iamdata 0.1.202509301__py3-none-any.whl → 0.1.202511241__py3-none-any.whl

iamdata/data/actions/user-subscriptions.json

@@ -41,6 +41,14 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "setoverageconfig": {
+    "name": "SetOverageConfig",
+    "description": "Grants permission to set a User subscription overage configuration",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "updateclaim": {
     "name": "UpdateClaim",
     "description": "Grants permission to update a User subscription Claim",

iamdata/data/actions/vpc-lattice-svcs.json

@@ -38,6 +38,8 @@
       "vpc-lattice-svcs:ServiceArn",
       "vpc-lattice-svcs:SourceVpc",
       "vpc-lattice-svcs:SourceVpcOwnerAccount",
+      "vpc-lattice-svcs:RequestMethod",
+      "vpc-lattice-svcs:RequestPath",
       "vpc-lattice-svcs:RequestHeader/${HeaderName}",
       "vpc-lattice-svcs:RequestQueryString/${QueryStringKey}"
     ],

iamdata/data/actions/vpc-lattice.json

@@ -81,6 +81,12 @@
     "description": "Grants permission to create a resource configuration",
     "accessLevel": "Write",
     "resourceTypes": [
+      {
+        "name": "DomainVerification",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "ResourceConfiguration",
         "required": false,
@@ -271,6 +277,8 @@
     "conditionKeys": [
       "aws:RequestTag/${TagKey}",
       "aws:TagKeys",
+      "vpc-lattice:PrivateDnsPreference",
+      "vpc-lattice:PrivateDnsSpecifiedDomains",
       "vpc-lattice:SecurityGroupIds",
       "vpc-lattice:ServiceNetworkArn",
       "vpc-lattice:VpcId"
@@ -348,6 +356,23 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "deletedomainverification": {
+    "name": "DeleteDomainVerification",
+    "description": "Grants permission to delete a domain verification",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "DomainVerification",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "deletelistener": {
     "name": "DeleteListener",
     "description": "Grants permission to delete a listener",
@@ -621,6 +646,23 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "getdomainverification": {
+    "name": "GetDomainVerification",
+    "description": "Grants permission to get information about a domain verification",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "DomainVerification",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
   "getlistener": {
     "name": "GetListener",
     "description": "Grants permission to get information about a listener",
@@ -830,6 +872,14 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "listdomainverifications": {
+    "name": "ListDomainVerifications",
+    "description": "Grants permission to list some or all domain verifications",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
   "listlisteners": {
     "name": "ListListeners",
     "description": "Grants permission to list some or all listeners",
@@ -1021,6 +1071,25 @@
     "conditionKeys": [],
     "dependentActions": []
   },
+  "startdomainverification": {
+    "name": "StartDomainVerification",
+    "description": "Grants permission to start a domain verification",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "DomainVerification",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys",
+      "vpc-lattice:DomainName"
+    ],
+    "dependentActions": []
+  },
   "tagresource": {
     "name": "TagResource",
     "description": "Grants permission to tag a vpc-lattice resource",
@@ -1032,6 +1101,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "DomainVerification",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "Listener",
         "required": false,
@@ -1117,6 +1192,12 @@
         "conditionKeys": [],
         "dependentActions": []
       },
+      {
+        "name": "DomainVerification",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
       {
         "name": "Listener",
         "required": false,

