diff --git a/reference.json b/reference.json index e1f986a..0e4b344 100644 --- a/reference.json +++ b/reference.json @@ -47,6 +47,7 @@ "aws:TagKeys", "aws:TokenIssueTime", "aws:UserAgent", + "aws:ViaAWSService", "aws:userid", "aws:username" ], @@ -141,20 +142,49 @@ } }, "serviceMap": { - "AWS Accounts": { + "AWS Account Management": { + "ARNFormat": "arn:aws:account::${Account}:account", + "ARNRegex": "^arn:aws:account::.+:account", "Actions": [ + "CloseAccount", + "DeleteAlternateContact", "DisableRegion", "EnableRegion", - "ListRegions" + "GetAccountInformation", + "GetAlternateContact", + "GetChallengeQuestions", + "GetContactInformation", + "GetRegionOptStatus", + "ListRegions", + "PutAlternateContact", + "PutChallengeQuestions", + "PutContactInformation" ], - "HasResource": false, + "HasResource": true, "StringPrefix": "account", "conditionKeys": [ + "account:AccountResourceOrgPaths", + "account:AccountResourceOrgTags/${TagKey}", + "account:AlternateContactTypes", "account:TargetRegion" ] }, + "AWS Activate": { + "Actions": [ + "CreateForm", + "GetAccountContact", + "GetContentInfo", + "GetCosts", + "GetCredits", + "GetMemberInfo", + "GetProgram", + "PutMemberInfo" + ], + "HasResource": false, + "StringPrefix": "activate" + }, "AWS Amplify": { - "ARNFormat": "arn:aws:amplify:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "ARNFormat": "arn:aws:amplify:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:amplify:.+:.+:.+", "Actions": [ "CreateApp", @@ -183,6 +213,7 @@ "ListBranches", "ListDomainAssociations", "ListJobs", + "ListTagsForResource", "ListWebHooks", "StartDeployment", "StartJob", @@ -202,36 +233,136 @@ "aws:TagKeys" ] }, + "AWS Amplify Admin": { + "ARNFormat": "arn:aws:amplifybackend:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:amplifybackend:.+:.+:.+", + "Actions": [ + "CloneBackend", + "CreateBackend", + "CreateBackendAPI", + "CreateBackendAuth", + "CreateBackendConfig", + "CreateBackendStorage", + "CreateToken", + "DeleteBackend", + "DeleteBackendAPI", + "DeleteBackendAuth", + "DeleteBackendStorage", + "DeleteToken", + "GenerateBackendAPIModels", + "GetBackend", + "GetBackendAPI", + "GetBackendAPIModels", + "GetBackendAuth", + "GetBackendJob", + "GetBackendStorage", + "GetToken", + "ImportBackendAuth", + "ImportBackendStorage", + "ListBackendJobs", + "ListS3Buckets", + "RemoveAllBackends", + "RemoveBackendConfig", + "UpdateBackendAPI", + "UpdateBackendAuth", + "UpdateBackendConfig", + "UpdateBackendJob", + "UpdateBackendStorage" + ], + "HasResource": true, + "StringPrefix": "amplifybackend" + }, + "AWS Amplify UI Builder": { + "ARNFormat": "arn:aws:amplifyuibuilder:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:amplifyuibuilder:.+:.+:.+", + "Actions": [ + "CreateComponent", + "CreateForm", + "CreateTheme", + "DeleteComponent", + "DeleteForm", + "DeleteTheme", + "ExchangeCodeForToken", + "ExportComponents", + "ExportForms", + "ExportThemes", + "GetCodegenJob", + "GetComponent", + "GetForm", + "GetMetadata", + "GetTheme", + "ListCodegenJobs", + "ListComponents", + "ListForms", + "ListThemes", + "PutMetadataFlag", + "RefreshToken", + "ResetMetadataFlag", + "StartCodegenJob", + "UpdateComponent", + "UpdateForm", + "UpdateTheme" + ], + "HasResource": true, + "StringPrefix": "amplifyuibuilder", + "conditionKeys": [ + "amplifyuibuilder:CodegenJobResourceAppId", + "amplifyuibuilder:CodegenJobResourceEnvironmentName", + "amplifyuibuilder:CodegenJobResourceId", + "amplifyuibuilder:ComponentResourceAppId", + "amplifyuibuilder:ComponentResourceEnvironmentName", + "amplifyuibuilder:ComponentResourceId", + "amplifyuibuilder:FormResourceAppId", + "amplifyuibuilder:FormResourceEnvironmentName", + "amplifyuibuilder:FormResourceId", + "amplifyuibuilder:ThemeResourceAppId", + "amplifyuibuilder:ThemeResourceEnvironmentName", + "amplifyuibuilder:ThemeResourceId", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "AWS App Mesh": { - "ARNFormat": "arn:aws:appmesh:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "ARNFormat": "arn:aws:appmesh:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:appmesh:.+:.+:.+", "Actions": [ + "CreateGatewayRoute", "CreateMesh", "CreateRoute", + "CreateVirtualGateway", "CreateVirtualNode", "CreateVirtualRouter", "CreateVirtualService", + "DeleteGatewayRoute", "DeleteMesh", "DeleteRoute", + "DeleteVirtualGateway", "DeleteVirtualNode", "DeleteVirtualRouter", "DeleteVirtualService", + "DescribeGatewayRoute", "DescribeMesh", "DescribeRoute", + "DescribeVirtualGateway", "DescribeVirtualNode", "DescribeVirtualRouter", "DescribeVirtualService", + "ListGatewayRoutes", "ListMeshes", "ListRoutes", "ListTagsForResource", + "ListVirtualGateways", "ListVirtualNodes", "ListVirtualRouters", "ListVirtualServices", "StreamAggregatedResources", "TagResource", "UntagResource", + "UpdateGatewayRoute", "UpdateMesh", "UpdateRoute", + "UpdateVirtualGateway", "UpdateVirtualNode", "UpdateVirtualRouter", "UpdateVirtualService" @@ -245,32 +376,42 @@ ] }, "AWS App Mesh Preview": { - "ARNFormat": "arn:aws:appmesh-preview:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "ARNFormat": "arn:aws:appmesh-preview:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:appmesh-preview:.+:.+:.+", "Actions": [ + "CreateGatewayRoute", "CreateMesh", "CreateRoute", + "CreateVirtualGateway", "CreateVirtualNode", "CreateVirtualRouter", "CreateVirtualService", + "DeleteGatewayRoute", "DeleteMesh", "DeleteRoute", + "DeleteVirtualGateway", "DeleteVirtualNode", "DeleteVirtualRouter", "DeleteVirtualService", + "DescribeGatewayRoute", "DescribeMesh", "DescribeRoute", + "DescribeVirtualGateway", "DescribeVirtualNode", "DescribeVirtualRouter", "DescribeVirtualService", + "ListGatewayRoutes", "ListMeshes", "ListRoutes", + "ListVirtualGateways", "ListVirtualNodes", "ListVirtualRouters", "ListVirtualServices", "StreamAggregatedResources", + "UpdateGatewayRoute", "UpdateMesh", "UpdateRoute", + "UpdateVirtualGateway", "UpdateVirtualNode", "UpdateVirtualRouter", "UpdateVirtualService" @@ -278,30 +419,118 @@ "HasResource": true, "StringPrefix": "appmesh-preview" }, + "AWS App Runner": { + "ARNFormat": "arn:aws:apprunner:${Region}:${Account}:${ResourceType}/${PathToResource}", + "ARNRegex": "^arn:aws:apprunner:.+", + "Actions": [ + "AssociateCustomDomain", + "AssociateWebAcl", + "CreateAutoScalingConfiguration", + "CreateConnection", + "CreateObservabilityConfiguration", + "CreateService", + "CreateVpcConnector", + "CreateVpcIngressConnection", + "DeleteAutoScalingConfiguration", + "DeleteConnection", + "DeleteObservabilityConfiguration", + "DeleteService", + "DeleteVpcConnector", + "DeleteVpcIngressConnection", + "DescribeAutoScalingConfiguration", + "DescribeCustomDomains", + "DescribeObservabilityConfiguration", + "DescribeOperation", + "DescribeService", + "DescribeVpcConnector", + "DescribeVpcIngressConnection", + "DescribeWebAclForService", + "DisassociateCustomDomain", + "DisassociateWebAcl", + "ListAssociatedServicesForWebAcl", + "ListAutoScalingConfigurations", + "ListConnections", + "ListObservabilityConfigurations", + "ListOperations", + "ListServices", + "ListServicesForAutoScalingConfiguration", + "ListTagsForResource", + "ListVpcConnectors", + "ListVpcIngressConnections", + "PauseService", + "ResumeService", + "StartDeployment", + "TagResource", + "UntagResource", + "UpdateDefaultAutoScalingConfiguration", + "UpdateService", + "UpdateVpcIngressConnection" + ], + "HasResource": true, + "StringPrefix": "apprunner", + "conditionKeys": [ + "apprunner:AutoScalingConfigurationArn", + "apprunner:ConnectionArn", + "apprunner:ObservabilityConfigurationArn", + "apprunner:ServiceArn", + "apprunner:VpcConnectorArn", + "apprunner:VpcEndpointId", + "apprunner:VpcId", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS App2Container": { + "ARNFormat": "arn:${Partition}:a2c:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:${Partition}:a2c:.+:.+:.+", + "Actions": [ + "GetContainerizationJobDetails", + "GetDeploymentJobDetails", + "StartContainerizationJob", + "StartDeploymentJob" + ], + "HasResource": false, + "StringPrefix": "a2c" + }, "AWS AppConfig": { - "ARNFormat": "arn:aws:appconfig:\u003cregion\u003e:\u003caccount-id\u003e:\u003crelative-id\u003e", + "ARNFormat": "arn:aws:appconfig:${Region}:${Account}:${RelativeId}", "ARNRegex": "^arn:aws:appconfig:.+", "Actions": [ "CreateApplication", "CreateConfigurationProfile", "CreateDeploymentStrategy", "CreateEnvironment", + "CreateExtension", + "CreateExtensionAssociation", + "CreateHostedConfigurationVersion", "DeleteApplication", "DeleteConfigurationProfile", "DeleteDeploymentStrategy", "DeleteEnvironment", + "DeleteExtension", + "DeleteExtensionAssociation", + "DeleteHostedConfigurationVersion", "GetApplication", "GetConfiguration", "GetConfigurationProfile", "GetDeployment", "GetDeploymentStrategy", "GetEnvironment", + "GetExtension", + "GetExtensionAssociation", + "GetHostedConfigurationVersion", + "GetLatestConfiguration", "ListApplications", "ListConfigurationProfiles", "ListDeploymentStrategies", "ListDeployments", "ListEnvironments", + "ListExtensionAssociations", + "ListExtensions", + "ListHostedConfigurationVersions", "ListTagsForResource", + "StartConfigurationSession", "StartDeployment", "StopDeployment", "TagResource", @@ -310,6 +539,8 @@ "UpdateConfigurationProfile", "UpdateDeploymentStrategy", "UpdateEnvironment", + "UpdateExtension", + "UpdateExtensionAssociation", "ValidateConfiguration" ], "HasResource": true, @@ -320,68 +551,432 @@ "aws:TagKeys" ] }, + "AWS AppFabric": { + "ARNFormat": "arn:aws:appfabric:${Region}:${Account}:${ResourceInfo}", + "ARNRegex": "^arn:aws:appfabric:.+:.+:.+", + "Actions": [ + "BatchGetUserAccessTasks", + "ConnectAppAuthorization", + "CreateAppAuthorization", + "CreateAppBundle", + "CreateIngestion", + "CreateIngestionDestination", + "DeleteAppAuthorization", + "DeleteAppBundle", + "DeleteIngestion", + "DeleteIngestionDestination", + "GetAppAuthorization", + "GetAppBundle", + "GetIngestion", + "GetIngestionDestination", + "ListAppAuthorizations", + "ListAppBundles", + "ListIngestionDestinations", + "ListIngestions", + "ListTagsForResource", + "StartIngestion", + "StartUserAccessTasks", + "StopIngestion", + "TagResource", + "UntagResource", + "UpdateAppAuthorization", + "UpdateIngestionDestination" + ], + "HasResource": true, + "StringPrefix": "appfabric", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "AWS AppSync": { - "ARNFormat": "arn:aws:appsync:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourcePath\u003e", + "ARNFormat": "arn:aws:appsync:${Region}:${Account}:${ResourceType}/${ResourcePath}", "ARNRegex": "^arn:aws:appsync:.+", "Actions": [ + "AssociateApi", + "AssociateMergedGraphqlApi", + "AssociateSourceGraphqlApi", + "CreateApiCache", "CreateApiKey", "CreateDataSource", + "CreateDomainName", "CreateFunction", "CreateGraphqlApi", "CreateResolver", "CreateType", + "DeleteApiCache", "DeleteApiKey", "DeleteDataSource", + "DeleteDomainName", "DeleteFunction", "DeleteGraphqlApi", "DeleteResolver", + "DeleteResourcePolicy", "DeleteType", + "DisassociateApi", + "DisassociateMergedGraphqlApi", + "DisassociateSourceGraphqlApi", + "EvaluateCode", + "EvaluateMappingTemplate", + "FlushApiCache", + "GetApiAssociation", + "GetApiCache", "GetDataSource", + "GetDomainName", "GetFunction", "GetGraphqlApi", "GetIntrospectionSchema", "GetResolver", + "GetResourcePolicy", "GetSchemaCreationStatus", + "GetSourceApiAssociation", "GetType", "GraphQL", "ListApiKeys", "ListDataSources", + "ListDomainNames", "ListFunctions", "ListGraphqlApis", "ListResolvers", "ListResolversByFunction", + "ListSourceApiAssociations", "ListTagsForResource", "ListTypes", + "ListTypesByAssociation", + "PutResourcePolicy", + "SetWebACL", + "SourceGraphQL", "StartSchemaCreation", + "StartSchemaMerge", "TagResource", "UntagResource", + "UpdateApiCache", "UpdateApiKey", "UpdateDataSource", + "UpdateDomainName", "UpdateFunction", "UpdateGraphqlApi", "UpdateResolver", + "UpdateSourceApiAssociation", "UpdateType" ], "HasResource": true, "StringPrefix": "appsync", "conditionKeys": [ + "appsync:Visibility", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Application Auto Scaling": { + "ARNFormat": "arn:aws:application-autoscaling:${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:aws:application-autoscaling:.+:.+:.+", + "Actions": [ + "DeleteScalingPolicy", + "DeleteScheduledAction", + "DeregisterScalableTarget", + "DescribeScalableTargets", + "DescribeScalingActivities", + "DescribeScalingPolicies", + "DescribeScheduledActions", + "ListTagsForResource", + "PutScalingPolicy", + "PutScheduledAction", + "RegisterScalableTarget", + "TagResource", + "UntagResource" + ], + "HasResource": true, + "StringPrefix": "application-autoscaling", + "conditionKeys": [ + "application-autoscaling:scalable-dimension", + "application-autoscaling:service-namespace", "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys" ] }, + "AWS Application Cost Profiler Service": { + "Actions": [ + "DeleteReportDefinition", + "GetReportDefinition", + "ImportApplicationUsage", + "ListReportDefinitions", + "PutReportDefinition", + "UpdateReportDefinition" + ], + "HasResource": false, + "StringPrefix": "application-cost-profiler" + }, + "AWS Application Discovery Service": { + "Actions": [ + "AssociateConfigurationItemsToApplication", + "BatchDeleteAgents", + "BatchDeleteImportData", + "CreateApplication", + "CreateTags", + "DeleteApplications", + "DeleteTags", + "DescribeAgents", + "DescribeBatchDeleteConfigurationTask", + "DescribeConfigurations", + "DescribeContinuousExports", + "DescribeExportConfigurations", + "DescribeExportTasks", + "DescribeImportTasks", + "DescribeTags", + "DisassociateConfigurationItemsFromApplication", + "ExportConfigurations", + "GetDiscoverySummary", + "GetNetworkConnectionGraph", + "ListConfigurations", + "ListServerNeighbors", + "StartBatchDeleteConfigurationTask", + "StartContinuousExport", + "StartDataCollectionByAgentIds", + "StartExportTask", + "StartImportTask", + "StopContinuousExport", + "StopDataCollectionByAgentIds", + "UpdateApplication" + ], + "HasResource": false, + "StringPrefix": "discovery", + "conditionKeys": [ + "aws:TagKeys" + ] + }, + "AWS Application Migration Service": { + "ARNFormat": "arn:aws:mgn:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:mgn:.+", + "Actions": [ + "ArchiveApplication", + "ArchiveWave", + "AssociateApplications", + "AssociateSourceServers", + "BatchCreateVolumeSnapshotGroupForMgn", + "BatchDeleteSnapshotRequestForMgn", + "ChangeServerLifeCycleState", + "CreateApplication", + "CreateConnector", + "CreateLaunchConfigurationTemplate", + "CreateReplicationConfigurationTemplate", + "CreateVcenterClientForMgn", + "CreateWave", + "DeleteApplication", + "DeleteConnector", + "DeleteJob", + "DeleteLaunchConfigurationTemplate", + "DeleteReplicationConfigurationTemplate", + "DeleteSourceServer", + "DeleteVcenterClient", + "DeleteWave", + "DescribeJobLogItems", + "DescribeJobs", + "DescribeLaunchConfigurationTemplates", + "DescribeReplicationConfigurationTemplates", + "DescribeReplicationServerAssociationsForMgn", + "DescribeSnapshotRequestsForMgn", + "DescribeSourceServers", + "DescribeVcenterClients", + "DisassociateApplications", + "DisassociateSourceServers", + "DisconnectFromService", + "FinalizeCutover", + "GetAgentCommandForMgn", + "GetAgentConfirmedResumeInfoForMgn", + "GetAgentInstallationAssetsForMgn", + "GetAgentReplicationInfoForMgn", + "GetAgentRuntimeConfigurationForMgn", + "GetAgentSnapshotCreditsForMgn", + "GetChannelCommandsForMgn", + "GetLaunchConfiguration", + "GetReplicationConfiguration", + "GetVcenterClientCommandsForMgn", + "InitializeService", + "IssueClientCertificateForMgn", + "ListApplications", + "ListConnectors", + "ListExportErrors", + "ListExports", + "ListImportErrors", + "ListImports", + "ListManagedAccounts", + "ListSourceServerActions", + "ListTagsForResource", + "ListTemplateActions", + "ListWaves", + "MarkAsArchived", + "NotifyAgentAuthenticationForMgn", + "NotifyAgentConnectedForMgn", + "NotifyAgentDisconnectedForMgn", + "NotifyAgentReplicationProgressForMgn", + "NotifyVcenterClientStartedForMgn", + "PauseReplication", + "PutSourceServerAction", + "PutTemplateAction", + "RegisterAgentForMgn", + "RemoveSourceServerAction", + "RemoveTemplateAction", + "ResumeReplication", + "RetryDataReplication", + "SendAgentLogsForMgn", + "SendAgentMetricsForMgn", + "SendChannelCommandResultForMgn", + "SendClientLogsForMgn", + "SendClientMetricsForMgn", + "SendVcenterClientCommandResultForMgn", + "SendVcenterClientLogsForMgn", + "SendVcenterClientMetricsForMgn", + "StartCutover", + "StartExport", + "StartImport", + "StartReplication", + "StartTest", + "StopReplication", + "TagResource", + "TerminateTargetInstances", + "UnarchiveApplication", + "UnarchiveWave", + "UntagResource", + "UpdateAgentBacklogForMgn", + "UpdateAgentConversionInfoForMgn", + "UpdateAgentReplicationInfoForMgn", + "UpdateAgentReplicationProcessStateForMgn", + "UpdateAgentSourcePropertiesForMgn", + "UpdateApplication", + "UpdateConnector", + "UpdateLaunchConfiguration", + "UpdateLaunchConfigurationTemplate", + "UpdateReplicationConfiguration", + "UpdateReplicationConfigurationTemplate", + "UpdateSourceServer", + "UpdateSourceServerReplicationType", + "UpdateWave", + "VerifyClientRoleForMgn" + ], + "HasResource": true, + "StringPrefix": "mgn", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "mgn:CreateAction" + ] + }, + "AWS Application Transformation Service": { + "ARNFormat": "arn:${Partition}:application-transformation:${Region}:${Account}:${ResourceType}", + "ARNRegex": "^arn:${Partition}:application-transformation:.+:.+:.+", + "Actions": [ + "GetGroupingAssessment", + "GetPortingCompatibilityAssessment", + "GetPortingRecommendationAssessment", + "GetRuntimeAssessment", + "PutLogData", + "PutMetricData", + "StartGroupingAssessment", + "StartPortingCompatibilityAssessment", + "StartPortingRecommendationAssessment", + "StartRuntimeAssessment" + ], + "HasResource": false, + "StringPrefix": "application-transformation" + }, "AWS Artifact": { - "ARNFormat": "arn:aws:artifact::\u003cresource\u003e", + "ARNFormat": "arn:aws:artifact:::${Resource}", "ARNRegex": "^arn:aws:artifact::.+", "Actions": [ "AcceptAgreement", "DownloadAgreement", "Get", + "GetAccountSettings", + "GetReport", + "GetReportMetadata", + "GetTermForReport", + "ListReports", + "PutAccountSettings", "TerminateAgreement" ], "HasResource": true, "StringPrefix": "artifact" }, + "AWS Audit Manager": { + "ARNFormat": "arn:aws:auditmanager:::${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:auditmanager::.+", + "Actions": [ + "AssociateAssessmentReportEvidenceFolder", + "BatchAssociateAssessmentReportEvidence", + "BatchCreateDelegationByAssessment", + "BatchDeleteDelegationByAssessment", + "BatchDisassociateAssessmentReportEvidence", + "BatchImportEvidenceToAssessmentControl", + "CreateAssessment", + "CreateAssessmentFramework", + "CreateAssessmentReport", + "CreateControl", + "DeleteAssessment", + "DeleteAssessmentFramework", + "DeleteAssessmentFrameworkShare", + "DeleteAssessmentReport", + "DeleteControl", + "DeregisterAccount", + "DeregisterOrganizationAdminAccount", + "DisassociateAssessmentReportEvidenceFolder", + "GetAccountStatus", + "GetAssessment", + "GetAssessmentFramework", + "GetAssessmentReportUrl", + "GetChangeLogs", + "GetControl", + "GetDelegations", + "GetEvidence", + "GetEvidenceByEvidenceFolder", + "GetEvidenceFileUploadUrl", + "GetEvidenceFolder", + "GetEvidenceFoldersByAssessment", + "GetEvidenceFoldersByAssessmentControl", + "GetInsights", + "GetInsightsByAssessment", + "GetOrganizationAdminAccount", + "GetServicesInScope", + "GetSettings", + "ListAssessmentControlInsightsByControlDomain", + "ListAssessmentFrameworkShareRequests", + "ListAssessmentFrameworks", + "ListAssessmentReports", + "ListAssessments", + "ListControlDomainInsights", + "ListControlDomainInsightsByAssessment", + "ListControlInsightsByControlDomain", + "ListControls", + "ListKeywordsForDataSource", + "ListNotifications", + "ListTagsForResource", + "RegisterAccount", + "RegisterOrganizationAdminAccount", + "StartAssessmentFrameworkShare", + "TagResource", + "UntagResource", + "UpdateAssessment", + "UpdateAssessmentControl", + "UpdateAssessmentControlSetStatus", + "UpdateAssessmentFramework", + "UpdateAssessmentFrameworkShare", + "UpdateAssessmentStatus", + "UpdateControl", + "UpdateSettings", + "ValidateAssessmentReportIntegrity" + ], + "HasResource": true, + "StringPrefix": "auditmanager", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "AWS Auto Scaling": { "Actions": [ "CreateScalingPlan", @@ -395,25 +990,42 @@ "StringPrefix": "autoscaling-plans" }, "AWS Backup": { - "ARNFormat": "arn:\u003cpartition\u003e:backup:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e:\u003cresource_name\u003e", - "ARNRegex": "^arn:${Partition}:backup:.+:.+:.+", + "ARNFormat": "arn:aws:backup:${Region}:${Account}:${ResourceType}:${ResourceName}", + "ARNRegex": "^arn:aws:backup:.+:.+:.+", "Actions": [ + "CancelLegalHold", + "CopyFromBackupVault", "CopyIntoBackupVault", "CreateBackupPlan", "CreateBackupSelection", "CreateBackupVault", + "CreateFramework", + "CreateLegalHold", + "CreateLogicallyAirGappedBackupVault", + "CreateReportPlan", "DeleteBackupPlan", "DeleteBackupSelection", "DeleteBackupVault", "DeleteBackupVaultAccessPolicy", + "DeleteBackupVaultLockConfiguration", "DeleteBackupVaultNotifications", + "DeleteBackupVaultSharingPolicy", + "DeleteFramework", "DeleteRecoveryPoint", + "DeleteReportPlan", "DescribeBackupJob", "DescribeBackupVault", "DescribeCopyJob", + "DescribeFramework", + "DescribeGlobalSettings", "DescribeProtectedResource", "DescribeRecoveryPoint", + "DescribeRegionSettings", + "DescribeReportJob", + "DescribeReportPlan", "DescribeRestoreJob", + "DisassociateRecoveryPoint", + "DisassociateRecoveryPointFromParent", "ExportBackupPlanTemplate", "GetBackupPlan", "GetBackupPlanFromJSON", @@ -421,81 +1033,247 @@ "GetBackupSelection", "GetBackupVaultAccessPolicy", "GetBackupVaultNotifications", + "GetBackupVaultSharingPolicy", + "GetLegalHold", "GetRecoveryPointRestoreMetadata", "GetSupportedResourceTypes", + "ListBackupJobSummaries", "ListBackupJobs", "ListBackupPlanTemplates", "ListBackupPlanVersions", "ListBackupPlans", "ListBackupSelections", "ListBackupVaults", + "ListCopyJobSummaries", "ListCopyJobs", + "ListFrameworks", + "ListLegalHolds", "ListProtectedResources", + "ListProtectedResourcesByBackupVault", "ListRecoveryPointsByBackupVault", + "ListRecoveryPointsByLegalHold", "ListRecoveryPointsByResource", + "ListReportJobs", + "ListReportPlans", + "ListRestoreJobSummaries", "ListRestoreJobs", "ListTags", "PutBackupVaultAccessPolicy", + "PutBackupVaultLockConfiguration", "PutBackupVaultNotifications", + "PutBackupVaultSharingPolicy", "StartBackupJob", "StartCopyJob", + "StartReportJob", "StartRestoreJob", "StopBackupJob", "TagResource", "UntagResource", "UpdateBackupPlan", - "UpdateRecoveryPointLifecycle" + "UpdateFramework", + "UpdateGlobalSettings", + "UpdateRecoveryPointLifecycle", + "UpdateRegionSettings", + "UpdateReportPlan" ], "HasResource": true, "StringPrefix": "backup", "conditionKeys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "backup:ChangeableForDays", + "backup:CopyTargetOrgPaths", + "backup:CopyTargets", + "backup:FrameworkArns", + "backup:MaxRetentionDays", + "backup:MinRetentionDays" + ] + }, + "AWS Backup Gateway": { + "ARNFormat": "arn:aws:backup-gateway:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:*:backup-gateway:.+:.+:.+", + "Actions": [ + "AssociateGatewayToServer", + "Backup", + "CreateGateway", + "DeleteGateway", + "DeleteHypervisor", + "DisassociateGatewayFromServer", + "GetBandwidthRateLimitSchedule", + "GetGateway", + "GetHypervisor", + "GetHypervisorPropertyMappings", + "GetVirtualMachine", + "ImportHypervisorConfiguration", + "ListGateways", + "ListHypervisors", + "ListTagsForResource", + "ListVirtualMachines", + "PutBandwidthRateLimitSchedule", + "PutHypervisorPropertyMappings", + "PutMaintenanceStartTime", + "Restore", + "StartVirtualMachinesMetadataSync", + "TagResource", + "TestHypervisorConfiguration", + "UntagResource", + "UpdateGatewayInformation", + "UpdateGatewaySoftwareNow", + "UpdateHypervisor" + ], + "HasResource": true, + "StringPrefix": "backup-gateway", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ] }, "AWS Backup storage": { - "ARNFormat": "arn:aws:backup-storage:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e:\u003cresource_name\u003e", + "ARNFormat": "arn:${Partition}:backup-storage:${Region}:${Account}:${ResourceType}:${ResourceName}", "ARNRegex": "^^arn:aws:backup-storage:.+:.+:.+", "Actions": [ - "MountCapsule" + "CommitBackupJob", + "DeleteObjects", + "DescribeBackupJob", + "GetBaseBackup", + "GetChunk", + "GetIncrementalBaseBackup", + "GetObjectMetadata", + "ListChunks", + "ListObjects", + "MountCapsule", + "NotifyObjectComplete", + "PutChunk", + "PutObject", + "StartObject", + "UpdateObjectComplete" ], "HasResource": false, "StringPrefix": "backup-storage" }, "AWS Batch": { - "ARNFormat": "arn:aws:batch:\u003cregion\u003e:\u003caccount_ID\u003e:\u003cresource_type\u003e/\u003crelative_ID\u003e", + "ARNFormat": "arn:aws:batch:${Region}:${Account}:${ResourceType}/${ResourcePath}", "ARNRegex": "^arn:aws:batch:.+", "Actions": [ "CancelJob", "CreateComputeEnvironment", "CreateJobQueue", + "CreateSchedulingPolicy", "DeleteComputeEnvironment", "DeleteJobQueue", + "DeleteSchedulingPolicy", "DeregisterJobDefinition", "DescribeComputeEnvironments", "DescribeJobDefinitions", "DescribeJobQueues", "DescribeJobs", + "DescribeSchedulingPolicies", "ListJobs", + "ListSchedulingPolicies", + "ListTagsForResource", "RegisterJobDefinition", "SubmitJob", + "TagResource", "TerminateJob", + "UntagResource", "UpdateComputeEnvironment", - "UpdateJobQueue" + "UpdateJobQueue", + "UpdateSchedulingPolicy" ], "HasResource": true, "StringPrefix": "batch", "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "batch:AWSLogsCreateGroup", + "batch:AWSLogsGroup", + "batch:AWSLogsRegion", + "batch:AWSLogsStreamPrefix", + "batch:EKSImage", + "batch:EKSPrivileged", + "batch:EKSRunAsGroup", + "batch:EKSRunAsUser", + "batch:EKSServiceAccountName", "batch:Image", + "batch:LogDriver", "batch:Privileged", + "batch:ShareIdentifier", "batch:User" ] }, "AWS Billing": { "Actions": [ + "GetBillingData", + "GetBillingDetails", + "GetBillingNotifications", + "GetBillingPreferences", + "GetContractInformation", + "GetCredits", + "GetIAMAccessPreference", + "GetSellerOfRecord", + "ListBillingViews", + "PutContractInformation", + "RedeemCredits", + "UpdateBillingPreferences", + "UpdateIAMAccessPreference" + ], + "HasResource": false, + "StringPrefix": "billing" + }, + "AWS Billing Conductor": { + "ARNFormat": "arn:aws:billingconductor::${Account}:${ResourceType}", + "ARNRegex": "^arn:aws:billingconductor:.+", + "Actions": [ + "AssociateAccounts", + "AssociatePricingRules", + "BatchAssociateResourcesToCustomLineItem", + "BatchDisassociateResourcesFromCustomLineItem", + "CreateBillingGroup", + "CreateCustomLineItem", + "CreatePricingPlan", + "CreatePricingRule", + "DeleteBillingGroup", + "DeleteCustomLineItem", + "DeletePricingPlan", + "DeletePricingRule", + "DisassociateAccounts", + "DisassociatePricingRules", + "ListAccountAssociations", + "ListBillingGroupCostReports", + "ListBillingGroups", + "ListCustomLineItemVersions", + "ListCustomLineItems", + "ListPricingPlans", + "ListPricingPlansAssociatedWithPricingRule", + "ListPricingRules", + "ListPricingRulesAssociatedToPricingPlan", + "ListResourcesAssociatedToCustomLineItem", + "ListTagsForResource", + "TagResource", + "UntagResource", + "UpdateBillingGroup", + "UpdateCustomLineItem", + "UpdatePricingPlan", + "UpdatePricingRule" + ], + "HasResource": true, + "StringPrefix": "billingconductor", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Billing Console": { + "Actions": [ + "GetConsoleActionSetEnforced", "ModifyAccount", "ModifyBilling", "ModifyPaymentMethods", + "UpdateConsoleActionSetEnforced", "ViewAccount", "ViewBilling", "ViewPaymentMethods", @@ -505,27 +1283,67 @@ "StringPrefix": "aws-portal" }, "AWS Budget Service": { - "ARNFormat": "arn:aws:budgets::\u003caccount_ID\u003e:budget/\u003cbudgetname\u003e", + "ARNFormat": "arn:aws:budgets::${Account}:budget/${BudgetName}", "ARNRegex": "^arn:aws:budgets::.+:.+", "Actions": [ + "CreateBudgetAction", + "DeleteBudgetAction", + "DescribeBudgetAction", + "DescribeBudgetActionHistories", + "DescribeBudgetActionsForAccount", + "DescribeBudgetActionsForBudget", + "ExecuteBudgetAction", "ModifyBudget", + "UpdateBudgetAction", "ViewBudget" ], "HasResource": true, "StringPrefix": "budgets" }, + "AWS BugBust": { + "ARNFormat": "arn:aws:bugbust:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:bugbust:.+:.+:.+", + "Actions": [ + "CreateEvent", + "EvaluateProfilingGroups", + "GetEvent", + "GetJoinEventStatus", + "JoinEvent", + "ListBugs", + "ListEventParticipants", + "ListEventScores", + "ListEvents", + "ListProfilingGroups", + "ListPullRequests", + "ListTagsForResource", + "TagResource", + "UntagResource", + "UpdateEvent", + "UpdateWorkItem", + "UpdateWorkItemAdmin" + ], + "HasResource": true, + "StringPrefix": "bugbust", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "AWS Certificate Manager": { - "ARNFormat": "arn:aws:acm:\u003cregion\u003e:\u003caccount_ID\u003e:\u003carn_type\u003e/\u003cresource_id\u003e", + "ARNFormat": "arn:aws:acm:${Region}:${Account}:${ArnType}/${ResourceId}", "ARNRegex": "^arn:aws:acm:.+:[0-9]+:.+", "Actions": [ "AddTagsToCertificate", "DeleteCertificate", "DescribeCertificate", "ExportCertificate", + "GetAccountConfiguration", "GetCertificate", "ImportCertificate", "ListCertificates", "ListTagsForCertificate", + "PutAccountConfiguration", "RemoveTagsFromCertificate", "RenewCertificate", "RequestCertificate", @@ -535,67 +1353,128 @@ "HasResource": true, "StringPrefix": "acm", "conditionKeys": [ + "acm:CertificateAuthority", + "acm:CertificateTransparencyLogging", + "acm:DomainNames", + "acm:KeyAlgorithm", + "acm:ValidationMethod", "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys" ] }, - "AWS Certificate Manager Private Certificate Authority": { - "ARNFormat": "arn:aws:acm-pca:\u003cregion\u003e:\u003caccount_ID\u003e:\u003carn_type\u003e/\u003cresource_id\u003e", - "ARNRegex": "^arn:aws:acm-pca:.+:[0-9]+:.+", - "Actions": [ - "CreateCertificateAuthority", - "CreateCertificateAuthorityAuditReport", - "CreatePermission", - "DeleteCertificateAuthority", - "DeletePermission", - "DescribeCertificateAuthority", - "DescribeCertificateAuthorityAuditReport", - "GetCertificate", - "GetCertificateAuthorityCertificate", - "GetCertificateAuthorityCsr", - "ImportCertificateAuthorityCertificate", - "IssueCertificate", - "ListCertificateAuthorities", - "ListPermissions", - "ListTags", - "RestoreCertificateAuthority", - "RevokeCertificate", - "TagCertificateAuthority", - "UntagCertificateAuthority", - "UpdateCertificateAuthority" - ], - "HasResource": true, - "StringPrefix": "acm-pca", - "conditionKeys": [ - "acm-pca:TemplateArn", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ] - }, - "AWS Chatbot": { - "ARNFormat": "arn:${Partition}:chatbot::\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceName\u003e", - "ARNRegex": "^arn:${Partition}:chatbot:.+", + "AWS Chatbot": { + "ARNFormat": "arn:aws:chatbot::${Account}:chat-configuration/${ConfigurationType}/${ChatbotConfigurationName}", + "ARNRegex": "^arn:aws:chatbot:.+", "Actions": [ "CreateChimeWebhookConfiguration", + "CreateMicrosoftTeamsChannelConfiguration", "CreateSlackChannelConfiguration", "DeleteChimeWebhookConfiguration", + "DeleteMicrosoftTeamsChannelConfiguration", + "DeleteMicrosoftTeamsConfiguredTeam", + "DeleteMicrosoftTeamsUserIdentity", "DeleteSlackChannelConfiguration", + "DeleteSlackUserIdentity", + "DeleteSlackWorkspaceAuthorization", "DescribeChimeWebhookConfigurations", "DescribeSlackChannelConfigurations", "DescribeSlackChannels", + "DescribeSlackUserIdentities", "DescribeSlackWorkspaces", + "GetAccountPreferences", + "GetMicrosoftTeamsChannelConfiguration", + "GetMicrosoftTeamsOauthParameters", "GetSlackOauthParameters", + "ListMicrosoftTeamsChannelConfigurations", + "ListMicrosoftTeamsConfiguredTeams", + "ListMicrosoftTeamsUserIdentities", + "RedeemMicrosoftTeamsOauthCode", "RedeemSlackOauthCode", + "UpdateAccountPreferences", "UpdateChimeWebhookConfiguration", + "UpdateMicrosoftTeamsChannelConfiguration", "UpdateSlackChannelConfiguration" ], "HasResource": true, "StringPrefix": "chatbot" }, + "AWS Clean Rooms": { + "ARNFormat": "arn:aws:cleanrooms:${Region}:${Account}:${ResourceType}/${PathToResource}", + "ARNRegex": "^arn:aws:cleanrooms:.+", + "Actions": [ + "BatchGetCollaborationAnalysisTemplate", + "BatchGetSchema", + "CreateAnalysisTemplate", + "CreateCollaboration", + "CreateConfiguredTable", + "CreateConfiguredTableAnalysisRule", + "CreateConfiguredTableAssociation", + "CreateMembership", + "DeleteAnalysisTemplate", + "DeleteCollaboration", + "DeleteConfiguredTable", + "DeleteConfiguredTableAnalysisRule", + "DeleteConfiguredTableAssociation", + "DeleteMember", + "DeleteMembership", + "GetAnalysisTemplate", + "GetCollaboration", + "GetCollaborationAnalysisTemplate", + "GetConfiguredTable", + "GetConfiguredTableAnalysisRule", + "GetConfiguredTableAssociation", + "GetMembership", + "GetProtectedQuery", + "GetSchema", + "GetSchemaAnalysisRule", + "ListAnalysisTemplates", + "ListCollaborationAnalysisTemplates", + "ListCollaborations", + "ListConfiguredTableAssociations", + "ListConfiguredTables", + "ListMembers", + "ListMemberships", + "ListProtectedQueries", + "ListSchemas", + "ListTagsForResource", + "StartProtectedQuery", + "TagResource", + "UntagResource", + "UpdateAnalysisTemplate", + "UpdateCollaboration", + "UpdateConfiguredTable", + "UpdateConfiguredTableAnalysisRule", + "UpdateConfiguredTableAssociation", + "UpdateMembership", + "UpdateProtectedQuery" + ], + "HasResource": true, + "StringPrefix": "cleanrooms", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Cloud Control API": { + "ARNFormat": "arn:aws:cloudformation:${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:aws:cloudformation:.+:[0-9]+:.+", + "Actions": [ + "CancelResourceRequest", + "CreateResource", + "DeleteResource", + "GetResource", + "GetResourceRequestStatus", + "ListResourceRequests", + "ListResources", + "UpdateResource" + ], + "HasResource": false, + "StringPrefix": "cloudformation" + }, "AWS Cloud Map": { - "ARNFormat": "arn:aws:servicediscovery:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "ARNFormat": "arn:aws:servicediscovery:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:servicediscovery:.+", "Actions": [ "CreateHttpNamespace", @@ -606,6 +1485,7 @@ "DeleteService", "DeregisterInstance", "DiscoverInstances", + "DiscoverInstancesRevision", "GetInstance", "GetInstancesHealthStatus", "GetNamespace", @@ -615,13 +1495,22 @@ "ListNamespaces", "ListOperations", "ListServices", + "ListTagsForResource", "RegisterInstance", + "TagResource", + "UntagResource", + "UpdateHttpNamespace", "UpdateInstanceCustomHealthStatus", + "UpdatePrivateDnsNamespace", + "UpdatePublicDnsNamespace", "UpdateService" ], "HasResource": true, "StringPrefix": "servicediscovery", "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", "servicediscovery:NamespaceArn", "servicediscovery:NamespaceName", "servicediscovery:ServiceArn", @@ -629,24 +1518,39 @@ ] }, "AWS Cloud9": { - "ARNFormat": "arn:aws:cloud9:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource_type\u003e:\u003cresource_id\u003e", + "ARNFormat": "arn:aws:cloud9:${Region}:${Account}:${ResourceType}:${ResourceId}", "ARNRegex": "^arn:aws:cloud9:.+:[0-9]+:.+:.+", "Actions": [ + "ActivateEC2Remote", "CreateEnvironmentEC2", "CreateEnvironmentMembership", + "CreateEnvironmentSSH", + "CreateEnvironmentToken", "DeleteEnvironment", "DeleteEnvironmentMembership", + "DescribeEC2Remote", "DescribeEnvironmentMemberships", "DescribeEnvironmentStatus", "DescribeEnvironments", + "DescribeSSHRemote", + "GetEnvironmentConfig", + "GetEnvironmentSettings", + "GetMembershipSettings", + "GetMigrationExperiences", + "GetUserPublicKey", "GetUserSettings", "ListEnvironments", "ListTagsForResource", + "ModifyTemporaryCredentialsOnEnvironmentEC2", "TagResource", "UntagResource", "UpdateEnvironment", "UpdateEnvironmentMembership", - "UpdateUserSettings" + "UpdateEnvironmentSettings", + "UpdateMembershipSettings", + "UpdateSSHRemote", + "UpdateUserSettings", + "ValidateEnvironmentName" ], "HasResource": true, "StringPrefix": "cloud9", @@ -657,15 +1561,19 @@ "cloud9:EnvironmentId", "cloud9:EnvironmentName", "cloud9:InstanceType", + "cloud9:OwnerArn", "cloud9:Permissions", "cloud9:SubnetId", "cloud9:UserArn" ] }, "AWS CloudFormation": { - "ARNFormat": "arn:aws:cloudformation:\u003cregion\u003e:\u003caccount\u003e:\u003crelative-id\u003e", + "ARNFormat": "arn:aws:cloudformation:${Region}:${Account}:${ResourceType}/${Id}", "ARNRegex": "^arn:aws:cloudformation:.+:[0-9]+:.+", "Actions": [ + "ActivateOrganizationsAccess", + "ActivateType", + "BatchDescribeTypeConfigurations", "CancelUpdateStack", "ContinueUpdateRollback", "CreateChangeSet", @@ -673,12 +1581,18 @@ "CreateStackInstances", "CreateStackSet", "CreateUploadBucket", + "DeactivateOrganizationsAccess", + "DeactivateType", "DeleteChangeSet", "DeleteStack", "DeleteStackInstances", "DeleteStackSet", + "DeregisterType", "DescribeAccountLimits", "DescribeChangeSet", + "DescribeChangeSetHooks", + "DescribeOrganizationsAccess", + "DescribePublisher", "DescribeStackDriftDetectionStatus", "DescribeStackEvents", "DescribeStackInstance", @@ -688,6 +1602,8 @@ "DescribeStackSet", "DescribeStackSetOperation", "DescribeStacks", + "DescribeType", + "DescribeTypeRegistration", "DetectStackDrift", "DetectStackResourceDrift", "DetectStackSetDrift", @@ -696,19 +1612,32 @@ "GetStackPolicy", "GetTemplate", "GetTemplateSummary", + "ImportStacksToStackSet", "ListChangeSets", "ListExports", "ListImports", + "ListStackInstanceResourceDrifts", "ListStackInstances", "ListStackResources", "ListStackSetOperationResults", "ListStackSetOperations", "ListStackSets", "ListStacks", + "ListTypeRegistrations", + "ListTypeVersions", + "ListTypes", + "PublishType", + "RecordHandlerProgress", + "RegisterPublisher", + "RegisterType", + "RollbackStack", "SetStackPolicy", + "SetTypeConfiguration", + "SetTypeDefaultVersion", "SignalResource", "StopStackSetOperation", "TagResource", + "TestType", "UntagResource", "UpdateStack", "UpdateStackInstances", @@ -727,12 +1656,13 @@ "cloudformation:ResourceTypes", "cloudformation:RoleArn", "cloudformation:StackPolicyUrl", + "cloudformation:TargetRegion", "cloudformation:TemplateUrl" ] }, "AWS CloudHSM": { - "ARNFormat": "arn:\u003cpartition\u003e:cloudhsm:\u003cregion\u003e:\u003caccountID\u003e:\u003crelative-id\u003e", - "ARNRegex": "^arn:\u003cpartition\u003e:cloudhsm:.+", + "ARNFormat": "arn:aws:cloudhsm:${Region}:${Account}:${ResourceName}", + "ARNRegex": "^arn:aws:cloudhsm:.+", "Actions": [ "AddTagsToResource", "CopyBackupToRegion", @@ -758,6 +1688,8 @@ "ListLunaClients", "ListTags", "ListTagsForResource", + "ModifyBackupAttributes", + "ModifyCluster", "ModifyHapg", "ModifyHsm", "ModifyLunaClient", @@ -774,51 +1706,179 @@ "aws:TagKeys" ] }, + "AWS CloudShell": { + "ARNFormat": "arn:aws:cloudshell:${Region}:${Account}:environment/${EnvironmentId}", + "ARNRegex": "^arn:aws:cloudshell:${Region}:${Account}:environment/.+?", + "Actions": [ + "CreateEnvironment", + "CreateSession", + "DeleteEnvironment", + "GetEnvironmentStatus", + "GetFileDownloadUrls", + "GetFileUploadUrls", + "PutCredentials", + "StartEnvironment", + "StopEnvironment" + ], + "HasResource": true, + "StringPrefix": "cloudshell" + }, "AWS CloudTrail": { - "ARNFormat": "arn:aws:cloudtrail:\u003cregion\u003e:\u003caccount\u003e:\u003cresource\u003e", + "ARNFormat": "arn:aws:cloudtrail:${Region}:${Account}:${Resource}", "ARNRegex": "^arn:aws:cloudtrail:.+:[0-9]+:.+", "Actions": [ "AddTags", + "CancelQuery", + "CreateChannel", + "CreateEventDataStore", + "CreateServiceLinkedChannel", "CreateTrail", + "DeleteChannel", + "DeleteEventDataStore", + "DeleteResourcePolicy", + "DeleteServiceLinkedChannel", "DeleteTrail", + "DeregisterOrganizationDelegatedAdmin", + "DescribeQuery", "DescribeTrails", + "GetChannel", + "GetEventDataStore", "GetEventSelectors", + "GetImport", "GetInsightSelectors", + "GetQueryResults", + "GetResourcePolicy", + "GetServiceLinkedChannel", "GetTrail", "GetTrailStatus", + "ListChannels", + "ListEventDataStores", + "ListImportFailures", + "ListImports", "ListPublicKeys", + "ListQueries", + "ListServiceLinkedChannels", "ListTags", "ListTrails", "LookupEvents", "PutEventSelectors", "PutInsightSelectors", + "PutResourcePolicy", + "RegisterOrganizationDelegatedAdmin", "RemoveTags", + "RestoreEventDataStore", + "StartEventDataStoreIngestion", + "StartImport", "StartLogging", + "StartQuery", + "StopEventDataStoreIngestion", + "StopImport", "StopLogging", + "UpdateChannel", + "UpdateEventDataStore", + "UpdateServiceLinkedChannel", "UpdateTrail" ], "HasResource": true, - "StringPrefix": "cloudtrail" + "StringPrefix": "cloudtrail", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, - "AWS Code Signing for Amazon FreeRTOS": { - "ARNFormat": "arn:aws:signer:\u003cregion\u003e::\u003csigner_resource_path\u003e", - "ARNRegex": "^arn:aws:signer:.+", + "AWS CloudTrail Data": { + "ARNFormat": "arn:aws:cloudtrail:${Region}:${Account}:${Resource}", + "ARNRegex": "^arn:aws:cloudtrail:.+:[0-9]+:.+", "Actions": [ - "CancelSigningProfile", - "DescribeSigningJob", - "GetSigningPlatform", - "GetSigningProfile", - "ListSigningJobs", - "ListSigningPlatforms", - "ListSigningProfiles", + "PutAuditEvents" + ], + "HasResource": true, + "StringPrefix": "cloudtrail-data", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS CloudWatch RUM": { + "ARNFormat": "arn:aws:rum:${Region}:${Account}:appmonitor/${Name}", + "ARNRegex": "^arn:aws:rum:.+:.+:.+", + "Actions": [ + "BatchCreateRumMetricDefinitions", + "BatchDeleteRumMetricDefinitions", + "BatchGetRumMetricDefinitions", + "CreateAppMonitor", + "DeleteAppMonitor", + "DeleteRumMetricsDestination", + "GetAppMonitor", + "GetAppMonitorData", + "ListAppMonitors", + "ListRumMetricsDestinations", "ListTagsForResource", - "PutSigningProfile", - "StartSigningJob", + "PutRumEvents", + "PutRumMetricsDestination", "TagResource", - "UntagResource" + "UntagResource", + "UpdateAppMonitor", + "UpdateRumMetricDefinition" ], "HasResource": true, - "StringPrefix": "signer", + "StringPrefix": "rum", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS CodeArtifact": { + "ARNFormat": "arn:aws:codeartifact:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:codeartifact:.+:[0-9]+:.+/.+", + "Actions": [ + "AssociateExternalConnection", + "AssociateWithDownstreamRepository", + "CopyPackageVersions", + "CreateDomain", + "CreateRepository", + "DeleteDomain", + "DeleteDomainPermissionsPolicy", + "DeletePackage", + "DeletePackageVersions", + "DeleteRepository", + "DeleteRepositoryPermissionsPolicy", + "DescribeDomain", + "DescribePackage", + "DescribePackageVersion", + "DescribeRepository", + "DisassociateExternalConnection", + "DisposePackageVersions", + "GetAuthorizationToken", + "GetDomainPermissionsPolicy", + "GetPackageVersionAsset", + "GetPackageVersionReadme", + "GetRepositoryEndpoint", + "GetRepositoryPermissionsPolicy", + "ListDomains", + "ListPackageVersionAssets", + "ListPackageVersionDependencies", + "ListPackageVersions", + "ListPackages", + "ListRepositories", + "ListRepositoriesInDomain", + "ListTagsForResource", + "PublishPackageVersion", + "PutDomainPermissionsPolicy", + "PutPackageMetadata", + "PutPackageOriginConfiguration", + "PutRepositoryPermissionsPolicy", + "ReadFromRepository", + "TagResource", + "UntagResource", + "UpdatePackageVersionsStatus", + "UpdateRepository" + ], + "HasResource": true, + "StringPrefix": "codeartifact", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", @@ -826,19 +1886,22 @@ ] }, "AWS CodeBuild": { - "ARNFormat": "arn:${Partition}:codebuild:\u003cregion\u003e:\u003caccount_ID\u003e:\u003cresource_type\u003e/\u003cresource_id\u003e", - "ARNRegex": "^arn:${Partition}:codebuild:.+:[0-9]+:.+/.+", + "ARNFormat": "arn:aws:codebuild:${Region}:${Account}:build/${BuildId}", + "ARNRegex": "^arn:aws:codebuild:.+:[0-9]+:.+/.+", "Actions": [ "BatchDeleteBuilds", + "BatchGetBuildBatches", "BatchGetBuilds", "BatchGetProjects", "BatchGetReportGroups", "BatchGetReports", + "BatchPutCodeCoverages", "BatchPutTestCases", "CreateProject", "CreateReport", "CreateReportGroup", "CreateWebhook", + "DeleteBuildBatch", "DeleteOAuthToken", "DeleteProject", "DeleteReport", @@ -846,10 +1909,14 @@ "DeleteResourcePolicy", "DeleteSourceCredentials", "DeleteWebhook", + "DescribeCodeCoverages", "DescribeTestCases", + "GetReportGroupTrend", "GetResourcePolicy", "ImportSourceCredentials", "InvalidateProjectCache", + "ListBuildBatches", + "ListBuildBatchesForProject", "ListBuilds", "ListBuildsForProject", "ListConnectedOAuthAccounts", @@ -864,9 +1931,14 @@ "ListSourceCredentials", "PersistOAuthToken", "PutResourcePolicy", + "RetryBuild", + "RetryBuildBatch", "StartBuild", + "StartBuildBatch", "StopBuild", + "StopBuildBatch", "UpdateProject", + "UpdateProjectVisibility", "UpdateReport", "UpdateReportGroup", "UpdateWebhook" @@ -880,7 +1952,7 @@ ] }, "AWS CodeCommit": { - "ARNFormat": "arn:aws:codecommit:\u003cregion\u003e:\u003caccount_ID\u003e:\u003crepository_name\u003e", + "ARNFormat": "arn:aws:codecommit:${Region}:${Account}:${RepositoryName}", "ARNRegex": "^arn:aws:codecommit:.+", "Actions": [ "AssociateApprovalRuleTemplateWithRepository", @@ -912,6 +1984,7 @@ "GetBlob", "GetBranch", "GetComment", + "GetCommentReactions", "GetCommentsForComparedCommit", "GetCommentsForPullRequest", "GetCommit", @@ -937,6 +2010,7 @@ "ListApprovalRuleTemplates", "ListAssociatedApprovalRuleTemplatesForRepository", "ListBranches", + "ListFileCommitHistory", "ListPullRequests", "ListRepositories", "ListRepositoriesForApprovalRuleTemplate", @@ -951,6 +2025,7 @@ "PostCommentForComparedCommit", "PostCommentForPullRequest", "PostCommentReply", + "PutCommentReaction", "PutFile", "PutRepositoryTriggers", "TagResource", @@ -980,7 +2055,7 @@ ] }, "AWS CodeDeploy": { - "ARNFormat": "arn:aws:codedeploy:region:account:resource-type:resource-specifier", + "ARNFormat": "arn:aws:codedeploy:${Region}:${Account}:${ResourceType}:${ResourceSpecifier}", "ARNRegex": "^arn:aws:codedeploy:.+", "Actions": [ "AddTagsToOnPremisesInstances", @@ -993,6 +2068,7 @@ "BatchGetOnPremisesInstances", "ContinueDeployment", "CreateApplication", + "CreateCloudFormationDeployment", "CreateDeployment", "CreateDeploymentConfig", "CreateDeploymentGroup", @@ -1000,6 +2076,7 @@ "DeleteDeploymentConfig", "DeleteDeploymentGroup", "DeleteGitHubAccountToken", + "DeleteResourcesByExternalId", "DeregisterOnPremisesInstance", "GetApplication", "GetApplicationRevision", @@ -1038,9 +2115,19 @@ "aws:TagKeys" ] }, + "AWS CodeDeploy secure host commands service": { + "Actions": [ + "GetDeploymentSpecification", + "PollHostCommand", + "PutHostCommandAcknowledgement", + "PutHostCommandComplete" + ], + "HasResource": false, + "StringPrefix": "codedeploy-commands-secure" + }, "AWS CodePipeline": { - "ARNFormat": "arn:aws:codepipeline:\u003cregion\u003e:\u003caccount_ID\u003e:\u003cpath_to_pipeline_resource\u003e", - "ARNRegex": "arn:aws:codepipeline:.+", + "ARNFormat": "arn:aws:codepipeline:${Region}:${Account}:${PathToPipelineResource}", + "ARNRegex": "^arn:aws:codepipeline:.+", "Actions": [ "AcknowledgeJob", "AcknowledgeThirdPartyJob", @@ -1052,6 +2139,7 @@ "DeregisterWebhookWithThirdParty", "DisableStageTransition", "EnableStageTransition", + "GetActionType", "GetJobDetails", "GetPipeline", "GetPipelineExecution", @@ -1078,6 +2166,7 @@ "StopPipelineExecution", "TagResource", "UntagResource", + "UpdateActionType", "UpdatePipeline" ], "HasResource": true, @@ -1089,7 +2178,7 @@ ] }, "AWS CodeStar": { - "ARNFormat": "arn:aws:codestar:\u003cregion\u003e:\u003caccount_ID\u003e:\u003cresource_type\u003e/\u003cresource_id\u003e", + "ARNFormat": "arn:aws:codestar:${Region}:${Account}:project/${ResourceId}", "ARNRegex": "^arn:aws:codestar:.+:[0-9]+:project/.+", "Actions": [ "AssociateTeamMember", @@ -1112,7 +2201,8 @@ "UntagProject", "UpdateProject", "UpdateTeamMember", - "UpdateUserProfile" + "UpdateUserProfile", + "VerifyServiceRole" ], "HasResource": true, "StringPrefix": "codestar", @@ -1123,8 +2213,53 @@ "iam:ResourceTag/${TagKey}" ] }, + "AWS CodeStar Connections": { + "ARNFormat": "arn:aws:codestar-connections:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:codestar-connections:.+:.+:.+", + "Actions": [ + "CreateConnection", + "CreateHost", + "DeleteConnection", + "DeleteHost", + "GetConnection", + "GetHost", + "GetIndividualAccessToken", + "GetInstallationUrl", + "ListConnections", + "ListHosts", + "ListInstallationTargets", + "ListTagsForResource", + "PassConnection", + "RegisterAppCode", + "StartAppRegistrationHandshake", + "StartOAuthHandshake", + "TagResource", + "UntagResource", + "UpdateConnectionInstallation", + "UpdateHost", + "UseConnection" + ], + "HasResource": true, + "StringPrefix": "codestar-connections", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "codestar-connections:BranchName", + "codestar-connections:FullRepositoryId", + "codestar-connections:HostArn", + "codestar-connections:InstallationId", + "codestar-connections:OwnerId", + "codestar-connections:PassedToService", + "codestar-connections:ProviderAction", + "codestar-connections:ProviderPermissionsRequired", + "codestar-connections:ProviderType", + "codestar-connections:ProviderTypeFilter", + "codestar-connections:RepositoryName" + ] + }, "AWS CodeStar Notifications": { - "ARNFormat": "arn:aws:codestar-notifications:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_id\u003e", + "ARNFormat": "arn:aws:codestar-notifications:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:codestar-notifications:.+:.+:.+", "Actions": [ "CreateNotificationRule", @@ -1150,9 +2285,41 @@ "codestar-notifications:NotificationsForResource" ] }, + "AWS Compute Optimizer": { + "Actions": [ + "DeleteRecommendationPreferences", + "DescribeRecommendationExportJobs", + "ExportAutoScalingGroupRecommendations", + "ExportEBSVolumeRecommendations", + "ExportEC2InstanceRecommendations", + "ExportECSServiceRecommendations", + "ExportLambdaFunctionRecommendations", + "ExportLicenseRecommendations", + "GetAutoScalingGroupRecommendations", + "GetEBSVolumeRecommendations", + "GetEC2InstanceRecommendations", + "GetEC2RecommendationProjectedMetrics", + "GetECSServiceRecommendationProjectedMetrics", + "GetECSServiceRecommendations", + "GetEffectiveRecommendationPreferences", + "GetEnrollmentStatus", + "GetEnrollmentStatusesForOrganization", + "GetLambdaFunctionRecommendations", + "GetLicenseRecommendations", + "GetRecommendationPreferences", + "GetRecommendationSummaries", + "PutRecommendationPreferences", + "UpdateEnrollmentStatus" + ], + "HasResource": false, + "StringPrefix": "compute-optimizer", + "conditionKeys": [ + "compute-optimizer:ResourceType" + ] + }, "AWS Config": { - "ARNFormat": "arn:\u003cpartition\u003e:config:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceId\u003e", - "ARNRegex": "arn:\u003cpartition\u003e:config:.+", + "ARNFormat": "arn:aws:config:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:config:.+", "Actions": [ "BatchGetAggregateResourceConfig", "BatchGetResourceConfig", @@ -1168,9 +2335,12 @@ "DeletePendingAggregationRequest", "DeleteRemediationConfiguration", "DeleteRemediationExceptions", + "DeleteResourceConfig", "DeleteRetentionConfiguration", + "DeleteStoredQuery", "DeliverConfigSnapshot", "DescribeAggregateComplianceByConfigRules", + "DescribeAggregateComplianceByConformancePacks", "DescribeAggregationAuthorizations", "DescribeComplianceByConfigRule", "DescribeComplianceByResource", @@ -1196,6 +2366,7 @@ "DescribeRetentionConfigurations", "GetAggregateComplianceDetailsByConfigRule", "GetAggregateConfigRuleComplianceSummary", + "GetAggregateConformancePackComplianceSummary", "GetAggregateDiscoveredResourceCounts", "GetAggregateResourceConfig", "GetComplianceDetailsByConfigRule", @@ -1204,14 +2375,19 @@ "GetComplianceSummaryByResourceType", "GetConformancePackComplianceDetails", "GetConformancePackComplianceSummary", + "GetCustomRulePolicy", "GetDiscoveredResourceCounts", "GetOrganizationConfigRuleDetailedStatus", "GetOrganizationConformancePackDetailedStatus", + "GetOrganizationCustomRulePolicy", "GetResourceConfigHistory", - "GetResources", - "GetTagKeys", + "GetResourceEvaluationSummary", + "GetStoredQuery", "ListAggregateDiscoveredResources", + "ListConformancePackComplianceScores", "ListDiscoveredResources", + "ListResourceEvaluations", + "ListStoredQueries", "ListTagsForResource", "PutAggregationAuthorization", "PutConfigRule", @@ -1220,15 +2396,20 @@ "PutConformancePack", "PutDeliveryChannel", "PutEvaluations", + "PutExternalEvaluation", "PutOrganizationConfigRule", "PutOrganizationConformancePack", "PutRemediationConfigurations", "PutRemediationExceptions", + "PutResourceConfig", "PutRetentionConfiguration", + "PutStoredQuery", + "SelectAggregateResourceConfig", "SelectResourceConfig", "StartConfigRulesEvaluation", "StartConfigurationRecorder", "StartRemediationExecution", + "StartResourceEvaluation", "StopConfigurationRecorder", "TagResource", "UntagResource" @@ -1252,70 +2433,211 @@ "HasResource": false, "StringPrefix": "awsconnector" }, + "AWS Console Mobile App": { + "ARNFormat": "arn:aws:consoleapp:${Region}:${Account}:${ResourceType}", + "ARNRegex": "^arn:aws:consoleapp:.+:.+:.+", + "Actions": [ + "GetDeviceIdentity", + "ListDeviceIdentities" + ], + "HasResource": true, + "StringPrefix": "consoleapp" + }, + "AWS Consolidated Billing": { + "ARNFormat": "arn:${Partition}:consolidatedbilling::${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:${Partition}:consolidatedbilling::.+:.+", + "Actions": [ + "GetAccountBillingRole", + "ListLinkedAccounts" + ], + "HasResource": false, + "StringPrefix": "consolidatedbilling" + }, + "AWS Control Tower": { + "ARNFormat": "arn:aws:controltower:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:controltower:.+:.+:.+", + "Actions": [ + "CreateManagedAccount", + "DeleteLandingZone", + "DeregisterManagedAccount", + "DeregisterOrganizationalUnit", + "DescribeAccountFactoryConfig", + "DescribeCoreService", + "DescribeGuardrail", + "DescribeGuardrailForTarget", + "DescribeLandingZoneConfiguration", + "DescribeManagedAccount", + "DescribeManagedOrganizationalUnit", + "DescribeRegisterOrganizationalUnitOperation", + "DescribeSingleSignOn", + "DisableControl", + "DisableGuardrail", + "EnableControl", + "EnableGuardrail", + "GetAccountInfo", + "GetAvailableUpdates", + "GetControlOperation", + "GetEnabledControl", + "GetGuardrailComplianceStatus", + "GetHomeRegion", + "GetLandingZoneDriftStatus", + "GetLandingZoneStatus", + "ListDirectoryGroups", + "ListDriftDetails", + "ListEnabledControls", + "ListEnabledGuardrails", + "ListExtendGovernancePrecheckDetails", + "ListExternalConfigRuleCompliance", + "ListGuardrailViolations", + "ListGuardrails", + "ListGuardrailsForTarget", + "ListManagedAccounts", + "ListManagedAccountsForGuardrail", + "ListManagedAccountsForParent", + "ListManagedOrganizationalUnits", + "ListManagedOrganizationalUnitsForGuardrail", + "ListTagsForResource", + "ManageOrganizationalUnit", + "PerformPreLaunchChecks", + "SetupLandingZone", + "TagResource", + "UntagResource", + "UpdateAccountFactoryConfig" + ], + "HasResource": true, + "StringPrefix": "controltower", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "AWS Cost Explorer Service": { - "ARNFormat": "arn:aws:ce::\u003caccount_ID\u003e:ce", + "ARNFormat": "arn:aws:ce::${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:ce::.+:.+", "Actions": [ + "CreateAnomalyMonitor", + "CreateAnomalySubscription", "CreateCostCategoryDefinition", + "CreateNotificationSubscription", + "CreateReport", + "DeleteAnomalyMonitor", + "DeleteAnomalySubscription", "DeleteCostCategoryDefinition", + "DeleteNotificationSubscription", + "DeleteReport", "DescribeCostCategoryDefinition", + "DescribeNotificationSubscription", + "DescribeReport", + "GetAnomalies", + "GetAnomalyMonitors", + "GetAnomalySubscriptions", + "GetApproximateUsageRecords", + "GetConsoleActionSetEnforced", "GetCostAndUsage", "GetCostAndUsageWithResources", + "GetCostCategories", "GetCostForecast", "GetDimensionValues", + "GetPreferences", "GetReservationCoverage", "GetReservationPurchaseRecommendation", "GetReservationUtilization", "GetRightsizingRecommendation", + "GetSavingsPlanPurchaseRecommendationDetails", "GetSavingsPlansCoverage", "GetSavingsPlansPurchaseRecommendation", "GetSavingsPlansUtilization", "GetSavingsPlansUtilizationDetails", "GetTags", "GetUsageForecast", + "ListCostAllocationTags", "ListCostCategoryDefinitions", - "UpdateCostCategoryDefinition" + "ListSavingsPlansPurchaseRecommendationGeneration", + "ListTagsForResource", + "ProvideAnomalyFeedback", + "StartSavingsPlansPurchaseRecommendationGeneration", + "TagResource", + "UntagResource", + "UpdateAnomalyMonitor", + "UpdateAnomalySubscription", + "UpdateConsoleActionSetEnforced", + "UpdateCostAllocationTagsStatus", + "UpdateCostCategoryDefinition", + "UpdateNotificationSubscription", + "UpdatePreferences", + "UpdateReport" ], - "HasResource": false, - "StringPrefix": "ce" + "HasResource": true, + "StringPrefix": "ce", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "AWS Cost and Usage Report": { - "ARNFormat": "arn:aws:cur:\u003cregion\u003e:\u003caccount_ID\u003e:definition/\u003creportname\u003e", + "ARNFormat": "arn:aws:cur:${Region}:${Account}:definition/${ResourceName}", "ARNRegex": "^arn:aws:cur:.+:.+:.+", "Actions": [ "DeleteReportDefinition", "DescribeReportDefinitions", + "GetClassicReport", + "GetClassicReportPreferences", + "GetUsageReport", "ModifyReportDefinition", - "PutReportDefinition" + "PutClassicReportPreferences", + "PutReportDefinition", + "ValidateReportDestination" ], "HasResource": true, "StringPrefix": "cur" }, + "AWS Customer Verification Service": { + "Actions": [ + "CreateCustomerVerificationDetails", + "GetCustomerVerificationDetails", + "GetCustomerVerificationEligibility", + "UpdateCustomerVerificationDetails" + ], + "HasResource": false, + "StringPrefix": "customer-verification" + }, "AWS Data Exchange": { - "ARNFormat": "arn:aws:dataexchange:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_id\u003e", - "ARNRegex": "^arn:aws:dataexchange:.+:.*:.+", + "ARNFormat": "arn:aws:dataexchange:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:dataexchange:.+", "Actions": [ "CancelJob", + "CreateAsset", "CreateDataSet", + "CreateEventAction", "CreateJob", "CreateRevision", "DeleteAsset", "DeleteDataSet", + "DeleteEventAction", "DeleteRevision", "GetAsset", "GetDataSet", + "GetEventAction", "GetJob", "GetRevision", "ListDataSetRevisions", "ListDataSets", + "ListEventActions", "ListJobs", "ListRevisionAssets", "ListTagsForResource", + "PublishDataSet", + "RevokeRevision", + "SendApiAsset", + "SendDataSetNotification", "StartJob", "TagResource", "UntagResource", "UpdateAsset", "UpdateDataSet", + "UpdateEventAction", "UpdateRevision" ], "HasResource": true, @@ -1327,55 +2649,254 @@ "dataexchange:JobType" ] }, + "AWS Data Pipeline": { + "ARNFormat": "arn:aws:datapipeline:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:datapipeline:.+:.+", + "Actions": [ + "ActivatePipeline", + "AddTags", + "CreatePipeline", + "DeactivatePipeline", + "DeletePipeline", + "DescribeObjects", + "DescribePipelines", + "EvaluateExpression", + "GetAccountLimits", + "GetPipelineDefinition", + "ListPipelines", + "PollForTask", + "PutAccountLimits", + "PutPipelineDefinition", + "QueryObjects", + "RemoveTags", + "ReportTaskProgress", + "ReportTaskRunnerHeartbeat", + "SetStatus", + "SetTaskStatus", + "ValidatePipelineDefinition" + ], + "HasResource": true, + "StringPrefix": "datapipeline", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "datapipeline:PipelineCreator", + "datapipeline:Tag", + "datapipeline:workerGroup" + ] + }, + "AWS DataSync": { + "ARNFormat": "arn:aws:datasync:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:datasync:.