iamdata 0.1.202512121__py3-none-any.whl → 0.1.202512281__py3-none-any.whl

iamdata/data/conditionKeys/apigateway.json

@@ -29,6 +29,11 @@
     "description": "Filters access by URI of a Lambda authorizer function. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString",
     "type": "ArrayOfString"
   },
+  "apigateway:request/cognitouserpoolarn": {
+    "key": "apigateway:Request/CognitoUserPoolArn",
+    "description": "Filters access by a Portal's CognitoUserPoolArn that is passed in the request",
+    "type": "ARN"
+  },
   "apigateway:request/conditionbasepaths": {
     "key": "apigateway:Request/ConditionBasePaths",
     "description": "Filters access by base paths defined on the condition of a routing rule. Available during the CreateRoutingRule and UpdateRoutingRule operations",
@@ -44,6 +49,11 @@
     "description": "Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateRestApi, and UpdateRestApi operations",
     "type": "ArrayOfString"
   },
+  "apigateway:request/method": {
+    "key": "apigateway:Request/Method",
+    "description": "Filters access by a ProductRestEndpointPage's HTTP Method that is passed in the request",
+    "type": "String"
+  },
   "apigateway:request/mtlstruststoreuri": {
     "key": "apigateway:Request/MtlsTrustStoreUri",
     "description": "Filters access by URI of the truststore used for mutual TLS authentication. Available during the CreateDomainName and UpdateDomainName operations",
@@ -54,11 +64,41 @@
     "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during the CreateDomainName and UpdateDomainName operations",
     "type": "String"
   },
+  "apigateway:request/portaldisplayname": {
+    "key": "apigateway:Request/PortalDisplayName",
+    "description": "Filters access by a Portal's Display Name that is passed in the request",
+    "type": "String"
+  },
+  "apigateway:request/portaldomainname": {
+    "key": "apigateway:Request/PortalDomainName",
+    "description": "Filters access by a Portal's vanity domain name that is passed in the request",
+    "type": "String"
+  },
+  "apigateway:request/portalproductdisplayname": {
+    "key": "apigateway:Request/PortalProductDisplayName",
+    "description": "Filters access by a PortalProduct's Display Name that is passed in the request",
+    "type": "String"
+  },
   "apigateway:request/priority": {
     "key": "apigateway:Request/Priority",
     "description": "Filters access by priority of the routing rule. Available during the CreateRoutingRule and UpdateRoutingRule operations",
     "type": "Numeric"
   },
+  "apigateway:request/productpagetitle": {
+    "key": "apigateway:Request/ProductPageTitle",
+    "description": "Filters access by a ProductPage's Title that is passed in the request",
+    "type": "String"
+  },
+  "apigateway:request/productrestendpointpageendpointprefix": {
+    "key": "apigateway:Request/ProductRestEndpointPageEndpointPrefix",
+    "description": "Filters access by a ProductRestEndpointPage's EndpointPrefix that is passed in the request",
+    "type": "String"
+  },
+  "apigateway:request/restapiid": {
+    "key": "apigateway:Request/RestApiId",
+    "description": "Filters access by a ProductRestEndpointPage's Amazon API Gateway API ID that is passed in the request",
+    "type": "String"
+  },
   "apigateway:request/routeauthorizationtype": {
     "key": "apigateway:Request/RouteAuthorizationType",
     "description": "Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the CreateMethod and PutMethod operations Also available as a collection during import",
@@ -74,6 +114,11 @@
     "description": "Filters access by TLS version. Available during the CreateDomain and UpdateDomain operations",
     "type": "ArrayOfString"
   },
+  "apigateway:request/stage": {
+    "key": "apigateway:Request/Stage",
+    "description": "Filters access by a ProductRestEndpointPage's Amazon API Gateway Stage Name that is passed in the request",
+    "type": "String"
+  },
   "apigateway:request/stagename": {
     "key": "apigateway:Request/StageName",
     "description": "Filters access by stage name of the deployment that you attempt to create. Available during the CreateDeployment operation",