iamdata/data/actions/workspaces-web.json

@@ -190,7 +190,8 @@
       "kms:CreateGrant",
       "kms:Decrypt",
       "kms:DescribeKey",
-      "kms:GenerateDataKey"
+      "kms:GenerateDataKey",
+      "workspaces-web:TagResource"
     ]
   },
   "createdataprotectionsettings": {
@@ -202,7 +203,9 @@
       "aws:TagKeys",
       "aws:RequestTag/${TagKey}"
     ],
-    "dependentActions": []
+    "dependentActions": [
+      "workspaces-web:TagResource"
+    ]
   },
   "createidentityprovider": {
     "name": "CreateIdentityProvider",
@@ -237,7 +240,9 @@
       "aws:TagKeys",
       "aws:RequestTag/${TagKey}"
     ],
-    "dependentActions": []
+    "dependentActions": [
+      "workspaces-web:TagResource"
+    ]
   },
   "createnetworksettings": {
     "name": "CreateNetworkSettings",
@@ -249,7 +254,8 @@
       "aws:RequestTag/${TagKey}"
     ],
     "dependentActions": [
-      "iam:CreateServiceLinkedRole"
+      "iam:CreateServiceLinkedRole",
+      "workspaces-web:TagResource"
     ]
   },
   "createportal": {
@@ -266,7 +272,8 @@
       "kms:CreateGrant",
       "kms:Decrypt",
       "kms:DescribeKey",
-      "kms:GenerateDataKey"
+      "kms:GenerateDataKey",
+      "workspaces-web:TagResource"
     ]
   },
   "createsessionlogger": {
@@ -278,7 +285,10 @@
       "aws:TagKeys",
       "aws:RequestTag/${TagKey}"
     ],
-    "dependentActions": []
+    "dependentActions": [
+      "s3:PutObject",
+      "workspaces-web:TagResource"
+    ]
   },
   "createtruststore": {
     "name": "CreateTrustStore",
@@ -289,7 +299,9 @@
       "aws:TagKeys",
       "aws:RequestTag/${TagKey}"
     ],
-    "dependentActions": []
+    "dependentActions": [
+      "workspaces-web:TagResource"
+    ]
   },
   "createuseraccessloggingsettings": {
     "name": "CreateUserAccessLoggingSettings",
@@ -300,7 +312,9 @@
       "aws:TagKeys",
       "aws:RequestTag/${TagKey}"
     ],
-    "dependentActions": []
+    "dependentActions": [
+      "workspaces-web:TagResource"
+    ]
   },
   "createusersettings": {
     "name": "CreateUserSettings",
@@ -311,7 +325,9 @@
       "aws:TagKeys",
       "aws:RequestTag/${TagKey}"
     ],
-    "dependentActions": []
+    "dependentActions": [
+      "workspaces-web:TagResource"
+    ]
   },
   "deletebrowsersettings": {
     "name": "DeleteBrowserSettings",

iamdata/data/actions/xray.json

@@ -327,7 +327,9 @@
     "description": "Grants permission to upload OpenTelemetry spans to AWS X-Ray",
     "accessLevel": "Write",
     "resourceTypes": [],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "logs:LogGeneratingResourceArns"
+    ],
     "dependentActions": []
   },
   "putspansforindexing": {
@@ -352,7 +354,9 @@
     "description": "Grants permission to upload segment documents to AWS X-Ray. The X-Ray SDK generates segment documents and sends them to the X-Ray daemon, which uploads them in batches",
     "accessLevel": "Write",
     "resourceTypes": [],
-    "conditionKeys": [],
+    "conditionKeys": [
+      "logs:LogGeneratingResourceArns"
+    ],
     "dependentActions": []
   },
   "starttraceretrieval": {

iamdata/data/conditionKeys/airflow-serverless.json

@@ -0,0 +1,17 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the presence of tag key-value pairs in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by tag key-value pairs that are attached to the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by tag keys in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/bedrock-agentcore.json

@@ -14,6 +14,41 @@
     "description": "Filters access by creating requests based on the presence of mandatory tags in the request",
     "type": "ArrayOfString"
   },
+  "bedrock-agentcore:gatewayauthorizertype": {
+    "key": "bedrock-agentcore:GatewayAuthorizerType",
+    "description": "Filters access by the authorizerType attribute on a Gateway",
+    "type": "String"
+  },
+  "bedrock-agentcore:inboundjwtclaim/aud": {
+    "key": "bedrock-agentcore:InboundJwtClaim/aud",
+    "description": "Filters access by the audience claim (aud) in the JWT passed in the request",
+    "type": "ArrayOfString"
+  },
+  "bedrock-agentcore:inboundjwtclaim/client_id": {
+    "key": "bedrock-agentcore:InboundJwtClaim/client_id",
+    "description": "Filters access by the client_id claim in the JWT passed in the request",
+    "type": "String"
+  },
+  "bedrock-agentcore:inboundjwtclaim/iss": {
+    "key": "bedrock-agentcore:InboundJwtClaim/iss",
+    "description": "Filters access by the issuer (iss) claim present in the JWT passed in the request",
+    "type": "String"
+  },
+  "bedrock-agentcore:inboundjwtclaim/scope": {
+    "key": "bedrock-agentcore:InboundJwtClaim/scope",
+    "description": "Filters access by the scope claim in the JWT passed in the request",
+    "type": "ArrayOfString"
+  },
+  "bedrock-agentcore:inboundjwtclaim/sub": {
+    "key": "bedrock-agentcore:InboundJwtClaim/sub",
+    "description": "Filters access by the subject claim (sub) in the JWT passed in the request",
+    "type": "String"
+  },
+  "bedrock-agentcore:kmskeyarn": {
+    "key": "bedrock-agentcore:KmsKeyArn",
+    "description": "Filters access by KMS Key arn provided",
+    "type": "String"
+  },
   "bedrock-agentcore:actorid": {
     "key": "bedrock-agentcore:actorId",
     "description": "Filters access by Actor Id",
@@ -33,5 +68,10 @@
     "key": "bedrock-agentcore:strategyId",
     "description": "Filters access by Memory Strategy Id",
     "type": "String"
+  },
+  "bedrock-agentcore:userid": {
+    "key": "bedrock-agentcore:userid",
+    "description": "Filters access by the static user ID value passed in the request",
+    "type": "String"
   }
 }

