iamdata 0.1.202509101__py3-none-any.whl → 0.1.202511241__py3-none-any.whl

iamdata/data/actions/ecs.json

@@ -3,8 +3,18 @@
     "name": "CreateCapacityProvider",
     "description": "Grants permission to create a new capacity provider. Capacity providers are associated with an Amazon ECS cluster and are used in capacity provider strategies to facilitate cluster auto scaling",
     "accessLevel": "Write",
-    "resourceTypes": [],
+    "resourceTypes": [
+      {
+        "name": "capacity-provider",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
     "conditionKeys": [
+      "ecs:propagate-tags",
       "aws:RequestTag/${TagKey}",
       "aws:TagKeys"
     ],
@@ -32,6 +42,36 @@
     ],
     "dependentActions": []
   },
+  "createexpressgatewayservice": {
+    "name": "CreateExpressGatewayService",
+    "description": "Grants permission to create a new Amazon ECS Express Gateway service with cluster and task definition",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "service",
+        "required": true,
+        "conditionKeys": [
+          "ecs:cluster",
+          "aws:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": [
+          "ecs:RegisterTaskDefinition",
+          "iam:PassRole"
+        ]
+      }
+    ],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys",
+      "ecs:task-definition",
+      "ecs:subnet",
+      "ecs:enable-ecs-managed-tags",
+      "ecs:propagate-tags",
+      "ecs:task-cpu",
+      "ecs:task-memory"
+    ],
+    "dependentActions": []
+  },
   "createservice": {
     "name": "CreateService",
     "description": "Grants permission to run and maintain a desired number of tasks from a specified task definition via service creation",
@@ -70,7 +110,14 @@
     "name": "CreateTaskSet",
     "description": "Grants permission to create a new Amazon ECS task set",
     "accessLevel": "Write",
-    "resourceTypes": [],
+    "resourceTypes": [
+      {
+        "name": "task-set",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
     "conditionKeys": [
       "aws:RequestTag/${TagKey}",
       "aws:TagKeys",
@@ -143,6 +190,24 @@
     ],
     "dependentActions": []
   },
+  "deleteexpressgatewayservice": {
+    "name": "DeleteExpressGatewayService",
+    "description": "Grants permission to delete a specified Express Gateway service",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "service",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ecs:cluster",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "deleteservice": {
     "name": "DeleteService",
     "description": "Grants permission to delete a specified service within a cluster",
@@ -274,6 +339,24 @@
     ],
     "dependentActions": []
   },
+  "describeexpressgatewayservice": {
+    "name": "DescribeExpressGatewayService",
+    "description": "Grants permission to describe the specified Express Gateway service",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "service",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ecs:cluster",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "describeservicedeployments": {
     "name": "DescribeServiceDeployments",
     "description": "Grants permission to describe one or more of your service deployments",
@@ -695,6 +778,33 @@
     ],
     "dependentActions": []
   },
+  "putsystemlogevents": {
+    "name": "PutSystemLogEvents",
+    "description": "Grants permission to collect system logs from the container instances",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "cluster",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      },
+      {
+        "name": "container-instance",
+        "required": true,
+        "conditionKeys": [
+          "aws:ResourceTag/${TagKey}",
+          "ecs:cluster",
+          "ecs:capacity-provider"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "registercontainerinstance": {
     "name": "RegisterContainerInstance",
     "description": "Grants permission to register an EC2 instance into the specified cluster",
@@ -1026,6 +1136,7 @@
       }
     ],
     "conditionKeys": [
+      "ecs:propagate-tags",
       "aws:ResourceTag/${TagKey}"
     ],
     "dependentActions": []
@@ -1102,6 +1213,30 @@
     ],
     "dependentActions": []
   },
+  "updateexpressgatewayservice": {
+    "name": "UpdateExpressGatewayService",
+    "description": "Grants permission to modify the parameters of an Express Gateway service",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "service",
+        "required": true,
+        "conditionKeys": [
+          "ecs:cluster",
+          "aws:ResourceTag/${TagKey}"
+        ],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "ecs:subnet",
+      "ecs:enable-ecs-managed-tags",
+      "ecs:propagate-tags",
+      "ecs:task-cpu",
+      "ecs:task-memory"
+    ],
+    "dependentActions": []
+  },
   "updateservice": {
     "name": "UpdateService",
     "description": "Grants permission to modify the parameters of a service",

iamdata/data/actions/eks-mcp.json

@@ -0,0 +1,26 @@
+{
+  "callprivilegedtool": {
+    "name": "CallPrivilegedTool",
+    "description": "Grants permission to call privileged tools in MCP service",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "callreadonlytool": {
+    "name": "CallReadOnlyTool",
+    "description": "Grants permission to call read-only tools in MCP service",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "invokemcp": {
+    "name": "InvokeMcp",
+    "description": "Grants permission to use MCP service",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  }
+}

iamdata/data/actions/eks.json

@@ -129,7 +129,8 @@
       "eks:supportType",
       "eks:computeConfigEnabled",
       "eks:elasticLoadBalancingEnabled",
-      "eks:blockStorageEnabled"
+      "eks:blockStorageEnabled",
+      "eks:loggingType/${type}"
     ],
     "dependentActions": []
   },
@@ -811,6 +812,24 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "mutateviakubernetesapi": {
+    "name": "MutateViaKubernetesApi",
+    "isPermissionOnly": true,
+    "description": "Grants permission to modify Kubernetes objects via AWS console",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "cluster",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": [
+      "eks:AccessKubernetesApi"
+    ]
+  },
   "registercluster": {
     "name": "RegisterCluster",
     "description": "Grants permission to register an External cluster",
@@ -1021,7 +1040,8 @@
       "eks:supportType",
       "eks:computeConfigEnabled",
       "eks:elasticLoadBalancingEnabled",
-      "eks:blockStorageEnabled"
+      "eks:blockStorageEnabled",
+      "eks:loggingType/${type}"
     ],
     "dependentActions": []
   },

