
     "description": "Filters access by VPCs in request",
-    "type": "ArrayOfString"
+    "type": "String"
   }
 }

iamdata/data/conditionKeys/route53globalresolver.json

@@ -0,0 +1,17 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair that is allowed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair of a resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by a list of tag keys that are allowed in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/rtbfabric.json

@@ -0,0 +1,47 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair that is allowed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair of a resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by a list of tag keys that are allowed in the request",
+    "type": "ArrayOfString"
+  },
+  "rtbfabric:inboundexternallinkgatewayid": {
+    "key": "rtbfabric:InboundExternalLinkGatewayId",
+    "description": "Filters access by gateway identifier supporting rtb-gw-* formats",
+    "type": "String"
+  },
+  "rtbfabric:inboundexternallinklinkid": {
+    "key": "rtbfabric:InboundExternalLinkLinkId",
+    "description": "Filters access by InboundExternalLink resource linkId identifier",
+    "type": "String"
+  },
+  "rtbfabric:linklinkid": {
+    "key": "rtbfabric:LinkLinkId",
+    "description": "Filters access by Link resource linkId identifier",
+    "type": "String"
+  },
+  "rtbfabric:outboundexternallinklinkid": {
+    "key": "rtbfabric:OutboundExternalLinkLinkId",
+    "description": "Filters access by OutboundExternalLink resource linkId identifier",
+    "type": "String"
+  },
+  "rtbfabric:requestergatewaygatewayid": {
+    "key": "rtbfabric:RequesterGatewayGatewayId",
+    "description": "Filters access by gateway identifier supporting rtb-gw-* formats",
+    "type": "String"
+  },
+  "rtbfabric:respondergatewaygatewayid": {
+    "key": "rtbfabric:ResponderGatewayGatewayId",
+    "description": "Filters access by gateway identifier supporting rtb-gw-* formats",
+    "type": "String"
+  }
+}

iamdata/data/conditionKeys/s3.json

@@ -14,16 +14,36 @@
     "description": "Filters access by the tag keys that are passed in the request",
     "type": "ArrayOfString"
   },
+  "s3:accessgrantscope": {
+    "key": "s3:AccessGrantScope",
+    "description": "Filters access by the grant scope of access grants grant",
+    "type": "String"
+  },
   "s3:accessgrantsinstancearn": {
     "key": "s3:AccessGrantsInstanceArn",
     "description": "Filters access by access grants instance ARN",
     "type": "ARN"
   },
+  "s3:accessgrantslocationscope": {
+    "key": "s3:AccessGrantsLocationScope",
+    "description": "Filters access by the location scope of access grants location",
+    "type": "String"
+  },
   "s3:accesspointnetworkorigin": {
     "key": "s3:AccessPointNetworkOrigin",
     "description": "Filters access by the network origin (Internet or VPC)",
     "type": "String"
   },
+  "s3:accesspointtag/${tagkey}": {
+    "key": "s3:AccessPointTag/${TagKey}",
+    "description": "Filters access by existing access point tag key and value",
+    "type": "String"
+  },
+  "s3:buckettag/${tagkey}": {
+    "key": "s3:BucketTag/${TagKey}",
+    "description": "Filters access by the tags associated with the bucket",
+    "type": "String"
+  },
   "s3:dataaccesspointaccount": {
     "key": "s3:DataAccessPointAccount",
     "description": "Filters access by the AWS Account ID that owns the access point",

iamdata/data/conditionKeys/s3express.json

@@ -1,14 +1,39 @@
 {
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by the tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  },
   "s3express:accesspointnetworkorigin": {
     "key": "s3express:AccessPointNetworkOrigin",
     "description": "Filters access by the network origin (Internet or VPC)",
     "type": "String"
   },
+  "s3express:accesspointtag/${tagkey}": {
+    "key": "s3express:AccessPointTag/${TagKey}",
+    "description": "Filters access by tag key-value pairs attached to the access point",
+    "type": "String"
+  },
   "s3express:allaccessrestrictedtolocalzonegroup": {
     "key": "s3express:AllAccessRestrictedToLocalZoneGroup",
     "description": "Filters access by AWS Local Zone network border group(s) provided in this condition key",
     "type": "String"
   },
+  "s3express:buckettag/${tagkey}": {
+    "key": "s3express:BucketTag/${TagKey}",
+    "description": "Filters access by tag key-value pairs attached to the bucket",
+    "type": "String"
+  },
   "s3express:dataaccesspointaccount": {
     "key": "s3express:DataAccessPointAccount",
     "description": "Filters access by the AWS Account ID that owns the access point",
@@ -21,7 +46,7 @@
   },
   "s3express:locationname": {
     "key": "s3express:LocationName",
-    "description": "Filters access by a specific Availability Zone ID",
+    "description": "Filters access by a specific Availability Zone or Local Zone ID",
     "type": "String"
   },
   "s3express:permissions": {