iamdata/data/conditionKeys/bedrock.json

@@ -39,6 +39,11 @@
     "description": "Filters access by the specified prompt router",
     "type": "ARN"
   },
+  "bedrock:servicetier": {
+    "key": "bedrock:ServiceTier",
+    "description": "Filters access by the specified ServiceTier",
+    "type": "String"
+  },
   "bedrock:thirdpartyknowledgebasecredentialssecretarn": {
     "key": "bedrock:ThirdPartyKnowledgeBaseCredentialsSecretArn",
     "description": "Filters access by the secretArn containing the credentials of the third party platform",

iamdata/data/conditionKeys/dynamodb.json

@@ -24,6 +24,16 @@
     "description": "Filters access by blocking Transactions APIs calls and allow the non-Transaction APIs calls and vice-versa",
     "type": "String"
   },
+  "dynamodb:firstpartitionkeyvalues": {
+    "key": "dynamodb:FirstPartitionKeyValues",
+    "description": "Filters access by the first partition key of the table",
+    "type": "ArrayOfString"
+  },
+  "dynamodb:fourthpartitionkeyvalues": {
+    "key": "dynamodb:FourthPartitionKeyValues",
+    "description": "Filters access by the forth partition key of the table",
+    "type": "ArrayOfString"
+  },
   "dynamodb:fulltablescan": {
     "key": "dynamodb:FullTableScan",
     "description": "Filters access by blocking full table scan",
@@ -31,7 +41,7 @@
   },
   "dynamodb:leadingkeys": {
     "key": "dynamodb:LeadingKeys",
-    "description": "Filters access by the partition key of the table",
+    "description": "Filters access by the first partition key of the table",
     "type": "ArrayOfString"
   },
   "dynamodb:returnconsumedcapacity": {
@@ -44,9 +54,19 @@
     "description": "Filters access by the ReturnValues parameter of request. Contains one of the following: \"ALL_OLD\", \"UPDATED_OLD\",\"ALL_NEW\",\"UPDATED_NEW\", or \"NONE\"",
     "type": "String"
   },
+  "dynamodb:secondpartitionkeyvalues": {
+    "key": "dynamodb:SecondPartitionKeyValues",
+    "description": "Filters access by the second partition key of the table",
+    "type": "ArrayOfString"
+  },
   "dynamodb:select": {
     "key": "dynamodb:Select",
     "description": "Filters access by the Select parameter of a Query or Scan request",
     "type": "String"
+  },
+  "dynamodb:thirdpartitionkeyvalues": {
+    "key": "dynamodb:ThirdPartitionKeyValues",
+    "description": "Filters access by the third partition key of the table",
+    "type": "ArrayOfString"
   }
 }