@@ -109,6 +154,11 @@
     "description": "Filters access by URI of a Lambda authorizer function. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during reimport as an ArrayOfString",
     "type": "ArrayOfString"
   },
+  "apigateway:resource/cognitouserpoolarn": {
+    "key": "apigateway:Resource/CognitoUserPoolArn",
+    "description": "Filters access by a Portal's CognitoUserPoolArn associated with the resource",
+    "type": "ARN"
+  },
   "apigateway:resource/conditionbasepaths": {
     "key": "apigateway:Resource/ConditionBasePaths",
     "description": "Filters access by base paths defined on the condition of the existing routing rule. Available during the UpdateRoutingRule and DeleteRoutingRule operations",
@@ -124,6 +174,11 @@
     "description": "Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateRestApi, and DeleteRestApi operations",
     "type": "ArrayOfString"
   },
+  "apigateway:resource/method": {
+    "key": "apigateway:Resource/Method",
+    "description": "Filters access by a ProductRestEndpointPage's HTTP Method associated with the resource",
+    "type": "String"
+  },
   "apigateway:resource/mtlstruststoreuri": {
     "key": "apigateway:Resource/MtlsTrustStoreUri",
     "description": "Filters access by URI of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations",
@@ -134,11 +189,46 @@
     "description": "Filters access by version of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations",
     "type": "String"
   },
+  "apigateway:resource/portaldisplayname": {
+    "key": "apigateway:Resource/PortalDisplayName",
+    "description": "Filters access by a Portal's Display Name associated with the resource",
+    "type": "String"
+  },
+  "apigateway:resource/portaldomainname": {
+    "key": "apigateway:Resource/PortalDomainName",
+    "description": "Filters access by a Portal's vanity domain name associated with the resource",
+    "type": "String"
+  },
+  "apigateway:resource/portalproductdisplayname": {
+    "key": "apigateway:Resource/PortalProductDisplayName",
+    "description": "Filters access by a PortalProduct's Display Name associated with the resource",
+    "type": "String"
+  },
+  "apigateway:resource/portalpublishstatus": {
+    "key": "apigateway:Resource/PortalPublishStatus",
+    "description": "Filters access by a Portal's published status associated with the resource",
+    "type": "String"
+  },
   "apigateway:resource/priority": {
     "key": "apigateway:Resource/Priority",
     "description": "Filters access by priority of the existing routing rule. Available during the UpdateRoutingRule and DeleteRoutingRule operations",
     "type": "Numeric"
   },
+  "apigateway:resource/productpagetitle": {
+    "key": "apigateway:Resource/ProductPageTitle",
+    "description": "Filters access by a ProductPage's Title associated with the resource",
+    "type": "String"
+  },
+  "apigateway:resource/productrestendpointpageendpointprefix": {
+    "key": "apigateway:Resource/ProductRestEndpointPageEndpointPrefix",
+    "description": "Filters access by a ProductRestEndpointPage's EndpointPrefix associated with the resource",
+    "type": "String"
+  },
+  "apigateway:resource/restapiid": {
+    "key": "apigateway:Resource/RestApiId",
+    "description": "Filters access by a ProductRestEndpointPage's Amazon API Gateway API ID associated with the resource",
+    "type": "String"
+  },
   "apigateway:resource/routeauthorizationtype": {
     "key": "apigateway:Resource/RouteAuthorizationType",
     "description": "Filters access by authorization type of the existing Method resource, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport",
@@ -154,6 +244,11 @@
     "description": "Filters access by TLS version. Available during UpdateDomain and DeleteDomain operations",
     "type": "ArrayOfString"
   },
+  "apigateway:resource/stage": {
+    "key": "apigateway:Resource/Stage",
+    "description": "Filters access by a ProductRestEndpointPage's Amazon API Gateway Stage Name associated with the resource",
+    "type": "String"
+  },
   "aws:requesttag/${tagkey}": {
     "key": "aws:RequestTag/${TagKey}",
     "description": "Filters access by the tag key-value pairs in the request",