+", + "Actions": [ + "AddStorageSystem", + "CancelTaskExecution", + "CreateAgent", + "CreateLocationAzureBlob", + "CreateLocationEfs", + "CreateLocationFsxLustre", + "CreateLocationFsxOntap", + "CreateLocationFsxOpenZfs", + "CreateLocationFsxWindows", + "CreateLocationHdfs", + "CreateLocationNfs", + "CreateLocationObjectStorage", + "CreateLocationS3", + "CreateLocationSmb", + "CreateTask", + "DeleteAgent", + "DeleteLocation", + "DeleteTask", + "DescribeAgent", + "DescribeDiscoveryJob", + "DescribeLocationAzureBlob", + "DescribeLocationEfs", + "DescribeLocationFsxLustre", + "DescribeLocationFsxOntap", + "DescribeLocationFsxOpenZfs", + "DescribeLocationFsxWindows", + "DescribeLocationHdfs", + "DescribeLocationNfs", + "DescribeLocationObjectStorage", + "DescribeLocationS3", + "DescribeLocationSmb", + "DescribeStorageSystem", + "DescribeStorageSystemResourceMetrics", + "DescribeStorageSystemResources", + "DescribeTask", + "DescribeTaskExecution", + "GenerateRecommendations", + "ListAgents", + "ListDiscoveryJobs", + "ListLocations", + "ListStorageSystems", + "ListTagsForResource", + "ListTaskExecutions", + "ListTasks", + "RemoveStorageSystem", + "StartDiscoveryJob", + "StartTaskExecution", + "StopDiscoveryJob", + "TagResource", + "UntagResource", + "UpdateAgent", + "UpdateDiscoveryJob", + "UpdateLocationAzureBlob", + "UpdateLocationHdfs", + "UpdateLocationNfs", + "UpdateLocationObjectStorage", + "UpdateLocationSmb", + "UpdateStorageSystem", + "UpdateTask", + "UpdateTaskExecution" + ], + "HasResource": true, + "StringPrefix": "datasync", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "AWS Database Migration Service": { - "ARNFormat": "arn:aws:dms:\u003cregion\u003e:\u003caccount\u003e:\u003cresource\u003e", - "ARNRegex": "arn:aws:dms:.+", + "ARNFormat": "arn:aws:dms:${Region}:${Account}:${Resource}", + "ARNRegex": "^arn:aws:dms:.+", "Actions": [ "AddTagsToResource", "ApplyPendingMaintenanceAction", + "AssociateExtensionPack", + "BatchStartRecommendations", + "CancelMetadataModelAssessment", + "CancelMetadataModelConversion", + "CancelMetadataModelExport", + "CancelReplicationTaskAssessmentRun", + "CreateDataMigration", + "CreateDataProvider", "CreateEndpoint", "CreateEventSubscription", + "CreateFleetAdvisorCollector", + "CreateInstanceProfile", + "CreateMigrationProject", + "CreateReplicationConfig", "CreateReplicationInstance", "CreateReplicationSubnetGroup", "CreateReplicationTask", "DeleteCertificate", + "DeleteConnection", + "DeleteDataMigration", + "DeleteDataProvider", "DeleteEndpoint", "DeleteEventSubscription", + "DeleteFleetAdvisorCollector", + "DeleteFleetAdvisorDatabases", + "DeleteInstanceProfile", + "DeleteMigrationProject", + "DeleteReplicationConfig", "DeleteReplicationInstance", "DeleteReplicationSubnetGroup", "DeleteReplicationTask", + "DeleteReplicationTaskAssessmentRun", "DescribeAccountAttributes", + "DescribeApplicableIndividualAssessments", "DescribeCertificates", "DescribeConnections", + "DescribeConversionConfiguration", + "DescribeDataMigrations", + "DescribeDataProviders", + "DescribeEndpointSettings", "DescribeEndpointTypes", "DescribeEndpoints", + "DescribeEngineVersions", "DescribeEventCategories", "DescribeEventSubscriptions", "DescribeEvents", + "DescribeExtensionPackAssociations", + "DescribeFleetAdvisorCollectors", + "DescribeFleetAdvisorDatabases", + "DescribeFleetAdvisorLsaAnalysis", + "DescribeFleetAdvisorSchemaObjectSummary", + "DescribeFleetAdvisorSchemas", + "DescribeInstanceProfiles", + "DescribeMetadataModelAssessments", + "DescribeMetadataModelConversions", + "DescribeMetadataModelExportsAsScript", + "DescribeMetadataModelExportsToTarget", + "DescribeMetadataModelImports", + "DescribeMigrationProjects", "DescribeOrderableReplicationInstances", + "DescribePendingMaintenanceActions", + "DescribeRecommendationLimitations", + "DescribeRecommendations", "DescribeRefreshSchemasStatus", + "DescribeReplicationConfigs", "DescribeReplicationInstanceTaskLogs", "DescribeReplicationInstances", "DescribeReplicationSubnetGroups", + "DescribeReplicationTableStatistics", "DescribeReplicationTaskAssessmentResults", + "DescribeReplicationTaskAssessmentRuns", + "DescribeReplicationTaskIndividualAssessments", "DescribeReplicationTasks", + "DescribeReplications", "DescribeSchemas", "DescribeTableStatistics", + "DisassociateExtensionPack", + "ExportMetadataModelAssessment", + "GetMetadataModel", "ImportCertificate", + "ListDataProviders", + "ListExtensionPacks", + "ListInstanceProfiles", + "ListMetadataModelAssessmentActionItems", + "ListMetadataModelAssessments", + "ListMetadataModelConversions", + "ListMetadataModelExports", + "ListMigrationProjects", "ListTagsForResource", + "ModifyConversionConfiguration", + "ModifyDataMigration", + "ModifyDataProvider", "ModifyEndpoint", "ModifyEventSubscription", + "ModifyFleetAdvisorCollector", + "ModifyFleetAdvisorCollectorStatuses", + "ModifyInstanceProfile", + "ModifyMigrationProject", + "ModifyReplicationConfig", "ModifyReplicationInstance", "ModifyReplicationSubnetGroup", "ModifyReplicationTask", + "MoveReplicationTask", "RebootReplicationInstance", "RefreshSchemas", + "ReloadReplicationTables", "ReloadTables", "RemoveTagsFromResource", + "RunFleetAdvisorLsaAnalysis", + "StartDataMigration", + "StartExtensionPackAssociation", + "StartMetadataModelAssessment", + "StartMetadataModelConversion", + "StartMetadataModelExportAsScript", + "StartMetadataModelExportAsScripts", + "StartMetadataModelExportToTarget", + "StartMetadataModelImport", + "StartRecommendations", + "StartReplication", "StartReplicationTask", "StartReplicationTaskAssessment", + "StartReplicationTaskAssessmentRun", + "StopDataMigration", + "StopReplication", "StopReplicationTask", - "TestConnection" + "TestConnection", + "UpdateConversionConfiguration", + "UpdateDataProvider", + "UpdateInstanceProfile", + "UpdateMigrationProject", + "UpdateSubscriptionsToEventBridge", + "UploadFileMetadataList" ], "HasResource": true, "StringPrefix": "dms", @@ -1384,16 +2905,21 @@ "aws:ResourceTag/${TagKey}", "aws:TagKeys", "dms:cert-tag/${TagKey}", + "dms:data-migration-tag/${TagKey}", + "dms:data-provider-tag/${TagKey}", "dms:endpoint-tag/${TagKey}", "dms:es-tag/${TagKey}", + "dms:instance-profile-tag/${TagKey}", + "dms:migration-project-tag/${TagKey}", "dms:rep-tag/${TagKey}", + "dms:replication-config-tag/${TagKey}", "dms:req-tag/${TagKey}", "dms:subgrp-tag/${TagKey}", "dms:task-tag/${TagKey}" ] }, "AWS DeepComposer": { - "ARNFormat": "arn:aws:deepcomposer:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "ARNFormat": "arn:aws:deepcomposer:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:deepcomposer:.+:.+:.+", "Actions": [ "AssociateCoupon", @@ -1408,12 +2934,20 @@ "ListCompositions", "ListModels", "ListSampleModels", + "ListTagsForResource", "ListTrainingTopics", + "TagResource", + "UntagResource", "UpdateComposition", "UpdateModel" ], "HasResource": true, - "StringPrefix": "deepcomposer" + "StringPrefix": "deepcomposer", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "AWS DeepLens": { "ARNFormat": "arn:aws:deeplens:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", @@ -1448,41 +2982,73 @@ "StringPrefix": "deeplens" }, "AWS DeepRacer": { - "ARNFormat": "arn:aws:deepracer:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "ARNFormat": "arn:aws:deepracer:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:deepracer:.+", "Actions": [ + "AddLeaderboardAccessPermission", + "AdminGetAccountConfig", + "AdminListAssociatedResources", + "AdminListAssociatedUsers", + "AdminManageUser", + "AdminSetAccountConfig", "CloneReinforcementLearningModel", - "CreateAccountResources", + "CreateCar", + "CreateLeaderboard", + "CreateLeaderboardAccessToken", "CreateLeaderboardSubmission", "CreateReinforcementLearningModel", - "DeleteAccountResources", + "DeleteLeaderboard", "DeleteModel", - "GetAccountResources", + "EditLeaderboard", + "GetAccountConfig", "GetAlias", + "GetAssetUrl", + "GetCar", + "GetCars", "GetEvaluation", "GetLatestUserSubmission", "GetLeaderboard", "GetModel", + "GetPrivateLeaderboard", "GetRankedUserSubmission", "GetTrack", "GetTrainingJob", + "ImportModel", "ListEvaluations", + "ListLeaderboardEvaluations", "ListLeaderboardSubmissions", "ListLeaderboards", "ListModels", + "ListPrivateLeaderboardParticipants", + "ListPrivateLeaderboards", + "ListSubscribedPrivateLeaderboards", + "ListTagsForResource", "ListTracks", "ListTrainingJobs", + "MigrateModels", + "PerformLeaderboardOperation", + "RemoveLeaderboardAccessPermission", "SetAlias", "StartEvaluation", "StopEvaluation", "StopTrainingReinforcementLearningModel", - "TestRewardFunction" + "TagResource", + "TestRewardFunction", + "UntagResource", + "UpdateCar" ], "HasResource": true, - "StringPrefix": "deepracer" + "StringPrefix": "deepracer", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "deepracer:MultiUser", + "deepracer:UserToken" + ] }, "AWS Device Farm": { - "ARNFormat": "arn:aws:devicefarm:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e:\u003cresource-id\u003e", + "ARNFormat": "arn:aws:devicefarm:${Region}:${Account}:${ResourceType}:${ResourceId}", "ARNRegex": "^arn:aws:devicefarm:.+", "Actions": [ "CreateDevicePool", @@ -1572,8 +3138,8 @@ ] }, "AWS Direct Connect": { - "ARNFormat": "arn:${Partition}:directconnect:${Region}:${Account}:${ResourceType}/${ResourceId}", - "ARNRegex": "^arn:${Partition}:directconnect:.+", + "ARNFormat": "arn:aws:directconnect:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:directconnect:.+", "Actions": [ "AcceptDirectConnectGatewayAssociationProposal", "AllocateConnectionOnInterconnect", @@ -1583,8 +3149,10 @@ "AllocateTransitVirtualInterface", "AssociateConnectionWithLag", "AssociateHostedConnection", + "AssociateMacSecKey", "AssociateVirtualInterface", "ConfirmConnection", + "ConfirmCustomerAgreement", "ConfirmPrivateVirtualInterface", "ConfirmPublicVirtualInterface", "ConfirmTransitVirtualInterface", @@ -1609,6 +3177,7 @@ "DescribeConnectionLoa", "DescribeConnections", "DescribeConnectionsOnInterconnect", + "DescribeCustomerMetadata", "DescribeDirectConnectGatewayAssociationProposals", "DescribeDirectConnectGatewayAssociations", "DescribeDirectConnectGatewayAttachments", @@ -1619,12 +3188,19 @@ "DescribeLags", "DescribeLoa", "DescribeLocations", + "DescribeRouterConfiguration", "DescribeTags", "DescribeVirtualGateways", "DescribeVirtualInterfaces", "DisassociateConnectionFromLag", + "DisassociateMacSecKey", + "ListVirtualInterfaceTestHistory", + "StartBgpFailoverTest", + "StopBgpFailoverTest", "TagResource", "UntagResource", + "UpdateConnection", + "UpdateDirectConnectGateway", "UpdateDirectConnectGatewayAssociation", "UpdateLag", "UpdateVirtualInterfaceAttributes" @@ -1638,11 +3214,12 @@ ] }, "AWS Directory Service": { - "ARNFormat": "arn:\u003cpartition\u003e:ds:\u003cregion\u003e:\u003caccountID\u003e:\u003crelative-id\u003e", - "ARNRegex": "^arn:\u003cpartition\u003e:ds:.+", + "ARNFormat": "arn:aws:ds:${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:aws:ds:.+", "Actions": [ "AcceptSharedDirectory", "AddIpRoutes", + "AddRegion", "AddTagsToResource", "AuthorizeApplication", "CancelSchemaExtension", @@ -1665,19 +3242,27 @@ "DeregisterCertificate", "DeregisterEventTopic", "DescribeCertificate", + "DescribeClientAuthenticationSettings", "DescribeConditionalForwarders", "DescribeDirectories", "DescribeDomainControllers", "DescribeEventTopics", "DescribeLDAPSSettings", + "DescribeRegions", + "DescribeSettings", "DescribeSharedDirectories", "DescribeSnapshots", "DescribeTrusts", + "DescribeUpdateDirectory", + "DisableClientAuthentication", "DisableLDAPS", "DisableRadius", + "DisableRoleAccess", "DisableSso", + "EnableClientAuthentication", "EnableLDAPS", "EnableRadius", + "EnableRoleAccess", "EnableSso", "GetAuthorizedApplicationDetails", "GetDirectoryLimits", @@ -1692,6 +3277,7 @@ "RegisterEventTopic", "RejectSharedDirectory", "RemoveIpRoutes", + "RemoveRegion", "RemoveTagsFromResource", "ResetUserPassword", "RestoreFromSnapshot", @@ -1699,9 +3285,13 @@ "StartSchemaExtension", "UnauthorizeApplication", "UnshareDirectory", + "UpdateAuthorizedApplication", "UpdateConditionalForwarder", + "UpdateDirectory", + "UpdateDirectorySetup", "UpdateNumberOfDomainControllers", "UpdateRadius", + "UpdateSettings", "UpdateTrust", "VerifyTrust" ], @@ -1714,12 +3304,13 @@ ] }, "AWS Elastic Beanstalk": { - "ARNFormat": "arn:aws:elasticbeanstalk:\u003cregion\u003e:\u003caccount_ID\u003e:\u003cresource_type\u003e/\u003cpath_to_resource\u003e", + "ARNFormat": "arn:aws:elasticbeanstalk:${Region}:${Account}:${ResourceType}/${PathToResource}", "ARNRegex": "^arn:aws:elasticbeanstalk:.+:.*:.+/.+", "Actions": [ "AbortEnvironmentUpdate", "AddTags", "ApplyEnvironmentManagedAction", + "AssociateEnvironmentOperationsRole", "CheckDNSAvailability", "ComposeEnvironments", "CreateApplication", @@ -1746,9 +3337,12 @@ "DescribeEvents", "DescribeInstancesHealth", "DescribePlatformVersion", + "DisassociateEnvironmentOperationsRole", "ListAvailableSolutionStacks", + "ListPlatformBranches", "ListPlatformVersions", "ListTagsForResource", + "PutInstanceStatistics", "RebuildEnvironment", "RemoveTags", "RequestEnvironmentInfo", @@ -1761,6 +3355,7 @@ "UpdateApplicationVersion", "UpdateConfigurationTemplate", "UpdateEnvironment", + "UpdateTagsForResource", "ValidateConfigurationSettings" ], "HasResource": true, @@ -1778,31 +3373,332 @@ "elasticbeanstalk:InApplication" ] }, + "AWS Elastic Disaster Recovery": { + "ARNFormat": "arn:aws:drs:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:drs:.+", + "Actions": [ + "AssociateFailbackClientToRecoveryInstanceForDrs", + "AssociateSourceNetworkStack", + "BatchCreateVolumeSnapshotGroupForDrs", + "BatchDeleteSnapshotRequestForDrs", + "CreateConvertedSnapshotForDrs", + "CreateExtendedSourceServer", + "CreateLaunchConfigurationTemplate", + "CreateRecoveryInstanceForDrs", + "CreateReplicationConfigurationTemplate", + "CreateSourceNetwork", + "CreateSourceServerForDrs", + "DeleteJob", + "DeleteLaunchAction", + "DeleteLaunchConfigurationTemplate", + "DeleteRecoveryInstance", + "DeleteReplicationConfigurationTemplate", + "DeleteSourceNetwork", + "DeleteSourceServer", + "DescribeJobLogItems", + "DescribeJobs", + "DescribeLaunchConfigurationTemplates", + "DescribeRecoveryInstances", + "DescribeRecoverySnapshots", + "DescribeReplicationConfigurationTemplates", + "DescribeReplicationServerAssociationsForDrs", + "DescribeSnapshotRequestsForDrs", + "DescribeSourceNetworks", + "DescribeSourceServers", + "DisconnectRecoveryInstance", + "DisconnectSourceServer", + "ExportSourceNetworkCfnTemplate", + "GetAgentCommandForDrs", + "GetAgentConfirmedResumeInfoForDrs", + "GetAgentInstallationAssetsForDrs", + "GetAgentReplicationInfoForDrs", + "GetAgentRuntimeConfigurationForDrs", + "GetAgentSnapshotCreditsForDrs", + "GetChannelCommandsForDrs", + "GetFailbackCommandForDrs", + "GetFailbackLaunchRequestedForDrs", + "GetFailbackReplicationConfiguration", + "GetLaunchConfiguration", + "GetReplicationConfiguration", + "GetSuggestedFailbackClientDeviceMappingForDrs", + "InitializeService", + "IssueAgentCertificateForDrs", + "ListExtensibleSourceServers", + "ListLaunchActions", + "ListStagingAccounts", + "ListTagsForResource", + "NotifyAgentAuthenticationForDrs", + "NotifyAgentConnectedForDrs", + "NotifyAgentDisconnectedForDrs", + "NotifyAgentReplicationProgressForDrs", + "NotifyConsistencyAttainedForDrs", + "NotifyReplicationServerAuthenticationForDrs", + "NotifyVolumeEventForDrs", + "PutLaunchAction", + "RetryDataReplication", + "ReverseReplication", + "SendAgentLogsForDrs", + "SendAgentMetricsForDrs", + "SendChannelCommandResultForDrs", + "SendClientLogsForDrs", + "SendClientMetricsForDrs", + "SendVolumeStatsForDrs", + "StartFailbackLaunch", + "StartRecovery", + "StartReplication", + "StartSourceNetworkRecovery", + "StartSourceNetworkReplication", + "StopFailback", + "StopReplication", + "StopSourceNetworkReplication", + "TagResource", + "TerminateRecoveryInstances", + "UntagResource", + "UpdateAgentBacklogForDrs", + "UpdateAgentConversionInfoForDrs", + "UpdateAgentReplicationInfoForDrs", + "UpdateAgentReplicationProcessStateForDrs", + "UpdateAgentSourcePropertiesForDrs", + "UpdateFailbackClientDeviceMappingForDrs", + "UpdateFailbackClientLastSeenForDrs", + "UpdateFailbackReplicationConfiguration", + "UpdateLaunchConfiguration", + "UpdateLaunchConfigurationTemplate", + "UpdateReplicationCertificateForDrs", + "UpdateReplicationConfiguration", + "UpdateReplicationConfigurationTemplate" + ], + "HasResource": true, + "StringPrefix": "drs", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "drs:CreateAction", + "drs:EC2InstanceARN" + ] + }, + "AWS Elastic Load Balancing": { + "ARNFormat": "arn:aws:elasticloadbalancing:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:elasticloadbalancing:.+", + "Actions": [ + "AddTags", + "ApplySecurityGroupsToLoadBalancer", + "AttachLoadBalancerToSubnets", + "ConfigureHealthCheck", + "CreateAppCookieStickinessPolicy", + "CreateLBCookieStickinessPolicy", + "CreateLoadBalancer", + "CreateLoadBalancerListeners", + "CreateLoadBalancerPolicy", + "DeleteLoadBalancer", + "DeleteLoadBalancerListeners", + "DeleteLoadBalancerPolicy", + "DeregisterInstancesFromLoadBalancer", + "DescribeInstanceHealth", + "DescribeLoadBalancerAttributes", + "DescribeLoadBalancerPolicies", + "DescribeLoadBalancerPolicyTypes", + "DescribeLoadBalancers", + "DescribeTags", + "DetachLoadBalancerFromSubnets", + "DisableAvailabilityZonesForLoadBalancer", + "EnableAvailabilityZonesForLoadBalancer", + "ModifyLoadBalancerAttributes", + "RegisterInstancesWithLoadBalancer", + "RemoveTags", + "SetLoadBalancerListenerSSLCertificate", + "SetLoadBalancerPoliciesForBackendServer", + "SetLoadBalancerPoliciesOfListener" + ], + "HasResource": true, + "StringPrefix": "elasticloadbalancing", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "elasticloadbalancing:CreateAction", + "elasticloadbalancing:ListenerProtocol", + "elasticloadbalancing:ResourceTag/", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:Scheme", + "elasticloadbalancing:SecurityGroup", + "elasticloadbalancing:SecurityPolicy", + "elasticloadbalancing:Subnet" + ] + }, + "AWS Elastic Load Balancing V2": { + "ARNFormat": "arn:aws:elasticloadbalancing:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:elasticloadbalancing:.+", + "Actions": [ + "AddListenerCertificates", + "AddTags", + "CreateListener", + "CreateLoadBalancer", + "CreateRule", + "CreateTargetGroup", + "DeleteListener", + "DeleteLoadBalancer", + "DeleteRule", + "DeleteTargetGroup", + "DeregisterTargets", + "DescribeAccountLimits", + "DescribeListenerCertificates", + "DescribeListeners", + "DescribeLoadBalancerAttributes", + "DescribeLoadBalancers", + "DescribeRules", + "DescribeSSLPolicies", + "DescribeTags", + "DescribeTargetGroupAttributes", + "DescribeTargetGroups", + "DescribeTargetHealth", + "ModifyListener", + "ModifyLoadBalancerAttributes", + "ModifyRule", + "ModifyTargetGroup", + "ModifyTargetGroupAttributes", + "RegisterTargets", + "RemoveListenerCertificates", + "RemoveTags", + "SetIpAddressType", + "SetRulePriorities", + "SetSecurityGroups", + "SetSubnets", + "SetWebAcl" + ], + "HasResource": true, + "StringPrefix": "elasticloadbalancing", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "elasticloadbalancing:CreateAction", + "elasticloadbalancing:ListenerProtocol", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:Scheme", + "elasticloadbalancing:SecurityGroup", + "elasticloadbalancing:SecurityPolicy", + "elasticloadbalancing:Subnet" + ] + }, + "AWS Elemental Appliances and Software": { + "ARNFormat": "arn:aws:elemental-appliances-software:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:elemental-appliances-software:.+:.+:.+", + "Actions": [ + "CompleteUpload", + "CreateOrderV1", + "CreateQuote", + "GetAvsCorrectAddress", + "GetBillingAddresses", + "GetDeliveryAddressesV2", + "GetOrder", + "GetOrdersV2", + "GetQuote", + "GetTaxes", + "ListQuotes", + "ListTagsForResource", + "StartUpload", + "SubmitOrderV1", + "TagResource", + "UntagResource", + "UpdateQuote" + ], + "HasResource": true, + "StringPrefix": "elemental-appliances-software", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Elemental Appliances and Software Activation Service": { + "ARNFormat": "arn:aws:elemental-activations:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:elemental-activations:.+:.+:.+", + "Actions": [ + "CompleteAccountRegistration", + "CompleteFileUpload", + "DownloadSoftware", + "GenerateLicenses", + "GetActivation", + "ListTagsForResource", + "StartAccountRegistration", + "StartFileUpload", + "TagResource", + "UntagResource" + ], + "HasResource": true, + "StringPrefix": "elemental-activations", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "AWS Elemental MediaConnect": { - "ARNFormat": "arn:${Partition}:mediaconnect:${Region}:${Account}:\u003cnamespace\u003e:\u003crelative-id\u003e:\u003crelative-name\u003e", - "ARNRegex": "^arn:${Partition}:mediaconnect:.+", + "ARNFormat": "arn:aws:mediaconnect:${Region}:${Account}:${Namespace}:${RelativeId}:${RelativeName}", + "ARNRegex": "^arn:aws:mediaconnect:.+", "Actions": [ + "AddBridgeOutputs", + "AddBridgeSources", + "AddFlowMediaStreams", "AddFlowOutputs", + "AddFlowSources", + "AddFlowVpcInterfaces", + "CreateBridge", "CreateFlow", + "CreateGateway", + "DeleteBridge", "DeleteFlow", + "DeleteGateway", + "DeregisterGatewayInstance", + "DescribeBridge", "DescribeFlow", + "DescribeGateway", + "DescribeGatewayInstance", + "DescribeOffering", + "DescribeReservation", + "DiscoverGatewayPollEndpoint", "GrantFlowEntitlements", + "ListBridges", "ListEntitlements", "ListFlows", + "ListGatewayInstances", + "ListGateways", + "ListOfferings", + "ListReservations", + "ListTagsForResource", + "PollGateway", + "PurchaseOffering", + "RemoveBridgeOutput", + "RemoveBridgeSource", + "RemoveFlowMediaStream", "RemoveFlowOutput", + "RemoveFlowSource", + "RemoveFlowVpcInterface", "RevokeFlowEntitlement", "StartFlow", "StopFlow", + "SubmitGatewayStateChange", + "TagResource", + "UntagResource", + "UpdateBridge", + "UpdateBridgeOutput", + "UpdateBridgeSource", + "UpdateBridgeState", + "UpdateFlow", "UpdateFlowEntitlement", + "UpdateFlowMediaStream", "UpdateFlowOutput", - "UpdateFlowSource" + "UpdateFlowSource", + "UpdateGatewayInstance" ], "HasResource": true, "StringPrefix": "mediaconnect" }, "AWS Elemental MediaConvert": { - "ARNFormat": "arn:${Partition}:mediaconvert:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceId\u003e", - "ARNRegex": "^arn:${Partition}:mediaconvert:.+", + "ARNFormat": "arn:aws:mediaconvert:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:mediaconvert:.+", "Actions": [ "AssociateCertificate", "CancelJob", @@ -1811,12 +3707,14 @@ "CreatePreset", "CreateQueue", "DeleteJobTemplate", + "DeletePolicy", "DeletePreset", "DeleteQueue", "DescribeEndpoints", "DisassociateCertificate", "GetJob", "GetJobTemplate", + "GetPolicy", "GetPreset", "GetQueue", "ListJobTemplates", @@ -1824,6 +3722,7 @@ "ListPresets", "ListQueues", "ListTagsForResource", + "PutPolicy", "TagResource", "UntagResource", "UpdateJobTemplate", @@ -1835,49 +3734,79 @@ "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "mediaconvert:HttpInputsAllowed", + "mediaconvert:HttpsInputsAllowed", + "mediaconvert:S3InputsAllowed" ] }, "AWS Elemental MediaLive": { - "ARNFormat": "arn:${Partition}:medialive:${Region}:${Account}:${ResourceType}:${ResourcePath}", - "ARNRegex": "^arn:${Partition}:medialive:.+", + "ARNFormat": "arn:aws:medialive:${Region}:${Account}:${ResourceType}:${ResourceId}", + "ARNRegex": "^arn:aws:medialive:${Region}:${Account}:.+", "Actions": [ + "AcceptInputDeviceTransfer", + "BatchDelete", + "BatchStart", + "BatchStop", "BatchUpdateSchedule", + "CancelInputDeviceTransfer", + "ClaimDevice", "CreateChannel", "CreateInput", "CreateInputSecurityGroup", "CreateMultiplex", + "CreateMultiplexProgram", + "CreatePartnerInput", "CreateTags", "DeleteChannel", "DeleteInput", "DeleteInputSecurityGroup", "DeleteMultiplex", + "DeleteMultiplexProgram", "DeleteReservation", + "DeleteSchedule", "DeleteTags", + "DescribeAccountConfiguration", "DescribeChannel", "DescribeInput", + "DescribeInputDevice", + "DescribeInputDeviceThumbnail", "DescribeInputSecurityGroup", "DescribeMultiplex", + "DescribeMultiplexProgram", "DescribeOffering", "DescribeReservation", "DescribeSchedule", + "DescribeThumbnails", "ListChannels", + "ListInputDeviceTransfers", + "ListInputDevices", "ListInputSecurityGroups", "ListInputs", + "ListMultiplexPrograms", "ListMultiplexes", "ListOfferings", "ListReservations", "ListTagsForResource", "PurchaseOffering", + "RebootInputDevice", + "RejectInputDeviceTransfer", "StartChannel", + "StartInputDevice", + "StartInputDeviceMaintenanceWindow", "StartMultiplex", "StopChannel", + "StopInputDevice", "StopMultiplex", + "TransferInputDevice", + "UpdateAccountConfiguration", "UpdateChannel", "UpdateChannelClass", "UpdateInput", + "UpdateInputDevice", "UpdateInputSecurityGroup", "UpdateMultiplex", + "UpdateMultiplexProgram", "UpdateReservation" ], "HasResource": true, @@ -1889,18 +3818,23 @@ ] }, "AWS Elemental MediaPackage": { - "ARNFormat": "arn:aws:mediapackage:\u003cregion\u003e:\u003caccount_ID\u003e:\u003cresource\u003e/\u003cidentifier\u003e", + "ARNFormat": "arn:aws:mediapackage:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}", "ARNRegex": "^arn:aws:mediapackage:.+", "Actions": [ + "ConfigureLogs", "CreateChannel", + "CreateHarvestJob", "CreateOriginEndpoint", "DeleteChannel", "DeleteOriginEndpoint", "DescribeChannel", + "DescribeHarvestJob", "DescribeOriginEndpoint", "ListChannels", + "ListHarvestJobs", "ListOriginEndpoints", "ListTagsForResource", + "RotateChannelCredentials", "RotateIngestEndpointCredentials", "TagResource", "UntagResource", @@ -1915,10 +3849,51 @@ "aws:TagKeys" ] }, + "AWS Elemental MediaPackage V2": { + "ARNFormat": "arn:aws:mediapackagev2:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}", + "ARNRegex": "^arn:aws:mediapackagev2:.+", + "Actions": [ + "CreateChannel", + "CreateChannelGroup", + "CreateOriginEndpoint", + "DeleteChannel", + "DeleteChannelGroup", + "DeleteChannelPolicy", + "DeleteOriginEndpoint", + "DeleteOriginEndpointPolicy", + "GetChannel", + "GetChannelGroup", + "GetChannelPolicy", + "GetHeadObject", + "GetObject", + "GetOriginEndpoint", + "GetOriginEndpointPolicy", + "ListChannelGroups", + "ListChannels", + "ListOriginEndpoints", + "ListTagsForResource", + "PutChannelPolicy", + "PutObject", + "PutOriginEndpointPolicy", + "TagResource", + "UntagResource", + "UpdateChannel", + "UpdateChannelGroup", + "UpdateOriginEndpoint" + ], + "HasResource": true, + "StringPrefix": "mediapackagev2", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "AWS Elemental MediaPackage VOD": { - "ARNFormat": "arn:aws:mediapackage-vod:\u003cRegion\u003e:\u003cAccount\u003e:\u003cResourceType\u003e/\u003cResourceName\u003e", + "ARNFormat": "arn:aws:mediapackage-vod:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}", "ARNRegex": "^arn:aws:mediapackage-vod:.+:.+:.+", "Actions": [ + "ConfigureLogs", "CreateAsset", "CreatePackagingConfiguration", "CreatePackagingGroup", @@ -1930,13 +3905,22 @@ "DescribePackagingGroup", "ListAssets", "ListPackagingConfigurations", - "ListPackagingGroups" + "ListPackagingGroups", + "ListTagsForResource", + "TagResource", + "UntagResource", + "UpdatePackagingGroup" ], "HasResource": true, - "StringPrefix": "mediapackage-vod" + "StringPrefix": "mediapackage-vod", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "AWS Elemental MediaStore": { - "ARNFormat": "arn:aws:mediastore:\u003cRegion\u003e:\u003cAccount\u003e:\u003cResource\u003e", + "ARNFormat": "arn:aws:mediastore:${Region}:${Account}:${Resource}", "ARNRegex": "^arn:aws:mediastore:.+:.+", "Actions": [ "CreateContainer", @@ -1967,19 +3951,61 @@ "UntagResource" ], "HasResource": true, - "StringPrefix": "mediastore" + "StringPrefix": "mediastore", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "AWS Elemental MediaTailor": { - "ARNFormat": "arn:aws:mediatailor:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource-name\u003e", + "ARNFormat": "arn:aws:mediatailor:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:mediatailor:.+:.+:.+", "Actions": [ + "ConfigureLogsForChannel", + "ConfigureLogsForPlaybackConfiguration", + "CreateChannel", + "CreateLiveSource", + "CreatePrefetchSchedule", + "CreateProgram", + "CreateSourceLocation", + "CreateVodSource", + "DeleteChannel", + "DeleteChannelPolicy", + "DeleteLiveSource", "DeletePlaybackConfiguration", + "DeletePrefetchSchedule", + "DeleteProgram", + "DeleteSourceLocation", + "DeleteVodSource", + "DescribeChannel", + "DescribeLiveSource", + "DescribeProgram", + "DescribeSourceLocation", + "DescribeVodSource", + "GetChannelPolicy", + "GetChannelSchedule", "GetPlaybackConfiguration", + "GetPrefetchSchedule", + "ListAlerts", + "ListChannels", + "ListLiveSources", "ListPlaybackConfigurations", + "ListPrefetchSchedules", + "ListSourceLocations", "ListTagsForResource", + "ListVodSources", + "PutChannelPolicy", "PutPlaybackConfiguration", + "StartChannel", + "StopChannel", "TagResource", - "UntagResource" + "UntagResource", + "UpdateChannel", + "UpdateLiveSource", + "UpdateProgram", + "UpdateSourceLocation", + "UpdateVodSource" ], "HasResource": true, "StringPrefix": "mediatailor", @@ -1989,25 +4015,148 @@ "aws:TagKeys" ] }, + "AWS Elemental Support Cases": { + "ARNFormat": "arn:${Partition}:elemental-support-cases:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:${Partition}:elemental-support-cases:.+:.+:.+", + "Actions": [ + "CheckCasePermission", + "CreateCase", + "GetCase", + "GetCases", + "UpdateCase" + ], + "HasResource": false, + "StringPrefix": "elemental-support-cases" + }, + "AWS Elemental Support Content": { + "ARNFormat": "arn:${Partition}:elemental-support-content:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:${Partition}:elemental-support-content:.+:.+:.+", + "Actions": [ + "Query" + ], + "HasResource": false, + "StringPrefix": "elemental-support-content" + }, + "AWS Entity Resolution": { + "ARNFormat": "arn:aws:entityresolution:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:entityresolution:.+:.+:.+", + "Actions": [ + "CreateIdMappingWorkflow", + "CreateMatchingWorkflow", + "CreateSchemaMapping", + "DeleteIdMappingWorkflow", + "DeleteMatchingWorkflow", + "DeleteSchemaMapping", + "GetIdMappingJob", + "GetIdMappingWorkflow", + "GetMatchId", + "GetMatchingJob", + "GetMatchingWorkflow", + "GetProviderService", + "GetSchemaMapping", + "ListIdMappingJobs", + "ListIdMappingWorkflows", + "ListMatchingJobs", + "ListMatchingWorkflows", + "ListProviderServices", + "ListSchemaMappings", + "ListTagsForResource", + "StartIdMappingJob", + "StartMatchingJob", + "TagResource", + "UntagResource", + "UpdateIdMappingWorkflow", + "UpdateMatchingWorkflow", + "UpdateSchemaMapping" + ], + "HasResource": true, + "StringPrefix": "entityresolution", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Fault Injection Simulator": { + "ARNFormat": "arn:aws:fis:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:fis:.+:.+:.+", + "Actions": [ + "CreateExperimentTemplate", + "DeleteExperimentTemplate", + "GetAction", + "GetExperiment", + "GetExperimentTemplate", + "GetTargetResourceType", + "InjectApiInternalError", + "InjectApiThrottleError", + "InjectApiUnavailableError", + "ListActions", + "ListExperimentTemplates", + "ListExperiments", + "ListTagsForResource", + "ListTargetResourceTypes", + "StartExperiment", + "StopExperiment", + "TagResource", + "UntagResource", + "UpdateExperimentTemplate" + ], + "HasResource": true, + "StringPrefix": "fis", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "fis:Operations", + "fis:Percentage", + "fis:Service", + "fis:Targets" + ] + }, "AWS Firewall Manager": { - "ARNFormat": "arn:aws:fms:\u003cregion\u003e:\u003caccount_id\u003e:\u003cresource\u003e/\u003cresource_id\u003e", + "ARNFormat": "arn:aws:fms:${Region}:${Account}:${Resource}/${Id}", "ARNRegex": "^arn:aws:fms:.+:[0-9]+:.+/.+", "Actions": [ "AssociateAdminAccount", + "AssociateThirdPartyFirewall", + "BatchAssociateResource", + "BatchDisassociateResource", + "DeleteAppsList", "DeleteNotificationChannel", "DeletePolicy", + "DeleteProtocolsList", + "DeleteResourceSet", "DisassociateAdminAccount", + "DisassociateThirdPartyFirewall", "GetAdminAccount", + "GetAdminScope", + "GetAppsList", "GetComplianceDetail", "GetNotificationChannel", "GetPolicy", "GetProtectionStatus", + "GetProtocolsList", + "GetResourceSet", + "GetThirdPartyFirewallAssociationStatus", + "GetViolationDetails", + "ListAdminAccountsForOrganization", + "ListAdminsManagingAccount", + "ListAppsLists", "ListComplianceStatus", + "ListDiscoveredResources", "ListMemberAccounts", "ListPolicies", + "ListProtocolsLists", + "ListResourceSetResources", + "ListResourceSets", "ListTagsForResource", + "ListThirdPartyFirewallFirewallPolicies", + "PutAdminAccount", + "PutAppsList", "PutNotificationChannel", "PutPolicy", + "PutProtocolsList", + "PutResourceSet", "TagResource", "UntagResource" ], @@ -2019,32 +4168,72 @@ "aws:TagKeys" ] }, + "AWS Free Tier": { + "Actions": [ + "GetFreeTierAlertPreference", + "GetFreeTierUsage", + "PutFreeTierAlertPreference" + ], + "HasResource": false, + "StringPrefix": "freetier" + }, "AWS Global Accelerator": { - "ARNFormat": "arn:aws:globalaccelerator::\u003caccount\u003e:accelerator/\u003cAcceleratorId\u003e", + "ARNFormat": "arn:aws:globalaccelerator::${Account}:${ResourceType}/${ResourceId}", "ARNRegex": "^arn:aws:globalaccelerator::.+:.+", "Actions": [ + "AddCustomRoutingEndpoints", + "AddEndpoints", "AdvertiseByoipCidr", + "AllowCustomRoutingTraffic", "CreateAccelerator", + "CreateCrossAccountAttachment", + "CreateCustomRoutingAccelerator", + "CreateCustomRoutingEndpointGroup", + "CreateCustomRoutingListener", "CreateEndpointGroup", "CreateListener", "DeleteAccelerator", + "DeleteCrossAccountAttachment", + "DeleteCustomRoutingAccelerator", + "DeleteCustomRoutingEndpointGroup", + "DeleteCustomRoutingListener", "DeleteEndpointGroup", "DeleteListener", + "DenyCustomRoutingTraffic", "DeprovisionByoipCidr", "DescribeAccelerator", "DescribeAcceleratorAttributes", + "DescribeCrossAccountAttachment", + "DescribeCustomRoutingAccelerator", + "DescribeCustomRoutingAcceleratorAttributes", + "DescribeCustomRoutingEndpointGroup", + "DescribeCustomRoutingListener", "DescribeEndpointGroup", "DescribeListener", "ListAccelerators", "ListByoipCidrs", + "ListCrossAccountAttachments", + "ListCrossAccountResourceAccounts", + "ListCrossAccountResources", + "ListCustomRoutingAccelerators", + "ListCustomRoutingEndpointGroups", + "ListCustomRoutingListeners", + "ListCustomRoutingPortMappings", + "ListCustomRoutingPortMappingsByDestination", "ListEndpointGroups", "ListListeners", "ListTagsForResource", "ProvisionByoipCidr", + "RemoveCustomRoutingEndpoints", + "RemoveEndpoints", "TagResource", "UntagResource", "UpdateAccelerator", "UpdateAcceleratorAttributes", + "UpdateCrossAccountAttachment", + "UpdateCustomRoutingAccelerator", + "UpdateCustomRoutingAcceleratorAttributes", + "UpdateCustomRoutingListener", "UpdateEndpointGroup", "UpdateListener", "WithdrawByoipCidr" @@ -2058,7 +4247,7 @@ ] }, "AWS Glue": { - "ARNFormat": "arn:aws:glue:\u003cregion\u003e:\u003caccountID\u003e:\u003cresourceType\u003e/\u003cresourcePath\u003e", + "ARNFormat": "arn:aws:glue:${Region}:${Account}:${ResourceType}/${ResourcePath}", "ARNRegex": "^arn:aws:glue:.+:.+", "Actions": [ "BatchCreatePartition", @@ -2066,52 +4255,88 @@ "BatchDeletePartition", "BatchDeleteTable", "BatchDeleteTableVersion", + "BatchGetBlueprints", "BatchGetCrawlers", + "BatchGetCustomEntityTypes", "BatchGetDevEndpoints", "BatchGetJobs", "BatchGetPartition", "BatchGetTriggers", "BatchGetWorkflows", "BatchStopJobRun", + "BatchUpdatePartition", + "CancelDataQualityRuleRecommendationRun", + "CancelDataQualityRulesetEvaluationRun", "CancelMLTaskRun", + "CancelStatement", + "CheckSchemaVersionValidity", + "CreateBlueprint", "CreateClassifier", "CreateConnection", "CreateCrawler", + "CreateCustomEntityType", + "CreateDataQualityRuleset", "CreateDatabase", "CreateDevEndpoint", "CreateJob", "CreateMLTransform", "CreatePartition", + "CreatePartitionIndex", + "CreateRegistry", + "CreateSchema", "CreateScript", "CreateSecurityConfiguration", + "CreateSession", "CreateTable", "CreateTrigger", "CreateUserDefinedFunction", "CreateWorkflow", + "DeleteBlueprint", "DeleteClassifier", + "DeleteColumnStatisticsForPartition", + "DeleteColumnStatisticsForTable", "DeleteConnection", "DeleteCrawler", + "DeleteCustomEntityType", + "DeleteDataQualityRuleset", "DeleteDatabase", "DeleteDevEndpoint", "DeleteJob", "DeleteMLTransform", "DeletePartition", + "DeletePartitionIndex", + "DeleteRegistry", "DeleteResourcePolicy", + "DeleteSchema", + "DeleteSchemaVersions", "DeleteSecurityConfiguration", + "DeleteSession", "DeleteTable", "DeleteTableVersion", "DeleteTrigger", "DeleteUserDefinedFunction", "DeleteWorkflow", + "DeregisterDataPreview", + "GetBlueprint", + "GetBlueprintRun", + "GetBlueprintRuns", "GetCatalogImportStatus", "GetClassifier", "GetClassifiers", + "GetColumnStatisticsForPartition", + "GetColumnStatisticsForTable", "GetConnection", "GetConnections", "GetCrawler", "GetCrawlerMetrics", "GetCrawlers", + "GetCustomEntityType", "GetDataCatalogEncryptionSettings", + "GetDataPreviewStatement", + "GetDataQualityResult", + "GetDataQualityRuleRecommendationRun", + "GetDataQualityRuleset", + "GetDataQualityRulesetEvaluationRun", "GetDatabase", "GetDatabases", "GetDataflowGraph", @@ -2127,12 +4352,22 @@ "GetMLTransform", "GetMLTransforms", "GetMapping", + "GetNotebookInstanceStatus", "GetPartition", + "GetPartitionIndexes", "GetPartitions", "GetPlan", + "GetRegistry", + "GetResourcePolicies", "GetResourcePolicy", + "GetSchema", + "GetSchemaByDefinition", + "GetSchemaVersion", + "GetSchemaVersionsDiff", "GetSecurityConfiguration", "GetSecurityConfigurations", + "GetSession", + "GetStatement", "GetTable", "GetTableVersion", "GetTableVersions", @@ -2146,45 +4381,85 @@ "GetWorkflowRun", "GetWorkflowRunProperties", "GetWorkflowRuns", + "GlueNotebookAuthorize", + "GlueNotebookRefreshCredentials", "ImportCatalogToGlue", + "ListBlueprints", "ListCrawlers", + "ListCrawls", + "ListCustomEntityTypes", + "ListDataQualityResults", + "ListDataQualityRuleRecommendationRuns", + "ListDataQualityRulesetEvaluationRuns", + "ListDataQualityRulesets", "ListDevEndpoints", "ListJobs", "ListMLTransforms", + "ListRegistries", + "ListSchemaVersions", + "ListSchemas", + "ListSessions", + "ListStatements", "ListTriggers", "ListWorkflows", + "NotifyEvent", + "PublishDataQuality", "PutDataCatalogEncryptionSettings", "PutResourcePolicy", + "PutSchemaVersionMetadata", "PutWorkflowRunProperties", + "QuerySchemaVersionMetadata", + "RegisterSchemaVersion", + "RemoveSchemaVersionMetadata", "ResetJobBookmark", + "ResumeWorkflowRun", + "RunDataPreviewStatement", + "RunStatement", "SearchTables", + "StartBlueprintRun", "StartCrawler", "StartCrawlerSchedule", + "StartDataQualityRuleRecommendationRun", + "StartDataQualityRulesetEvaluationRun", "StartExportLabelsTaskRun", "StartImportLabelsTaskRun", "StartJobRun", "StartMLEvaluationTaskRun", "StartMLLabelingSetGenerationTaskRun", + "StartNotebook", "StartTrigger", "StartWorkflowRun", "StopCrawler", "StopCrawlerSchedule", + "StopSession", "StopTrigger", + "StopWorkflowRun", "TagResource", + "TerminateNotebook", + "TestConnection", "UntagResource", + "UpdateBlueprint", "UpdateClassifier", + "UpdateColumnStatisticsForPartition", + "UpdateColumnStatisticsForTable", "UpdateConnection", "UpdateCrawler", "UpdateCrawlerSchedule", + "UpdateDataQualityRuleset", "UpdateDatabase", "UpdateDevEndpoint", "UpdateJob", + "UpdateJobFromSourceControl", "UpdateMLTransform", "UpdatePartition", + "UpdateRegistry", + "UpdateSchema", + "UpdateSourceControlFromJob", "UpdateTable", "UpdateTrigger", "UpdateUserDefinedFunction", "UpdateWorkflow", + "UseGlueStudio", "UseMLTransforms" ], "HasResource": true, @@ -2192,21 +4467,87 @@ "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "glue:CredentialIssuingService", + "glue:RoleAssumedBy", + "glue:SecurityGroupIds", + "glue:SubnetIds", + "glue:VpcIds" ] }, - "AWS Ground Station": { - "ARNFormat": "arn:aws:groundstation:\u003cregion\u003e:\u003caccountID\u003e:\u003cresourceType\u003e/\u003cresourceId\u003e", - "ARNRegex": "^arn:aws:groundstation:.+", + "AWS Glue DataBrew": { + "ARNFormat": "arn:aws:databrew:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:databrew:.+:.+:.+", "Actions": [ - "CancelContact", + "BatchDeleteRecipeVersion", + "CreateDataset", + "CreateProfileJob", + "CreateProject", + "CreateRecipe", + "CreateRecipeJob", + "CreateRuleset", + "CreateSchedule", + "DeleteDataset", + "DeleteJob", + "DeleteProject", + "DeleteRecipeVersion", + "DeleteRuleset", + "DeleteSchedule", + "DescribeDataset", + "DescribeJob", + "DescribeJobRun", + "DescribeProject", + "DescribeRecipe", + "DescribeRuleset", + "DescribeSchedule", + "ListDatasets", + "ListJobRuns", + "ListJobs", + "ListProjects", + "ListRecipeVersions", + "ListRecipes", + "ListRulesets", + "ListSchedules", + "ListTagsForResource", + "PublishRecipe", + "SendProjectSessionAction", + "StartJobRun", + "StartProjectSession", + "StopJobRun", + "TagResource", + "UntagResource", + "UpdateDataset", + "UpdateProfileJob", + "UpdateProject", + "UpdateRecipe", + "UpdateRecipeJob", + "UpdateRuleset", + "UpdateSchedule" + ], + "HasResource": true, + "StringPrefix": "databrew", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Ground Station": { + "ARNFormat": "arn:aws:groundstation:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:groundstation:.+", + "Actions": [ + "CancelContact", "CreateConfig", "CreateDataflowEndpointGroup", + "CreateEphemeris", "CreateMissionProfile", "DeleteConfig", "DeleteDataflowEndpointGroup", + "DeleteEphemeris", "DeleteMissionProfile", "DescribeContact", + "DescribeEphemeris", + "GetAgentConfiguration", "GetConfig", "GetDataflowEndpointGroup", "GetMinuteUsage", @@ -2215,14 +4556,18 @@ "ListConfigs", "ListContacts", "ListDataflowEndpointGroups", + "ListEphemerides", "ListGroundStations", "ListMissionProfiles", "ListSatellites", "ListTagsForResource", + "RegisterAgent", "ReserveContact", "TagResource", "UntagResource", + "UpdateAgentStatus", "UpdateConfig", + "UpdateEphemeris", "UpdateMissionProfile" ], "HasResource": true, @@ -2231,23 +4576,26 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "groundstation:configId", - "groundstation:configType", - "groundstation:contactId", - "groundstation:dataflowEndpointGroupId", - "groundstation:groundStationId", - "groundstation:missionProfileId", - "groundstation:satelliteId" + "groundstation:AgentId", + "groundstation:ConfigId", + "groundstation:ConfigType", + "groundstation:ContactId", + "groundstation:DataflowEndpointGroupId", + "groundstation:EphemerisId", + "groundstation:GroundStationId", + "groundstation:MissionProfileId", + "groundstation:SatelliteId" ] }, "AWS Health APIs and Notifications": { - "ARNFormat": "arn:aws:health::\u003cnamespace\u003e:\u003crelative-id\u003e", + "ARNFormat": "arn:aws:health:${Region}::${RelativeId}", "ARNRegex": "^arn:aws:health:[^:]*:[^:]*:.+", "Actions": [ "DescribeAffectedAccountsForOrganization", "DescribeAffectedEntities", "DescribeAffectedEntitiesForOrganization", "DescribeEntityAggregates", + "DescribeEntityAggregatesForOrganization", "DescribeEventAggregates", "DescribeEventDetails", "DescribeEventDetailsForOrganization", @@ -2265,864 +4613,2295 @@ "health:service" ] }, - "AWS IQ": { - "ARNFormat": "arn:aws:iq::\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", - "ARNRegex": "^arn:aws:iq::.+", - "Actions": [], - "HasResource": false, - "StringPrefix": "iq" - }, - "AWS IQ Permissions": { - "ARNFormat": "arn:aws:iq-permission::\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", - "ARNRegex": "^arn:aws:iq-permission::.+", - "Actions": [], - "HasResource": false, - "StringPrefix": "iq-permission" - }, - "AWS Import Export Disk Service": { - "Actions": [ - "CancelJob", - "CreateJob", - "GetShippingLabel", - "GetStatus", - "ListJobs", - "UpdateJob" - ], - "HasResource": false, - "StringPrefix": "importexport" - }, - "AWS IoT": { - "ARNFormat": "arn:aws:iot:\u003cregion\u003e:\u003caccount_ID\u003e:\u003ctype\u003e/\u003cname\u003e", - "ARNRegex": "^arn:aws:iot:.+:[0-9]+:.+", + "AWS HealthImaging": { + "ARNFormat": "arn:aws:medical-imaging:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:medical-imaging:.+:.+:.+", "Actions": [ - "AcceptCertificateTransfer", - "AddThingToBillingGroup", - "AddThingToThingGroup", - "AssociateTargetsWithJob", - "AttachPolicy", - "AttachPrincipalPolicy", - "AttachSecurityProfile", - "AttachThingPrincipal", - "CancelAuditTask", - "CancelCertificateTransfer", - "CancelJob", - "CancelJobExecution", - "ClearDefaultAuthorizer", - "CloseTunnel", - "Connect", - "CreateAuthorizer", - "CreateBillingGroup", - "CreateCertificateFromCsr", - "CreateDynamicThingGroup", - "CreateJob", - "CreateKeysAndCertificate", - "CreateOTAUpdate", - "CreatePolicy", - "CreatePolicyVersion", - "CreateProvisioningClaim", - "CreateProvisioningTemplate", - "CreateProvisioningTemplateVersion", - "CreateRoleAlias", - "CreateScheduledAudit", - "CreateSecurityProfile", - "CreateStream", - "CreateThing", - "CreateThingGroup", - "CreateThingType", - "CreateTopicRule", - "DeleteAccountAuditConfiguration", - "DeleteAuthorizer", - "DeleteBillingGroup", - "DeleteCACertificate", - "DeleteCertificate", - "DeleteDynamicThingGroup", - "DeleteJob", - "DeleteJobExecution", - "DeleteOTAUpdate", - "DeletePolicy", - "DeletePolicyVersion", - "DeleteProvisioningTemplate", - "DeleteProvisioningTemplateVersion", - "DeleteRegistrationCode", - "DeleteRoleAlias", - "DeleteScheduledAudit", - "DeleteSecurityProfile", - "DeleteStream", - "DeleteThing", - "DeleteThingGroup", - "DeleteThingShadow", - "DeleteThingType", - "DeleteTopicRule", - "DeleteV2LoggingLevel", - "DeprecateThingType", - "DescribeAccountAuditConfiguration", - "DescribeAuditTask", - "DescribeAuthorizer", - "DescribeBillingGroup", - "DescribeCACertificate", - "DescribeCertificate", - "DescribeDefaultAuthorizer", - "DescribeEndpoint", - "DescribeEventConfigurations", - "DescribeIndex", - "DescribeJob", - "DescribeJobExecution", - "DescribeProvisioningTemplate", - "DescribeProvisioningTemplateVersion", - "DescribeRoleAlias", - "DescribeScheduledAudit", - "DescribeSecurityProfile", - "DescribeStream", - "DescribeThing", - "DescribeThingGroup", - "DescribeThingRegistrationTask", - "DescribeThingType", - "DescribeTunnel", - "DetachPolicy", - "DetachPrincipalPolicy", - "DetachSecurityProfile", - "DetachThingPrincipal", - "DisableTopicRule", - "EnableTopicRule", - "GetCardinality", - "GetEffectivePolicies", - "GetIndexingConfiguration", - "GetJobDocument", - "GetLoggingOptions", - "GetOTAUpdate", - "GetPendingJobExecutions", - "GetPercentiles", - "GetPolicy", - "GetPolicyVersion", - "GetRegistrationCode", - "GetStatistics", - "GetThingShadow", - "GetTopicRule", - "GetV2LoggingOptions", - "ListActiveViolations", - "ListAttachedPolicies", - "ListAuditFindings", - "ListAuditTasks", - "ListAuthorizers", - "ListBillingGroups", - "ListCACertificates", - "ListCertificates", - "ListCertificatesByCA", - "ListIndices", - "ListJobExecutionsForJob", - "ListJobExecutionsForThing", - "ListJobs", - "ListOTAUpdates", - "ListOutgoingCertificates", - "ListPolicies", - "ListPolicyPrincipals", - "ListPolicyVersions", - "ListPrincipalPolicies", - "ListPrincipalThings", - "ListProvisioningTemplateVersions", - "ListProvisioningTemplates", - "ListRoleAliases", - "ListScheduledAudits", - "ListSecurityProfiles", - "ListSecurityProfilesForTarget", - "ListStreams", + "CopyImageSet", + "CreateDatastore", + "DeleteDatastore", + "DeleteImageSet", + "GetDICOMImportJob", + "GetDatastore", + "GetImageFrame", + "GetImageSet", + "GetImageSetMetadata", + "ListDICOMImportJobs", + "ListDatastores", + "ListImageSetVersions", "ListTagsForResource", - "ListTargetsForPolicy", - "ListTargetsForSecurityProfile", - "ListThingGroups", - "ListThingGroupsForThing", - "ListThingPrincipals", - "ListThingRegistrationTaskReports", - "ListThingRegistrationTasks", - "ListThingTypes", - "ListThings", - "ListThingsInBillingGroup", - "ListThingsInThingGroup", - "ListTopicRules", - "ListTunnels", - "ListV2LoggingLevels", - "ListViolationEvents", - "OpenTunnel", - "Publish", - "Receive", - "RegisterCACertificate", - "RegisterCertificate", - "RegisterThing", - "RejectCertificateTransfer", - "RemoveThingFromBillingGroup", - "RemoveThingFromThingGroup", - "ReplaceTopicRule", - "SearchIndex", - "SetDefaultAuthorizer", - "SetDefaultPolicyVersion", - "SetLoggingOptions", - "SetV2LoggingLevel", - "SetV2LoggingOptions", - "StartNextPendingJobExecution", - "StartOnDemandAuditTask", - "StartThingRegistrationTask", - "StopThingRegistrationTask", - "Subscribe", + "SearchImageSets", + "StartDICOMImportJob", "TagResource", - "TestAuthorization", - "TestInvokeAuthorizer", - "TransferCertificate", "UntagResource", - "UpdateAccountAuditConfiguration", - "UpdateAuthorizer", - "UpdateBillingGroup", - "UpdateCACertificate", - "UpdateCertificate", - "UpdateDynamicThingGroup", - "UpdateEventConfigurations", - "UpdateIndexingConfiguration", - "UpdateJob", - "UpdateJobExecution", - "UpdateProvisioningTemplate", - "UpdateRoleAlias", - "UpdateScheduledAudit", - "UpdateSecurityProfile", - "UpdateStream", - "UpdateThing", - "UpdateThingGroup", - "UpdateThingGroupsForThing", - "UpdateThingShadow", - "ValidateSecurityProfileBehaviors" + "UpdateImageSetMetadata" ], "HasResource": true, - "StringPrefix": "iot", + "StringPrefix": "medical-imaging", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "iot:Delete", - "iot:ThingGroupArn", - "iot:TunnelDestinationService" + "aws:TagKeys" ] }, - "AWS IoT 1-Click": { - "ARNFormat": "arn:aws:iot1click:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", - "ARNRegex": "^arn:aws:iot1click:.+:[0-9]+:.+", + "AWS HealthLake": { + "ARNFormat": "arn:aws:healthlake:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:healthlake:.+:.+:.+", "Actions": [ - "AssociateDeviceWithPlacement", - "ClaimDevicesByClaimCode", - "CreatePlacement", - "CreateProject", - "DeletePlacement", - "DeleteProject", - "DescribeDevice", - "DescribePlacement", - "DescribeProject", - "DisassociateDeviceFromPlacement", - "FinalizeDeviceClaim", - "GetDeviceMethods", - "GetDevicesInPlacement", - "InitiateDeviceClaim", - "InvokeDeviceMethod", - "ListDeviceEvents", - "ListDevices", - "ListPlacements", - "ListProjects", + "CreateFHIRDatastore", + "CreateResource", + "DeleteFHIRDatastore", + "DeleteResource", + "DescribeFHIRDatastore", + "DescribeFHIRExportJob", + "DescribeFHIRImportJob", + "GetCapabilities", + "ListFHIRDatastores", + "ListFHIRExportJobs", + "ListFHIRImportJobs", "ListTagsForResource", + "ReadResource", + "SearchWithGet", + "SearchWithPost", + "StartFHIRExportJob", + "StartFHIRImportJob", "TagResource", - "UnclaimDevice", "UntagResource", - "UpdateDeviceState", - "UpdatePlacement", - "UpdateProject" + "UpdateResource" ], "HasResource": true, - "StringPrefix": "iot1click", + "StringPrefix": "healthlake", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys" ] }, - "AWS IoT Analytics": { - "ARNFormat": "arn:aws:iotanalytics:\u003cregion\u003e:\u003caccount_ID\u003e:\u003ctype\u003e/\u003cname\u003e", - "ARNRegex": "^arn:aws:iotanalytics:.+", + "AWS HealthOmics": { + "ARNFormat": "arn:aws:omics:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:omics:${Region}:${Account}?:${ResourceType}/.+?", "Actions": [ - "BatchPutMessage", - "CancelPipelineReprocessing", - "CreateChannel", - "CreateDataset", - "CreateDatasetContent", - "CreateDatastore", - "CreatePipeline", - "DeleteChannel", - "DeleteDataset", - "DeleteDatasetContent", - "DeleteDatastore", - "DeletePipeline", - "DescribeChannel", - "DescribeDataset", - "DescribeDatastore", - "DescribeLoggingOptions", - "DescribePipeline", - "GetDatasetContent", - "ListChannels", - "ListDatasets", - "ListDatastores", - "ListPipelines", + "AbortMultipartReadSetUpload", + "AcceptShare", + "BatchDeleteReadSet", + "CancelAnnotationImportJob", + "CancelRun", + "CancelVariantImportJob", + "CompleteMultipartReadSetUpload", + "CreateAnnotationStore", + "CreateAnnotationStoreVersion", + "CreateMultipartReadSetUpload", + "CreateReferenceStore", + "CreateRunGroup", + "CreateSequenceStore", + "CreateShare", + "CreateVariantStore", + "CreateWorkflow", + "DeleteAnnotationStore", + "DeleteAnnotationStoreVersions", + "DeleteReference", + "DeleteReferenceStore", + "DeleteRun", + "DeleteRunGroup", + "DeleteSequenceStore", + "DeleteShare", + "DeleteVariantStore", + "DeleteWorkflow", + "GetAnnotationImportJob", + "GetAnnotationStore", + "GetAnnotationStoreVersion", + "GetReadSet", + "GetReadSetActivationJob", + "GetReadSetExportJob", + "GetReadSetImportJob", + "GetReadSetMetadata", + "GetReference", + "GetReferenceImportJob", + "GetReferenceMetadata", + "GetReferenceStore", + "GetRun", + "GetRunGroup", + "GetRunTask", + "GetSequenceStore", + "GetShare", + "GetVariantImportJob", + "GetVariantStore", + "GetWorkflow", + "ListAnnotationImportJobs", + "ListAnnotationStoreVersions", + "ListAnnotationStores", + "ListMultipartReadSetUploads", + "ListReadSetActivationJobs", + "ListReadSetExportJobs", + "ListReadSetImportJobs", + "ListReadSetUploadParts", + "ListReadSets", + "ListReferenceImportJobs", + "ListReferenceStores", + "ListReferences", + "ListRunGroups", + "ListRunTasks", + "ListRuns", + "ListSequenceStores", + "ListShares", "ListTagsForResource", - "PutLoggingOptions", - "RunPipelineActivity", - "SampleChannelData", - "StartPipelineReprocessing", + "ListVariantImportJobs", + "ListVariantStores", + "ListWorkflows", + "StartAnnotationImportJob", + "StartReadSetActivationJob", + "StartReadSetExportJob", + "StartReadSetImportJob", + "StartReferenceImportJob", + "StartRun", + "StartVariantImportJob", "TagResource", "UntagResource", - "UpdateChannel", - "UpdateDataset", - "UpdateDatastore", - "UpdatePipeline" + "UpdateAnnotationStore", + "UpdateAnnotationStoreVersion", + "UpdateRunGroup", + "UpdateVariantStore", + "UpdateWorkflow", + "UploadReadSetPart" ], "HasResource": true, - "StringPrefix": "iotanalytics", + "StringPrefix": "omics", "conditionKeys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "iotanalytics:ResourceTag/${TagKey}" + "omics:AnnotationImportJobJobId", + "omics:AnnotationStoreName", + "omics:AnnotationStoreVersionName", + "omics:VariantImportJobJobId", + "omics:VariantStoreName" ] }, - "AWS IoT Device Tester": { - "ARNFormat": "arn:aws:iot-device-tester:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", - "ARNRegex": "^arn:aws:iot-device-tester:.+:.+:.+", + "AWS IAM Access Analyzer": { + "ARNFormat": "arn:aws:access-analyzer:${Region}:${Account}:analyzer/${AnalyzerName}", + "ARNRegex": "^arn:aws:access-analyzer:.+", "Actions": [ - "CheckVersion", - "DownloadTestSuite", - "LatestIdt", - "SendMetrics", - "SupportedVersion" + "ApplyArchiveRule", + "CancelPolicyGeneration", + "CreateAccessPreview", + "CreateAnalyzer", + "CreateArchiveRule", + "DeleteAnalyzer", + "DeleteArchiveRule", + "GetAccessPreview", + "GetAnalyzedResource", + "GetAnalyzer", + "GetArchiveRule", + "GetFinding", + "GetGeneratedPolicy", + "ListAccessPreviewFindings", + "ListAccessPreviews", + "ListAnalyzedResources", + "ListAnalyzers", + "ListArchiveRules", + "ListFindings", + "ListPolicyGenerations", + "ListTagsForResource", + "StartPolicyGeneration", + "StartResourceScan", + "TagResource", + "UntagResource", + "UpdateArchiveRule", + "UpdateFindings", + "ValidatePolicy" ], - "HasResource": false, - "StringPrefix": "iot-device-tester" + "HasResource": true, + "StringPrefix": "access-analyzer", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, - "AWS IoT Events": { - "ARNFormat": "arn:aws:iotevents:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", - "ARNRegex": "^arn:aws:iotevents:.+", + "AWS IAM Identity Center (successor to AWS Single Sign-On)": { + "ARNFormat": "arn:aws:sso:::${RelativeId}", + "ARNRegex": "^arn:aws:sso:::.+", "Actions": [ - "BatchPutMessage", - "BatchUpdateDetector", - "CreateDetectorModel", - "CreateInput", - "DeleteDetectorModel", - "DeleteInput", - "DescribeDetector", - "DescribeDetectorModel", - "DescribeInput", - "DescribeLoggingOptions", - "ListDetectorModelVersions", - "ListDetectorModels", - "ListDetectors", - "ListInputs", + "AssociateDirectory", + "AssociateProfile", + "AttachCustomerManagedPolicyReferenceToPermissionSet", + "AttachManagedPolicyToPermissionSet", + "CreateAccountAssignment", + "CreateApplicationInstance", + "CreateApplicationInstanceCertificate", + "CreateInstanceAccessControlAttributeConfiguration", + "CreateManagedApplicationInstance", + "CreatePermissionSet", + "CreateProfile", + "CreateTrust", + "DeleteAccountAssignment", + "DeleteApplicationInstance", + "DeleteApplicationInstanceCertificate", + "DeleteInlinePolicyFromPermissionSet", + "DeleteInstanceAccessControlAttributeConfiguration", + "DeleteManagedApplicationInstance", + "DeletePermissionSet", + "DeletePermissionsBoundaryFromPermissionSet", + "DeletePermissionsPolicy", + "DeleteProfile", + "DescribeAccountAssignmentCreationStatus", + "DescribeAccountAssignmentDeletionStatus", + "DescribeDirectories", + "DescribeInstanceAccessControlAttributeConfiguration", + "DescribePermissionSet", + "DescribePermissionSetProvisioningStatus", + "DescribePermissionsPolicies", + "DescribeRegisteredRegions", + "DescribeTrusts", + "DetachCustomerManagedPolicyReferenceFromPermissionSet", + "DetachManagedPolicyFromPermissionSet", + "DisassociateDirectory", + "DisassociateProfile", + "GetApplicationInstance", + "GetApplicationTemplate", + "GetInlinePolicyForPermissionSet", + "GetManagedApplicationInstance", + "GetMfaDeviceManagementForDirectory", + "GetPermissionSet", + "GetPermissionsBoundaryForPermissionSet", + "GetPermissionsPolicy", + "GetProfile", + "GetSSOStatus", + "GetSharedSsoConfiguration", + "GetSsoConfiguration", + "GetTrust", + "ImportApplicationInstanceServiceProviderMetadata", + "ListAccountAssignmentCreationStatus", + "ListAccountAssignmentDeletionStatus", + "ListAccountAssignments", + "ListAccountsForProvisionedPermissionSet", + "ListApplicationInstanceCertificates", + "ListApplicationInstances", + "ListApplicationTemplates", + "ListApplications", + "ListCustomerManagedPolicyReferencesInPermissionSet", + "ListDirectoryAssociations", + "ListInstances", + "ListManagedPoliciesInPermissionSet", + "ListPermissionSetProvisioningStatus", + "ListPermissionSets", + "ListPermissionSetsProvisionedToAccount", + "ListProfileAssociations", + "ListProfiles", "ListTagsForResource", - "PutLoggingOptions", + "ProvisionPermissionSet", + "PutApplicationAssignmentConfiguration", + "PutInlinePolicyToPermissionSet", + "PutMfaDeviceManagementForDirectory", + "PutPermissionsBoundaryToPermissionSet", + "PutPermissionsPolicy", + "SearchGroups", + "SearchUsers", + "StartSSO", "TagResource", "UntagResource", - "UpdateDetectorModel", - "UpdateInput", - "UpdateInputRouting" + "UpdateApplicationInstanceActiveCertificate", + "UpdateApplicationInstanceDisplayData", + "UpdateApplicationInstanceResponseConfiguration", + "UpdateApplicationInstanceResponseSchemaConfiguration", + "UpdateApplicationInstanceSecurityConfiguration", + "UpdateApplicationInstanceServiceProviderConfiguration", + "UpdateApplicationInstanceStatus", + "UpdateDirectoryAssociation", + "UpdateInstanceAccessControlAttributeConfiguration", + "UpdateManagedApplicationInstanceStatus", + "UpdatePermissionSet", + "UpdateProfile", + "UpdateSSOConfiguration", + "UpdateTrust" ], "HasResource": true, - "StringPrefix": "iotevents", + "StringPrefix": "sso", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys" ] }, - "AWS IoT Greengrass": { - "ARNFormat": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/${resourceType}/${resourcePath}", - "ARNRegex": "^arn:${Partition}:greengrass:.+:[0-9]+:.+", + "AWS IAM Identity Center (successor to AWS Single Sign-On) directory": { + "ARNFormat": "arn:${Partition}:sso-directory:${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:${Partition}:sso-directory:${Region}:.