iamdata 0.1.202509101__py3-none-any.whl → 0.1.202511241__py3-none-any.whl

iamdata/data/conditionKeys/kms.json

@@ -134,14 +134,134 @@
     "description": "Filters access to the API operations based on the image hash in the attestation document in the request",
     "type": "String"
   },
+  "kms:recipientattestation:nitrotpmpcr0": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR0",
+    "description": "Filters access by the platform configuration register (PCR) 0 in the attestation document in the request. PCR0 is a contiguous measure of core system firmware executable code",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr1": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR1",
+    "description": "Filters access by the platform configuration register (PCR) 1 in the attestation document in the request. PCR1 is a contiguous measure of core system firmware data/host platform configuration, typically including serial and model numbers",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr10": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR10",
+    "description": "Filters access by the platform configuration register (PCR) 10 in the attestation document in the request. PCR10 is a contiguous measure of protection of the IMA measurement log",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr11": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR11",
+    "description": "Filters access by the platform configuration register (PCR) 11 in the attestation document in the request. PCR11 is a contiguous measure of all components of unified kernel images (UKIs)",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr12": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR12",
+    "description": "Filters access by the platform configuration register (PCR) 12 in the attestation document in the request. PCR12 is a contiguous measure of kernel command line, system credentials and system configuration images",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr13": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR13",
+    "description": "Filters access by the platform configuration register (PCR) 13 in the attestation document in the request. PCR13 is a contiguous measure of all system extension images for the initrd",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr14": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR14",
+    "description": "Filters access by the platform configuration register (PCR) 14 in the attestation document in the request. PCR14 is a contiguous measure of \"MOK\" certificates and hashes",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr15": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR15",
+    "description": "Filters access by the platform configuration register (PCR) 15 in the attestation document in the request. PCR15 is a contiguous measure of root file system volume encryption key",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr16": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR16",
+    "description": "Filters access by the platform configuration register (PCR) 16 in the attestation document in the request. PCR16 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr17": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR17",
+    "description": "Filters access by the platform configuration register (PCR) 17 in the attestation document in the request. PCR17 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr18": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR18",
+    "description": "Filters access by the platform configuration register (PCR) 18 in the attestation document in the request. PCR18 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr19": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR19",
+    "description": "Filters access by the platform configuration register (PCR) 19 in the attestation document in the request. PCR19 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr2": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR2",
+    "description": "Filters access by the platform configuration register (PCR) 2 in the attestation document in the request. PCR2 is a contiguous measure of extended or pluggable executable code, including option ROMs on pluggable hardware",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr20": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR20",
+    "description": "Filters access by the platform configuration register (PCR) 20 in the attestation document in the request. PCR20 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr21": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR21",
+    "description": "Filters access by the platform configuration register (PCR) 21 in the attestation document in the request. PCR21 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr22": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR22",
+    "description": "Filters access by the platform configuration register (PCR) 22 in the attestation document in the request. PCR22 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr23": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR23",
+    "description": "Filters access by the platform configuration register (PCR) 23 in the attestation document in the request. PCR23 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr3": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR3",
+    "description": "Filters access by the platform configuration register (PCR) 3 in the attestation document in the request. PCR3 is a contiguous measure of extended or pluggable firmware data, including information about pluggable hardware",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr4": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR4",
