iamdata 0.1.202511181__py3-none-any.whl → 0.1.202512281__py3-none-any.whl

iamdata/data/conditionKeys/apigateway.json

@@ -29,6 +29,11 @@
     "description": "Filters access by URI of a Lambda authorizer function. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString",
     "type": "ArrayOfString"
   },
+  "apigateway:request/cognitouserpoolarn": {
+    "key": "apigateway:Request/CognitoUserPoolArn",
+    "description": "Filters access by a Portal's CognitoUserPoolArn that is passed in the request",
+    "type": "ARN"
+  },
   "apigateway:request/conditionbasepaths": {
     "key": "apigateway:Request/ConditionBasePaths",
     "description": "Filters access by base paths defined on the condition of a routing rule. Available during the CreateRoutingRule and UpdateRoutingRule operations",
@@ -44,6 +49,11 @@
     "description": "Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateRestApi, and UpdateRestApi operations",
     "type": "ArrayOfString"
   },
+  "apigateway:request/method": {
+    "key": "apigateway:Request/Method",
+    "description": "Filters access by a ProductRestEndpointPage's HTTP Method that is passed in the request",
+    "type": "String"
+  },
   "apigateway:request/mtlstruststoreuri": {
     "key": "apigateway:Request/MtlsTrustStoreUri",
     "description": "Filters access by URI of the truststore used for mutual TLS authentication. Available during the CreateDomainName and UpdateDomainName operations",
@@ -54,11 +64,41 @@
     "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during the CreateDomainName and UpdateDomainName operations",
     "type": "String"
   },
+  "apigateway:request/portaldisplayname": {
+    "key": "apigateway:Request/PortalDisplayName",
+    "description": "Filters access by a Portal's Display Name that is passed in the request",
+    "type": "String"
+  },
+  "apigateway:request/portaldomainname": {
+    "key": "apigateway:Request/PortalDomainName",
+    "description": "Filters access by a Portal's vanity domain name that is passed in the request",
+    "type": "String"
+  },
+  "apigateway:request/portalproductdisplayname": {
+    "key": "apigateway:Request/PortalProductDisplayName",
+    "description": "Filters access by a PortalProduct's Display Name that is passed in the request",
+    "type": "String"
+  },
   "apigateway:request/priority": {
     "key": "apigateway:Request/Priority",
     "description": "Filters access by priority of the routing rule. Available during the CreateRoutingRule and UpdateRoutingRule operations",
     "type": "Numeric"
   },
+  "apigateway:request/productpagetitle": {
+    "key": "apigateway:Request/ProductPageTitle",
+    "description": "Filters access by a ProductPage's Title that is passed in the request",
+    "type": "String"
+  },
+  "apigateway:request/productrestendpointpageendpointprefix": {
+    "key": "apigateway:Request/ProductRestEndpointPageEndpointPrefix",
+    "description": "Filters access by a ProductRestEndpointPage's EndpointPrefix that is passed in the request",
+    "type": "String"
+  },
+  "apigateway:request/restapiid": {
+    "key": "apigateway:Request/RestApiId",
+    "description": "Filters access by a ProductRestEndpointPage's Amazon API Gateway API ID that is passed in the request",
+    "type": "String"
+  },
   "apigateway:request/routeauthorizationtype": {
     "key": "apigateway:Request/RouteAuthorizationType",
     "description": "Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the CreateMethod and PutMethod operations Also available as a collection during import",
@@ -74,6 +114,11 @@
     "description": "Filters access by TLS version. Available during the CreateDomain and UpdateDomain operations",
     "type": "ArrayOfString"
   },
+  "apigateway:request/stage": {
+    "key": "apigateway:Request/Stage",
+    "description": "Filters access by a ProductRestEndpointPage's Amazon API Gateway Stage Name that is passed in the request",
+    "type": "String"
+  },
   "apigateway:request/stagename": {
     "key": "apigateway:Request/StageName",
     "description": "Filters access by stage name of the deployment that you attempt to create. Available during the CreateDeployment operation",