iamdata/data/conditionKeys/s3tables.json

@@ -1,4 +1,19 @@
 {
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by the tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  },
   "s3tables:kmskeyarn": {
     "key": "s3tables:KMSKeyArn",
     "description": "Filters access by the AWS KMS key ARN for the key used to encrypt a table",
@@ -9,6 +24,16 @@
     "description": "Filters access by the server-side encryption algorithm used to encrypt a table",
     "type": "String"
   },
+  "s3tables:storageclass": {
+    "key": "s3tables:StorageClass",
+    "description": "Filters access by the storage class that can be set on tables under a table bucket",
+    "type": "String"
+  },
+  "s3tables:tablebuckettag/${tagkey}": {
+    "key": "s3tables:TableBucketTag/${TagKey}",
+    "description": "Filters access by the tags associated with the table bucket",
+    "type": "String"
+  },
   "s3tables:namespace": {
     "key": "s3tables:namespace",
     "description": "Filters access by the namespaces created in the table bucket",

iamdata/data/conditionKeys/s3vectors.json

@@ -0,0 +1,32 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by the tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  },
+  "s3vectors:vectorbuckettag/${tagkey}": {
+    "key": "s3vectors:VectorBucketTag/${TagKey}",
+    "description": "Filters access by the tags associated with the vector bucket",
+    "type": "String"
+  },
+  "s3vectors:kmskeyarn": {
+    "key": "s3vectors:kmsKeyArn",
+    "description": "Filters access by the AWS KMS key ARN for the key used to encrypt a vector bucket",
+    "type": "ARN"
+  },
+  "s3vectors:ssetype": {
+    "key": "s3vectors:sseType",
+    "description": "Filters access by server-side encryption type",
+    "type": "String"
+  }
+}

iamdata/data/conditionKeys/sagemaker-unified-studio-mcp.json

@@ -0,0 +1 @@
+{}

iamdata/data/conditionKeys/sagemaker.json

@@ -24,6 +24,21 @@
     "description": "Filters access by the app network access type associated with the resource in the request",
     "type": "String"
   },
+  "sagemaker:currentcustomermetadataproperties/${metadatakey}": {
+    "key": "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}",
+    "description": "Filters access by a current metadata key and value pair associated with the model-package resource",
+    "type": "String"
+  },
+  "sagemaker:currentmodellifecyclestage": {
+    "key": "sagemaker:CurrentModelLifeCycleStage",
+    "description": "Filters access by the current value of the Stage field in the model life cycle object associated with the model-package resource",
+    "type": "String"
+  },
+  "sagemaker:currentmodellifecyclestagestatus": {
+    "key": "sagemaker:CurrentModelLifeCycleStageStatus",
+    "description": "Filters access by the current value of the StageStatus field in the model life cycle object associated with the model-package resource",
+    "type": "String"
+  },
   "sagemaker:customermetadataproperties/${metadatakey}": {
     "key": "sagemaker:CustomerMetadataProperties/${MetadataKey}",
     "description": "Filters access by a metadata key and value pair",
@@ -184,6 +199,16 @@
     "description": "Filters access by the OwnerUserProfile arn associated with the space in the request",
     "type": "ARN"
   },
+  "sagemaker:pipelineversionid": {
+    "key": "sagemaker:PipelineVersionId",
+    "description": "Filters access to specific version IDs of a Sagemaker pipeline",
+    "type": "String"
+  },
+  "sagemaker:remoteaccess": {
+    "key": "sagemaker:RemoteAccess",
+    "description": "Filters access by the remote access flag associated with the space in the request",
+    "type": "String"
+  },
   "sagemaker:resourcetag/": {
     "key": "sagemaker:ResourceTag/",
     "description": "Filters access by the preface string for a tag key and value pair attached to a resource",

iamdata/data/conditionKeys/savingsplans.json

@@ -6,7 +6,7 @@
   },
   "aws:resourcetag/${tagkey}": {
     "key": "aws:ResourceTag/${TagKey}",
-    "description": "Filters access by tag-value assoicated with the resource",
+    "description": "Filters access by tag-value associated with the resource",
     "type": "String"
   },
   "aws:tagkeys": {