+    "description": "Filters access by the platform configuration register (PCR) 4 in the attestation document in the request. PCR4 is a contiguous measure of boot loader and additional drivers, including binaries and extensions loaded by the boot loader",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr5": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR5",
+    "description": "Filters access by the platform configuration register (PCR) 5 in the attestation document in the request. PCR5 is a contiguous measure of GPT/Partition table",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr6": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR6",
+    "description": "Filters access by the platform configuration register (PCR) 6 in the attestation document in the request. PCR6 is a custom PCR that can be defined by the user for specific use cases",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr7": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR7",
+    "description": "Filters access by the platform configuration register (PCR) 7 in the attestation document in the request. PCR7 is a contiguous measure of SecureBoot state",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr8": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR8",
+    "description": "Filters access by the platform configuration register (PCR) 8 in the attestation document in the request. PCR8 is a contiguous measure of commands and kernel command line",
+    "type": "String"
+  },
+  "kms:recipientattestation:nitrotpmpcr9": {
+    "key": "kms:RecipientAttestation:NitroTPMPCR9",
+    "description": "Filters access by the platform configuration register (PCR) 9 in the attestation document in the request. PCR9 is a contiguous measure of all files read (including kernel image)",
+    "type": "String"
+  },
   "kms:recipientattestation:pcr0": {
     "key": "kms:RecipientAttestation:PCR0",
-    "description": "Filters access by the platform configuration register (PCR) 0 in the attestation document. PCR0 is a contiguous measure of the contents of the enclave image file, without the section data",
+    "description": "Filters access by the platform configuration register (PCR) 0 in the attestation document in the request. PCR0 is a contiguous measure of the contents of the enclave image file, without the section data",
     "type": "String"
   },
   "kms:recipientattestation:pcr1": {
     "key": "kms:RecipientAttestation:PCR1",
-    "description": "Filters access by the platform configuration register (PCR) 1 in the attestation document. PCR1 is a contiguous measurement of the Linux kernel and bootstrap data",
+    "description": "Filters access by the platform configuration register (PCR) 1 in the attestation document in the request. PCR1 is a contiguous measurement of the Linux kernel and bootstrap data",
     "type": "String"
   },
   "kms:recipientattestation:pcr10": {
@@ -196,7 +316,7 @@
   },
   "kms:recipientattestation:pcr2": {
     "key": "kms:RecipientAttestation:PCR2",
-    "description": "Filters access by the platform configuration register (PCR) 2 in the attestation document. PCR2 is a contiguous, in-order measurement of the user applications, without the boot ramfs",
+    "description": "Filters access by the platform configuration register (PCR) 2 in the attestation document in the request. PCR2 is a contiguous, in-order measurement of the user applications, without the boot ramfs",
     "type": "String"
   },
   "kms:recipientattestation:pcr20": {
@@ -251,7 +371,7 @@
   },
   "kms:recipientattestation:pcr3": {
     "key": "kms:RecipientAttestation:PCR3",
-    "description": "Filters access by the platform configuration register (PCR) 3 in the attestation document. PCR3 is a contiguous measurement of the IAM role assigned to the parent instance",
+    "description": "Filters access by the platform configuration register (PCR) 3 in the attestation document in the request. PCR3 is a contiguous measurement of the IAM role assigned to the parent instance",
     "type": "String"
   },
   "kms:recipientattestation:pcr30": {
@@ -266,7 +386,7 @@
   },
   "kms:recipientattestation:pcr4": {
     "key": "kms:RecipientAttestation:PCR4",
-    "description": "Filters access by the platform configuration register (PCR) 4 in the attestation document. PCR4 is a contiguous measurement of the ID of the parent instance",
+    "description": "Filters access by the platform configuration register (PCR) 4 in the attestation document in the request. PCR4 is a contiguous measurement of the ID of the parent instance",
     "type": "String"
   },
   "kms:recipientattestation:pcr5": {
@@ -281,12 +401,12 @@
   },
   "kms:recipientattestation:pcr7": {
     "key": "kms:RecipientAttestation:PCR7",
-    "description": "Filters access by platform configuration register (PCR) 7 in the attestation document in the request. PCR7 is a custom PCR that can be defined by the user for specific use cases",
+    "description": "Filters access by the platform configuration register (PCR) 7 in the attestation document in the request. PCR7 is a custom PCR that can be defined by the user for specific use cases",
     "type": "String"
   },
   "kms:recipientattestation:pcr8": {
     "key": "kms:RecipientAttestation:PCR8",
-    "description": "Filters access by the platform configuration register (PCR) 8 in the attestation document. PCR8 is a measure of the signing certificate specified for the enclave image file",
+    "description": "Filters access by the platform configuration register (PCR) 8 in the attestation document in the request. PCR8 is a measure of the signing certificate specified for the enclave image file",
     "type": "String"
   },
   "kms:recipientattestation:pcr9": {