+", "Actions": [ - "AssociateRoleToGroup", - "AssociateServiceRoleToAccount", - "CreateConnectorDefinition", - "CreateConnectorDefinitionVersion", - "CreateCoreDefinition", - "CreateCoreDefinitionVersion", - "CreateDeployment", - "CreateDeviceDefinition", - "CreateDeviceDefinitionVersion", - "CreateFunctionDefinition", - "CreateFunctionDefinitionVersion", + "AddMemberToGroup", + "CompleteVirtualMfaDeviceRegistration", + "CompleteWebAuthnDeviceRegistration", + "CreateAlias", + "CreateBearerToken", + "CreateExternalIdPConfigurationForDirectory", "CreateGroup", - "CreateGroupCertificateAuthority", - "CreateGroupVersion", - "CreateLoggerDefinition", - "CreateLoggerDefinitionVersion", - "CreateResourceDefinition", - "CreateResourceDefinitionVersion", - "CreateSoftwareUpdateJob", - "CreateSubscriptionDefinition", - "CreateSubscriptionDefinitionVersion", - "DeleteConnectorDefinition", - "DeleteCoreDefinition", - "DeleteDeviceDefinition", - "DeleteFunctionDefinition", + "CreateProvisioningTenant", + "CreateUser", + "DeleteBearerToken", + "DeleteExternalIdPCertificate", + "DeleteExternalIdPConfigurationForDirectory", "DeleteGroup", - "DeleteLoggerDefinition", - "DeleteResourceDefinition", - "DeleteSubscriptionDefinition", - "DisassociateRoleFromGroup", - "DisassociateServiceRoleFromAccount", - "GetAssociatedRole", - "GetBulkDeploymentStatus", - "GetConnectivityInfo", - "GetConnectorDefinition", - "GetConnectorDefinitionVersion", - "GetCoreDefinition", - "GetCoreDefinitionVersion", - "GetDeploymentStatus", - "GetDeviceDefinition", - "GetDeviceDefinitionVersion", - "GetFunctionDefinition", - "GetFunctionDefinitionVersion", - "GetGroup", - "GetGroupCertificateAuthority", - "GetGroupCertificateConfiguration", - "GetGroupVersion", - "GetLoggerDefinition", - "GetLoggerDefinitionVersion", - "GetResourceDefinition", - "GetResourceDefinitionVersion", - "GetServiceRoleForAccount", - "GetSubscriptionDefinition", - "GetSubscriptionDefinitionVersion", - "ListBulkDeploymentDetailedReports", - "ListBulkDeployments", - "ListConnectorDefinitionVersions", - "ListConnectorDefinitions", - "ListCoreDefinitionVersions", - "ListCoreDefinitions", - "ListDeployments", - "ListDeviceDefinitionVersions", - "ListDeviceDefinitions", - "ListFunctionDefinitionVersions", - "ListFunctionDefinitions", - "ListGroupCertificateAuthorities", - "ListGroupVersions", - "ListGroups", - "ListLoggerDefinitionVersions", - "ListLoggerDefinitions", - "ListResourceDefinitionVersions", - "ListResourceDefinitions", - "ListSubscriptionDefinitionVersions", - "ListSubscriptionDefinitions", - "ListTagsForResource", - "ResetDeployments", - "StartBulkDeployment", - "StopBulkDeployment", - "TagResource", - "UntagResource", - "UpdateConnectivityInfo", - "UpdateConnectorDefinition", - "UpdateCoreDefinition", - "UpdateDeviceDefinition", - "UpdateFunctionDefinition", + "DeleteMfaDeviceForUser", + "DeleteProvisioningTenant", + "DeleteUser", + "DescribeDirectory", + "DescribeGroup", + "DescribeGroups", + "DescribeProvisioningTenant", + "DescribeUser", + "DescribeUserByUniqueAttribute", + "DescribeUsers", + "DisableExternalIdPConfigurationForDirectory", + "DisableUser", + "EnableExternalIdPConfigurationForDirectory", + "EnableUser", + "GetAWSSPConfigurationForDirectory", + "GetUserPoolInfo", + "ImportExternalIdPCertificate", + "IsMemberInGroup", + "ListBearerTokens", + "ListExternalIdPCertificates", + "ListExternalIdPConfigurationsForDirectory", + "ListGroupsForMember", + "ListGroupsForUser", + "ListMembersInGroup", + "ListMfaDevicesForUser", + "ListProvisioningTenants", + "RemoveMemberFromGroup", + "SearchGroups", + "SearchUsers", + "StartVirtualMfaDeviceRegistration", + "StartWebAuthnDeviceRegistration", + "UpdateExternalIdPConfigurationForDirectory", "UpdateGroup", - "UpdateGroupCertificateConfiguration", - "UpdateLoggerDefinition", - "UpdateResourceDefinition", - "UpdateSubscriptionDefinition" + "UpdateGroupDisplayName", + "UpdateMfaDeviceForUser", + "UpdatePassword", + "UpdateUser", + "UpdateUserName", + "VerifyEmail" ], - "HasResource": true, - "StringPrefix": "greengrass", - "conditionKeys": [ - "aws:CurrentTime", - "aws:EpochTime", - "aws:MultiFactorAuthAge", - "aws:MultiFactorAuthPresent", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:SecureTransport", - "aws:TagKeys", - "aws:UserAgent" - ] + "HasResource": false, + "StringPrefix": "sso-directory" }, - "AWS IoT SiteWise": { - "ARNFormat": "arn:aws:iotsitewise:\u003cregion\u003e:\u003caccount_ID\u003e:\u003ctype\u003e/\u003cname\u003e", - "ARNRegex": "^arn:${Partition}:iotsitewise:.+-\\d+:\\d{12}:.+", + "AWS IQ": { + "ARNFormat": "arn:aws:iq:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:iq:.+", "Actions": [ - "AssociateAssets", - "AssociateViewEntities", - "BatchAssociateProjectAssets", - "BatchDisassociateProjectAssets", - "BatchPutAssetPropertyValue", - "CreateAccessPolicy", - "CreateAsset", - "CreateAssetModel", - "CreateAssetTemplate", - "CreateDashboard", - "CreateGroup", - "CreateMeasurementDataStore", - "CreateMetricType", - "CreatePortal", + "AcceptCall", + "ApprovePaymentRequest", + "ApproveProposal", + "ArchiveConversation", + "CompleteProposal", + "CreateConversation", + "CreateExpert", + "CreateListing", + "CreateMilestoneProposal", + "CreatePaymentRequest", "CreateProject", - "CreateView", - "DeleteAccessPolicy", - "DeleteAsset", - "DeleteAssetModel", - "DeleteAssetTemplate", - "DeleteDashboard", - "DeleteGroup", - "DeleteMeasurementDataStore", - "DeleteMetricType", - "DeletePortal", - "DeleteProject", - "DeleteView", - "DeregisterViewEntities", - "DescribeAccessPolicy", - "DescribeAsset", - "DescribeAssetModel", - "DescribeAssetProperty", - "DescribeAssetTemplates", - "DescribeAssets", - "DescribeDashboard", - "DescribeGroups", - "DescribeLoggingOptions", - "DescribeMeasurementDataStores", - "DescribeMetricTypes", - "DescribePortal", - "DescribeProject", - "DescribeViews", - "DisassociateAssets", - "DisassociateViewEntities", - "GetAssetPropertyAggregates", - "GetAssetPropertyValue", - "GetAssetPropertyValueHistory", - "GetMeasurementData", - "GetMetricData", - "ListAccessPolicies", - "ListAssetModels", - "ListAssetTemplates", - "ListAssets", - "ListAssociatedAssets", - "ListDashboards", - "ListGroups", - "ListMeasurementDataStores", - "ListMeasurementDataStreams", - "ListMetricTypes", - "ListPortals", - "ListProjectAssets", - "ListProjects", - "ListViewEntities", - "ListViews", - "PutLoggingOptions", - "RegisterViewEntities", - "UpdateAccessPolicy", - "UpdateAsset", - "UpdateAssetModel", - "UpdateAssetProperty", - "UpdateAssetTemplate", - "UpdateDashboard", - "UpdateGroup", - "UpdateMeasurementDataStore", - "UpdatePortal", - "UpdateProject", - "UpdateView" + "CreateRequest", + "CreateScheduledProposal", + "CreateSeller", + "CreateUpfrontProposal", + "DeclineCall", + "DeleteAttachment", + "DisableIndividualPublicProfile", + "DownloadAttachment", + "EnableIndividualPublicProfile", + "EndCall", + "GetBuyer", + "GetCall", + "GetChatInfo", + "GetChatMessages", + "GetChatToken", + "GetCompanyChatMessages", + "GetCompanyProfile", + "GetConversation", + "GetExpert", + "GetListing", + "GetMarketplaceSeller", + "GetPaymentRequest", + "GetProposal", + "GetRequest", + "GetReview", + "HideRequest", + "InitiateCall", + "LinkAwsCertification", + "ListAttachments", + "ListConversations", + "ListExpertAccessLogs", + "ListListings", + "ListPaymentRequests", + "ListProposals", + "ListRequests", + "ListReviews", + "MarkChatMessageRead", + "RejectPaymentRequest", + "RejectProposal", + "SendCompanyChatMessage", + "SendIndividualChatMessage", + "UnarchiveConversation", + "UnlinkAwsCertification", + "UpdateCompanyProfile", + "UpdateConversationMembers", + "UpdateExpert", + "UpdateListing", + "UpdateRequest", + "UploadAttachment", + "WithdrawPaymentRequest", + "WithdrawProposal", + "WriteReview" ], "HasResource": true, - "StringPrefix": "iotsitewise", - "conditionKeys": [ - "iotsitewise:assetHierarchyPath", - "iotsitewise:childAssetId", - "iotsitewise:group", - "iotsitewise:portal", - "iotsitewise:project", - "iotsitewise:propertyId", - "iotsitewise:user" - ] + "StringPrefix": "iq" }, - "AWS IoT Things Graph": { - "ARNFormat": "arn:aws:iotthingsgraph:\u003cregion\u003e:\u003caccount_id\u003e:\u003ctype\u003e/\u003cname\u003e", - "ARNRegex": "^arn:aws:iotthingsgraph:.+:.+:.+", + "AWS IQ Permissions": { + "ARNFormat": "arn:aws:iq-permission:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:iq-permission:.+", "Actions": [ - "AssociateEntityToThing", - "CreateFlowTemplate", - "CreateSystemInstance", - "CreateSystemTemplate", - "DeleteFlowTemplate", - "DeleteNamespace", - "DeleteSystemInstance", - "DeleteSystemTemplate", - "DeploySystemInstance", - "DeprecateFlowTemplate", - "DeprecateSystemTemplate", - "DescribeNamespace", - "DissociateEntityFromThing", - "GetEntities", - "GetFlowTemplate", - "GetFlowTemplateRevisions", - "GetNamespaceDeletionStatus", - "GetSystemInstance", - "GetSystemTemplate", - "GetSystemTemplateRevisions", - "GetUploadStatus", - "ListFlowExecutionMessages", - "ListTagsForResource", - "SearchEntities", - "SearchFlowExecutions", - "SearchFlowTemplates", - "SearchSystemInstances", - "SearchSystemTemplates", - "SearchThings", - "TagResource", - "UndeploySystemInstance", - "UntagResource", - "UpdateFlowTemplate", - "UpdateSystemTemplate", - "UploadEntityDefinitions" + "ApproveAccessGrant", + "ApprovePermissionRequest", + "AssumePermissionRole", + "CreatePermissionRequest", + "GetPermissionRequest", + "ListPermissionRequests", + "RejectPermissionRequest", + "RevokePermissionRequest", + "WithdrawPermissionRequest" ], "HasResource": true, - "StringPrefix": "iotthingsgraph", - "conditionKeys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ] + "StringPrefix": "iq-permission" }, - "AWS Key Management Service": { - "ARNFormat": "arn:aws:kms:\u003cregion\u003e:\u003caccount_id\u003e:\u003cresource_type\u003e/\u003cid\u003e", - "ARNRegex": "^arn:aws:kms:.+", + "AWS Identity Store": { + "ARNFormat": "arn:aws:identitystore::${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:identitystore:.+", "Actions": [ - "CancelKeyDeletion", - "ConnectCustomKeyStore", - "CreateAlias", - "CreateCustomKeyStore", - "CreateGrant", - "CreateKey", - "Decrypt", - "DeleteAlias", - "DeleteCustomKeyStore", - "DeleteImportedKeyMaterial", - "DescribeCustomKeyStores", - "DescribeKey", - "DisableKey", - "DisableKeyRotation", - "DisconnectCustomKeyStore", - "EnableKey", - "EnableKeyRotation", - "Encrypt", - "GenerateDataKey", - "GenerateDataKeyPair", - "GenerateDataKeyPairWithoutPlaintext", - "GenerateDataKeyWithoutPlaintext", - "GenerateRandom", - "GetKeyPolicy", - "GetKeyRotationStatus", - "GetParametersForImport", - "GetPublicKey", - "ImportKeyMaterial", - "ListAliases", - "ListGrants", - "ListKeyPolicies", - "ListKeys", - "ListResourceTags", - "ListRetirableGrants", - "PutKeyPolicy", - "ReEncryptFrom", - "ReEncryptTo", - "RetireGrant", - "RevokeGrant", - "ScheduleKeyDeletion", - "Sign", - "TagResource", - "UntagResource", - "UpdateAlias", - "UpdateCustomKeyStore", - "UpdateKeyDescription", - "Verify" + "CreateGroup", + "CreateGroupMembership", + "CreateUser", + "DeleteGroup", + "DeleteGroupMembership", + "DeleteUser", + "DescribeGroup", + "DescribeGroupMembership", + "DescribeUser", + "GetGroupId", + "GetGroupMembershipId", + "GetUserId", + "IsMemberInGroups", + "ListGroupMemberships", + "ListGroupMembershipsForMember", + "ListGroups", + "ListUsers", + "UpdateGroup", + "UpdateUser" ], "HasResource": true, - "StringPrefix": "kms", + "StringPrefix": "identitystore", "conditionKeys": [ - "kms:BypassPolicyLockoutSafetyCheck", - "kms:CallerAccount", - "kms:CustomerMasterKeySpec", - "kms:CustomerMasterKeyUsage", - "kms:DataKeyPairSpec", - "kms:EncryptionAlgorithm", - "kms:EncryptionContextKeys", - "kms:ExpirationModel", - "kms:GrantConstraintType", - "kms:GrantIsForAWSResource", - "kms:GrantOperations", - "kms:GranteePrincipal", - "kms:KeyOrigin", - "kms:MessageType", - "kms:ReEncryptOnSameKey", - "kms:RetiringPrincipal", - "kms:SigningAlgorithm", - "kms:ValidTo", - "kms:ViaService", - "kms:WrappingAlgorithm", - "kms:WrappingKeySpec" + "identitystore:UserId" ] }, - "AWS Lake Formation": { + "AWS Identity Store Auth": { + "ARNFormat": "arn:${Partition}:identitystore-auth:${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:${Partition}:identitystore-auth:${Region}:.+", "Actions": [ - "BatchGrantPermissions", - "BatchRevokePermissions", - "DeregisterResource", - "DescribeResource", - "GetDataAccess", - "GetDataLakeSettings", - "GetEffectivePermissionsForPath", - "GrantPermissions", - "ListPermissions", - "ListResources", - "PutDataLakeSettings", - "RegisterResource", - "RevokePermissions", - "UpdateResource" + "BatchDeleteSession", + "BatchGetSession", + "ListSessions" ], "HasResource": false, - "StringPrefix": "lakeformation" + "StringPrefix": "identitystore-auth" }, - "AWS Lambda": { - "ARNFormat": "arn:aws:lambda:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e:\u003cresourceId\u003e", - "ARNRegex": "^arn:aws:lambda:.+", + "AWS Identity Sync": { + "ARNFormat": "arn:aws:identity-sync:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:identity-sync:.+:.+:.+", "Actions": [ - "AddLayerVersionPermission", - "AddPermission", - "CreateAlias", - "CreateEventSourceMapping", - "CreateFunction", - "DeleteAlias", - "DeleteEventSourceMapping", - "DeleteFunction", - "DeleteFunctionConcurrency", - "DeleteFunctionEventInvokeConfig", - "DeleteLayerVersion", - "DeleteProvisionedConcurrencyConfig", - "DisableReplication", - "EnableReplication", - "GetAccountSettings", - "GetAlias", - "GetEventSourceMapping", - "GetFunction", - "GetFunctionConcurrency", - "GetFunctionConfiguration", - "GetFunctionEventInvokeConfig", - "GetLayerVersion", - "GetLayerVersionPolicy", + "CreateSyncFilter", + "CreateSyncProfile", + "CreateSyncTarget", + "DeleteSyncFilter", + "DeleteSyncProfile", + "DeleteSyncTarget", + "GetSyncProfile", + "GetSyncTarget", + "ListSyncFilters", + "StartSync", + "StopSync", + "UpdateSyncTarget" + ], + "HasResource": true, + "StringPrefix": "identity-sync" + }, + "AWS Identity and Access Management (IAM)": { + "ARNFormat": "arn:aws:iam::${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:iam::.+", + "Actions": [ + "AddClientIDToOpenIDConnectProvider", + "AddRoleToInstanceProfile", + "AddUserToGroup", + "AttachGroupPolicy", + "AttachRolePolicy", + "AttachUserPolicy", + "ChangePassword", + "CreateAccessKey", + "CreateAccountAlias", + "CreateGroup", + "CreateInstanceProfile", + "CreateLoginProfile", + "CreateOpenIDConnectProvider", + "CreatePolicy", + "CreatePolicyVersion", + "CreateRole", + "CreateSAMLProvider", + "CreateServiceLinkedRole", + "CreateServiceSpecificCredential", + "CreateUser", + "CreateVirtualMFADevice", + "DeactivateMFADevice", + "DeleteAccessKey", + "DeleteAccountAlias", + "DeleteAccountPasswordPolicy", + "DeleteCloudFrontPublicKey", + "DeleteGroup", + "DeleteGroupPolicy", + "DeleteInstanceProfile", + "DeleteLoginProfile", + "DeleteOpenIDConnectProvider", + "DeletePolicy", + "DeletePolicyVersion", + "DeleteRole", + "DeleteRolePermissionsBoundary", + "DeleteRolePolicy", + "DeleteSAMLProvider", + "DeleteSSHPublicKey", + "DeleteServerCertificate", + "DeleteServiceLinkedRole", + "DeleteServiceSpecificCredential", + "DeleteSigningCertificate", + "DeleteUser", + "DeleteUserPermissionsBoundary", + "DeleteUserPolicy", + "DeleteVirtualMFADevice", + "DetachGroupPolicy", + "DetachRolePolicy", + "DetachUserPolicy", + "EnableMFADevice", + "GenerateCredentialReport", + "GenerateOrganizationsAccessReport", + "GenerateServiceLastAccessedDetails", + "GetAccessKeyLastUsed", + "GetAccountAuthorizationDetails", + "GetAccountEmailAddress", + "GetAccountName", + "GetAccountPasswordPolicy", + "GetAccountSummary", + "GetCloudFrontPublicKey", + "GetContextKeysForCustomPolicy", + "GetContextKeysForPrincipalPolicy", + "GetCredentialReport", + "GetGroup", + "GetGroupPolicy", + "GetInstanceProfile", + "GetLoginProfile", + "GetMFADevice", + "GetOpenIDConnectProvider", + "GetOrganizationsAccessReport", "GetPolicy", - "GetProvisionedConcurrencyConfig", - "InvokeAsync", - "InvokeFunction", - "ListAliases", - "ListEventSourceMappings", - "ListFunctionEventInvokeConfigs", - "ListFunctions", - "ListLayerVersions", - "ListLayers", - "ListProvisionedConcurrencyConfigs", - "ListTags", - "ListVersionsByFunction", - "PublishLayerVersion", - "PublishVersion", - "PutFunctionConcurrency", - "PutFunctionEventInvokeConfig", - "PutProvisionedConcurrencyConfig", - "RemoveLayerVersionPermission", - "RemovePermission", - "TagResource", - "UntagResource", - "UpdateAlias", - "UpdateEventSourceMapping", - "UpdateFunctionCode", - "UpdateFunctionConfiguration", - "UpdateFunctionEventInvokeConfig" + "GetPolicyVersion", + "GetRole", + "GetRolePolicy", + "GetSAMLProvider", + "GetSSHPublicKey", + "GetServerCertificate", + "GetServiceLastAccessedDetails", + "GetServiceLastAccessedDetailsWithEntities", + "GetServiceLinkedRoleDeletionStatus", + "GetUser", + "GetUserPolicy", + "ListAccessKeys", + "ListAccountAliases", + "ListAttachedGroupPolicies", + "ListAttachedRolePolicies", + "ListAttachedUserPolicies", + "ListCloudFrontPublicKeys", + "ListEntitiesForPolicy", + "ListGroupPolicies", + "ListGroups", + "ListGroupsForUser", + "ListInstanceProfileTags", + "ListInstanceProfiles", + "ListInstanceProfilesForRole", + "ListMFADeviceTags", + "ListMFADevices", + "ListOpenIDConnectProviderTags", + "ListOpenIDConnectProviders", + "ListPolicies", + "ListPoliciesGrantingServiceAccess", + "ListPolicyTags", + "ListPolicyVersions", + "ListRolePolicies", + "ListRoleTags", + "ListRoles", + "ListSAMLProviderTags", + "ListSAMLProviders", + "ListSSHPublicKeys", + "ListSTSRegionalEndpointsStatus", + "ListServerCertificateTags", + "ListServerCertificates", + "ListServiceSpecificCredentials", + "ListSigningCertificates", + "ListUserPolicies", + "ListUserTags", + "ListUsers", + "ListVirtualMFADevices", + "PassRole", + "PutGroupPolicy", + "PutRolePermissionsBoundary", + "PutRolePolicy", + "PutUserPermissionsBoundary", + "PutUserPolicy", + "RemoveClientIDFromOpenIDConnectProvider", + "RemoveRoleFromInstanceProfile", + "RemoveUserFromGroup", + "ResetServiceSpecificCredential", + "ResyncMFADevice", + "SetDefaultPolicyVersion", + "SetSTSRegionalEndpointStatus", + "SetSecurityTokenServicePreferences", + "SimulateCustomPolicy", + "SimulatePrincipalPolicy", + "TagInstanceProfile", + "TagMFADevice", + "TagOpenIDConnectProvider", + "TagPolicy", + "TagRole", + "TagSAMLProvider", + "TagServerCertificate", + "TagUser", + "UntagInstanceProfile", + "UntagMFADevice", + "UntagOpenIDConnectProvider", + "UntagPolicy", + "UntagRole", + "UntagSAMLProvider", + "UntagServerCertificate", + "UntagUser", + "UpdateAccessKey", + "UpdateAccountEmailAddress", + "UpdateAccountName", + "UpdateAccountPasswordPolicy", + "UpdateAssumeRolePolicy", + "UpdateCloudFrontPublicKey", + "UpdateGroup", + "UpdateLoginProfile", + "UpdateOpenIDConnectProviderThumbprint", + "UpdateRole", + "UpdateRoleDescription", + "UpdateSAMLProvider", + "UpdateSSHPublicKey", + "UpdateServerCertificate", + "UpdateServiceSpecificCredential", + "UpdateSigningCertificate", + "UpdateUser", + "UploadCloudFrontPublicKey", + "UploadSSHPublicKey", + "UploadServerCertificate", + "UploadSigningCertificate" ], "HasResource": true, - "StringPrefix": "lambda", + "StringPrefix": "iam", "conditionKeys": [ - "lambda:FunctionArn", - "lambda:Layer", - "lambda:Principal" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "iam:AWSServiceName", + "iam:AssociatedResourceArn", + "iam:FIDO-FIPS-140-2-certification", + "iam:FIDO-FIPS-140-3-certification", + "iam:FIDO-certification", + "iam:OrganizationsPolicyId", + "iam:PassedToService", + "iam:PermissionsBoundary", + "iam:PolicyARN", + "iam:RegisterSecurityKey", + "iam:ResourceTag/${TagKey}" ] }, - "AWS License Manager": { - "ARNFormat": "arn:aws:license-manager:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresourceType\u003e/\u003cresourceId\u003e", - "ARNRegex": "^arn:aws:license-manager:.+:.+:.+", + "AWS Identity and Access Management Roles Anywhere": { + "ARNFormat": "arn:aws:rolesanywhere:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:rolesanywhere:.+:.+:.+", "Actions": [ - "CreateLicenseConfiguration", - "DeleteLicenseConfiguration", - "GetLicenseConfiguration", - "GetServiceSettings", - "ListAssociationsForLicenseConfiguration", - "ListLicenseConfigurations", - "ListLicenseSpecificationsForResource", - "ListResourceInventory", + "CreateProfile", + "CreateTrustAnchor", + "DeleteCrl", + "DeleteProfile", + "DeleteTrustAnchor", + "DisableCrl", + "DisableProfile", + "DisableTrustAnchor", + "EnableCrl", + "EnableProfile", + "EnableTrustAnchor", + "GetCrl", + "GetProfile", + "GetSubject", + "GetTrustAnchor", + "ImportCrl", + "ListCrls", + "ListProfiles", + "ListSubjects", "ListTagsForResource", - "ListUsageForLicenseConfiguration", + "ListTrustAnchors", + "PutNotificationSettings", + "ResetNotificationSettings", "TagResource", "UntagResource", - "UpdateLicenseConfiguration", - "UpdateLicenseSpecificationsForResource", - "UpdateServiceSettings" + "UpdateCrl", + "UpdateProfile", + "UpdateTrustAnchor" ], "HasResource": true, - "StringPrefix": "license-manager", + "StringPrefix": "rolesanywhere", "conditionKeys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "license-manager:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" ] }, - "AWS Managed Apache Cassandra Service": { - "ARNFormat": "arn:${Partition}:cassandra:${region}:${account}:/${resourceType}/${resourcePath}/", - "ARNRegex": "^arn:${Partition}:cassandra:.+", + "AWS Import Export Disk Service": { "Actions": [ - "Alter", - "Create", - "Drop", - "Modify", - "Select" + "CancelJob", + "CreateJob", + "GetShippingLabel", + "GetStatus", + "ListJobs", + "UpdateJob" ], - "HasResource": true, - "StringPrefix": "cassandra" + "HasResource": false, + "StringPrefix": "importexport" }, - "AWS Marketplace": { + "AWS Invoicing Service": { "Actions": [ - "AcceptAgreementApprovalRequest", - "CancelAgreementRequest", - "GetAgreementApprovalRequest", - "GetAgreementRequest", - "ListAgreementApprovalRequests", - "ListAgreementRequests", - "RejectAgreementApprovalRequest", - "Subscribe", - "Unsubscribe", - "UpdateAgreementApprovalRequest", - "ViewSubscriptions" + "GetInvoiceEmailDeliveryPreferences", + "GetInvoicePDF", + "ListInvoiceSummaries", + "PutInvoiceEmailDeliveryPreferences" ], "HasResource": false, - "StringPrefix": "aws-marketplace" + "StringPrefix": "invoicing" }, - "AWS Marketplace Catalog": { - "ARNFormat": "arn:aws:aws-marketplace:\u003cregion\u003e:\u003caccount\u003e:\u003ccatalog\u003e/\u003cresource_type\u003e/\u003cresource_id\u003e", - "ARNRegex": "^arn:aws:aws-marketplace:::.+", + "AWS IoT": { + "ARNFormat": "arn:aws:iot:${Region}:${Account}:${Type}/${Name}", + "ARNRegex": "^arn:aws:iot:.+:[0-9]+:.+", "Actions": [ - "CancelChangeSet", - "CompleteTask", - "DescribeChangeSet", - "DescribeEntity", - "DescribeTask", - "ListChangeSets", - "ListEntities", - "ListTasks", - "StartChangeSet", - "UpdateTask" - ], - "HasResource": true, + "AcceptCertificateTransfer", + "AddThingToBillingGroup", + "AddThingToThingGroup", + "AssociateTargetsWithJob", + "AttachPolicy", + "AttachPrincipalPolicy", + "AttachSecurityProfile", + "AttachThingPrincipal", + "CancelAuditMitigationActionsTask", + "CancelAuditTask", + "CancelCertificateTransfer", + "CancelDetectMitigationActionsTask", + "CancelJob", + "CancelJobExecution", + "ClearDefaultAuthorizer", + "CloseTunnel", + "ConfirmTopicRuleDestination", + "Connect", + "CreateAuditSuppression", + "CreateAuthorizer", + "CreateBillingGroup", + "CreateCertificateFromCsr", + "CreateCustomMetric", + "CreateDimension", + "CreateDomainConfiguration", + "CreateDynamicThingGroup", + "CreateFleetMetric", + "CreateJob", + "CreateJobTemplate", + "CreateKeysAndCertificate", + "CreateMitigationAction", + "CreateOTAUpdate", + "CreatePackage", + "CreatePackageVersion", + "CreatePolicy", + "CreatePolicyVersion", + "CreateProvisioningClaim", + "CreateProvisioningTemplate", + "CreateProvisioningTemplateVersion", + "CreateRoleAlias", + "CreateScheduledAudit", + "CreateSecurityProfile", + "CreateStream", + "CreateThing", + "CreateThingGroup", + "CreateThingType", + "CreateTopicRule", + "CreateTopicRuleDestination", + "DeleteAccountAuditConfiguration", + "DeleteAuditSuppression", + "DeleteAuthorizer", + "DeleteBillingGroup", + "DeleteCACertificate", + "DeleteCertificate", + "DeleteCustomMetric", + "DeleteDimension", + "DeleteDomainConfiguration", + "DeleteDynamicThingGroup", + "DeleteFleetMetric", + "DeleteJob", + "DeleteJobExecution", + "DeleteJobTemplate", + "DeleteMitigationAction", + "DeleteOTAUpdate", + "DeletePackage", + "DeletePackageVersion", + "DeletePolicy", + "DeletePolicyVersion", + "DeleteProvisioningTemplate", + "DeleteProvisioningTemplateVersion", + "DeleteRegistrationCode", + "DeleteRoleAlias", + "DeleteScheduledAudit", + "DeleteSecurityProfile", + "DeleteStream", + "DeleteThing", + "DeleteThingGroup", + "DeleteThingShadow", + "DeleteThingType", + "DeleteTopicRule", + "DeleteTopicRuleDestination", + "DeleteV2LoggingLevel", + "DeprecateThingType", + "DescribeAccountAuditConfiguration", + "DescribeAuditFinding", + "DescribeAuditMitigationActionsTask", + "DescribeAuditSuppression", + "DescribeAuditTask", + "DescribeAuthorizer", + "DescribeBillingGroup", + "DescribeCACertificate", + "DescribeCertificate", + "DescribeCustomMetric", + "DescribeDefaultAuthorizer", + "DescribeDetectMitigationActionsTask", + "DescribeDimension", + "DescribeDomainConfiguration", + "DescribeEndpoint", + "DescribeEventConfigurations", + "DescribeFleetMetric", + "DescribeIndex", + "DescribeJob", + "DescribeJobExecution", + "DescribeJobTemplate", + "DescribeManagedJobTemplate", + "DescribeMitigationAction", + "DescribeProvisioningTemplate", + "DescribeProvisioningTemplateVersion", + "DescribeRoleAlias", + "DescribeScheduledAudit", + "DescribeSecurityProfile", + "DescribeStream", + "DescribeThing", + "DescribeThingGroup", + "DescribeThingRegistrationTask", + "DescribeThingType", + "DescribeTunnel", + "DetachPolicy", + "DetachPrincipalPolicy", + "DetachSecurityProfile", + "DetachThingPrincipal", + "DisableTopicRule", + "EnableTopicRule", + "GetBehaviorModelTrainingSummaries", + "GetBucketsAggregation", + "GetCardinality", + "GetEffectivePolicies", + "GetIndexingConfiguration", + "GetJobDocument", + "GetLoggingOptions", + "GetOTAUpdate", + "GetPackage", + "GetPackageConfiguration", + "GetPackageVersion", + "GetPercentiles", + "GetPolicy", + "GetPolicyVersion", + "GetRegistrationCode", + "GetRetainedMessage", + "GetStatistics", + "GetThingShadow", + "GetTopicRule", + "GetTopicRuleDestination", + "GetV2LoggingOptions", + "ListActiveViolations", + "ListAttachedPolicies", + "ListAuditFindings", + "ListAuditMitigationActionsExecutions", + "ListAuditMitigationActionsTasks", + "ListAuditSuppressions", + "ListAuditTasks", + "ListAuthorizers", + "ListBillingGroups", + "ListCACertificates", + "ListCertificates", + "ListCertificatesByCA", + "ListCustomMetrics", + "ListDetectMitigationActionsExecutions", + "ListDetectMitigationActionsTasks", + "ListDimensions", + "ListDomainConfigurations", + "ListFleetMetrics", + "ListIndices", + "ListJobExecutionsForJob", + "ListJobExecutionsForThing", + "ListJobTemplates", + "ListJobs", + "ListManagedJobTemplates", + "ListMetricValues", + "ListMitigationActions", + "ListNamedShadowsForThing", + "ListOTAUpdates", + "ListOutgoingCertificates", + "ListPackageVersions", + "ListPackages", + "ListPolicies", + "ListPolicyPrincipals", + "ListPolicyVersions", + "ListPrincipalPolicies", + "ListPrincipalThings", + "ListProvisioningTemplateVersions", + "ListProvisioningTemplates", + "ListRelatedResourcesForAuditFinding", + "ListRetainedMessages", + "ListRoleAliases", + "ListScheduledAudits", + "ListSecurityProfiles", + "ListSecurityProfilesForTarget", + "ListStreams", + "ListTagsForResource", + "ListTargetsForPolicy", + "ListTargetsForSecurityProfile", + "ListThingGroups", + "ListThingGroupsForThing", + "ListThingPrincipals", + "ListThingRegistrationTaskReports", + "ListThingRegistrationTasks", + "ListThingTypes", + "ListThings", + "ListThingsInBillingGroup", + "ListThingsInThingGroup", + "ListTopicRuleDestinations", + "ListTopicRules", + "ListTunnels", + "ListV2LoggingLevels", + "ListViolationEvents", + "OpenTunnel", + "Publish", + "PutVerificationStateOnViolation", + "Receive", + "RegisterCACertificate", + "RegisterCertificate", + "RegisterCertificateWithoutCA", + "RegisterThing", + "RejectCertificateTransfer", + "RemoveThingFromBillingGroup", + "RemoveThingFromThingGroup", + "ReplaceTopicRule", + "RetainPublish", + "RotateTunnelAccessToken", + "SearchIndex", + "SetDefaultAuthorizer", + "SetDefaultPolicyVersion", + "SetLoggingOptions", + "SetV2LoggingLevel", + "SetV2LoggingOptions", + "StartAuditMitigationActionsTask", + "StartDetectMitigationActionsTask", + "StartOnDemandAuditTask", + "StartThingRegistrationTask", + "StopThingRegistrationTask", + "Subscribe", + "TagResource", + "TestAuthorization", + "TestInvokeAuthorizer", + "TransferCertificate", + "UntagResource", + "UpdateAccountAuditConfiguration", + "UpdateAuditSuppression", + "UpdateAuthorizer", + "UpdateBillingGroup", + "UpdateCACertificate", + "UpdateCertificate", + "UpdateCustomMetric", + "UpdateDimension", + "UpdateDomainConfiguration", + "UpdateDynamicThingGroup", + "UpdateEventConfigurations", + "UpdateFleetMetric", + "UpdateIndexingConfiguration", + "UpdateJob", + "UpdateMitigationAction", + "UpdatePackage", + "UpdatePackageConfiguration", + "UpdatePackageVersion", + "UpdateProvisioningTemplate", + "UpdateRoleAlias", + "UpdateScheduledAudit", + "UpdateSecurityProfile", + "UpdateStream", + "UpdateThing", + "UpdateThingGroup", + "UpdateThingGroupsForThing", + "UpdateThingShadow", + "UpdateTopicRuleDestination", + "ValidateSecurityProfileBehaviors" + ], + "HasResource": true, + "StringPrefix": "iot", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "iot:ClientMode", + "iot:Delete", + "iot:DomainName", + "iot:ThingGroupArn", + "iot:TunnelDestinationService" + ] + }, + "AWS IoT 1-Click": { + "ARNFormat": "arn:aws:iot1click:${Region}:${Account}:${Type}/${Name}", + "ARNRegex": "^arn:aws:iot1click:.+:[0-9]+:.+", + "Actions": [ + "AssociateDeviceWithPlacement", + "ClaimDevicesByClaimCode", + "CreatePlacement", + "CreateProject", + "DeletePlacement", + "DeleteProject", + "DescribeDevice", + "DescribePlacement", + "DescribeProject", + "DisassociateDeviceFromPlacement", + "FinalizeDeviceClaim", + "GetDeviceMethods", + "GetDevicesInPlacement", + "InitiateDeviceClaim", + "InvokeDeviceMethod", + "ListDeviceEvents", + "ListDevices", + "ListPlacements", + "ListProjects", + "ListTagsForResource", + "TagResource", + "UnclaimDevice", + "UntagResource", + "UpdateDeviceState", + "UpdatePlacement", + "UpdateProject" + ], + "HasResource": true, + "StringPrefix": "iot1click", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS IoT Analytics": { + "ARNFormat": "arn:aws:iotanalytics:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:iotanalytics:.+", + "Actions": [ + "BatchPutMessage", + "CancelPipelineReprocessing", + "CreateChannel", + "CreateDataset", + "CreateDatasetContent", + "CreateDatastore", + "CreatePipeline", + "DeleteChannel", + "DeleteDataset", + "DeleteDatasetContent", + "DeleteDatastore", + "DeletePipeline", + "DescribeChannel", + "DescribeDataset", + "DescribeDatastore", + "DescribeLoggingOptions", + "DescribePipeline", + "GetDatasetContent", + "ListChannels", + "ListDatasetContents", + "ListDatasets", + "ListDatastores", + "ListPipelines", + "ListTagsForResource", + "PutLoggingOptions", + "RunPipelineActivity", + "SampleChannelData", + "StartPipelineReprocessing", + "TagResource", + "UntagResource", + "UpdateChannel", + "UpdateDataset", + "UpdateDatastore", + "UpdatePipeline" + ], + "HasResource": true, + "StringPrefix": "iotanalytics", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "iotanalytics:ResourceTag/${TagKey}" + ] + }, + "AWS IoT Core Device Advisor": { + "ARNFormat": "arn:aws:iotdeviceadvisor:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:iotdeviceadvisor:.+", + "Actions": [ + "CreateSuiteDefinition", + "DeleteSuiteDefinition", + "GetEndpoint", + "GetSuiteDefinition", + "GetSuiteRun", + "GetSuiteRunReport", + "ListSuiteDefinitions", + "ListSuiteRuns", + "ListTagsForResource", + "StartSuiteRun", + "StopSuiteRun", + "TagResource", + "UntagResource", + "UpdateSuiteDefinition" + ], + "HasResource": true, + "StringPrefix": "iotdeviceadvisor", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS IoT Device Tester": { + "ARNFormat": "arn:${Partition}:iot-device-tester:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:.+:iot-device-tester:.+:.+:.+", + "Actions": [ + "CheckVersion", + "DownloadTestSuite", + "LatestIdt", + "SendMetrics", + "SupportedVersion" + ], + "HasResource": false, + "StringPrefix": "iot-device-tester" + }, + "AWS IoT Events": { + "ARNFormat": "arn:aws:iotevents:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:iotevents:.+", + "Actions": [ + "BatchAcknowledgeAlarm", + "BatchDeleteDetector", + "BatchDisableAlarm", + "BatchEnableAlarm", + "BatchPutMessage", + "BatchResetAlarm", + "BatchSnoozeAlarm", + "BatchUpdateDetector", + "CreateAlarmModel", + "CreateDetectorModel", + "CreateInput", + "DeleteAlarmModel", + "DeleteDetectorModel", + "DeleteInput", + "DescribeAlarm", + "DescribeAlarmModel", + "DescribeDetector", + "DescribeDetectorModel", + "DescribeDetectorModelAnalysis", + "DescribeInput", + "DescribeLoggingOptions", + "GetDetectorModelAnalysisResults", + "ListAlarmModelVersions", + "ListAlarmModels", + "ListAlarms", + "ListDetectorModelVersions", + "ListDetectorModels", + "ListDetectors", + "ListInputRoutings", + "ListInputs", + "ListTagsForResource", + "PutLoggingOptions", + "StartDetectorModelAnalysis", + "TagResource", + "UntagResource", + "UpdateAlarmModel", + "UpdateDetectorModel", + "UpdateInput", + "UpdateInputRouting" + ], + "HasResource": true, + "StringPrefix": "iotevents", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "iotevents:keyValue" + ] + }, + "AWS IoT Fleet Hub for Device Management": { + "ARNFormat": "arn:aws:iotfleethub:${Region}:${AccountId}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:iotfleethub:.+:.+:.+", + "Actions": [ + "CreateApplication", + "DeleteApplication", + "DescribeApplication", + "ListApplications", + "ListTagsForResource", + "TagResource", + "UntagResource", + "UpdateApplication" + ], + "HasResource": true, + "StringPrefix": "iotfleethub", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS IoT FleetWise": { + "ARNFormat": "arn:aws:iotfleetwise:${Region}:${Account}:${Type}/${Name}", + "ARNRegex": "^arn:aws:iotfleetwise:.+:[0-9]+:.+", + "Actions": [ + "AssociateVehicleFleet", + "BatchCreateVehicle", + "BatchUpdateVehicle", + "CreateCampaign", + "CreateDecoderManifest", + "CreateFleet", + "CreateModelManifest", + "CreateSignalCatalog", + "CreateVehicle", + "DeleteCampaign", + "DeleteDecoderManifest", + "DeleteFleet", + "DeleteModelManifest", + "DeleteSignalCatalog", + "DeleteVehicle", + "DisassociateVehicleFleet", + "GetCampaign", + "GetDecoderManifest", + "GetEncryptionConfiguration", + "GetFleet", + "GetLoggingOptions", + "GetModelManifest", + "GetRegisterAccountStatus", + "GetSignalCatalog", + "GetVehicle", + "GetVehicleStatus", + "ImportDecoderManifest", + "ImportSignalCatalog", + "ListCampaigns", + "ListDecoderManifestNetworkInterfaces", + "ListDecoderManifestSignals", + "ListDecoderManifests", + "ListFleets", + "ListFleetsForVehicle", + "ListModelManifestNodes", + "ListModelManifests", + "ListSignalCatalogNodes", + "ListSignalCatalogs", + "ListTagsForResource", + "ListVehicles", + "ListVehiclesInFleet", + "PutEncryptionConfiguration", + "PutLoggingOptions", + "RegisterAccount", + "TagResource", + "UntagResource", + "UpdateCampaign", + "UpdateDecoderManifest", + "UpdateFleet", + "UpdateModelManifest", + "UpdateSignalCatalog", + "UpdateVehicle" + ], + "HasResource": true, + "StringPrefix": "iotfleetwise", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "iotfleetwise:DestinationArn", + "iotfleetwise:UpdateToDecoderManifestArn", + "iotfleetwise:UpdateToModelManifestArn" + ] + }, + "AWS IoT Greengrass": { + "ARNFormat": "arn:aws:greengrass:${Region}:${Account}:/greengrass/${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:greengrass:.+:[0-9]+:.+", + "Actions": [ + "AssociateRoleToGroup", + "AssociateServiceRoleToAccount", + "CreateConnectorDefinition", + "CreateConnectorDefinitionVersion", + "CreateCoreDefinition", + "CreateCoreDefinitionVersion", + "CreateDeployment", + "CreateDeviceDefinition", + "CreateDeviceDefinitionVersion", + "CreateFunctionDefinition", + "CreateFunctionDefinitionVersion", + "CreateGroup", + "CreateGroupCertificateAuthority", + "CreateGroupVersion", + "CreateLoggerDefinition", + "CreateLoggerDefinitionVersion", + "CreateResourceDefinition", + "CreateResourceDefinitionVersion", + "CreateSoftwareUpdateJob", + "CreateSubscriptionDefinition", + "CreateSubscriptionDefinitionVersion", + "DeleteConnectorDefinition", + "DeleteCoreDefinition", + "DeleteDeviceDefinition", + "DeleteFunctionDefinition", + "DeleteGroup", + "DeleteLoggerDefinition", + "DeleteResourceDefinition", + "DeleteSubscriptionDefinition", + "DisassociateRoleFromGroup", + "DisassociateServiceRoleFromAccount", + "Discover", + "GetAssociatedRole", + "GetBulkDeploymentStatus", + "GetConnectivityInfo", + "GetConnectorDefinition", + "GetConnectorDefinitionVersion", + "GetCoreDefinition", + "GetCoreDefinitionVersion", + "GetDeploymentStatus", + "GetDeviceDefinition", + "GetDeviceDefinitionVersion", + "GetFunctionDefinition", + "GetFunctionDefinitionVersion", + "GetGroup", + "GetGroupCertificateAuthority", + "GetGroupCertificateConfiguration", + "GetGroupVersion", + "GetLoggerDefinition", + "GetLoggerDefinitionVersion", + "GetResourceDefinition", + "GetResourceDefinitionVersion", + "GetServiceRoleForAccount", + "GetSubscriptionDefinition", + "GetSubscriptionDefinitionVersion", + "GetThingRuntimeConfiguration", + "ListBulkDeploymentDetailedReports", + "ListBulkDeployments", + "ListConnectorDefinitionVersions", + "ListConnectorDefinitions", + "ListCoreDefinitionVersions", + "ListCoreDefinitions", + "ListDeployments", + "ListDeviceDefinitionVersions", + "ListDeviceDefinitions", + "ListFunctionDefinitionVersions", + "ListFunctionDefinitions", + "ListGroupCertificateAuthorities", + "ListGroupVersions", + "ListGroups", + "ListLoggerDefinitionVersions", + "ListLoggerDefinitions", + "ListResourceDefinitionVersions", + "ListResourceDefinitions", + "ListSubscriptionDefinitionVersions", + "ListSubscriptionDefinitions", + "ListTagsForResource", + "ResetDeployments", + "StartBulkDeployment", + "StopBulkDeployment", + "TagResource", + "UntagResource", + "UpdateConnectivityInfo", + "UpdateConnectorDefinition", + "UpdateCoreDefinition", + "UpdateDeviceDefinition", + "UpdateFunctionDefinition", + "UpdateGroup", + "UpdateGroupCertificateConfiguration", + "UpdateLoggerDefinition", + "UpdateResourceDefinition", + "UpdateSubscriptionDefinition", + "UpdateThingRuntimeConfiguration" + ], + "HasResource": true, + "StringPrefix": "greengrass", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS IoT Greengrass V2": { + "ARNFormat": "arn:aws:greengrass:${Region}:${Account}:${ResourceType}:${ResourcePath}", + "ARNRegex": "^arn:aws:greengrass:.+", + "Actions": [ + "AssociateServiceRoleToAccount", + "BatchAssociateClientDeviceWithCoreDevice", + "BatchDisassociateClientDeviceFromCoreDevice", + "CancelDeployment", + "CreateComponentVersion", + "CreateDeployment", + "DeleteComponent", + "DeleteCoreDevice", + "DeleteDeployment", + "DescribeComponent", + "DisassociateServiceRoleFromAccount", + "GetComponent", + "GetComponentVersionArtifact", + "GetConnectivityInfo", + "GetCoreDevice", + "GetDeployment", + "GetServiceRoleForAccount", + "ListClientDevicesAssociatedWithCoreDevice", + "ListComponentVersions", + "ListComponents", + "ListCoreDevices", + "ListDeployments", + "ListEffectiveDeployments", + "ListInstalledComponents", + "ListTagsForResource", + "ResolveComponentCandidates", + "TagResource", + "UntagResource", + "UpdateConnectivityInfo" + ], + "HasResource": true, + "StringPrefix": "greengrass", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS IoT Jobs DataPlane": { + "ARNFormat": "arn:aws:iot:${Region}:${Account}:${Type}/${Name}", + "ARNRegex": "^arn:aws:iot:.+:[0-9]+:.+", + "Actions": [ + "DescribeJobExecution", + "GetPendingJobExecutions", + "StartNextPendingJobExecution", + "UpdateJobExecution" + ], + "HasResource": true, + "StringPrefix": "iotjobsdata", + "conditionKeys": [ + "iot:JobId" + ] + }, + "AWS IoT RoboRunner": { + "ARNFormat": "arn:aws:iotroborunner:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:iotroborunner:.+:.+:.+", + "Actions": [ + "CreateDestination", + "CreateSite", + "CreateWorker", + "CreateWorkerFleet", + "DeleteDestination", + "DeleteSite", + "DeleteWorker", + "DeleteWorkerFleet", + "GetDestination", + "GetSite", + "GetWorker", + "GetWorkerFleet", + "ListDestinations", + "ListSites", + "ListWorkerFleets", + "ListWorkers", + "UpdateDestination", + "UpdateSite", + "UpdateWorker", + "UpdateWorkerFleet" + ], + "HasResource": true, + "StringPrefix": "iotroborunner", + "conditionKeys": [ + "iotroborunner:DestinationResourceId", + "iotroborunner:SiteResourceId", + "iotroborunner:WorkerFleetResourceId", + "iotroborunner:WorkerResourceId" + ] + }, + "AWS IoT SiteWise": { + "ARNFormat": "arn:aws:iotsitewise:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:iotsitewise:.+:.+:.+", + "Actions": [ + "AssociateAssets", + "AssociateTimeSeriesToAssetProperty", + "BatchAssociateProjectAssets", + "BatchDisassociateProjectAssets", + "BatchGetAssetPropertyAggregates", + "BatchGetAssetPropertyValue", + "BatchGetAssetPropertyValueHistory", + "BatchPutAssetPropertyValue", + "CreateAccessPolicy", + "CreateAsset", + "CreateAssetModel", + "CreateBulkImportJob", + "CreateDashboard", + "CreateGateway", + "CreatePortal", + "CreateProject", + "DeleteAccessPolicy", + "DeleteAsset", + "DeleteAssetModel", + "DeleteDashboard", + "DeleteGateway", + "DeletePortal", + "DeleteProject", + "DeleteTimeSeries", + "DescribeAccessPolicy", + "DescribeAsset", + "DescribeAssetModel", + "DescribeAssetProperty", + "DescribeBulkImportJob", + "DescribeDashboard", + "DescribeDefaultEncryptionConfiguration", + "DescribeGateway", + "DescribeGatewayCapabilityConfiguration", + "DescribeLoggingOptions", + "DescribePortal", + "DescribeProject", + "DescribeStorageConfiguration", + "DescribeTimeSeries", + "DisassociateAssets", + "DisassociateTimeSeriesFromAssetProperty", + "GetAssetPropertyAggregates", + "GetAssetPropertyValue", + "GetAssetPropertyValueHistory", + "GetInterpolatedAssetPropertyValues", + "ListAccessPolicies", + "ListAssetModelProperties", + "ListAssetModels", + "ListAssetProperties", + "ListAssetRelationships", + "ListAssets", + "ListAssociatedAssets", + "ListBulkImportJobs", + "ListDashboards", + "ListGateways", + "ListPortals", + "ListProjectAssets", + "ListProjects", + "ListTagsForResource", + "ListTimeSeries", + "PutDefaultEncryptionConfiguration", + "PutLoggingOptions", + "PutStorageConfiguration", + "TagResource", + "UntagResource", + "UpdateAccessPolicy", + "UpdateAsset", + "UpdateAssetModel", + "UpdateAssetModelPropertyRouting", + "UpdateAssetProperty", + "UpdateDashboard", + "UpdateGateway", + "UpdateGatewayCapabilityConfiguration", + "UpdatePortal", + "UpdateProject" + ], + "HasResource": true, + "StringPrefix": "iotsitewise", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "iotsitewise:assetHierarchyPath", + "iotsitewise:childAssetId", + "iotsitewise:group", + "iotsitewise:iam", + "iotsitewise:isAssociatedWithAssetProperty", + "iotsitewise:portal", + "iotsitewise:project", + "iotsitewise:propertyAlias", + "iotsitewise:propertyId", + "iotsitewise:user" + ] + }, + "AWS IoT TwinMaker": { + "ARNFormat": "arn:aws:iottwinmaker:${Region}:${Account}:${ResourceType}/${ResourceTypeId}", + "ARNRegex": "^arn:aws:iottwinmaker:.+:.+:.+", + "Actions": [ + "BatchPutPropertyValues", + "CreateComponentType", + "CreateEntity", + "CreateScene", + "CreateSyncJob", + "CreateWorkspace", + "DeleteComponentType", + "DeleteEntity", + "DeleteScene", + "DeleteSyncJob", + "DeleteWorkspace", + "ExecuteQuery", + "GetComponentType", + "GetEntity", + "GetPricingPlan", + "GetPropertyValue", + "GetPropertyValueHistory", + "GetScene", + "GetSyncJob", + "GetWorkspace", + "ListComponentTypes", + "ListEntities", + "ListScenes", + "ListSyncJobs", + "ListSyncResources", + "ListTagsForResource", + "ListWorkspaces", + "TagResource", + "UntagResource", + "UpdateComponentType", + "UpdateEntity", + "UpdatePricingPlan", + "UpdateScene", + "UpdateWorkspace" + ], + "HasResource": true, + "StringPrefix": "iottwinmaker", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS IoT Wireless": { + "ARNFormat": "arn:aws:iotwireless:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:iotwireless:.+", + "Actions": [ + "AssociateAwsAccountWithPartnerAccount", + "AssociateMulticastGroupWithFuotaTask", + "AssociateWirelessDeviceWithFuotaTask", + "AssociateWirelessDeviceWithMulticastGroup", + "AssociateWirelessDeviceWithThing", + "AssociateWirelessGatewayWithCertificate", + "AssociateWirelessGatewayWithThing", + "CancelMulticastGroupSession", + "CreateDestination", + "CreateDeviceProfile", + "CreateFuotaTask", + "CreateMulticastGroup", + "CreateNetworkAnalyzerConfiguration", + "CreateServiceProfile", + "CreateWirelessDevice", + "CreateWirelessGateway", + "CreateWirelessGatewayTask", + "CreateWirelessGatewayTaskDefinition", + "DeleteDestination", + "DeleteDeviceProfile", + "DeleteFuotaTask", + "DeleteMulticastGroup", + "DeleteNetworkAnalyzerConfiguration", + "DeleteQueuedMessages", + "DeleteServiceProfile", + "DeleteWirelessDevice", + "DeleteWirelessDeviceImportTask", + "DeleteWirelessGateway", + "DeleteWirelessGatewayTask", + "DeleteWirelessGatewayTaskDefinition", + "DeregisterWirelessDevice", + "DisassociateAwsAccountFromPartnerAccount", + "DisassociateMulticastGroupFromFuotaTask", + "DisassociateWirelessDeviceFromFuotaTask", + "DisassociateWirelessDeviceFromMulticastGroup", + "DisassociateWirelessDeviceFromThing", + "DisassociateWirelessGatewayFromCertificate", + "DisassociateWirelessGatewayFromThing", + "GetDestination", + "GetDeviceProfile", + "GetEventConfigurationByResourceTypes", + "GetFuotaTask", + "GetLogLevelsByResourceTypes", + "GetMulticastGroup", + "GetMulticastGroupSession", + "GetNetworkAnalyzerConfiguration", + "GetPartnerAccount", + "GetPosition", + "GetPositionConfiguration", + "GetPositionEstimate", + "GetResourceEventConfiguration", + "GetResourceLogLevel", + "GetResourcePosition", + "GetServiceEndpoint", + "GetServiceProfile", + "GetWirelessDevice", + "GetWirelessDeviceImportTask", + "GetWirelessDeviceStatistics", + "GetWirelessGateway", + "GetWirelessGatewayCertificate", + "GetWirelessGatewayFirmwareInformation", + "GetWirelessGatewayStatistics", + "GetWirelessGatewayTask", + "GetWirelessGatewayTaskDefinition", + "ListDestinations", + "ListDeviceProfiles", + "ListDevicesForWirelessDeviceImportTask", + "ListEventConfigurations", + "ListFuotaTasks", + "ListMulticastGroups", + "ListMulticastGroupsByFuotaTask", + "ListNetworkAnalyzerConfigurations", + "ListPartnerAccounts", + "ListPositionConfigurations", + "ListQueuedMessages", + "ListServiceProfiles", + "ListTagsForResource", + "ListWirelessDeviceImportTasks", + "ListWirelessDevices", + "ListWirelessGatewayTaskDefinitions", + "ListWirelessGateways", + "PutPositionConfiguration", + "PutResourceLogLevel", + "ResetAllResourceLogLevels", + "ResetResourceLogLevel", + "SendDataToMulticastGroup", + "SendDataToWirelessDevice", + "StartBulkAssociateWirelessDeviceWithMulticastGroup", + "StartBulkDisassociateWirelessDeviceFromMulticastGroup", + "StartFuotaTask", + "StartMulticastGroupSession", + "StartNetworkAnalyzerStream", + "StartSingleWirelessDeviceImportTask", + "StartWirelessDeviceImportTask", + "TagResource", + "TestWirelessDevice", + "UntagResource", + "UpdateDestination", + "UpdateEventConfigurationByResourceTypes", + "UpdateFuotaTask", + "UpdateLogLevelsByResourceTypes", + "UpdateMulticastGroup", + "UpdateNetworkAnalyzerConfiguration", + "UpdatePartnerAccount", + "UpdatePosition", + "UpdateResourceEventConfiguration", + "UpdateResourcePosition", + "UpdateWirelessDevice", + "UpdateWirelessDeviceImportTask", + "UpdateWirelessGateway" + ], + "HasResource": true, + "StringPrefix": "iotwireless", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Key Management Service": { + "ARNFormat": "arn:aws:kms:${Region}:${Account}:${ResourceType}/${Id}", + "ARNRegex": "^arn:aws:kms:.+", + "Actions": [ + "CancelKeyDeletion", + "ConnectCustomKeyStore", + "CreateAlias", + "CreateCustomKeyStore", + "CreateGrant", + "CreateKey", + "Decrypt", + "DeleteAlias", + "DeleteCustomKeyStore", + "DeleteImportedKeyMaterial", + "DescribeCustomKeyStores", + "DescribeKey", + "DisableKey", + "DisableKeyRotation", + "DisconnectCustomKeyStore", + "EnableKey", + "EnableKeyRotation", + "Encrypt", + "GenerateDataKey", + "GenerateDataKeyPair", + "GenerateDataKeyPairWithoutPlaintext", + "GenerateDataKeyWithoutPlaintext", + "GenerateMac", + "GenerateRandom", + "GetKeyPolicy", + "GetKeyRotationStatus", + "GetParametersForImport", + "GetPublicKey", + "ImportKeyMaterial", + "ListAliases", + "ListGrants", + "ListKeyPolicies", + "ListKeys", + "ListResourceTags", + "ListRetirableGrants", + "PutKeyPolicy", + "ReEncryptFrom", + "ReEncryptTo", + "ReplicateKey", + "RetireGrant", + "RevokeGrant", + "ScheduleKeyDeletion", + "Sign", + "SynchronizeMultiRegionKey", + "TagResource", + "UntagResource", + "UpdateAlias", + "UpdateCustomKeyStore", + "UpdateKeyDescription", + "UpdatePrimaryRegion", + "Verify", + "VerifyMac" + ], + "HasResource": true, + "StringPrefix": "kms", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "kms:BypassPolicyLockoutSafetyCheck", + "kms:CallerAccount", + "kms:CustomerMasterKeySpec", + "kms:CustomerMasterKeyUsage", + "kms:DataKeyPairSpec", + "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", + "kms:EncryptionContextKeys", + "kms:ExpirationModel", + "kms:GrantConstraintType", + "kms:GrantIsForAWSResource", + "kms:GrantOperations", + "kms:GranteePrincipal", + "kms:KeyOrigin", + "kms:KeySpec", + "kms:KeyUsage", + "kms:MacAlgorithm", + "kms:MessageType", + "kms:MultiRegion", + "kms:MultiRegionKeyType", + "kms:PrimaryRegion", + "kms:ReEncryptOnSameKey", + "kms:RecipientAttestation:ImageSha384", + "kms:RecipientAttestation:PCR", + "kms:ReplicaRegion", + "kms:RequestAlias", + "kms:ResourceAliases", + "kms:RetiringPrincipal", + "kms:ScheduleKeyDeletionPendingWindowInDays", + "kms:SigningAlgorithm", + "kms:ValidTo", + "kms:ViaService", + "kms:WrappingAlgorithm", + "kms:WrappingKeySpec" + ] + }, + "AWS Lake Formation": { + "ARNFormat": "arn:${Partition}:lakeformation:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:lakeformation:.+:.+", + "Actions": [ + "AddLFTagsToResource", + "BatchGrantPermissions", + "BatchRevokePermissions", + "CancelTransaction", + "CommitTransaction", + "CreateDataCellsFilter", + "CreateLFTag", + "CreateLakeFormationOptIn", + "DeleteDataCellsFilter", + "DeleteLFTag", + "DeleteLakeFormationOptIn", + "DeleteObjectsOnCancel", + "DeregisterResource", + "DescribeResource", + "DescribeTransaction", + "ExtendTransaction", + "GetDataAccess", + "GetDataCellsFilter", + "GetDataLakeSettings", + "GetEffectivePermissionsForPath", + "GetLFTag", + "GetQueryState", + "GetQueryStatistics", + "GetResourceLFTags", + "GetTableObjects", + "GetWorkUnitResults", + "GetWorkUnits", + "GrantPermissions", + "ListDataCellsFilter", + "ListLFTags", + "ListLakeFormationOptIns", + "ListPermissions", + "ListResources", + "ListTableStorageOptimizers", + "ListTransactions", + "PutDataLakeSettings", + "RegisterResource", + "RemoveLFTagsFromResource", + "RevokePermissions", + "SearchDatabasesByLFTags", + "SearchTablesByLFTags", + "StartQueryPlanning", + "StartTransaction", + "UpdateDataCellsFilter", + "UpdateLFTag", + "UpdateResource", + "UpdateTableObjects", + "UpdateTableStorageOptimizer" + ], + "HasResource": false, + "StringPrefix": "lakeformation" + }, + "AWS Lambda": { + "ARNFormat": "arn:aws:lambda:${Region}:${Account}:${ResourceType}:${ResourceId}", + "ARNRegex": "^arn:aws:lambda:.+", + "Actions": [ + "AddLayerVersionPermission", + "AddPermission", + "CreateAlias", + "CreateCodeSigningConfig", + "CreateEventSourceMapping", + "CreateFunction", + "CreateFunctionUrlConfig", + "DeleteAlias", + "DeleteCodeSigningConfig", + "DeleteEventSourceMapping", + "DeleteFunction", + "DeleteFunctionCodeSigningConfig", + "DeleteFunctionConcurrency", + "DeleteFunctionEventInvokeConfig", + "DeleteFunctionUrlConfig", + "DeleteLayerVersion", + "DeleteProvisionedConcurrencyConfig", + "DisableReplication", + "EnableReplication", + "GetAccountSettings", + "GetAlias", + "GetCodeSigningConfig", + "GetEventSourceMapping", + "GetFunction", + "GetFunctionCodeSigningConfig", + "GetFunctionConcurrency", + "GetFunctionConfiguration", + "GetFunctionEventInvokeConfig", + "GetFunctionUrlConfig", + "GetLayerVersion", + "GetLayerVersionPolicy", + "GetPolicy", + "GetProvisionedConcurrencyConfig", + "GetRuntimeManagementConfig", + "InvokeAsync", + "InvokeFunction", + "InvokeFunctionUrl", + "ListAliases", + "ListCodeSigningConfigs", + "ListEventSourceMappings", + "ListFunctionEventInvokeConfigs", + "ListFunctionUrlConfigs", + "ListFunctions", + "ListFunctionsByCodeSigningConfig", + "ListLayerVersions", + "ListLayers", + "ListProvisionedConcurrencyConfigs", + "ListTags", + "ListVersionsByFunction", + "PublishLayerVersion", + "PublishVersion", + "PutFunctionCodeSigningConfig", + "PutFunctionConcurrency", + "PutFunctionEventInvokeConfig", + "PutProvisionedConcurrencyConfig", + "PutRuntimeManagementConfig", + "RemoveLayerVersionPermission", + "RemovePermission", + "TagResource", + "UntagResource", + "UpdateAlias", + "UpdateCodeSigningConfig", + "UpdateEventSourceMapping", + "UpdateFunctionCode", + "UpdateFunctionCodeSigningConfig", + "UpdateFunctionConfiguration", + "UpdateFunctionEventInvokeConfig", + "UpdateFunctionUrlConfig" + ], + "HasResource": true, + "StringPrefix": "lambda", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "lambda:CodeSigningConfigArn", + "lambda:EventSourceToken", + "lambda:FunctionArn", + "lambda:FunctionUrlAuthType", + "lambda:Layer", + "lambda:Principal", + "lambda:SecurityGroupIds", + "lambda:SourceFunctionArn", + "lambda:SubnetIds", + "lambda:VpcIds" + ] + }, + "AWS Launch Wizard": { + "ARNRegex": "^arn:aws:launchwizard:.+:.+:.+", + "Actions": [ + "CreateAdditionalNode", + "CreateDeployment", + "CreateSettingsSet", + "DeleteAdditionalNode", + "DeleteApp", + "DeleteDeployment", + "DeleteSettingsSet", + "DescribeAdditionalNode", + "DescribeProvisionedApp", + "DescribeProvisioningEvents", + "DescribeSettingsSet", + "GetDeployment", + "GetInfrastructureSuggestion", + "GetIpAddress", + "GetResourceCostEstimate", + "GetResourceRecommendation", + "GetSettingsSet", + "GetWorkload", + "GetWorkloadAsset", + "GetWorkloadAssets", + "ListAdditionalNodes", + "ListAllowedResources", + "ListDeploymentEvents", + "ListDeployments", + "ListProvisionedApps", + "ListResourceCostEstimates", + "ListSettingsSets", + "ListWorkloadDeploymentOptions", + "ListWorkloadDeploymentPatterns", + "ListWorkloads", + "PutSettingsSet", + "StartProvisioning", + "UpdateSettingsSet" + ], + "HasResource": false, + "StringPrefix": "launchwizard" + }, + "AWS License Manager": { + "ARNFormat": "arn:aws:license-manager:${Region}:${Account}:${ResourceType}:${ResourceId}", + "ARNRegex": "^arn:aws:license-manager:.+:.+:.+", + "Actions": [ + "AcceptGrant", + "CheckInLicense", + "CheckoutBorrowLicense", + "CheckoutLicense", + "CreateGrant", + "CreateGrantVersion", + "CreateLicense", + "CreateLicenseConfiguration", + "CreateLicenseConversionTaskForResource", + "CreateLicenseManagerReportGenerator", + "CreateLicenseVersion", + "CreateToken", + "DeleteGrant", + "DeleteLicense", + "DeleteLicenseConfiguration", + "DeleteLicenseManagerReportGenerator", + "DeleteToken", + "ExtendLicenseConsumption", + "GetAccessToken", + "GetGrant", + "GetLicense", + "GetLicenseConfiguration", + "GetLicenseConversionTask", + "GetLicenseManagerReportGenerator", + "GetLicenseUsage", + "GetServiceSettings", + "ListAssociationsForLicenseConfiguration", + "ListDistributedGrants", + "ListFailuresForLicenseConfigurationOperations", + "ListLicenseConfigurations", + "ListLicenseConversionTasks", + "ListLicenseManagerReportGenerators", + "ListLicenseSpecificationsForResource", + "ListLicenseVersions", + "ListLicenses", + "ListReceivedGrants", + "ListReceivedGrantsForOrganization", + "ListReceivedLicenses", + "ListReceivedLicensesForOrganization", + "ListResourceInventory", + "ListTagsForResource", + "ListTokens", + "ListUsageForLicenseConfiguration", + "RejectGrant", + "TagResource", + "UntagResource", + "UpdateLicenseConfiguration", + "UpdateLicenseManagerReportGenerator", + "UpdateLicenseSpecificationsForResource", + "UpdateServiceSettings" + ], + "HasResource": true, + "StringPrefix": "license-manager", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "license-manager:ResourceTag/${TagKey}" + ] + }, + "AWS License Manager Linux Subscriptions Manager": { + "Actions": [ + "GetServiceSettings", + "ListLinuxSubscriptionInstances", + "ListLinuxSubscriptions", + "UpdateServiceSettings" + ], + "HasResource": false, + "StringPrefix": "license-manager-linux-subscriptions" + }, + "AWS License Manager User Subscriptions": { + "Actions": [ + "AssociateUser", + "DeregisterIdentityProvider", + "DisassociateUser", + "ListIdentityProviders", + "ListInstances", + "ListProductSubscriptions", + "ListUserAssociations", + "RegisterIdentityProvider", + "StartProductSubscription", + "StopProductSubscription", + "UpdateIdentityProviderSettings" + ], + "HasResource": false, + "StringPrefix": "license-manager-user-subscriptions" + }, + "AWS Mainframe Modernization Service": { + "ARNFormat": "arn:aws:m2:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:m2:${Region}:${Account}:.+", + "Actions": [ + "CancelBatchJobExecution", + "CreateApplication", + "CreateDataSetImportTask", + "CreateDeployment", + "CreateEnvironment", + "DeleteApplication", + "DeleteApplicationFromEnvironment", + "DeleteEnvironment", + "GetApplication", + "GetApplicationVersion", + "GetBatchJobExecution", + "GetDataSetDetails", + "GetDataSetImportTask", + "GetDeployment", + "GetEnvironment", + "GetSignedBluinsightsUrl", + "ListApplicationVersions", + "ListApplications", + "ListBatchJobDefinitions", + "ListBatchJobExecutions", + "ListDataSetImportHistory", + "ListDataSets", + "ListDeployments", + "ListEngineVersions", + "ListEnvironments", + "ListTagsForResource", + "StartApplication", + "StartBatchJob", + "StopApplication", + "TagResource", + "UntagResource", + "UpdateApplication", + "UpdateEnvironment" + ], + "HasResource": true, + "StringPrefix": "m2", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Marketplace": { + "Actions": [ + "AcceptAgreementApprovalRequest", + "AcceptAgreementRequest", + "CancelAgreement", + "CancelAgreementRequest", + "CreateAgreementRequest", + "DescribeAgreement", + "GetAgreementApprovalRequest", + "GetAgreementRequest", + "GetAgreementTerms", + "ListAgreementApprovalRequests", + "ListAgreementRequests", + "ListEntitlementDetails", + "RejectAgreementApprovalRequest", + "SearchAgreements", + "Subscribe", + "Unsubscribe", + "UpdateAgreementApprovalRequest", + "ViewSubscriptions" + ], + "HasResource": false, + "StringPrefix": "aws-marketplace", + "conditionKeys": [ + "aws-marketplace:AgreementType", + "aws-marketplace:PartyType", + "aws-marketplace:ProductId" + ] + }, + "AWS Marketplace Catalog": { + "ARNFormat": "arn:aws:aws-marketplace:${Region}:${Account}:${Catalog}/${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:aws-marketplace:.+", + "Actions": [ + "CancelChangeSet", + "CompleteTask", + "DeleteResourcePolicy", + "DescribeChangeSet", + "DescribeEntity", + "DescribeTask", + "GetResourcePolicy", + "ListChangeSets", + "ListEntities", + "ListTagsForResource", + "ListTasks", + "PutResourcePolicy", + "StartChangeSet", + "TagResource", + "UntagResource", + "UpdateTask" + ], + "HasResource": true, "StringPrefix": "aws-marketplace", "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", "catalog:ChangeType" ] }, + "AWS Marketplace Commerce Analytics Service": { + "Actions": [ + "GenerateDataSet", + "StartSupportDataExport" + ], + "HasResource": false, + "StringPrefix": "marketplacecommerceanalytics" + }, + "AWS Marketplace Discovery": { + "Actions": [ + "ListPrivateListings" + ], + "HasResource": false, + "StringPrefix": "aws-marketplace" + }, "AWS Marketplace Entitlement Service": { "Actions": [ "GetEntitlements" @@ -3140,7 +6919,17 @@ "StringPrefix": "aws-marketplace" }, "AWS Marketplace Management Portal": { + "ARNFormat": "arn:${Partition}:Marketplace:${Region}:${Account}:${Resource}", + "ARNRegex": "^arn:${Partition}:Marketplace:.+", "Actions": [ + "GetAdditionalSellerNotificationRecipients", + "GetBankAccountVerificationDetails", + "GetSecondaryUserVerificationDetails", + "GetSellerVerificationDetails", + "PutAdditionalSellerNotificationRecipients", + "PutBankAccountVerificationDetails", + "PutSecondaryUserVerificationDetails", + "PutSellerVerificationDetails", "uploadFiles", "viewMarketing", "viewReports", @@ -3160,6 +6949,17 @@ "HasResource": false, "StringPrefix": "aws-marketplace" }, + "AWS Marketplace Private Marketplace": { + "Actions": [ + "AssociateProductsWithPrivateMarketplace", + "CreatePrivateMarketplaceRequests", + "DescribePrivateMarketplaceRequests", + "DisassociateProductsFromPrivateMarketplace", + "ListPrivateMarketplaceRequests" + ], + "HasResource": false, + "StringPrefix": "aws-marketplace" + }, "AWS Marketplace Procurement Systems Integration": { "Actions": [ "DescribeProcurementSystemConfiguration", @@ -3168,14 +6968,81 @@ "HasResource": false, "StringPrefix": "aws-marketplace" }, + "AWS Marketplace Seller Reporting": { + "ARNFormat": "arn:aws:aws-marketplace::${Account}:${Catalog}/${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:aws-marketplace:.+", + "Actions": [ + "GetSellerDashboard" + ], + "HasResource": true, + "StringPrefix": "aws-marketplace" + }, + "AWS Marketplace Vendor Insights": { + "ARNFormat": "arn:aws:vendor-insights:::${ResourceType}:${ResourceId}", + "ARNRegex": "^arn:aws:vendor-insights:.