iamdata/data/conditionKeys/cognito-identity.json

@@ -1,17 +1,42 @@
 {
   "aws:requesttag/${tagkey}": {
     "key": "aws:RequestTag/${TagKey}",
-    "description": "Filters actions based on the presence of tag key-value pairs in the request",
+    "description": "Filters access by tag key-value pairs in the request",
     "type": "String"
   },
   "aws:resourcetag/${tagkey}": {
     "key": "aws:ResourceTag/${TagKey}",
-    "description": "Filters actions based on tag key-value pairs attached to the resource",
+    "description": "Filters access by tag key-value pairs attached to the resource",
     "type": "String"
   },
   "aws:tagkeys": {
     "key": "aws:TagKeys",
     "description": "Filters access by a key that is present in the request",
     "type": "ArrayOfString"
+  },
+  "cognito-identity-auth:accountid": {
+    "key": "cognito-identity-auth:AccountId",
+    "description": "Filters access by the owning AWS account ID for identity pool authenticated users. Applies to unauthenticated (public) API operations",
+    "type": "String"
+  },
+  "cognito-identity-auth:identitypoolarn": {
+    "key": "cognito-identity-auth:IdentityPoolArn",
+    "description": "Filters access by the identity pool ID for a given authenticated-user identity ID. Applies to unauthenticated (public) API operations",
+    "type": "ARN"
+  },
+  "cognito-identity-unauth:accountid": {
+    "key": "cognito-identity-unauth:AccountId",
+    "description": "Filters access by the owning AWS account ID of an identity pool for identity pool guest users. Applies to unauthenticated (public) API operations",
+    "type": "String"
+  },
+  "cognito-identity-unauth:identitypoolarn": {
+    "key": "cognito-identity-unauth:IdentityPoolArn",
+    "description": "Filters access by the identity pool ID for a given guest-user identity ID. Applies to unauthenticated (public) API operations",
+    "type": "ARN"
+  },
+  "cognito-identity:identitypoolarn": {
+    "key": "cognito-identity:IdentityPoolArn",
+    "description": "Filters access by the identity pool ID for a given identity ID for DeleteIdentities and DescribeIdentity",
+    "type": "ARN"
   }
 }