iamdata/data/conditionKeys/lambda.json

@@ -34,6 +34,11 @@
     "description": "Filters access by authorization type specified in request. Available during CreateFunctionUrlConfig, UpdateFunctionUrlConfig, DeleteFunctionUrlConfig, GetFunctionUrlConfig, ListFunctionUrlConfig, AddPermission and RemovePermission operations",
     "type": "String"
   },
+  "lambda:invokedviafunctionurl": {
+    "key": "lambda:InvokedViaFunctionUrl",
+    "description": "Limits the scope of lambda:InvokeFunction action to Function URLs only. Available during AddPermission operation",
+    "type": "Bool"
+  },
   "lambda:layer": {
     "key": "lambda:Layer",
     "description": "Filters access by the ARN of a version of an AWS Lambda layer",

iamdata/data/conditionKeys/mediaconnect.json

@@ -1 +1,17 @@
-{}
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/observabilityadmin.json

@@ -13,5 +13,20 @@
     "key": "aws:TagKeys",
     "description": "Filters access by the tag keys that are passed in the request",
     "type": "ArrayOfString"
+  },
+  "observabilityadmin:centralizationbackupregion": {
+    "key": "observabilityadmin:CentralizationBackupRegion",
+    "description": "Filters access by the backup region that is passed in the request",
+    "type": "String"
+  },
+  "observabilityadmin:centralizationdestinationregion": {
+    "key": "observabilityadmin:CentralizationDestinationRegion",
+    "description": "Filters access by the destination region that is passed in the request",
+    "type": "String"
+  },
+  "observabilityadmin:centralizationsourceregions": {
+    "key": "observabilityadmin:CentralizationSourceRegions",
+    "description": "Filters access by the source regions that are passed in the request",
+    "type": "ArrayOfString"
   }
 }

iamdata/data/conditionKeys/organizations.json

@@ -23,5 +23,15 @@
     "key": "organizations:ServicePrincipal",
     "description": "Filters access by the specified service principal names",
     "type": "String"
+  },
+  "organizations:transferdirection": {
+    "key": "organizations:TransferDirection",
+    "description": "Filters access by the specified responsibility transfer by the direction",
+    "type": "String"
+  },
+  "organizations:transfertype": {
+    "key": "organizations:TransferType",
+    "description": "Filters access by the specified responsibility transfer type names",
+    "type": "String"
   }
 }

iamdata/data/conditionKeys/partnercentral.json

@@ -16,12 +16,17 @@
   },
   "partnercentral:catalog": {
     "key": "partnercentral:Catalog",
-    "description": "Filters access by a specific Catalog. Accepted values: [AWS, Sandbox]",
+    "description": "Filters access by a specific Catalog",
+    "type": "String"
+  },
+  "partnercentral:channelhandshaketype": {
+    "key": "partnercentral:ChannelHandshakeType",
+    "description": "Filters access by channel handshake types",
     "type": "String"
   },
   "partnercentral:relatedentitytype": {
     "key": "partnercentral:RelatedEntityType",
-    "description": "Filters access by entity types for Opportunity association. Accepted values: [Solutions, AwsProducts, AwsMarketplaceOffers]",
+    "description": "Filters access by entity types for Opportunity association",
     "type": "String"
   }
 }

iamdata/data/conditionKeys/pricingplanmanager.json

@@ -0,0 +1 @@
+{}

iamdata/data/conditionKeys/rtbfabric.json

@@ -0,0 +1,47 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair that is allowed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair of a resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by a list of tag keys that are allowed in the request",
+    "type": "ArrayOfString"
+  },
+  "rtbfabric:inboundexternallinkgatewayid": {
+    "key": "rtbfabric:InboundExternalLinkGatewayId",
+    "description": "Filters access by gateway identifier supporting rtb-gw-* formats",
+    "type": "String"
+  },
+  "rtbfabric:inboundexternallinklinkid": {
+    "key": "rtbfabric:InboundExternalLinkLinkId",
+    "description": "Filters access by InboundExternalLink resource linkId identifier",
+    "type": "String"
+  },
+  "rtbfabric:linklinkid": {
+    "key": "rtbfabric:LinkLinkId",
+    "description": "Filters access by Link resource linkId identifier",
+    "type": "String"
+  },
+  "rtbfabric:outboundexternallinklinkid": {
+    "key": "rtbfabric:OutboundExternalLinkLinkId",
+    "description": "Filters access by OutboundExternalLink resource linkId identifier",
+    "type": "String"
+  },
+  "rtbfabric:requestergatewaygatewayid": {
+    "key": "rtbfabric:RequesterGatewayGatewayId",
+    "description": "Filters access by gateway identifier supporting rtb-gw-* formats",
+    "type": "String"
+  },
+  "rtbfabric:respondergatewaygatewayid": {
+    "key": "rtbfabric:ResponderGatewayGatewayId",
+    "description": "Filters access by gateway identifier supporting rtb-gw-* formats",
+    "type": "String"
+  }
+}