iamdata/data/conditionKeys/secretsmanager.json

@@ -29,6 +29,11 @@
     "description": "Filters access by the description text in the request",
     "type": "String"
   },
+  "secretsmanager:externalsecretrotationrolearn": {
+    "key": "secretsmanager:ExternalSecretRotationRoleArn",
+    "description": "Filters access by the managed external secret rotation role ARN in the request",
+    "type": "ARN"
+  },
   "secretsmanager:forcedeletewithoutrecovery": {
     "key": "secretsmanager:ForceDeleteWithoutRecovery",
     "description": "Filters access by whether the secret is to be deleted immediately without any recovery window",
@@ -86,7 +91,12 @@
   },
   "secretsmanager:secretprimaryregion": {
     "key": "secretsmanager:SecretPrimaryRegion",
-    "description": "Filters access by primary region in which the secret is created",
+    "description": "Filters access by primary region in which the secret is created if the secret is a multi-Region secret",
+    "type": "String"
+  },
+  "secretsmanager:type": {
+    "key": "secretsmanager:Type",
+    "description": "Filters access by the managed external secret type in the request",
     "type": "String"
   },
   "secretsmanager:versionid": {
@@ -103,5 +113,10 @@
     "key": "secretsmanager:resource/AllowRotationLambdaArn",
     "description": "Filters access by the ARN of the rotation Lambda function associated with the secret",
     "type": "ARN"
+  },
+  "secretsmanager:resource/type": {
+    "key": "secretsmanager:resource/Type",
+    "description": "Filters access by the managed external secret type associated with the secret",
+    "type": "String"
   }
 }

iamdata/data/conditionKeys/securityagent.json

@@ -0,0 +1 @@
+{}

iamdata/data/conditionKeys/securityhub.json

@@ -19,6 +19,11 @@
     "description": "Filters access by the specified fields and values in the request",
     "type": "String"
   },
+  "securityhub:ocsfsyntaxpath/${ocsfsyntaxpath}": {
+    "key": "securityhub:OCSFSyntaxPath/${OCSFSyntaxPath}",
+    "description": "Filters access by the specified fields and values in the request",
+    "type": "String"
+  },
   "securityhub:targetaccount": {
     "key": "securityhub:TargetAccount",
     "description": "Filters access by the AwsAccountId field that is specified in the request",

iamdata/data/conditionKeys/servicediscovery.json

@@ -29,6 +29,11 @@
     "description": "Filters access by specifying the Amazon Resource Name (ARN) for the related service",
     "type": "ARN"
   },
+  "servicediscovery:servicecreatedbyaccount": {
+    "key": "servicediscovery:ServiceCreatedByAccount",
+    "description": "Filters access by specifying the account id of the related service creator",
+    "type": "String"
+  },
   "servicediscovery:servicename": {
     "key": "servicediscovery:ServiceName",
     "description": "Filters access by specifying the name of the related service",

iamdata/data/conditionKeys/ses.json

@@ -73,5 +73,10 @@
     "key": "ses:ReplicaRegion",
     "description": "Filters access by the replica regions for Replicating domain DKIM signing key",
     "type": "ArrayOfString"
+  },
+  "ses:tenantname": {
+    "key": "ses:TenantName",
+    "description": "Filters access by the tenant name that is used to send email",
+    "type": "String"
   }
 }

iamdata/data/conditionKeys/ssm.json

@@ -39,6 +39,11 @@
     "description": "Filters access by verifying that a user has permission to access a document belonging to a specific document type. Only available in \"aws\", \"aws-cn\", and \"aws-us-gov\" partitions",
     "type": "String"
   },
+  "ssm:inventorytypename": {
+    "key": "ssm:InventoryTypeName",
+    "description": "Filters access by verifying that a user also has access to the InventoryType specified in the request",
+    "type": "ArrayOfString"
+  },
   "ssm:overwrite": {
     "key": "ssm:Overwrite",
     "description": "Filters access by controling whether Systems Manager parameters can be overwritten",
@@ -54,6 +59,11 @@
     "description": "Filters access by Systems Manager parameters created in a hierarchical structure",
     "type": "String"
   },
+  "ssm:sessiondocumentaccesscheck": {
+    "key": "ssm:SessionDocumentAccessCheck",
+    "description": "Filters access by verifying that a user has permission to access either the default Session Manager configuration document or the custom configuration document specified in a request",
+    "type": "Bool"
+  },
   "ssm:sourceinstancearn": {
     "key": "ssm:SourceInstanceARN",
     "description": "Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile",

iamdata/data/conditionKeys/sso.json

@@ -14,6 +14,16 @@
     "description": "Filters access by the tag keys that are passed in the request",
     "type": "ArrayOfString"
   },
+  "identitycenter:applicationarn": {
+    "key": "identitycenter:ApplicationArn",
+    "description": "Filters access by the ARN of the IAM Identity Center application",
+    "type": "ARN"
+  },
+  "identitycenter:instancearn": {
+    "key": "identitycenter:InstanceArn",
+    "description": "Filters access by the ARN of the IAM Identity Center instance",
+    "type": "ARN"
+  },
   "sso:applicationaccount": {
     "key": "sso:ApplicationAccount",
     "description": "Filters access by the account which creates the application. This condition key is not supported for customer managed SAML applications",