iamdata/data/conditionKeys/ec2.json

@@ -99,6 +99,11 @@
     "description": "Filters access by the ARN of the CloudWatch Logs log stream",
     "type": "ARN"
   },
+  "ec2:commitmentduration": {
+    "key": "ec2:CommitmentDuration",
+    "description": "Filters access by commitment duration of the Capacity Reservation",
+    "type": "Numeric"
+  },
   "ec2:cpuoptionsamdsevsnp": {
     "key": "ec2:CpuOptionsAmdSevSnp",
     "description": "Filters access by the state of AMD SEV-SNP CPU Options. Currently, only US East (Ohio) and Europe (Ireland) are supported",
@@ -269,6 +274,21 @@
     "description": "Filters access by the ID of an internet gateway",
     "type": "String"
   },
+  "ec2:interruptiblecapacityreservationid": {
+    "key": "ec2:InterruptibleCapacityReservationId",
+    "description": "Filters access by the ID of an interruptible Capacity Reservation",
+    "type": "String"
+  },
+  "ec2:interruptiontype": {
+    "key": "ec2:InterruptionType",
+    "description": "Filters access by the type of interruption",
+    "type": "String"
+  },
+  "ec2:ipamprefixlistresolvertargetid": {
+    "key": "ec2:IpamPrefixListResolverTargetId",
+    "description": "Filters access by the IPAM prefix list resolver target ID that is syncing CIDRs to a managed prefix list",
+    "type": "String"
+  },
   "ec2:ipv4ipampoolid": {
     "key": "ec2:Ipv4IpamPoolId",
     "description": "Filters access by the ID of an IPAM pool provided for IPv4 CIDR block allocation",
@@ -279,6 +299,11 @@
     "description": "Filters access by the ID of an IPAM pool provided for IPv6 CIDR block allocation",
     "type": "String"
   },
+  "ec2:isinterruptible": {
+    "key": "ec2:IsInterruptible",
+    "description": "Filters access by whether Capacity Reservations are interruptible",
+    "type": "Bool"
+  },
   "ec2:islaunchtemplateresource": {
     "key": "ec2:IsLaunchTemplateResource",
     "description": "Filters access by whether users are able to override resources that are specified in the launch template",
@@ -574,6 +599,11 @@
     "description": "Filters access by the ID of a subnet",
     "type": "String"
   },
+  "ec2:targetinstancecount": {
+    "key": "ec2:TargetInstanceCount",
+    "description": "Filters access by the number of instances the interruptible Capacity Reservation is assigned",
+    "type": "Numeric"
+  },
   "ec2:tenancy": {
     "key": "ec2:Tenancy",
     "description": "Filters access by the tenancy of the VPC or instance (default, dedicated, or host)",
@@ -629,6 +659,16 @@
     "description": "Filters access by multi region of the VPC endpoint service",
     "type": "String"
   },
+  "ec2:vpceprivatednspreference": {
+    "key": "ec2:VpcePrivateDnsPreference",
+    "description": "Filters access by the private DNS preference",
+    "type": "String"
+  },
+  "ec2:vpceprivatednsspecifieddomains": {
+    "key": "ec2:VpcePrivateDnsSpecifiedDomains",
+    "description": "Filters access by the private DNS domains",
+    "type": "ArrayOfString"
+  },
   "ec2:vpceservicename": {
     "key": "ec2:VpceServiceName",
     "description": "Filters access by the name of the VPC endpoint service",
@@ -669,6 +709,11 @@
     "description": "Filters access by the ID of a transit gateway",
     "type": "String"
   },
+  "ec2:transitgatewaymeteringpolicyid": {
+    "key": "ec2:transitGatewayMeteringPolicyId",
+    "description": "Filters access by the ID of a metering policy id",
+    "type": "String"
+  },
   "ec2:transitgatewaymulticastdomainid": {
     "key": "ec2:transitGatewayMulticastDomainId",
     "description": "Filters access by the ID of a transit gateway multicast domain",

iamdata/data/conditionKeys/sagemaker-mlflow.json

@@ -3,10 +3,5 @@
     "key": "aws:ResourceTag/${TagKey}",
     "description": "Filters access by a tag key and value pair",
     "type": "String"
-  },
-  "sagemaker:resourcetag/${tagkey}": {
-    "key": "sagemaker:ResourceTag/${TagKey}",
-    "description": "Filters access by a tag key and value pair",
-    "type": "String"
   }
 }

iamdata/data/conditionKeys/sagemaker.json

@@ -244,6 +244,11 @@
     "description": "Filters access by the sharing type associated with the space in the request",
     "type": "String"
   },
+  "sagemaker:studiolifecycleconfigarns": {
+    "key": "sagemaker:StudioLifecycleConfigArns",
+    "description": "Filters access by the list of lifecycle configuration ARNs associated with the resource in the request",
+    "type": "ArrayOfARN"
+  },
   "sagemaker:taggingaction": {
     "key": "sagemaker:TaggingAction",
     "description": "Filters access by the API actions to which a user can apply tags. Uses the name of the API operation that creates a taggable resource to filter access",

iamdata/data/conditionKeys/ssm.json

@@ -39,6 +39,11 @@
     "description": "Filters access by verifying that a user has permission to access a document belonging to a specific document type. Only available in \"aws\", \"aws-cn\", and \"aws-us-gov\" partitions",
     "type": "String"
   },
+  "ssm:documentversion": {
+    "key": "ssm:DocumentVersion",
+    "description": "Filters access by verifying that a user has permission to access a specific version of a document",
+    "type": "ArrayOfString"
+  },
   "ssm:inventorytypename": {
     "key": "ssm:InventoryTypeName",
     "description": "Filters access by verifying that a user also has access to the InventoryType specified in the request",