iamdata/data/conditionKeys/s3.json

@@ -39,6 +39,11 @@
     "description": "Filters access by existing access point tag key and value",
     "type": "String"
   },
+  "s3:buckettag/${tagkey}": {
+    "key": "s3:BucketTag/${TagKey}",
+    "description": "Filters access by the tags associated with the bucket",
+    "type": "String"
+  },
   "s3:dataaccesspointaccount": {
     "key": "s3:DataAccessPointAccount",
     "description": "Filters access by the AWS Account ID that owns the access point",

iamdata/data/conditionKeys/s3tables.json

@@ -1,4 +1,19 @@
 {
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by the tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  },
   "s3tables:kmskeyarn": {
     "key": "s3tables:KMSKeyArn",
     "description": "Filters access by the AWS KMS key ARN for the key used to encrypt a table",
@@ -9,6 +24,11 @@
     "description": "Filters access by the server-side encryption algorithm used to encrypt a table",
     "type": "String"
   },
+  "s3tables:tablebuckettag/${tagkey}": {
+    "key": "s3tables:TableBucketTag/${TagKey}",
+    "description": "Filters access by the tags associated with the table bucket",
+    "type": "String"
+  },
   "s3tables:namespace": {
     "key": "s3tables:namespace",
     "description": "Filters access by the namespaces created in the table bucket",

iamdata/data/conditionKeys/sagemaker-unified-studio-mcp.json

@@ -0,0 +1 @@
+{}

iamdata/data/conditionKeys/sagemaker.json

@@ -24,6 +24,21 @@
     "description": "Filters access by the app network access type associated with the resource in the request",
     "type": "String"
   },
+  "sagemaker:currentcustomermetadataproperties/${metadatakey}": {
+    "key": "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}",
+    "description": "Filters access by a current metadata key and value pair associated with the model-package resource",
+    "type": "String"
+  },
+  "sagemaker:currentmodellifecyclestage": {
+    "key": "sagemaker:CurrentModelLifeCycleStage",
+    "description": "Filters access by the current value of the Stage field in the model life cycle object associated with the model-package resource",
+    "type": "String"
+  },
+  "sagemaker:currentmodellifecyclestagestatus": {
+    "key": "sagemaker:CurrentModelLifeCycleStageStatus",
+    "description": "Filters access by the current value of the StageStatus field in the model life cycle object associated with the model-package resource",
+    "type": "String"
+  },
   "sagemaker:customermetadataproperties/${metadatakey}": {
     "key": "sagemaker:CustomerMetadataProperties/${MetadataKey}",
     "description": "Filters access by a metadata key and value pair",

iamdata/data/conditionKeys/secretsmanager.json

@@ -29,6 +29,11 @@
     "description": "Filters access by the description text in the request",
     "type": "String"
   },
+  "secretsmanager:externalsecretrotationrolearn": {
+    "key": "secretsmanager:ExternalSecretRotationRoleArn",
+    "description": "Filters access by the managed external secret rotation role ARN in the request",
+    "type": "ARN"
+  },
   "secretsmanager:forcedeletewithoutrecovery": {
     "key": "secretsmanager:ForceDeleteWithoutRecovery",
     "description": "Filters access by whether the secret is to be deleted immediately without any recovery window",
@@ -89,6 +94,11 @@
     "description": "Filters access by primary region in which the secret is created if the secret is a multi-Region secret",
     "type": "String"
   },
+  "secretsmanager:type": {
+    "key": "secretsmanager:Type",
+    "description": "Filters access by the managed external secret type in the request",
+    "type": "String"
+  },
   "secretsmanager:versionid": {
     "key": "secretsmanager:VersionId",
     "description": "Filters access by the unique identifier of the version of the secret in the request",
@@ -103,5 +113,10 @@
     "key": "secretsmanager:resource/AllowRotationLambdaArn",
     "description": "Filters access by the ARN of the rotation Lambda function associated with the secret",
     "type": "ARN"
+  },
+  "secretsmanager:resource/type": {
+    "key": "secretsmanager:resource/Type",
+    "description": "Filters access by the managed external secret type associated with the secret",
+    "type": "String"
   }
 }