iamdata/data/conditionKeys/ec2.json

@@ -624,6 +624,11 @@
     "description": "Filters access by the ID of a VPC peering connection",
     "type": "String"
   },
+  "ec2:vpcemultiregion": {
+    "key": "ec2:VpceMultiRegion",
+    "description": "Filters access by multi region of the VPC endpoint service",
+    "type": "String"
+  },
   "ec2:vpceservicename": {
     "key": "ec2:VpceServiceName",
     "description": "Filters access by the name of the VPC endpoint service",
@@ -639,6 +644,16 @@
     "description": "Filters access by the private DNS name of the VPC endpoint service",
     "type": "String"
   },
+  "ec2:vpceserviceregion": {
+    "key": "ec2:VpceServiceRegion",
+    "description": "Filters access by the region of the VPC endpoint service",
+    "type": "String"
+  },
+  "ec2:vpcesupportedregion": {
+    "key": "ec2:VpceSupportedRegion",
+    "description": "Filters access by the supported region of the VPC endpoint service",
+    "type": "String"
+  },
   "ec2:transitgatewayattachmentid": {
     "key": "ec2:transitGatewayAttachmentId",
     "description": "Filters access by the ID of a transit gateway attachment",
@@ -673,20 +688,5 @@
     "key": "ec2:transitGatewayRouteTableId",
     "description": "Filters access by the ID of a transit gateway route table",
     "type": "String"
-  },
-  "ec2:vpcemultiregion": {
-    "key": "ec2:vpceMultiRegion",
-    "description": "Filters access by multi region of the VPC endpoint service",
-    "type": "String"
-  },
-  "ec2:vpceserviceregion": {
-    "key": "ec2:vpceServiceRegion",
-    "description": "Filters access by the region of the VPC endpoint service",
-    "type": "String"
-  },
-  "ec2:vpcesupportedregion": {
-    "key": "ec2:vpceSupportedRegion",
-    "description": "Filters access by the supported region of the VPC endpoint service",
-    "type": "String"
   }
 }

iamdata/data/conditionKeys/eks.json

@@ -74,6 +74,11 @@
     "description": "Filters access by the kubernetesGroups present in the access entry requests the user makes to the EKS service",
     "type": "ArrayOfString"
   },
+  "eks:loggingtype/${type}": {
+    "key": "eks:loggingType/${type}",
+    "description": "Filters access by the cluster logging enabled and type parameter in the create / update cluster request",
+    "type": "Bool"
+  },
   "eks:namespaces": {
     "key": "eks:namespaces",
     "description": "Filters access by the namespaces present in the associate / disassociate access policy requests the user makes to the EKS service",

iamdata/data/conditionKeys/events.json

@@ -37,7 +37,7 @@
   "events:detail-type": {
     "key": "events:detail-type",
     "description": "Filters access by the literal string of the detail-type of the event to PutEvents and PutRule actions",
-    "type": "String"
+    "type": "ArrayOfString"
   },
   "events:detail.eventtypecode": {
     "key": "events:detail.eventTypeCode",

iamdata/data/conditionKeys/glue.json

@@ -24,6 +24,11 @@
     "description": "Filters access by the presence of the key configured for role's identity-based policy",
     "type": "Bool"
   },
+  "glue:federatedauthorizationsource": {
+    "key": "glue:FederatedAuthorizationSource",
+    "description": "Filters access by whether the resource belongs to federated authorization",
+    "type": "String"
+  },
   "glue:lakeformationpermissions": {
     "key": "glue:LakeFormationPermissions",
     "description": "Filters access by whether Lake Formation permission checks will be performed for a given caller and the Glue resource",

iamdata/data/conditionKeys/iam.json

@@ -24,6 +24,16 @@
     "description": "Filters access by the resource that the role will be used on behalf of",
     "type": "ARN"
   },
+  "iam:delegationduration": {
+    "key": "iam:DelegationDuration",
+    "description": "Filters access based on the requested delegation duration",
+    "type": "String"
+  },
+  "iam:delegationrequestowner": {
+    "key": "iam:DelegationRequestOwner",
+    "description": "Filters access based on the delegation request owner",
+    "type": "ARN"
+  },
   "iam:fido-fips-140-2-certification": {
     "key": "iam:FIDO-FIPS-140-2-certification",
     "description": "Filters access by the MFA device FIPS-140-2 validation certification level at the time of registration of a FIDO security key",
@@ -39,6 +49,11 @@
     "description": "Filters access by the MFA device FIDO certification level at the time of registration of a FIDO security key",
     "type": "String"
   },
+  "iam:notificationchannel": {
+    "key": "iam:NotificationChannel",
+    "description": "Filters access based on the requested notification channel",
+    "type": "String"
+  },
   "iam:organizationspolicyid": {
     "key": "iam:OrganizationsPolicyId",
     "description": "Filters access by the ID of an AWS Organizations policy",
@@ -78,5 +93,10 @@
     "key": "iam:ServiceSpecificCredentialServiceName",
     "description": "Filters access by the service associated with the credential",
     "type": "String"
+  },
+  "iam:templatearn": {
+    "key": "iam:TemplateArn",
+    "description": "Filters access based on the requested template ARN",
+    "type": "ARN"
   }
 }