@@ -109,6 +154,11 @@
     "description": "Filters access by URI of a Lambda authorizer function. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during reimport as an ArrayOfString",
     "type": "ArrayOfString"
   },
+  "apigateway:resource/cognitouserpoolarn": {
+    "key": "apigateway:Resource/CognitoUserPoolArn",
+    "description": "Filters access by a Portal's CognitoUserPoolArn associated with the resource",
+    "type": "ARN"
+  },
   "apigateway:resource/conditionbasepaths": {
     "key": "apigateway:Resource/ConditionBasePaths",
     "description": "Filters access by base paths defined on the condition of the existing routing rule. Available during the UpdateRoutingRule and DeleteRoutingRule operations",
@@ -124,6 +174,11 @@
     "description": "Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateRestApi, and DeleteRestApi operations",
     "type": "ArrayOfString"
   },
+  "apigateway:resource/method": {
+    "key": "apigateway:Resource/Method",
+    "description": "Filters access by a ProductRestEndpointPage's HTTP Method associated with the resource",
+    "type": "String"
+  },
   "apigateway:resource/mtlstruststoreuri": {
     "key": "apigateway:Resource/MtlsTrustStoreUri",
     "description": "Filters access by URI of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations",
@@ -134,11 +189,46 @@
     "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations",
     "type": "String"
   },
+  "apigateway:resource/portaldisplayname": {
+    "key": "apigateway:Resource/PortalDisplayName",
+    "description": "Filters access by a Portal's Display Name associated with the resource",
+    "type": "String"
+  },
+  "apigateway:resource/portaldomainname": {
+    "key": "apigateway:Resource/PortalDomainName",
+    "description": "Filters access by a Portal's vanity domain name associated with the resource",
+    "type": "String"
+  },
+  "apigateway:resource/portalproductdisplayname": {
+    "key": "apigateway:Resource/PortalProductDisplayName",
+    "description": "Filters access by a PortalProduct's Display Name associated with the resource",
+    "type": "String"
+  },
+  "apigateway:resource/portalpublishstatus": {
+    "key": "apigateway:Resource/PortalPublishStatus",
+    "description": "Filters access by a Portal's published status associated with the resource",
+    "type": "String"
+  },
   "apigateway:resource/priority": {
     "key": "apigateway:Resource/Priority",
     "description": "Filters access by priority of the existing routing rule. Available during the UpdateRoutingRule and DeleteRoutingRule operations",
     "type": "Numeric"
   },
+  "apigateway:resource/productpagetitle": {
+    "key": "apigateway:Resource/ProductPageTitle",
+    "description": "Filters access by a ProductPage's Title associated with the resource",
+    "type": "String"
+  },
+  "apigateway:resource/productrestendpointpageendpointprefix": {
+    "key": "apigateway:Resource/ProductRestEndpointPageEndpointPrefix",
+    "description": "Filters access by a ProductRestEndpointPage's EndpointPrefix associated with the resource",
+    "type": "String"
+  },
+  "apigateway:resource/restapiid": {
+    "key": "apigateway:Resource/RestApiId",
+    "description": "Filters access by a ProductRestEndpointPage's Amazon API Gateway API ID associated with the resource",
+    "type": "String"
+  },
   "apigateway:resource/routeauthorizationtype": {
     "key": "apigateway:Resource/RouteAuthorizationType",
     "description": "Filters access by authorization type of the existing Method resource, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport",
@@ -154,6 +244,11 @@
     "description": "Filters access by TLS version. Available during UpdateDomain and DeleteDomain operations",
     "type": "ArrayOfString"
   },
+  "apigateway:resource/stage": {
+    "key": "apigateway:Resource/Stage",
+    "description": "Filters access by a ProductRestEndpointPage's Amazon API Gateway Stage Name associated with the resource",
+    "type": "String"
+  },
   "aws:requesttag/${tagkey}": {
     "key": "aws:RequestTag/${TagKey}",
     "description": "Filters access by the tag key-value pairs in the request",