iamdata/data/conditionKeys/sso.json

@@ -14,6 +14,16 @@
     "description": "Filters access by the tag keys that are passed in the request",
     "type": "ArrayOfString"
   },
+  "identitycenter:applicationarn": {
+    "key": "identitycenter:ApplicationArn",
+    "description": "Filters access by the ARN of the IAM Identity Center application",
+    "type": "ARN"
+  },
+  "identitycenter:instancearn": {
+    "key": "identitycenter:InstanceArn",
+    "description": "Filters access by the ARN of the IAM Identity Center instance",
+    "type": "ARN"
+  },
   "sso:applicationaccount": {
     "key": "sso:ApplicationAccount",
     "description": "Filters access by the account which creates the application. This condition key is not supported for customer managed SAML applications",

iamdata/data/conditionKeys/sts.json

@@ -234,6 +234,11 @@
     "description": "Filters access by the unique identifier required when you assume a role in another account",
     "type": "String"
   },
+  "sts:identitytokenaudience": {
+    "key": "sts:IdentityTokenAudience",
+    "description": "Filters access by the audience that is passed in the request",
+    "type": "String"
+  },
   "sts:requestcontext/${contextkey}": {
     "key": "sts:RequestContext/${ContextKey}",
     "description": "Filters access by the session context key-value pairs embedded in the signed context assertion retrieved from a trusted context provider",
@@ -249,6 +254,11 @@
     "description": "Filters access by the role session name required when you assume a role",
     "type": "String"
   },
+  "sts:signingalgorithm": {
+    "key": "sts:SigningAlgorithm",
+    "description": "Filters access by the signing algorithm that is passed in the request",
+    "type": "String"
+  },
   "sts:sourceidentity": {
     "key": "sts:SourceIdentity",
     "description": "Filters access by the source identity that is passed in the request",

iamdata/data/conditionKeys/transfer.json

@@ -13,5 +13,25 @@
     "key": "aws:TagKeys",
     "description": "Filters access by the tag keys that are passed in the request",
     "type": "ArrayOfString"
+  },
+  "transfer:requestconnectorprotocol": {
+    "key": "transfer:RequestConnectorProtocol",
+    "description": "Filters access by the connector protocol that is passed in the request",
+    "type": "String"
+  },
+  "transfer:requestserverdomain": {
+    "key": "transfer:RequestServerDomain",
+    "description": "Filters access by the storage domain that is passed in the request",
+    "type": "String"
+  },
+  "transfer:requestserverendpointtype": {
+    "key": "transfer:RequestServerEndpointType",
+    "description": "Filters access by the endpoint type that is passed in the request",
+    "type": "String"
+  },
+  "transfer:requestserverprotocols": {
+    "key": "transfer:RequestServerProtocols",
+    "description": "Filters access by the server protocols that are passed in the request",
+    "type": "ArrayOfString"
   }
 }

iamdata/data/conditionKeys/transform.json

@@ -1 +1,12 @@
-{}
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/vpc-lattice-svcs.json

@@ -14,6 +14,11 @@
     "description": "Filters access by the method of the request",
     "type": "String"
   },
+  "vpc-lattice-svcs:requestpath": {
+    "key": "vpc-lattice-svcs:RequestPath",
+    "description": "Filters access by the path portion of the request URL",
+    "type": "String"
+  },
   "vpc-lattice-svcs:requestquerystring/${querystringkey}": {
     "key": "vpc-lattice-svcs:RequestQueryString/${QueryStringKey}",
     "description": "Filters access by the query string key-value pairs in the request URL",

iamdata/data/conditionKeys/vpc-lattice.json

@@ -19,6 +19,21 @@
     "description": "Filters access by the auth type specified in the request",
     "type": "String"
   },
+  "vpc-lattice:domainname": {
+    "key": "vpc-lattice:DomainName",
+    "description": "Filters access by the domain name",
+    "type": "String"
+  },
+  "vpc-lattice:privatednspreference": {
+    "key": "vpc-lattice:PrivateDnsPreference",
+    "description": "Filters access by the private dns preference",
+    "type": "String"
+  },
+  "vpc-lattice:privatednsspecifieddomains": {
+    "key": "vpc-lattice:PrivateDnsSpecifiedDomains",
+    "description": "Filters access by the private dns domains",
+    "type": "ArrayOfString"
+  },
   "vpc-lattice:protocol": {
     "key": "vpc-lattice:Protocol",
     "description": "Filters access by the protocol specified in the request",