iamdata/data/conditionPatterns.json

@@ -134,9 +134,9 @@
     "s3:RequestObjectTag/.+?": "s3:RequestObjectTag/<key>"
   },
   "sagemaker": {
-    "sagemaker:ResourceTag/.+?": "sagemaker:ResourceTag/${TagKey}",
     "sagemaker:CurrentCustomerMetadataProperties/.+?": "sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}",
     "sagemaker:CustomerMetadataProperties/.+?": "sagemaker:CustomerMetadataProperties/${MetadataKey}",
+    "sagemaker:ResourceTag/.+?": "sagemaker:ResourceTag/${TagKey}",
     "sagemaker:SearchVisibilityCondition/.+?": "sagemaker:SearchVisibilityCondition/${FilterKey}"
   },
   "vpc-lattice-svcs": {

iamdata/data/metadata.json

@@ -1,4 +1,4 @@
 {
-  "version": "0.1.202512121",
-  "updatedAt": "2025-12-12T04:56:31.146Z"
+  "version": "0.1.202512281",
+  "updatedAt": "2025-12-28T05:03:38.268Z"
 }

iamdata/data/resourceTypes/apigateway.json

@@ -254,6 +254,44 @@
       "aws:ResourceTag/${TagKey}"
     ]
   },
+  "portal": {
+    "key": "Portal",
+    "arn": "arn:${Partition}:apigateway:${Region}:${Account}:/portals/${PortalId}",
+    "conditionKeys": [
+      "apigateway:Resource/CognitoUserPoolArn",
+      "apigateway:Resource/PortalDisplayName",
+      "apigateway:Resource/PortalDomainName",
+      "apigateway:Resource/PortalPublishStatus",
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
+  "portalproduct": {
+    "key": "PortalProduct",
+    "arn": "arn:${Partition}:apigateway:${Region}:${Account}:/portalproducts/${PortalProductId}",
+    "conditionKeys": [
+      "apigateway:Resource/PortalProductDisplayName",
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
+  "productpage": {
+    "key": "ProductPage",
+    "arn": "arn:${Partition}:apigateway:${Region}:${Account}:/portalproducts/${PortalProductId}/productpages/${ProductPageId}",
+    "conditionKeys": [
+      "apigateway:Resource/ProductPageTitle",
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
+  "productrestendpointpage": {
+    "key": "ProductRestEndpointPage",
+    "arn": "arn:${Partition}:apigateway:${Region}:${Account}:/portalproducts/${PortalProductId}/productrestendpointpages/${ProductRestEndpointPageId}",
+    "conditionKeys": [
+      "apigateway:Resource/Method",
+      "apigateway:Resource/ProductRestEndpointPageEndpointPrefix",
+      "apigateway:Resource/RestApiId",
+      "apigateway:Resource/Stage",
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
   "account": {
     "key": "Account",
     "arn": "arn:${Partition}:apigateway:${Region}::/account"

iamdata/data/resourceTypes/bedrock.json

@@ -212,7 +212,7 @@
   },
   "custom-model-deployment": {
     "key": "custom-model-deployment",
-    "arn": "arn:${Partition}:bedrock:${Region}:${Account}:custom-model/${ResourceId}",
+    "arn": "arn:${Partition}:bedrock:${Region}:${Account}:custom-model-deployment/${ResourceId}",
     "conditionKeys": [
       "aws:ResourceTag/${TagKey}"
     ]

iamdata/data/resourceTypes/deadline.json

@@ -39,10 +39,6 @@
       "aws:ResourceTag/${TagKey}"
     ]
   },
-  "metered-product": {
-    "key": "metered-product",
-    "arn": "arn:${Partition}:deadline:${Region}:${Account}:license-endpoint/${LicenseEndpointId}/metered-product/${ProductId}"
-  },
   "monitor": {
     "key": "monitor",
     "arn": "arn:${Partition}:deadline:${Region}:${Account}:monitor/${MonitorId}",