+", + "Actions": [ + "ActivateSecurityProfile", + "AssociateDataSource", + "CreateDataSource", + "CreateSecurityProfile", + "DeactivateSecurityProfile", + "DeleteDataSource", + "DisassociateDataSource", + "GetDataSource", + "GetEntitledSecurityProfileSnapshot", + "GetProfileAccessTerms", + "GetSecurityProfile", + "GetSecurityProfileSnapshot", + "ListDataSources", + "ListEntitledSecurityProfileSnapshots", + "ListEntitledSecurityProfiles", + "ListSecurityProfileSnapshots", + "ListSecurityProfiles", + "ListTagsForResource", + "TagResource", + "UntagResource", + "UpdateDataSource", + "UpdateSecurityProfile", + "UpdateSecurityProfileSnapshotCreationConfiguration", + "UpdateSecurityProfileSnapshotReleaseConfiguration" + ], + "HasResource": true, + "StringPrefix": "vendor-insights", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Microservice Extractor for .NET": { + "ARNFormat": "arn:${Partition}:serviceextract:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:serviceextract:.+:.+:.+", + "Actions": [ + "GetConfig" + ], + "HasResource": false, + "StringPrefix": "serviceextract" + }, + "AWS Migration Acceleration Program Credits": { + "ARNFormat": "arn:aws:mapcredits:::${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:mapcredits:::.+", + "Actions": [ + "ListAssociatedPrograms", + "ListQuarterCredits", + "ListQuarterSpend" + ], + "HasResource": true, + "StringPrefix": "mapcredits" + }, "AWS Migration Hub": { - "ARNFormat": "arn:aws:mgh:\u003cregion\u003e:\u003cnamespace\u003e:\u003crelative-id\u003e", - "ARNRegex": "^arn:aws:mgh:[a-z0-9-]+:[0-9]{12}:.+", + "ARNFormat": "arn:aws:mgh:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:mgh:.+", "Actions": [ "AssociateCreatedArtifact", "AssociateDiscoveredResource", "CreateHomeRegionControl", "CreateProgressUpdateStream", + "DeleteHomeRegionControl", "DeleteProgressUpdateStream", "DescribeApplicationState", "DescribeHomeRegionControls", @@ -3184,6 +7051,7 @@ "DisassociateDiscoveredResource", "GetHomeRegion", "ImportMigrationTask", + "ListApplicationStates", "ListCreatedArtifacts", "ListDiscoveredResources", "ListMigrationTasks", @@ -3193,41 +7061,287 @@ "PutResourceAttributes" ], "HasResource": true, - "StringPrefix": "mgh" + "StringPrefix": "mgh" + }, + "AWS Migration Hub Orchestrator": { + "ARNFormat": "arn:aws:migrationhub-orchestrator:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:migrationhub-orchestrator:.+:.+:.+", + "Actions": [ + "CreateWorkflow", + "CreateWorkflowStep", + "CreateWorkflowStepGroup", + "DeleteWorkflow", + "DeleteWorkflowStep", + "DeleteWorkflowStepGroup", + "GetMessage", + "GetTemplate", + "GetTemplateStep", + "GetTemplateStepGroup", + "GetWorkflow", + "GetWorkflowStep", + "GetWorkflowStepGroup", + "ListPlugins", + "ListTagsForResource", + "ListTemplateStepGroups", + "ListTemplateSteps", + "ListTemplates", + "ListWorkflowStepGroups", + "ListWorkflowSteps", + "ListWorkflows", + "RegisterPlugin", + "RetryWorkflowStep", + "SendMessage", + "StartWorkflow", + "StopWorkflow", + "TagResource", + "UntagResource", + "UpdateWorkflow", + "UpdateWorkflowStep", + "UpdateWorkflowStepGroup" + ], + "HasResource": true, + "StringPrefix": "migrationhub-orchestrator", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Migration Hub Refactor Spaces": { + "ARNFormat": "arn:aws:refactor-spaces:${Region}:${Account}:${ResourceType}/${RelativeId}", + "ARNRegex": "^arn:aws:refactor-spaces:.+", + "Actions": [ + "CreateApplication", + "CreateEnvironment", + "CreateRoute", + "CreateService", + "DeleteApplication", + "DeleteEnvironment", + "DeleteResourcePolicy", + "DeleteRoute", + "DeleteService", + "GetApplication", + "GetEnvironment", + "GetResourcePolicy", + "GetRoute", + "GetService", + "ListApplications", + "ListEnvironmentVpcs", + "ListEnvironments", + "ListRoutes", + "ListServices", + "ListTagsForResource", + "PutResourcePolicy", + "TagResource", + "UntagResource", + "UpdateRoute" + ], + "HasResource": true, + "StringPrefix": "refactor-spaces", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "refactor-spaces:ApplicationCreatedByAccount", + "refactor-spaces:CreatedByAccountIds", + "refactor-spaces:RouteCreatedByAccount", + "refactor-spaces:ServiceCreatedByAccount", + "refactor-spaces:SourcePath" + ] + }, + "AWS Migration Hub Strategy Recommendations": { + "ARNFormat": "arn:${Partition}:iam:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:${Partition}:${ServiceName}:.+:.+:.+", + "Actions": [ + "GetAntiPattern", + "GetApplicationComponentDetails", + "GetApplicationComponentStrategies", + "GetAssessment", + "GetImportFileTask", + "GetLatestAssessmentId", + "GetMessage", + "GetPortfolioPreferences", + "GetPortfolioSummary", + "GetRecommendationReportDetails", + "GetServerDetails", + "GetServerStrategies", + "ListAnalyzableServers", + "ListAntiPatterns", + "ListApplicationComponents", + "ListCollectors", + "ListImportFileTask", + "ListJarArtifacts", + "ListServers", + "PutPortfolioPreferences", + "RegisterCollector", + "SendMessage", + "StartAssessment", + "StartImportFileTask", + "StartRecommendationReportGeneration", + "StopAssessment", + "UpdateApplicationComponentConfig", + "UpdateCollectorConfiguration", + "UpdateServerConfig" + ], + "HasResource": false, + "StringPrefix": "migrationhub-strategy" + }, + "AWS Network Firewall": { + "ARNFormat": "arn:aws:network-firewall:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:network-firewall:.+:.+:.+", + "Actions": [ + "AssociateFirewallPolicy", + "AssociateSubnets", + "CreateFirewall", + "CreateFirewallPolicy", + "CreateRuleGroup", + "CreateTLSInspectionConfiguration", + "DeleteFirewall", + "DeleteFirewallPolicy", + "DeleteResourcePolicy", + "DeleteRuleGroup", + "DeleteTLSInspectionConfiguration", + "DescribeFirewall", + "DescribeFirewallPolicy", + "DescribeLoggingConfiguration", + "DescribeResourcePolicy", + "DescribeRuleGroup", + "DescribeRuleGroupMetadata", + "DescribeTLSInspectionConfiguration", + "DisassociateSubnets", + "ListFirewallPolicies", + "ListFirewalls", + "ListRuleGroups", + "ListTLSInspectionConfigurations", + "ListTagsForResource", + "PutResourcePolicy", + "TagResource", + "UntagResource", + "UpdateFirewallDeleteProtection", + "UpdateFirewallDescription", + "UpdateFirewallEncryptionConfiguration", + "UpdateFirewallPolicy", + "UpdateFirewallPolicyChangeProtection", + "UpdateLoggingConfiguration", + "UpdateRuleGroup", + "UpdateSubnetChangeProtection", + "UpdateTLSInspectionConfiguration" + ], + "HasResource": true, + "StringPrefix": "network-firewall", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, - "AWS Mobile Hub": { - "ARNFormat": "arn:aws:mobilehub:\u003cregion\u003e:\u003caws_account_ID\u003e:project/\u003cproject_ID\u003e", - "ARNRegex": "^arn:aws:mobilehub:.+:[0-9]+:.+", + "AWS Network Manager": { + "ARNFormat": "arn:aws:networkmanager::${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:networkmanager::.+:.+", "Actions": [ - "CreateProject", - "CreateServiceRole", - "DeleteProject", - "DeleteProjectSnapshot", - "DeployToStage", - "DescribeBundle", - "ExportBundle", - "ExportProject", - "GenerateProjectParameters", - "GetProject", - "GetProjectSnapshot", - "ImportProject", - "InstallBundle", - "ListAvailableConnectors", - "ListAvailableFeatures", - "ListAvailableRegions", - "ListBundles", - "ListProjectSnapshots", - "ListProjects", - "SynchronizeProject", - "UpdateProject", - "ValidateProject", - "VerifyServiceRole" + "AcceptAttachment", + "AssociateConnectPeer", + "AssociateCustomerGateway", + "AssociateLink", + "AssociateTransitGatewayConnectPeer", + "CreateConnectAttachment", + "CreateConnectPeer", + "CreateConnection", + "CreateCoreNetwork", + "CreateDevice", + "CreateGlobalNetwork", + "CreateLink", + "CreateSite", + "CreateSiteToSiteVpnAttachment", + "CreateTransitGatewayPeering", + "CreateTransitGatewayRouteTableAttachment", + "CreateVpcAttachment", + "DeleteAttachment", + "DeleteConnectPeer", + "DeleteConnection", + "DeleteCoreNetwork", + "DeleteCoreNetworkPolicyVersion", + "DeleteDevice", + "DeleteGlobalNetwork", + "DeleteLink", + "DeletePeering", + "DeleteResourcePolicy", + "DeleteSite", + "DeregisterTransitGateway", + "DescribeGlobalNetworks", + "DisassociateConnectPeer", + "DisassociateCustomerGateway", + "DisassociateLink", + "DisassociateTransitGatewayConnectPeer", + "ExecuteCoreNetworkChangeSet", + "GetConnectAttachment", + "GetConnectPeer", + "GetConnectPeerAssociations", + "GetConnections", + "GetCoreNetwork", + "GetCoreNetworkChangeEvents", + "GetCoreNetworkChangeSet", + "GetCoreNetworkPolicy", + "GetCustomerGatewayAssociations", + "GetDevices", + "GetLinkAssociations", + "GetLinks", + "GetNetworkResourceCounts", + "GetNetworkResourceRelationships", + "GetNetworkResources", + "GetNetworkRoutes", + "GetNetworkTelemetry", + "GetResourcePolicy", + "GetRouteAnalysis", + "GetSiteToSiteVpnAttachment", + "GetSites", + "GetTransitGatewayConnectPeerAssociations", + "GetTransitGatewayPeering", + "GetTransitGatewayRegistrations", + "GetTransitGatewayRouteTableAttachment", + "GetVpcAttachment", + "ListAttachments", + "ListConnectPeers", + "ListCoreNetworkPolicyVersions", + "ListCoreNetworks", + "ListOrganizationServiceAccessStatus", + "ListPeerings", + "ListTagsForResource", + "PutCoreNetworkPolicy", + "PutResourcePolicy", + "RegisterTransitGateway", + "RejectAttachment", + "RestoreCoreNetworkPolicyVersion", + "StartOrganizationServiceAccessUpdate", + "StartRouteAnalysis", + "TagResource", + "UntagResource", + "UpdateConnection", + "UpdateCoreNetwork", + "UpdateDevice", + "UpdateGlobalNetwork", + "UpdateLink", + "UpdateNetworkResourceMetadata", + "UpdateSite", + "UpdateVpcAttachment" ], "HasResource": true, - "StringPrefix": "mobilehub" + "StringPrefix": "networkmanager", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "networkmanager:cgwArn", + "networkmanager:subnetArns", + "networkmanager:tgwArn", + "networkmanager:tgwConnectPeerArn", + "networkmanager:tgwRtbArn", + "networkmanager:vpcArn", + "networkmanager:vpnConnectionArn" + ] }, "AWS OpsWorks": { - "ARNFormat": "arn:aws:\u003cserviceName\u003e:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceName\u003e", + "ARNFormat": "arn:aws:${ServiceName}:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:opsworks:.+", "Actions": [ "AssignInstance", @@ -3262,6 +7376,7 @@ "DescribeLayers", "DescribeLoadBasedAutoScaling", "DescribeMyUserProfile", + "DescribeOperatingSystems", "DescribePermissions", "DescribeRaidArrays", "DescribeRdsDbInstances", @@ -3322,21 +7437,26 @@ "DescribeNodeAssociationStatus", "DescribeServers", "DisassociateNode", + "ExportServerEngineAttribute", + "ListTagsForResource", "RestoreServer", "StartMaintenance", + "TagResource", + "UntagResource", "UpdateServer", "UpdateServerEngineAttributes" ], - "HasResource": false, + "HasResource": true, "StringPrefix": "opsworks-cm" }, "AWS Organizations": { - "ARNFormat": "arn:${Partition}:organizations::\u003cmasterAccountId\u003e:\u003cresource\u003e/o-\u003corganizationId\u003e(/\u003cresourceType\u003e/\u003cresourceId\u003e)?", - "ARNRegex": "^arn:${Partition}:organizations::.+:.+", + "ARNFormat": "arn:aws:organizations::${Account}:${Resource}/o-${OrganizationId}(/${ResourceType}/${ResourceId})?", + "ARNRegex": "^arn:aws:organizations::.+:.+", "Actions": [ "AcceptHandshake", "AttachPolicy", "CancelHandshake", + "CloseAccount", "CreateAccount", "CreateGovCloudAccount", "CreateOrganization", @@ -3346,6 +7466,8 @@ "DeleteOrganization", "DeleteOrganizationalUnit", "DeletePolicy", + "DeleteResourcePolicy", + "DeregisterDelegatedAdministrator", "DescribeAccount", "DescribeCreateAccountStatus", "DescribeEffectivePolicy", @@ -3353,6 +7475,7 @@ "DescribeOrganization", "DescribeOrganizationalUnit", "DescribePolicy", + "DescribeResourcePolicy", "DetachPolicy", "DisableAWSServiceAccess", "DisablePolicyType", @@ -3366,6 +7489,8 @@ "ListAccountsForParent", "ListChildren", "ListCreateAccountStatus", + "ListDelegatedAdministrators", + "ListDelegatedServicesForAccount", "ListHandshakesForAccount", "ListHandshakesForOrganization", "ListOrganizationalUnitsForParent", @@ -3376,6 +7501,8 @@ "ListTagsForResource", "ListTargetsForPolicy", "MoveAccount", + "PutResourcePolicy", + "RegisterDelegatedAdministrator", "RemoveAccountFromOrganization", "TagResource", "UntagResource", @@ -3385,71 +7512,546 @@ "HasResource": true, "StringPrefix": "organizations", "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "organizations:PolicyType", "organizations:ServicePrincipal" ] }, "AWS Outposts": { - "ARNFormat": "arn:aws:outposts:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", - "ARNRegex": "^arn:aws:outposts:.+:.+:.+", + "ARNFormat": "arn:aws:outposts:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:outposts:.+", "Actions": [ + "CancelOrder", + "CreateOrder", "CreateOutpost", + "CreatePrivateConnectivityConfig", + "CreateSite", + "DeleteOutpost", + "DeleteSite", + "GetCatalogItem", + "GetConnection", + "GetOrder", "GetOutpost", "GetOutpostInstanceTypes", + "GetPrivateConnectivityConfig", + "GetSite", + "GetSiteAddress", + "ListAssets", + "ListCatalogItems", + "ListOrders", "ListOutposts", - "ListSites" + "ListSites", + "ListTagsForResource", + "StartConnection", + "TagResource", + "UntagResource", + "UpdateOutpost", + "UpdateSite", + "UpdateSiteAddress", + "UpdateSiteRackPhysicalProperties" + ], + "HasResource": true, + "StringPrefix": "outposts", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Panorama": { + "ARNFormat": "arn:aws:panorama:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:panorama:.+:.+:.+", + "Actions": [ + "CreateApplicationInstance", + "CreateJobForDevices", + "CreateNodeFromTemplateJob", + "CreatePackage", + "CreatePackageImportJob", + "DeleteDevice", + "DeletePackage", + "DeregisterPackageVersion", + "DescribeApplicationInstance", + "DescribeApplicationInstanceDetails", + "DescribeDevice", + "DescribeDeviceJob", + "DescribeNode", + "DescribeNodeFromTemplateJob", + "DescribePackage", + "DescribePackageImportJob", + "DescribePackageVersion", + "DescribeSoftware", + "GetWebSocketURL", + "ListApplicationInstanceDependencies", + "ListApplicationInstanceNodeInstances", + "ListApplicationInstances", + "ListDevices", + "ListDevicesJobs", + "ListNodeFromTemplateJobs", + "ListNodes", + "ListPackageImportJobs", + "ListPackages", + "ListTagsForResource", + "ProvisionDevice", + "RegisterPackageVersion", + "RemoveApplicationInstance", + "SignalApplicationInstanceNodeInstances", + "TagResource", + "UntagResource", + "UpdateDeviceMetadata" + ], + "HasResource": true, + "StringPrefix": "panorama", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Partner central account management": { + "Actions": [ + "AssociatePartnerAccount", + "AssociatePartnerUser", + "DisassociatePartnerUser" + ], + "HasResource": false, + "StringPrefix": "partnercentral-account-management" + }, + "AWS Payment Cryptography": { + "ARNFormat": "arn:aws:payment-cryptography:${Region}:${Account}:${ResourceType}/${Id}", + "ARNRegex": "^arn:aws:payment-cryptography:.+", + "Actions": [ + "CreateAlias", + "CreateKey", + "DecryptData", + "DeleteAlias", + "DeleteKey", + "EncryptData", + "ExportKey", + "GenerateCardValidationData", + "GenerateMac", + "GeneratePinData", + "GetAlias", + "GetKey", + "GetParametersForExport", + "GetParametersForImport", + "GetPublicKeyCertificate", + "ImportKey", + "ListAliases", + "ListKeys", + "ListTagsForResource", + "ReEncryptData", + "RestoreKey", + "StartKeyUsage", + "StopKeyUsage", + "TagResource", + "TranslatePinData", + "UntagResource", + "UpdateAlias", + "VerifyAuthRequestCryptogram", + "VerifyCardValidationData", + "VerifyMac", + "VerifyPinData" ], "HasResource": true, - "StringPrefix": "outposts" + "StringPrefix": "payment-cryptography", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "payment-cryptography:CertificateAuthorityPublicKeyIdentifier", + "payment-cryptography:ImportKeyMaterial", + "payment-cryptography:KeyAlgorithm", + "payment-cryptography:KeyClass", + "payment-cryptography:KeyUsage", + "payment-cryptography:RequestAlias", + "payment-cryptography:ResourceAliases", + "payment-cryptography:WrappingKeyIdentifier" + ] + }, + "AWS Payments": { + "Actions": [ + "CreatePaymentInstrument", + "DeletePaymentInstrument", + "GetPaymentInstrument", + "GetPaymentStatus", + "ListPaymentPreferences", + "MakePayment", + "UpdatePaymentPreferences" + ], + "HasResource": false, + "StringPrefix": "payments" }, "AWS Performance Insights": { - "ARNFormat": "arn:aws:pi:\u003cregion\u003e:\u003caccount\u003e:\u003cresource-type\u003e/\u003crelative-id\u003e", + "ARNFormat": "arn:aws:pi:${Region}:${Account}:${ResourceType}/${RelativeId}", "ARNRegex": "^arn:aws:pi:.+", "Actions": [ + "CreatePerformanceAnalysisReport", + "DeletePerformanceAnalysisReport", "DescribeDimensionKeys", - "GetResourceMetrics" + "GetDimensionKeyDetails", + "GetPerformanceAnalysisReport", + "GetResourceMetadata", + "GetResourceMetrics", + "ListAvailableResourceDimensions", + "ListAvailableResourceMetrics", + "ListPerformanceAnalysisReports", + "ListTagsForResource", + "TagResource", + "UntagResource" + ], + "HasResource": true, + "StringPrefix": "pi", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Price List": { + "Actions": [ + "DescribeServices", + "GetAttributeValues", + "GetPriceListFileUrl", + "GetProducts", + "ListPriceLists" + ], + "HasResource": false, + "StringPrefix": "pricing" + }, + "AWS Private CA Connector for Active Directory": { + "ARNFormat": "arn:aws:pca-connector-ad:${Region}:${Account}:${ResourceType}", + "ARNRegex": "^arn:aws:pca-connector-ad:.+:.+:.+", + "Actions": [ + "CreateConnector", + "CreateDirectoryRegistration", + "CreateServicePrincipalName", + "CreateTemplate", + "CreateTemplateGroupAccessControlEntry", + "DeleteConnector", + "DeleteDirectoryRegistration", + "DeleteServicePrincipalName", + "DeleteTemplate", + "DeleteTemplateGroupAccessControlEntry", + "GetConnector", + "GetDirectoryRegistration", + "GetServicePrincipalName", + "GetTemplate", + "GetTemplateGroupAccessControlEntry", + "ListConnectors", + "ListDirectoryRegistrations", + "ListServicePrincipalNames", + "ListTagsForResource", + "ListTemplateGroupAccessControlEntries", + "ListTemplates", + "TagResource", + "UntagResource", + "UpdateTemplate", + "UpdateTemplateGroupAccessControlEntry" + ], + "HasResource": true, + "StringPrefix": "pca-connector-ad", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Private Certificate Authority": { + "ARNFormat": "arn:aws:acm-pca:${Region}:${Account}:${ARNType}/${ResourceId}", + "ARNRegex": "^arn:aws:acm-pca:.+:[0-9]+:.+", + "Actions": [ + "CreateCertificateAuthority", + "CreateCertificateAuthorityAuditReport", + "CreatePermission", + "DeleteCertificateAuthority", + "DeletePermission", + "DeletePolicy", + "DescribeCertificateAuthority", + "DescribeCertificateAuthorityAuditReport", + "GetCertificate", + "GetCertificateAuthorityCertificate", + "GetCertificateAuthorityCsr", + "GetPolicy", + "ImportCertificateAuthorityCertificate", + "IssueCertificate", + "ListCertificateAuthorities", + "ListPermissions", + "ListTags", + "PutPolicy", + "RestoreCertificateAuthority", + "RevokeCertificate", + "TagCertificateAuthority", + "UntagCertificateAuthority", + "UpdateCertificateAuthority" + ], + "HasResource": true, + "StringPrefix": "acm-pca", + "conditionKeys": [ + "acm-pca:TemplateArn", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Proton": { + "ARNFormat": "arn:aws:proton:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:proton:.+:.+:.+", + "Actions": [ + "AcceptEnvironmentAccountConnection", + "CancelComponentDeployment", + "CancelEnvironmentDeployment", + "CancelServiceInstanceDeployment", + "CancelServicePipelineDeployment", + "CreateComponent", + "CreateEnvironment", + "CreateEnvironmentAccountConnection", + "CreateEnvironmentTemplate", + "CreateEnvironmentTemplateMajorVersion", + "CreateEnvironmentTemplateMinorVersion", + "CreateEnvironmentTemplateVersion", + "CreateRepository", + "CreateService", + "CreateServiceInstance", + "CreateServiceSyncConfig", + "CreateServiceTemplate", + "CreateServiceTemplateMajorVersion", + "CreateServiceTemplateMinorVersion", + "CreateServiceTemplateVersion", + "CreateTemplateSyncConfig", + "DeleteAccountRoles", + "DeleteComponent", + "DeleteDeployment", + "DeleteEnvironment", + "DeleteEnvironmentAccountConnection", + "DeleteEnvironmentTemplate", + "DeleteEnvironmentTemplateMajorVersion", + "DeleteEnvironmentTemplateMinorVersion", + "DeleteEnvironmentTemplateVersion", + "DeleteRepository", + "DeleteService", + "DeleteServiceSyncConfig", + "DeleteServiceTemplate", + "DeleteServiceTemplateMajorVersion", + "DeleteServiceTemplateMinorVersion", + "DeleteServiceTemplateVersion", + "DeleteTemplateSyncConfig", + "GetAccountRoles", + "GetAccountSettings", + "GetComponent", + "GetDeployment", + "GetEnvironment", + "GetEnvironmentAccountConnection", + "GetEnvironmentTemplate", + "GetEnvironmentTemplateMajorVersion", + "GetEnvironmentTemplateMinorVersion", + "GetEnvironmentTemplateVersion", + "GetRepository", + "GetRepositorySyncStatus", + "GetResourceTemplateVersionStatusCounts", + "GetResourcesSummary", + "GetService", + "GetServiceInstance", + "GetServiceInstanceSyncStatus", + "GetServiceSyncBlockerSummary", + "GetServiceSyncConfig", + "GetServiceTemplate", + "GetServiceTemplateMajorVersion", + "GetServiceTemplateMinorVersion", + "GetServiceTemplateVersion", + "GetTemplateSyncConfig", + "GetTemplateSyncStatus", + "ListComponentOutputs", + "ListComponentProvisionedResources", + "ListComponents", + "ListDeployments", + "ListEnvironmentAccountConnections", + "ListEnvironmentOutputs", + "ListEnvironmentProvisionedResources", + "ListEnvironmentTemplateMajorVersions", + "ListEnvironmentTemplateMinorVersions", + "ListEnvironmentTemplateVersions", + "ListEnvironmentTemplates", + "ListEnvironments", + "ListRepositories", + "ListRepositorySyncDefinitions", + "ListServiceInstanceOutputs", + "ListServiceInstanceProvisionedResources", + "ListServiceInstances", + "ListServicePipelineOutputs", + "ListServicePipelineProvisionedResources", + "ListServiceTemplateMajorVersions", + "ListServiceTemplateMinorVersions", + "ListServiceTemplateVersions", + "ListServiceTemplates", + "ListServices", + "ListTagsForResource", + "NotifyResourceDeploymentStatusChange", + "RejectEnvironmentAccountConnection", + "TagResource", + "UntagResource", + "UpdateAccountRoles", + "UpdateAccountSettings", + "UpdateComponent", + "UpdateEnvironment", + "UpdateEnvironmentAccountConnection", + "UpdateEnvironmentTemplate", + "UpdateEnvironmentTemplateMajorVersion", + "UpdateEnvironmentTemplateMinorVersion", + "UpdateEnvironmentTemplateVersion", + "UpdateService", + "UpdateServiceInstance", + "UpdateServicePipeline", + "UpdateServiceSyncBlocker", + "UpdateServiceSyncConfig", + "UpdateServiceTemplate", + "UpdateServiceTemplateMajorVersion", + "UpdateServiceTemplateMinorVersion", + "UpdateServiceTemplateVersion", + "UpdateTemplateSyncConfig" + ], + "HasResource": true, + "StringPrefix": "proton", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "proton:EnvironmentTemplate", + "proton:ServiceTemplate" + ] + }, + "AWS Purchase Orders Console": { + "ARNFormat": "arn:aws:purchase-orders::${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:purchase-orders::.+:.+", + "Actions": [ + "AddPurchaseOrder", + "DeletePurchaseOrder", + "GetConsoleActionSetEnforced", + "GetPurchaseOrder", + "ListPurchaseOrderInvoices", + "ListPurchaseOrders", + "ListTagsForResource", + "ModifyPurchaseOrders", + "TagResource", + "UntagResource", + "UpdateConsoleActionSetEnforced", + "UpdatePurchaseOrder", + "UpdatePurchaseOrderStatus", + "ViewPurchaseOrders" ], "HasResource": true, - "StringPrefix": "pi" + "StringPrefix": "purchase-orders", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, - "AWS Price List": { + "AWS Recycle Bin": { + "ARNFormat": "arn:aws:rbin:${Region}:${Account}:rule/${ResourceName}", + "ARNRegex": "^arn:aws:rbin:.+:.+:.+", "Actions": [ - "DescribeServices", - "GetAttributeValues", - "GetProducts" + "CreateRule", + "DeleteRule", + "GetRule", + "ListRules", + "ListTagsForResource", + "LockRule", + "TagResource", + "UnlockRule", + "UntagResource", + "UpdateRule" ], - "HasResource": false, - "StringPrefix": "pricing" + "HasResource": true, + "StringPrefix": "rbin", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "rbin:Attribute/ResourceType", + "rbin:Request/ResourceType" + ] }, - "AWS Private Marketplace": { + "AWS Resilience Hub": { + "ARNFormat": "arn:aws:resiliencehub:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:resiliencehub:.+", "Actions": [ - "AssociateProductsWithPrivateMarketplace", - "CreatePrivateMarketplace", - "CreatePrivateMarketplaceProfile", - "CreatePrivateMarketplaceRequests", - "DescribePrivateMarketplaceProducts", - "DescribePrivateMarketplaceProfile", - "DescribePrivateMarketplaceRequests", - "DescribePrivateMarketplaceSettings", - "DescribePrivateMarketplaceStatus", - "DisassociateProductsFromPrivateMarketplace", - "ListPrivateMarketplaceProducts", - "ListPrivateMarketplaceRequests", - "StartPrivateMarketplace", - "StopPrivateMarketplace", - "UpdatePrivateMarketplaceProfile", - "UpdatePrivateMarketplaceSettings" + "AddDraftAppVersionResourceMappings", + "BatchUpdateRecommendationStatus", + "CreateApp", + "CreateAppVersionAppComponent", + "CreateAppVersionResource", + "CreateRecommendationTemplate", + "CreateResiliencyPolicy", + "DeleteApp", + "DeleteAppAssessment", + "DeleteAppInputSource", + "DeleteAppVersionAppComponent", + "DeleteAppVersionResource", + "DeleteRecommendationTemplate", + "DeleteResiliencyPolicy", + "DescribeApp", + "DescribeAppAssessment", + "DescribeAppVersion", + "DescribeAppVersionAppComponent", + "DescribeAppVersionResource", + "DescribeAppVersionResourcesResolutionStatus", + "DescribeAppVersionTemplate", + "DescribeDraftAppVersionResourcesImportStatus", + "DescribeResiliencyPolicy", + "ImportResourcesToDraftAppVersion", + "ListAlarmRecommendations", + "ListAppAssessmentComplianceDrifts", + "ListAppAssessments", + "ListAppComponentCompliances", + "ListAppComponentRecommendations", + "ListAppInputSources", + "ListAppVersionAppComponents", + "ListAppVersionResourceMappings", + "ListAppVersionResources", + "ListAppVersions", + "ListApps", + "ListRecommendationTemplates", + "ListResiliencyPolicies", + "ListSopRecommendations", + "ListSuggestedResiliencyPolicies", + "ListTagsForResource", + "ListTestRecommendations", + "ListUnsupportedAppVersionResources", + "PublishAppVersion", + "PutDraftAppVersionTemplate", + "RemoveDraftAppVersionResourceMappings", + "ResolveAppVersionResources", + "StartAppAssessment", + "TagResource", + "UntagResource", + "UpdateApp", + "UpdateAppVersion", + "UpdateAppVersionAppComponent", + "UpdateAppVersionResource", + "UpdateResiliencyPolicy" ], - "HasResource": false, - "StringPrefix": "aws-marketplace" + "HasResource": true, + "StringPrefix": "resiliencehub", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, - "AWS Resource Access Manager": { - "ARNFormat": "arn:aws:ram:\u003cregion\u003e:\u003caccount-id\u003e:resource-share/\u003cresource-uuid\u003e", + "AWS Resource Access Manager (RAM)": { + "ARNFormat": "arn:aws:ram:${Region}:${Account}:resource-share/${ResourceUUID}", "ARNRegex": "^arn:aws:ram:.+:.+:.+", "Actions": [ "AcceptResourceShareInvitation", "AssociateResourceShare", "AssociateResourceSharePermission", + "CreatePermission", + "CreatePermissionVersion", "CreateResourceShare", + "DeletePermission", + "DeletePermissionVersion", "DeleteResourceShare", "DisassociateResourceShare", "DisassociateResourceSharePermission", @@ -3460,11 +8062,19 @@ "GetResourceShareInvitations", "GetResourceShares", "ListPendingInvitationResources", + "ListPermissionAssociations", + "ListPermissionVersions", "ListPermissions", "ListPrincipals", + "ListReplacePermissionAssociationsWork", "ListResourceSharePermissions", + "ListResourceTypes", "ListResources", + "PromotePermissionCreatedFromPolicy", + "PromoteResourceShareCreatedFromPolicy", "RejectResourceShareInvitation", + "ReplacePermissionAssociations", + "SetDefaultPermissionVersion", "TagResource", "UntagResource", "UpdateResourceShare" @@ -3477,28 +8087,73 @@ "aws:TagKeys", "ram:AllowsExternalPrincipals", "ram:PermissionArn", + "ram:PermissionResourceType", "ram:Principal", "ram:RequestedAllowsExternalPrincipals", "ram:RequestedResourceType", "ram:ResourceArn", "ram:ResourceShareName", + "ram:ResourceTag/${TagKey}", "ram:ShareOwnerAccountId" ] }, + "AWS Resource Explorer": { + "ARNFormat": "arn:aws:resource-explorer-2:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}", + "ARNRegex": "^arn:aws:resource-explorer-2:.+:.+:.+", + "Actions": [ + "AssociateDefaultView", + "BatchGetView", + "CreateIndex", + "CreateView", + "DeleteIndex", + "DeleteView", + "DisassociateDefaultView", + "GetAccountLevelServiceConfiguration", + "GetDefaultView", + "GetIndex", + "GetView", + "ListIndexes", + "ListIndexesForMembers", + "ListSupportedResourceTypes", + "ListTagsForResource", + "ListViews", + "Search", + "TagResource", + "UntagResource", + "UpdateIndexType", + "UpdateView" + ], + "HasResource": true, + "StringPrefix": "resource-explorer-2", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "AWS Resource Groups": { - "ARNFormat": "arn:aws:\u003cserviceName\u003e:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceName\u003e", + "ARNFormat": "arn:aws:resource-groups:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:resource-groups:.+", "Actions": [ + "AssociateResource", "CreateGroup", "DeleteGroup", + "DisassociateResource", + "GetAccountSettings", "GetGroup", + "GetGroupConfiguration", "GetGroupQuery", "GetTags", + "GroupResources", "ListGroupResources", "ListGroups", + "PutGroupConfiguration", + "PutGroupPolicy", "SearchResources", "Tag", + "UngroupResources", "Untag", + "UpdateAccountSettings", "UpdateGroup", "UpdateGroupQuery" ], @@ -3511,13 +8166,16 @@ ] }, "AWS RoboMaker": { - "ARNFormat": "arn:${Partition}:robomaker:${Region}:${AccountId}:${ResourceType}/${ResourceName}", - "ARNRegex": "^arn:${Partition}:robomaker:.+:.+:.+", + "ARNFormat": "arn:aws:robomaker:${Region}:${AccountId}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:robomaker:.+:.+:.+", "Actions": [ + "BatchDeleteWorlds", "BatchDescribeSimulationJob", "CancelDeploymentJob", "CancelSimulationJob", "CancelSimulationJobBatch", + "CancelWorldExportJob", + "CancelWorldGenerationJob", "CreateDeploymentJob", "CreateFleet", "CreateRobot", @@ -3526,10 +8184,14 @@ "CreateSimulationApplication", "CreateSimulationApplicationVersion", "CreateSimulationJob", + "CreateWorldExportJob", + "CreateWorldGenerationJob", + "CreateWorldTemplate", "DeleteFleet", "DeleteRobot", "DeleteRobotApplication", "DeleteSimulationApplication", + "DeleteWorldTemplate", "DeregisterRobot", "DescribeDeploymentJob", "DescribeFleet", @@ -3538,6 +8200,11 @@ "DescribeSimulationApplication", "DescribeSimulationJob", "DescribeSimulationJobBatch", + "DescribeWorld", + "DescribeWorldExportJob", + "DescribeWorldGenerationJob", + "DescribeWorldTemplate", + "GetWorldTemplateBody", "ListDeploymentJobs", "ListFleets", "ListRobotApplications", @@ -3545,7 +8212,12 @@ "ListSimulationApplications", "ListSimulationJobBatches", "ListSimulationJobs", + "ListSupportedAvailabilityZones", "ListTagsForResource", + "ListWorldExportJobs", + "ListWorldGenerationJobs", + "ListWorldTemplates", + "ListWorlds", "RegisterRobot", "RestartSimulationJob", "StartSimulationJobBatch", @@ -3553,7 +8225,9 @@ "TagResource", "UntagResource", "UpdateRobotApplication", - "UpdateSimulationApplication" + "UpdateRobotDeployment", + "UpdateSimulationApplication", + "UpdateWorldTemplate" ], "HasResource": true, "StringPrefix": "robomaker", @@ -3563,117 +8237,93 @@ "aws:TagKeys" ] }, - "AWS SSO": { - "ARNFormat": "arn:${Partition}:sso:${Region}:${Account}:\u003crelative-id\u003e", - "ARNRegex": "^arn:${Partition}:sso:${Region}:.+", - "Actions": [ - "AssociateDirectory", - "AssociateProfile", - "CreateApplicationInstance", - "CreateApplicationInstanceCertificate", - "CreateManagedApplicationInstance", - "CreatePermissionSet", - "CreateProfile", - "CreateTrust", - "DeleteApplicationInstance", - "DeleteApplicationInstanceCertificate", - "DeleteManagedApplicationInstance", - "DeletePermissionSet", - "DeletePermissionsPolicy", - "DeleteProfile", - "DescribePermissionsPolicies", - "DisassociateDirectory", - "DisassociateProfile", - "GetApplicationInstance", - "GetApplicationTemplate", - "GetManagedApplicationInstance", - "GetMfaDeviceManagementForDirectory", - "GetPermissionSet", - "GetPermissionsPolicy", - "GetProfile", - "GetSSOStatus", - "GetSharedSsoConfiguration", - "GetSsoConfiguration", - "GetTrust", - "ImportApplicationInstanceServiceProviderMetadata", - "ListApplicationInstanceCertificates", - "ListApplicationInstances", - "ListApplicationTemplates", - "ListApplications", - "ListDirectoryAssociations", - "ListPermissionSets", - "ListProfileAssociations", - "ListProfiles", - "PutMfaDeviceManagementForDirectory", - "PutPermissionsPolicy", - "StartSSO", - "UpdateApplicationInstanceActiveCertificate", - "UpdateApplicationInstanceDisplayData", - "UpdateApplicationInstanceResponseConfiguration", - "UpdateApplicationInstanceResponseSchemaConfiguration", - "UpdateApplicationInstanceSecurityConfiguration", - "UpdateApplicationInstanceServiceProviderConfiguration", - "UpdateApplicationInstanceStatus", - "UpdateDirectoryAssociation", - "UpdateManagedApplicationInstanceStatus", - "UpdatePermissionSet", - "UpdateProfile", - "UpdateSSOConfiguration", - "UpdateTrust" - ], - "HasResource": false, - "StringPrefix": "sso" - }, - "AWS SSO Directory": { - "ARNFormat": "arn:${Partition}:sso-directory:${Region}:${Account}:\u003crelative-id\u003e", - "ARNRegex": "^arn:${Partition}:sso-directory:${Region}:.+", + "AWS SQL Workbench": { + "ARNFormat": "arn:aws:sqlworkbench:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:sqlworkbench:.+:.+:.+", "Actions": [ - "AddMemberToGroup", - "CompleteVirtualMfaDeviceRegistration", - "CreateAlias", - "CreateBearerToken", - "CreateExternalIdPConfigurationForDirectory", - "CreateGroup", - "CreateProvisioningTenant", - "CreateUser", - "DeleteBearerToken", - "DeleteExternalIdPConfigurationForDirectory", - "DeleteGroup", - "DeleteMfaDeviceForUser", - "DeleteProvisioningTenant", - "DeleteUser", - "DescribeDirectory", - "DescribeGroups", - "DescribeUsers", - "DisableExternalIdPConfigurationForDirectory", - "DisableUser", - "EnableExternalIdPConfigurationForDirectory", - "EnableUser", - "GetAWSSPConfigurationForDirectory", - "ListBearerTokens", - "ListExternalIdPConfigurationsForDirectory", - "ListGroupsForUser", - "ListMembersInGroup", - "ListMfaDevicesForUser", - "ListProvisioningTenants", - "RemoveMemberFromGroup", - "SearchGroups", - "SearchUsers", - "StartVirtualMfaDeviceRegistration", - "UpdateExternalIdPConfigurationForDirectory", - "UpdateGroup", - "UpdatePassword", - "UpdateUser", - "VerifyEmail" + "AssociateConnectionWithChart", + "AssociateConnectionWithTab", + "AssociateNotebookWithTab", + "AssociateQueryWithTab", + "BatchDeleteFolder", + "BatchGetNotebookCell", + "CreateAccount", + "CreateChart", + "CreateConnection", + "CreateFolder", + "CreateNotebook", + "CreateNotebookCell", + "CreateNotebookFromVersion", + "CreateNotebookVersion", + "CreateSavedQuery", + "DeleteChart", + "DeleteConnection", + "DeleteNotebook", + "DeleteNotebookCell", + "DeleteNotebookVersion", + "DeleteSavedQuery", + "DeleteTab", + "DriverExecute", + "DuplicateNotebook", + "ExportNotebook", + "GenerateSession", + "GetAccountInfo", + "GetAccountSettings", + "GetAutocompletionMetadata", + "GetAutocompletionResource", + "GetChart", + "GetConnection", + "GetNotebook", + "GetNotebookVersion", + "GetQueryExecutionHistory", + "GetSavedQuery", + "GetSchemaInference", + "GetUserInfo", + "GetUserWorkspaceSettings", + "ImportNotebook", + "ListConnections", + "ListDatabases", + "ListFiles", + "ListNotebookVersions", + "ListNotebooks", + "ListQueryExecutionHistory", + "ListRedshiftClusters", + "ListSampleDatabases", + "ListSavedQueryVersions", + "ListTabs", + "ListTaggedResources", + "ListTagsForResource", + "PutTab", + "PutUserWorkspaceSettings", + "RestoreNotebookVersion", + "TagResource", + "UntagResource", + "UpdateAccountConnectionSettings", + "UpdateAccountExportSettings", + "UpdateAccountGeneralSettings", + "UpdateChart", + "UpdateConnection", + "UpdateFileFolder", + "UpdateFolder", + "UpdateNotebook", + "UpdateNotebookCellContent", + "UpdateNotebookCellLayout", + "UpdateSavedQuery" ], - "HasResource": false, - "StringPrefix": "sso-directory" + "HasResource": true, + "StringPrefix": "sqlworkbench", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "AWS Savings Plans": { "ARNFormat": "arn:aws:savingsplans::${Account}:${ResourceType}/${ResourcePath}", "ARNRegex": "^arn:aws:savingsplans:.+", "Actions": [ "CreateSavingsPlan", + "DeleteQueuedSavingsPlan", "DescribeSavingsPlanRates", "DescribeSavingsPlans", "DescribeSavingsPlansOfferingRates", @@ -3691,8 +8341,8 @@ ] }, "AWS Secrets Manager": { - "ARNFormat": "arn:${Partition}:secretsmanager:${Region}:${Account}:secret:${SecretId}", - "ARNRegex": "^arn:${Partition}:secretsmanager:.+", + "ARNFormat": "arn:aws:secretsmanager:${Region}:${Account}:secret:${SecretId}", + "ARNRegex": "^arn:aws:secretsmanager:.+", "Actions": [ "CancelRotateSecret", "CreateSecret", @@ -3706,75 +8356,122 @@ "ListSecrets", "PutResourcePolicy", "PutSecretValue", + "RemoveRegionsFromReplication", + "ReplicateSecretToRegions", "RestoreSecret", "RotateSecret", + "StopReplicationToReplica", "TagResource", "UntagResource", "UpdateSecret", - "UpdateSecretVersionStage" + "UpdateSecretVersionStage", + "ValidateResourcePolicy" ], "HasResource": true, "StringPrefix": "secretsmanager", "conditionKeys": [ - "aws:RequestTag/tag-key", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "secretsmanager:AddReplicaRegions", + "secretsmanager:BlockPublicPolicy", "secretsmanager:Description", "secretsmanager:ForceDeleteWithoutRecovery", + "secretsmanager:ForceOverwriteReplicaSecret", "secretsmanager:KmsKeyId", + "secretsmanager:ModifyRotationRules", "secretsmanager:Name", "secretsmanager:RecoveryWindowInDays", "secretsmanager:ResourceTag/tag-key", + "secretsmanager:RotateImmediately", "secretsmanager:RotationLambdaARN", "secretsmanager:SecretId", + "secretsmanager:SecretPrimaryRegion", "secretsmanager:VersionId", "secretsmanager:VersionStage", "secretsmanager:resource/AllowRotationLambdaArn" ] }, "AWS Security Hub": { - "ARNFormat": "arn:${Partition}:securityhub:\u003cregion\u003e:\u003caccount_ID\u003e:.+", - "ARNRegex": "^arn:${Partition}:securityhub:.+", + "ARNFormat": "arn:aws:securityhub:${Region}:${Account}:.+", + "ARNRegex": "^arn:aws:securityhub:.+", "Actions": [ + "AcceptAdministratorInvitation", "AcceptInvitation", + "BatchDeleteAutomationRules", "BatchDisableStandards", "BatchEnableStandards", + "BatchGetAutomationRules", + "BatchGetControlEvaluations", + "BatchGetSecurityControls", + "BatchGetStandardsControlAssociations", "BatchImportFindings", + "BatchUpdateAutomationRules", + "BatchUpdateFindings", + "BatchUpdateStandardsControlAssociations", "CreateActionTarget", + "CreateAutomationRule", + "CreateFindingAggregator", "CreateInsight", "CreateMembers", "DeclineInvitations", "DeleteActionTarget", + "DeleteFindingAggregator", "DeleteInsight", "DeleteInvitations", "DeleteMembers", "DescribeActionTargets", "DescribeHub", + "DescribeOrganizationConfiguration", "DescribeProducts", "DescribeStandards", "DescribeStandardsControls", "DisableImportFindingsForProduct", + "DisableOrganizationAdminAccount", "DisableSecurityHub", + "DisassociateFromAdministratorAccount", "DisassociateFromMasterAccount", "DisassociateMembers", "EnableImportFindingsForProduct", + "EnableOrganizationAdminAccount", "EnableSecurityHub", + "GetAdhocInsightResults", + "GetAdministratorAccount", + "GetControlFindingSummary", "GetEnabledStandards", + "GetFindingAggregator", + "GetFindingHistory", "GetFindings", + "GetFreeTrialEndDate", + "GetFreeTrialUsage", + "GetInsightFindingTrend", "GetInsightResults", "GetInsights", "GetInvitationsCount", "GetMasterAccount", "GetMembers", + "GetUsage", "InviteMembers", + "ListAutomationRules", + "ListControlEvaluationSummaries", "ListEnabledProductsForImport", + "ListFindingAggregators", "ListInvitations", "ListMembers", + "ListOrganizationAdminAccounts", + "ListSecurityControlDefinitions", + "ListStandardsControlAssociations", "ListTagsForResource", + "SendFindingEvents", + "SendInsightEvents", "TagResource", "UntagResource", "UpdateActionTarget", + "UpdateFindingAggregator", "UpdateFindings", "UpdateInsight", + "UpdateOrganizationConfiguration", + "UpdateSecurityHubConfiguration", "UpdateStandardsControl" ], "HasResource": true, @@ -3783,11 +8480,12 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "securityhub:ASFFSyntaxPath/${ASFFSyntaxPath}", "securityhub:TargetAccount" ] }, "AWS Security Token Service": { - "ARNFormat": "arn:aws:iam::\u003cnamespace\u003e:\u003crelative-id\u003e", + "ARNFormat": "arn:aws:iam::${Account}:${RelativeId}", "ARNRegex": "^arn:aws:iam::.+", "Actions": [ "AssumeRole", @@ -3797,7 +8495,9 @@ "GetAccessKeyInfo", "GetCallerIdentity", "GetFederationToken", + "GetServiceBearerToken", "GetSessionToken", + "SetSourceIdentity", "TagSession" ], "HasResource": true, @@ -3806,8 +8506,6 @@ "accounts.google.com:aud", "accounts.google.com:oaud", "accounts.google.com:sub", - "aws:FederatedProvider", - "aws:PrincipalTag/${TagKey}", "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", @@ -3816,6 +8514,7 @@ "cognito-identity.amazonaws.com:sub", "graph.facebook.com:app_id", "graph.facebook.com:id", + "iam:ResourceTag/${TagKey}", "saml:aud", "saml:cn", "saml:commonName", @@ -3848,7 +8547,11 @@ "saml:surname", "saml:uid", "saml:x500UniqueIdentifier", + "sts:AWSServiceName", + "sts:DurationSeconds", "sts:ExternalId", + "sts:RoleSessionName", + "sts:SourceIdentity", "sts:TransitiveTagKeys", "www.amazon.com:app_id", "www.amazon.com:user_id" @@ -3863,6 +8566,7 @@ "DeleteApp", "DeleteAppLaunchConfiguration", "DeleteAppReplicationConfiguration", + "DeleteAppValidationConfiguration", "DeleteReplicationJob", "DeleteServerCatalog", "DisassociateConnector", @@ -3871,18 +8575,24 @@ "GetApp", "GetAppLaunchConfiguration", "GetAppReplicationConfiguration", + "GetAppValidationConfiguration", + "GetAppValidationOutput", "GetConnectors", "GetMessages", "GetReplicationJobs", "GetReplicationRuns", "GetServers", + "ImportAppCatalog", "ImportServerCatalog", "LaunchApp", "ListApps", + "NotifyAppValidationOutput", "PutAppLaunchConfiguration", "PutAppReplicationConfiguration", + "PutAppValidationConfiguration", "SendMessage", "StartAppReplication", + "StartOnDemandAppReplication", "StartOnDemandReplicationRun", "StopAppReplication", "TerminateApp", @@ -3893,7 +8603,7 @@ "StringPrefix": "sms" }, "AWS Serverless Application Repository": { - "ARNFormat": "arn:aws:serverlessrepo:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "ARNFormat": "arn:aws:serverlessrepo:${Region}:${Account}:${ResourceType}/${ResourceId}", "ARNRegex": "^arn:aws:serverlessrepo:.+:.+:.+", "Actions": [ "CreateApplication", @@ -3919,18 +8629,22 @@ ] }, "AWS Service Catalog": { - "ARNFormat": "arn:aws:(catalog|servicecatalog):\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cid\u003e", + "ARNFormat": "arn:aws:(catalog|servicecatalog):${Region}:${Account}:${ResourceType}/${Id}", "ARNRegex": "^arn:aws:(catalog|servicecatalog):.+", "Actions": [ "AcceptPortfolioShare", + "AssociateAttributeGroup", "AssociateBudgetWithResource", "AssociatePrincipalWithPortfolio", "AssociateProductWithPortfolio", + "AssociateResource", "AssociateServiceActionWithProvisioningArtifact", "AssociateTagOptionWithResource", "BatchAssociateServiceActionWithProvisioningArtifact", "BatchDisassociateServiceActionFromProvisioningArtifact", "CopyProduct", + "CreateApplication", + "CreateAttributeGroup", "CreateConstraint", "CreatePortfolio", "CreatePortfolioShare", @@ -3939,6 +8653,8 @@ "CreateProvisioningArtifact", "CreateServiceAction", "CreateTagOption", + "DeleteApplication", + "DeleteAttributeGroup", "DeleteConstraint", "DeletePortfolio", "DeletePortfolioShare", @@ -3951,6 +8667,7 @@ "DescribeCopyProductStatus", "DescribePortfolio", "DescribePortfolioShareStatus", + "DescribePortfolioShares", "DescribeProduct", "DescribeProductAsAdmin", "DescribeProductView", @@ -3963,16 +8680,29 @@ "DescribeServiceActionExecutionParameters", "DescribeTagOption", "DisableAWSOrganizationsAccess", + "DisassociateAttributeGroup", "DisassociateBudgetFromResource", "DisassociatePrincipalFromPortfolio", "DisassociateProductFromPortfolio", + "DisassociateResource", "DisassociateServiceActionFromProvisioningArtifact", "DisassociateTagOptionFromResource", "EnableAWSOrganizationsAccess", "ExecuteProvisionedProductPlan", "ExecuteProvisionedProductServiceAction", "GetAWSOrganizationsAccessStatus", + "GetApplication", + "GetAssociatedResource", + "GetAttributeGroup", + "GetConfiguration", + "GetProvisionedProductOutputs", + "ImportAsProvisionedProduct", "ListAcceptedPortfolioShares", + "ListApplications", + "ListAssociatedAttributeGroups", + "ListAssociatedResources", + "ListAttributeGroups", + "ListAttributeGroupsForApplication", "ListBudgetsForResource", "ListConstraintsForPortfolio", "ListLaunchPaths", @@ -3990,15 +8720,26 @@ "ListServiceActionsForProvisioningArtifact", "ListStackInstancesForProvisionedProduct", "ListTagOptions", + "ListTagsForResource", + "NotifyProvisionProductEngineWorkflowResult", + "NotifyTerminateProvisionedProductEngineWorkflowResult", + "NotifyUpdateProvisionedProductEngineWorkflowResult", "ProvisionProduct", + "PutConfiguration", "RejectPortfolioShare", "ScanProvisionedProducts", "SearchProducts", "SearchProductsAsAdmin", "SearchProvisionedProducts", + "SyncResource", + "TagResource", "TerminateProvisionedProduct", + "UntagResource", + "UpdateApplication", + "UpdateAttributeGroup", "UpdateConstraint", "UpdatePortfolio", + "UpdatePortfolioShare", "UpdateProduct", "UpdateProvisionedProduct", "UpdateProvisionedProductProperties", @@ -4012,36 +8753,149 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "servicecatalog:Resource", + "servicecatalog:ResourceType", "servicecatalog:accountLevel", "servicecatalog:roleLevel", "servicecatalog:userLevel" ] }, "AWS Shield": { - "ARNFormat": "arn:aws:shield::\u003caccount_ID\u003e:\u003cresource\u003e/\u003cresource_id\u003e", + "ARNFormat": "arn:aws:shield::${Account}:${Resource}/${ResourceId}", "ARNRegex": "^arn:aws:shield::[0-9]+:.+/.+", "Actions": [ "AssociateDRTLogBucket", "AssociateDRTRole", + "AssociateHealthCheck", + "AssociateProactiveEngagementDetails", "CreateProtection", + "CreateProtectionGroup", "CreateSubscription", "DeleteProtection", + "DeleteProtectionGroup", "DeleteSubscription", "DescribeAttack", + "DescribeAttackStatistics", "DescribeDRTAccess", "DescribeEmergencyContactSettings", "DescribeProtection", + "DescribeProtectionGroup", "DescribeSubscription", + "DisableApplicationLayerAutomaticResponse", + "DisableProactiveEngagement", "DisassociateDRTLogBucket", "DisassociateDRTRole", + "DisassociateHealthCheck", + "EnableApplicationLayerAutomaticResponse", + "EnableProactiveEngagement", "GetSubscriptionState", "ListAttacks", + "ListProtectionGroups", "ListProtections", + "ListResourcesInProtectionGroup", + "ListTagsForResource", + "TagResource", + "UntagResource", + "UpdateApplicationLayerAutomaticResponse", "UpdateEmergencyContactSettings", + "UpdateProtectionGroup", "UpdateSubscription" ], "HasResource": true, - "StringPrefix": "shield" + "StringPrefix": "shield", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Signer": { + "ARNFormat": "arn:aws:signer:${Region}:${Account}:/${ResourceType}/${ResourceIdentifier}", + "ARNRegex": "^arn:aws:signer:.+", + "Actions": [ + "AddProfilePermission", + "CancelSigningProfile", + "DescribeSigningJob", + "GetRevocationStatus", + "GetSigningPlatform", + "GetSigningProfile", + "ListProfilePermissions", + "ListSigningJobs", + "ListSigningPlatforms", + "ListSigningProfiles", + "ListTagsForResource", + "PutSigningProfile", + "RemoveProfilePermission", + "RevokeSignature", + "RevokeSigningProfile", + "SignPayload", + "StartSigningJob", + "TagResource", + "UntagResource" + ], + "HasResource": true, + "StringPrefix": "signer", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "signer:ProfileVersion" + ] + }, + "AWS SimSpace Weaver": { + "ARNFormat": "arn:aws:simspaceweaver:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:simspaceweaver:.+:.+:.+", + "Actions": [ + "CreateSnapshot", + "DeleteApp", + "DeleteSimulation", + "DescribeApp", + "DescribeSimulation", + "ListApps", + "ListSimulations", + "ListTagsForResource", + "StartApp", + "StartClock", + "StartSimulation", + "StopApp", + "StopClock", + "StopSimulation", + "TagResource", + "UntagResource" + ], + "HasResource": true, + "StringPrefix": "simspaceweaver", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Snow Device Management": { + "ARNFormat": "arn:aws:snow-device-management:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "ARNRegex": "^arn:aws:snow-device-management:.+:.+:.+/.+", + "Actions": [ + "CancelTask", + "CreateTask", + "DescribeDevice", + "DescribeDeviceEc2Instances", + "DescribeExecution", + "DescribeTask", + "ListDeviceResources", + "ListDevices", + "ListExecutions", + "ListTagsForResource", + "ListTasks", + "TagResource", + "UntagResource" + ], + "HasResource": true, + "StringPrefix": "snow-device-management", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "AWS Snowball": { "Actions": [ @@ -4050,51 +8904,205 @@ "CreateAddress", "CreateCluster", "CreateJob", + "CreateLongTermPricing", + "CreateReturnShippingLabel", "DescribeAddress", "DescribeAddresses", "DescribeCluster", "DescribeJob", + "DescribeReturnShippingLabel", "GetJobManifest", "GetJobUnlockCode", "GetSnowballUsage", + "GetSoftwareUpdates", "ListClusterJobs", "ListClusters", + "ListCompatibleImages", "ListJobs", + "ListLongTermPricing", + "ListPickupLocations", + "ListServiceVersions", "UpdateCluster", - "UpdateJob" + "UpdateJob", + "UpdateJobShipmentState", + "UpdateLongTermPricing" ], "HasResource": false, "StringPrefix": "snowball" }, "AWS Step Functions": { - "ARNFormat": "arn:aws:\u003cserviceName\u003e:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e:\u003cresourceName\u003e", + "ARNFormat": "arn:aws:states:${Region}:${Account}:${ResourceType}:${ResourceName}", "ARNRegex": "^arn:aws:states:.+", "Actions": [ "CreateActivity", "CreateStateMachine", + "CreateStateMachineAlias", "DeleteActivity", "DeleteStateMachine", + "DeleteStateMachineAlias", + "DeleteStateMachineVersion", "DescribeActivity", "DescribeExecution", + "DescribeMapRun", "DescribeStateMachine", + "DescribeStateMachineAlias", "DescribeStateMachineForExecution", "GetActivityTask", "GetExecutionHistory", "ListActivities", "ListExecutions", + "ListMapRuns", + "ListStateMachineAliases", + "ListStateMachineVersions", "ListStateMachines", "ListTagsForResource", + "PublishStateMachineVersion", + "RedriveExecution", "SendTaskFailure", "SendTaskHeartbeat", "SendTaskSuccess", "StartExecution", + "StartSyncExecution", "StopExecution", "TagResource", "UntagResource", - "UpdateStateMachine" + "UpdateMapRun", + "UpdateStateMachine", + "UpdateStateMachineAlias" ], "HasResource": true, "StringPrefix": "states", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "states:StateMachineQualifier" + ] + }, + "AWS Storage Gateway": { + "ARNFormat": "arn:aws:storagegateway:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:storagegateway:.+", + "Actions": [ + "ActivateGateway", + "AddCache", + "AddTagsToResource", + "AddUploadBuffer", + "AddWorkingStorage", + "AssignTapePool", + "AssociateFileSystem", + "AttachVolume", + "BypassGovernanceRetention", + "CancelArchival", + "CancelRetrieval", + "CreateCachediSCSIVolume", + "CreateNFSFileShare", + "CreateSMBFileShare", + "CreateSnapshot", + "CreateSnapshotFromVolumeRecoveryPoint", + "CreateStorediSCSIVolume", + "CreateTapePool", + "CreateTapeWithBarcode", + "CreateTapes", + "DeleteAutomaticTapeCreationPolicy", + "DeleteBandwidthRateLimit", + "DeleteChapCredentials", + "DeleteFileShare", + "DeleteGateway", + "DeleteSnapshotSchedule", + "DeleteTape", + "DeleteTapeArchive", + "DeleteTapePool", + "DeleteVolume", + "DescribeAvailabilityMonitorTest", + "DescribeBandwidthRateLimit", + "DescribeBandwidthRateLimitSchedule", + "DescribeCache", + "DescribeCachediSCSIVolumes", + "DescribeChapCredentials", + "DescribeFileSystemAssociations", + "DescribeGatewayInformation", + "DescribeMaintenanceStartTime", + "DescribeNFSFileShares", + "DescribeSMBFileShares", + "DescribeSMBSettings", + "DescribeSnapshotSchedule", + "DescribeStorediSCSIVolumes", + "DescribeTapeArchives", + "DescribeTapeRecoveryPoints", + "DescribeTapes", + "DescribeUploadBuffer", + "DescribeVTLDevices", + "DescribeWorkingStorage", + "DetachVolume", + "DisableGateway", + "DisassociateFileSystem", + "JoinDomain", + "ListAutomaticTapeCreationPolicies", + "ListFileShares", + "ListFileSystemAssociations", + "ListGateways", + "ListLocalDisks", + "ListTagsForResource", + "ListTapePools", + "ListTapes", + "ListVolumeInitiators", + "ListVolumeRecoveryPoints", + "ListVolumes", + "NotifyWhenUploaded", + "RefreshCache", + "RemoveTagsFromResource", + "ResetCache", + "RetrieveTapeArchive", + "RetrieveTapeRecoveryPoint", + "SetLocalConsolePassword", + "SetSMBGuestPassword", + "ShutdownGateway", + "StartAvailabilityMonitorTest", + "StartGateway", + "UpdateAutomaticTapeCreationPolicy", + "UpdateBandwidthRateLimit", + "UpdateBandwidthRateLimitSchedule", + "UpdateChapCredentials", + "UpdateFileSystemAssociation", + "UpdateGatewayInformation", + "UpdateGatewaySoftwareNow", + "UpdateMaintenanceStartTime", + "UpdateNFSFileShare", + "UpdateSMBFileShare", + "UpdateSMBFileShareVisibility", + "UpdateSMBLocalGroups", + "UpdateSMBSecurityStrategy", + "UpdateSnapshotSchedule", + "UpdateVTLDeviceType" + ], + "HasResource": true, + "StringPrefix": "storagegateway", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Supply Chain": { + "ARNFormat": "arn:aws:scn:${Region}:${Account}:instance/", + "ARNRegex": "^arn:aws:scn:.+", + "Actions": [ + "AssignAdminPermissionsToUser", + "CreateInstance", + "CreateSSOApplication", + "DeleteInstance", + "DeleteSSOApplication", + "DescribeInstance", + "ListAdminUsers", + "ListInstances", + "ListTagsForResource", + "RemoveAdminPermissionsForUser", + "TagResource", + "UntagResource", + "UpdateInstance" + ], + "HasResource": true, + "StringPrefix": "scn", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", @@ -4109,11 +9117,14 @@ "DescribeAttachment", "DescribeCaseAttributes", "DescribeCases", + "DescribeCommunication", "DescribeCommunications", + "DescribeCreateCaseOptions", "DescribeIssueTypes", "DescribeServices", "DescribeSeverityLevels", "DescribeSupportLevel", + "DescribeSupportedLanguages", "DescribeTrustedAdvisorCheckRefreshStatuses", "DescribeTrustedAdvisorCheckResult", "DescribeTrustedAdvisorCheckSummaries", @@ -4129,11 +9140,52 @@ "HasResource": false, "StringPrefix": "support" }, + "AWS Support App in Slack": { + "Actions": [ + "CreateSlackChannelConfiguration", + "DeleteAccountAlias", + "DeleteSlackChannelConfiguration", + "DeleteSlackWorkspaceConfiguration", + "DescribeSlackChannels", + "GetAccountAlias", + "GetSlackOauthParameters", + "ListSlackChannelConfigurations", + "ListSlackWorkspaceConfigurations", + "PutAccountAlias", + "RedeemSlackOauthCode", + "RegisterSlackWorkspaceForOrganization", + "UpdateSlackChannelConfiguration" + ], + "HasResource": false, + "StringPrefix": "supportapp" + }, + "AWS Support Plans": { + "ARNFormat": "^arn:${Partition}:supportplans::${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:${Partition}:supportplans::.+:.+", + "Actions": [ + "CreateSupportPlanSchedule", + "GetSupportPlan", + "GetSupportPlanUpdateStatus", + "StartSupportPlanUpdate" + ], + "HasResource": false, + "StringPrefix": "supportplans" + }, + "AWS Sustainability": { + "ARNFormat": "arn:${Partition}:sustainability:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:${Partition}:sustainability:.+:.+:.+", + "Actions": [ + "GetCarbonFootprintSummary" + ], + "HasResource": false, + "StringPrefix": "sustainability" + }, "AWS Systems Manager": { - "ARNFormat": "arn:aws:ssm:\u003cregion\u003e:\u003caccount_ID\u003e:\u003crelative-id\u003e", + "ARNFormat": "arn:aws:ssm:${Region}:${Account}:${RelativeId}", "ARNRegex": "^arn:aws:(ssm|ec2):.+", "Actions": [ "AddTagsToResource", + "AssociateOpsItemRelatedItem", "CancelCommand", "CancelMaintenanceWindowExecution", "CreateActivation", @@ -4142,6 +9194,7 @@ "CreateDocument", "CreateMaintenanceWindow", "CreateOpsItem", + "CreateOpsMetadata", "CreatePatchBaseline", "CreateResourceDataSync", "DeleteActivation", @@ -4149,10 +9202,13 @@ "DeleteDocument", "DeleteInventory", "DeleteMaintenanceWindow", + "DeleteOpsItem", + "DeleteOpsMetadata", "DeleteParameter", "DeleteParameters", "DeletePatchBaseline", "DeleteResourceDataSync", + "DeleteResourcePolicy", "DeregisterManagedInstance", "DeregisterPatchBaselineForPatchGroup", "DeregisterTargetFromMaintenanceWindow", @@ -4191,7 +9247,10 @@ "DescribePatchGroups", "DescribePatchProperties", "DescribeSessions", + "DisassociateOpsItemRelatedItem", "GetAutomationExecution", + "GetCalendar", + "GetCalendarState", "GetCommandInvocation", "GetConnectionStatus", "GetDefaultPatchBaseline", @@ -4206,6 +9265,7 @@ "GetMaintenanceWindowTask", "GetManifest", "GetOpsItem", + "GetOpsMetadata", "GetOpsSummary", "GetParameter", "GetParameterHistory", @@ -4213,6 +9273,7 @@ "GetParametersByPath", "GetPatchBaseline", "GetPatchBaselineForPatchGroup", + "GetResourcePolicies", "GetServiceSetting", "LabelParameterVersion", "ListAssociationVersions", @@ -4221,19 +9282,26 @@ "ListCommands", "ListComplianceItems", "ListComplianceSummaries", + "ListDocumentMetadataHistory", "ListDocumentVersions", "ListDocuments", "ListInstanceAssociations", "ListInventoryEntries", + "ListOpsItemEvents", + "ListOpsItemRelatedItems", + "ListOpsMetadata", "ListResourceComplianceSummaries", "ListResourceDataSync", "ListTagsForResource", "ModifyDocumentPermission", + "PutCalendar", "PutComplianceItems", "PutConfigurePackageResult", "PutInventory", "PutParameter", + "PutResourcePolicy", "RegisterDefaultPatchBaseline", + "RegisterManagedInstance", "RegisterPatchBaselineForPatchGroup", "RegisterTargetWithMaintenanceWindow", "RegisterTaskWithMaintenanceWindow", @@ -4244,13 +9312,16 @@ "SendCommand", "StartAssociationsOnce", "StartAutomationExecution", + "StartChangeRequestExecution", "StartSession", "StopAutomationExecution", "TerminateSession", + "UnlabelParameterVersion", "UpdateAssociation", "UpdateAssociationStatus", "UpdateDocument", "UpdateDocumentDefaultVersion", + "UpdateDocumentMetadata", "UpdateInstanceAssociationStatus", "UpdateInstanceInformation", "UpdateMaintenanceWindow", @@ -4258,6 +9329,7 @@ "UpdateMaintenanceWindowTask", "UpdateManagedInstanceRole", "UpdateOpsItem", + "UpdateOpsMetadata", "UpdatePatchBaseline", "UpdateResourceDataSync", "UpdateServiceSetting" @@ -4268,33 +9340,298 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ec2:SourceInstanceARN", + "ssm:AutoApprove", + "ssm:DocumentCategories", "ssm:Overwrite", "ssm:Recursive", "ssm:SessionDocumentAccessCheck", + "ssm:SourceInstanceARN", "ssm:SyncType", + "ssm:resourceTag/${TagKey}", + "ssm:resourceTag/aws:ssmmessages:session-id", + "ssm:resourceTag/aws:ssmmessages:target-id", "ssm:resourceTag/tag-key" ] }, - "AWS Transfer for SFTP": { - "ARNFormat": "arn:aws:transfer:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "AWS Systems Manager GUI Connect": { + "Actions": [ + "CancelConnection", + "GetConnection", + "StartConnection" + ], + "HasResource": false, + "StringPrefix": "ssm-guiconnect" + }, + "AWS Systems Manager Incident Manager": { + "ARNFormat": "arn:aws:ssm-incidents::${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:ssm-incidents::.+:.+", + "Actions": [ + "BatchGetIncidentFindings", + "CreateReplicationSet", + "CreateResponsePlan", + "CreateTimelineEvent", + "DeleteIncidentRecord", + "DeleteReplicationSet", + "DeleteResourcePolicy", + "DeleteResponsePlan", + "DeleteTimelineEvent", + "GetIncidentRecord", + "GetReplicationSet", + "GetResourcePolicies", + "GetResponsePlan", + "GetTimelineEvent", + "ListIncidentFindings", + "ListIncidentRecords", + "ListRelatedItems", + "ListReplicationSets", + "ListResponsePlans", + "ListTagsForResource", + "ListTimelineEvents", + "PutResourcePolicy", + "StartIncident", + "TagResource", + "UntagResource", + "UpdateDeletionProtection", + "UpdateIncidentRecord", + "UpdateRelatedItems", + "UpdateReplicationSet", + "UpdateResponsePlan", + "UpdateTimelineEvent" + ], + "HasResource": true, + "StringPrefix": "ssm-incidents", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Systems Manager Incident Manager Contacts": { + "ARNFormat": "arn:aws:ssm-contacts:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:ssm-contacts:.