iamdata/data/conditionKeys/aws-mcp.json

@@ -0,0 +1 @@
+{}

iamdata/data/conditionKeys/bedrock-mantle.json

@@ -0,0 +1,17 @@
+{
+  "bedrock-mantle:bearertokentype": {
+    "key": "bedrock-mantle:BearerTokenType",
+    "description": "Filters access by the Short-term or Long-term bearer tokens",
+    "type": "String"
+  },
+  "bedrock-mantle:model": {
+    "key": "bedrock-mantle:Model",
+    "description": "Filters access by the specified Model",
+    "type": "String"
+  },
+  "bedrock-mantle:servicetier": {
+    "key": "bedrock-mantle:ServiceTier",
+    "description": "Filters access by the specified ServiceTier",
+    "type": "String"
+  }
+}

iamdata/data/conditionKeys/bedrock.json

@@ -39,6 +39,11 @@
     "description": "Filters access by the specified prompt router",
     "type": "ARN"
   },
+  "bedrock:servicetier": {
+    "key": "bedrock:ServiceTier",
+    "description": "Filters access by the specified ServiceTier",
+    "type": "String"
+  },
   "bedrock:thirdpartyknowledgebasecredentialssecretarn": {
     "key": "bedrock:ThirdPartyKnowledgeBaseCredentialsSecretArn",
     "description": "Filters access by the secretArn containing the credentials of the third party platform",

iamdata/data/conditionKeys/cognito-identity.json

@@ -1,17 +1,42 @@
 {
   "aws:requesttag/${tagkey}": {
     "key": "aws:RequestTag/${TagKey}",
-    "description": "Filters actions based on the presence of tag key-value pairs in the request",
+    "description": "Filters access by tag key-value pairs in the request",
     "type": "String"
   },
   "aws:resourcetag/${tagkey}": {
     "key": "aws:ResourceTag/${TagKey}",
-    "description": "Filters actions based on tag key-value pairs attached to the resource",
+    "description": "Filters access by tag key-value pairs attached to the resource",
     "type": "String"
   },
   "aws:tagkeys": {
     "key": "aws:TagKeys",
     "description": "Filters access by a key that is present in the request",
     "type": "ArrayOfString"
+  },
+  "cognito-identity-auth:accountid": {
+    "key": "cognito-identity-auth:AccountId",
+    "description": "Filters access by the owning AWS account ID for identity pool authenticated users. Applies to unauthenticated (public) API operations",
+    "type": "String"
+  },
+  "cognito-identity-auth:identitypoolarn": {
+    "key": "cognito-identity-auth:IdentityPoolArn",
+    "description": "Filters access by the identity pool ID for a given authenticated-user identity ID. Applies to unauthenticated (public) API operations",
+    "type": "ARN"
+  },
+  "cognito-identity-unauth:accountid": {
+    "key": "cognito-identity-unauth:AccountId",
+    "description": "Filters access by the owning AWS account ID of an identity pool for identity pool guest users. Applies to unauthenticated (public) API operations",
+    "type": "String"
+  },
+  "cognito-identity-unauth:identitypoolarn": {
+    "key": "cognito-identity-unauth:IdentityPoolArn",
+    "description": "Filters access by the identity pool ID for a given guest-user identity ID. Applies to unauthenticated (public) API operations",
+    "type": "ARN"
+  },
+  "cognito-identity:identitypoolarn": {
+    "key": "cognito-identity:IdentityPoolArn",
+    "description": "Filters access by the identity pool ID for a given identity ID for DeleteIdentities and DescribeIdentity",
+    "type": "ARN"
   }
 }