iamdata/data/resourceTypes/ec2.json

@@ -66,6 +66,7 @@
       "ec2:AvailabilityZone",
       "ec2:AvailabilityZoneId",
       "ec2:CapacityReservationFleet",
+      "ec2:CommitmentDuration",
       "ec2:CreateDate",
       "ec2:DestinationCapacityReservationId",
       "ec2:EbsOptimized",
@@ -76,6 +77,9 @@
       "ec2:InstanceMatchCriteria",
       "ec2:InstancePlatform",
       "ec2:InstanceType",
+      "ec2:InterruptibleCapacityReservationId",
+      "ec2:InterruptionType",
+      "ec2:IsInterruptible",
       "ec2:IsLaunchTemplateResource",
       "ec2:LaunchTemplate",
       "ec2:OutpostArn",
@@ -83,6 +87,7 @@
       "ec2:Region",
       "ec2:ResourceTag/${TagKey}",
       "ec2:SourceCapacityReservationId",
+      "ec2:TargetInstanceCount",
       "ec2:Tenancy"
     ]
   },
@@ -419,6 +424,19 @@
       "ec2:ResourceTag/${TagKey}"
     ]
   },
+  "ipam-policy": {
+    "key": "ipam-policy",
+    "arn": "arn:${Partition}:ec2::${Account}:ipam-policy/${IpamPolicyId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys",
+      "ec2:Attribute",
+      "ec2:Attribute/${AttributeName}",
+      "ec2:Region",
+      "ec2:ResourceTag/${TagKey}"
+    ]
+  },
   "ipam-pool": {
     "key": "ipam-pool",
     "arn": "arn:${Partition}:ec2::${Account}:ipam-pool/${IpamPoolId}",
@@ -432,6 +450,32 @@
       "ec2:ResourceTag/${TagKey}"
     ]
   },
+  "ipam-prefix-list-resolver": {
+    "key": "ipam-prefix-list-resolver",
+    "arn": "arn:${Partition}:ec2::${Account}:ipam-prefix-list-resolver/${IpamPrefixListResolverId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys",
+      "ec2:Attribute",
+      "ec2:Attribute/${AttributeName}",
+      "ec2:Region",
+      "ec2:ResourceTag/${TagKey}"
+    ]
+  },
+  "ipam-prefix-list-resolver-target": {
+    "key": "ipam-prefix-list-resolver-target",
+    "arn": "arn:${Partition}:ec2::${Account}:ipam-prefix-list-resolver-target/${IpamPrefixListResolverTargetId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys",
+      "ec2:Attribute",
+      "ec2:Attribute/${AttributeName}",
+      "ec2:Region",
+      "ec2:ResourceTag/${TagKey}"
+    ]
+  },
   "ipam-resource-discovery-association": {
     "key": "ipam-resource-discovery-association",
     "arn": "arn:${Partition}:ec2::${Account}:ipam-resource-discovery-association/${IpamResourceDiscoveryAssociationId}",
@@ -623,7 +667,8 @@
       "aws:ResourceTag/${TagKey}",
       "aws:TagKeys",
       "ec2:Region",
-      "ec2:ResourceTag/${TagKey}"
+      "ec2:ResourceTag/${TagKey}",
+      "ec2:Vpc"
     ]
   },
   "network-acl": {
@@ -742,6 +787,7 @@
       "aws:TagKeys",
       "ec2:Attribute",
       "ec2:Attribute/${AttributeName}",
+      "ec2:IpamPrefixListResolverTargetId",
       "ec2:Region",
       "ec2:ResourceTag/${TagKey}"
     ]
@@ -1036,6 +1082,19 @@
       "ec2:transitGatewayId"
     ]
   },
+  "transit-gateway-metering-policy": {
+    "key": "transit-gateway-metering-policy",
+    "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-metering-policy/${TransitGatewayMeteringPolicyId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys",
+      "ec2:Attribute/${AttributeName}",
+      "ec2:Region",
+      "ec2:ResourceTag/${TagKey}",
+      "ec2:transitGatewayMeteringPolicyId"
+    ]
+  },
   "transit-gateway-multicast-domain": {
     "key": "transit-gateway-multicast-domain",
     "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-multicast-domain/${TransitGatewayMulticastDomainId}",
@@ -1200,6 +1259,18 @@
       "ec2:ResourceTag/${TagKey}"
     ]
   },
+  "vpc-encryption-control": {
+    "key": "vpc-encryption-control",
+    "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-encryption-control/${VpcEncryptionControlId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys",
+      "ec2:Attribute/${AttributeName}",
+      "ec2:Region",
+      "ec2:ResourceTag/${TagKey}"
+    ]
+  },
   "vpc-endpoint-connection": {
     "key": "vpc-endpoint-connection",
     "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint-connection/${VpcEndpointConnectionId}",
@@ -1223,6 +1294,8 @@
       "ec2:Region",
       "ec2:ResourceTag/${TagKey}",
       "ec2:VpceMultiRegion",
+      "ec2:VpcePrivateDnsPreference",
+      "ec2:VpcePrivateDnsSpecifiedDomains",
       "ec2:VpceServiceName",
       "ec2:VpceServiceOwner",
       "ec2:VpceServiceRegion"
@@ -1300,6 +1373,17 @@
       "ec2:VpcPeeringConnectionID"
     ]
   },
+  "vpn-concentrator": {
+    "key": "vpn-concentrator",
+    "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpn-concentrator/${VpnConcentratorId}",
+    "conditionKeys": [
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys",
+      "ec2:Region",
+      "ec2:ResourceTag/${TagKey}"
+    ]
+  },
   "vpn-connection-device-type": {
     "key": "vpn-connection-device-type",
     "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpn-connection-device-type/${VpnConnectionDeviceTypeId}",