+", + "Actions": [ + "AcceptPage", + "ActivateContactChannel", + "AssociateContact", + "CreateContact", + "CreateContactChannel", + "CreateRotation", + "CreateRotationOverride", + "DeactivateContactChannel", + "DeleteContact", + "DeleteContactChannel", + "DeleteRotation", + "DeleteRotationOverride", + "DescribeEngagement", + "DescribePage", + "GetContact", + "GetContactChannel", + "GetContactPolicy", + "GetRotation", + "GetRotationOverride", + "ListContactChannels", + "ListContacts", + "ListEngagements", + "ListPageReceipts", + "ListPageResolutions", + "ListPagesByContact", + "ListPagesByEngagement", + "ListPreviewRotationShifts", + "ListRotationOverrides", + "ListRotationShifts", + "ListRotations", + "ListTagsForResource", + "PutContactPolicy", + "SendActivationCode", + "StartEngagement", + "StopEngagement", + "TagResource", + "UntagResource", + "UpdateContact", + "UpdateContactChannel", + "UpdateRotation" + ], + "HasResource": true, + "StringPrefix": "ssm-contacts", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Systems Manager for SAP": { + "ARNFormat": "arn:aws:ssm-sap:${Region}:${Account}:${ApplicationType}/${ApplicationId}", + "ARNRegex": "^arn:aws:ssm-sap:.+", + "Actions": [ + "BackupDatabase", + "DeleteResourcePermission", + "DeregisterApplication", + "GetApplication", + "GetComponent", + "GetDatabase", + "GetOperation", + "GetResourcePermission", + "ListApplications", + "ListComponents", + "ListDatabases", + "ListOperations", + "ListTagsForResource", + "PutResourcePermission", + "RegisterApplication", + "RestoreDatabase", + "StartApplicationRefresh", + "TagResource", + "UntagResource", + "UpdateApplicationSettings", + "UpdateHANABackupSettings" + ], + "HasResource": true, + "StringPrefix": "ssm-sap", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Tax Settings": { + "Actions": [ + "BatchPutTaxRegistration", + "DeleteTaxRegistration", + "GetExemptions", + "GetTaxInheritance", + "GetTaxInterview", + "GetTaxRegistration", + "GetTaxRegistrationDocument", + "ListTaxRegistrations", + "PutTaxInheritance", + "PutTaxInterview", + "PutTaxRegistration", + "UpdateExemptions" + ], + "HasResource": false, + "StringPrefix": "tax" + }, + "AWS Telco Network Builder": { + "ARNFormat": "arn:aws:tnb:${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:aws:tnb:.+", + "Actions": [ + "CancelSolNetworkOperation", + "CreateSolFunctionPackage", + "CreateSolNetworkInstance", + "CreateSolNetworkPackage", + "DeleteSolFunctionPackage", + "DeleteSolNetworkInstance", + "DeleteSolNetworkPackage", + "GetSolFunctionInstance", + "GetSolFunctionPackage", + "GetSolFunctionPackageContent", + "GetSolFunctionPackageDescriptor", + "GetSolNetworkInstance", + "GetSolNetworkOperation", + "GetSolNetworkPackage", + "GetSolNetworkPackageContent", + "GetSolNetworkPackageDescriptor", + "InstantiateSolNetworkInstance", + "ListSolFunctionInstances", + "ListSolFunctionPackages", + "ListSolNetworkInstances", + "ListSolNetworkOperations", + "ListSolNetworkPackages", + "ListTagsForResource", + "PutSolFunctionPackageContent", + "PutSolNetworkPackageContent", + "TagResource", + "TerminateSolNetworkInstance", + "UntagResource", + "UpdateSolFunctionPackage", + "UpdateSolNetworkInstance", + "UpdateSolNetworkPackage", + "ValidateSolFunctionPackageContent", + "ValidateSolNetworkPackageContent" + ], + "HasResource": true, + "StringPrefix": "tnb", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Tiros": { + "ARNFormat": "arn:${Partition}:tiros:${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:aws:tiros::.+", + "Actions": [ + "CreateQuery", + "ExtendQuery", + "GetQueryAnswer", + "GetQueryExplanation", + "GetQueryExtensionAccounts" + ], + "HasResource": false, + "StringPrefix": "tiros" + }, + "AWS Transfer Family": { + "ARNFormat": "arn:aws:transfer:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:transfer:.+:.+:.+", "Actions": [ + "CreateAccess", + "CreateAgreement", + "CreateConnector", + "CreateProfile", "CreateServer", "CreateUser", + "CreateWorkflow", + "DeleteAccess", + "DeleteAgreement", + "DeleteCertificate", + "DeleteConnector", + "DeleteHostKey", + "DeleteProfile", "DeleteServer", "DeleteSshPublicKey", "DeleteUser", + "DeleteWorkflow", + "DescribeAccess", + "DescribeAgreement", + "DescribeCertificate", + "DescribeConnector", + "DescribeExecution", + "DescribeHostKey", + "DescribeProfile", + "DescribeSecurityPolicy", "DescribeServer", "DescribeUser", + "DescribeWorkflow", + "ImportCertificate", + "ImportHostKey", "ImportSshPublicKey", + "ListAccesses", + "ListAgreements", + "ListCertificates", + "ListConnectors", + "ListExecutions", + "ListHostKeys", + "ListProfiles", + "ListSecurityPolicies", "ListServers", "ListTagsForResource", "ListUsers", + "ListWorkflows", + "SendWorkflowStepState", + "StartFileTransfer", "StartServer", "StopServer", "TagResource", + "TestConnection", "TestIdentityProvider", "UntagResource", + "UpdateAccess", + "UpdateAgreement", + "UpdateCertificate", + "UpdateConnector", + "UpdateHostKey", + "UpdateProfile", "UpdateServer", "UpdateUser" ], @@ -4307,27 +9644,119 @@ ] }, "AWS Trusted Advisor": { - "ARNFormat": "arn:aws:trustedadvisor:*:\u003caccount_ID\u003e:checks/{category}/{checkId}", - "ARNRegex": "arn:aws:trustedadvisor:*", + "ARNFormat": "arn:aws:trustedadvisor:${Region}:${Account}:checks/${Category}/${CheckId}", + "ARNRegex": "^arn:aws:trustedadvisor:.*", "Actions": [ + "CreateEngagement", + "CreateEngagementAttachment", + "CreateEngagementCommunication", + "DeleteNotificationConfigurationForDelegatedAdmin", "DescribeAccount", "DescribeAccountAccess", "DescribeCheckItems", "DescribeCheckRefreshStatuses", + "DescribeCheckStatusHistoryChanges", "DescribeCheckSummaries", "DescribeChecks", + "DescribeNotificationConfigurations", "DescribeNotificationPreferences", + "DescribeOrganization", + "DescribeOrganizationAccounts", + "DescribeReports", + "DescribeRisk", + "DescribeRiskResources", + "DescribeRisks", + "DescribeServiceMetadata", + "DownloadRisk", "ExcludeCheckItems", + "GenerateReport", + "GetEngagement", + "GetEngagementAttachment", + "GetEngagementType", "IncludeCheckItems", + "ListAccountsForParent", + "ListEngagementCommunications", + "ListEngagementTypes", + "ListEngagements", + "ListOrganizationalUnitsForParent", + "ListRoots", "RefreshCheck", "SetAccountAccess", - "UpdateNotificationPreferences" + "SetOrganizationAccess", + "UpdateEngagement", + "UpdateEngagementStatus", + "UpdateNotificationConfigurations", + "UpdateNotificationPreferences", + "UpdateRiskStatus" + ], + "HasResource": true, + "StringPrefix": "trustedadvisor" + }, + "AWS User Notifications": { + "ARNFormat": "arn:aws:notifications::${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:notifications:.*:.+:.+", + "Actions": [ + "AssociateChannel", + "CreateEventRule", + "CreateNotificationConfiguration", + "DeleteEventRule", + "DeleteNotificationConfiguration", + "DeregisterNotificationHub", + "DisassociateChannel", + "GetEventRule", + "GetNotificationConfiguration", + "GetNotificationEvent", + "ListChannels", + "ListEventRules", + "ListNotificationConfigurations", + "ListNotificationEvents", + "ListNotificationHubs", + "ListTagsForResource", + "RegisterNotificationHub", + "TagResource", + "UntagResource", + "UpdateEventRule", + "UpdateNotificationConfiguration" + ], + "HasResource": true, + "StringPrefix": "notifications", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS User Notifications Contacts": { + "ARNFormat": "arn:aws:notifications-contacts::${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:notifications-contacts::.+:.+", + "Actions": [ + "ActivateEmailContact", + "CreateEmailContact", + "DeleteEmailContact", + "GetEmailContact", + "ListEmailContacts", + "ListTagsForResource", + "SendActivationCode", + "TagResource", + "UntagResource" + ], + "HasResource": true, + "StringPrefix": "notifications-contacts", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Verified Access": { + "Actions": [ + "AllowVerifiedAccess" ], - "HasResource": true, - "StringPrefix": "trustedadvisor" + "HasResource": false, + "StringPrefix": "verified-access" }, "AWS WAF": { - "ARNFormat": "arn:aws:waf::\u003caccount_ID\u003e:\u003cresource\u003e/\u003cresource_id\u003e", + "ARNFormat": "arn:aws:waf::${Account}:${ResourceId}/${Id}", "ARNRegex": "^arn:aws:waf::[0-9]+:.+/.+", "Actions": [ "CreateByteMatchSet", @@ -4341,6 +9770,7 @@ "CreateSizeConstraintSet", "CreateSqlInjectionMatchSet", "CreateWebACL", + "CreateWebACLMigrationStack", "CreateXssMatchSet", "DeleteByteMatchSet", "DeleteGeoMatchSet", @@ -4416,7 +9846,7 @@ ] }, "AWS WAF Regional": { - "ARNFormat": "arn:aws:waf-regional:\u003cregion\u003e:\u003caccount_ID\u003e:\u003cresource\u003e/\u003cresource_id\u003e", + "ARNFormat": "arn:aws:waf-regional:${Region}:${Account}:${ResourceId}/${Id}", "ARNRegex": "^arn:aws:waf-regional:.+:[0-9]+:.+/.+", "Actions": [ "AssociateWebACL", @@ -4431,6 +9861,7 @@ "CreateSizeConstraintSet", "CreateSqlInjectionMatchSet", "CreateWebACL", + "CreateWebACLMigrationStack", "CreateXssMatchSet", "DeleteByteMatchSet", "DeleteGeoMatchSet", @@ -4509,42 +9940,61 @@ ] }, "AWS WAF V2": { - "ARNFormat": "arn:aws:wafv2:\u003cregion\u003e:\u003caccount-id\u003e:\u003cscope\u003e/\u003cresource-type\u003e/\u003cresource-name\u003e/\u003cresource-id\u003e", - "ARNRegex": "^arn:aws:wafv2:.+:[0-9]+:.+/.+/.+/.+", + "ARNFormat": "arn:aws:wafv2:${Region}:${Account}:${Scope}/${ResourceType}/${ResourceName}/${ResourceId}", + "ARNRegex": "^arn:aws:wafv2:.+:.+:.+/.+/.+/.+", "Actions": [ "AssociateWebACL", "CheckCapacity", + "CreateAPIKey", "CreateIPSet", "CreateRegexPatternSet", "CreateRuleGroup", "CreateWebACL", + "DeleteFirewallManagerRuleGroups", "DeleteIPSet", "DeleteLoggingConfiguration", + "DeletePermissionPolicy", "DeleteRegexPatternSet", "DeleteRuleGroup", "DeleteWebACL", + "DescribeAllManagedProducts", + "DescribeManagedProductsByVendor", "DescribeManagedRuleGroup", + "DisassociateFirewallManager", "DisassociateWebACL", + "GenerateMobileSdkReleaseUrl", + "GetDecryptedAPIKey", "GetIPSet", "GetLoggingConfiguration", + "GetManagedRuleSet", + "GetMobileSdkRelease", + "GetPermissionPolicy", "GetRateBasedStatementManagedKeys", "GetRegexPatternSet", "GetRuleGroup", "GetSampledRequests", "GetWebACL", "GetWebACLForResource", + "ListAPIKeys", + "ListAvailableManagedRuleGroupVersions", "ListAvailableManagedRuleGroups", "ListIPSets", "ListLoggingConfigurations", + "ListManagedRuleSets", + "ListMobileSdkReleases", "ListRegexPatternSets", "ListResourcesForWebACL", "ListRuleGroups", "ListTagsForResource", "ListWebACLs", + "PutFirewallManagerRuleGroups", "PutLoggingConfiguration", + "PutManagedRuleSetVersions", + "PutPermissionPolicy", "TagResource", "UntagResource", "UpdateIPSet", + "UpdateManagedRuleSetVersionExpiryDate", "UpdateRegexPatternSet", "UpdateRuleGroup", "UpdateWebACL" @@ -4558,30 +10008,127 @@ ] }, "AWS Well-Architected Tool": { - "ARNFormat": "arn:aws:wellarchitected:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", - "ARNRegex": "^arn:${Partition}:wellarchitected:.+", + "ARNFormat": "arn:aws:wellarchitected:${Region}:${Account}:${ResourceName}/${ResourceId}", + "ARNRegex": "^arn:aws:wellarchitected:.+", "Actions": [ + "AssociateLenses", + "AssociateProfiles", + "CreateLensShare", + "CreateLensVersion", + "CreateMilestone", + "CreateProfile", + "CreateProfileShare", + "CreateReviewTemplate", + "CreateTemplateShare", "CreateWorkload", "CreateWorkloadShare", + "DeleteLens", + "DeleteLensShare", + "DeleteProfile", + "DeleteProfileShare", + "DeleteReviewTemplate", + "DeleteTemplateShare", "DeleteWorkload", + "DeleteWorkloadShare", + "DisassociateLenses", + "DisassociateProfiles", + "ExportLens", + "GetAnswer", + "GetConsolidatedReport", + "GetLens", + "GetLensReview", + "GetLensReviewReport", + "GetLensVersionDifference", + "GetMilestone", + "GetProfile", + "GetProfileTemplate", + "GetReviewTemplate", + "GetReviewTemplateAnswer", + "GetReviewTemplateLensReview", "GetWorkload", - "ListWorkloads" + "ImportLens", + "ListAnswers", + "ListCheckDetails", + "ListCheckSummaries", + "ListLensReviewImprovements", + "ListLensReviews", + "ListLensShares", + "ListLenses", + "ListMilestones", + "ListNotifications", + "ListProfileNotifications", + "ListProfileShares", + "ListProfiles", + "ListReviewTemplateAnswers", + "ListReviewTemplates", + "ListShareInvitations", + "ListTagsForResource", + "ListTemplateShares", + "ListWorkloadShares", + "ListWorkloads", + "TagResource", + "UntagResource", + "UpdateAnswer", + "UpdateGlobalSettings", + "UpdateLensReview", + "UpdateProfile", + "UpdateReviewTemplate", + "UpdateReviewTemplateAnswer", + "UpdateReviewTemplateLensReview", + "UpdateShareInvitation", + "UpdateWorkload", + "UpdateWorkloadShare", + "UpgradeLensReview", + "UpgradeProfileVersion", + "UpgradeReviewTemplateLensReview" + ], + "HasResource": true, + "StringPrefix": "wellarchitected", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS Wickr": { + "ARNFormat": "arn:aws:wickr:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:wickr:.+:.+:.+", + "Actions": [ + "CreateAdminSession", + "CreateNetwork", + "ListNetworks", + "ListTagsForResource", + "TagResource", + "UntagResource", + "UpdateNetworkDetails" ], "HasResource": true, - "StringPrefix": "wellarchitected" + "StringPrefix": "wickr", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "AWS X-Ray": { - "ARNFormat": "arn:${Partition}:xray:${Region}:${Account}:${ResourceType}/${ResourceId}", - "ARNRegex": "^arn:${Partition}:xray:.+", + "ARNFormat": "arn:aws:xray:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:xray:.+", "Actions": [ + "BatchGetTraceSummaryById", "BatchGetTraces", "CreateGroup", "CreateSamplingRule", "DeleteGroup", + "DeleteResourcePolicy", "DeleteSamplingRule", + "GetDistinctTraceGraphs", "GetEncryptionConfig", "GetGroup", "GetGroups", + "GetInsight", + "GetInsightEvents", + "GetInsightImpactGraph", + "GetInsightSummaries", "GetSamplingRules", "GetSamplingStatisticSummaries", "GetSamplingTargets", @@ -4589,21 +10136,72 @@ "GetTimeSeriesServiceStatistics", "GetTraceGraph", "GetTraceSummaries", + "Link", + "ListResourcePolicies", + "ListTagsForResource", "PutEncryptionConfig", + "PutResourcePolicy", "PutTelemetryRecords", "PutTraceSegments", + "TagResource", + "UntagResource", "UpdateGroup", "UpdateSamplingRule" ], "HasResource": true, - "StringPrefix": "xray" + "StringPrefix": "xray", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "AWS service providing managed private networks": { + "ARNFormat": "arn:aws:private-networks:${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:aws:private-networks:.+", + "Actions": [ + "AcknowledgeOrderReceipt", + "ActivateDeviceIdentifier", + "ActivateNetworkSite", + "ConfigureAccessPoint", + "CreateNetwork", + "CreateNetworkSite", + "DeactivateDeviceIdentifier", + "DeleteNetwork", + "DeleteNetworkSite", + "GetDeviceIdentifier", + "GetNetwork", + "GetNetworkResource", + "GetNetworkSite", + "GetOrder", + "ListDeviceIdentifiers", + "ListNetworkResources", + "ListNetworkSites", + "ListNetworks", + "ListOrders", + "ListTagsForResource", + "Ping", + "StartNetworkResourceUpdate", + "TagResource", + "UntagResource", + "UpdateNetworkSite", + "UpdateNetworkSitePlan" + ], + "HasResource": true, + "StringPrefix": "private-networks", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "Alexa for Business": { - "ARNFormat": "arn:aws:a4b:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_id\u003e", + "ARNFormat": "arn:aws:a4b:${Region}:${Account}:${ResourceType}/${ResourceId}", "ARNRegex": "^arn:aws:a4b:.+:.+:.+", "Actions": [ "ApproveSkill", "AssociateContactWithAddressBook", + "AssociateDeviceWithNetworkProfile", "AssociateDeviceWithRoom", "AssociateSkillGroupWithRoom", "AssociateSkillWithSkillGroup", @@ -4613,6 +10211,8 @@ "CreateBusinessReportSchedule", "CreateConferenceProvider", "CreateContact", + "CreateGatewayGroup", + "CreateNetworkProfile", "CreateProfile", "CreateRoom", "CreateSkillGroup", @@ -4622,6 +10222,9 @@ "DeleteConferenceProvider", "DeleteContact", "DeleteDevice", + "DeleteDeviceUsageData", + "DeleteGatewayGroup", + "DeleteNetworkProfile", "DeleteProfile", "DeleteRoom", "DeleteRoomSkillParameter", @@ -4639,6 +10242,9 @@ "GetConferenceProvider", "GetContact", "GetDevice", + "GetGateway", + "GetGatewayGroup", + "GetInvitationConfiguration", "GetNetworkProfile", "GetProfile", "GetRoom", @@ -4647,6 +10253,8 @@ "ListBusinessReportSchedules", "ListConferenceProviders", "ListDeviceEvents", + "ListGatewayGroups", + "ListGateways", "ListSkills", "ListSkillsStoreCategories", "ListSkillsStoreSkillsByCategory", @@ -4654,6 +10262,7 @@ "ListTags", "PutConferencePreference", "PutDeviceSetupEvents", + "PutInvitationConfiguration", "PutRoomSkillParameter", "PutSkillAuthorization", "RegisterAVSDevice", @@ -4669,6 +10278,7 @@ "SearchRooms", "SearchSkillGroups", "SearchUsers", + "SendAnnouncement", "SendInvitation", "StartDeviceSync", "StartSmartHomeApplianceDiscovery", @@ -4679,6 +10289,9 @@ "UpdateConferenceProvider", "UpdateContact", "UpdateDevice", + "UpdateGateway", + "UpdateGatewayGroup", + "UpdateNetworkProfile", "UpdateProfile", "UpdateRoom", "UpdateSkillGroup" @@ -4704,23 +10317,206 @@ "HasResource": true, "StringPrefix": "execute-api" }, + "Amazon API Gateway Management": { + "ARNFormat": "arn:aws:apigateway:${Region}::${ApiGatewayResourcePath}", + "ARNRegex": "^arn:aws:apigateway:.+", + "Actions": [ + "AddCertificateToDomain", + "DELETE", + "GET", + "PATCH", + "POST", + "PUT", + "RemoveCertificateFromDomain", + "SetWebACL", + "UpdateRestApiPolicy" + ], + "HasResource": true, + "StringPrefix": "apigateway", + "conditionKeys": [ + "apigateway:Request/AccessLoggingDestination", + "apigateway:Request/AccessLoggingFormat", + "apigateway:Request/ApiKeyRequired", + "apigateway:Request/ApiName", + "apigateway:Request/AuthorizerType", + "apigateway:Request/AuthorizerUri", + "apigateway:Request/DisableExecuteApiEndpoint", + "apigateway:Request/EndpointType", + "apigateway:Request/MtlsTrustStoreUri", + "apigateway:Request/MtlsTrustStoreVersion", + "apigateway:Request/RouteAuthorizationType", + "apigateway:Request/SecurityPolicy", + "apigateway:Request/StageName", + "apigateway:Resource/AccessLoggingDestination", + "apigateway:Resource/AccessLoggingFormat", + "apigateway:Resource/ApiKeyRequired", + "apigateway:Resource/ApiName", + "apigateway:Resource/AuthorizerType", + "apigateway:Resource/AuthorizerUri", + "apigateway:Resource/DisableExecuteApiEndpoint", + "apigateway:Resource/EndpointType", + "apigateway:Resource/MtlsTrustStoreUri", + "apigateway:Resource/MtlsTrustStoreVersion", + "apigateway:Resource/RouteAuthorizationType", + "apigateway:Resource/SecurityPolicy", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon API Gateway Management V2": { + "ARNFormat": "arn:aws:apigateway:${Region}::${ApiGatewayResourcePath}", + "ARNRegex": "^arn:aws:apigateway:.+", + "Actions": [ + "DELETE", + "GET", + "PATCH", + "POST", + "PUT" + ], + "HasResource": true, + "StringPrefix": "apigateway", + "conditionKeys": [ + "apigateway:Request/AccessLoggingDestination", + "apigateway:Request/AccessLoggingFormat", + "apigateway:Request/ApiKeyRequired", + "apigateway:Request/ApiName", + "apigateway:Request/AuthorizerType", + "apigateway:Request/AuthorizerUri", + "apigateway:Request/DisableExecuteApiEndpoint", + "apigateway:Request/EndpointType", + "apigateway:Request/MtlsTrustStoreUri", + "apigateway:Request/MtlsTrustStoreVersion", + "apigateway:Request/RouteAuthorizationType", + "apigateway:Request/SecurityPolicy", + "apigateway:Request/StageName", + "apigateway:Resource/AccessLoggingDestination", + "apigateway:Resource/AccessLoggingFormat", + "apigateway:Resource/ApiKeyRequired", + "apigateway:Resource/ApiName", + "apigateway:Resource/AuthorizerType", + "apigateway:Resource/AuthorizerUri", + "apigateway:Resource/DisableExecuteApiEndpoint", + "apigateway:Resource/EndpointType", + "apigateway:Resource/MtlsTrustStoreUri", + "apigateway:Resource/MtlsTrustStoreVersion", + "apigateway:Resource/RouteAuthorizationType", + "apigateway:Resource/SecurityPolicy", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon AppFlow": { + "ARNFormat": "arn:aws:appflow:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:appflow:.+:.+:.+", + "Actions": [ + "CancelFlowExecutions", + "CreateConnectorProfile", + "CreateFlow", + "DeleteConnectorProfile", + "DeleteFlow", + "DescribeConnector", + "DescribeConnectorEntity", + "DescribeConnectorFields", + "DescribeConnectorProfiles", + "DescribeConnectors", + "DescribeFlow", + "DescribeFlowExecution", + "DescribeFlowExecutionRecords", + "DescribeFlows", + "ListConnectorEntities", + "ListConnectorFields", + "ListConnectors", + "ListFlows", + "ListTagsForResource", + "RegisterConnector", + "ResetConnectorMetadataCache", + "RunFlow", + "StartFlow", + "StopFlow", + "TagResource", + "UnRegisterConnector", + "UntagResource", + "UpdateConnectorProfile", + "UpdateConnectorRegistration", + "UpdateFlow", + "UseConnectorProfile" + ], + "HasResource": true, + "StringPrefix": "appflow", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon AppIntegrations": { + "ARNFormat": "arn:aws:app-integrations:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:app-integrations:.+:.+:.+", + "Actions": [ + "CreateApplication", + "CreateDataIntegration", + "CreateDataIntegrationAssociation", + "CreateEventIntegration", + "CreateEventIntegrationAssociation", + "DeleteDataIntegration", + "DeleteDataIntegrationAssociation", + "DeleteEventIntegration", + "DeleteEventIntegrationAssociation", + "GetApplication", + "GetDataIntegration", + "GetEventIntegration", + "ListApplications", + "ListDataIntegrationAssociations", + "ListDataIntegrations", + "ListEventIntegrationAssociations", + "ListEventIntegrations", + "ListTagsForResource", + "TagResource", + "UntagResource", + "UpdateApplication", + "UpdateDataIntegration", + "UpdateEventIntegration" + ], + "HasResource": true, + "StringPrefix": "app-integrations", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "Amazon AppStream 2.0": { - "ARNFormat": "arn:aws:appstream:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourcePath\u003e", + "ARNFormat": "arn:aws:appstream:${Region}:${Account}:${ResourceType}/${ResourcePath}", "ARNRegex": "^arn:aws:appstream:.+", "Actions": [ + "AssociateAppBlockBuilderAppBlock", + "AssociateApplicationFleet", + "AssociateApplicationToEntitlement", "AssociateFleet", "BatchAssociateUserStack", "BatchDisassociateUserStack", "CopyImage", + "CreateAppBlock", + "CreateAppBlockBuilder", + "CreateAppBlockBuilderStreamingURL", + "CreateApplication", "CreateDirectoryConfig", + "CreateEntitlement", "CreateFleet", "CreateImageBuilder", "CreateImageBuilderStreamingURL", "CreateStack", "CreateStreamingURL", + "CreateUpdatedImage", "CreateUsageReportSubscription", "CreateUser", + "DeleteAppBlock", + "DeleteAppBlockBuilder", + "DeleteApplication", "DeleteDirectoryConfig", + "DeleteEntitlement", "DeleteFleet", "DeleteImage", "DeleteImageBuilder", @@ -4728,7 +10524,13 @@ "DeleteStack", "DeleteUsageReportSubscription", "DeleteUser", + "DescribeAppBlockBuilderAppBlockAssociations", + "DescribeAppBlockBuilders", + "DescribeAppBlocks", + "DescribeApplicationFleetAssociations", + "DescribeApplications", "DescribeDirectoryConfigs", + "DescribeEntitlements", "DescribeFleets", "DescribeImageBuilders", "DescribeImagePermissions", @@ -4739,22 +10541,29 @@ "DescribeUserStackAssociations", "DescribeUsers", "DisableUser", + "DisassociateAppBlockBuilderAppBlock", + "DisassociateApplicationFleet", + "DisassociateApplicationFromEntitlement", "DisassociateFleet", "EnableUser", "ExpireSession", - "GetImageBuilders", - "GetParametersForThemeAssetUpload", "ListAssociatedFleets", "ListAssociatedStacks", + "ListEntitledApplications", "ListTagsForResource", + "StartAppBlockBuilder", "StartFleet", "StartImageBuilder", + "StopAppBlockBuilder", "StopFleet", "StopImageBuilder", "Stream", "TagResource", "UntagResource", + "UpdateAppBlockBuilder", + "UpdateApplication", "UpdateDirectoryConfig", + "UpdateEntitlement", "UpdateFleet", "UpdateImagePermissions", "UpdateStack" @@ -4769,38 +10578,77 @@ ] }, "Amazon Athena": { - "ARNFormat": "arn:${Partition}:athena:${Region}:${Account}:workgroup/${WorkGroupName}", - "ARNRegex": "^arn:${Partition}:athena:.+", + "ARNFormat": "arn:aws:athena:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:athena:.+", "Actions": [ "BatchGetNamedQuery", + "BatchGetPreparedStatement", "BatchGetQueryExecution", - "CancelQueryExecution", + "CancelCapacityReservation", + "CreateCapacityReservation", + "CreateDataCatalog", "CreateNamedQuery", + "CreateNotebook", + "CreatePreparedStatement", + "CreatePresignedNotebookUrl", "CreateWorkGroup", + "DeleteCapacityReservation", + "DeleteDataCatalog", "DeleteNamedQuery", + "DeleteNotebook", + "DeletePreparedStatement", "DeleteWorkGroup", - "GetCatalogs", - "GetExecutionEngine", - "GetExecutionEngines", + "ExportNotebook", + "GetCalculationExecution", + "GetCalculationExecutionCode", + "GetCalculationExecutionStatus", + "GetCapacityAssignmentConfiguration", + "GetCapacityReservation", + "GetDataCatalog", + "GetDatabase", "GetNamedQuery", - "GetNamespace", - "GetNamespaces", + "GetNotebookMetadata", + "GetPreparedStatement", "GetQueryExecution", - "GetQueryExecutions", "GetQueryResults", "GetQueryResultsStream", - "GetTable", - "GetTables", + "GetQueryRuntimeStatistics", + "GetSession", + "GetSessionStatus", + "GetTableMetadata", "GetWorkGroup", + "ImportNotebook", + "ListApplicationDPUSizes", + "ListCalculationExecutions", + "ListCapacityReservations", + "ListDataCatalogs", + "ListDatabases", + "ListEngineVersions", + "ListExecutors", "ListNamedQueries", + "ListNotebookMetadata", + "ListNotebookSessions", + "ListPreparedStatements", "ListQueryExecutions", + "ListSessions", + "ListTableMetadata", "ListTagsForResource", "ListWorkGroups", - "RunQuery", + "PutCapacityAssignmentConfiguration", + "StartCalculationExecution", "StartQueryExecution", + "StartSession", + "StopCalculationExecution", "StopQueryExecution", "TagResource", + "TerminateSession", "UntagResource", + "UpdateCapacityReservation", + "UpdateDataCatalog", + "UpdateNamedQuery", + "UpdateNotebook", + "UpdateNotebookMetadata", + "UpdatePreparedStatement", "UpdateWorkGroup" ], "HasResource": true, @@ -4811,57 +10659,233 @@ "aws:TagKeys" ] }, + "Amazon Bedrock": { + "ARNFormat": "arn:aws:bedrock:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:bedrock:.*:.*:.+", + "Actions": [ + "AssociateAgentKnowledgeBase", + "AssociateThirdPartyKnowledgeBase", + "CreateAgent", + "CreateAgentActionGroup", + "CreateAgentAlias", + "CreateAgentDraftSnapshot", + "CreateDataSource", + "CreateFoundationModelAgreement", + "CreateKnowledgeBase", + "CreateModelCustomizationJob", + "CreateProvisionedModelThroughput", + "DeleteCustomModel", + "DeleteDataSource", + "DeleteFoundationModelAgreement", + "DeleteKnowledgeBase", + "DeleteModelInvocationLoggingConfiguration", + "DeleteProvisionedModelThroughput", + "DisassociateAgentKnowledgeBase", + "GetAgent", + "GetAgentActionGroup", + "GetAgentAlias", + "GetAgentKnowledgeBase", + "GetAgentVersion", + "GetCustomModel", + "GetDataSource", + "GetFoundationModel", + "GetFoundationModelAvailability", + "GetIngestionJob", + "GetKnowledgeBase", + "GetModelCustomizationJob", + "GetModelInvocationLoggingConfiguration", + "GetProvisionedModelThroughput", + "GetUseCaseForModelAccess", + "InvokeAgent", + "InvokeModel", + "InvokeModelWithResponseStream", + "ListAgentActionGroups", + "ListAgentAliases", + "ListAgentKnowledgeBases", + "ListAgentVersions", + "ListAgents", + "ListCustomModels", + "ListDataSources", + "ListFoundationModelAgreementOffers", + "ListFoundationModels", + "ListIngestionJobs", + "ListKnowledgeBases", + "ListModelCustomizationJobs", + "ListProvisionedModelThroughputs", + "ListTagsForResource", + "PutFoundationModelEntitlement", + "PutModelInvocationLoggingConfiguration", + "PutUseCaseForModelAccess", + "QueryKnowledgeBase", + "StartIngestionJob", + "StopModelCustomizationJob", + "TagResource", + "UntagResource", + "UpdateAgent", + "UpdateAgentActionGroup", + "UpdateAgentAlias", + "UpdateAgentKnowledgeBase", + "UpdateDataSource", + "UpdateKnowledgeBase", + "UpdateProvisionedModelThroughput" + ], + "HasResource": true, + "StringPrefix": "bedrock", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "bedrock:ThirdPartyKnowledgeBaseCredentialsSecretArn" + ] + }, + "Amazon Braket": { + "ARNFormat": "arn:aws:braket:${Region}:${Account}:.+", + "ARNRegex": "^arn:aws:braket:${Region}:${Account}:.+", + "Actions": [ + "AcceptUserAgreement", + "AccessBraketFeature", + "CancelJob", + "CancelQuantumTask", + "CreateJob", + "CreateQuantumTask", + "GetDevice", + "GetJob", + "GetQuantumTask", + "GetServiceLinkedRoleStatus", + "GetUserAgreementStatus", + "ListTagsForResource", + "SearchDevices", + "SearchJobs", + "SearchQuantumTasks", + "TagResource", + "UntagResource" + ], + "HasResource": true, + "StringPrefix": "braket", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "Amazon Chime": { + "ARNFormat": "arn:aws:chime:${Region}:${Account}:${ResourceType}/${ResourceID}", + "ARNRegex": "^arn:aws:chime:.+", "Actions": [ "AcceptDelegate", "ActivateUsers", "AddDomain", "AddOrUpdateGroups", + "AssociateChannelFlow", "AssociatePhoneNumberWithUser", "AssociatePhoneNumbersWithVoiceConnector", "AssociatePhoneNumbersWithVoiceConnectorGroup", "AssociateSigninDelegateGroupsWithAccount", "AuthorizeDirectory", "BatchCreateAttendee", + "BatchCreateChannelMembership", "BatchCreateRoomMembership", "BatchDeletePhoneNumber", "BatchSuspendUser", "BatchUnsuspendUser", + "BatchUpdateAttendeeCapabilitiesExcept", "BatchUpdatePhoneNumber", "BatchUpdateUser", + "ChannelFlowCallback", + "Connect", "ConnectDirectory", "CreateAccount", "CreateApiKey", + "CreateAppInstance", + "CreateAppInstanceAdmin", + "CreateAppInstanceBot", + "CreateAppInstanceUser", "CreateAttendee", "CreateBot", - "CreateBotMembership", "CreateCDRBucket", + "CreateChannel", + "CreateChannelBan", + "CreateChannelFlow", + "CreateChannelMembership", + "CreateChannelModerator", + "CreateMediaCapturePipeline", + "CreateMediaConcatenationPipeline", + "CreateMediaInsightsPipeline", + "CreateMediaInsightsPipelineConfiguration", + "CreateMediaLiveConnectorPipeline", + "CreateMediaPipelineKinesisVideoStreamPool", + "CreateMediaStreamPipeline", "CreateMeeting", + "CreateMeetingDialOut", + "CreateMeetingWithAttendees", "CreatePhoneNumberOrder", + "CreateProxySession", "CreateRoom", "CreateRoomMembership", + "CreateSipMediaApplication", + "CreateSipMediaApplicationCall", + "CreateSipRule", "CreateUser", "CreateVoiceConnector", "CreateVoiceConnectorGroup", + "CreateVoiceProfile", + "CreateVoiceProfileDomain", "DeleteAccount", "DeleteAccountOpenIdConfig", "DeleteApiKey", + "DeleteAppInstance", + "DeleteAppInstanceAdmin", + "DeleteAppInstanceBot", + "DeleteAppInstanceStreamingConfigurations", + "DeleteAppInstanceUser", "DeleteAttendee", "DeleteCDRBucket", + "DeleteChannel", + "DeleteChannelBan", + "DeleteChannelFlow", + "DeleteChannelMembership", + "DeleteChannelMessage", + "DeleteChannelModerator", "DeleteDelegate", "DeleteDomain", "DeleteEventsConfiguration", "DeleteGroups", + "DeleteMediaCapturePipeline", + "DeleteMediaInsightsPipelineConfiguration", + "DeleteMediaPipeline", + "DeleteMediaPipelineKinesisVideoStreamPool", "DeleteMeeting", + "DeleteMessagingStreamingConfigurations", "DeletePhoneNumber", + "DeleteProxySession", "DeleteRoom", "DeleteRoomMembership", + "DeleteSipMediaApplication", + "DeleteSipRule", "DeleteVoiceConnector", + "DeleteVoiceConnectorEmergencyCallingConfiguration", "DeleteVoiceConnectorGroup", "DeleteVoiceConnectorOrigination", + "DeleteVoiceConnectorProxy", "DeleteVoiceConnectorStreamingConfiguration", "DeleteVoiceConnectorTermination", "DeleteVoiceConnectorTerminationCredentials", + "DeleteVoiceProfile", + "DeleteVoiceProfileDomain", + "DeregisterAppInstanceUserEndpoint", + "DescribeAppInstance", + "DescribeAppInstanceAdmin", + "DescribeAppInstanceBot", + "DescribeAppInstanceUser", + "DescribeAppInstanceUserEndpoint", + "DescribeChannel", + "DescribeChannelBan", + "DescribeChannelFlow", + "DescribeChannelMembership", + "DescribeChannelMembershipForAppInstanceUser", + "DescribeChannelModeratedByAppInstanceUser", + "DescribeChannelModerator", + "DisassociateChannelFlow", "DisassociatePhoneNumberFromUser", "DisassociatePhoneNumbersFromVoiceConnector", "DisassociatePhoneNumbersFromVoiceConnectorGroup", @@ -4871,63 +10895,130 @@ "GetAccountResource", "GetAccountSettings", "GetAccountWithOpenIdConfig", + "GetAppInstanceRetentionSettings", + "GetAppInstanceStreamingConfigurations", "GetAttendee", "GetBot", "GetCDRBucket", + "GetChannelMembershipPreferences", + "GetChannelMessage", + "GetChannelMessageStatus", "GetDomain", "GetEventsConfiguration", "GetGlobalSettings", + "GetMediaCapturePipeline", + "GetMediaInsightsPipelineConfiguration", + "GetMediaPipeline", + "GetMediaPipelineKinesisVideoStreamPool", "GetMeeting", "GetMeetingDetail", + "GetMessagingSessionEndpoint", + "GetMessagingStreamingConfigurations", "GetPhoneNumber", "GetPhoneNumberOrder", "GetPhoneNumberSettings", + "GetProxySession", + "GetRetentionSettings", "GetRoom", + "GetSipMediaApplication", + "GetSipMediaApplicationAlexaSkillConfiguration", + "GetSipMediaApplicationLoggingConfiguration", + "GetSipRule", + "GetSpeakerSearchTask", "GetTelephonyLimits", "GetUser", "GetUserActivityReportData", "GetUserByEmail", "GetUserSettings", "GetVoiceConnector", + "GetVoiceConnectorEmergencyCallingConfiguration", "GetVoiceConnectorGroup", "GetVoiceConnectorLoggingConfiguration", "GetVoiceConnectorOrigination", + "GetVoiceConnectorProxy", "GetVoiceConnectorStreamingConfiguration", "GetVoiceConnectorTermination", "GetVoiceConnectorTerminationHealth", + "GetVoiceProfile", + "GetVoiceProfileDomain", + "GetVoiceToneAnalysisTask", "InviteDelegate", "InviteUsers", "InviteUsersFromProvider", "ListAccountUsageReportData", "ListAccounts", "ListApiKeys", + "ListAppInstanceAdmins", + "ListAppInstanceBots", + "ListAppInstanceUserEndpoints", + "ListAppInstanceUsers", + "ListAppInstances", + "ListAttendeeTags", "ListAttendees", + "ListAvailableVoiceConnectorRegions", "ListBots", "ListCDRBucket", "ListCallingRegions", + "ListChannelBans", + "ListChannelFlows", + "ListChannelMemberships", + "ListChannelMembershipsForAppInstanceUser", + "ListChannelMessages", + "ListChannelModerators", + "ListChannels", + "ListChannelsAssociatedWithChannelFlow", + "ListChannelsModeratedByAppInstanceUser", "ListDelegates", "ListDirectories", "ListDomains", "ListGroups", + "ListMediaCapturePipelines", + "ListMediaInsightsPipelineConfigurations", + "ListMediaPipelineKinesisVideoStreamPools", + "ListMediaPipelines", "ListMeetingEvents", + "ListMeetingTags", "ListMeetings", "ListMeetingsReportData", "ListPhoneNumberOrders", "ListPhoneNumbers", + "ListProxySessions", "ListRoomMemberships", "ListRooms", + "ListSipMediaApplications", + "ListSipRules", + "ListSubChannels", + "ListSupportedPhoneNumberCountries", + "ListTagsForResource", "ListUsers", "ListVoiceConnectorGroups", "ListVoiceConnectorTerminationCredentials", "ListVoiceConnectors", + "ListVoiceProfileDomains", + "ListVoiceProfiles", "LogoutUser", + "PutAppInstanceRetentionSettings", + "PutAppInstanceStreamingConfigurations", + "PutAppInstanceUserExpirationSettings", + "PutChannelExpirationSettings", + "PutChannelMembershipPreferences", "PutEventsConfiguration", + "PutMessagingStreamingConfigurations", + "PutRetentionSettings", + "PutSipMediaApplicationAlexaSkillConfiguration", + "PutSipMediaApplicationLoggingConfiguration", + "PutVoiceConnectorEmergencyCallingConfiguration", "PutVoiceConnectorLoggingConfiguration", "PutVoiceConnectorOrigination", + "PutVoiceConnectorProxy", "PutVoiceConnectorStreamingConfiguration", "PutVoiceConnectorTermination", "PutVoiceConnectorTerminationCredentials", + "RedactChannelMessage", + "RedactConversationMessage", + "RedactRoomMessage", "RegenerateSecurityToken", + "RegisterAppInstanceUserEndpoint", "RenameAccount", "RenewDelegate", "ResetAccountResource", @@ -4935,35 +11026,73 @@ "RestorePhoneNumber", "RetrieveDataExports", "SearchAvailablePhoneNumbers", + "SearchChannels", + "SendChannelMessage", "StartDataExport", + "StartMeetingTranscription", + "StartSpeakerSearchTask", + "StartVoiceToneAnalysisTask", + "StopMeetingTranscription", + "StopSpeakerSearchTask", + "StopVoiceToneAnalysisTask", "SubmitSupportRequest", "SuspendUsers", + "TagAttendee", + "TagMeeting", + "TagResource", "UnauthorizeDirectory", + "UntagAttendee", + "UntagMeeting", + "UntagResource", "UpdateAccount", "UpdateAccountOpenIdConfig", "UpdateAccountResource", "UpdateAccountSettings", + "UpdateAppInstance", + "UpdateAppInstanceBot", + "UpdateAppInstanceUser", + "UpdateAppInstanceUserEndpoint", + "UpdateAttendeeCapabilities", "UpdateBot", "UpdateCDRSettings", + "UpdateChannel", + "UpdateChannelFlow", + "UpdateChannelMessage", + "UpdateChannelReadMarker", "UpdateGlobalSettings", + "UpdateMediaInsightsPipelineConfiguration", + "UpdateMediaInsightsPipelineStatus", + "UpdateMediaPipelineKinesisVideoStreamPool", "UpdatePhoneNumber", "UpdatePhoneNumberSettings", + "UpdateProxySession", "UpdateRoom", "UpdateRoomMembership", + "UpdateSipMediaApplication", + "UpdateSipMediaApplicationCall", + "UpdateSipRule", "UpdateSupportedLicenses", "UpdateUser", "UpdateUserLicenses", "UpdateUserSettings", "UpdateVoiceConnector", "UpdateVoiceConnectorGroup", - "ValidateAccountResource" + "UpdateVoiceProfile", + "UpdateVoiceProfileDomain", + "ValidateAccountResource", + "ValidateE911Address" ], - "HasResource": false, - "StringPrefix": "chime" + "HasResource": true, + "StringPrefix": "chime", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "Amazon Cloud Directory": { - "ARNFormat": "arn:aws:clouddirectory:\u003cregion\u003e:\u003caccountId\u003e:\u003crelative-id\u003e", - "ARNRegex": "^arn:${Partition}:clouddirectory:.+:[0-9]+:(directory|schema)/.+", + "ARNFormat": "arn:aws:clouddirectory::${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:aws:clouddirectory:.+:[0-9]+:(directory|schema)/.+", "Actions": [ "AddFacetToObject", "ApplySchema", @@ -4990,6 +11119,7 @@ "DetachTypedLink", "DisableDirectory", "EnableDirectory", + "GetAppliedSchemaVersion", "GetDirectory", "GetFacet", "GetLinkAttributes", @@ -5005,6 +11135,7 @@ "ListFacetNames", "ListIncomingTypedLinks", "ListIndex", + "ListManagedSchemaArns", "ListObjectAttributes", "ListObjectChildren", "ListObjectParentPaths", @@ -5026,59 +11157,127 @@ "UpdateLinkAttributes", "UpdateObjectAttributes", "UpdateSchema", - "UpdateTypedLinkFacet" + "UpdateTypedLinkFacet", + "UpgradeAppliedSchema", + "UpgradePublishedSchema" ], "HasResource": true, "StringPrefix": "clouddirectory" }, "Amazon CloudFront": { - "ARNFormat": "arn:${Partition}:cloudfront::\u003caccountID\u003e:\u003cresource_type\u003e/\u003cresource_id\u003e", - "ARNRegex": "^arn:${Partition}:cloudfront::[0-9]+:.+", + "ARNFormat": "arn:aws:cloudfront:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:cloudfront:.+:[0-9]+:.+", "Actions": [ + "AssociateAlias", + "CopyDistribution", + "CreateCachePolicy", "CreateCloudFrontOriginAccessIdentity", + "CreateContinuousDeploymentPolicy", "CreateDistribution", - "CreateDistributionWithTags", "CreateFieldLevelEncryptionConfig", "CreateFieldLevelEncryptionProfile", + "CreateFunction", "CreateInvalidation", + "CreateKeyGroup", + "CreateMonitoringSubscription", + "CreateOriginAccessControl", + "CreateOriginRequestPolicy", "CreatePublicKey", + "CreateRealtimeLogConfig", + "CreateResponseHeadersPolicy", + "CreateSavingsPlan", "CreateStreamingDistribution", "CreateStreamingDistributionWithTags", + "DeleteCachePolicy", "DeleteCloudFrontOriginAccessIdentity", + "DeleteContinuousDeploymentPolicy", "DeleteDistribution", "DeleteFieldLevelEncryptionConfig", "DeleteFieldLevelEncryptionProfile", + "DeleteFunction", + "DeleteKeyGroup", + "DeleteMonitoringSubscription", + "DeleteOriginAccessControl", + "DeleteOriginRequestPolicy", "DeletePublicKey", + "DeleteRealtimeLogConfig", + "DeleteResponseHeadersPolicy", "DeleteStreamingDistribution", + "DescribeFunction", + "GetCachePolicy", + "GetCachePolicyConfig", "GetCloudFrontOriginAccessIdentity", "GetCloudFrontOriginAccessIdentityConfig", + "GetContinuousDeploymentPolicy", + "GetContinuousDeploymentPolicyConfig", "GetDistribution", "GetDistributionConfig", "GetFieldLevelEncryption", "GetFieldLevelEncryptionConfig", "GetFieldLevelEncryptionProfile", "GetFieldLevelEncryptionProfileConfig", + "GetFunction", "GetInvalidation", + "GetKeyGroup", + "GetKeyGroupConfig", + "GetMonitoringSubscription", + "GetOriginAccessControl", + "GetOriginAccessControlConfig", + "GetOriginRequestPolicy", + "GetOriginRequestPolicyConfig", "GetPublicKey", "GetPublicKeyConfig", + "GetRealtimeLogConfig", + "GetResponseHeadersPolicy", + "GetResponseHeadersPolicyConfig", + "GetSavingsPlan", "GetStreamingDistribution", "GetStreamingDistributionConfig", + "ListCachePolicies", "ListCloudFrontOriginAccessIdentities", + "ListConflictingAliases", + "ListContinuousDeploymentPolicies", "ListDistributions", + "ListDistributionsByCachePolicyId", + "ListDistributionsByKeyGroup", + "ListDistributionsByLambdaFunction", + "ListDistributionsByOriginRequestPolicyId", + "ListDistributionsByRealtimeLogConfig", + "ListDistributionsByResponseHeadersPolicyId", "ListDistributionsByWebACLId", "ListFieldLevelEncryptionConfigs", "ListFieldLevelEncryptionProfiles", + "ListFunctions", "ListInvalidations", + "ListKeyGroups", + "ListOriginAccessControls", + "ListOriginRequestPolicies", "ListPublicKeys", + "ListRateCards", + "ListRealtimeLogConfigs", + "ListResponseHeadersPolicies", + "ListSavingsPlans", "ListStreamingDistributions", "ListTagsForResource", + "ListUsages", + "PublishFunction", "TagResource", + "TestFunction", "UntagResource", + "UpdateCachePolicy", "UpdateCloudFrontOriginAccessIdentity", + "UpdateContinuousDeploymentPolicy", "UpdateDistribution", "UpdateFieldLevelEncryptionConfig", "UpdateFieldLevelEncryptionProfile", + "UpdateFunction", + "UpdateKeyGroup", + "UpdateOriginAccessControl", + "UpdateOriginRequestPolicy", "UpdatePublicKey", + "UpdateRealtimeLogConfig", + "UpdateResponseHeadersPolicy", + "UpdateSavingsPlan", "UpdateStreamingDistribution" ], "HasResource": true, @@ -5090,7 +11289,7 @@ ] }, "Amazon CloudSearch": { - "ARNFormat": "arn:aws:cloudsearch:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceName\u003e", + "ARNFormat": "arn:aws:cloudsearch:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:cloudsearch:.+:.+:.+", "Actions": [ "AddTags", @@ -5130,13 +11329,14 @@ "StringPrefix": "cloudsearch" }, "Amazon CloudWatch": { - "ARNFormat": "arn:${Partition}:cloudwatch:${Region}:${Account}:${ResourceType}/${ResourcePath}", - "ARNRegex": "^arn:${Partition}:cloudwatch:.+", + "ARNFormat": "arn:aws:cloudwatch:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:cloudwatch:.+", "Actions": [ "DeleteAlarms", "DeleteAnomalyDetector", "DeleteDashboards", "DeleteInsightRules", + "DeleteMetricStream", "DescribeAlarmHistory", "DescribeAlarms", "DescribeAlarmsForMetric", @@ -5150,88 +11350,301 @@ "GetInsightRuleReport", "GetMetricData", "GetMetricStatistics", + "GetMetricStream", "GetMetricWidgetImage", + "Link", "ListDashboards", + "ListManagedInsightRules", + "ListMetricStreams", "ListMetrics", "ListTagsForResource", - "PutAnomalyDetector", - "PutDashboard", - "PutInsightRule", - "PutMetricAlarm", - "PutMetricData", - "SetAlarmState", + "PutAnomalyDetector", + "PutCompositeAlarm", + "PutDashboard", + "PutInsightRule", + "PutManagedInsightRules", + "PutMetricAlarm", + "PutMetricData", + "PutMetricStream", + "SetAlarmState", + "StartMetricStreams", + "StopMetricStreams", + "TagResource", + "UntagResource" + ], + "HasResource": true, + "StringPrefix": "cloudwatch", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "cloudwatch:AlarmActions", + "cloudwatch:namespace", + "cloudwatch:requestInsightRuleLogGroups", + "cloudwatch:requestManagedResourceARNs" + ] + }, + "Amazon CloudWatch Application Insights": { + "Actions": [ + "AddWorkload", + "CreateApplication", + "CreateComponent", + "CreateLogPattern", + "DeleteApplication", + "DeleteComponent", + "DeleteLogPattern", + "DescribeApplication", + "DescribeComponent", + "DescribeComponentConfiguration", + "DescribeComponentConfigurationRecommendation", + "DescribeLogPattern", + "DescribeObservation", + "DescribeProblem", + "DescribeProblemObservations", + "DescribeWorkload", + "Link", + "ListApplications", + "ListComponents", + "ListConfigurationHistory", + "ListLogPatternSets", + "ListLogPatterns", + "ListProblems", + "ListTagsForResource", + "ListWorkloads", + "RemoveWorkload", + "TagResource", + "UntagResource", + "UpdateApplication", + "UpdateComponent", + "UpdateComponentConfiguration", + "UpdateLogPattern", + "UpdateProblem", + "UpdateWorkload" + ], + "HasResource": false, + "StringPrefix": "applicationinsights", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon CloudWatch Evidently": { + "ARNFormat": "arn:aws:evidently:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:evidently:.+:.+:.+", + "Actions": [ + "BatchEvaluateFeature", + "CreateExperiment", + "CreateFeature", + "CreateLaunch", + "CreateProject", + "CreateSegment", + "DeleteExperiment", + "DeleteFeature", + "DeleteLaunch", + "DeleteProject", + "DeleteSegment", + "EvaluateFeature", + "GetExperiment", + "GetExperimentResults", + "GetFeature", + "GetLaunch", + "GetProject", + "GetSegment", + "ListExperiments", + "ListFeatures", + "ListLaunches", + "ListProjects", + "ListSegmentReferences", + "ListSegments", + "ListTagsForResource", + "PutProjectEvents", + "StartExperiment", + "StartLaunch", + "StopExperiment", + "StopLaunch", "TagResource", - "UntagResource" + "TestSegmentPattern", + "UntagResource", + "UpdateExperiment", + "UpdateFeature", + "UpdateLaunch", + "UpdateProject", + "UpdateProjectDataDelivery" ], "HasResource": true, - "StringPrefix": "cloudwatch", + "StringPrefix": "evidently", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "cloudwatch:namespace" + "aws:TagKeys" + ] + }, + "Amazon CloudWatch Internet Monitor": { + "ARNFormat": "arn:aws:internetmonitor:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:internetmonitor:.+:.+:.+", + "Actions": [ + "CreateMonitor", + "DeleteMonitor", + "GetHealthEvent", + "GetMonitor", + "GetQueryResults", + "GetQueryStatus", + "ListHealthEvents", + "ListMonitors", + "ListTagsForResource", + "StartQuery", + "StopQuery", + "TagResource", + "UntagResource", + "UpdateMonitor" + ], + "HasResource": true, + "StringPrefix": "internetmonitor", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" ] }, "Amazon CloudWatch Logs": { - "ARNFormat": "arn:aws:logs:.+:.+:.+", + "ARNFormat": "arn:aws:logs:${Region}:${Account}:.+", "ARNRegex": "^arn:aws:logs:.+", "Actions": [ "AssociateKmsKey", "CancelExportTask", + "CreateDelivery", "CreateExportTask", "CreateLogDelivery", "CreateLogGroup", "CreateLogStream", + "DeleteAccountPolicy", + "DeleteDataProtectionPolicy", + "DeleteDelivery", + "DeleteDeliveryDestination", + "DeleteDeliveryDestinationPolicy", + "DeleteDeliverySource", "DeleteDestination", "DeleteLogDelivery", "DeleteLogGroup", "DeleteLogStream", "DeleteMetricFilter", + "DeleteQueryDefinition", "DeleteResourcePolicy", "DeleteRetentionPolicy", "DeleteSubscriptionFilter", + "DescribeAccountPolicies", + "DescribeDeliveries", + "DescribeDeliveryDestinations", + "DescribeDeliverySources", "DescribeDestinations", "DescribeExportTasks", "DescribeLogGroups", "DescribeLogStreams", "DescribeMetricFilters", "DescribeQueries", + "DescribeQueryDefinitions", "DescribeResourcePolicies", "DescribeSubscriptionFilters", "DisassociateKmsKey", "FilterLogEvents", + "GetDataProtectionPolicy", + "GetDelivery", + "GetDeliveryDestination", + "GetDeliveryDestinationPolicy", + "GetDeliverySource", "GetLogDelivery", "GetLogEvents", "GetLogGroupFields", "GetLogRecord", "GetQueryResults", + "Link", "ListLogDeliveries", + "ListTagsForResource", "ListTagsLogGroup", + "PutAccountPolicy", + "PutDataProtectionPolicy", + "PutDeliveryDestination", + "PutDeliveryDestinationPolicy", + "PutDeliverySource", "PutDestination", "PutDestinationPolicy", "PutLogEvents", "PutMetricFilter", + "PutQueryDefinition", "PutResourcePolicy", "PutRetentionPolicy", "PutSubscriptionFilter", + "StartLiveTail", "StartQuery", + "StopLiveTail", "StopQuery", "TagLogGroup", + "TagResource", "TestMetricFilter", + "Unmask", "UntagLogGroup", + "UntagResource", "UpdateLogDelivery" ], "HasResource": true, - "StringPrefix": "logs" + "StringPrefix": "logs", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "logs:DeliveryDestinationResourceArn", + "logs:LogGeneratingResourceArns" + ] + }, + "Amazon CloudWatch Observability Access Manager": { + "ARNFormat": "arn:aws:oam:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:oam:.+:.+:.+", + "Actions": [ + "CreateLink", + "CreateSink", + "DeleteLink", + "DeleteSink", + "GetLink", + "GetSink", + "GetSinkPolicy", + "ListAttachedLinks", + "ListLinks", + "ListSinks", + "ListTagsForResource", + "PutSinkPolicy", + "TagResource", + "UntagResource", + "UpdateLink" + ], + "HasResource": true, + "StringPrefix": "oam", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "oam:ResourceTypes" + ] }, "Amazon CloudWatch Synthetics": { - "ARNFormat": "arn:aws:synthetics:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e:\u003cresource_name\u003e", + "ARNFormat": "arn:aws:synthetics:${Region}:${Account}:${ResourceType}:${ResourceName}", "ARNRegex": "^arn:aws:synthetics:.+", "Actions": [ + "AssociateResource", "CreateCanary", + "CreateGroup", "DeleteCanary", + "DeleteGroup", "DescribeCanaries", - "DescribeTestRuns", + "DescribeCanariesLastRun", + "DescribeRuntimeVersions", + "DisassociateResource", + "GetCanary", + "GetCanaryRuns", + "GetGroup", + "ListAssociatedGroups", + "ListGroupResources", + "ListGroups", "ListTagsForResource", "StartCanary", "StopCanary", @@ -5240,11 +11653,44 @@ "UpdateCanary" ], "HasResource": true, - "StringPrefix": "synthetics" + "StringPrefix": "synthetics", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "synthetics:Names" + ] + }, + "Amazon CodeCatalyst": { + "ARNFormat": "arn:aws:codecatalyst:${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:aws:codecatalyst:.+", + "Actions": [ + "AcceptConnection", + "AssociateIamRoleToConnection", + "DeleteConnection", + "DisassociateIamRoleFromConnection", + "GetBillingAuthorization", + "GetConnection", + "GetPendingConnection", + "ListConnections", + "ListIamRolesForConnection", + "ListTagsForResource", + "PutBillingAuthorization", + "RejectConnection", + "TagResource", + "UntagResource" + ], + "HasResource": true, + "StringPrefix": "codecatalyst", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "Amazon CodeGuru": { - "ARNFormat": "arn:aws:codeguru:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", - "ARNRegex": "^arn:aws:codeguru:.+:.+:.+", + "ARNFormat": "arn:${Partition}:codeguru:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:${Partition}:codeguru:.+:.+:.+", "Actions": [ "GetCodeGuruFreeTrialSummary" ], @@ -5252,45 +11698,131 @@ "StringPrefix": "codeguru" }, "Amazon CodeGuru Profiler": { - "ARNFormat": "arn:aws:codeguru-profiler:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "ARNFormat": "arn:aws:codeguru-profiler:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:codeguru-profiler:.+:.+:.+", "Actions": [ + "AddNotificationChannels", + "BatchGetFrameMetricData", "ConfigureAgent", "CreateProfilingGroup", "DeleteProfilingGroup", "DescribeProfilingGroup", - "GetFindingsReport", "GetFindingsReportAccountSummary", + "GetNotificationConfiguration", + "GetPolicy", "GetProfile", + "GetRecommendations", "ListFindingsReports", "ListProfileTimes", "ListProfilingGroups", + "ListTagsForResource", "PostAgentProfile", + "PutPermission", + "RemoveNotificationChannel", + "RemovePermission", + "SubmitFeedback", + "TagResource", + "UntagResource", "UpdateProfilingGroup" ], "HasResource": true, - "StringPrefix": "codeguru-profiler" + "StringPrefix": "codeguru-profiler", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "Amazon CodeGuru Reviewer": { - "ARNFormat": "arn:aws:codeguru-reviewer:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e:\u003cresource_name\u003e", + "ARNFormat": "arn:aws:codeguru-reviewer:${Region}:${Account}:${ResourceType}:${ResourceName}", "ARNRegex": "^arn:aws:codeguru-reviewer:.+:.+:.+", "Actions": [ "AssociateRepository", + "CreateCodeReview", "CreateConnectionToken", + "DescribeCodeReview", + "DescribeRecommendationFeedback", "DescribeRepositoryAssociation", "DisassociateRepository", "GetMetricsData", + "ListCodeReviews", + "ListRecommendationFeedback", + "ListRecommendations", "ListRepositoryAssociations", - "ListThirdPartyRepositories" + "ListTagsForResource", + "ListThirdPartyRepositories", + "PutRecommendationFeedback", + "TagResource", + "UnTagResource" ], "HasResource": true, "StringPrefix": "codeguru-reviewer", "conditionKeys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon CodeGuru Security": { + "ARNFormat": "arn:aws:codeguru-security:${Region}:${Account}:*", + "ARNRegex": "^arn:aws:codeguru-security:.+:.+:.+", + "Actions": [ + "BatchGetFindings", + "CreateScan", + "CreateUploadUrl", + "DeleteScansByCategory", + "GetAccountConfiguration", + "GetFindings", + "GetMetricsSummary", + "GetScan", + "ListFindings", + "ListFindingsMetrics", + "ListScans", + "ListTagsForResource", + "TagResource", + "UntagResource", + "UpdateAccountConfiguration" + ], + "HasResource": true, + "StringPrefix": "codeguru-security", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon CodeWhisperer": { + "ARNFormat": "arn:aws:codewhisperer:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:codewhisperer:.+:[0-9]+:.+", + "Actions": [ + "AllowVendedLogDeliveryForResource", + "AssociateCustomizationPermission", + "CreateCustomization", + "CreateProfile", + "DeleteCustomization", + "DeleteProfile", + "DisassociateCustomizationPermission", + "GenerateRecommendations", + "GetCustomization", + "ListCustomizationPermissions", + "ListCustomizations", + "ListProfiles", + "ListTagsForResource", + "TagResource", + "UntagResource", + "UpdateCustomization", + "UpdateProfile" + ], + "HasResource": true, + "StringPrefix": "codewhisperer", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" ] }, "Amazon Cognito Identity": { - "ARNFormat": "arn:aws:cognito-identity:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourcePath\u003e", + "ARNFormat": "arn:aws:cognito-identity:${Region}:${Account}:${ResourceType}/${ResourcePath}", "ARNRegex": "^arn:aws:cognito-identity:.+", "Actions": [ "CreateIdentityPool", @@ -5300,15 +11832,20 @@ "DescribeIdentityPool", "GetCredentialsForIdentity", "GetId", + "GetIdentityPoolAnalytics", + "GetIdentityPoolDailyAnalytics", "GetIdentityPoolRoles", + "GetIdentityProviderDailyAnalytics", "GetOpenIdToken", "GetOpenIdTokenForDeveloperIdentity", + "GetPrincipalTagAttributeMap", "ListIdentities", "ListIdentityPools", "ListTagsForResource", "LookupDeveloperIdentity", "MergeDeveloperIdentities", "SetIdentityPoolRoles", + "SetPrincipalTagAttributeMap", "TagResource", "UnlinkDeveloperIdentity", "UnlinkIdentity", @@ -5324,7 +11861,7 @@ ] }, "Amazon Cognito Sync": { - "ARNFormat": "arn:aws:cognito-sync:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourcePath\u003e:", + "ARNFormat": "arn:aws:cognito-sync:${Region}:${Account}:${ResourceType}/${ResourcePath}:", "ARNRegex": "^arn:aws:cognito-sync:.+", "Actions": [ "BulkPublish", @@ -5351,7 +11888,7 @@ "StringPrefix": "cognito-sync" }, "Amazon Cognito User Pools": { - "ARNFormat": "arn:aws:cognito-idp:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourcePath\u003e:", + "ARNFormat": "arn:aws:cognito-idp:${Region}:${Account}:${ResourceType}/${ResourcePath}:", "ARNRegex": "^arn:aws:cognito-idp:.+", "Actions": [ "AddCustomAttributes", @@ -5382,6 +11919,7 @@ "AdminUpdateUserAttributes", "AdminUserGlobalSignOut", "AssociateSoftwareToken", + "AssociateWebACL", "ChangePassword", "ConfirmDevice", "ConfirmForgotPassword", @@ -5408,23 +11946,27 @@ "DescribeUserPool", "DescribeUserPoolClient", "DescribeUserPoolDomain", + "DisassociateWebACL", "ForgetDevice", "ForgotPassword", "GetCSVHeader", "GetDevice", "GetGroup", "GetIdentityProviderByIdentifier", + "GetLogDeliveryConfiguration", "GetSigningCertificate", "GetUICustomization", "GetUser", "GetUserAttributeVerificationCode", "GetUserPoolMfaConfig", + "GetWebACLForResource", "GlobalSignOut", "InitiateAuth", "ListDevices", "ListGroups", "ListIdentityProviders", "ListResourceServers", + "ListResourcesForWebACL", "ListTagsForResource", "ListUserImportJobs", "ListUserPoolClients", @@ -5433,6 +11975,8 @@ "ListUsersInGroup", "ResendConfirmationCode", "RespondToAuthChallenge", + "RevokeToken", + "SetLogDeliveryConfiguration", "SetRiskConfiguration", "SetUICustomization", "SetUserMFAPreference", @@ -5464,120 +12008,602 @@ ] }, "Amazon Comprehend": { - "ARNFormat": "arn:${Partition}:comprehend:${Region}:${AccountId}:${ResourceType}/${ResourceName}", - "ARNRegex": "^arn:${Partition}:comprehend:.+:.+:.+", + "ARNFormat": "arn:aws:comprehend:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:comprehend:.+:.+:.+", "Actions": [ "BatchDetectDominantLanguage", "BatchDetectEntities", "BatchDetectKeyPhrases", "BatchDetectSentiment", "BatchDetectSyntax", + "BatchDetectTargetedSentiment", "ClassifyDocument", + "ContainsPiiEntities", + "CreateDataset", "CreateDocumentClassifier", "CreateEndpoint", "CreateEntityRecognizer", + "CreateFlywheel", "DeleteDocumentClassifier", "DeleteEndpoint", "DeleteEntityRecognizer", + "DeleteFlywheel", + "DeleteResourcePolicy", + "DescribeDataset", "DescribeDocumentClassificationJob", "DescribeDocumentClassifier", "DescribeDominantLanguageDetectionJob", "DescribeEndpoint", "DescribeEntitiesDetectionJob", "DescribeEntityRecognizer", + "DescribeEventsDetectionJob", + "DescribeFlywheel", + "DescribeFlywheelIteration", "DescribeKeyPhrasesDetectionJob", + "DescribePiiEntitiesDetectionJob", + "DescribeResourcePolicy", "DescribeSentimentDetectionJob", + "DescribeTargetedSentimentDetectionJob", "DescribeTopicsDetectionJob", "DetectDominantLanguage", "DetectEntities", "DetectKeyPhrases", + "DetectPiiEntities", "DetectSentiment", "DetectSyntax", + "DetectTargetedSentiment", + "DetectToxicContent", + "ImportModel", + "ListDatasets", "ListDocumentClassificationJobs", + "ListDocumentClassifierSummaries", "ListDocumentClassifiers", "ListDominantLanguageDetectionJobs", "ListEndpoints", "ListEntitiesDetectionJobs", + "ListEntityRecognizerSummaries", "ListEntityRecognizers", + "ListEventsDetectionJobs", + "ListFlywheelIterationHistory", + "ListFlywheels", "ListKeyPhrasesDetectionJobs", + "ListPiiEntitiesDetectionJobs", "ListSentimentDetectionJobs", "ListTagsForResource", + "ListTargetedSentimentDetectionJobs", "ListTopicsDetectionJobs", + "PutResourcePolicy", "StartDocumentClassificationJob", "StartDominantLanguageDetectionJob", "StartEntitiesDetectionJob", + "StartEventsDetectionJob", + "StartFlywheelIteration", "StartKeyPhrasesDetectionJob", + "StartPiiEntitiesDetectionJob", "StartSentimentDetectionJob", + "StartTargetedSentimentDetectionJob", "StartTopicsDetectionJob", "StopDominantLanguageDetectionJob", "StopEntitiesDetectionJob", + "StopEventsDetectionJob", "StopKeyPhrasesDetectionJob", + "StopPiiEntitiesDetectionJob", "StopSentimentDetectionJob", + "StopTargetedSentimentDetectionJob", "StopTrainingDocumentClassifier", "StopTrainingEntityRecognizer", "TagResource", "UntagResource", - "UpdateEndpoint" + "UpdateEndpoint", + "UpdateFlywheel" + ], + "HasResource": true, + "StringPrefix": "comprehend", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "comprehend:DataLakeKmsKey", + "comprehend:FlywheelIterationId", + "comprehend:ModelKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VolumeKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" + ] + }, + "Amazon Comprehend Medical": { + "ARNFormat": "arn:${Partition}:comprehendmedical:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:${Partition}:comprehendmedical:.+:.+:.+", + "Actions": [ + "DescribeEntitiesDetectionV2Job", + "DescribeICD10CMInferenceJob", + "DescribePHIDetectionJob", + "DescribeRxNormInferenceJob", + "DescribeSNOMEDCTInferenceJob", + "DetectEntitiesV2", + "DetectPHI", + "InferICD10CM", + "InferRxNorm", + "InferSNOMEDCT", + "ListEntitiesDetectionV2Jobs", + "ListICD10CMInferenceJobs", + "ListPHIDetectionJobs", + "ListRxNormInferenceJobs", + "ListSNOMEDCTInferenceJobs", + "StartEntitiesDetectionV2Job", + "StartICD10CMInferenceJob", + "StartPHIDetectionJob", + "StartRxNormInferenceJob", + "StartSNOMEDCTInferenceJob", + "StopEntitiesDetectionV2Job", + "StopICD10CMInferenceJob", + "StopPHIDetectionJob", + "StopRxNormInferenceJob", + "StopSNOMEDCTInferenceJob" + ], + "HasResource": false, + "StringPrefix": "comprehendmedical", + "conditionKeys": [ + "aws:TagKeys" + ] + }, + "Amazon Connect": { + "ARNFormat": "arn:aws:connect:${Region}:${Account}:instance/${InstanceId}", + "ARNRegex": "^arn:aws:connect:.+:.+:instance/.