iamdata/data/conditionKeys/connect.json

@@ -39,6 +39,11 @@
     "description": "Filters access by restricting access to create contacts based on the initiation method of the contact",
     "type": "String"
   },
+  "connect:expressionvalue": {
+    "key": "connect:ExpressionValue",
+    "description": "Filters access by restricting data table operations based on expression type",
+    "type": "String"
+  },
   "connect:flowtype": {
     "key": "connect:FlowType",
     "description": "Filters access by Flow type",
@@ -69,6 +74,11 @@
     "description": "Filters access by PreferredUserArn",
     "type": "ARN"
   },
+  "connect:primaryattribute/${primaryattribute}": {
+    "key": "connect:PrimaryAttribute/${PrimaryAttribute}",
+    "description": "Filters access by restricting which primary attributes the user can manage",
+    "type": "String"
+  },
   "connect:searchcontactsbycontactanalysis": {
     "key": "connect:SearchContactsByContactAnalysis",
     "description": "Filters access by restricting searches using analysis outputs from Amazon Connect Contact Lens",

iamdata/data/conditionKeys/dynamodb.json

@@ -24,6 +24,16 @@
     "description": "Filters access by blocking Transactions APIs calls and allow the non-Transaction APIs calls and vice-versa",
     "type": "String"
   },
+  "dynamodb:firstpartitionkeyvalues": {
+    "key": "dynamodb:FirstPartitionKeyValues",
+    "description": "Filters access by the first partition key of the table",
+    "type": "ArrayOfString"
+  },
+  "dynamodb:fourthpartitionkeyvalues": {
+    "key": "dynamodb:FourthPartitionKeyValues",
+    "description": "Filters access by the forth partition key of the table",
+    "type": "ArrayOfString"
+  },
   "dynamodb:fulltablescan": {
     "key": "dynamodb:FullTableScan",
     "description": "Filters access by blocking full table scan",
@@ -31,7 +41,7 @@
   },
   "dynamodb:leadingkeys": {
     "key": "dynamodb:LeadingKeys",
-    "description": "Filters access by the partition key of the table",
+    "description": "Filters access by the first partition key of the table",
     "type": "ArrayOfString"
   },
   "dynamodb:returnconsumedcapacity": {
@@ -44,9 +54,19 @@
     "description": "Filters access by the ReturnValues parameter of request. Contains one of the following: \"ALL_OLD\", \"UPDATED_OLD\",\"ALL_NEW\",\"UPDATED_NEW\", or \"NONE\"",
     "type": "String"
   },
+  "dynamodb:secondpartitionkeyvalues": {
+    "key": "dynamodb:SecondPartitionKeyValues",
+    "description": "Filters access by the second partition key of the table",
+    "type": "ArrayOfString"
+  },
   "dynamodb:select": {
     "key": "dynamodb:Select",
     "description": "Filters access by the Select parameter of a Query or Scan request",
     "type": "String"
+  },
+  "dynamodb:thirdpartitionkeyvalues": {
+    "key": "dynamodb:ThirdPartitionKeyValues",
+    "description": "Filters access by the third partition key of the table",
+    "type": "ArrayOfString"
   }
 }