iamdata/data/resourceTypes/network-firewall.json

@@ -40,5 +40,26 @@
     "conditionKeys": [
       "aws:ResourceTag/${TagKey}"
     ]
+  },
+  "proxyrulegroup": {
+    "key": "ProxyRuleGroup",
+    "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:proxy-rule-group/${Name}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
+  "proxyconfiguration": {
+    "key": "ProxyConfiguration",
+    "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:proxy-configuration/${Name}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
+  },
+  "proxy": {
+    "key": "Proxy",
+    "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:proxy/${Name}",
+    "conditionKeys": [
+      "aws:ResourceTag/${TagKey}"
+    ]
   }
 }

iamdata/data/resourceTypes/sagemaker-mlflow.json

@@ -1,10 +1,6 @@
 {
   "mlflow-tracking-server": {
     "key": "mlflow-tracking-server",
-    "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:mlflow-tracking-server/${MlflowTrackingServerName}",
-    "conditionKeys": [
-      "aws:ResourceTag/${TagKey}",
-      "sagemaker:ResourceTag/${TagKey}"
-    ]
+    "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:mlflow-tracking-server/${MlflowTrackingServerName}"
   }
 }

iamdata/data/resourceTypes/sagemaker.json

@@ -496,19 +496,11 @@
   },
   "mlflow-tracking-server": {
     "key": "mlflow-tracking-server",
-    "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:mlflow-tracking-server/${MlflowTrackingServerName}",
-    "conditionKeys": [
-      "aws:ResourceTag/${TagKey}",
-      "sagemaker:ResourceTag/${TagKey}"
-    ]
+    "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:mlflow-tracking-server/${MlflowTrackingServerName}"
   },
   "mlflow-app": {
     "key": "mlflow-app",
-    "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:mlflow-app/${MLflowAppId}",
-    "conditionKeys": [
-      "aws:ResourceTag/${TagKey}",
-      "sagemaker:ResourceTag/${TagKey}"
-    ]
+    "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:mlflow-app/${MLflowAppId}"
   },
   "compute-quota": {
     "key": "compute-quota",
@@ -528,10 +520,6 @@
   },
   "partner-app": {
     "key": "partner-app",
-    "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:partner-app/${AppId}",
-    "conditionKeys": [
-      "aws:ResourceTag/${TagKey}",
-      "sagemaker:ResourceTag/${TagKey}"
-    ]
+    "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:partner-app/${AppId}"
   }
 }