+", + "Actions": [ + "ActivateEvaluationForm", + "AssociateApprovedOrigin", + "AssociateBot", + "AssociateCustomerProfilesDomain", + "AssociateDefaultVocabulary", + "AssociateInstanceStorageConfig", + "AssociateLambdaFunction", + "AssociateLexBot", + "AssociatePhoneNumberContactFlow", + "AssociateQueueQuickConnects", + "AssociateRoutingProfileQueues", + "AssociateSecurityKey", + "AssociateTrafficDistributionGroupUser", + "BatchAssociateAnalyticsDataSet", + "BatchDisassociateAnalyticsDataSet", + "BatchGetFlowAssociation", + "BatchPutContact", + "ClaimPhoneNumber", + "CreateAgentStatus", + "CreateContactFlow", + "CreateContactFlowModule", + "CreateEvaluationForm", + "CreateHoursOfOperation", + "CreateInstance", + "CreateIntegrationAssociation", + "CreateParticipant", + "CreatePredefinedAttribute", + "CreatePrompt", + "CreateQueue", + "CreateQuickConnect", + "CreateRoutingProfile", + "CreateRule", + "CreateSecurityProfile", + "CreateTaskTemplate", + "CreateTrafficDistributionGroup", + "CreateUseCase", + "CreateUser", + "CreateUserHierarchyGroup", + "CreateView", + "CreateViewVersion", + "CreateVocabulary", + "DeactivateEvaluationForm", + "DeleteContactEvaluation", + "DeleteContactFlow", + "DeleteContactFlowModule", + "DeleteEvaluationForm", + "DeleteHoursOfOperation", + "DeleteInstance", + "DeleteIntegrationAssociation", + "DeletePredefinedAttribute", + "DeletePrompt", + "DeleteQueue", + "DeleteQuickConnect", + "DeleteRoutingProfile", + "DeleteRule", + "DeleteSecurityProfile", + "DeleteTaskTemplate", + "DeleteTrafficDistributionGroup", + "DeleteUseCase", + "DeleteUser", + "DeleteUserHierarchyGroup", + "DeleteView", + "DeleteViewVersion", + "DeleteVocabulary", + "DescribeAgentStatus", + "DescribeContact", + "DescribeContactEvaluation", + "DescribeContactFlow", + "DescribeContactFlowModule", + "DescribeEvaluationForm", + "DescribeForecastingPlanningSchedulingIntegration", + "DescribeHoursOfOperation", + "DescribeInstance", + "DescribeInstanceAttribute", + "DescribeInstanceStorageConfig", + "DescribePhoneNumber", + "DescribePredefinedAttribute", + "DescribePrompt", + "DescribeQueue", + "DescribeQuickConnect", + "DescribeRoutingProfile", + "DescribeRule", + "DescribeSecurityProfile", + "DescribeTrafficDistributionGroup", + "DescribeUser", + "DescribeUserHierarchyGroup", + "DescribeUserHierarchyStructure", + "DescribeView", + "DescribeVocabulary", + "DisassociateApprovedOrigin", + "DisassociateBot", + "DisassociateCustomerProfilesDomain", + "DisassociateInstanceStorageConfig", + "DisassociateLambdaFunction", + "DisassociateLexBot", + "DisassociatePhoneNumberContactFlow", + "DisassociateQueueQuickConnects", + "DisassociateRoutingProfileQueues", + "DisassociateSecurityKey", + "DisassociateTrafficDistributionGroupUser", + "DismissUserContact", + "GetContactAttributes", + "GetCurrentMetricData", + "GetCurrentUserData", + "GetFederationToken", + "GetFederationTokens", + "GetMetricData", + "GetMetricDataV2", + "GetPromptFile", + "GetTaskTemplate", + "GetTrafficDistribution", + "ListAgentStatuses", + "ListApprovedOrigins", + "ListBots", + "ListContactEvaluations", + "ListContactFlowModules", + "ListContactFlows", + "ListContactReferences", + "ListDefaultVocabularies", + "ListEvaluationFormVersions", + "ListEvaluationForms", + "ListHoursOfOperations", + "ListInstanceAttributes", + "ListInstanceStorageConfigs", + "ListInstances", + "ListIntegrationAssociations", + "ListLambdaFunctions", + "ListLexBots", + "ListPhoneNumbers", + "ListPhoneNumbersV2", + "ListPredefinedAttributes", + "ListPrompts", + "ListQueueQuickConnects", + "ListQueues", + "ListQuickConnects", + "ListRealtimeContactAnalysisSegments", + "ListRoutingProfileQueues", + "ListRoutingProfiles", + "ListRules", + "ListSecurityKeys", + "ListSecurityProfileApplications", + "ListSecurityProfilePermissions", + "ListSecurityProfiles", + "ListTagsForResource", + "ListTaskTemplates", + "ListTrafficDistributionGroupUsers", + "ListTrafficDistributionGroups", + "ListUseCases", + "ListUserHierarchyGroups", + "ListUsers", + "ListViewVersions", + "ListViews", + "MonitorContact", + "PutUserStatus", + "ReleasePhoneNumber", + "ReplicateInstance", + "ResumeContactRecording", + "SearchAvailablePhoneNumbers", + "SearchHoursOfOperations", + "SearchPrompts", + "SearchQueues", + "SearchQuickConnects", + "SearchResourceTags", + "SearchRoutingProfiles", + "SearchSecurityProfiles", + "SearchUsers", + "SearchVocabularies", + "StartChatContact", + "StartContactEvaluation", + "StartContactRecording", + "StartContactStreaming", + "StartForecastingPlanningSchedulingIntegration", + "StartOutboundVoiceContact", + "StartTaskContact", + "StopContact", + "StopContactRecording", + "StopContactStreaming", + "StopForecastingPlanningSchedulingIntegration", + "SubmitContactEvaluation", + "SuspendContactRecording", + "TagResource", + "TransferContact", + "UntagResource", + "UpdateAgentStatus", + "UpdateContact", + "UpdateContactAttributes", + "UpdateContactEvaluation", + "UpdateContactFlowContent", + "UpdateContactFlowMetadata", + "UpdateContactFlowModuleContent", + "UpdateContactFlowModuleMetadata", + "UpdateContactFlowName", + "UpdateContactSchedule", + "UpdateEvaluationForm", + "UpdateHoursOfOperation", + "UpdateInstanceAttribute", + "UpdateInstanceStorageConfig", + "UpdateParticipantRoleConfig", + "UpdatePhoneNumber", + "UpdatePhoneNumberMetadata", + "UpdatePredefinedAttribute", + "UpdatePrompt", + "UpdateQueueHoursOfOperation", + "UpdateQueueMaxContacts", + "UpdateQueueName", + "UpdateQueueOutboundCallerConfig", + "UpdateQueueStatus", + "UpdateQuickConnectConfig", + "UpdateQuickConnectName", + "UpdateRoutingProfileAgentAvailabilityTimer", + "UpdateRoutingProfileConcurrency", + "UpdateRoutingProfileDefaultOutboundQueue", + "UpdateRoutingProfileName", + "UpdateRoutingProfileQueues", + "UpdateRule", + "UpdateSecurityProfile", + "UpdateTaskTemplate", + "UpdateTrafficDistribution", + "UpdateUserHierarchy", + "UpdateUserHierarchyGroupName", + "UpdateUserHierarchyStructure", + "UpdateUserIdentityInfo", + "UpdateUserPhoneConfig", + "UpdateUserRoutingProfile", + "UpdateUserSecurityProfiles", + "UpdateViewContent", + "UpdateViewMetadata" + ], + "HasResource": true, + "StringPrefix": "connect", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "connect:AttributeType", + "connect:InstanceId", + "connect:MonitorCapabilities", + "connect:SearchTag/${TagKey}", + "connect:StorageResourceType" + ] + }, + "Amazon Connect Cases": { + "ARNFormat": "arn:aws:cases:${Region}:${Account}:domain/${DomainId}", + "ARNRegex": "^arn:aws:cases:.+", + "Actions": [ + "BatchGetField", + "BatchPutFieldOptions", + "CreateCase", + "CreateDomain", + "CreateField", + "CreateLayout", + "CreateRelatedItem", + "CreateTemplate", + "DeleteDomain", + "GetCase", + "GetCaseEventConfiguration", + "GetDomain", + "GetLayout", + "GetTemplate", + "ListCasesForContact", + "ListDomains", + "ListFieldOptions", + "ListFields", + "ListLayouts", + "ListTagsForResource", + "ListTemplates", + "PutCaseEventConfiguration", + "SearchCases", + "SearchRelatedItems", + "TagResource", + "UntagResource", + "UpdateCase", + "UpdateField", + "UpdateLayout", + "UpdateTemplate" + ], + "HasResource": true, + "StringPrefix": "cases", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "connect:UserArn" + ] + }, + "Amazon Connect Customer Profiles": { + "ARNFormat": "arn:aws:profile:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:profile:.+:.+:.+", + "Actions": [ + "AddProfileKey", + "CreateCalculatedAttributeDefinition", + "CreateDomain", + "CreateEventStream", + "CreateIntegrationWorkflow", + "CreateProfile", + "DeleteCalculatedAttributeDefinition", + "DeleteDomain", + "DeleteEventStream", + "DeleteIntegration", + "DeleteProfile", + "DeleteProfileKey", + "DeleteProfileObject", + "DeleteProfileObjectType", + "DeleteWorkflow", + "GetAutoMergingPreview", + "GetCalculatedAttributeDefinition", + "GetCalculatedAttributeForProfile", + "GetDomain", + "GetEventStream", + "GetIdentityResolutionJob", + "GetIntegration", + "GetMatches", + "GetProfileObjectType", + "GetProfileObjectTypeTemplate", + "GetSimilarProfiles", + "GetWorkflow", + "GetWorkflowSteps", + "ListAccountIntegrations", + "ListCalculatedAttributeDefinitions", + "ListCalculatedAttributesForProfile", + "ListDomains", + "ListEventStreams", + "ListIdentityResolutionJobs", + "ListIntegrations", + "ListProfileObjectTypeTemplates", + "ListProfileObjectTypes", + "ListProfileObjects", + "ListRuleBasedMatches", + "ListTagsForResource", + "ListWorkflows", + "MergeProfiles", + "PutIntegration", + "PutProfileObject", + "PutProfileObjectType", + "SearchProfiles", + "TagResource", + "UntagResource", + "UpdateCalculatedAttributeDefinition", + "UpdateDomain", + "UpdateProfile" ], "HasResource": true, - "StringPrefix": "comprehend", + "StringPrefix": "profile", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys" ] }, - "Amazon Connect": { - "ARNFormat": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}", - "ARNRegex": "^arn:${Partition}:connect:.+:.+:instance/.+", + "Amazon Connect Voice ID": { + "ARNFormat": "arn:aws:voiceid:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:voiceid:.+", "Actions": [ - "CreateInstance", - "CreateUser", - "DeleteUser", - "DescribeInstance", - "DescribeUser", - "DescribeUserHierarchyGroup", - "DescribeUserHierarchyStructure", - "DestroyInstance", - "GetContactAttributes", - "GetCurrentMetricData", - "GetFederationToken", - "GetFederationTokens", - "GetMetricData", - "ListContactFlows", - "ListHoursOfOperations", - "ListInstances", - "ListPhoneNumbers", - "ListQueues", - "ListRoutingProfiles", - "ListSecurityProfiles", + "AssociateFraudster", + "CreateDomain", + "CreateWatchlist", + "DeleteDomain", + "DeleteFraudster", + "DeleteSpeaker", + "DeleteWatchlist", + "DescribeComplianceConsent", + "DescribeDomain", + "DescribeFraudster", + "DescribeFraudsterRegistrationJob", + "DescribeSpeaker", + "DescribeSpeakerEnrollmentJob", + "DescribeWatchlist", + "DisassociateFraudster", + "EvaluateSession", + "ListDomains", + "ListFraudsterRegistrationJobs", + "ListFraudsters", + "ListSpeakerEnrollmentJobs", + "ListSpeakers", "ListTagsForResource", - "ListUserHierarchyGroups", - "ListUsers", - "ModifyInstance", - "StartChatContact", - "StartOutboundVoiceContact", - "StopContact", + "ListWatchlists", + "OptOutSpeaker", + "RegisterComplianceConsent", + "StartFraudsterRegistrationJob", + "StartSpeakerEnrollmentJob", "TagResource", "UntagResource", - "UpdateContactAttributes", - "UpdateUserHierarchy", - "UpdateUserIdentityInfo", - "UpdateUserPhoneConfig", - "UpdateUserRoutingProfile", - "UpdateUserSecurityProfiles" + "UpdateDomain", + "UpdateWatchlist" ], "HasResource": true, - "StringPrefix": "connect", + "StringPrefix": "voiceid", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys" ] }, + "Amazon Connect Wisdom": { + "ARNFormat": "arn:aws:wisdom:${Region}:${Account}:${Resource}/${ResourceId}", + "ARNRegex": "^arn:aws:wisdom:.+:.+:.+", + "Actions": [ + "CreateAssistant", + "CreateAssistantAssociation", + "CreateContent", + "CreateKnowledgeBase", + "CreateQuickResponse", + "CreateSession", + "DeleteAssistant", + "DeleteAssistantAssociation", + "DeleteContent", + "DeleteImportJob", + "DeleteKnowledgeBase", + "DeleteQuickResponse", + "GetAssistant", + "GetAssistantAssociation", + "GetContent", + "GetContentSummary", + "GetImportJob", + "GetKnowledgeBase", + "GetQuickResponse", + "GetRecommendations", + "GetSession", + "ListAssistantAssociations", + "ListAssistants", + "ListContents", + "ListImportJobs", + "ListKnowledgeBases", + "ListQuickResponses", + "ListTagsForResource", + "NotifyRecommendationsReceived", + "PutFeedback", + "QueryAssistant", + "RemoveKnowledgeBaseTemplateUri", + "SearchContent", + "SearchQuickResponses", + "SearchSessions", + "StartContentUpload", + "StartImportJob", + "TagResource", + "UntagResource", + "UpdateContent", + "UpdateKnowledgeBaseTemplateUri", + "UpdateQuickResponse" + ], + "HasResource": true, + "StringPrefix": "wisdom", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "wisdom:SearchFilter/RoutingProfileArn" + ] + }, "Amazon Data Lifecycle Manager": { - "ARNFormat": "arn:${Partition}:dlm:\u003cregion\u003e:\u003caccount-id\u003e:policy/\u003cresource_name\u003e", - "ARNRegex": "^arn:${Partition}:dlm:.+:.+:.+", + "ARNFormat": "arn:aws:dlm:${Region}:${Account}:policy/${ResourceName}", + "ARNRegex": "^arn:aws:dlm:.+:.+:.+", "Actions": [ "CreateLifecyclePolicy", "DeleteLifecyclePolicy", @@ -5596,32 +12622,250 @@ "aws:TagKeys" ] }, + "Amazon DataZone": { + "ARNFormat": "arn:aws:datazone:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:datazone:.+:.+:.+", + "Actions": [ + "AcceptPredictions", + "AcceptSubscriptionRequest", + "CancelSubscription", + "CreateAsset", + "CreateAssetRevision", + "CreateAssetType", + "CreateDataSource", + "CreateDomain", + "CreateEnvironment", + "CreateEnvironmentBlueprint", + "CreateEnvironmentProfile", + "CreateFormType", + "CreateGlossary", + "CreateGlossaryTerm", + "CreateGroupProfile", + "CreateListingChangeSet", + "CreateProject", + "CreateProjectMembership", + "CreateSubscriptionGrant", + "CreateSubscriptionRequest", + "CreateSubscriptionTarget", + "CreateUserProfile", + "DeleteAsset", + "DeleteAssetType", + "DeleteDataSource", + "DeleteDomain", + "DeleteDomainSharingPolicy", + "DeleteEnvironment", + "DeleteEnvironmentBlueprint", + "DeleteEnvironmentBlueprintConfiguration", + "DeleteEnvironmentProfile", + "DeleteFormType", + "DeleteGlossary", + "DeleteGlossaryTerm", + "DeleteListing", + "DeleteProject", + "DeleteProjectMembership", + "DeleteSubscriptionGrant", + "DeleteSubscriptionRequest", + "DeleteSubscriptionTarget", + "GetAsset", + "GetAssetType", + "GetDataSource", + "GetDataSourceRun", + "GetDomain", + "GetDomainSharingPolicy", + "GetEnvironment", + "GetEnvironmentActionLink", + "GetEnvironmentBlueprint", + "GetEnvironmentBlueprintConfiguration", + "GetEnvironmentCredentials", + "GetEnvironmentProfile", + "GetFormType", + "GetGlossary", + "GetGlossaryTerm", + "GetGroupProfile", + "GetIamPortalLoginUrl", + "GetListing", + "GetProject", + "GetSubscription", + "GetSubscriptionEligibility", + "GetSubscriptionGrant", + "GetSubscriptionRequestDetails", + "GetSubscriptionTarget", + "GetUserProfile", + "ListAccountEnvironments", + "ListAssetRevisions", + "ListDataSourceRunActivities", + "ListDataSourceRuns", + "ListDataSources", + "ListDomains", + "ListEnvironmentBlueprintConfigurations", + "ListEnvironmentBlueprints", + "ListEnvironmentProfiles", + "ListEnvironments", + "ListGroupsForUser", + "ListNotifications", + "ListProjectMemberships", + "ListProjects", + "ListSubscriptionGrants", + "ListSubscriptionRequests", + "ListSubscriptionTargets", + "ListSubscriptions", + "ListTagsForResource", + "ListWarehouseMetadata", + "ProvisionDomain", + "PutDomainSharingPolicy", + "PutEnvironmentBlueprintConfiguration", + "RefreshToken", + "RejectPredictions", + "RejectSubscriptionRequest", + "RevokeSubscription", + "Search", + "SearchGroupProfiles", + "SearchListings", + "SearchTypes", + "SearchUserProfiles", + "SsoLogin", + "SsoLogout", + "StartDataSourceRun", + "TagResource", + "UntagResource", + "UpdateDataSource", + "UpdateDomain", + "UpdateEnvironment", + "UpdateEnvironmentBlueprint", + "UpdateEnvironmentConfiguration", + "UpdateEnvironmentDeploymentStatus", + "UpdateEnvironmentProfile", + "UpdateGlossary", + "UpdateGlossaryTerm", + "UpdateGroupProfile", + "UpdateProject", + "UpdateSubscriptionGrantStatus", + "UpdateSubscriptionRequest", + "UpdateSubscriptionTarget", + "UpdateUserProfile", + "ValidatePassRole" + ], + "HasResource": true, + "StringPrefix": "datazone", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "Amazon Detective": { - "ARNFormat": "arn:aws:detective:${Region}:${AccountId}:graph:${GraphId}", + "ARNFormat": "arn:aws:detective:${Region}:${Account}:graph:${GraphId}", "ARNRegex": "^arn:aws:detective:.+", "Actions": [ "AcceptInvitation", + "BatchGetGraphMemberDatasources", + "BatchGetMembershipDatasources", "CreateGraph", "CreateMembers", "DeleteGraph", "DeleteMembers", + "DescribeOrganizationConfiguration", + "DisableOrganizationAdminAccount", "DisassociateMembership", + "EnableOrganizationAdminAccount", "GetFreeTrialEligibility", "GetGraphIngestState", "GetMembers", "GetPricingInformation", "GetUsageInformation", + "ListDatasourcePackages", "ListGraphs", + "ListHighDegreeEntities", "ListInvitations", "ListMembers", + "ListOrganizationAdminAccount", + "ListTagsForResource", "RejectInvitation", - "SearchGraph" + "SearchGraph", + "StartMonitoringMember", + "TagResource", + "UntagResource", + "UpdateDatasourcePackages", + "UpdateOrganizationConfiguration" ], "HasResource": true, - "StringPrefix": "detective" + "StringPrefix": "detective", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon DevOps Guru": { + "ARNFormat": "arn:aws:devops-guru:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:devops-guru:.+:.+:.+/.+", + "Actions": [ + "AddNotificationChannel", + "DeleteInsight", + "DescribeAccountHealth", + "DescribeAccountOverview", + "DescribeAnomaly", + "DescribeEventSourcesConfig", + "DescribeFeedback", + "DescribeInsight", + "DescribeOrganizationHealth", + "DescribeOrganizationOverview", + "DescribeOrganizationResourceCollectionHealth", + "DescribeResourceCollectionHealth", + "DescribeServiceIntegration", + "GetCostEstimation", + "GetResourceCollection", + "ListAnomaliesForInsight", + "ListAnomalousLogGroups", + "ListEvents", + "ListInsights", + "ListMonitoredResources", + "ListNotificationChannels", + "ListOrganizationInsights", + "ListRecommendations", + "PutFeedback", + "RemoveNotificationChannel", + "SearchInsights", + "SearchOrganizationInsights", + "StartCostEstimation", + "UpdateEventSourcesConfig", + "UpdateResourceCollection", + "UpdateServiceIntegration" + ], + "HasResource": true, + "StringPrefix": "devops-guru", + "conditionKeys": [ + "devops-guru:ServiceNames" + ] + }, + "Amazon DocumentDB Elastic Clusters": { + "ARNFormat": "arn:aws:docdb-elastic:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:docdb-elastic:.+:.+:.+", + "Actions": [ + "CreateCluster", + "CreateClusterSnapshot", + "DeleteCluster", + "DeleteClusterSnapshot", + "GetCluster", + "GetClusterSnapshot", + "ListClusterSnapshots", + "ListClusters", + "ListTagsForResource", + "RestoreClusterFromSnapshot", + "TagResource", + "UntagResource", + "UpdateCluster" + ], + "HasResource": true, + "StringPrefix": "docdb-elastic", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "Amazon DynamoDB": { - "ARNFormat": "arn:aws:dynamodb:\u003cregion\u003e:\u003caccountID\u003e:\u003cresourceType\u003e/\u003cresourcePath\u003e", + "ARNFormat": "arn:aws:dynamodb:${Region}:${Account}:${ResourceType}/${ResourcePath}", "ARNRegex": "^arn:aws:dynamodb:.+:.+", "Actions": [ "BatchGetItem", @@ -5638,8 +12882,12 @@ "DescribeBackup", "DescribeContinuousBackups", "DescribeContributorInsights", + "DescribeEndpoints", + "DescribeExport", "DescribeGlobalTable", "DescribeGlobalTableSettings", + "DescribeImport", + "DescribeKinesisStreamingDestination", "DescribeLimits", "DescribeReservedCapacity", "DescribeReservedCapacityOfferings", @@ -5647,27 +12895,40 @@ "DescribeTable", "DescribeTableReplicaAutoScaling", "DescribeTimeToLive", + "DisableKinesisStreamingDestination", + "EnableKinesisStreamingDestination", + "ExportTableToPointInTime", "GetItem", "GetRecords", "GetShardIterator", + "ImportTable", "ListBackups", "ListContributorInsights", + "ListExports", "ListGlobalTables", + "ListImports", "ListStreams", "ListTables", "ListTagsOfResource", + "PartiQLDelete", + "PartiQLInsert", + "PartiQLSelect", + "PartiQLUpdate", "PurchaseReservedCapacityOfferings", "PutItem", "Query", + "RestoreTableFromAwsBackup", "RestoreTableFromBackup", "RestoreTableToPointInTime", "Scan", + "StartAwsBackupJob", "TagResource", "UntagResource", "UpdateContinuousBackups", "UpdateContributorInsights", "UpdateGlobalTable", "UpdateGlobalTableSettings", + "UpdateGlobalTableVersion", "UpdateItem", "UpdateTable", "UpdateTableReplicaAutoScaling", @@ -5678,6 +12939,7 @@ "conditionKeys": [ "dynamodb:Attributes", "dynamodb:EnclosingOperation", + "dynamodb:FullTableScan", "dynamodb:LeadingKeys", "dynamodb:ReturnConsumedCapacity", "dynamodb:ReturnValues", @@ -5685,7 +12947,7 @@ ] }, "Amazon DynamoDB Accelerator (DAX)": { - "ARNFormat": "arn:aws:dax:\u003cregion\u003e:\u003caccountId\u003e:cache/\u003cclustername\u003e", + "ARNFormat": "arn:aws:dax:${Region}:${Account}:cache/${ClusterName}", "ARNRegex": "^arn:aws:dax:.+:[0-9]+:cache/[a-zA-Z0-9_.-]+", "Actions": [ "BatchGetItem", @@ -5726,10 +12988,12 @@ ] }, "Amazon EC2": { - "ARNFormat": "arn:aws:ec2:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourcePath\u003e", + "ARNFormat": "arn:aws:ec2:${Region}:${Account}:${ResourceType}/${ResourcePath}", "ARNRegex": "^arn:aws:ec2:.+", "Actions": [ + "AcceptAddressTransfer", "AcceptReservedInstancesExchangeQuote", + "AcceptTransitGatewayMulticastDomainAssociations", "AcceptTransitGatewayPeeringAttachment", "AcceptTransitGatewayVpcAttachment", "AcceptVpcEndpointConnections", @@ -5737,21 +13001,31 @@ "AdvertiseByoipCidr", "AllocateAddress", "AllocateHosts", + "AllocateIpamPoolCidr", "ApplySecurityGroupsToClientVpnTargetNetwork", "AssignIpv6Addresses", "AssignPrivateIpAddresses", + "AssignPrivateNatGatewayAddress", "AssociateAddress", "AssociateClientVpnTargetNetwork", "AssociateDhcpOptions", + "AssociateEnclaveCertificateIamRole", "AssociateIamInstanceProfile", + "AssociateInstanceEventWindow", + "AssociateIpamResourceDiscovery", + "AssociateNatGatewayAddress", "AssociateRouteTable", "AssociateSubnetCidrBlock", "AssociateTransitGatewayMulticastDomain", + "AssociateTransitGatewayPolicyTable", "AssociateTransitGatewayRouteTable", + "AssociateTrunkInterface", + "AssociateVerifiedAccessInstanceWebAcl", "AssociateVpcCidrBlock", "AttachClassicLinkVpc", "AttachInternetGateway", "AttachNetworkInterface", + "AttachVerifiedAccessTrustProvider", "AttachVolume", "AttachVpnGateway", "AuthorizeClientVpnIngress", @@ -5760,8 +13034,10 @@ "BundleInstance", "CancelBundleTask", "CancelCapacityReservation", + "CancelCapacityReservationFleets", "CancelConversionTask", "CancelExportTask", + "CancelImageLaunchPermission", "CancelImportTask", "CancelReservedInstancesListing", "CancelSpotFleetRequests", @@ -5771,8 +13047,13 @@ "CopyImage", "CopySnapshot", "CreateCapacityReservation", + "CreateCapacityReservationFleet", + "CreateCarrierGateway", "CreateClientVpnEndpoint", "CreateClientVpnRoute", + "CreateCoipCidr", + "CreateCoipPool", + "CreateCoipPoolPermission", "CreateCustomerGateway", "CreateDefaultSubnet", "CreateDefaultVpc", @@ -5782,38 +13063,64 @@ "CreateFlowLogs", "CreateFpgaImage", "CreateImage", + "CreateInstanceConnectEndpoint", + "CreateInstanceEventWindow", "CreateInstanceExportTask", "CreateInternetGateway", + "CreateIpam", + "CreateIpamPool", + "CreateIpamResourceDiscovery", + "CreateIpamScope", "CreateKeyPair", "CreateLaunchTemplate", "CreateLaunchTemplateVersion", "CreateLocalGatewayRoute", + "CreateLocalGatewayRouteTable", + "CreateLocalGatewayRouteTablePermission", + "CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation", "CreateLocalGatewayRouteTableVpcAssociation", + "CreateManagedPrefixList", "CreateNatGateway", "CreateNetworkAcl", "CreateNetworkAclEntry", + "CreateNetworkInsightsAccessScope", + "CreateNetworkInsightsPath", "CreateNetworkInterface", "CreateNetworkInterfacePermission", "CreatePlacementGroup", + "CreatePublicIpv4Pool", + "CreateReplaceRootVolumeTask", "CreateReservedInstancesListing", + "CreateRestoreImageTask", "CreateRoute", "CreateRouteTable", "CreateSecurityGroup", "CreateSnapshot", "CreateSnapshots", "CreateSpotDatafeedSubscription", + "CreateStoreImageTask", "CreateSubnet", + "CreateSubnetCidrReservation", "CreateTags", "CreateTrafficMirrorFilter", "CreateTrafficMirrorFilterRule", "CreateTrafficMirrorSession", "CreateTrafficMirrorTarget", "CreateTransitGateway", + "CreateTransitGatewayConnect", + "CreateTransitGatewayConnectPeer", "CreateTransitGatewayMulticastDomain", "CreateTransitGatewayPeeringAttachment", + "CreateTransitGatewayPolicyTable", + "CreateTransitGatewayPrefixListReference", "CreateTransitGatewayRoute", "CreateTransitGatewayRouteTable", + "CreateTransitGatewayRouteTableAnnouncement", "CreateTransitGatewayVpcAttachment", + "CreateVerifiedAccessEndpoint", + "CreateVerifiedAccessGroup", + "CreateVerifiedAccessInstance", + "CreateVerifiedAccessTrustProvider", "CreateVolume", "CreateVpc", "CreateVpcEndpoint", @@ -5823,43 +13130,74 @@ "CreateVpnConnection", "CreateVpnConnectionRoute", "CreateVpnGateway", + "DeleteCarrierGateway", "DeleteClientVpnEndpoint", "DeleteClientVpnRoute", + "DeleteCoipCidr", + "DeleteCoipPool", + "DeleteCoipPoolPermission", "DeleteCustomerGateway", "DeleteDhcpOptions", "DeleteEgressOnlyInternetGateway", "DeleteFleets", "DeleteFlowLogs", "DeleteFpgaImage", + "DeleteInstanceConnectEndpoint", + "DeleteInstanceEventWindow", "DeleteInternetGateway", + "DeleteIpam", + "DeleteIpamPool", + "DeleteIpamResourceDiscovery", + "DeleteIpamScope", "DeleteKeyPair", "DeleteLaunchTemplate", "DeleteLaunchTemplateVersions", "DeleteLocalGatewayRoute", + "DeleteLocalGatewayRouteTable", + "DeleteLocalGatewayRouteTablePermission", + "DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociation", "DeleteLocalGatewayRouteTableVpcAssociation", + "DeleteManagedPrefixList", "DeleteNatGateway", "DeleteNetworkAcl", "DeleteNetworkAclEntry", + "DeleteNetworkInsightsAccessScope", + "DeleteNetworkInsightsAccessScopeAnalysis", + "DeleteNetworkInsightsAnalysis", + "DeleteNetworkInsightsPath", "DeleteNetworkInterface", "DeleteNetworkInterfacePermission", "DeletePlacementGroup", + "DeletePublicIpv4Pool", + "DeleteQueuedReservedInstances", + "DeleteResourcePolicy", "DeleteRoute", "DeleteRouteTable", "DeleteSecurityGroup", "DeleteSnapshot", "DeleteSpotDatafeedSubscription", "DeleteSubnet", + "DeleteSubnetCidrReservation", "DeleteTags", "DeleteTrafficMirrorFilter", "DeleteTrafficMirrorFilterRule", "DeleteTrafficMirrorSession", "DeleteTrafficMirrorTarget", "DeleteTransitGateway", + "DeleteTransitGatewayConnect", + "DeleteTransitGatewayConnectPeer", "DeleteTransitGatewayMulticastDomain", "DeleteTransitGatewayPeeringAttachment", + "DeleteTransitGatewayPolicyTable", + "DeleteTransitGatewayPrefixListReference", "DeleteTransitGatewayRoute", "DeleteTransitGatewayRouteTable", + "DeleteTransitGatewayRouteTableAnnouncement", "DeleteTransitGatewayVpcAttachment", + "DeleteVerifiedAccessEndpoint", + "DeleteVerifiedAccessGroup", + "DeleteVerifiedAccessInstance", + "DeleteVerifiedAccessTrustProvider", "DeleteVolume", "DeleteVpc", "DeleteVpcEndpointConnectionNotifications", @@ -5870,22 +13208,31 @@ "DeleteVpnConnectionRoute", "DeleteVpnGateway", "DeprovisionByoipCidr", + "DeprovisionIpamPoolCidr", + "DeprovisionPublicIpv4PoolCidr", "DeregisterImage", + "DeregisterInstanceEventNotificationAttributes", "DeregisterTransitGatewayMulticastGroupMembers", "DeregisterTransitGatewayMulticastGroupSources", "DescribeAccountAttributes", + "DescribeAddressTransfers", "DescribeAddresses", + "DescribeAddressesAttribute", "DescribeAggregateIdFormat", "DescribeAvailabilityZones", + "DescribeAwsNetworkPerformanceMetricSubscriptions", "DescribeBundleTasks", "DescribeByoipCidrs", + "DescribeCapacityReservationFleets", "DescribeCapacityReservations", + "DescribeCarrierGateways", "DescribeClassicLinkInstances", "DescribeClientVpnAuthorizationRules", "DescribeClientVpnConnections", "DescribeClientVpnEndpoints", "DescribeClientVpnRoutes", "DescribeClientVpnTargetNetworks", + "DescribeCoipPools", "DescribeConversionTasks", "DescribeCustomerGateways", "DescribeDhcpOptions", @@ -5893,6 +13240,7 @@ "DescribeElasticGpus", "DescribeExportImageTasks", "DescribeExportTasks", + "DescribeFastLaunchImages", "DescribeFastSnapshotRestores", "DescribeFleetHistory", "DescribeFleetInstances", @@ -5911,23 +13259,39 @@ "DescribeImportImageTasks", "DescribeImportSnapshotTasks", "DescribeInstanceAttribute", + "DescribeInstanceConnectEndpoints", "DescribeInstanceCreditSpecifications", + "DescribeInstanceEventNotificationAttributes", + "DescribeInstanceEventWindows", "DescribeInstanceStatus", + "DescribeInstanceTypeOfferings", "DescribeInstanceTypes", "DescribeInstances", "DescribeInternetGateways", + "DescribeIpamPools", + "DescribeIpamResourceDiscoveries", + "DescribeIpamResourceDiscoveryAssociations", + "DescribeIpamScopes", + "DescribeIpams", + "DescribeIpv6Pools", "DescribeKeyPairs", "DescribeLaunchTemplateVersions", "DescribeLaunchTemplates", + "DescribeLocalGatewayRouteTablePermissions", "DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", "DescribeLocalGatewayRouteTableVpcAssociations", "DescribeLocalGatewayRouteTables", "DescribeLocalGatewayVirtualInterfaceGroups", "DescribeLocalGatewayVirtualInterfaces", "DescribeLocalGateways", + "DescribeManagedPrefixLists", "DescribeMovingAddresses", "DescribeNatGateways", "DescribeNetworkAcls", + "DescribeNetworkInsightsAccessScopeAnalyses", + "DescribeNetworkInsightsAccessScopes", + "DescribeNetworkInsightsAnalyses", + "DescribeNetworkInsightsPaths", "DescribeNetworkInterfaceAttribute", "DescribeNetworkInterfacePermissions", "DescribeNetworkInterfaces", @@ -5936,6 +13300,7 @@ "DescribePrincipalIdFormat", "DescribePublicIpv4Pools", "DescribeRegions", + "DescribeReplaceRootVolumeTasks", "DescribeReservedInstances", "DescribeReservedInstancesListings", "DescribeReservedInstancesModifications", @@ -5944,8 +13309,10 @@ "DescribeScheduledInstanceAvailability", "DescribeScheduledInstances", "DescribeSecurityGroupReferences", + "DescribeSecurityGroupRules", "DescribeSecurityGroups", "DescribeSnapshotAttribute", + "DescribeSnapshotTierStatus", "DescribeSnapshots", "DescribeSpotDatafeedSubscription", "DescribeSpotFleetInstances", @@ -5954,17 +13321,29 @@ "DescribeSpotInstanceRequests", "DescribeSpotPriceHistory", "DescribeStaleSecurityGroups", + "DescribeStoreImageTasks", "DescribeSubnets", "DescribeTags", "DescribeTrafficMirrorFilters", "DescribeTrafficMirrorSessions", "DescribeTrafficMirrorTargets", "DescribeTransitGatewayAttachments", + "DescribeTransitGatewayConnectPeers", + "DescribeTransitGatewayConnects", "DescribeTransitGatewayMulticastDomains", "DescribeTransitGatewayPeeringAttachments", + "DescribeTransitGatewayPolicyTables", + "DescribeTransitGatewayRouteTableAnnouncements", "DescribeTransitGatewayRouteTables", "DescribeTransitGatewayVpcAttachments", "DescribeTransitGateways", + "DescribeTrunkInterfaceAssociations", + "DescribeVerifiedAccessEndpoints", + "DescribeVerifiedAccessGroups", + "DescribeVerifiedAccessInstanceLoggingConfigurations", + "DescribeVerifiedAccessInstanceWebAclAssociations", + "DescribeVerifiedAccessInstances", + "DescribeVerifiedAccessTrustProviders", "DescribeVolumeAttribute", "DescribeVolumeStatus", "DescribeVolumes", @@ -5985,24 +13364,49 @@ "DetachClassicLinkVpc", "DetachInternetGateway", "DetachNetworkInterface", + "DetachVerifiedAccessTrustProvider", "DetachVolume", "DetachVpnGateway", + "DisableAddressTransfer", + "DisableAwsNetworkPerformanceMetricSubscription", "DisableEbsEncryptionByDefault", + "DisableFastLaunch", "DisableFastSnapshotRestores", + "DisableImage", + "DisableImageBlockPublicAccess", + "DisableImageDeprecation", + "DisableIpamOrganizationAdminAccount", + "DisableSerialConsoleAccess", "DisableTransitGatewayRouteTablePropagation", "DisableVgwRoutePropagation", "DisableVpcClassicLink", "DisableVpcClassicLinkDnsSupport", "DisassociateAddress", "DisassociateClientVpnTargetNetwork", + "DisassociateEnclaveCertificateIamRole", "DisassociateIamInstanceProfile", + "DisassociateInstanceEventWindow", + "DisassociateIpamResourceDiscovery", + "DisassociateNatGatewayAddress", "DisassociateRouteTable", "DisassociateSubnetCidrBlock", "DisassociateTransitGatewayMulticastDomain", + "DisassociateTransitGatewayPolicyTable", "DisassociateTransitGatewayRouteTable", + "DisassociateTrunkInterface", + "DisassociateVerifiedAccessInstanceWebAcl", "DisassociateVpcCidrBlock", + "EnableAddressTransfer", + "EnableAwsNetworkPerformanceMetricSubscription", "EnableEbsEncryptionByDefault", + "EnableFastLaunch", "EnableFastSnapshotRestores", + "EnableImage", + "EnableImageBlockPublicAccess", + "EnableImageDeprecation", + "EnableIpamOrganizationAdminAccount", + "EnableReachabilityAnalyzerOrganizationSharing", + "EnableSerialConsoleAccess", "EnableTransitGatewayRouteTablePropagation", "EnableVgwRoutePropagation", "EnableVolumeIO", @@ -6012,27 +13416,67 @@ "ExportClientVpnClientConfiguration", "ExportImage", "ExportTransitGatewayRoutes", + "GetAssociatedEnclaveCertificateIamRoles", + "GetAssociatedIpv6PoolCidrs", + "GetAwsNetworkPerformanceData", "GetCapacityReservationUsage", + "GetCoipPoolUsage", "GetConsoleOutput", "GetConsoleScreenshot", "GetDefaultCreditSpecification", "GetEbsDefaultKmsKeyId", "GetEbsEncryptionByDefault", + "GetFlowLogsIntegrationTemplate", + "GetGroupsForCapacityReservation", "GetHostReservationPurchasePreview", + "GetImageBlockPublicAccessState", + "GetInstanceTypesFromInstanceRequirements", + "GetInstanceUefiData", + "GetIpamAddressHistory", + "GetIpamDiscoveredAccounts", + "GetIpamDiscoveredResourceCidrs", + "GetIpamPoolAllocations", + "GetIpamPoolCidrs", + "GetIpamResourceCidrs", "GetLaunchTemplateData", + "GetManagedPrefixListAssociations", + "GetManagedPrefixListEntries", + "GetNetworkInsightsAccessScopeAnalysisFindings", + "GetNetworkInsightsAccessScopeContent", "GetPasswordData", "GetReservedInstancesExchangeQuote", + "GetResourcePolicy", + "GetSecurityGroupsForVpc", + "GetSerialConsoleAccessStatus", + "GetSpotPlacementScores", + "GetSubnetCidrReservations", "GetTransitGatewayAttachmentPropagations", "GetTransitGatewayMulticastDomainAssociations", + "GetTransitGatewayPolicyTableAssociations", + "GetTransitGatewayPolicyTableEntries", + "GetTransitGatewayPrefixListReferences", "GetTransitGatewayRouteTableAssociations", "GetTransitGatewayRouteTablePropagations", + "GetVerifiedAccessEndpointPolicy", + "GetVerifiedAccessGroupPolicy", + "GetVerifiedAccessInstanceWebAcl", + "GetVpnConnectionDeviceSampleConfiguration", + "GetVpnConnectionDeviceTypes", + "GetVpnTunnelReplacementStatus", + "ImportByoipCidrToIpam", "ImportClientVpnClientCertificateRevocationList", "ImportImage", "ImportInstance", "ImportKeyPair", "ImportSnapshot", "ImportVolume", + "InjectApiError", + "ListImagesInRecycleBin", + "ListSnapshotsInRecycleBin", + "ModifyAddressAttribute", + "ModifyAvailabilityZoneGroup", "ModifyCapacityReservation", + "ModifyCapacityReservationFleet", "ModifyClientVpnEndpoint", "ModifyDefaultCreditSpecification", "ModifyEbsDefaultKmsKeyId", @@ -6046,55 +13490,88 @@ "ModifyInstanceCapacityReservationAttributes", "ModifyInstanceCreditSpecification", "ModifyInstanceEventStartTime", + "ModifyInstanceEventWindow", + "ModifyInstanceMaintenanceOptions", "ModifyInstanceMetadataOptions", "ModifyInstancePlacement", + "ModifyIpam", + "ModifyIpamPool", + "ModifyIpamResourceCidr", + "ModifyIpamResourceDiscovery", + "ModifyIpamScope", "ModifyLaunchTemplate", + "ModifyLocalGatewayRoute", + "ModifyManagedPrefixList", "ModifyNetworkInterfaceAttribute", + "ModifyPrivateDnsNameOptions", "ModifyReservedInstances", + "ModifySecurityGroupRules", "ModifySnapshotAttribute", + "ModifySnapshotTier", "ModifySpotFleetRequest", "ModifySubnetAttribute", "ModifyTrafficMirrorFilterNetworkServices", "ModifyTrafficMirrorFilterRule", "ModifyTrafficMirrorSession", + "ModifyTransitGateway", + "ModifyTransitGatewayPrefixListReference", "ModifyTransitGatewayVpcAttachment", + "ModifyVerifiedAccessEndpoint", + "ModifyVerifiedAccessEndpointPolicy", + "ModifyVerifiedAccessGroup", + "ModifyVerifiedAccessGroupPolicy", + "ModifyVerifiedAccessInstance", + "ModifyVerifiedAccessInstanceLoggingConfiguration", + "ModifyVerifiedAccessTrustProvider", "ModifyVolume", "ModifyVolumeAttribute", "ModifyVpcAttribute", "ModifyVpcEndpoint", "ModifyVpcEndpointConnectionNotification", "ModifyVpcEndpointServiceConfiguration", + "ModifyVpcEndpointServicePayerResponsibility", "ModifyVpcEndpointServicePermissions", "ModifyVpcPeeringConnectionOptions", "ModifyVpcTenancy", "ModifyVpnConnection", + "ModifyVpnConnectionOptions", "ModifyVpnTunnelCertificate", "ModifyVpnTunnelOptions", "MonitorInstances", "MoveAddressToVpc", + "MoveByoipCidrToIpam", + "PauseVolumeIO", "ProvisionByoipCidr", + "ProvisionIpamPoolCidr", + "ProvisionPublicIpv4PoolCidr", "PurchaseHostReservation", "PurchaseReservedInstancesOffering", "PurchaseScheduledInstances", + "PutResourcePolicy", "RebootInstances", "RegisterImage", + "RegisterInstanceEventNotificationAttributes", "RegisterTransitGatewayMulticastGroupMembers", "RegisterTransitGatewayMulticastGroupSources", + "RejectTransitGatewayMulticastDomainAssociations", "RejectTransitGatewayPeeringAttachment", "RejectTransitGatewayVpcAttachment", "RejectVpcEndpointConnections", "RejectVpcPeeringConnection", "ReleaseAddress", "ReleaseHosts", + "ReleaseIpamPoolAllocation", "ReplaceIamInstanceProfileAssociation", "ReplaceNetworkAclAssociation", "ReplaceNetworkAclEntry", "ReplaceRoute", "ReplaceRouteTableAssociation", "ReplaceTransitGatewayRoute", + "ReplaceVpnTunnel", "ReportInstanceStatus", "RequestSpotFleet", "RequestSpotInstances", + "ResetAddressAttribute", "ResetEbsDefaultKmsKeyId", "ResetFpgaImageAttribute", "ResetImageAttribute", @@ -6102,6 +13579,10 @@ "ResetNetworkInterfaceAttribute", "ResetSnapshotAttribute", "RestoreAddressToClassic", + "RestoreImageFromRecycleBin", + "RestoreManagedPrefixListVersion", + "RestoreSnapshotFromRecycleBin", + "RestoreSnapshotTier", "RevokeClientVpnIngress", "RevokeSecurityGroupEgress", "RevokeSecurityGroupIngress", @@ -6111,13 +13592,17 @@ "SearchTransitGatewayMulticastGroups", "SearchTransitGatewayRoutes", "SendDiagnosticInterrupt", + "SendSpotInstanceInterruptions", "StartInstances", + "StartNetworkInsightsAccessScopeAnalysis", + "StartNetworkInsightsAnalysis", "StartVpcEndpointServicePrivateDnsVerification", "StopInstances", "TerminateClientVpnConnections", "TerminateInstances", "UnassignIpv6Addresses", "UnassignPrivateIpAddresses", + "UnassignPrivateNatGatewayAddress", "UnmonitorInstances", "UpdateSecurityGroupRuleDescriptionsEgress", "UpdateSecurityGroupRuleDescriptionsIngress", @@ -6127,82 +13612,129 @@ "StringPrefix": "ec2", "conditionKeys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys", "ec2:AccepterVpc", + "ec2:Add/group", + "ec2:Add/userId", + "ec2:AllocationId", "ec2:AssociatePublicIpAddress", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", "ec2:AuthenticationType", "ec2:AuthorizedService", "ec2:AuthorizedUser", "ec2:AutoPlacement", "ec2:AvailabilityZone", + "ec2:CapacityReservationFleet", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", "ec2:CreateAction", "ec2:DPDTimeoutSeconds", + "ec2:DhcpOptionsID", + "ec2:DirectoryArn", + "ec2:Domain", "ec2:EbsOptimized", "ec2:ElasticGpuType", "ec2:Encrypted", + "ec2:FisActionId", + "ec2:FisTargetArns", "ec2:GatewayType", "ec2:HostRecovery", "ec2:IKEVersions", + "ec2:ImageID", "ec2:ImageType", "ec2:InsideTunnelCidr", + "ec2:InsideTunnelIpv6Cidr", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", "ec2:InstanceProfile", "ec2:InstanceType", + "ec2:InternetGatewayID", + "ec2:Ipv4IpamPoolId", + "ec2:Ipv6IpamPoolId", "ec2:IsLaunchTemplateResource", + "ec2:KeyPairName", + "ec2:KeyPairType", + "ec2:KmsKeyId", "ec2:LaunchTemplate", "ec2:MetadataHttpEndpoint", "ec2:MetadataHttpPutResponseHopLimit", "ec2:MetadataHttpTokens", + "ec2:NetworkAclID", + "ec2:NetworkInterfaceID", + "ec2:NewInstanceProfile", + "ec2:OutpostArn", "ec2:Owner", "ec2:ParentSnapshot", "ec2:ParentVolume", "ec2:Permission", - "ec2:Phase1DHGroupNumbers", + "ec2:Phase1DHGroup", "ec2:Phase1EncryptionAlgorithms", "ec2:Phase1IntegrityAlgorithms", "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroupNumbers", + "ec2:Phase2DHGroup", "ec2:Phase2EncryptionAlgorithms", "ec2:Phase2IntegrityAlgorithms", "ec2:Phase2LifetimeSeconds", "ec2:PlacementGroup", + "ec2:PlacementGroupName", "ec2:PlacementGroupStrategy", - "ec2:PresharedKeys", + "ec2:PreSharedKeys", "ec2:ProductCode", "ec2:Public", + "ec2:PublicIpAddress", "ec2:Quantity", "ec2:Region", "ec2:RekeyFuzzPercentage", "ec2:RekeyMarginTimeSeconds", + "ec2:Remove/group", + "ec2:Remove/userId", + "ec2:ReplayWindowSizePackets", "ec2:RequesterVpc", "ec2:ReservedInstancesOfferingType", - "ec2:ResourceTag/", "ec2:ResourceTag/${TagKey}", "ec2:RoleDelivery", "ec2:RootDeviceType", + "ec2:RouteTableID", "ec2:RoutingType", + "ec2:SamlProviderArn", + "ec2:SecurityGroupID", + "ec2:ServerCertificateArn", + "ec2:SnapshotID", "ec2:SnapshotTime", "ec2:SourceInstanceARN", + "ec2:SourceOutpostArn", "ec2:Subnet", + "ec2:SubnetID", "ec2:Tenancy", + "ec2:VolumeID", "ec2:VolumeIops", "ec2:VolumeSize", + "ec2:VolumeThroughput", "ec2:VolumeType", "ec2:Vpc", + "ec2:VpcID", + "ec2:VpcPeeringConnectionID", "ec2:VpceServiceName", "ec2:VpceServiceOwner", "ec2:VpceServicePrivateDnsName" ] }, "Amazon EC2 Auto Scaling": { - "ARNFormat": "arn:${Partition}:autoscaling:\u003cregion\u003e:\u003caccount\u003e:\u003crelative-id\u003e", - "ARNRegex": "^arn:${Partition}:autoscaling:.+:.+:.+", + "ARNFormat": "arn:aws:autoscaling:${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:aws:autoscaling:.+:.+:.+", "Actions": [ "AttachInstances", "AttachLoadBalancerTargetGroups", "AttachLoadBalancers", + "AttachTrafficSources", "BatchDeleteScheduledAction", "BatchPutScheduledUpdateGroupAction", + "CancelInstanceRefresh", "CompleteLifecycleAction", "CreateAutoScalingGroup", "CreateLaunchConfiguration", @@ -6214,11 +13746,13 @@ "DeletePolicy", "DeleteScheduledAction", "DeleteTags", + "DeleteWarmPool", "DescribeAccountLimits", "DescribeAdjustmentTypes", "DescribeAutoScalingGroups", "DescribeAutoScalingInstances", "DescribeAutoScalingNotificationTypes", + "DescribeInstanceRefreshes", "DescribeLaunchConfigurations", "DescribeLifecycleHookTypes", "DescribeLifecycleHooks", @@ -6232,23 +13766,30 @@ "DescribeScheduledActions", "DescribeTags", "DescribeTerminationPolicyTypes", + "DescribeTrafficSources", + "DescribeWarmPool", "DetachInstances", "DetachLoadBalancerTargetGroups", "DetachLoadBalancers", + "DetachTrafficSources", "DisableMetricsCollection", "EnableMetricsCollection", "EnterStandby", "ExecutePolicy", "ExitStandby", + "GetPredictiveScalingForecast", "PutLifecycleHook", "PutNotificationConfiguration", "PutScalingPolicy", "PutScheduledUpdateGroupAction", + "PutWarmPool", "RecordLifecycleActionHeartbeat", "ResumeProcesses", + "RollbackInstanceRefresh", "SetDesiredCapacity", "SetInstanceHealth", "SetInstanceProtection", + "StartInstanceRefresh", "SuspendProcesses", "TerminateInstanceInAutoScalingGroup", "UpdateAutoScalingGroup" @@ -6263,10 +13804,14 @@ "autoscaling:LaunchTemplateVersionSpecified", "autoscaling:LoadBalancerNames", "autoscaling:MaxSize", + "autoscaling:MetadataHttpEndpoint", + "autoscaling:MetadataHttpPutResponseHopLimit", + "autoscaling:MetadataHttpTokens", "autoscaling:MinSize", "autoscaling:ResourceTag/${TagKey}", "autoscaling:SpotPrice", "autoscaling:TargetGroupARNs", + "autoscaling:TrafficSourceIdentifiers", "autoscaling:VPCZoneIdentifiers", "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", @@ -6274,17 +13819,19 @@ ] }, "Amazon EC2 Image Builder": { - "ARNFormat": "arn:aws:imagebuilder:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "ARNFormat": "arn:aws:imagebuilder:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:imagebuilder:.+:.+:.+", "Actions": [ "CancelImageCreation", "CreateComponent", + "CreateContainerRecipe", "CreateDistributionConfiguration", "CreateImage", "CreateImagePipeline", "CreateImageRecipe", "CreateInfrastructureConfiguration", "DeleteComponent", + "DeleteContainerRecipe", "DeleteDistributionConfiguration", "DeleteImage", "DeleteImagePipeline", @@ -6292,6 +13839,8 @@ "DeleteInfrastructureConfiguration", "GetComponent", "GetComponentPolicy", + "GetContainerRecipe", + "GetContainerRecipePolicy", "GetDistributionConfiguration", "GetImage", "GetImagePipeline", @@ -6299,16 +13848,28 @@ "GetImageRecipe", "GetImageRecipePolicy", "GetInfrastructureConfiguration", + "GetWorkflowExecution", + "GetWorkflowStepExecution", + "ImportComponent", + "ImportVmImage", "ListComponentBuildVersions", "ListComponents", + "ListContainerRecipes", "ListDistributionConfigurations", "ListImageBuildVersions", + "ListImagePackages", + "ListImagePipelineImages", "ListImagePipelines", "ListImageRecipes", + "ListImageScanFindingAggregations", + "ListImageScanFindings", "ListImages", "ListInfrastructureConfigurations", "ListTagsForResource", + "ListWorkflowExecutions", + "ListWorkflowStepExecutions", "PutComponentPolicy", + "PutContainerRecipePolicy", "PutImagePolicy", "PutImageRecipePolicy", "StartImagePipelineExecution", @@ -6323,39 +13884,127 @@ "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "imagebuilder:CreatedResourceTag/\u003ckey\u003e", + "imagebuilder:CreatedResourceTagKeys", + "imagebuilder:Ec2MetadataHttpTokens", + "imagebuilder:StatusTopicArn" ] }, "Amazon EC2 Instance Connect": { - "ARNFormat": "arn:aws:ec2:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourcePath\u003e", + "ARNFormat": "arn:aws:ec2:${Region}:${Account}:${ResourceType}/${ResourcePath}", "ARNRegex": "^arn:aws:ec2:.+", "Actions": [ - "SendSSHPublicKey" + "OpenTunnel", + "SendSSHPublicKey", + "SendSerialConsoleSSHPublicKey" ], "HasResource": true, "StringPrefix": "ec2-instance-connect", "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "ec2-instance-connect:maxTunnelDuration", + "ec2-instance-connect:privateIpAddress", + "ec2-instance-connect:remotePort", + "ec2:ResourceTag/${TagKey}", "ec2:osuser" ] }, + "Amazon EMR Serverless": { + "ARNFormat": "arn:aws:emr-serverless:${Region}:${Account}:/${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:emr-serverless:.+", + "Actions": [ + "AccessInteractiveEndpoints", + "CancelJobRun", + "CreateApplication", + "DeleteApplication", + "GetApplication", + "GetDashboardForJobRun", + "GetJobRun", + "ListApplications", + "ListJobRuns", + "ListTagsForResource", + "StartApplication", + "StartJobRun", + "StopApplication", + "TagResource", + "UntagResource", + "UpdateApplication" + ], + "HasResource": true, + "StringPrefix": "emr-serverless", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon EMR on EKS (EMR Containers)": { + "ARNFormat": "arn:aws:emr-containers:${Region}:${Account}:/${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:emr-containers:.+", + "Actions": [ + "CancelJobRun", + "CreateJobTemplate", + "CreateManagedEndpoint", + "CreateVirtualCluster", + "DeleteJobTemplate", + "DeleteManagedEndpoint", + "DeleteVirtualCluster", + "DescribeJobRun", + "DescribeJobTemplate", + "DescribeManagedEndpoint", + "DescribeVirtualCluster", + "GetManagedEndpointSessionCredentials", + "ListJobRuns", + "ListJobTemplates", + "ListManagedEndpoints", + "ListTagsForResource", + "ListVirtualClusters", + "StartJobRun", + "TagResource", + "UntagResource" + ], + "HasResource": true, + "StringPrefix": "emr-containers", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "emr-containers:ExecutionRoleArn", + "emr-containers:JobTemplateArn" + ] + }, "Amazon ElastiCache": { + "ARNFormat": "arn:aws:elasticache:${Region}:${Account}:${ResourceType}:${ResourceName}", + "ARNRegex": "^arn:aws:elasticache:.+:.+:.+", "Actions": [ "AddTagsToResource", "AuthorizeCacheSecurityGroupIngress", + "BatchApplyUpdateAction", + "BatchStopUpdateAction", + "CompleteMigration", + "Connect", "CopySnapshot", "CreateCacheCluster", "CreateCacheParameterGroup", "CreateCacheSecurityGroup", "CreateCacheSubnetGroup", + "CreateGlobalReplicationGroup", "CreateReplicationGroup", "CreateSnapshot", + "CreateUser", + "CreateUserGroup", + "DecreaseNodeGroupsInGlobalReplicationGroup", "DecreaseReplicaCount", "DeleteCacheCluster", "DeleteCacheParameterGroup", "DeleteCacheSecurityGroup", "DeleteCacheSubnetGroup", + "DeleteGlobalReplicationGroup", "DeleteReplicationGroup", "DeleteSnapshot", + "DeleteUser", + "DeleteUserGroup", "DescribeCacheClusters", "DescribeCacheEngineVersions", "DescribeCacheParameterGroups", @@ -6364,61 +14013,113 @@ "DescribeCacheSubnetGroups", "DescribeEngineDefaultParameters", "DescribeEvents", + "DescribeGlobalReplicationGroups", "DescribeReplicationGroups", "DescribeReservedCacheNodes", "DescribeReservedCacheNodesOfferings", + "DescribeServiceUpdates", "DescribeSnapshots", + "DescribeUpdateActions", + "DescribeUserGroups", + "DescribeUsers", + "DisassociateGlobalReplicationGroup", + "FailoverGlobalReplicationGroup", + "IncreaseNodeGroupsInGlobalReplicationGroup", "IncreaseReplicaCount", "ListAllowedNodeTypeModifications", "ListTagsForResource", "ModifyCacheCluster", "ModifyCacheParameterGroup", "ModifyCacheSubnetGroup", + "ModifyGlobalReplicationGroup", "ModifyReplicationGroup", "ModifyReplicationGroupShardConfiguration", + "ModifyUser", + "ModifyUserGroup", "PurchaseReservedCacheNodesOffering", + "RebalanceSlotsInGlobalReplicationGroup", "RebootCacheCluster", "RemoveTagsFromResource", "ResetCacheParameterGroup", "RevokeCacheSecurityGroupIngress", - "TestFailover" + "StartMigration", + "TestFailover", + "TestMigration" ], - "HasResource": false, - "StringPrefix": "elasticache" + "HasResource": true, + "StringPrefix": "elasticache", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "elasticache:AtRestEncryptionEnabled", + "elasticache:AuthTokenEnabled", + "elasticache:AutomaticFailoverEnabled", + "elasticache:CacheNodeType", + "elasticache:CacheParameterGroupName", + "elasticache:ClusterModeEnabled", + "elasticache:EngineType", + "elasticache:EngineVersion", + "elasticache:KmsKeyId", + "elasticache:MultiAZEnabled", + "elasticache:NumNodeGroups", + "elasticache:ReplicasPerNodeGroup", + "elasticache:SnapshotRetentionLimit", + "elasticache:TransitEncryptionEnabled", + "elasticache:UserAuthenticationMode" + ] }, "Amazon Elastic Block Store": { - "ARNFormat": "arn:aws:ebs:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourcePath\u003e", + "ARNFormat": "arn:aws:ebs:${Region}:${Account}:${ResourceType}/${ResourcePath}", "ARNRegex": "^arn:aws:ebs:.+", "Actions": [ + "CompleteSnapshot", "GetSnapshotBlock", "ListChangedBlocks", - "ListSnapshotBlocks" + "ListSnapshotBlocks", + "PutSnapshotBlock", + "StartSnapshot" ], "HasResource": true, "StringPrefix": "ebs", "conditionKeys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ebs:Description", + "ebs:ParentSnapshot", + "ebs:VolumeSize" ] }, "Amazon Elastic Container Registry": { - "ARNFormat": "arn:aws:ecr:\u003cregion\u003e:\u003caccount_ID\u003e:repository/\u003crepository_name\u003e", + "ARNFormat": "arn:aws:ecr:${Region}:${Account}:repository/${RepositoryName}", "ARNRegex": "^arn:aws:ecr:.+", "Actions": [ "BatchCheckLayerAvailability", "BatchDeleteImage", "BatchGetImage", + "BatchGetRepositoryScanningConfiguration", + "BatchImportUpstreamImage", "CompleteLayerUpload", + "CreatePullThroughCacheRule", "CreateRepository", "DeleteLifecyclePolicy", + "DeletePullThroughCacheRule", + "DeleteRegistryPolicy", "DeleteRepository", "DeleteRepositoryPolicy", + "DescribeImageReplicationStatus", "DescribeImageScanFindings", "DescribeImages", + "DescribePullThroughCacheRules", + "DescribeRegistry", "DescribeRepositories", "GetAuthorizationToken", "GetDownloadUrlForLayer", "GetLifecyclePolicy", "GetLifecyclePolicyPreview", + "GetRegistryPolicy", + "GetRegistryScanningConfiguration", "GetRepositoryPolicy", "InitiateLayerUpload", "ListImages", @@ -6427,6 +14128,10 @@ "PutImageScanningConfiguration", "PutImageTagMutability", "PutLifecyclePolicy", + "PutRegistryPolicy", + "PutRegistryScanningConfiguration", + "PutReplicationConfiguration", + "ReplicateImage", "SetRepositoryPolicy", "StartImageScan", "StartLifecyclePolicyPreview", @@ -6443,20 +14148,61 @@ "ecr:ResourceTag/${TagKey}" ] }, + "Amazon Elastic Container Registry Public": { + "ARNFormat": "arn:aws:ecr-public::${Account}:${RepositoryOrRegistry}/${RepositoryNameOrAccountId}", + "ARNRegex": "^arn:aws:ecr-public::.+", + "Actions": [ + "BatchCheckLayerAvailability", + "BatchDeleteImage", + "CompleteLayerUpload", + "CreateRepository", + "DeleteRepository", + "DeleteRepositoryPolicy", + "DescribeImageTags", + "DescribeImages", + "DescribeRegistries", + "DescribeRepositories", + "GetAuthorizationToken", + "GetRegistryCatalogData", + "GetRepositoryCatalogData", + "GetRepositoryPolicy", + "InitiateLayerUpload", + "ListTagsForResource", + "PutImage", + "PutRegistryCatalogData", + "PutRepositoryCatalogData", + "SetRepositoryPolicy", + "TagResource", + "UntagResource", + "UploadLayerPart" + ], + "HasResource": true, + "StringPrefix": "ecr-public", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ecr-public:ResourceTag/${TagKey}" + ] + }, "Amazon Elastic Container Service": { - "ARNFormat": "arn:aws:ecs:\u003cregion\u003e:\u003caccount_ID\u003e:\u003cresource_type\u003e/\u003crelative_ID\u003e", + "ARNFormat": "arn:aws:ecs:${Region}:${Account}:${ResourceType}/${RelativeId}", "ARNRegex": "^arn:aws:ecs:.+", "Actions": [ + "CreateCapacityProvider", "CreateCluster", "CreateService", "CreateTaskSet", "DeleteAccountSetting", "DeleteAttributes", + "DeleteCapacityProvider", "DeleteCluster", "DeleteService", + "DeleteTaskDefinitions", "DeleteTaskSet", "DeregisterContainerInstance", "DeregisterTaskDefinition", + "DescribeCapacityProviders", "DescribeClusters", "DescribeContainerInstances", "DescribeServices", @@ -6464,11 +14210,14 @@ "DescribeTaskSets", "DescribeTasks", "DiscoverPollEndpoint", + "ExecuteCommand", + "GetTaskProtection", "ListAccountSettings", "ListAttributes", "ListClusters", "ListContainerInstances", "ListServices", + "ListServicesByNamespace", "ListTagsForResource", "ListTaskDefinitionFamilies", "ListTaskDefinitions", @@ -6477,6 +14226,7 @@ "PutAccountSetting", "PutAccountSettingDefault", "PutAttributes", + "PutClusterCapacityProviders", "RegisterContainerInstance", "RegisterTaskDefinition", "RunTask", @@ -6488,62 +14238,40 @@ "SubmitTaskStateChange", "TagResource", "UntagResource", + "UpdateCapacityProvider", + "UpdateCluster", + "UpdateClusterSettings", "UpdateContainerAgent", "UpdateContainerInstancesState", "UpdateService", "UpdateServicePrimaryTaskSet", - "UpdateTaskSet" - ], - "HasResource": true, - "StringPrefix": "ecs", - "conditionKeys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ecs:ResourceTag/${TagKey}", - "ecs:cluster", - "ecs:container-instances", - "ecs:service", - "ecs:task-definition" - ] - }, - "Amazon Elastic Container Service for Kubernetes": { - "ARNFormat": "arn:aws:eks:\u003cregion\u003e:\u003caccount_ID\u003e:\u003cresource_type\u003e/\u003crelative_ID\u003e", - "ARNRegex": "^arn:aws:eks:.+", - "Actions": [ - "CreateCluster", - "CreateFargateProfile", - "CreateNodegroup", - "DeleteCluster", - "DeleteFargateProfile", - "DeleteNodegroup", - "DescribeCluster", - "DescribeFargateProfile", - "DescribeNodegroup", - "DescribeUpdate", - "ListClusters", - "ListFargateProfiles", - "ListNodegroups", - "ListTagsForResource", - "ListUpdates", - "TagResource", - "UntagResource", - "UpdateClusterConfig", - "UpdateClusterVersion", - "UpdateNodegroupConfig", - "UpdateNodegroupVersion" + "UpdateTaskProtection", + "UpdateTaskSet" ], "HasResource": true, - "StringPrefix": "eks", + "StringPrefix": "ecs", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "ecs:CreateAction", + "ecs:ResourceTag/${TagKey}", + "ecs:account-setting", + "ecs:capacity-provider", + "ecs:cluster", + "ecs:container-instances", + "ecs:container-name", + "ecs:enable-execute-command", + "ecs:enable-service-connect", + "ecs:namespace", + "ecs:service", + "ecs:task", + "ecs:task-definition" ] }, "Amazon Elastic File System": { - "ARNFormat": "arn:${Partition}:elasticfilesystem:${Region}:${Account}:${ResourceType}/${ResourcePath}", - "ARNRegex": "^arn:${Partition}:elasticfilesystem:.+", + "ARNFormat": "arn:aws:elasticfilesystem:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:elasticfilesystem:.+", "Actions": [ "Backup", "ClientMount", @@ -6552,21 +14280,28 @@ "CreateAccessPoint", "CreateFileSystem", "CreateMountTarget", + "CreateReplicationConfiguration", "CreateTags", "DeleteAccessPoint", "DeleteFileSystem", "DeleteFileSystemPolicy", "DeleteMountTarget", + "DeleteReplicationConfiguration", "DeleteTags", "DescribeAccessPoints", + "DescribeAccountPreferences", + "DescribeBackupPolicy", "DescribeFileSystemPolicy", "DescribeFileSystems", "DescribeLifecycleConfiguration", "DescribeMountTargetSecurityGroups", "DescribeMountTargets", + "DescribeReplicationConfigurations", "DescribeTags", "ListTagsForResource", "ModifyMountTargetSecurityGroups", + "PutAccountPreferences", + "PutBackupPolicy", "PutFileSystemPolicy", "PutLifecycleConfiguration", "Restore", @@ -6580,58 +14315,166 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "elasticfilesystem:AccessPointArn" + "elasticfilesystem:AccessPointArn", + "elasticfilesystem:AccessedViaMountTarget", + "elasticfilesystem:CreateAction", + "elasticfilesystem:Encrypted" ] }, "Amazon Elastic Inference": { "ARNFormat": "arn:aws:elastic-inference:\u003cregion\u003e:\u003caccount-id\u003e:elastic-inference-accelerator/\u003cidentifier\u003e", - "ARNRegex": "^arn:${Partition}:elastic-inference:.+", + "ARNRegex": "^arn:aws:elastic-inference:.+", "Actions": [ - "Connect" + "Connect", + "DescribeAcceleratorOfferings", + "DescribeAcceleratorTypes", + "DescribeAccelerators", + "ListTagsForResource", + "TagResource", + "UntagResource" ], "HasResource": true, "StringPrefix": "elastic-inference" }, + "Amazon Elastic Kubernetes Service": { + "ARNFormat": "arn:aws:eks:${Region}:${Account}:${ResourceType}/${RelativeId}", + "ARNRegex": "^arn:aws:eks:.+", + "Actions": [ + "AccessKubernetesApi", + "AssociateEncryptionConfig", + "AssociateIdentityProviderConfig", + "CreateAddon", + "CreateCluster", + "CreateEksAnywhereSubscription", + "CreateFargateProfile", + "CreateNodegroup", + "DeleteAddon", + "DeleteCluster", + "DeleteEksAnywhereSubscription", + "DeleteFargateProfile", + "DeleteNodegroup", + "DeregisterCluster", + "DescribeAddon", + "DescribeAddonConfiguration", + "DescribeAddonVersions", + "DescribeCluster", + "DescribeEksAnywhereSubscription", + "DescribeFargateProfile", + "DescribeIdentityProviderConfig", + "DescribeNodegroup", + "DescribeUpdate", + "DisassociateIdentityProviderConfig", + "ListAddons", + "ListClusters", + "ListEksAnywhereSubscriptions", + "ListFargateProfiles", + "ListIdentityProviderConfigs", + "ListNodegroups", + "ListTagsForResource", + "ListUpdates", + "RegisterCluster", + "TagResource", + "UntagResource", + "UpdateAddon", + "UpdateClusterConfig", + "UpdateClusterVersion", + "UpdateEksAnywhereSubscription", + "UpdateNodegroupConfig", + "UpdateNodegroupVersion" + ], + "HasResource": true, + "StringPrefix": "eks", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "eks:clientId", + "eks:issuerUrl" + ] + }, "Amazon Elastic MapReduce": { - "ARNFormat": "arn:aws:elasticmapreduce:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceId\u003e", + "ARNFormat": "arn:aws:elasticmapreduce:${Region}:${Account}:${ResourceType}/${ResourceId}", "ARNRegex": "^arn:aws:elasticmapreduce:.+", "Actions": [ "AddInstanceFleet", "AddInstanceGroups", "AddJobFlowSteps", "AddTags", + "AttachEditor", "CancelSteps", "CreateEditor", + "CreatePersistentAppUI", + "CreateRepository", "CreateSecurityConfiguration", + "CreateStudio", + "CreateStudioPresignedUrl", + "CreateStudioSessionMapping", "DeleteEditor", + "DeleteRepository", "DeleteSecurityConfiguration", + "DeleteStudio", + "DeleteStudioSessionMapping", + "DeleteWorkspaceAccess", "DescribeCluster", "DescribeEditor", "DescribeJobFlows", + "DescribeNotebookExecution", + "DescribePersistentAppUI", + "DescribeReleaseLabel", + "DescribeRepository", "DescribeSecurityConfiguration", "DescribeStep", + "DescribeStudio", + "DetachEditor", + "GetAutoTerminationPolicy", "GetBlockPublicAccessConfiguration", + "GetClusterSessionCredentials", + "GetManagedScalingPolicy", + "GetOnClusterAppUIPresignedURL", + "GetPersistentAppUIPresignedURL", + "GetStudioSessionMapping", + "LinkRepository", "ListBootstrapActions", "ListClusters", "ListEditors", "ListInstanceFleets", "ListInstanceGroups", "ListInstances", + "ListNotebookExecutions", + "ListReleaseLabels", + "ListRepositories", "ListSecurityConfigurations", "ListSteps", + "ListStudioSessionMappings", + "ListStudios", + "ListSupportedInstanceTypes", + "ListWorkspaceAccessIdentities", "ModifyCluster", "ModifyInstanceFleet", "ModifyInstanceGroups", "OpenEditorInConsole", "PutAutoScalingPolicy", + "PutAutoTerminationPolicy", "PutBlockPublicAccessConfiguration", + "PutManagedScalingPolicy", + "PutWorkspaceAccess", "RemoveAutoScalingPolicy", + "RemoveAutoTerminationPolicy", + "RemoveManagedScalingPolicy", "RemoveTags", "RunJobFlow", "SetTerminationProtection", + "SetVisibleToAllUsers", "StartEditor", + "StartNotebookExecution", "StopEditor", + "StopNotebookExecution", "TerminateJobFlows", + "UnlinkRepository", + "UpdateEditor", + "UpdateRepository", + "UpdateStudio", + "UpdateStudioSessionMapping", "ViewEventsFromAllClustersInConsole" ], "HasResource": true, @@ -6640,12 +14483,13 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "elasticmapreduce:ExecutionRoleArn", "elasticmapreduce:RequestTag/${TagKey}", "elasticmapreduce:ResourceTag/${TagKey}" ] }, "Amazon Elastic Transcoder": { - "ARNFormat": "arn:aws:elastictranscoder:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceId\u003e", + "ARNFormat": "arn:aws:elastictranscoder:${Region}:${Account}:${ResourceType}/${ResourceId}", "ARNRegex": "^arn:aws:elastictranscoder:.+", "Actions": [ "CancelJob", @@ -6669,64 +14513,48 @@ "HasResource": true, "StringPrefix": "elastictranscoder" }, - "Amazon Elasticsearch Service": { - "ARNFormat": "arn:aws:es:\u003cregion\u003e:\u003caccount_ID\u003e:\u003cresource\u003e", - "ARNRegex": "^arn:aws:es:.