iamdata/data/conditionKeys/ec2.json

@@ -99,6 +99,11 @@
     "description": "Filters access by the ARN of the CloudWatch Logs log stream",
     "type": "ARN"
   },
+  "ec2:commitmentduration": {
+    "key": "ec2:CommitmentDuration",
+    "description": "Filters access by commitment duration of the Capacity Reservation",
+    "type": "Numeric"
+  },
   "ec2:cpuoptionsamdsevsnp": {
     "key": "ec2:CpuOptionsAmdSevSnp",
     "description": "Filters access by the state of AMD SEV-SNP CPU Options. Currently, only US East (Ohio) and Europe (Ireland) are supported",
@@ -269,6 +274,21 @@
     "description": "Filters access by the ID of an internet gateway",
     "type": "String"
   },
+  "ec2:interruptiblecapacityreservationid": {
+    "key": "ec2:InterruptibleCapacityReservationId",
+    "description": "Filters access by the ID of an interruptible Capacity Reservation",
+    "type": "String"
+  },
+  "ec2:interruptiontype": {
+    "key": "ec2:InterruptionType",
+    "description": "Filters access by the type of interruption",
+    "type": "String"
+  },
+  "ec2:ipamprefixlistresolvertargetid": {
+    "key": "ec2:IpamPrefixListResolverTargetId",
+    "description": "Filters access by the IPAM prefix list resolver target ID that is syncing CIDRs to a managed prefix list",
+    "type": "String"
+  },
   "ec2:ipv4ipampoolid": {
     "key": "ec2:Ipv4IpamPoolId",
     "description": "Filters access by the ID of an IPAM pool provided for IPv4 CIDR block allocation",
@@ -279,6 +299,11 @@
     "description": "Filters access by the ID of an IPAM pool provided for IPv6 CIDR block allocation",
     "type": "String"
   },
+  "ec2:isinterruptible": {
+    "key": "ec2:IsInterruptible",
+    "description": "Filters access by whether Capacity Reservations are interruptible",
+    "type": "Bool"
+  },
   "ec2:islaunchtemplateresource": {
     "key": "ec2:IsLaunchTemplateResource",
     "description": "Filters access by whether users are able to override resources that are specified in the launch template",
@@ -574,6 +599,11 @@
     "description": "Filters access by the ID of a subnet",
     "type": "String"
   },
+  "ec2:targetinstancecount": {
+    "key": "ec2:TargetInstanceCount",
+    "description": "Filters access by the number of instances the interruptible Capacity Reservation is assigned",
+    "type": "Numeric"
+  },
   "ec2:tenancy": {
     "key": "ec2:Tenancy",
     "description": "Filters access by the tenancy of the VPC or instance (default, dedicated, or host)",
@@ -629,6 +659,16 @@
     "description": "Filters access by multi region of the VPC endpoint service",
     "type": "String"
   },
+  "ec2:vpceprivatednspreference": {
+    "key": "ec2:VpcePrivateDnsPreference",
+    "description": "Filters access by the private DNS preference",
+    "type": "String"
+  },
+  "ec2:vpceprivatednsspecifieddomains": {
+    "key": "ec2:VpcePrivateDnsSpecifiedDomains",
+    "description": "Filters access by the private DNS domains",
+    "type": "ArrayOfString"
+  },
   "ec2:vpceservicename": {
     "key": "ec2:VpceServiceName",
     "description": "Filters access by the name of the VPC endpoint service",
@@ -669,6 +709,11 @@
     "description": "Filters access by the ID of a transit gateway",
     "type": "String"
   },
+  "ec2:transitgatewaymeteringpolicyid": {
+    "key": "ec2:transitGatewayMeteringPolicyId",
+    "description": "Filters access by the ID of a metering policy id",
+    "type": "String"
+  },
   "ec2:transitgatewaymulticastdomainid": {
     "key": "ec2:transitGatewayMulticastDomainId",
     "description": "Filters access by the ID of a transit gateway multicast domain",

iamdata/data/conditionKeys/glue.json

@@ -26,7 +26,7 @@
   },
   "glue:federatedauthorizationsource": {
     "key": "glue:FederatedAuthorizationSource",
-    "description": "Filters access by whether the resource belongs to federarted authorization",
+    "description": "Filters access by whether the resource belongs to federated authorization",
     "type": "String"
   },
   "glue:lakeformationpermissions": {

iamdata/data/conditionKeys/iam.json

@@ -24,6 +24,16 @@
     "description": "Filters access by the resource that the role will be used on behalf of",
     "type": "ARN"
   },
+  "iam:delegationduration": {
+    "key": "iam:DelegationDuration",
+    "description": "Filters access based on the requested delegation duration",
+    "type": "String"
+  },
+  "iam:delegationrequestowner": {
+    "key": "iam:DelegationRequestOwner",
+    "description": "Filters access based on the delegation request owner",
+    "type": "ARN"
+  },
   "iam:fido-fips-140-2-certification": {
     "key": "iam:FIDO-FIPS-140-2-certification",
     "description": "Filters access by the MFA device FIPS-140-2 validation certification level at the time of registration of a FIDO security key",
@@ -39,6 +49,11 @@
     "description": "Filters access by the MFA device FIDO certification level at the time of registration of a FIDO security key",
     "type": "String"
   },
+  "iam:notificationchannel": {
+    "key": "iam:NotificationChannel",
+    "description": "Filters access based on the requested notification channel",
+    "type": "String"
+  },
   "iam:organizationspolicyid": {
     "key": "iam:OrganizationsPolicyId",
     "description": "Filters access by the ID of an AWS Organizations policy",
@@ -78,5 +93,10 @@
     "key": "iam:ServiceSpecificCredentialServiceName",
     "description": "Filters access by the service associated with the credential",
     "type": "String"
+  },
+  "iam:templatearn": {
+    "key": "iam:TemplateArn",
+    "description": "Filters access based on the requested template ARN",
+    "type": "ARN"
   }
 }