iamdata/data/conditionKeys/identitystore.json

@@ -1,7 +1,32 @@
 {
+  "identitystore:groupexternalidissuers": {
+    "key": "identitystore:GroupExternalIdIssuers",
+    "description": "Filters access by Issuer present in ExternalIds for Group resources",
+    "type": "ArrayOfARN"
+  },
+  "identitystore:identitystorearn": {
+    "key": "identitystore:IdentityStoreArn",
+    "description": "Filters access by Identity Store ARN",
+    "type": "ARN"
+  },
+  "identitystore:primaryregion": {
+    "key": "identitystore:PrimaryRegion",
+    "description": "Filters access by Primary Region of Identity Store",
+    "type": "String"
+  },
+  "identitystore:reserveduserid": {
+    "key": "identitystore:ReservedUserId",
+    "description": "Filters access by a previously reserved User ID for CreateUser operation",
+    "type": "String"
+  },
+  "identitystore:userexternalidissuers": {
+    "key": "identitystore:UserExternalIdIssuers",
+    "description": "Filters access by Issuer present in ExternalIds for User resources",
+    "type": "ArrayOfARN"
+  },
   "identitystore:userid": {
     "key": "identitystore:UserId",
-    "description": "Filters access by IAM Identity Center User ID",
+    "description": "Filters access by Identity Store User ID",
     "type": "String"
   }
 }

iamdata/data/conditionKeys/kinesis.json

@@ -13,5 +13,20 @@
     "key": "aws:TagKeys",
     "description": "Filters access by the presence of tag keys in the request",
     "type": "ArrayOfString"
+  },
+  "kinesis:fisactionid": {
+    "key": "kinesis:FisActionId",
+    "description": "Filters access by the ID of an AWS FIS action",
+    "type": "String"
+  },
+  "kinesis:fisinjectpercentage": {
+    "key": "kinesis:FisInjectPercentage",
+    "description": "Filters access by the percentage of calls being affected by an AWS FIS action",
+    "type": "Numeric"
+  },
+  "kinesis:fistargetarns": {
+    "key": "kinesis:FisTargetArns",
+    "description": "Filters access by the ARN of an AWS FIS target",
+    "type": "ArrayOfARN"
   }
 }

iamdata/data/conditionKeys/lambda.json

@@ -34,6 +34,11 @@
     "description": "Filters access by authorization type specified in request. Available during CreateFunctionUrlConfig, UpdateFunctionUrlConfig, DeleteFunctionUrlConfig, GetFunctionUrlConfig, ListFunctionUrlConfig, AddPermission and RemovePermission operations",
     "type": "String"
   },
+  "lambda:invokedviafunctionurl": {
+    "key": "lambda:InvokedViaFunctionUrl",
+    "description": "Limits the scope of lambda:InvokeFunction action to Function URLs only. Available during AddPermission operation",
+    "type": "Bool"
+  },
   "lambda:layer": {
     "key": "lambda:Layer",
     "description": "Filters access by the ARN of a version of an AWS Lambda layer",

iamdata/data/conditionKeys/mediaconnect.json

@@ -1 +1,17 @@
-{}
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/organizations.json

@@ -23,5 +23,15 @@
     "key": "organizations:ServicePrincipal",
     "description": "Filters access by the specified service principal names",
     "type": "String"
+  },
+  "organizations:transferdirection": {
+    "key": "organizations:TransferDirection",
+    "description": "Filters access by the specified responsibility transfer by the direction",
+    "type": "String"
+  },
+  "organizations:transfertype": {
+    "key": "organizations:TransferType",
+    "description": "Filters access by the specified responsibility transfer type names",
+    "type": "String"
   }
 }

iamdata/data/conditionKeys/partnercentral.json

@@ -16,12 +16,17 @@
   },
   "partnercentral:catalog": {
     "key": "partnercentral:Catalog",
-    "description": "Filters access by a specific Catalog. Accepted values: [AWS, Sandbox]",
+    "description": "Filters access by a specific Catalog",
+    "type": "String"
+  },
+  "partnercentral:channelhandshaketype": {
+    "key": "partnercentral:ChannelHandshakeType",
+    "description": "Filters access by channel handshake types",
     "type": "String"
   },
   "partnercentral:relatedentitytype": {
     "key": "partnercentral:RelatedEntityType",
-    "description": "Filters access by entity types for Opportunity association. Accepted values: [Solutions, AwsProducts, AwsMarketplaceOffers]",
+    "description": "Filters access by entity types for Opportunity association",
     "type": "String"
   }
 }

iamdata/data/conditionKeys/pricingplanmanager.json

@@ -0,0 +1 @@
+{}