+", - "Actions": [ - "AddTags", - "CreateElasticsearchDomain", - "CreateElasticsearchServiceRole", - "DeleteElasticsearchDomain", - "DeleteElasticsearchServiceRole", - "DescribeElasticsearchDomain", - "DescribeElasticsearchDomainConfig", - "DescribeElasticsearchDomains", - "DescribeElasticsearchInstanceTypeLimits", - "DescribeReservedElasticsearchInstanceOfferings", - "DescribeReservedElasticsearchInstances", - "ESHttpDelete", - "ESHttpGet", - "ESHttpHead", - "ESHttpPatch", - "ESHttpPost", - "ESHttpPut", - "GetCompatibleElasticsearchVersions", - "GetUpgradeHistory", - "GetUpgradeStatus", - "ListDomainNames", - "ListElasticsearchInstanceTypeDetails", - "ListElasticsearchInstanceTypes", - "ListElasticsearchVersions", - "ListTags", - "PurchaseReservedElasticsearchInstanceOffering", - "RemoveTags", - "UpdateElasticsearchDomainConfig", - "UpgradeElasticsearchDomain" - ], - "HasResource": true, - "StringPrefix": "es" - }, "Amazon EventBridge": { - "ARNFormat": "arn:aws:\u003cserviceName\u003e:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceName\u003e", + "ARNFormat": "arn:aws:events:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:events:.+", "Actions": [ "ActivateEventSource", + "CancelReplay", + "CreateApiDestination", + "CreateArchive", + "CreateConnection", + "CreateEndpoint", "CreateEventBus", "CreatePartnerEventSource", "DeactivateEventSource", + "DeauthorizeConnection", + "DeleteApiDestination", + "DeleteArchive", + "DeleteConnection", + "DeleteEndpoint", "DeleteEventBus", "DeletePartnerEventSource", "DeleteRule", + "DescribeApiDestination", + "DescribeArchive", + "DescribeConnection", + "DescribeEndpoint", "DescribeEventBus", "DescribeEventSource", "DescribePartnerEventSource", + "DescribeReplay", "DescribeRule", "DisableRule", "EnableRule", + "InvokeApiDestination", + "ListApiDestinations", + "ListArchives", + "ListConnections", + "ListEndpoints", "ListEventBuses", "ListEventSources", "ListPartnerEventSourceAccounts", "ListPartnerEventSources", + "ListReplays", "ListRuleNamesByTarget", "ListRules", "ListTagsForResource", @@ -6738,9 +14566,14 @@ "PutTargets", "RemovePermission", "RemoveTargets", + "StartReplay", "TagResource", "TestEventPattern", - "UntagResource" + "UntagResource", + "UpdateApiDestination", + "UpdateArchive", + "UpdateConnection", + "UpdateEndpoint" ], "HasResource": true, "StringPrefix": "events", @@ -6748,37 +14581,93 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "events:EventBusArn", + "events:ManagedBy", "events:TargetArn", + "events:creatorAccount", "events:detail-type", "events:detail.eventTypeCode", "events:detail.service", "events:detail.userIdentity.principalId", + "events:eventBusInvocation", "events:source" ] }, + "Amazon EventBridge Pipes": { + "ARNFormat": "arn:aws:pipes:${Region}:${Account}:pipe/${PipeName}", + "ARNRegex": "^arn:aws:pipes:.+:.+:.+", + "Actions": [ + "CreatePipe", + "DeletePipe", + "DescribePipe", + "ListPipes", + "ListTagsForResource", + "StartPipe", + "StopPipe", + "TagResource", + "UntagResource", + "UpdatePipe" + ], + "HasResource": true, + "StringPrefix": "pipes", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon EventBridge Scheduler": { + "ARNFormat": "arn:aws:scheduler:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:scheduler:.+:.+:.+", + "Actions": [ + "CreateSchedule", + "CreateScheduleGroup", + "DeleteSchedule", + "DeleteScheduleGroup", + "GetSchedule", + "GetScheduleGroup", + "ListScheduleGroups", + "ListSchedules", + "ListTagsForResource", + "TagResource", + "UntagResource", + "UpdateSchedule" + ], + "HasResource": true, + "StringPrefix": "scheduler", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "Amazon EventBridge Schemas": { - "ARNFormat": "arn:aws:schemas:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceName\u003e", - "ARNRegex": "^arn:${Partition}:schemas:.+:.+:.+", + "ARNFormat": "arn:aws:schemas:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:schemas:.+:.+:.+", "Actions": [ "CreateDiscoverer", "CreateRegistry", "CreateSchema", "DeleteDiscoverer", "DeleteRegistry", + "DeleteResourcePolicy", "DeleteSchema", "DeleteSchemaVersion", "DescribeCodeBinding", "DescribeDiscoverer", "DescribeRegistry", "DescribeSchema", + "ExportSchema", "GetCodeBindingSource", "GetDiscoveredSchema", + "GetResourcePolicy", "ListDiscoverers", "ListRegistries", "ListSchemaVersions", "ListSchemas", "ListTagsForResource", "PutCodeBinding", + "PutResourcePolicy", "SearchSchemas", "StartDiscoverer", "StopDiscoverer", @@ -6797,120 +14686,331 @@ ] }, "Amazon FSx": { - "ARNFormat": "arn:${Partition}:fsx:${Region}:${Account}:${ResourceType}/${ResourcePath}", - "ARNRegex": "^arn:${Partition}:fsx:.+", + "ARNFormat": "arn:aws:fsx:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:fsx:.+", "Actions": [ + "AssociateFileGateway", + "AssociateFileSystemAliases", + "BypassSnaplockEnterpriseRetention", "CancelDataRepositoryTask", + "CopyBackup", "CreateBackup", + "CreateDataRepositoryAssociation", "CreateDataRepositoryTask", + "CreateFileCache", "CreateFileSystem", "CreateFileSystemFromBackup", + "CreateSnapshot", + "CreateStorageVirtualMachine", + "CreateVolume", + "CreateVolumeFromBackup", "DeleteBackup", + "DeleteDataRepositoryAssociation", + "DeleteFileCache", "DeleteFileSystem", + "DeleteSnapshot", + "DeleteStorageVirtualMachine", + "DeleteVolume", + "DescribeAssociatedFileGateways", "DescribeBackups", + "DescribeDataRepositoryAssociations", "DescribeDataRepositoryTasks", + "DescribeFileCaches", + "DescribeFileSystemAliases", "DescribeFileSystems", + "DescribeSnapshots", + "DescribeStorageVirtualMachines", + "DescribeVolumes", + "DisassociateFileGateway", + "DisassociateFileSystemAliases", "ListTagsForResource", + "ManageBackupPrincipalAssociations", + "ReleaseFileSystemNfsV3Locks", + "RestoreVolumeFromSnapshot", + "StartMisconfiguredStateRecovery", "TagResource", "UntagResource", - "UpdateFileSystem" + "UpdateDataRepositoryAssociation", + "UpdateFileCache", + "UpdateFileSystem", + "UpdateSnapshot", + "UpdateStorageVirtualMachine", + "UpdateVolume" ], "HasResource": true, "StringPrefix": "fsx", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "fsx:IsBackupCopyDestination", + "fsx:IsBackupCopySource", + "fsx:NfsDataRepositoryAuthenticationEnabled", + "fsx:NfsDataRepositoryEncryptionInTransitEnabled", + "fsx:ParentVolumeId", + "fsx:StorageVirtualMachineId" + ] + }, + "Amazon FinSpace": { + "ARNFormat": "arn:aws:finspace:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:finspace:.+", + "Actions": [ + "ConnectKxCluster", + "CreateEnvironment", + "CreateKxChangeset", + "CreateKxCluster", + "CreateKxDatabase", + "CreateKxEnvironment", + "CreateKxUser", + "CreateUser", + "DeleteEnvironment", + "DeleteKxCluster", + "DeleteKxDatabase", + "DeleteKxEnvironment", + "DeleteKxUser", + "GetEnvironment", + "GetKxChangeset", + "GetKxCluster", + "GetKxConnectionString", + "GetKxDatabase", + "GetKxEnvironment", + "GetKxUser", + "GetLoadSampleDataSetGroupIntoEnvironmentStatus", + "GetUser", + "ListEnvironments", + "ListKxChangesets", + "ListKxClusterNodes", + "ListKxClusters", + "ListKxDatabases", + "ListKxEnvironments", + "ListKxUsers", + "ListTagsForResource", + "ListUsers", + "LoadSampleDataSetGroupIntoEnvironment", + "MountKxDatabase", + "ResetUserPassword", + "TagResource", + "UntagResource", + "UpdateEnvironment", + "UpdateKxClusterCodeConfiguration", + "UpdateKxClusterDatabases", + "UpdateKxDatabase", + "UpdateKxEnvironment", + "UpdateKxEnvironmentNetwork", + "UpdateKxUser", + "UpdateUser" + ], + "HasResource": true, + "StringPrefix": "finspace", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys" ] }, + "Amazon FinSpace API": { + "ARNFormat": "arn:aws:finspace-api:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:finspace-api:.+", + "Actions": [ + "GetProgrammaticAccessCredentials" + ], + "HasResource": true, + "StringPrefix": "finspace-api" + }, "Amazon Forecast": { - "ARNFormat": "arn:aws:forecast:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "ARNFormat": "arn:aws:forecast:${Region}:${Account}:${ResourceType}/${ResourceId}", "ARNRegex": "^arn:aws:forecast:.+:.+:.+", "Actions": [ + "CreateAutoPredictor", "CreateDataset", "CreateDatasetGroup", "CreateDatasetImportJob", + "CreateExplainability", + "CreateExplainabilityExport", "CreateForecast", + "CreateForecastEndpoint", "CreateForecastExportJob", + "CreateMonitor", "CreatePredictor", + "CreatePredictorBacktestExportJob", + "CreateWhatIfAnalysis", + "CreateWhatIfForecast", + "CreateWhatIfForecastExport", "DeleteDataset", "DeleteDatasetGroup", "DeleteDatasetImportJob", + "DeleteExplainability", + "DeleteExplainabilityExport", "DeleteForecast", + "DeleteForecastEndpoint", "DeleteForecastExportJob", + "DeleteMonitor", "DeletePredictor", + "DeletePredictorBacktestExportJob", + "DeleteResourceTree", + "DeleteWhatIfAnalysis", + "DeleteWhatIfForecast", + "DeleteWhatIfForecastExport", + "DescribeAutoPredictor", "DescribeDataset", "DescribeDatasetGroup", "DescribeDatasetImportJob", + "DescribeExplainability", + "DescribeExplainabilityExport", "DescribeForecast", + "DescribeForecastEndpoint", "DescribeForecastExportJob", + "DescribeMonitor", "DescribePredictor", + "DescribePredictorBacktestExportJob", + "DescribeWhatIfAnalysis", + "DescribeWhatIfForecast", + "DescribeWhatIfForecastExport", "GetAccuracyMetrics", + "GetRecentForecastContext", + "InvokeForecastEndpoint", "ListDatasetGroups", "ListDatasetImportJobs", "ListDatasets", + "ListExplainabilities", + "ListExplainabilityExports", "ListForecastExportJobs", "ListForecasts", + "ListMonitorEvaluations", + "ListMonitors", + "ListPredictorBacktestExportJobs", "ListPredictors", + "ListTagsForResource", + "ListWhatIfAnalyses", + "ListWhatIfForecastExports", + "ListWhatIfForecasts", "QueryForecast", + "QueryWhatIfForecast", + "ResumeResource", + "StopResource", + "TagResource", + "UntagResource", "UpdateDatasetGroup" ], "HasResource": true, - "StringPrefix": "forecast" + "StringPrefix": "forecast", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "Amazon Fraud Detector": { - "ARNFormat": "arn:aws:frauddetector:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "ARNFormat": "arn:aws:frauddetector:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:frauddetector:.+:.+:.+", "Actions": [ "BatchCreateVariable", "BatchGetVariable", + "CancelBatchImportJob", + "CancelBatchPredictionJob", + "CreateBatchImportJob", + "CreateBatchPredictionJob", "CreateDetectorVersion", + "CreateList", + "CreateModel", "CreateModelVersion", "CreateRule", "CreateVariable", + "DeleteBatchImportJob", + "DeleteBatchPredictionJob", + "DeleteDetector", "DeleteDetectorVersion", + "DeleteEntityType", "DeleteEvent", + "DeleteEventType", + "DeleteEventsByEventType", + "DeleteExternalModel", + "DeleteLabel", + "DeleteList", + "DeleteModel", + "DeleteModelVersion", + "DeleteOutcome", + "DeleteRule", + "DeleteVariable", "DescribeDetector", "DescribeModelVersions", + "GetBatchImportJobValidationReport", + "GetBatchImportJobs", + "GetBatchPredictionJobs", + "GetDeleteEventsByEventTypeStatus", "GetDetectorVersion", "GetDetectors", + "GetEntityTypes", + "GetEvent", + "GetEventPrediction", + "GetEventPredictionMetadata", + "GetEventTypes", "GetExternalModels", + "GetKMSEncryptionKey", + "GetLabels", + "GetListElements", + "GetListsMetadata", "GetModelVersion", "GetModels", "GetOutcomes", - "GetPrediction", "GetRules", "GetVariables", + "ListEventPredictions", + "ListTagsForResource", "PutDetector", + "PutEntityType", + "PutEventType", "PutExternalModel", - "PutModel", + "PutKMSEncryptionKey", + "PutLabel", "PutOutcome", + "SendEvent", + "TagResource", + "UntagResource", "UpdateDetectorVersion", "UpdateDetectorVersionMetadata", "UpdateDetectorVersionStatus", + "UpdateEventLabel", + "UpdateList", + "UpdateModel", "UpdateModelVersion", + "UpdateModelVersionStatus", "UpdateRuleMetadata", "UpdateRuleVersion", "UpdateVariable" ], - "HasResource": false, - "StringPrefix": "frauddetector" + "HasResource": true, + "StringPrefix": "frauddetector", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "Amazon FreeRTOS": { - "ARNFormat": "arn:${Partition}:freertos:\u003cregion\u003e:\u003caccount_ID\u003e:\u003ctype\u003e/\u003cname\u003e", - "ARNRegex": "^arn:${Partition}:freertos:.+:[0-9]+:.+", + "ARNFormat": "arn:aws:freertos:${Region}:${Account}:${Type}/${Name}", + "ARNRegex": "^arn:aws:freertos:.+:[0-9]+:.+", "Actions": [ "CreateSoftwareConfiguration", + "CreateSubscription", "DeleteSoftwareConfiguration", "DescribeHardwarePlatform", "DescribeSoftwareConfiguration", + "DescribeSubscription", + "GetEmpPatchUrl", "GetSoftwareURL", "GetSoftwareURLForConfiguration", + "GetSubscriptionBillingAmount", "ListFreeRTOSVersions", "ListHardwarePlatforms", "ListHardwareVendors", "ListSoftwareConfigurations", - "UpdateSoftwareConfiguration" + "ListSoftwarePatches", + "ListSubscriptionEmails", + "ListSubscriptions", + "UpdateEmailRecipients", + "UpdateSoftwareConfiguration", + "VerifyEmail" ], "HasResource": true, "StringPrefix": "freertos", @@ -6921,15 +15021,19 @@ ] }, "Amazon GameLift": { - "ARNFormat": "arn:aws:gamelift:\u003cregion\u003e:\u003caccountId\u003e:\u003cresourceType\u003e/\u003cresourceId\u003e", + "ARNFormat": "arn:aws:gamelift:${Region}:${Account}:${ResourceType}/${ResourceId}", "ARNRegex": "^arn:aws:gamelift:.+", "Actions": [ "AcceptMatch", + "ClaimGameServer", "CreateAlias", "CreateBuild", "CreateFleet", + "CreateFleetLocations", + "CreateGameServerGroup", "CreateGameSession", "CreateGameSessionQueue", + "CreateLocation", "CreateMatchmakingConfiguration", "CreateMatchmakingRuleSet", "CreatePlayerSession", @@ -6940,21 +15044,33 @@ "DeleteAlias", "DeleteBuild", "DeleteFleet", + "DeleteFleetLocations", + "DeleteGameServerGroup", "DeleteGameSessionQueue", + "DeleteLocation", "DeleteMatchmakingConfiguration", "DeleteMatchmakingRuleSet", "DeleteScalingPolicy", "DeleteScript", "DeleteVpcPeeringAuthorization", "DeleteVpcPeeringConnection", + "DeregisterCompute", + "DeregisterGameServer", "DescribeAlias", "DescribeBuild", + "DescribeCompute", "DescribeEC2InstanceLimits", "DescribeFleetAttributes", "DescribeFleetCapacity", "DescribeFleetEvents", + "DescribeFleetLocationAttributes", + "DescribeFleetLocationCapacity", + "DescribeFleetLocationUtilization", "DescribeFleetPortSettings", "DescribeFleetUtilization", + "DescribeGameServer", + "DescribeGameServerGroup", + "DescribeGameServerInstances", "DescribeGameSessionDetails", "DescribeGameSessionPlacement", "DescribeGameSessionQueues", @@ -6969,95 +15085,63 @@ "DescribeScript", "DescribeVpcPeeringAuthorizations", "DescribeVpcPeeringConnections", + "GetComputeAccess", + "GetComputeAuthToken", "GetGameSessionLogUrl", - "GetInstanceAccess", - "ListAliases", - "ListBuilds", - "ListFleets", - "ListScripts", - "ListTagsForResource", - "PutScalingPolicy", - "RequestUploadCredentials", - "ResolveAlias", - "SearchGameSessions", - "StartFleetActions", - "StartGameSessionPlacement", - "StartMatchBackfill", - "StartMatchmaking", - "StopFleetActions", - "StopGameSessionPlacement", - "StopMatchmaking", - "TagResource", - "UntagResource", - "UpdateAlias", - "UpdateBuild", - "UpdateFleetAttributes", - "UpdateFleetCapacity", - "UpdateFleetPortSettings", - "UpdateGameSession", - "UpdateGameSessionQueue", - "UpdateMatchmakingConfiguration", - "UpdateRuntimeConfiguration", - "UpdateScript", - "ValidateMatchmakingRuleSet" - ], - "HasResource": true, - "StringPrefix": "gamelift", - "conditionKeys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ] - }, - "Amazon Glacier": { - "ARNFormat": "arn:aws:glacier:\u003cregion\u003e:\u003caccountID\u003e:\u003crelative-id\u003e", - "ARNRegex": "^arn:aws:glacier:.+:.+:.+", - "Actions": [ - "AbortMultipartUpload", - "AbortVaultLock", - "AddTagsToVault", - "CompleteMultipartUpload", - "CompleteVaultLock", - "CreateVault", - "DeleteArchive", - "DeleteVault", - "DeleteVaultAccessPolicy", - "DeleteVaultNotifications", - "DescribeJob", - "DescribeVault", - "GetDataRetrievalPolicy", - "GetJobOutput", - "GetVaultAccessPolicy", - "GetVaultLock", - "GetVaultNotifications", - "InitiateJob", - "InitiateMultipartUpload", - "InitiateVaultLock", - "ListJobs", - "ListMultipartUploads", - "ListParts", - "ListProvisionedCapacity", - "ListTagsForVault", - "ListVaults", - "PurchaseProvisionedCapacity", - "RemoveTagsFromVault", - "SetDataRetrievalPolicy", - "SetVaultAccessPolicy", - "SetVaultNotifications", - "UploadArchive", - "UploadMultipartPart" + "GetInstanceAccess", + "ListAliases", + "ListBuilds", + "ListCompute", + "ListFleets", + "ListGameServerGroups", + "ListGameServers", + "ListLocations", + "ListScripts", + "ListTagsForResource", + "PutScalingPolicy", + "RegisterCompute", + "RegisterGameServer", + "RequestUploadCredentials", + "ResolveAlias", + "ResumeGameServerGroup", + "SearchGameSessions", + "StartFleetActions", + "StartGameSessionPlacement", + "StartMatchBackfill", + "StartMatchmaking", + "StopFleetActions", + "StopGameSessionPlacement", + "StopMatchmaking", + "SuspendGameServerGroup", + "TagResource", + "UntagResource", + "UpdateAlias", + "UpdateBuild", + "UpdateFleetAttributes", + "UpdateFleetCapacity", + "UpdateFleetPortSettings", + "UpdateGameServer", + "UpdateGameServerGroup", + "UpdateGameSession", + "UpdateGameSessionQueue", + "UpdateMatchmakingConfiguration", + "UpdateRuntimeConfiguration", + "UpdateScript", + "ValidateMatchmakingRuleSet" ], "HasResource": true, - "StringPrefix": "glacier", + "StringPrefix": "gamelift", "conditionKeys": [ - "glacier:ArchiveAgeInDays", - "glacier:ResourceTag/" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" ] }, "Amazon GroundTruth Labeling": { "ARNFormat": "arn:${Partition}:groundtruthlabeling:${region}:${account}:${resourceType}/${resourcePath}", "ARNRegex": "^arn:${Partition}:groundtruthlabeling:.+", "Actions": [ + "AssociatePatchToManifestJob", "DescribeConsoleJob", "ListDatasetObjects", "RunFilterOrSampleDatasetJob", @@ -7067,9 +15151,10 @@ "StringPrefix": "groundtruthlabeling" }, "Amazon GuardDuty": { - "ARNFormat": "arn:aws:guardduty:\u003cregion\u003e:\u003caccount_ID\u003e:.+", + "ARNFormat": "arn:aws:guardduty:${Region}:${Account}:.+", "ARNRegex": "^arn:aws:guardduty:.+", "Actions": [ + "AcceptAdministratorInvitation", "AcceptInvitation", "ArchiveFindings", "CreateDetector", @@ -7087,27 +15172,43 @@ "DeleteMembers", "DeletePublishingDestination", "DeleteThreatIntelSet", + "DescribeMalwareScans", + "DescribeOrganizationConfiguration", "DescribePublishingDestination", + "DisableOrganizationAdminAccount", + "DisassociateFromAdministratorAccount", "DisassociateFromMasterAccount", "DisassociateMembers", + "EnableOrganizationAdminAccount", + "GetAdministratorAccount", + "GetCoverageStatistics", "GetDetector", "GetFilter", "GetFindings", "GetFindingsStatistics", "GetIPSet", "GetInvitationsCount", + "GetMalwareScanSettings", "GetMasterAccount", + "GetMemberDetectors", "GetMembers", + "GetRemainingFreeTrialDays", "GetThreatIntelSet", + "GetUsageStatistics", "InviteMembers", + "ListCoverage", "ListDetectors", "ListFilters", "ListFindings", + "ListIPSets", "ListInvitations", "ListMembers", + "ListOrganizationAdminAccounts", "ListPublishingDestinations", "ListTagsForResource", "ListThreatIntelSets", + "SendSecurityTelemetry", + "StartMalwareScan", "StartMonitoringMembers", "StopMonitoringMembers", "TagResource", @@ -7117,6 +15218,9 @@ "UpdateFilter", "UpdateFindingsFeedback", "UpdateIPSet", + "UpdateMalwareScanSettings", + "UpdateMemberDetectors", + "UpdateOrganizationConfiguration", "UpdatePublishingDestination", "UpdateThreatIntelSet" ], @@ -7128,11 +15232,50 @@ "aws:TagKeys" ] }, + "Amazon Honeycode": { + "ARNFormat": "arn:aws:honeycode:${Region}:${Account}:${ResourceType}:${ResourcePath}", + "ARNRegex": "^arn:aws:honeycode:.+:.+:.+", + "Actions": [ + "ApproveTeamAssociation", + "BatchCreateTableRows", + "BatchDeleteTableRows", + "BatchUpdateTableRows", + "BatchUpsertTableRows", + "CreateTeam", + "CreateTenant", + "DeleteDomains", + "DeregisterGroups", + "DescribeTableDataImportJob", + "DescribeTeam", + "GetScreenData", + "InvokeScreenAutomation", + "ListDomains", + "ListGroups", + "ListTableColumns", + "ListTableRows", + "ListTables", + "ListTagsForResource", + "ListTeamAssociations", + "ListTenants", + "QueryTableRows", + "RegisterDomainForVerification", + "RegisterGroups", + "RejectTeamAssociation", + "RestartDomainVerification", + "StartTableDataImportJob", + "TagResource", + "UntagResource", + "UpdateTeam" + ], + "HasResource": true, + "StringPrefix": "honeycode" + }, "Amazon Inspector": { "Actions": [ "AddAttributesToFindings", "CreateAssessmentTarget", "CreateAssessmentTemplate", + "CreateExclusionsPreview", "CreateResourceGroup", "DeleteAssessmentRun", "DeleteAssessmentTarget", @@ -7141,15 +15284,19 @@ "DescribeAssessmentTargets", "DescribeAssessmentTemplates", "DescribeCrossAccountAccessRole", + "DescribeExclusions", "DescribeFindings", "DescribeResourceGroups", "DescribeRulesPackages", + "GetAssessmentReport", + "GetExclusionsPreview", "GetTelemetryMetadata", "ListAssessmentRunAgents", "ListAssessmentRuns", "ListAssessmentTargets", "ListAssessmentTemplates", "ListEventSubscriptions", + "ListExclusions", "ListFindings", "ListRulesPackages", "ListTagsForResource", @@ -7166,70 +15313,283 @@ "HasResource": false, "StringPrefix": "inspector" }, + "Amazon Inspector2": { + "ARNFormat": "arn:aws:inspector2:${Region}:${Account}:.+", + "ARNRegex": "^arn:aws:inspector2:.+:.+:.+", + "Actions": [ + "AssociateMember", + "BatchGetAccountStatus", + "BatchGetCodeSnippet", + "BatchGetFindingDetails", + "BatchGetFreeTrialInfo", + "BatchGetMemberEc2DeepInspectionStatus", + "BatchUpdateMemberEc2DeepInspectionStatus", + "CancelFindingsReport", + "CancelSbomExport", + "CreateFilter", + "CreateFindingsReport", + "CreateSbomExport", + "DeleteFilter", + "DescribeOrganizationConfiguration", + "Disable", + "DisableDelegatedAdminAccount", + "DisassociateMember", + "Enable", + "EnableDelegatedAdminAccount", + "GetConfiguration", + "GetDelegatedAdminAccount", + "GetEc2DeepInspectionConfiguration", + "GetEncryptionKey", + "GetFindingsReportStatus", + "GetMember", + "GetSbomExport", + "ListAccountPermissions", + "ListCoverage", + "ListCoverageStatistics", + "ListDelegatedAdminAccounts", + "ListFilters", + "ListFindingAggregations", + "ListFindings", + "ListMembers", + "ListTagsForResource", + "ListUsageTotals", + "ResetEncryptionKey", + "SearchVulnerabilities", + "TagResource", + "UntagResource", + "UpdateConfiguration", + "UpdateEc2DeepInspectionConfiguration", + "UpdateEncryptionKey", + "UpdateFilter", + "UpdateOrgEc2DeepInspectionConfiguration", + "UpdateOrganizationConfiguration" + ], + "HasResource": true, + "StringPrefix": "inspector2", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon Interactive Video Service": { + "ARNFormat": "arn:aws:ivs:${Region}:${Account}:${ArnType}/${ResourceId}", + "ARNRegex": "^arn:aws:ivs:.+:.+:.+", + "Actions": [ + "BatchGetChannel", + "BatchGetStreamKey", + "BatchStartViewerSessionRevocation", + "CreateChannel", + "CreateParticipantToken", + "CreateRecordingConfiguration", + "CreateStage", + "CreateStreamKey", + "DeleteChannel", + "DeletePlaybackKeyPair", + "DeleteRecordingConfiguration", + "DeleteStage", + "DeleteStreamKey", + "DisconnectParticipant", + "GetChannel", + "GetParticipant", + "GetPlaybackKeyPair", + "GetRecordingConfiguration", + "GetStage", + "GetStageSession", + "GetStream", + "GetStreamKey", + "GetStreamSession", + "ImportPlaybackKeyPair", + "ListChannels", + "ListParticipantEvents", + "ListParticipants", + "ListPlaybackKeyPairs", + "ListRecordingConfigurations", + "ListStageSessions", + "ListStages", + "ListStreamKeys", + "ListStreamSessions", + "ListStreams", + "ListTagsForResource", + "PutMetadata", + "StartViewerSessionRevocation", + "StopStream", + "TagResource", + "UntagResource", + "UpdateChannel", + "UpdateStage" + ], + "HasResource": true, + "StringPrefix": "ivs", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon Interactive Video Service Chat": { + "ARNFormat": "arn:aws:ivschat:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:ivschat:.+:.+:.+", + "Actions": [ + "CreateChatToken", + "CreateLoggingConfiguration", + "CreateRoom", + "DeleteLoggingConfiguration", + "DeleteMessage", + "DeleteRoom", + "DisconnectUser", + "GetLoggingConfiguration", + "GetRoom", + "ListLoggingConfigurations", + "ListRooms", + "ListTagsForResource", + "SendEvent", + "TagResource", + "UntagResource", + "UpdateLoggingConfiguration", + "UpdateRoom" + ], + "HasResource": true, + "StringPrefix": "ivschat", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "Amazon Kendra": { - "ARNFormat": "arn:${Partition}:kendra:${Region}:${AccountId}:${ResourceType}/${ResourceName}", - "ARNRegex": "^arn:${Partition}:kendra:.+:.+:.+", + "ARNFormat": "arn:aws:kendra:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:kendra:.+:.+:.+", "Actions": [ + "AssociateEntitiesToExperience", + "AssociatePersonasToEntities", "BatchDeleteDocument", + "BatchDeleteFeaturedResultsSet", + "BatchGetDocumentStatus", "BatchPutDocument", + "ClearQuerySuggestions", + "CreateAccessControlConfiguration", "CreateDataSource", + "CreateExperience", "CreateFaq", + "CreateFeaturedResultsSet", "CreateIndex", + "CreateQuerySuggestionsBlockList", + "CreateThesaurus", + "DeleteAccessControlConfiguration", + "DeleteDataSource", + "DeleteExperience", "DeleteFaq", "DeleteIndex", + "DeletePrincipalMapping", + "DeleteQuerySuggestionsBlockList", + "DeleteThesaurus", + "DescribeAccessControlConfiguration", "DescribeDataSource", + "DescribeExperience", "DescribeFaq", + "DescribeFeaturedResultsSet", "DescribeIndex", + "DescribePrincipalMapping", + "DescribeQuerySuggestionsBlockList", + "DescribeQuerySuggestionsConfig", + "DescribeThesaurus", + "DisassociateEntitiesFromExperience", + "DisassociatePersonasFromEntities", + "GetQuerySuggestions", + "GetSnapshots", + "ListAccessControlConfigurations", "ListDataSourceSyncJobs", "ListDataSources", + "ListEntityPersonas", + "ListExperienceEntities", + "ListExperiences", "ListFaqs", + "ListFeaturedResultsSets", + "ListGroupsOlderThanOrderingId", "ListIndices", + "ListQuerySuggestionsBlockLists", + "ListTagsForResource", + "ListThesauri", + "PutPrincipalMapping", "Query", + "Retrieve", "StartDataSourceSyncJob", "StopDataSourceSyncJob", "SubmitFeedback", + "TagResource", + "UntagResource", + "UpdateAccessControlConfiguration", "UpdateDataSource", - "UpdateIndex" + "UpdateExperience", + "UpdateFeaturedResultsSet", + "UpdateIndex", + "UpdateQuerySuggestionsBlockList", + "UpdateQuerySuggestionsConfig", + "UpdateThesaurus" ], "HasResource": true, - "StringPrefix": "kendra" + "StringPrefix": "kendra", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, - "Amazon Kinesis": { - "ARNFormat": "arn:aws:kinesis:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceName\u003e", - "ARNRegex": "^arn:aws:kinesis:.+", + "Amazon Kendra Intelligent Ranking": { + "ARNFormat": "arn:aws:kendra-ranking:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:kendra-ranking:.+:.+:.+", "Actions": [ - "AddTagsToStream", - "CreateStream", - "DecreaseStreamRetentionPeriod", - "DeleteStream", - "DeregisterStreamConsumer", - "DescribeLimits", - "DescribeStream", - "DescribeStreamConsumer", - "DescribeStreamSummary", - "DisableEnhancedMonitoring", - "EnableEnhancedMonitoring", - "GetRecords", - "GetShardIterator", - "IncreaseStreamRetentionPeriod", - "ListShards", - "ListStreamConsumers", - "ListStreams", - "ListTagsForStream", - "MergeShards", - "PutRecord", - "PutRecords", - "RegisterStreamConsumer", - "RemoveTagsFromStream", - "SplitShard", - "SubscribeToShard", - "UpdateShardCount" + "CreateRescoreExecutionPlan", + "DeleteRescoreExecutionPlan", + "DescribeRescoreExecutionPlan", + "ListRescoreExecutionPlans", + "ListTagsForResource", + "Rescore", + "TagResource", + "UntagResource", + "UpdateRescoreExecutionPlan" ], "HasResource": true, - "StringPrefix": "kinesis" + "StringPrefix": "kendra-ranking", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon Keyspaces (for Apache Cassandra)": { + "ARNFormat": "arn:aws:cassandra:${Region}:${Account}:/${ResourceType}/${ResourcePath}/", + "ARNRegex": "^arn:aws:cassandra:.+", + "Actions": [ + "Alter", + "AlterMultiRegionResource", + "Create", + "CreateMultiRegionResource", + "Drop", + "DropMultiRegionResource", + "Modify", + "ModifyMultiRegionResource", + "Restore", + "RestoreMultiRegionTable", + "Select", + "SelectMultiRegionResource", + "TagMultiRegionResource", + "TagResource", + "UnTagMultiRegionResource", + "UntagResource", + "UpdatePartitioner" + ], + "HasResource": true, + "StringPrefix": "cassandra", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "Amazon Kinesis Analytics": { - "ARNFormat": "arn:aws:kinesisanalytics:\u003cregion\u003e:\u003caccount_ID\u003e:application/\u003capplicationname\u003e", + "ARNFormat": "arn:aws:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}", "ARNRegex": "^arn:aws:kinesisanalytics:.+:[0-9]+:application/[a-zA-Z0-9_.-]+", "Actions": [ "AddApplicationInput", @@ -7259,7 +15619,7 @@ ] }, "Amazon Kinesis Analytics V2": { - "ARNFormat": "arn:aws:kinesisanalytics:\u003cregion\u003e:\u003caccount_ID\u003e:application/\u003capplicationname\u003e", + "ARNFormat": "arn:aws:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}", "ARNRegex": "^arn:aws:kinesisanalytics:.+:[0-9]+:application/[a-zA-Z0-9_.-]+", "Actions": [ "AddApplicationCloudWatchLoggingOption", @@ -7269,6 +15629,7 @@ "AddApplicationReferenceDataSource", "AddApplicationVpcConfiguration", "CreateApplication", + "CreateApplicationPresignedUrl", "CreateApplicationSnapshot", "DeleteApplication", "DeleteApplicationCloudWatchLoggingOption", @@ -7279,15 +15640,19 @@ "DeleteApplicationVpcConfiguration", "DescribeApplication", "DescribeApplicationSnapshot", + "DescribeApplicationVersion", "DiscoverInputSchema", "ListApplicationSnapshots", + "ListApplicationVersions", "ListApplications", "ListTagsForResource", + "RollbackApplication", "StartApplication", "StopApplication", "TagResource", "UntagResource", - "UpdateApplication" + "UpdateApplication", + "UpdateApplicationMaintenanceConfiguration" ], "HasResource": true, "StringPrefix": "kinesisanalytics", @@ -7297,8 +15662,45 @@ "aws:TagKeys" ] }, + "Amazon Kinesis Data Streams": { + "ARNFormat": "arn:aws:kinesis:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:kinesis:.+", + "Actions": [ + "AddTagsToStream", + "CreateStream", + "DecreaseStreamRetentionPeriod", + "DeleteStream", + "DeregisterStreamConsumer", + "DescribeLimits", + "DescribeStream", + "DescribeStreamConsumer", + "DescribeStreamSummary", + "DisableEnhancedMonitoring", + "EnableEnhancedMonitoring", + "GetRecords", + "GetShardIterator", + "IncreaseStreamRetentionPeriod", + "ListShards", + "ListStreamConsumers", + "ListStreams", + "ListTagsForStream", + "MergeShards", + "PutRecord", + "PutRecords", + "RegisterStreamConsumer", + "RemoveTagsFromStream", + "SplitShard", + "StartStreamEncryption", + "StopStreamEncryption", + "SubscribeToShard", + "UpdateShardCount", + "UpdateStreamMode" + ], + "HasResource": true, + "StringPrefix": "kinesis" + }, "Amazon Kinesis Firehose": { - "ARNFormat": "arn:aws:firehose:\u003cregion\u003e:\u003caccount_ID\u003e:deliverystream/\u003cdeliverystreamname\u003e", + "ARNFormat": "arn:aws:firehose:{Region}:{Account}:deliverystream/${DeliveryStreamName}", "ARNRegex": "^arn:aws:firehose:.+:[0-9]+:deliverystream/.+", "Actions": [ "CreateDeliveryStream", @@ -7323,24 +15725,34 @@ ] }, "Amazon Kinesis Video Streams": { - "ARNFormat": "arn:aws:kinesisvideo:\u003cregion\u003e:\u003caccount_ID\u003e:\u003cresourceType\u003e/\u003cresourceName\u003e/\u003ccreationTime\u003e", + "ARNFormat": "arn:aws:kinesisvideo:${Region}:${Account}:${ResourceType}/${ResourceName}/${CreationTime}", "ARNRegex": "^arn:aws:kinesisvideo:.+", "Actions": [ "ConnectAsMaster", "ConnectAsViewer", "CreateSignalingChannel", "CreateStream", + "DeleteEdgeConfiguration", "DeleteSignalingChannel", "DeleteStream", + "DescribeEdgeConfiguration", + "DescribeImageGenerationConfiguration", + "DescribeMappedResourceConfiguration", + "DescribeMediaStorageConfiguration", + "DescribeNotificationConfiguration", "DescribeSignalingChannel", "DescribeStream", + "GetClip", "GetDASHStreamingSessionURL", "GetDataEndpoint", "GetHLSStreamingSessionURL", "GetIceServerConfig", + "GetImages", "GetMedia", "GetMediaForFragmentList", "GetSignalingChannelEndpoint", + "JoinStorageSession", + "ListEdgeAgentConfigurations", "ListFragments", "ListSignalingChannels", "ListStreams", @@ -7348,11 +15760,15 @@ "ListTagsForStream", "PutMedia", "SendAlexaOfferToMaster", + "StartEdgeConfigurationUpdate", "TagResource", "TagStream", "UntagResource", "UntagStream", "UpdateDataRetention", + "UpdateImageGenerationConfiguration", + "UpdateMediaStorageConfiguration", + "UpdateNotificationConfiguration", "UpdateSignalingChannel", "UpdateStream" ], @@ -7365,7 +15781,7 @@ ] }, "Amazon Lex": { - "ARNFormat": "arn:aws:lex:\u003cregion\u003e:\u003caccount_ID\u003e:\u003ctype\u003e:\u003cname\u003e", + "ARNFormat": "arn:aws:lex:${Region}:${Account}:${Type}:${Name}", "ARNRegex": "^arn:aws:lex:.+:[0-9]+:.+", "Actions": [ "CreateBotVersion", @@ -7377,6 +15793,7 @@ "DeleteBotVersion", "DeleteIntent", "DeleteIntentVersion", + "DeleteSession", "DeleteSlotType", "DeleteSlotTypeVersion", "DeleteUtterances", @@ -7390,45 +15807,184 @@ "GetBuiltinIntent", "GetBuiltinIntents", "GetBuiltinSlotTypes", + "GetExport", + "GetImport", "GetIntent", "GetIntentVersions", "GetIntents", + "GetMigration", + "GetMigrations", + "GetSession", "GetSlotType", "GetSlotTypeVersions", "GetSlotTypes", "GetUtterancesView", + "ListTagsForResource", "PostContent", "PostText", "PutBot", "PutBotAlias", "PutIntent", - "PutSlotType" + "PutSession", + "PutSlotType", + "StartImport", + "StartMigration", + "TagResource", + "UntagResource" ], "HasResource": true, "StringPrefix": "lex", "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", "lex:associatedIntents", "lex:associatedSlotTypes", "lex:channelType" ] }, + "Amazon Lex V2": { + "ARNFormat": "arn:aws:lex:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:lex:.+:[0-9]+:.+", + "Actions": [ + "BatchCreateCustomVocabularyItem", + "BatchDeleteCustomVocabularyItem", + "BatchUpdateCustomVocabularyItem", + "BuildBotLocale", + "CreateBot", + "CreateBotAlias", + "CreateBotChannel", + "CreateBotLocale", + "CreateBotVersion", + "CreateCustomVocabulary", + "CreateExport", + "CreateIntent", + "CreateResourcePolicy", + "CreateSlot", + "CreateSlotType", + "CreateTestSet", + "CreateTestSetDiscrepancyReport", + "CreateUploadUrl", + "DeleteBot", + "DeleteBotAlias", + "DeleteBotChannel", + "DeleteBotLocale", + "DeleteBotVersion", + "DeleteCustomVocabulary", + "DeleteExport", + "DeleteImport", + "DeleteIntent", + "DeleteResourcePolicy", + "DeleteSession", + "DeleteSlot", + "DeleteSlotType", + "DeleteTestSet", + "DeleteUtterances", + "DescribeBot", + "DescribeBotAlias", + "DescribeBotChannel", + "DescribeBotLocale", + "DescribeBotRecommendation", + "DescribeBotVersion", + "DescribeCustomVocabulary", + "DescribeCustomVocabularyMetadata", + "DescribeExport", + "DescribeImport", + "DescribeIntent", + "DescribeResourcePolicy", + "DescribeSlot", + "DescribeSlotType", + "DescribeTestExecution", + "DescribeTestSet", + "DescribeTestSetDiscrepancyReport", + "DescribeTestSetGeneration", + "GetSession", + "GetTestExecutionArtifactsUrl", + "ListAggregatedUtterances", + "ListBotAliases", + "ListBotChannels", + "ListBotLocales", + "ListBotRecommendations", + "ListBotVersions", + "ListBots", + "ListBuiltInIntents", + "ListBuiltInSlotTypes", + "ListCustomVocabularyItems", + "ListExports", + "ListImports", + "ListIntentMetrics", + "ListIntentPaths", + "ListIntentStageMetrics", + "ListIntents", + "ListRecommendedIntents", + "ListSessionAnalyticsData", + "ListSessionMetrics", + "ListSlotTypes", + "ListSlots", + "ListTagsForResource", + "ListTestExecutionResultItems", + "ListTestExecutions", + "ListTestSetRecords", + "ListTestSets", + "PutSession", + "RecognizeText", + "RecognizeUtterance", + "SearchAssociatedTranscripts", + "StartBotRecommendation", + "StartConversation", + "StartImport", + "StartTestExecution", + "StartTestSetGeneration", + "StopBotRecommendation", + "TagResource", + "UntagResource", + "UpdateBot", + "UpdateBotAlias", + "UpdateBotLocale", + "UpdateBotRecommendation", + "UpdateCustomVocabulary", + "UpdateExport", + "UpdateIntent", + "UpdateResourcePolicy", + "UpdateSlot", + "UpdateSlotType", + "UpdateTestSet" + ], + "HasResource": true, + "StringPrefix": "lex", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "Amazon Lightsail": { - "ARNFormat": "arn:aws:lightsail:\u003cregionName\u003e:\u003cuserAccountId\u003e:\u003cresourceType\u003e/\u003cId\u003e", - "ARNRegex": "arn:aws:lightsail:.+", + "ARNFormat": "arn:aws:lightsail:${Region}:${Account}:${ResourceType}/${Id}", + "ARNRegex": "^arn:aws:lightsail:.+", "Actions": [ "AllocateStaticIp", + "AttachCertificateToDistribution", "AttachDisk", "AttachInstancesToLoadBalancer", "AttachLoadBalancerTlsCertificate", "AttachStaticIp", "CloseInstancePublicPorts", "CopySnapshot", + "CreateBucket", + "CreateBucketAccessKey", + "CreateCertificate", "CreateCloudFormationStack", + "CreateContactMethod", + "CreateContainerService", + "CreateContainerServiceDeployment", + "CreateContainerServiceRegistryLogin", "CreateDisk", "CreateDiskFromSnapshot", "CreateDiskSnapshot", + "CreateDistribution", "CreateDomain", "CreateDomainEntry", + "CreateGUISessionAccessDetails", "CreateInstanceSnapshot", "CreateInstances", "CreateInstancesFromSnapshot", @@ -7438,8 +15994,17 @@ "CreateRelationalDatabase", "CreateRelationalDatabaseFromSnapshot", "CreateRelationalDatabaseSnapshot", + "DeleteAlarm", + "DeleteAutoSnapshot", + "DeleteBucket", + "DeleteBucketAccessKey", + "DeleteCertificate", + "DeleteContactMethod", + "DeleteContainerImage", + "DeleteContainerService", "DeleteDisk", "DeleteDiskSnapshot", + "DeleteDistribution", "DeleteDomain", "DeleteDomainEntry", "DeleteInstance", @@ -7450,19 +16015,42 @@ "DeleteLoadBalancerTlsCertificate", "DeleteRelationalDatabase", "DeleteRelationalDatabaseSnapshot", + "DetachCertificateFromDistribution", "DetachDisk", "DetachInstancesFromLoadBalancer", "DetachStaticIp", + "DisableAddOn", "DownloadDefaultKeyPair", + "EnableAddOn", "ExportSnapshot", "GetActiveNames", + "GetAlarms", + "GetAutoSnapshots", "GetBlueprints", + "GetBucketAccessKeys", + "GetBucketBundles", + "GetBucketMetricData", + "GetBuckets", "GetBundles", + "GetCertificates", "GetCloudFormationStackRecords", + "GetContactMethods", + "GetContainerAPIMetadata", + "GetContainerImages", + "GetContainerLog", + "GetContainerServiceDeployments", + "GetContainerServiceMetricData", + "GetContainerServicePowers", + "GetContainerServices", + "GetCostEstimate", "GetDisk", "GetDiskSnapshot", "GetDiskSnapshots", "GetDisks", + "GetDistributionBundles", + "GetDistributionLatestCacheReset", + "GetDistributionMetricData", + "GetDistributions", "GetDomain", "GetDomains", "GetExportSnapshotRecords", @@ -7479,6 +16067,7 @@ "GetLoadBalancer", "GetLoadBalancerMetricData", "GetLoadBalancerTlsCertificates", + "GetLoadBalancerTlsPolicies", "GetLoadBalancers", "GetOperation", "GetOperations", @@ -7502,24 +16091,256 @@ "IsVpcPeered", "OpenInstancePublicPorts", "PeerVpc", + "PutAlarm", "PutInstancePublicPorts", "RebootInstance", "RebootRelationalDatabase", + "RegisterContainerImage", "ReleaseStaticIp", + "ResetDistributionCache", + "SendContactMethodVerification", + "SetIpAddressType", + "SetResourceAccessForBucket", + "StartGUISession", "StartInstance", "StartRelationalDatabase", + "StopGUISession", "StopInstance", "StopRelationalDatabase", "TagResource", - "UnpeerVpc", + "TestAlarm", + "UnpeerVpc", + "UntagResource", + "UpdateBucket", + "UpdateBucketBundle", + "UpdateContainerService", + "UpdateDistribution", + "UpdateDistributionBundle", + "UpdateDomainEntry", + "UpdateInstanceMetadataOptions", + "UpdateLoadBalancerAttribute", + "UpdateRelationalDatabase", + "UpdateRelationalDatabaseParameters" + ], + "HasResource": true, + "StringPrefix": "lightsail", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon Location": { + "ARNFormat": "arn:aws:geo:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:geo:.+", + "Actions": [ + "AssociateTrackerConsumer", + "BatchDeleteDevicePositionHistory", + "BatchDeleteGeofence", + "BatchEvaluateGeofences", + "BatchGetDevicePosition", + "BatchPutGeofence", + "BatchUpdateDevicePosition", + "CalculateRoute", + "CalculateRouteMatrix", + "CreateGeofenceCollection", + "CreateKey", + "CreateMap", + "CreatePlaceIndex", + "CreateRouteCalculator", + "CreateTracker", + "DeleteGeofenceCollection", + "DeleteKey", + "DeleteMap", + "DeletePlaceIndex", + "DeleteRouteCalculator", + "DeleteTracker", + "DescribeGeofenceCollection", + "DescribeKey", + "DescribeMap", + "DescribePlaceIndex", + "DescribeRouteCalculator", + "DescribeTracker", + "DisassociateTrackerConsumer", + "GetDevicePosition", + "GetDevicePositionHistory", + "GetGeofence", + "GetMapGlyphs", + "GetMapSprites", + "GetMapStyleDescriptor", + "GetMapTile", + "GetPlace", + "ListDevicePositions", + "ListGeofenceCollections", + "ListGeofences", + "ListKeys", + "ListMaps", + "ListPlaceIndexes", + "ListRouteCalculators", + "ListTagsForResource", + "ListTrackerConsumers", + "ListTrackers", + "PutGeofence", + "SearchPlaceIndexForPosition", + "SearchPlaceIndexForSuggestions", + "SearchPlaceIndexForText", + "TagResource", "UntagResource", - "UpdateDomainEntry", - "UpdateLoadBalancerAttribute", - "UpdateRelationalDatabase", - "UpdateRelationalDatabaseParameters" + "UpdateGeofenceCollection", + "UpdateKey", + "UpdateMap", + "UpdatePlaceIndex", + "UpdateRouteCalculator", + "UpdateTracker" ], "HasResource": true, - "StringPrefix": "lightsail", + "StringPrefix": "geo", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "geo:DeviceIds", + "geo:GeofenceIds" + ] + }, + "Amazon Lookout for Equipment": { + "ARNFormat": "arn:aws:lookoutequipment:${Region}:${Account}:${ResourceType}/${ResourceName}/${ResourceId}", + "ARNRegex": "^arn:aws:lookoutequipment:.+:.+:.+", + "Actions": [ + "CreateDataset", + "CreateInferenceScheduler", + "CreateLabel", + "CreateLabelGroup", + "CreateModel", + "CreateRetrainingScheduler", + "DeleteDataset", + "DeleteInferenceScheduler", + "DeleteLabel", + "DeleteLabelGroup", + "DeleteModel", + "DeleteResourcePolicy", + "DeleteRetrainingScheduler", + "DescribeDataIngestionJob", + "DescribeDataset", + "DescribeInferenceScheduler", + "DescribeLabelGroup", + "DescribeModel", + "DescribeModelVersion", + "DescribeResourcePolicy", + "DescribeRetrainingScheduler", + "Describelabel", + "ImportDataset", + "ImportModelVersion", + "ListDataIngestionJobs", + "ListDatasets", + "ListInferenceEvents", + "ListInferenceExecutions", + "ListInferenceSchedulers", + "ListLabelGroups", + "ListLabels", + "ListModelVersions", + "ListModels", + "ListRetrainingSchedulers", + "ListSensorStatistics", + "ListTagsForResource", + "PutResourcePolicy", + "StartDataIngestionJob", + "StartInferenceScheduler", + "StartRetrainingScheduler", + "StopInferenceScheduler", + "StopRetrainingScheduler", + "TagResource", + "UntagResource", + "UpdateActiveModelVersion", + "UpdateInferenceScheduler", + "UpdateLabelGroup", + "UpdateModel", + "UpdateRetrainingScheduler" + ], + "HasResource": true, + "StringPrefix": "lookoutequipment", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "lookoutequipment:IsImportingData" + ] + }, + "Amazon Lookout for Metrics": { + "ARNFormat": "arn:aws:lookoutmetrics:${Region}:${AccountId}:${ResourceType}:${ResourceName}", + "ARNRegex": "^arn:aws:lookoutmetrics:.+:.+:.+", + "Actions": [ + "ActivateAnomalyDetector", + "BackTestAnomalyDetector", + "CreateAlert", + "CreateAnomalyDetector", + "CreateMetricSet", + "DeactivateAnomalyDetector", + "DeleteAlert", + "DeleteAnomalyDetector", + "DescribeAlert", + "DescribeAnomalyDetectionExecutions", + "DescribeAnomalyDetector", + "DescribeMetricSet", + "DetectMetricSetConfig", + "GetAnomalyGroup", + "GetDataQualityMetrics", + "GetFeedback", + "GetSampleData", + "ListAlerts", + "ListAnomalyDetectors", + "ListAnomalyGroupRelatedMetrics", + "ListAnomalyGroupSummaries", + "ListAnomalyGroupTimeSeries", + "ListMetricSets", + "ListTagsForResource", + "PutFeedback", + "TagResource", + "UntagResource", + "UpdateAlert", + "UpdateAnomalyDetector", + "UpdateMetricSet" + ], + "HasResource": true, + "StringPrefix": "lookoutmetrics", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon Lookout for Vision": { + "ARNFormat": "arn:aws:lookoutvision:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:lookoutvision:.+:.+:.+", + "Actions": [ + "CreateDataset", + "CreateModel", + "CreateProject", + "DeleteDataset", + "DeleteModel", + "DeleteProject", + "DescribeDataset", + "DescribeModel", + "DescribeModelPackagingJob", + "DescribeProject", + "DescribeTrialDetection", + "DetectAnomalies", + "ListDatasetEntries", + "ListModelPackagingJobs", + "ListModels", + "ListProjects", + "ListTagsForResource", + "ListTrialDetections", + "StartModel", + "StartModelPackagingJob", + "StartTrialDetection", + "StopModel", + "TagResource", + "UntagResource", + "UpdateDatasetEntries" + ], + "HasResource": true, + "StringPrefix": "lookoutvision", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", @@ -7527,11 +16348,12 @@ ] }, "Amazon MQ": { - "ARNFormat": "arn:${Partition}:mq:\u003cregion\u003e:\u003caccount\u003e:.+", - "ARNRegex": "^arn:${Partition}:mq:.+", + "ARNFormat": "arn:aws:mq:${Region}:${Account}:.+", + "ARNRegex": "^arn:aws:mq:.+", "Actions": [ "CreateBroker", "CreateConfiguration", + "CreateReplicaBroker", "CreateTags", "CreateUser", "DeleteBroker", @@ -7548,6 +16370,7 @@ "ListConfigurations", "ListTags", "ListUsers", + "Promote", "RebootBroker", "UpdateBroker", "UpdateConfiguration", @@ -7562,7 +16385,7 @@ ] }, "Amazon Machine Learning": { - "ARNFormat": "arn:aws:machinelearning:\u003cregion\u003e:\u003caccount_ID\u003e:\u003cresource_type\u003e/\u003crelative_ID\u003e", + "ARNFormat": "arn:aws:machinelearning:${Region}:${Account}:${ResourceType}/${RelativeID}", "ARNRegex": "^arn:aws:machinelearning:.+", "Actions": [ "AddTags", @@ -7598,71 +16421,344 @@ "StringPrefix": "machinelearning" }, "Amazon Macie": { + "ARNFormat": "arn:aws:macie2:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:macie2:.+:.+:.+", "Actions": [ - "AssociateMemberAccount", - "AssociateS3Resources", - "DisassociateMemberAccount", - "DisassociateS3Resources", - "ListMemberAccounts", - "ListS3Resources", - "UpdateS3Resources" + "AcceptInvitation", + "BatchGetCustomDataIdentifiers", + "CreateAllowList", + "CreateClassificationJob", + "CreateCustomDataIdentifier", + "CreateFindingsFilter", + "CreateInvitations", + "CreateMember", + "CreateSampleFindings", + "DeclineInvitations", + "DeleteAllowList", + "DeleteCustomDataIdentifier", + "DeleteFindingsFilter", + "DeleteInvitations", + "DeleteMember", + "DescribeBuckets", + "DescribeClassificationJob", + "DescribeOrganizationConfiguration", + "DisableMacie", + "DisableOrganizationAdminAccount", + "DisassociateFromAdministratorAccount", + "DisassociateFromMasterAccount", + "DisassociateMember", + "EnableMacie", + "EnableOrganizationAdminAccount", + "GetAdministratorAccount", + "GetAllowList", + "GetAutomatedDiscoveryConfiguration", + "GetBucketStatistics", + "GetClassificationExportConfiguration", + "GetClassificationScope", + "GetCustomDataIdentifier", + "GetFindingStatistics", + "GetFindings", + "GetFindingsFilter", + "GetFindingsPublicationConfiguration", + "GetInvitationsCount", + "GetMacieSession", + "GetMasterAccount", + "GetMember", + "GetResourceProfile", + "GetRevealConfiguration", + "GetSensitiveDataOccurrences", + "GetSensitiveDataOccurrencesAvailability", + "GetSensitivityInspectionTemplate", + "GetUsageStatistics", + "GetUsageTotals", + "ListAllowLists", + "ListClassificationJobs", + "ListClassificationScopes", + "ListCustomDataIdentifiers", + "ListFindings", + "ListFindingsFilters", + "ListInvitations", + "ListManagedDataIdentifiers", + "ListMembers", + "ListOrganizationAdminAccounts", + "ListResourceProfileArtifacts", + "ListResourceProfileDetections", + "ListSensitivityInspectionTemplates", + "ListTagsForResource", + "PutClassificationExportConfiguration", + "PutFindingsPublicationConfiguration", + "SearchResources", + "TagResource", + "TestCustomDataIdentifier", + "UntagResource", + "UpdateAllowList", + "UpdateAutomatedDiscoveryConfiguration", + "UpdateClassificationJob", + "UpdateClassificationScope", + "UpdateFindingsFilter", + "UpdateMacieSession", + "UpdateMemberSession", + "UpdateOrganizationConfiguration", + "UpdateResourceProfile", + "UpdateResourceProfileDetections", + "UpdateRevealConfiguration", + "UpdateSensitivityInspectionTemplate" ], - "HasResource": false, - "StringPrefix": "macie", + "HasResource": true, + "StringPrefix": "macie2", "conditionKeys": [ - "aws:SourceArn" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" ] }, "Amazon Managed Blockchain": { - "ARNFormat": "arn:aws:managedblockchain:\u003cregion\u003e:\u003caccountId\u003e:\u003cresourceType\u003e/\u003cresourcePath\u003e", - "ARNRegex": "^arn:aws:managedblockchain:.+:[0-9]+:.+", + "ARNFormat": "arn:aws:managedblockchain:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:managedblockchain:.*:[0-9]*:.+", "Actions": [ + "CreateAccessor", "CreateMember", "CreateNetwork", "CreateNode", "CreateProposal", + "DeleteAccessor", "DeleteMember", "DeleteNode", + "GET", + "GetAccessor", "GetMember", "GetNetwork", "GetNode", "GetProposal", + "Invoke", + "InvokeRpcBitcoinMainnet", + "InvokeRpcBitcoinTestnet", + "ListAccessors", "ListInvitations", "ListMembers", "ListNetworks", "ListNodes", "ListProposalVotes", "ListProposals", + "ListTagsForResource", + "POST", "RejectInvitation", + "TagResource", + "UntagResource", + "UpdateMember", + "UpdateNode", "VoteOnProposal" ], "HasResource": true, - "StringPrefix": "managedblockchain" + "StringPrefix": "managedblockchain", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon Managed Blockchain Query": { + "ARNFormat": "arn:${Partition}:managedblockchain-query:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:${Partition}:managedblockchain-query:.*:[0-9]*:.+", + "Actions": [ + "BatchGetTokenBalance", + "GetAssetContract", + "GetTokenBalance", + "GetTransaction", + "ListAssetContracts", + "ListTokenBalances", + "ListTransactionEvents", + "ListTransactions" + ], + "HasResource": false, + "StringPrefix": "managedblockchain-query" + }, + "Amazon Managed Grafana": { + "ARNFormat": "arn:aws:grafana:${Region}:${Account}:/${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:grafana:.+:.+:.+", + "Actions": [ + "AssociateLicense", + "CreateWorkspace", + "CreateWorkspaceApiKey", + "DeleteWorkspace", + "DeleteWorkspaceApiKey", + "DescribeWorkspace", + "DescribeWorkspaceAuthentication", + "DescribeWorkspaceConfiguration", + "DisassociateLicense", + "ListPermissions", + "ListTagsForResource", + "ListVersions", + "ListWorkspaces", + "TagResource", + "UntagResource", + "UpdatePermissions", + "UpdateWorkspace", + "UpdateWorkspaceAuthentication", + "UpdateWorkspaceConfiguration" + ], + "HasResource": true, + "StringPrefix": "grafana", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon Managed Service for Prometheus": { + "ARNFormat": "arn:aws:aps:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:aps:.+:.+:.+", + "Actions": [ + "CreateAlertManagerAlerts", + "CreateAlertManagerDefinition", + "CreateLoggingConfiguration", + "CreateRuleGroupsNamespace", + "CreateWorkspace", + "DeleteAlertManagerDefinition", + "DeleteAlertManagerSilence", + "DeleteLoggingConfiguration", + "DeleteRuleGroupsNamespace", + "DeleteWorkspace", + "DescribeAlertManagerDefinition", + "DescribeLoggingConfiguration", + "DescribeRuleGroupsNamespace", + "DescribeWorkspace", + "GetAlertManagerSilence", + "GetAlertManagerStatus", + "GetLabels", + "GetMetricMetadata", + "GetSeries", + "ListAlertManagerAlertGroups", + "ListAlertManagerAlerts", + "ListAlertManagerReceivers", + "ListAlertManagerSilences", + "ListAlerts", + "ListRuleGroupsNamespaces", + "ListRules", + "ListTagsForResource", + "ListWorkspaces", + "PutAlertManagerDefinition", + "PutAlertManagerSilences", + "PutRuleGroupsNamespace", + "QueryMetrics", + "RemoteWrite", + "TagResource", + "UntagResource", + "UpdateLoggingConfiguration", + "UpdateWorkspaceAlias" + ], + "HasResource": true, + "StringPrefix": "aps", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, - "Amazon Managed Streaming for Kafka": { - "ARNFormat": "arn:aws:kafka:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceName\u003e/\u003cUUID\u003e", + "Amazon Managed Streaming for Apache Kafka": { + "ARNFormat": "arn:aws:kafka:${Region}:${Account}:${ResourceType}/${ResourceName}/${Uuid}", "ARNRegex": "^arn:aws:kafka:.+", "Actions": [ + "BatchAssociateScramSecret", + "BatchDisassociateScramSecret", "CreateCluster", + "CreateClusterV2", "CreateConfiguration", + "CreateReplicator", + "CreateVpcConnection", "DeleteCluster", + "DeleteClusterPolicy", + "DeleteConfiguration", + "DeleteReplicator", + "DeleteVpcConnection", "DescribeCluster", "DescribeClusterOperation", + "DescribeClusterOperationV2", + "DescribeClusterV2", "DescribeConfiguration", "DescribeConfigurationRevision", + "DescribeReplicator", + "DescribeVpcConnection", "GetBootstrapBrokers", + "GetClusterPolicy", + "GetCompatibleKafkaVersions", + "ListClientVpcConnections", "ListClusterOperations", + "ListClusterOperationsV2", "ListClusters", + "ListClustersV2", + "ListConfigurationRevisions", "ListConfigurations", + "ListKafkaVersions", "ListNodes", + "ListReplicators", + "ListScramSecrets", "ListTagsForResource", + "ListVpcConnections", + "PutClusterPolicy", + "RebootBroker", + "RejectClientVpcConnection", "TagResource", "UntagResource", + "UpdateBrokerCount", "UpdateBrokerStorage", - "UpdateClusterConfiguration" + "UpdateBrokerType", + "UpdateClusterConfiguration", + "UpdateClusterKafkaVersion", + "UpdateConfiguration", + "UpdateConnectivity", + "UpdateMonitoring", + "UpdateReplicationInfo", + "UpdateSecurity", + "UpdateStorage" ], "HasResource": true, "StringPrefix": "kafka", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "kafka:publicAccessEnabled" + ] + }, + "Amazon Managed Streaming for Kafka Connect": { + "ARNFormat": "arn:aws:kafkaconnect:${Region}:${Account}:${ResourceType}/${ResourceName}/${UUID}", + "ARNRegex": "^arn:aws:kafkaconnect:.+", + "Actions": [ + "CreateConnector", + "CreateCustomPlugin", + "CreateWorkerConfiguration", + "DeleteConnector", + "DeleteCustomPlugin", + "DescribeConnector", + "DescribeCustomPlugin", + "DescribeWorkerConfiguration", + "ListConnectors", + "ListCustomPlugins", + "ListWorkerConfigurations", + "UpdateConnector" + ], + "HasResource": true, + "StringPrefix": "kafkaconnect" + }, + "Amazon Managed Workflows for Apache Airflow": { + "ARNFormat": "arn:aws:airflow:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:airflow:.+:.+:.+", + "Actions": [ + "CreateCliToken", + "CreateEnvironment", + "CreateWebLoginToken", + "DeleteEnvironment", + "GetEnvironment", + "ListEnvironments", + "ListTagsForResource", + "PublishMetrics", + "TagResource", + "UntagResource", + "UpdateEnvironment" + ], + "HasResource": true, + "StringPrefix": "airflow", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", @@ -7714,6 +16810,58 @@ "HasResource": false, "StringPrefix": "mechanicalturk" }, + "Amazon MemoryDB": { + "ARNFormat": "arn:aws:memorydb:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:memorydb:.+:.+:.+", + "Actions": [ + "BatchUpdateCluster", + "Connect", + "CopySnapshot", + "CreateAcl", + "CreateCluster", + "CreateParameterGroup", + "CreateSnapshot", + "CreateSubnetGroup", + "CreateUser", + "DeleteAcl", + "DeleteCluster", + "DeleteParameterGroup", + "DeleteSnapshot", + "DeleteSubnetGroup", + "DeleteUser", + "DescribeAcls", + "DescribeClusters", + "DescribeEngineVersions", + "DescribeEvents", + "DescribeParameterGroups", + "DescribeParameters", + "DescribeReservedNodes", + "DescribeReservedNodesOfferings", + "DescribeServiceUpdates", + "DescribeSnapshots", + "DescribeSubnetGroups", + "DescribeUsers", + "FailoverShard", + "ListAllowedNodeTypeUpdates", + "ListTags", + "PurchaseReservedNodesOffering", + "ResetParameterGroup", + "TagResource", + "UntagResource", + "UpdateAcl", + "UpdateCluster", + "UpdateParameterGroup", + "UpdateSubnetGroup", + "UpdateUser" + ], + "HasResource": true, + "StringPrefix": "memorydb", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "Amazon Message Delivery Service": { "Actions": [ "AcknowledgeMessage", @@ -7724,7 +16872,11 @@ "SendReply" ], "HasResource": false, - "StringPrefix": "ec2messages" + "StringPrefix": "ec2messages", + "conditionKeys": [ + "ec2:SourceInstanceARN", + "ssm:SourceInstanceARN" + ] }, "Amazon Mobile Analytics": { "Actions": [ @@ -7732,27 +16884,350 @@ "GetReports", "PutEvents" ], - "HasResource": false, - "StringPrefix": "mobileanalytics" + "HasResource": false, + "StringPrefix": "mobileanalytics" + }, + "Amazon Monitron": { + "ARNFormat": "arn:aws:monitron:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:monitron:.+:.+:.+", + "Actions": [ + "AssociateProjectAdminUser", + "CreateProject", + "DeleteProject", + "DisassociateProjectAdminUser", + "GetProject", + "GetProjectAdminUser", + "ListProjectAdminUsers", + "ListProjects", + "ListTagsForResource", + "TagResource", + "UntagResource", + "UpdateProject" + ], + "HasResource": true, + "StringPrefix": "monitron", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon Neptune": { + "ARNFormat": "arn:aws:neptune-db:${Region}:${Account}:${Id}/*", + "ARNRegex": "^arn:aws:neptune-db:.+", + "Actions": [ + "CancelLoaderJob", + "CancelMLDataProcessingJob", + "CancelMLModelTrainingJob", + "CancelMLModelTransformJob", + "CancelQuery", + "CreateMLEndpoint", + "DeleteDataViaQuery", + "DeleteMLEndpoint", + "DeleteStatistics", + "GetEngineStatus", + "GetGraphSummary", + "GetLoaderJobStatus", + "GetMLDataProcessingJobStatus", + "GetMLEndpointStatus", + "GetMLModelTrainingJobStatus", + "GetMLModelTransformJobStatus", + "GetQueryStatus", + "GetStatisticsStatus", + "GetStreamRecords", + "ListLoaderJobs", + "ListMLDataProcessingJobs", + "ListMLEndpoints", + "ListMLModelTrainingJobs", + "ListMLModelTransformJobs", + "ManageStatistics", + "ReadDataViaQuery", + "ResetDatabase", + "StartLoaderJob", + "StartMLDataProcessingJob", + "StartMLModelTrainingJob", + "StartMLModelTransformJob", + "WriteDataViaQuery", + "connect" + ], + "HasResource": true, + "StringPrefix": "neptune-db", + "conditionKeys": [ + "neptune-db:QueryLanguage" + ] + }, + "Amazon Nimble Studio": { + "ARNFormat": "arn:aws:nimble:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:nimble:.+:.+:.+", + "Actions": [ + "AcceptEulas", + "CreateLaunchProfile", + "CreateStreamingImage", + "CreateStreamingSession", + "CreateStreamingSessionStream", + "CreateStudio", + "CreateStudioComponent", + "DeleteLaunchProfile", + "DeleteLaunchProfileMember", + "DeleteStreamingImage", + "DeleteStreamingSession", + "DeleteStudio", + "DeleteStudioComponent", + "DeleteStudioMember", + "GetEula", + "GetFeatureMap", + "GetLaunchProfile", + "GetLaunchProfileDetails", + "GetLaunchProfileInitialization", + "GetLaunchProfileMember", + "GetStreamingImage", + "GetStreamingSession", + "GetStreamingSessionBackup", + "GetStreamingSessionStream", + "GetStudio", + "GetStudioComponent", + "GetStudioMember", + "ListEulaAcceptances", + "ListEulas", + "ListLaunchProfileMembers", + "ListLaunchProfiles", + "ListStreamingImages", + "ListStreamingSessionBackups", + "ListStreamingSessions", + "ListStudioComponents", + "ListStudioMembers", + "ListStudios", + "ListTagsForResource", + "PutLaunchProfileMembers", + "PutStudioLogEvents", + "PutStudioMembers", + "StartStreamingSession", + "StartStudioSSOConfigurationRepair", + "StopStreamingSession", + "TagResource", + "UntagResource", + "UpdateLaunchProfile", + "UpdateLaunchProfileMember", + "UpdateStreamingImage", + "UpdateStudio", + "UpdateStudioComponent" + ], + "HasResource": true, + "StringPrefix": "nimble", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "nimble:createdBy", + "nimble:ownedBy", + "nimble:principalId", + "nimble:requesterPrincipalId", + "nimble:studioId" + ] + }, + "Amazon OpenSearch Ingestion": { + "ARNFormat": "arn:aws:osis:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:osis:.+:.+:.+", + "Actions": [ + "CreatePipeline", + "DeletePipeline", + "GetPipeline", + "GetPipelineBlueprint", + "GetPipelineChangeProgress", + "Ingest", + "ListPipelineBlueprints", + "ListPipelines", + "ListTagsForResource", + "StartPipeline", + "StopPipeline", + "TagResource", + "UntagResource", + "UpdatePipeline", + "ValidatePipeline" + ], + "HasResource": true, + "StringPrefix": "osis", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon OpenSearch Serverless": { + "ARNFormat": "arn:aws:aoss:${Region}:${Account}:${Resource}", + "ARNRegex": "^arn:aws:aoss:.