iamdata/data/conditionKeys/xray.json

@@ -14,6 +14,11 @@
     "description": "Filters access by the tag keys that are passed in the request",
     "type": "ArrayOfString"
   },
+  "logs:loggeneratingresourcearns": {
+    "key": "logs:LogGeneratingResourceArns",
+    "description": "Filters access by LogGeneratingResourceArn in the request",
+    "type": "ArrayOfARN"
+  },
   "xray:resourcepolicyname": {
     "key": "xray:ResourcePolicyName",
     "description": "Filters access by PolicyName in the request",

iamdata/data/conditionPatterns.json

@@ -91,6 +91,9 @@
   "ecs": {
     "ecs:ResourceTag/.+?": "ecs:ResourceTag/${TagKey}"
   },
+  "eks": {
+    "eks:loggingType/.+?": "eks:loggingType/${type}"
+  },
   "elasticmapreduce": {
     "elasticmapreduce:RequestTag/.+?": "elasticmapreduce:RequestTag/${TagKey}",
     "elasticmapreduce:ResourceTag/.+?": "elasticmapreduce:ResourceTag/${TagKey}"
@@ -113,17 +116,22 @@
     "s3express:AccessPointTag/.+?": "s3express:AccessPointTag/${TagKey}",
     "s3express:BucketTag/.+?": "s3express:BucketTag/${TagKey}"
   },
+  "s3tables": {
+    "s3tables:TableBucketTag/.+?": "s3tables:TableBucketTag/${TagKey}"
+  },
   "s3-outposts": {
     "s3-outposts:ExistingObjectTag/.+?": "s3-outposts:ExistingObjectTag/<key>",
     "s3-outposts:RequestObjectTag/.+?": "s3-outposts:RequestObjectTag/<key>"
   },
   "s3": {
     "s3:AccessPointTag/.+?": "s3:AccessPointTag/${TagKey}",
+    "s3:BucketTag/.+?": "s3:BucketTag/${TagKey}",
     "s3:ExistingObjectTag/.+?": "s3:ExistingObjectTag/<key>",
     "s3:RequestObjectTag/.+?": "s3:RequestObjectTag/<key>"
   },
   "sagemaker": {
     "sagemaker:ResourceTag/.+?": "sagemaker:ResourceTag/${TagKey}",
+    "sagemaker:CurrentCustomerMetadataProperties/.+?": "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}",
     "sagemaker:CustomerMetadataProperties/.+?": "sagemaker:CustomerMetadataProperties/${MetadataKey}",
     "sagemaker:SearchVisibilityCondition/.+?": "sagemaker:SearchVisibilityCondition/${FilterKey}"
   },

iamdata/data/metadata.json

@@ -1,4 +1,4 @@
 {
-  "version": "0.1.202509101",
-  "updatedAt": "2025-09-10T04:45:14.501Z"
+  "version": "0.1.202511241",
+  "updatedAt": "2025-11-24T04:56:35.656Z"
 }

iamdata/data/resourceTypes/action-recommendations.json

@@ -0,0 +1 @@
+{}

iamdata/data/resourceTypes/airflow-serverless.json

@@ -0,0 +1,9 @@
+{
+  "workflow": {
+    "key": "Workflow",
+    "arn": "arn:${Partition}:airflow-serverless:${Region}:${Account}:workflow/${WorkflowId}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  }
+}

iamdata/data/resourceTypes/aps.json

@@ -17,6 +17,15 @@
       "aws:TagKeys"
     ]
   },
+  "anomalydetector": {
+    "key": "anomalydetector",
+    "arn": "arn:${Partition}:aps:${Region}:${Account}:anomalydetector/${WorkspaceId}/${AnomalyDetectorId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys"
+    ]
+  },
   "scraper": {
     "key": "scraper",
     "arn": "arn:${Partition}:aps:${Region}:${Account}:scraper/${ScraperId}",