iamdata/data/conditionKeys/identitystore.json

@@ -1,7 +1,32 @@
 {
+  "identitystore:groupexternalidissuers": {
+    "key": "identitystore:GroupExternalIdIssuers",
+    "description": "Filters access by Issuer present in ExternalIds for Group resources",
+    "type": "ArrayOfARN"
+  },
+  "identitystore:identitystorearn": {
+    "key": "identitystore:IdentityStoreArn",
+    "description": "Filters access by Identity Store ARN",
+    "type": "ARN"
+  },
+  "identitystore:primaryregion": {
+    "key": "identitystore:PrimaryRegion",
+    "description": "Filters access by Primary Region of Identity Store",
+    "type": "String"
+  },
+  "identitystore:reserveduserid": {
+    "key": "identitystore:ReservedUserId",
+    "description": "Filters access by a previously reserved User ID for CreateUser operation",
+    "type": "String"
+  },
+  "identitystore:userexternalidissuers": {
+    "key": "identitystore:UserExternalIdIssuers",
+    "description": "Filters access by Issuer present in ExternalIds for User resources",
+    "type": "ArrayOfARN"
+  },
   "identitystore:userid": {
     "key": "identitystore:UserId",
-    "description": "Filters access by IAM Identity Center User ID",
+    "description": "Filters access by Identity Store User ID",
     "type": "String"
   }
 }

iamdata/data/conditionKeys/nova-act.json

@@ -0,0 +1 @@
+{}

iamdata/data/conditionKeys/observabilityadmin.json

@@ -28,5 +28,10 @@
     "key": "observabilityadmin:CentralizationSourceRegions",
     "description": "Filters access by the source regions that are passed in the request",
     "type": "ArrayOfString"
+  },
+  "observabilityadmin:sourcetype": {
+    "key": "observabilityadmin:SourceType",
+    "description": "Filters access by the source type that is passed in the request",
+    "type": "String"
   }
 }

iamdata/data/conditionKeys/organizations.json

@@ -23,5 +23,15 @@
     "key": "organizations:ServicePrincipal",
     "description": "Filters access by the specified service principal names",
     "type": "String"
+  },
+  "organizations:transferdirection": {
+    "key": "organizations:TransferDirection",
+    "description": "Filters access by the specified responsibility transfer by the direction",
+    "type": "String"
+  },
+  "organizations:transfertype": {
+    "key": "organizations:TransferType",
+    "description": "Filters access by the specified responsibility transfer type names",
+    "type": "String"
   }
 }

iamdata/data/conditionKeys/partnercentral-account-management.json

@@ -1 +1,12 @@
-{}
+{
+  "partnercentral-account-management:legacypartnercentralrole": {
+    "key": "partnercentral-account-management:LegacyPartnerCentralRole",
+    "description": "Filters access by the Legacy Partner Central role",
+    "type": "ArrayOfString"
+  },
+  "partnercentral-account-management:marketingcentralrole": {
+    "key": "partnercentral-account-management:MarketingCentralRole",
+    "description": "Filters access by Marketing Central role",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/partnercentral.json