iamdata/data/actions/elasticloadbalancing.json

@@ -62,6 +62,15 @@
     ],
     "dependentActions": []
   },
+  "allowvendedlogdeliveryforresource": {
+    "name": "AllowVendedLogDeliveryForResource",
+    "isPermissionOnly": true,
+    "description": "Grants permission to configure vended log delivery for load balancers",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "createlistener": {
     "name": "CreateListener",
     "description": "Grants permission to create a listener for the specified Application Load Balancer",

iamdata/data/actions/emr-containers.json

@@ -104,6 +104,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "deletesecurityconfiguration": {
+    "name": "DeleteSecurityConfiguration",
+    "description": "Grants permission to delete a security configuration",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "securityConfiguration",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "deletevirtualcluster": {
     "name": "DeleteVirtualCluster",
     "description": "Grants permission to delete a virtual cluster",

iamdata/data/actions/es.json

@@ -216,6 +216,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "createindex": {
+    "name": "CreateIndex",
+    "description": "Grants permission to create index for the OpenSearch Service domain",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "domain",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "createoutboundconnection": {
     "name": "CreateOutboundConnection",
     "description": "Grants permission to create a new cross-cluster search connection from a source domain to a destination domain",
@@ -369,6 +384,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "deleteindex": {
+    "name": "DeleteIndex",
+    "description": "Grants permission to delete Index for the OpenSearch Service domain",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "domain",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "deleteoutboundconnection": {
     "name": "DeleteOutboundConnection",
     "description": "Grants permission to the source domain owner to delete an existing outbound cross-cluster search connection",
@@ -887,6 +917,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getindex": {
+    "name": "GetIndex",
+    "description": "Grants permission to get index for the OpenSearch Service domain",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "domain",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getpackageversionhistory": {
     "name": "GetPackageVersionHistory",
     "description": "Grants permission to fetch the version history for a package",
@@ -1311,6 +1356,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "updateindex": {
+    "name": "UpdateIndex",
+    "description": "Grants permission to update index for the OpenSearch Service domain",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "domain",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "updatepackage": {
     "name": "UpdatePackage",
     "description": "Grants permission to update a package for use with OpenSearch Service domains",

iamdata/data/actions/evs.json

@@ -1,4 +1,19 @@
 {
+  "associateeiptovlan": {
+    "name": "AssociateEipToVlan",
+    "description": "Grants permission to associate an Elastic IP address (EIP) with a public VLAN in an Amazon EVS environment",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "environment",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "createenvironment": {
     "name": "CreateEnvironment",
     "description": "Grants permission to create an Amazon EVS environment",
@@ -55,6 +70,21 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "disassociateeipfromvlan": {
+    "name": "DisassociateEipFromVlan",
+    "description": "Grants permission to disassociate an Elastic IP address (EIP) from a public VLAN in an Amazon EVS environment",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "environment",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "getenvironment": {
     "name": "GetEnvironment",
     "description": "Grants permission to get an Amazon EVS environment",

iamdata/data/actions/fsx.json

@@ -161,7 +161,10 @@
       {
         "name": "association",
         "required": true,
-        "conditionKeys": [],
+        "conditionKeys": [
+          "fsx:NfsDataRepositoryAuthenticationEnabled",
+          "fsx:NfsDataRepositoryEncryptionInTransitEnabled"
+        ],
         "dependentActions": [
           "fsx:TagResource"
         ]
@@ -490,7 +493,7 @@
   "deleteresourcepolicy": {
     "name": "DeleteResourcePolicy",
     "isPermissionOnly": true,
-    "description": "Required to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and GetResourcePolicy are also required",
+    "description": "Grants permission to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and GetResourcePolicy are also required",
     "accessLevel": "Permissions management",
     "resourceTypes": [
       {
@@ -723,7 +726,7 @@
   "getresourcepolicy": {
     "name": "GetResourcePolicy",
     "isPermissionOnly": true,
-    "description": "Required to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and DeleteResourcePolicy are also required",
+    "description": "Grants permission to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and DeleteResourcePolicy are also required",
     "accessLevel": "Permissions management",
     "resourceTypes": [
       {
@@ -812,7 +815,7 @@
   "putresourcepolicy": {
     "name": "PutResourcePolicy",
     "isPermissionOnly": true,
-    "description": "Required to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). DeleteResourcePolicy and GetResourcePolicy are also required",
+    "description": "Grants permission to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). DeleteResourcePolicy and GetResourcePolicy are also required",
     "accessLevel": "Permissions management",
     "resourceTypes": [
       {
@@ -884,7 +887,10 @@
       {
         "name": "association",
         "required": false,
-        "conditionKeys": [],
+        "conditionKeys": [
+          "fsx:NfsDataRepositoryAuthenticationEnabled",
+          "fsx:NfsDataRepositoryEncryptionInTransitEnabled"
+        ],
         "dependentActions": []
       },
       {
@@ -926,7 +932,10 @@
       {
         "name": "volume",
         "required": false,
-        "conditionKeys": [],
+        "conditionKeys": [
+          "fsx:ParentVolumeId",
+          "fsx:StorageVirtualMachineId"
+        ],
         "dependentActions": []
       }
     ],

iamdata/data/actions/glacier.json

@@ -41,10 +41,7 @@
         "dependentActions": []
       }
     ],
-    "conditionKeys": [
-      "aws:TagKeys",
-      "aws:RequestTag/${TagKey}"
-    ],
+    "conditionKeys": [],
     "dependentActions": []
   },
   "completemultipartupload": {