iamdata/data/conditionKeys/sts.json

@@ -234,6 +234,11 @@
     "description": "Filters access by the unique identifier required when you assume a role in another account",
     "type": "String"
   },
+  "sts:identitytokenaudience": {
+    "key": "sts:IdentityTokenAudience",
+    "description": "Filters access by the audience that is passed in the request",
+    "type": "String"
+  },
   "sts:requestcontext/${contextkey}": {
     "key": "sts:RequestContext/${ContextKey}",
     "description": "Filters access by the session context key-value pairs embedded in the signed context assertion retrieved from a trusted context provider",
@@ -249,6 +254,11 @@
     "description": "Filters access by the role session name required when you assume a role",
     "type": "String"
   },
+  "sts:signingalgorithm": {
+    "key": "sts:SigningAlgorithm",
+    "description": "Filters access by the signing algorithm that is passed in the request",
+    "type": "String"
+  },
   "sts:sourceidentity": {
     "key": "sts:SourceIdentity",
     "description": "Filters access by the source identity that is passed in the request",

iamdata/data/conditionKeys/support-console.json

@@ -0,0 +1 @@
+{}

iamdata/data/conditionKeys/transcribe.json

@@ -21,7 +21,7 @@
   },
   "transcribe:outputencryptionkmskeyid": {
     "key": "transcribe:OutputEncryptionKMSKeyId",
-    "description": "Filters access based on the KMS key id included in the request",
+    "description": "Filters access based on the KMS key id included in the request, provided in the form of a KMS key ARN",
     "type": "String"
   },
   "transcribe:outputkey": {

iamdata/data/conditionKeys/transfer.json

@@ -13,5 +13,25 @@
     "key": "aws:TagKeys",
     "description": "Filters access by the tag keys that are passed in the request",
     "type": "ArrayOfString"
+  },
+  "transfer:requestconnectorprotocol": {
+    "key": "transfer:RequestConnectorProtocol",
+    "description": "Filters access by the connector protocol that is passed in the request",
+    "type": "String"
+  },
+  "transfer:requestserverdomain": {
+    "key": "transfer:RequestServerDomain",
+    "description": "Filters access by the storage domain that is passed in the request",
+    "type": "String"
+  },
+  "transfer:requestserverendpointtype": {
+    "key": "transfer:RequestServerEndpointType",
+    "description": "Filters access by the endpoint type that is passed in the request",
+    "type": "String"
+  },
+  "transfer:requestserverprotocols": {
+    "key": "transfer:RequestServerProtocols",
+    "description": "Filters access by the server protocols that are passed in the request",
+    "type": "ArrayOfString"
   }
 }

iamdata/data/conditionKeys/transform-custom.json

@@ -0,0 +1,17 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by the tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/transform.json

@@ -0,0 +1,12 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/uxc.json

@@ -0,0 +1 @@
+{}

iamdata/data/conditionKeys/vpc-lattice-svcs.json

@@ -14,6 +14,11 @@
     "description": "Filters access by the method of the request",
     "type": "String"
   },
+  "vpc-lattice-svcs:requestpath": {
+    "key": "vpc-lattice-svcs:RequestPath",
+    "description": "Filters access by the path portion of the request URL",
+    "type": "String"
+  },
   "vpc-lattice-svcs:requestquerystring/${querystringkey}": {
     "key": "vpc-lattice-svcs:RequestQueryString/${QueryStringKey}",
     "description": "Filters access by the query string key-value pairs in the request URL",

iamdata/data/conditionKeys/vpc-lattice.json

@@ -19,6 +19,21 @@
     "description": "Filters access by the auth type specified in the request",
     "type": "String"
   },
+  "vpc-lattice:domainname": {
+    "key": "vpc-lattice:DomainName",
+    "description": "Filters access by the domain name",
+    "type": "String"
+  },
+  "vpc-lattice:privatednspreference": {
+    "key": "vpc-lattice:PrivateDnsPreference",
+    "description": "Filters access by the private dns preference",
+    "type": "String"
+  },
+  "vpc-lattice:privatednsspecifieddomains": {
+    "key": "vpc-lattice:PrivateDnsSpecifiedDomains",
+    "description": "Filters access by the private dns domains",
+    "type": "ArrayOfString"
+  },
   "vpc-lattice:protocol": {
     "key": "vpc-lattice:Protocol",
     "description": "Filters access by the protocol specified in the request",

iamdata/data/conditionKeys/workspaces-instances.json

@@ -0,0 +1,17 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access based on the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access based on the tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access based on the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  }
+}