@@ -16,12 +16,32 @@
   },
   "partnercentral:catalog": {
     "key": "partnercentral:Catalog",
-    "description": "Filters access by a specific Catalog. Accepted values: [AWS, Sandbox]",
+    "description": "Filters access by a specific Catalog",
     "type": "String"
   },
+  "partnercentral:channelhandshaketype": {
+    "key": "partnercentral:ChannelHandshakeType",
+    "description": "Filters access by channel handshake types",
+    "type": "String"
+  },
+  "partnercentral:fulfillmenttypes": {
+    "key": "partnercentral:FulfillmentTypes",
+    "description": "Filters access by benefit fulfillment types",
+    "type": "ArrayOfString"
+  },
+  "partnercentral:programs": {
+    "key": "partnercentral:Programs",
+    "description": "Filters access by program",
+    "type": "ArrayOfString"
+  },
   "partnercentral:relatedentitytype": {
     "key": "partnercentral:RelatedEntityType",
-    "description": "Filters access by entity types for Opportunity association. Accepted values: [Solutions, AwsProducts, AwsMarketplaceOffers]",
+    "description": "Filters access by entity types for Opportunity association",
+    "type": "String"
+  },
+  "partnercentral:verificationtype": {
+    "key": "partnercentral:VerificationType",
+    "description": "Filters access by the type of verification being performed",
     "type": "String"
   }
 }

iamdata/data/conditionKeys/pricingplanmanager.json

@@ -0,0 +1 @@
+{}

iamdata/data/conditionKeys/route53globalresolver.json

@@ -0,0 +1,17 @@
+{
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair that is allowed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by a tag key and value pair of a resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by a list of tag keys that are allowed in the request",
+    "type": "ArrayOfString"
+  }
+}

iamdata/data/conditionKeys/s3.json

@@ -39,6 +39,11 @@
     "description": "Filters access by existing access point tag key and value",
     "type": "String"
   },
+  "s3:buckettag/${tagkey}": {
+    "key": "s3:BucketTag/${TagKey}",
+    "description": "Filters access by the tags associated with the bucket",
+    "type": "String"
+  },
   "s3:dataaccesspointaccount": {
     "key": "s3:DataAccessPointAccount",
     "description": "Filters access by the AWS Account ID that owns the access point",

iamdata/data/conditionKeys/s3tables.json

@@ -24,6 +24,11 @@
     "description": "Filters access by the server-side encryption algorithm used to encrypt a table",
     "type": "String"
   },
+  "s3tables:storageclass": {
+    "key": "s3tables:StorageClass",
+    "description": "Filters access by the storage class that can be set on tables under a table bucket",
+    "type": "String"
+  },
   "s3tables:tablebuckettag/${tagkey}": {
     "key": "s3tables:TableBucketTag/${TagKey}",
     "description": "Filters access by the tags associated with the table bucket",

iamdata/data/conditionKeys/s3vectors.json

@@ -1,4 +1,24 @@
 {
+  "aws:requesttag/${tagkey}": {
+    "key": "aws:RequestTag/${TagKey}",
+    "description": "Filters access by the tags that are passed in the request",
+    "type": "String"
+  },
+  "aws:resourcetag/${tagkey}": {
+    "key": "aws:ResourceTag/${TagKey}",
+    "description": "Filters access by the tags associated with the resource",
+    "type": "String"
+  },
+  "aws:tagkeys": {
+    "key": "aws:TagKeys",
+    "description": "Filters access by the tag keys that are passed in the request",
+    "type": "ArrayOfString"
+  },
+  "s3vectors:vectorbuckettag/${tagkey}": {
+    "key": "s3vectors:VectorBucketTag/${TagKey}",
+    "description": "Filters access by the tags associated with the vector bucket",
+    "type": "String"
+  },
   "s3vectors:kmskeyarn": {
     "key": "s3vectors:kmsKeyArn",
     "description": "Filters access by the AWS KMS key ARN for the key used to encrypt a vector bucket",

iamdata/data/conditionKeys/sagemaker-mlflow.json

@@ -3,10 +3,5 @@
     "key": "aws:ResourceTag/${TagKey}",
     "description": "Filters access by a tag key and value pair",
     "type": "String"
-  },
-  "sagemaker:resourcetag/${tagkey}": {
-    "key": "sagemaker:ResourceTag/${TagKey}",
-    "description": "Filters access by a tag key and value pair",
-    "type": "String"
   }
 }