+", + "Actions": [ + "APIAccessAll", + "BatchGetCollection", + "BatchGetEffectiveLifecyclePolicy", + "BatchGetLifecyclePolicy", + "BatchGetVpcEndpoint", + "CreateAccessPolicy", + "CreateCollection", + "CreateLifecyclePolicy", + "CreateSecurityConfig", + "CreateSecurityPolicy", + "CreateVpcEndpoint", + "DashboardsAccessAll", + "DeleteAccessPolicy", + "DeleteCollection", + "DeleteLifecyclePolicy", + "DeleteSecurityConfig", + "DeleteSecurityPolicy", + "DeleteVpcEndpoint", + "GetAccessPolicy", + "GetAccountSettings", + "GetPoliciesStats", + "GetSecurityConfig", + "GetSecurityPolicy", + "ListAccessPolicies", + "ListCollections", + "ListLifecyclePolicies", + "ListSecurityConfigs", + "ListSecurityPolicies", + "ListTagsForResource", + "ListVpcEndpoints", + "TagResource", + "UntagResource", + "UpdateAccessPolicy", + "UpdateAccountSettings", + "UpdateCollection", + "UpdateLifecyclePolicy", + "UpdateSecurityConfig", + "UpdateSecurityPolicy", + "UpdateVpcEndpoint" + ], + "HasResource": true, + "StringPrefix": "aoss", + "conditionKeys": [ + "aoss:CollectionId", + "aoss:collection", + "aoss:index", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, - "Amazon Neptune": { - "ARNFormat": "arn:aws:neptune-db:\u003cregion\u003e:\u003caccountID\u003e:\u003crelative-id\u003e", - "ARNRegex": "^arn:aws:neptune-db:.+", + "Amazon OpenSearch Service": { + "ARNFormat": "arn:aws:es:${Region}:${Account}:${Resource}", + "ARNRegex": "^arn:aws:es:.+", "Actions": [ - "connect" + "AcceptInboundConnection", + "AcceptInboundCrossClusterSearchConnection", + "AddTags", + "AssociatePackage", + "AuthorizeVpcEndpointAccess", + "CancelElasticsearchServiceSoftwareUpdate", + "CancelServiceSoftwareUpdate", + "CreateDomain", + "CreateElasticsearchDomain", + "CreateElasticsearchServiceRole", + "CreateOutboundConnection", + "CreateOutboundCrossClusterSearchConnection", + "CreatePackage", + "CreateServiceRole", + "CreateVpcEndpoint", + "DeleteDomain", + "DeleteElasticsearchDomain", + "DeleteElasticsearchServiceRole", + "DeleteInboundConnection", + "DeleteInboundCrossClusterSearchConnection", + "DeleteOutboundConnection", + "DeleteOutboundCrossClusterSearchConnection", + "DeletePackage", + "DeleteVpcEndpoint", + "DescribeDomain", + "DescribeDomainAutoTunes", + "DescribeDomainChangeProgress", + "DescribeDomainConfig", + "DescribeDomainHealth", + "DescribeDomainNodes", + "DescribeDomains", + "DescribeDryRunProgress", + "DescribeElasticsearchDomain", + "DescribeElasticsearchDomainConfig", + "DescribeElasticsearchDomains", + "DescribeElasticsearchInstanceTypeLimits", + "DescribeInboundConnections", + "DescribeInboundCrossClusterSearchConnections", + "DescribeInstanceTypeLimits", + "DescribeOutboundConnections", + "DescribeOutboundCrossClusterSearchConnections", + "DescribePackages", + "DescribeReservedElasticsearchInstanceOfferings", + "DescribeReservedElasticsearchInstances", + "DescribeReservedInstanceOfferings", + "DescribeReservedInstances", + "DescribeVpcEndpoints", + "DissociatePackage", + "ESCrossClusterGet", + "ESHttpDelete", + "ESHttpGet", + "ESHttpHead", + "ESHttpPatch", + "ESHttpPost", + "ESHttpPut", + "GetCompatibleElasticsearchVersions", + "GetCompatibleVersions", + "GetDomainMaintenanceStatus", + "GetPackageVersionHistory", + "GetUpgradeHistory", + "GetUpgradeStatus", + "ListDomainMaintenances", + "ListDomainNames", + "ListDomainsForPackage", + "ListElasticsearchInstanceTypeDetails", + "ListElasticsearchInstanceTypes", + "ListElasticsearchVersions", + "ListInstanceTypeDetails", + "ListPackagesForDomain", + "ListScheduledActions", + "ListTags", + "ListVersions", + "ListVpcEndpointAccess", + "ListVpcEndpoints", + "ListVpcEndpointsForDomain", + "PurchaseReservedElasticsearchInstanceOffering", + "PurchaseReservedInstanceOffering", + "RejectInboundConnection", + "RejectInboundCrossClusterSearchConnection", + "RemoveTags", + "RevokeVpcEndpointAccess", + "StartDomainMaintenance", + "StartElasticsearchServiceSoftwareUpdate", + "StartServiceSoftwareUpdate", + "UpdateDomainConfig", + "UpdateElasticsearchDomainConfig", + "UpdatePackage", + "UpdateScheduledAction", + "UpdateVpcEndpoint", + "UpgradeDomain", + "UpgradeElasticsearchDomain" ], "HasResource": true, - "StringPrefix": "neptune-db" + "StringPrefix": "es", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "Amazon Personalize": { - "ARNFormat": "arn:aws:personalize:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", + "ARNFormat": "arn:aws:personalize:${Region}:${Account}:${Resourcename}/${ResourceId}", "ARNRegex": "^arn:aws:personalize:.+:.+:.+", "Actions": [ + "CreateBatchInferenceJob", + "CreateBatchSegmentJob", "CreateCampaign", + "CreateDataInsightsJob", "CreateDataset", + "CreateDatasetExportJob", "CreateDatasetGroup", "CreateDatasetImportJob", "CreateEventTracker", + "CreateFilter", + "CreateMetricAttribution", + "CreateRecommender", "CreateSchema", "CreateSolution", "CreateSolutionVersion", @@ -7760,39 +17235,69 @@ "DeleteDataset", "DeleteDatasetGroup", "DeleteEventTracker", + "DeleteFilter", + "DeleteMetricAttribution", + "DeleteRecommender", "DeleteSchema", "DeleteSolution", "DescribeAlgorithm", + "DescribeBatchInferenceJob", + "DescribeBatchSegmentJob", "DescribeCampaign", + "DescribeDataInsightsJob", "DescribeDataset", + "DescribeDatasetExportJob", "DescribeDatasetGroup", "DescribeDatasetImportJob", "DescribeEventTracker", "DescribeFeatureTransformation", + "DescribeFilter", + "DescribeMetricAttribution", "DescribeRecipe", + "DescribeRecommender", "DescribeSchema", "DescribeSolution", "DescribeSolutionVersion", + "GetDataInsights", "GetPersonalizedRanking", "GetRecommendations", "GetSolutionMetrics", + "ListBatchInferenceJobs", + "ListBatchSegmentJobs", "ListCampaigns", + "ListDataInsightsJobs", + "ListDatasetExportJobs", "ListDatasetGroups", "ListDatasetImportJobs", "ListDatasets", "ListEventTrackers", + "ListFilters", + "ListMetricAttributionMetrics", + "ListMetricAttributions", "ListRecipes", + "ListRecommenders", "ListSchemas", "ListSolutionVersions", "ListSolutions", + "ListTagsForResource", "PutEvents", - "UpdateCampaign" + "PutItems", + "PutUsers", + "StartRecommender", + "StopRecommender", + "StopSolutionVersionCreation", + "TagResource", + "UntagResource", + "UpdateCampaign", + "UpdateDataset", + "UpdateMetricAttribution", + "UpdateRecommender" ], "HasResource": true, "StringPrefix": "personalize" }, "Amazon Pinpoint": { - "ARNFormat": "arn:aws:mobiletargeting:\u003cregion\u003e:\u003caccount_ID\u003e:.+", + "ARNFormat": "arn:aws:mobiletargeting:${Region}:${Account}:.+", "ARNRegex": "^arn:aws:mobiletargeting:.+", "Actions": [ "CreateApp", @@ -7800,6 +17305,7 @@ "CreateEmailTemplate", "CreateExportJob", "CreateImportJob", + "CreateInAppTemplate", "CreateJourney", "CreatePushTemplate", "CreateRecommenderConfiguration", @@ -7819,6 +17325,7 @@ "DeleteEndpoint", "DeleteEventStream", "DeleteGcmChannel", + "DeleteInAppTemplate", "DeleteJourney", "DeletePushTemplate", "DeleteRecommenderConfiguration", @@ -7834,11 +17341,13 @@ "GetApnsVoipChannel", "GetApnsVoipSandboxChannel", "GetApp", + "GetApplicationDateRangeKpi", "GetApplicationSettings", "GetApps", "GetBaiduChannel", "GetCampaign", "GetCampaignActivities", + "GetCampaignDateRangeKpi", "GetCampaignVersion", "GetCampaignVersions", "GetCampaigns", @@ -7852,10 +17361,19 @@ "GetGcmChannel", "GetImportJob", "GetImportJobs", + "GetInAppMessages", + "GetInAppTemplate", "GetJourney", + "GetJourneyDateRangeKpi", + "GetJourneyExecutionActivityMetrics", + "GetJourneyExecutionMetrics", + "GetJourneyRunExecutionActivityMetrics", + "GetJourneyRunExecutionMetrics", + "GetJourneyRuns", "GetPushTemplate", "GetRecommenderConfiguration", "GetRecommenderConfigurations", + "GetReports", "GetSegment", "GetSegmentExportJobs", "GetSegmentImportJobs", @@ -7876,6 +17394,7 @@ "PutEvents", "RemoveAttributes", "SendMessages", + "SendOTPMessage", "SendUsersMessages", "TagResource", "UntagResource", @@ -7892,6 +17411,7 @@ "UpdateEndpoint", "UpdateEndpointsBatch", "UpdateGcmChannel", + "UpdateInAppTemplate", "UpdateJourney", "UpdateJourneyState", "UpdatePushTemplate", @@ -7901,7 +17421,8 @@ "UpdateSmsTemplate", "UpdateTemplateActiveVersion", "UpdateVoiceChannel", - "UpdateVoiceTemplate" + "UpdateVoiceTemplate", + "VerifyOTPMessage" ], "HasResource": true, "StringPrefix": "mobiletargeting", @@ -7912,7 +17433,7 @@ ] }, "Amazon Pinpoint Email Service": { - "ARNFormat": "arn:aws:ses:\u003cregion\u003e:\u003caccount_ID\u003e:\u003carn_type\u003e/\u003cresource_id\u003e", + "ARNFormat": "arn:aws:ses:${Region}:${Account}:${ResourceType}/${ResourceId}", "ARNRegex": "^arn:aws:ses:.+:[0-9]+:.+", "Actions": [ "CreateConfigurationSet", @@ -7932,11 +17453,13 @@ "GetDedicatedIps", "GetDeliverabilityDashboardOptions", "GetDeliverabilityTestReport", + "GetDomainDeliverabilityCampaign", "GetDomainStatisticsReport", "GetEmailIdentity", "ListConfigurationSets", "ListDedicatedIpPools", "ListDeliverabilityTestReports", + "ListDomainDeliverabilityCampaigns", "ListEmailIdentities", "ListTagsForResource", "PutAccountDedicatedIpWarmupAttributes", @@ -7962,12 +17485,69 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "ses:ApiVersion", "ses:FeedbackAddress", "ses:FromAddress", "ses:FromDisplayName", "ses:Recipients" ] }, + "Amazon Pinpoint SMS Voice V2": { + "ARNFormat": "arn:aws:sms-voice:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:sms-voice:.+", + "Actions": [ + "AssociateOriginationIdentity", + "CreateConfigurationSet", + "CreateEventDestination", + "CreateOptOutList", + "CreatePool", + "DeleteConfigurationSet", + "DeleteDefaultMessageType", + "DeleteDefaultSenderId", + "DeleteEventDestination", + "DeleteKeyword", + "DeleteOptOutList", + "DeleteOptedOutNumber", + "DeletePool", + "DeleteTextMessageSpendLimitOverride", + "DeleteVoiceMessageSpendLimitOverride", + "DescribeAccountAttributes", + "DescribeAccountLimits", + "DescribeConfigurationSets", + "DescribeKeywords", + "DescribeOptOutLists", + "DescribeOptedOutNumbers", + "DescribePhoneNumbers", + "DescribePools", + "DescribeSenderIds", + "DescribeSpendLimits", + "DisassociateOriginationIdentity", + "ListPoolOriginationIdentities", + "ListTagsForResource", + "PutKeyword", + "PutOptedOutNumber", + "ReleasePhoneNumber", + "RequestPhoneNumber", + "SendTextMessage", + "SendVoiceMessage", + "SetDefaultMessageType", + "SetDefaultSenderId", + "SetTextMessageSpendLimitOverride", + "SetVoiceMessageSpendLimitOverride", + "TagResource", + "UntagResource", + "UpdateEventDestination", + "UpdatePhoneNumber", + "UpdatePool" + ], + "HasResource": true, + "StringPrefix": "sms-voice", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, "Amazon Pinpoint SMS and Voice Service": { "ARNFormat": "arn:aws:sms-voice:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", "ARNRegex": "^arn:aws:sms-voice:.+:.+:.+", @@ -7985,8 +17565,8 @@ "StringPrefix": "sms-voice" }, "Amazon Polly": { - "ARNFormat": "arn:aws:polly:\u003cregion\u003e:\u003caccountID\u003e:\u003crelative-id\u003e", - "ARNRegex": "^arn:aws:polly::.+", + "ARNFormat": "arn:aws:polly:${Region}:${Account}:lexicon/${RelativeId}", + "ARNRegex": "^arn:aws:polly:${Region}:.+", "Actions": [ "DeleteLexicon", "DescribeVoices", @@ -8002,11 +17582,13 @@ "StringPrefix": "polly" }, "Amazon QLDB": { - "ARNFormat": "arn:${Partition}:qldb:${region}:${account}:${resourceType}/${resourcePath}", - "ARNRegex": "^arn:${Partition}:qldb:.+", + "ARNFormat": "arn:aws:qldb:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:qldb:.+", "Actions": [ + "CancelJournalKinesisStream", "CreateLedger", "DeleteLedger", + "DescribeJournalKinesisStream", "DescribeJournalS3Export", "DescribeLedger", "ExecuteStatement", @@ -8015,84 +17597,230 @@ "GetDigest", "GetRevision", "InsertSampleData", + "ListJournalKinesisStreamsForLedger", "ListJournalS3Exports", "ListJournalS3ExportsForLedger", "ListLedgers", "ListTagsForResource", + "PartiQLCreateIndex", + "PartiQLCreateTable", + "PartiQLDelete", + "PartiQLDropIndex", + "PartiQLDropTable", + "PartiQLHistoryFunction", + "PartiQLInsert", + "PartiQLRedact", + "PartiQLSelect", + "PartiQLUndropTable", + "PartiQLUpdate", "SendCommand", "ShowCatalog", + "StreamJournalToKinesis", "TagResource", "UntagResource", - "UpdateLedger" + "UpdateLedger", + "UpdateLedgerPermissionsMode" ], "HasResource": true, "StringPrefix": "qldb", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "qldb:Purge" ] }, "Amazon QuickSight": { - "ARNFormat": "arn:aws:quicksight:\u003cregion\u003e:\u003caccountId\u003e:\u003cresourceType\u003e/\u003cresourceId\u003e", + "ARNFormat": "arn:aws:quicksight:${Region}:${Account}:${ResourceType}/${ResourceId}", "ARNRegex": "^arn:aws:quicksight:.+", "Actions": [ + "AccountConfigurations", + "CancelIngestion", + "CreateAccountCustomization", + "CreateAccountSubscription", "CreateAdmin", + "CreateAnalysis", + "CreateCustomPermissions", "CreateDashboard", + "CreateDataSet", + "CreateDataSource", + "CreateEmailCustomizationTemplate", + "CreateFolder", + "CreateFolderMembership", "CreateGroup", "CreateGroupMembership", "CreateIAMPolicyAssignment", + "CreateIngestion", + "CreateNamespace", "CreateReader", + "CreateRefreshSchedule", "CreateTemplate", "CreateTemplateAlias", + "CreateTheme", + "CreateThemeAlias", + "CreateTopic", + "CreateTopicRefreshSchedule", "CreateUser", + "CreateVPCConnection", + "DeleteAccountCustomization", + "DeleteAccountSubscription", + "DeleteAnalysis", + "DeleteCustomPermissions", "DeleteDashboard", + "DeleteDataSet", + "DeleteDataSetRefreshProperties", + "DeleteDataSource", + "DeleteEmailCustomizationTemplate", + "DeleteFolder", + "DeleteFolderMembership", "DeleteGroup", "DeleteGroupMembership", "DeleteIAMPolicyAssignment", + "DeleteNamespace", + "DeleteRefreshSchedule", "DeleteTemplate", "DeleteTemplateAlias", + "DeleteTheme", + "DeleteThemeAlias", + "DeleteTopic", + "DeleteTopicRefreshSchedule", "DeleteUser", "DeleteUserByPrincipalId", + "DeleteVPCConnection", + "DescribeAccountCustomization", + "DescribeAccountSettings", + "DescribeAccountSubscription", + "DescribeAnalysis", + "DescribeAnalysisPermissions", + "DescribeAssetBundleExportJob", + "DescribeAssetBundleImportJob", + "DescribeCustomPermissions", "DescribeDashboard", "DescribeDashboardPermissions", + "DescribeDashboardSnapshotJob", + "DescribeDashboardSnapshotJobResult", + "DescribeDataSet", + "DescribeDataSetPermissions", + "DescribeDataSetRefreshProperties", + "DescribeDataSource", + "DescribeDataSourcePermissions", + "DescribeEmailCustomizationTemplate", + "DescribeFolder", + "DescribeFolderPermissions", + "DescribeFolderResolvedPermissions", "DescribeGroup", + "DescribeGroupMembership", "DescribeIAMPolicyAssignment", + "DescribeIngestion", + "DescribeIpRestriction", + "DescribeNamespace", + "DescribeRefreshSchedule", "DescribeTemplate", "DescribeTemplateAlias", "DescribeTemplatePermissions", + "DescribeTheme", + "DescribeThemeAlias", + "DescribeThemePermissions", + "DescribeTopic", + "DescribeTopicPermissions", + "DescribeTopicRefresh", + "DescribeTopicRefreshSchedule", "DescribeUser", + "DescribeVPCConnection", + "GenerateEmbedUrlForAnonymousUser", + "GenerateEmbedUrlForRegisteredUser", + "GetAnonymousUserEmbedUrl", "GetAuthCode", "GetDashboardEmbedUrl", "GetGroupMapping", + "GetSessionEmbedUrl", + "ListAnalyses", + "ListAssetBundleExportJobs", + "ListAssetBundleImportJobs", + "ListCustomPermissions", + "ListCustomerManagedKeys", "ListDashboardVersions", "ListDashboards", + "ListDataSets", + "ListDataSources", + "ListFolderMembers", + "ListFolders", "ListGroupMemberships", "ListGroups", "ListIAMPolicyAssignments", "ListIAMPolicyAssignmentsForUser", + "ListIngestions", + "ListKMSKeysForUser", + "ListNamespaces", + "ListRefreshSchedules", "ListTagsForResource", "ListTemplateAliases", "ListTemplateVersions", "ListTemplates", + "ListThemeAliases", + "ListThemeVersions", + "ListThemes", + "ListTopicRefreshSchedules", + "ListTopics", "ListUserGroups", "ListUsers", + "ListVPCConnections", + "PassDataSet", + "PassDataSource", + "PutDataSetRefreshProperties", + "RegisterCustomerManagedKey", "RegisterUser", + "RemoveCustomerManagedKey", + "RestoreAnalysis", + "ScopeDownPolicy", + "SearchAnalyses", + "SearchDashboards", + "SearchDataSets", + "SearchDataSources", "SearchDirectoryGroups", + "SearchFolders", + "SearchGroups", + "SearchUsers", "SetGroupMapping", + "StartAssetBundleExportJob", + "StartAssetBundleImportJob", + "StartDashboardSnapshotJob", "Subscribe", "TagResource", "Unsubscribe", "UntagResource", + "UpdateAccountCustomization", + "UpdateAccountSettings", + "UpdateAnalysis", + "UpdateAnalysisPermissions", + "UpdateCustomPermissions", "UpdateDashboard", "UpdateDashboardPermissions", "UpdateDashboardPublishedVersion", + "UpdateDataSet", + "UpdateDataSetPermissions", + "UpdateDataSource", + "UpdateDataSourcePermissions", + "UpdateEmailCustomizationTemplate", + "UpdateFolder", + "UpdateFolderPermissions", "UpdateGroup", "UpdateIAMPolicyAssignment", + "UpdateIpRestriction", + "UpdatePublicSharingSettings", + "UpdateRefreshSchedule", + "UpdateResourcePermissions", "UpdateTemplate", "UpdateTemplateAlias", "UpdateTemplatePermissions", - "UpdateUser" + "UpdateTheme", + "UpdateThemeAlias", + "UpdateThemePermissions", + "UpdateTopic", + "UpdateTopicPermissions", + "UpdateTopicRefreshSchedule", + "UpdateUser", + "UpdateVPCConnection" ], "HasResource": true, "StringPrefix": "quicksight", @@ -8100,13 +17828,16 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "quicksight:AllowedEmbeddingDomains", + "quicksight:DirectoryType", + "quicksight:Edition", "quicksight:IamArn", "quicksight:SessionName", "quicksight:UserName" ] }, "Amazon RDS": { - "ARNFormat": "arn:aws:rds:\u003cregion\u003e:\u003caccountID\u003e:\u003crelative-id\u003e", + "ARNFormat": "arn:aws:rds:${Region}:${Account}:${RelativeId}", "ARNRegex": "^arn:aws:rds:.+", "Actions": [ "AddRoleToDBCluster", @@ -8122,6 +17853,8 @@ "CopyDBParameterGroup", "CopyDBSnapshot", "CopyOptionGroup", + "CreateBlueGreenDeployment", + "CreateCustomDBEngineVersion", "CreateDBCluster", "CreateDBClusterEndpoint", "CreateDBClusterParameterGroup", @@ -8130,13 +17863,20 @@ "CreateDBInstanceReadReplica", "CreateDBParameterGroup", "CreateDBProxy", + "CreateDBProxyEndpoint", "CreateDBSecurityGroup", "CreateDBSnapshot", "CreateDBSubnetGroup", "CreateEventSubscription", "CreateGlobalCluster", + "CreateIntegration", "CreateOptionGroup", + "CreateTenantDatabase", + "CrossRegionCommunication", + "DeleteBlueGreenDeployment", + "DeleteCustomDBEngineVersion", "DeleteDBCluster", + "DeleteDBClusterAutomatedBackup", "DeleteDBClusterEndpoint", "DeleteDBClusterParameterGroup", "DeleteDBClusterSnapshot", @@ -8144,15 +17884,20 @@ "DeleteDBInstanceAutomatedBackup", "DeleteDBParameterGroup", "DeleteDBProxy", + "DeleteDBProxyEndpoint", "DeleteDBSecurityGroup", "DeleteDBSnapshot", "DeleteDBSubnetGroup", "DeleteEventSubscription", "DeleteGlobalCluster", + "DeleteIntegration", "DeleteOptionGroup", + "DeleteTenantDatabase", "DeregisterDBProxyTargets", "DescribeAccountAttributes", + "DescribeBlueGreenDeployments", "DescribeCertificates", + "DescribeDBClusterAutomatedBackups", "DescribeDBClusterBacktracks", "DescribeDBClusterEndpoints", "DescribeDBClusterParameterGroups", @@ -8167,12 +17912,14 @@ "DescribeDBParameterGroups", "DescribeDBParameters", "DescribeDBProxies", + "DescribeDBProxyEndpoints", "DescribeDBProxyTargetGroups", "DescribeDBProxyTargets", "DescribeDBSecurityGroups", "DescribeDBSnapshotAttributes", "DescribeDBSnapshots", "DescribeDBSubnetGroups", + "DescribeDbSnapshotTenantDatabases", "DescribeEngineDefaultClusterParameters", "DescribeEngineDefaultParameters", "DescribeEventCategories", @@ -8180,19 +17927,27 @@ "DescribeEvents", "DescribeExportTasks", "DescribeGlobalClusters", + "DescribeIntegrations", "DescribeOptionGroupOptions", "DescribeOptionGroups", "DescribeOrderableDBInstanceOptions", "DescribePendingMaintenanceActions", + "DescribeRecommendationGroups", + "DescribeRecommendations", "DescribeReservedDBInstances", "DescribeReservedDBInstancesOfferings", "DescribeSourceRegions", + "DescribeTenantDatabases", "DescribeValidDBInstanceModifications", "DownloadCompleteDBLogFile", "DownloadDBLogFilePortion", "FailoverDBCluster", + "FailoverGlobalCluster", "ListTagsForResource", + "ModifyActivityStream", + "ModifyCertificates", "ModifyCurrentDBClusterCapacity", + "ModifyCustomDBEngineVersion", "ModifyDBCluster", "ModifyDBClusterEndpoint", "ModifyDBClusterParameterGroup", @@ -8200,6 +17955,7 @@ "ModifyDBInstance", "ModifyDBParameterGroup", "ModifyDBProxy", + "ModifyDBProxyEndpoint", "ModifyDBProxyTargetGroup", "ModifyDBSnapshot", "ModifyDBSnapshotAttribute", @@ -8207,9 +17963,12 @@ "ModifyEventSubscription", "ModifyGlobalCluster", "ModifyOptionGroup", + "ModifyRecommendation", + "ModifyTenantDatabase", "PromoteReadReplica", "PromoteReadReplicaDBCluster", "PurchaseReservedDBInstancesOffering", + "RebootDBCluster", "RebootDBInstance", "RegisterDBProxyTargets", "RemoveFromGlobalCluster", @@ -8229,10 +17988,15 @@ "StartActivityStream", "StartDBCluster", "StartDBInstance", + "StartDBInstanceAutomatedBackupsReplication", "StartExportTask", "StopActivityStream", "StopDBCluster", - "StopDBInstance" + "StopDBInstance", + "StopDBInstanceAutomatedBackupsReplication", + "SwitchoverBlueGreenDeployment", + "SwitchoverGlobalCluster", + "SwitchoverReadReplica" ], "HasResource": true, "StringPrefix": "rds", @@ -8240,14 +18004,19 @@ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys", + "rds:BackupTarget", + "rds:CopyOptionGroup", "rds:DatabaseClass", "rds:DatabaseEngine", "rds:DatabaseName", "rds:EndpointType", + "rds:ManageMasterUserPassword", "rds:MultiAz", + "rds:MultiTenant", "rds:Piops", "rds:StorageEncrypted", "rds:StorageSize", + "rds:TenantDatabaseName", "rds:Vpc", "rds:cluster-pg-tag/${TagKey}", "rds:cluster-snapshot-tag/${TagKey}", @@ -8264,6 +18033,8 @@ ] }, "Amazon RDS Data API": { + "ARNFormat": "arn:aws:rds:${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:aws:rds:.+", "Actions": [ "BatchExecuteStatement", "BeginTransaction", @@ -8272,8 +18043,12 @@ "ExecuteStatement", "RollbackTransaction" ], - "HasResource": false, - "StringPrefix": "rds-data" + "HasResource": true, + "StringPrefix": "rds-data", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "Amazon RDS IAM Authentication": { "ARNFormat": "arn:aws:rds-db:\u003cregion\u003e:\u003caccount-id\u003e:dbuser:\u003cdbi-resource-id\u003e/\u003cdb-user-name\u003e", @@ -8284,12 +18059,25 @@ "HasResource": true, "StringPrefix": "rds-db" }, + "Amazon RHEL Knowledgebase Portal": { + "ARNFormat": "arn:${Partition}:rhelkb:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:${Partition}:rhelkb:.+", + "Actions": [ + "GetRhelURL" + ], + "HasResource": false, + "StringPrefix": "rhelkb" + }, "Amazon Redshift": { - "ARNFormat": "arn:aws:redshift:\u003cregion\u003e:\u003caccountID\u003e:\u003crelative-id\u003e", + "ARNFormat": "arn:aws:redshift:${Region}:${Account}:${RelativeId}", "ARNRegex": "^arn:aws:redshift:.+:.+:.+", "Actions": [ "AcceptReservedNodeExchange", + "AddPartner", + "AssociateDataShareConsumer", "AuthorizeClusterSecurityGroupIngress", + "AuthorizeDataShare", + "AuthorizeEndpointAccess", "AuthorizeSnapshotAccess", "BatchDeleteClusterSnapshots", "BatchModifyClusterSnapshots", @@ -8297,12 +18085,15 @@ "CancelQuerySession", "CancelResize", "CopyClusterSnapshot", + "CreateAuthenticationProfile", "CreateCluster", "CreateClusterParameterGroup", "CreateClusterSecurityGroup", "CreateClusterSnapshot", "CreateClusterSubnetGroup", "CreateClusterUser", + "CreateCustomDomainAssociation", + "CreateEndpointAccess", "CreateEventSubscription", "CreateHsmClientCertificate", "CreateHsmConfiguration", @@ -8311,20 +18102,29 @@ "CreateSnapshotCopyGrant", "CreateSnapshotSchedule", "CreateTags", + "CreateUsageLimit", + "DeauthorizeDataShare", + "DeleteAuthenticationProfile", "DeleteCluster", "DeleteClusterParameterGroup", "DeleteClusterSecurityGroup", "DeleteClusterSnapshot", "DeleteClusterSubnetGroup", + "DeleteCustomDomainAssociation", + "DeleteEndpointAccess", "DeleteEventSubscription", "DeleteHsmClientCertificate", "DeleteHsmConfiguration", + "DeletePartner", + "DeleteResourcePolicy", "DeleteSavedQueries", "DeleteScheduledAction", "DeleteSnapshotCopyGrant", "DeleteSnapshotSchedule", "DeleteTags", + "DeleteUsageLimit", "DescribeAccountAttributes", + "DescribeAuthenticationProfiles", "DescribeClusterDbRevisions", "DescribeClusterParameterGroups", "DescribeClusterParameters", @@ -8334,16 +18134,25 @@ "DescribeClusterTracks", "DescribeClusterVersions", "DescribeClusters", + "DescribeCustomDomainAssociations", + "DescribeDataShares", + "DescribeDataSharesForConsumer", + "DescribeDataSharesForProducer", "DescribeDefaultClusterParameters", + "DescribeEndpointAccess", + "DescribeEndpointAuthorization", "DescribeEventCategories", "DescribeEventSubscriptions", "DescribeEvents", "DescribeHsmClientCertificates", "DescribeHsmConfigurations", + "DescribeInboundIntegrations", "DescribeLoggingStatus", "DescribeNodeConfigurationOptions", "DescribeOrderableClusterOptions", + "DescribePartners", "DescribeQuery", + "DescribeReservedNodeExchangeStatus", "DescribeReservedNodeOfferings", "DescribeReservedNodes", "DescribeResize", @@ -8355,19 +18164,27 @@ "DescribeTable", "DescribeTableRestoreStatus", "DescribeTags", + "DescribeUsageLimits", "DisableLogging", "DisableSnapshotCopy", + "DisassociateDataShareConsumer", "EnableLogging", "EnableSnapshotCopy", "ExecuteQuery", + "FailoverPrimaryCompute", "FetchResults", "GetClusterCredentials", + "GetClusterCredentialsWithIAM", + "GetReservedNodeExchangeConfigurationOptions", "GetReservedNodeExchangeOfferings", + "GetResourcePolicy", "JoinGroup", "ListDatabases", "ListSavedQueries", "ListSchemas", "ListTables", + "ModifyAquaConfiguration", + "ModifyAuthenticationProfile", "ModifyCluster", "ModifyClusterDbRevision", "ModifyClusterIamRoles", @@ -8376,48 +18193,157 @@ "ModifyClusterSnapshot", "ModifyClusterSnapshotSchedule", "ModifyClusterSubnetGroup", + "ModifyCustomDomainAssociation", + "ModifyEndpointAccess", "ModifyEventSubscription", "ModifySavedQuery", "ModifyScheduledAction", "ModifySnapshotCopyRetentionPeriod", "ModifySnapshotSchedule", + "ModifyUsageLimit", "PauseCluster", "PurchaseReservedNodeOffering", + "PutResourcePolicy", "RebootCluster", + "RejectDataShare", "ResetClusterParameterGroup", "ResizeCluster", "RestoreFromClusterSnapshot", "RestoreTableFromClusterSnapshot", "ResumeCluster", "RevokeClusterSecurityGroupIngress", + "RevokeEndpointAccess", "RevokeSnapshotAccess", "RotateEncryptionKey", + "UpdatePartnerStatus", "ViewQueriesFromConsole", "ViewQueriesInConsole" ], "HasResource": true, "StringPrefix": "redshift", "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "redshift:ConsumerArn", + "redshift:ConsumerIdentifier", "redshift:DbName", "redshift:DbUser", - "redshift:DurationSeconds" + "redshift:DurationSeconds", + "redshift:InboundIntegrationArn" + ] + }, + "Amazon Redshift Data API": { + "ARNFormat": "arn:aws:redshift-serverless:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:(redshift|redshift-serverless):.+:.+:.+", + "Actions": [ + "BatchExecuteStatement", + "CancelStatement", + "DescribeStatement", + "DescribeTable", + "ExecuteStatement", + "GetStatementResult", + "ListDatabases", + "ListSchemas", + "ListStatements", + "ListTables" + ], + "HasResource": true, + "StringPrefix": "redshift-data", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "redshift-data:statement-owner-iam-userid" + ] + }, + "Amazon Redshift Serverless": { + "ARNFormat": "arn:aws:redshift-serverless:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:redshift-serverless:.+:.+:.+", + "Actions": [ + "ConvertRecoveryPointToSnapshot", + "CreateCustomDomainAssociation", + "CreateEndpointAccess", + "CreateNamespace", + "CreateSnapshot", + "CreateUsageLimit", + "CreateWorkgroup", + "DeleteCustomDomainAssociation", + "DeleteEndpointAccess", + "DeleteNamespace", + "DeleteResourcePolicy", + "DeleteSnapshot", + "DeleteUsageLimit", + "DeleteWorkgroup", + "DescribeOneTimeCredit", + "GetCredentials", + "GetCustomDomainAssociation", + "GetEndpointAccess", + "GetNamespace", + "GetRecoveryPoint", + "GetResourcePolicy", + "GetSnapshot", + "GetTableRestoreStatus", + "GetUsageLimit", + "GetWorkgroup", + "ListCustomDomainAssociations", + "ListEndpointAccess", + "ListNamespaces", + "ListRecoveryPoints", + "ListSnapshots", + "ListTableRestoreStatus", + "ListTagsForResource", + "ListUsageLimits", + "ListWorkgroups", + "PutResourcePolicy", + "RestoreFromRecoveryPoint", + "RestoreFromSnapshot", + "RestoreTableFromSnapshot", + "TagResource", + "UntagResource", + "UpdateCustomDomainAssociation", + "UpdateEndpointAccess", + "UpdateNamespace", + "UpdateSnapshot", + "UpdateUsageLimit", + "UpdateWorkgroup" + ], + "HasResource": true, + "StringPrefix": "redshift-serverless", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "redshift-serverless:endpointAccessId", + "redshift-serverless:namespaceId", + "redshift-serverless:recoveryPointId", + "redshift-serverless:snapshotId", + "redshift-serverless:tableRestoreRequestId", + "redshift-serverless:workgroupId" ] }, "Amazon Rekognition": { - "ARNFormat": "arn:aws:rekognition:\u003cregion\u003e:\u003caccountID\u003e:\u003crelative-id\u003e", - "ARNRegex": "^arn:aws:rekognition::.+", + "ARNFormat": "arn:aws:rekognition:${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:aws:rekognition:.+", "Actions": [ + "AssociateFaces", "CompareFaces", + "CopyProjectVersion", "CreateCollection", + "CreateDataset", + "CreateFaceLivenessSession", "CreateProject", "CreateProjectVersion", "CreateStreamProcessor", + "CreateUser", "DeleteCollection", + "DeleteDataset", "DeleteFaces", "DeleteProject", + "DeleteProjectPolicy", "DeleteProjectVersion", "DeleteStreamProcessor", + "DeleteUser", "DescribeCollection", + "DescribeDataset", "DescribeProjectVersions", "DescribeProjects", "DescribeStreamProcessor", @@ -8425,36 +18351,63 @@ "DetectFaces", "DetectLabels", "DetectModerationLabels", + "DetectProtectiveEquipment", "DetectText", + "DisassociateFaces", + "DistributeDatasetEntries", "GetCelebrityInfo", "GetCelebrityRecognition", "GetContentModeration", "GetFaceDetection", + "GetFaceLivenessSessionResults", "GetFaceSearch", "GetLabelDetection", + "GetMediaAnalysisJob", "GetPersonTracking", + "GetSegmentDetection", "GetTextDetection", "IndexFaces", "ListCollections", + "ListDatasetEntries", + "ListDatasetLabels", "ListFaces", + "ListMediaAnalysisJobs", + "ListProjectPolicies", "ListStreamProcessors", + "ListTagsForResource", + "ListUsers", + "PutProjectPolicy", "RecognizeCelebrities", "SearchFaces", "SearchFacesByImage", + "SearchUsers", + "SearchUsersByImage", "StartCelebrityRecognition", "StartContentModeration", "StartFaceDetection", + "StartFaceLivenessSession", "StartFaceSearch", "StartLabelDetection", + "StartMediaAnalysisJob", "StartPersonTracking", "StartProjectVersion", + "StartSegmentDetection", "StartStreamProcessor", "StartTextDetection", "StopProjectVersion", - "StopStreamProcessor" + "StopStreamProcessor", + "TagResource", + "UntagResource", + "UpdateDatasetEntries", + "UpdateStreamProcessor" ], "HasResource": true, - "StringPrefix": "rekognition" + "StringPrefix": "rekognition", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "Amazon Resource Group Tagging API": { "Actions": [ @@ -8471,31 +18424,41 @@ "StringPrefix": "tag" }, "Amazon Route 53": { - "ARNFormat": "arn:aws:route53:::\u003cresource\u003e/\u003cid\u003e", + "ARNFormat": "arn:aws:route53:::${Resource}/{$Id}", "ARNRegex": "^arn:aws:route53:::.+", "Actions": [ + "ActivateKeySigningKey", "AssociateVPCWithHostedZone", + "ChangeCidrCollection", "ChangeResourceRecordSets", "ChangeTagsForResource", + "CreateCidrCollection", "CreateHealthCheck", "CreateHostedZone", + "CreateKeySigningKey", "CreateQueryLoggingConfig", "CreateReusableDelegationSet", "CreateTrafficPolicy", "CreateTrafficPolicyInstance", "CreateTrafficPolicyVersion", "CreateVPCAssociationAuthorization", + "DeactivateKeySigningKey", + "DeleteCidrCollection", "DeleteHealthCheck", "DeleteHostedZone", + "DeleteKeySigningKey", "DeleteQueryLoggingConfig", "DeleteReusableDelegationSet", "DeleteTrafficPolicy", "DeleteTrafficPolicyInstance", "DeleteVPCAssociationAuthorization", + "DisableHostedZoneDNSSEC", "DisassociateVPCFromHostedZone", + "EnableHostedZoneDNSSEC", "GetAccountLimit", "GetChange", "GetCheckerIpRanges", + "GetDNSSEC", "GetGeoLocation", "GetHealthCheck", "GetHealthCheckCount", @@ -8510,54 +18473,265 @@ "GetTrafficPolicy", "GetTrafficPolicyInstance", "GetTrafficPolicyInstanceCount", + "ListCidrBlocks", + "ListCidrCollections", + "ListCidrLocations", "ListGeoLocations", "ListHealthChecks", "ListHostedZones", "ListHostedZonesByName", + "ListHostedZonesByVPC", "ListQueryLoggingConfigs", "ListResourceRecordSets", "ListReusableDelegationSets", "ListTagsForResource", "ListTagsForResources", - "ListTrafficPolicies", - "ListTrafficPolicyInstances", - "ListTrafficPolicyInstancesByHostedZone", - "ListTrafficPolicyInstancesByPolicy", - "ListTrafficPolicyVersions", - "ListVPCAssociationAuthorizations", - "TestDNSAnswer", - "UpdateHealthCheck", - "UpdateHostedZoneComment", - "UpdateTrafficPolicyComment", - "UpdateTrafficPolicyInstance" + "ListTrafficPolicies", + "ListTrafficPolicyInstances", + "ListTrafficPolicyInstancesByHostedZone", + "ListTrafficPolicyInstancesByPolicy", + "ListTrafficPolicyVersions", + "ListVPCAssociationAuthorizations", + "TestDNSAnswer", + "UpdateHealthCheck", + "UpdateHostedZoneComment", + "UpdateTrafficPolicyComment", + "UpdateTrafficPolicyInstance" + ], + "HasResource": true, + "StringPrefix": "route53", + "conditionKeys": [ + "route53:ChangeResourceRecordSetsActions", + "route53:ChangeResourceRecordSetsNormalizedRecordNames", + "route53:ChangeResourceRecordSetsRecordTypes" + ] + }, + "Amazon Route 53 Application Recovery Controller - Zonal Shift": { + "ARNFormat": "arn:aws:arc-zonal-shift:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:arc-zonal-shift:.+:.+:.+", + "Actions": [ + "CancelZonalShift", + "GetManagedResource", + "ListManagedResources", + "ListZonalShifts", + "StartZonalShift", + "UpdateZonalShift" + ], + "HasResource": true, + "StringPrefix": "arc-zonal-shift", + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ] + }, + "Amazon Route 53 Domains": { + "Actions": [ + "AcceptDomainTransferFromAnotherAwsAccount", + "AssociateDelegationSignerToDomain", + "CancelDomainTransferToAnotherAwsAccount", + "CheckDomainAvailability", + "CheckDomainTransferability", + "DeleteDomain", + "DeleteTagsForDomain", + "DisableDomainAutoRenew", + "DisableDomainTransferLock", + "DisassociateDelegationSignerFromDomain", + "EnableDomainAutoRenew", + "EnableDomainTransferLock", + "GetContactReachabilityStatus", + "GetDomainDetail", + "GetDomainSuggestions", + "GetOperationDetail", + "ListDomains", + "ListOperations", + "ListPrices", + "ListTagsForDomain", + "PushDomain", + "RegisterDomain", + "RejectDomainTransferFromAnotherAwsAccount", + "RenewDomain", + "ResendContactReachabilityEmail", + "ResendOperationAuthorization", + "RetrieveDomainAuthCode", + "TransferDomain", + "TransferDomainToAnotherAwsAccount", + "UpdateDomainContact", + "UpdateDomainContactPrivacy", + "UpdateDomainNameservers", + "UpdateTagsForDomain", + "ViewBilling" + ], + "HasResource": false, + "StringPrefix": "route53domains" + }, + "Amazon Route 53 Recovery Cluster": { + "ARNFormat": "arn:aws:route53-recovery-control::${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:route53-recovery-control::.+:.+", + "Actions": [ + "GetRoutingControlState", + "ListRoutingControls", + "UpdateRoutingControlState", + "UpdateRoutingControlStates" + ], + "HasResource": true, + "StringPrefix": "route53-recovery-cluster", + "conditionKeys": [ + "route53-recovery-cluster:AllowSafetyRulesOverrides" + ] + }, + "Amazon Route 53 Recovery Controls": { + "ARNFormat": "arn:aws:route53-recovery-control::${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:route53-recovery-control::.+:.+", + "Actions": [ + "CreateCluster", + "CreateControlPanel", + "CreateRoutingControl", + "CreateSafetyRule", + "DeleteCluster", + "DeleteControlPanel", + "DeleteRoutingControl", + "DeleteSafetyRule", + "DescribeCluster", + "DescribeControlPanel", + "DescribeRoutingControl", + "DescribeRoutingControlByName", + "DescribeSafetyRule", + "GetResourcePolicy", + "ListAssociatedRoute53HealthChecks", + "ListClusters", + "ListControlPanels", + "ListRoutingControls", + "ListSafetyRules", + "ListTagsForResource", + "TagResource", + "UntagResource", + "UpdateControlPanel", + "UpdateRoutingControl", + "UpdateSafetyRule" + ], + "HasResource": true, + "StringPrefix": "route53-recovery-control-config", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] + }, + "Amazon Route 53 Recovery Readiness": { + "ARNFormat": "arn:aws:route53-recovery-readiness::${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:route53-recovery-readiness::.+:.+", + "Actions": [ + "CreateCell", + "CreateCrossAccountAuthorization", + "CreateReadinessCheck", + "CreateRecoveryGroup", + "CreateResourceSet", + "DeleteCell", + "DeleteCrossAccountAuthorization", + "DeleteReadinessCheck", + "DeleteRecoveryGroup", + "DeleteResourceSet", + "GetArchitectureRecommendations", + "GetCell", + "GetCellReadinessSummary", + "GetReadinessCheck", + "GetReadinessCheckResourceStatus", + "GetReadinessCheckStatus", + "GetRecoveryGroup", + "GetRecoveryGroupReadinessSummary", + "GetResourceSet", + "ListCells", + "ListCrossAccountAuthorizations", + "ListReadinessChecks", + "ListRecoveryGroups", + "ListResourceSets", + "ListRules", + "ListTagsForResources", + "TagResource", + "UntagResource", + "UpdateCell", + "UpdateReadinessCheck", + "UpdateRecoveryGroup", + "UpdateResourceSet" ], "HasResource": true, - "StringPrefix": "route53" + "StringPrefix": "route53-recovery-readiness", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "Amazon Route 53 Resolver": { - "ARNFormat": "arn:aws:route53resolver:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource-id\u003e", + "ARNFormat": "arn:aws:route53resolver:${Region}:${Account}:${ResourceType}/${ResourceId}", "ARNRegex": "^arn:aws:route53resolver:.+:.+:.+", "Actions": [ + "AssociateFirewallRuleGroup", "AssociateResolverEndpointIpAddress", + "AssociateResolverQueryLogConfig", "AssociateResolverRule", + "CreateFirewallDomainList", + "CreateFirewallRule", + "CreateFirewallRuleGroup", + "CreateOutpostResolver", "CreateResolverEndpoint", + "CreateResolverQueryLogConfig", "CreateResolverRule", + "DeleteFirewallDomainList", + "DeleteFirewallRule", + "DeleteFirewallRuleGroup", + "DeleteOutpostResolver", "DeleteResolverEndpoint", + "DeleteResolverQueryLogConfig", "DeleteResolverRule", + "DisassociateFirewallRuleGroup", "DisassociateResolverEndpointIpAddress", + "DisassociateResolverQueryLogConfig", "DisassociateResolverRule", + "GetFirewallConfig", + "GetFirewallDomainList", + "GetFirewallRuleGroup", + "GetFirewallRuleGroupAssociation", + "GetFirewallRuleGroupPolicy", + "GetOutpostResolver", + "GetResolverConfig", + "GetResolverDnssecConfig", "GetResolverEndpoint", + "GetResolverQueryLogConfig", + "GetResolverQueryLogConfigAssociation", + "GetResolverQueryLogConfigPolicy", "GetResolverRule", "GetResolverRuleAssociation", "GetResolverRulePolicy", + "ImportFirewallDomains", + "ListFirewallConfigs", + "ListFirewallDomainLists", + "ListFirewallDomains", + "ListFirewallRuleGroupAssociations", + "ListFirewallRuleGroups", + "ListFirewallRules", + "ListOutpostResolvers", + "ListResolverConfigs", + "ListResolverDnssecConfigs", "ListResolverEndpointIpAddresses", "ListResolverEndpoints", + "ListResolverQueryLogConfigAssociations", + "ListResolverQueryLogConfigs", "ListResolverRuleAssociations", "ListResolverRules", "ListTagsForResource", + "PutFirewallRuleGroupPolicy", + "PutResolverQueryLogConfigPolicy", "PutResolverRulePolicy", "TagResource", "UntagResource", + "UpdateFirewallConfig", + "UpdateFirewallDomains", + "UpdateFirewallRule", + "UpdateFirewallRuleGroupAssociation", + "UpdateOutpostResolver", + "UpdateResolverConfig", + "UpdateResolverDnssecConfig", "UpdateResolverEndpoint", "UpdateResolverRule" ], @@ -8569,58 +18743,44 @@ "aws:TagKeys" ] }, - "Amazon Route53 Domains": { - "Actions": [ - "CheckDomainAvailability", - "DeleteTagsForDomain", - "DisableDomainAutoRenew", - "DisableDomainTransferLock", - "EnableDomainAutoRenew", - "EnableDomainTransferLock", - "GetContactReachabilityStatus", - "GetDomainDetail", - "GetDomainSuggestions", - "GetOperationDetail", - "ListDomains", - "ListOperations", - "ListTagsForDomain", - "RegisterDomain", - "RenewDomain", - "ResendContactReachabilityEmail", - "RetrieveDomainAuthCode", - "TransferDomain", - "UpdateDomainContact", - "UpdateDomainContactPrivacy", - "UpdateDomainNameservers", - "UpdateTagsForDomain", - "ViewBilling" - ], - "HasResource": false, - "StringPrefix": "route53domains" - }, "Amazon S3": { - "ARNFormat": "arn:aws:s3:::\u003cbucket_name\u003e/\u003ckey_name\u003e", + "ARNFormat": "arn:aws:s3:::${BucketName}/${KeyName}", "ARNRegex": "^arn:aws:s3:::.+", "Actions": [ "AbortMultipartUpload", "BypassGovernanceRetention", "CreateAccessPoint", + "CreateAccessPointForObjectLambda", "CreateBucket", "CreateJob", + "CreateMultiRegionAccessPoint", + "CreateStorageLensGroup", "DeleteAccessPoint", + "DeleteAccessPointForObjectLambda", "DeleteAccessPointPolicy", + "DeleteAccessPointPolicyForObjectLambda", "DeleteBucket", "DeleteBucketPolicy", "DeleteBucketWebsite", + "DeleteJobTagging", + "DeleteMultiRegionAccessPoint", "DeleteObject", "DeleteObjectTagging", "DeleteObjectVersion", "DeleteObjectVersionTagging", + "DeleteStorageLensConfiguration", + "DeleteStorageLensConfigurationTagging", + "DeleteStorageLensGroup", "DescribeJob", + "DescribeMultiRegionAccessPointOperation", "GetAccelerateConfiguration", "GetAccessPoint", + "GetAccessPointConfigurationForObjectLambda", + "GetAccessPointForObjectLambda", "GetAccessPointPolicy", + "GetAccessPointPolicyForObjectLambda", "GetAccessPointPolicyStatus", + "GetAccessPointPolicyStatusForObjectLambda", "GetAccountPublicAccessBlock", "GetAnalyticsConfiguration", "GetBucketAcl", @@ -8629,117 +18789,317 @@ "GetBucketLogging", "GetBucketNotification", "GetBucketObjectLockConfiguration", + "GetBucketOwnershipControls", + "GetBucketPolicy", + "GetBucketPolicyStatus", + "GetBucketPublicAccessBlock", + "GetBucketRequestPayment", + "GetBucketTagging", + "GetBucketVersioning", + "GetBucketWebsite", + "GetEncryptionConfiguration", + "GetIntelligentTieringConfiguration", + "GetInventoryConfiguration", + "GetJobTagging", + "GetLifecycleConfiguration", + "GetMetricsConfiguration", + "GetMultiRegionAccessPoint", + "GetMultiRegionAccessPointPolicy", + "GetMultiRegionAccessPointPolicyStatus", + "GetMultiRegionAccessPointRoutes", + "GetObject", + "GetObjectAcl", + "GetObjectAttributes", + "GetObjectLegalHold", + "GetObjectRetention", + "GetObjectTagging", + "GetObjectTorrent", + "GetObjectVersion", + "GetObjectVersionAcl", + "GetObjectVersionAttributes", + "GetObjectVersionForReplication", + "GetObjectVersionTagging", + "GetObjectVersionTorrent", + "GetReplicationConfiguration", + "GetStorageLensConfiguration", + "GetStorageLensConfigurationTagging", + "GetStorageLensDashboard", + "GetStorageLensGroup", + "InitiateReplication", + "ListAccessPoints", + "ListAccessPointsForObjectLambda", + "ListAllMyBuckets", + "ListBucket", + "ListBucketMultipartUploads", + "ListBucketVersions", + "ListJobs", + "ListMultiRegionAccessPoints", + "ListMultipartUploadParts", + "ListStorageLensConfigurations", + "ListStorageLensGroups", + "ListTagsForResource", + "ObjectOwnerOverrideToBucketOwner", + "PutAccelerateConfiguration", + "PutAccessPointConfigurationForObjectLambda", + "PutAccessPointPolicy", + "PutAccessPointPolicyForObjectLambda", + "PutAccessPointPublicAccessBlock", + "PutAccountPublicAccessBlock", + "PutAnalyticsConfiguration", + "PutBucketAcl", + "PutBucketCORS", + "PutBucketLogging", + "PutBucketNotification", + "PutBucketObjectLockConfiguration", + "PutBucketOwnershipControls", + "PutBucketPolicy", + "PutBucketPublicAccessBlock", + "PutBucketRequestPayment", + "PutBucketTagging", + "PutBucketVersioning", + "PutBucketWebsite", + "PutEncryptionConfiguration", + "PutIntelligentTieringConfiguration", + "PutInventoryConfiguration", + "PutJobTagging", + "PutLifecycleConfiguration", + "PutMetricsConfiguration", + "PutMultiRegionAccessPointPolicy", + "PutObject", + "PutObjectAcl", + "PutObjectLegalHold", + "PutObjectRetention", + "PutObjectTagging", + "PutObjectVersionAcl", + "PutObjectVersionTagging", + "PutReplicationConfiguration", + "PutStorageLensConfiguration", + "PutStorageLensConfigurationTagging", + "ReplicateDelete", + "ReplicateObject", + "ReplicateTags", + "RestoreObject", + "SubmitMultiRegionAccessPointRoutes", + "TagResource", + "UntagResource", + "UpdateJobPriority", + "UpdateJobStatus", + "UpdateStorageLensGroup" + ], + "HasResource": true, + "StringPrefix": "s3", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "s3:AccessPointNetworkOrigin", + "s3:DataAccessPointAccount", + "s3:DataAccessPointArn", + "s3:ExistingJobOperation", + "s3:ExistingJobPriority", + "s3:ExistingObjectTag/\u003ckey\u003e", + "s3:JobSuspendedCause", + "s3:RequestJobOperation", + "s3:RequestJobPriority", + "s3:RequestObjectTag/\u003ckey\u003e", + "s3:RequestObjectTagKeys", + "s3:ResourceAccount", + "s3:TlsVersion", + "s3:authType", + "s3:delimiter", + "s3:locationconstraint", + "s3:max-keys", + "s3:object-lock-legal-hold", + "s3:object-lock-mode", + "s3:object-lock-remaining-retention-days", + "s3:object-lock-retain-until-date", + "s3:prefix", + "s3:signatureAge", + "s3:signatureversion", + "s3:versionid", + "s3:x-amz-acl", + "s3:x-amz-content-sha256", + "s3:x-amz-copy-source", + "s3:x-amz-grant-full-control", + "s3:x-amz-grant-read", + "s3:x-amz-grant-read-acp", + "s3:x-amz-grant-write", + "s3:x-amz-grant-write-acp", + "s3:x-amz-metadata-directive", + "s3:x-amz-object-ownership", + "s3:x-amz-server-side-encryption", + "s3:x-amz-server-side-encryption-aws-kms-key-id", + "s3:x-amz-server-side-encryption-customer-algorithm", + "s3:x-amz-storage-class", + "s3:x-amz-website-redirect-location" + ] + }, + "Amazon S3 Glacier": { + "ARNFormat": "arn:aws:glacier:${Region}:${Account}:vault/${VaultName}", + "ARNRegex": "^arn:aws:glacier:.+:.+:.+", + "Actions": [ + "AbortMultipartUpload", + "AbortVaultLock", + "AddTagsToVault", + "CompleteMultipartUpload", + "CompleteVaultLock", + "CreateVault", + "DeleteArchive", + "DeleteVault", + "DeleteVaultAccessPolicy", + "DeleteVaultNotifications", + "DescribeJob", + "DescribeVault", + "GetDataRetrievalPolicy", + "GetJobOutput", + "GetVaultAccessPolicy", + "GetVaultLock", + "GetVaultNotifications", + "InitiateJob", + "InitiateMultipartUpload", + "InitiateVaultLock", + "ListJobs", + "ListMultipartUploads", + "ListParts", + "ListProvisionedCapacity", + "ListTagsForVault", + "ListVaults", + "PurchaseProvisionedCapacity", + "RemoveTagsFromVault", + "SetDataRetrievalPolicy", + "SetVaultAccessPolicy", + "SetVaultNotifications", + "UploadArchive", + "UploadMultipartPart" + ], + "HasResource": true, + "StringPrefix": "glacier", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "glacier:ArchiveAgeInDays", + "glacier:ResourceTag/" + ] + }, + "Amazon S3 Object Lambda": { + "ARNFormat": "arn:aws:s3-object-lambda:::accesspoint/${AccessPointName}", + "ARNRegex": "^arn:aws:s3-object-lambda:::.+", + "Actions": [ + "AbortMultipartUpload", + "DeleteObject", + "DeleteObjectTagging", + "DeleteObjectVersion", + "DeleteObjectVersionTagging", + "GetObject", + "GetObjectAcl", + "GetObjectLegalHold", + "GetObjectRetention", + "GetObjectTagging", + "GetObjectVersion", + "GetObjectVersionAcl", + "GetObjectVersionTagging", + "ListBucket", + "ListBucketMultipartUploads", + "ListBucketVersions", + "ListMultipartUploadParts", + "PutObject", + "PutObjectAcl", + "PutObjectLegalHold", + "PutObjectRetention", + "PutObjectTagging", + "PutObjectVersionAcl", + "PutObjectVersionTagging", + "RestoreObject", + "WriteGetObjectResponse" + ], + "HasResource": true, + "StringPrefix": "s3-object-lambda", + "conditionKeys": [ + "s3-object-lambda:TlsVersion", + "s3-object-lambda:authType", + "s3-object-lambda:signatureAge", + "s3-object-lambda:versionid" + ] + }, + "Amazon S3 on Outposts": { + "ARNFormat": "arn:aws:s3-outposts:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:s3-outposts:.+", + "Actions": [ + "AbortMultipartUpload", + "CreateAccessPoint", + "CreateBucket", + "CreateEndpoint", + "DeleteAccessPoint", + "DeleteAccessPointPolicy", + "DeleteBucket", + "DeleteBucketPolicy", + "DeleteEndpoint", + "DeleteObject", + "DeleteObjectTagging", + "DeleteObjectVersion", + "DeleteObjectVersionTagging", + "GetAccessPoint", + "GetAccessPointPolicy", + "GetBucket", "GetBucketPolicy", - "GetBucketPolicyStatus", - "GetBucketPublicAccessBlock", - "GetBucketRequestPayment", "GetBucketTagging", "GetBucketVersioning", - "GetBucketWebsite", - "GetEncryptionConfiguration", - "GetInventoryConfiguration", "GetLifecycleConfiguration", - "GetMetricsConfiguration", "GetObject", - "GetObjectAcl", - "GetObjectLegalHold", - "GetObjectRetention", "GetObjectTagging", - "GetObjectTorrent", "GetObjectVersion", - "GetObjectVersionAcl", "GetObjectVersionForReplication", "GetObjectVersionTagging", - "GetObjectVersionTorrent", "GetReplicationConfiguration", - "HeadBucket", "ListAccessPoints", - "ListAllMyBuckets", "ListBucket", "ListBucketMultipartUploads", "ListBucketVersions", - "ListJobs", + "ListEndpoints", "ListMultipartUploadParts", - "ObjectOwnerOverrideToBucketOwner", - "PutAccelerateConfiguration", + "ListOutpostsWithS3", + "ListRegionalBuckets", + "ListSharedEndpoints", "PutAccessPointPolicy", - "PutAccountPublicAccessBlock", - "PutAnalyticsConfiguration", - "PutBucketAcl", - "PutBucketCORS", - "PutBucketLogging", - "PutBucketNotification", - "PutBucketObjectLockConfiguration", "PutBucketPolicy", - "PutBucketPublicAccessBlock", - "PutBucketRequestPayment", "PutBucketTagging", "PutBucketVersioning", - "PutBucketWebsite", - "PutEncryptionConfiguration", - "PutInventoryConfiguration", "PutLifecycleConfiguration", - "PutMetricsConfiguration", "PutObject", "PutObjectAcl", - "PutObjectLegalHold", - "PutObjectRetention", "PutObjectTagging", - "PutObjectVersionAcl", "PutObjectVersionTagging", "PutReplicationConfiguration", "ReplicateDelete", "ReplicateObject", - "ReplicateTags", - "RestoreObject", - "UpdateJobPriority", - "UpdateJobStatus" + "ReplicateTags" ], "HasResource": true, - "StringPrefix": "s3", + "StringPrefix": "s3-outposts", "conditionKeys": [ - "s3:AccessPointNetworkOrigin", - "s3:DataAccessPointAccount", - "s3:DataAccessPointArn", - "s3:ExistingJobOperation", - "s3:ExistingJobPriority", - "s3:ExistingObjectTag/\u003ckey\u003e", - "s3:JobSuspendedCause", - "s3:LocationConstraint", - "s3:RequestJobOperation", - "s3:RequestJobPriority", - "s3:RequestObjectTag/\u003ckey\u003e", - "s3:RequestObjectTagKeys", - "s3:VersionId", - "s3:authtype", - "s3:delimiter", - "s3:locationconstraint", - "s3:max-keys", - "s3:object-lock-legal-hold", - "s3:object-lock-mode", - "s3:object-lock-remaining-retention-days", - "s3:object-lock-retain-until-date", - "s3:prefix", - "s3:signatureage", - "s3:signatureversion", - "s3:versionid", - "s3:x-amz-acl", - "s3:x-amz-content-sha256", - "s3:x-amz-copy-source", - "s3:x-amz-grant-full-control", - "s3:x-amz-grant-read", - "s3:x-amz-grant-read-acp", - "s3:x-amz-grant-write", - "s3:x-amz-grant-write-acp", - "s3:x-amz-metadata-directive", - "s3:x-amz-server-side-encryption", - "s3:x-amz-server-side-encryption-aws-kms-key-id", - "s3:x-amz-storage-class", - "s3:x-amz-website-redirect-location" + "s3-outposts:AccessPointNetworkOrigin", + "s3-outposts:DataAccessPointAccount", + "s3-outposts:DataAccessPointArn", + "s3-outposts:ExistingObjectTag/\u003ckey\u003e", + "s3-outposts:RequestObjectTag/\u003ckey\u003e", + "s3-outposts:RequestObjectTagKeys", + "s3-outposts:authType", + "s3-outposts:delimiter", + "s3-outposts:max-keys", + "s3-outposts:prefix", + "s3-outposts:signatureAge", + "s3-outposts:signatureversion", + "s3-outposts:versionid", + "s3-outposts:x-amz-acl", + "s3-outposts:x-amz-content-sha256", + "s3-outposts:x-amz-copy-source", + "s3-outposts:x-amz-metadata-directive", + "s3-outposts:x-amz-server-side-encryption", + "s3-outposts:x-amz-storage-class" ] }, "Amazon SES": { - "ARNFormat": "arn:aws:ses:\u003cregion\u003e:\u003caccount_ID\u003e:\u003carn_type\u003e/\u003cresource_id\u003e", + "ARNFormat": "arn:aws:ses:${Region}:${Account}:${ResourceType}/${ResourceId}", "ARNRegex": "^arn:aws:ses:.+:[0-9]+:.+", "Actions": [ "CloneReceiptRuleSet", @@ -8784,6 +19144,7 @@ "ListReceiptRuleSets", "ListTemplates", "ListVerifiedEmailAddresses", + "PutConfigurationSetDeliveryOptions", "PutIdentityPolicy", "ReorderReceiptRuleSet", "SendBounce", @@ -8816,6 +19177,7 @@ "HasResource": true, "StringPrefix": "ses", "conditionKeys": [ + "ses:ApiVersion", "ses:FeedbackAddress", "ses:FromAddress", "ses:FromDisplayName", @@ -8823,7 +19185,7 @@ ] }, "Amazon SNS": { - "ARNFormat": "arn:aws:sns:\u003cregion\u003e:\u003caccount_ID\u003e:\u003ctopic_name\u003e", + "ARNFormat": "arn:aws:sns:${Region}:${Account}:${TopicName}", "ARNRegex": "^arn:aws:sns:.+", "Actions": [ "AddPermission", @@ -8831,24 +19193,31 @@ "ConfirmSubscription", "CreatePlatformApplication", "CreatePlatformEndpoint", + "CreateSMSSandboxPhoneNumber", "CreateTopic", "DeleteEndpoint", "DeletePlatformApplication", + "DeleteSMSSandboxPhoneNumber", "DeleteTopic", + "GetDataProtectionPolicy", "GetEndpointAttributes", "GetPlatformApplicationAttributes", "GetSMSAttributes", + "GetSMSSandboxAccountStatus", "GetSubscriptionAttributes", "GetTopicAttributes", "ListEndpointsByPlatformApplication", + "ListOriginationNumbers", "ListPhoneNumbersOptedOut", "ListPlatformApplications", + "ListSMSSandboxPhoneNumbers", "ListSubscriptions", "ListSubscriptionsByTopic", "ListTagsForResource", "ListTopics", "OptInPhoneNumber", "Publish", + "PutDataProtectionPolicy", "RemovePermission", "SetEndpointAttributes", "SetPlatformApplicationAttributes", @@ -8858,119 +19227,223 @@ "Subscribe", "TagResource", "Unsubscribe", - "UntagResource" + "UntagResource", + "VerifySMSSandboxPhoneNumber" ], "HasResource": true, "StringPrefix": "sns", "conditionKeys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys", "sns:Endpoint", "sns:Protocol" ] }, "Amazon SQS": { - "ARNFormat": "arn:aws:sqs:\u003cregion\u003e:\u003caccount_ID\u003e:\u003cqueue_name\u003e", + "ARNFormat": "arn:aws:sqs:${Region}:${Account}:${QueueName}", "ARNRegex": "^arn:aws:sqs:.+", "Actions": [ "AddPermission", + "CancelMessageMoveTask", "ChangeMessageVisibility", - "ChangeMessageVisibilityBatch", "CreateQueue", "DeleteMessage", - "DeleteMessageBatch", "DeleteQueue", "GetQueueAttributes", "GetQueueUrl", "ListDeadLetterSourceQueues", + "ListMessageMoveTasks", "ListQueueTags", "ListQueues", "PurgeQueue", "ReceiveMessage", "RemovePermission", "SendMessage", - "SendMessageBatch", "SetQueueAttributes", + "StartMessageMoveTask", "TagQueue", "UntagQueue" ], "HasResource": true, - "StringPrefix": "sqs" + "StringPrefix": "sqs", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, "Amazon SageMaker": { - "ARNFormat": "arn:aws:sagemaker:\u003cregion\u003e:\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", - "ARNRegex": "^arn:${Partition}:sagemaker:.+", + "ARNFormat": "arn:aws:sagemaker:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:sagemaker:.+", "Actions": [ + "AddAssociation", "AddTags", "AssociateTrialComponent", + "BatchDescribeModelPackage", "BatchGetMetrics", + "BatchGetRecord", "BatchPutMetrics", + "CreateAction", "CreateAlgorithm", "CreateApp", + "CreateAppImageConfig", + "CreateArtifact", "CreateAutoMLJob", + "CreateAutoMLJobV2", "CreateCodeRepository", "CreateCompilationJob", + "CreateContext", + "CreateDataQualityJobDefinition", + "CreateDeviceFleet", "CreateDomain", + "CreateEdgeDeploymentPlan", + "CreateEdgeDeploymentStage", + "CreateEdgePackagingJob", "CreateEndpoint", "CreateEndpointConfig", "CreateExperiment", + "CreateFeatureGroup", "CreateFlowDefinition", + "CreateHub", "CreateHumanTaskUi", "CreateHyperParameterTuningJob", + "CreateImage", + "CreateImageVersion", + "CreateInferenceComponent", + "CreateInferenceExperiment", + "CreateInferenceRecommendationsJob", "CreateLabelingJob", + "CreateLineageGroupPolicy", "CreateModel", + "CreateModelBiasJobDefinition", + "CreateModelCard", + "CreateModelCardExportJob", + "CreateModelExplainabilityJobDefinition", "CreateModelPackage", + "CreateModelPackageGroup", + "CreateModelQualityJobDefinition", "CreateMonitoringSchedule", "CreateNotebookInstance", "CreateNotebookInstanceLifecycleConfig", + "CreatePipeline", "CreatePresignedDomainUrl", "CreatePresignedNotebookInstanceUrl", "CreateProcessingJob", + "CreateProject", + "CreateSharedModel", + "CreateSpace", + "CreateStudioLifecycleConfig", "CreateTrainingJob", "CreateTransformJob", "CreateTrial", "CreateTrialComponent", "CreateUserProfile", + "CreateWorkforce", "CreateWorkteam", + "DeleteAction", "DeleteAlgorithm", "DeleteApp", + "DeleteAppImageConfig", + "DeleteArtifact", + "DeleteAssociation", "DeleteCodeRepository", + "DeleteContext", + "DeleteDataQualityJobDefinition", + "DeleteDeviceFleet", "DeleteDomain", + "DeleteEdgeDeploymentPlan", + "DeleteEdgeDeploymentStage", "DeleteEndpoint", "DeleteEndpointConfig", "DeleteExperiment", + "DeleteFeatureGroup", "DeleteFlowDefinition", + "DeleteHub", + "DeleteHubContent", "DeleteHumanLoop", + "DeleteHumanTaskUi", + "DeleteImage", + "DeleteImageVersion", + "DeleteInferenceComponent", + "DeleteInferenceExperiment", + "DeleteLineageGroupPolicy", "DeleteModel", + "DeleteModelBiasJobDefinition", + "DeleteModelCard", + "DeleteModelExplainabilityJobDefinition", "DeleteModelPackage", + "DeleteModelPackageGroup", + "DeleteModelPackageGroupPolicy", + "DeleteModelQualityJobDefinition", "DeleteMonitoringSchedule", "DeleteNotebookInstance", "DeleteNotebookInstanceLifecycleConfig", + "DeletePipeline", + "DeleteProject", + "DeleteRecord", + "DeleteSpace", + "DeleteStudioLifecycleConfig", "DeleteTags", "DeleteTrial", "DeleteTrialComponent", "DeleteUserProfile", + "DeleteWorkforce", "DeleteWorkteam", + "DeregisterDevices", + "DescribeAction", "DescribeAlgorithm", "DescribeApp", + "DescribeAppImageConfig", + "DescribeArtifact", "DescribeAutoMLJob", + "DescribeAutoMLJobV2", "DescribeCodeRepository", "DescribeCompilationJob", + "DescribeContext", + "DescribeDataQualityJobDefinition", + "DescribeDevice", + "DescribeDeviceFleet", "DescribeDomain", + "DescribeEdgeDeploymentPlan", + "DescribeEdgePackagingJob", "DescribeEndpoint", "DescribeEndpointConfig", "DescribeExperiment", + "DescribeFeatureGroup", + "DescribeFeatureMetadata", "DescribeFlowDefinition", + "DescribeHub", + "DescribeHubContent", "DescribeHumanLoop", "DescribeHumanTaskUi", "DescribeHyperParameterTuningJob", + "DescribeImage", + "DescribeImageVersion", + "DescribeInferenceComponent", + "DescribeInferenceExperiment", + "DescribeInferenceRecommendationsJob", "DescribeLabelingJob", + "DescribeLineageGroup", "DescribeModel", + "DescribeModelBiasJobDefinition", + "DescribeModelCard", + "DescribeModelCardExportJob", + "DescribeModelExplainabilityJobDefinition", "DescribeModelPackage", + "DescribeModelPackageGroup", + "DescribeModelQualityJobDefinition", "DescribeMonitoringSchedule", "DescribeNotebookInstance", "DescribeNotebookInstanceLifecycleConfig", + "DescribePipeline", + "DescribePipelineDefinitionForExecution", + "DescribePipelineExecution", "DescribeProcessingJob", + "DescribeProject", + "DescribeSharedModel", + "DescribeSpace", + "DescribeStudioLifecycleConfig", "DescribeSubscribedWorkteam", "DescribeTrainingJob", "DescribeTransformJob", @@ -8979,32 +19452,89 @@ "DescribeUserProfile", "DescribeWorkforce", "DescribeWorkteam", + "DisableSagemakerServicecatalogPortfolio", "DisassociateTrialComponent", + "EnableSagemakerServicecatalogPortfolio", + "GetDeployments", + "GetDeviceFleetReport", + "GetDeviceRegistration", + "GetLineageGroupPolicy", + "GetModelPackageGroupPolicy", + "GetRecord", + "GetSagemakerServicecatalogPortfolioStatus", + "GetScalingConfigurationRecommendation", "GetSearchSuggestions", + "ImportHubContent", "InvokeEndpoint", + "InvokeEndpointAsync", + "InvokeEndpointWithResponseStream", + "ListActions", "ListAlgorithms", + "ListAliases", + "ListAppImageConfigs", "ListApps", + "ListArtifacts", + "ListAssociations", "ListAutoMLJobs", "ListCandidatesForAutoMLJob", "ListCodeRepositories", "ListCompilationJobs", + "ListContexts", + "ListDataQualityJobDefinitions", + "ListDeviceFleets", + "ListDevices", "ListDomains", + "ListEdgeDeploymentPlans", + "ListEdgePackagingJobs", "ListEndpointConfigs", "ListEndpoints", "ListExperiments", + "ListFeatureGroups", "ListFlowDefinitions", + "ListHubContentVersions", + "ListHubContents", + "ListHubs", "ListHumanLoops", "ListHumanTaskUis", "ListHyperParameterTuningJobs", + "ListImageVersions", + "ListImages", + "ListInferenceComponents", + "ListInferenceExperiments", + "ListInferenceRecommendationsJobSteps", + "ListInferenceRecommendationsJobs", "ListLabelingJobs", "ListLabelingJobsForWorkteam", + "ListLineageGroups", + "ListModelBiasJobDefinitions", + "ListModelCardExportJobs", + "ListModelCardVersions", + "ListModelCards", + "ListModelExplainabilityJobDefinitions", + "ListModelMetadata", + "ListModelPackageGroups", "ListModelPackages", + "ListModelQualityJobDefinitions", "ListModels", + "ListMonitoringAlertHistory", + "ListMonitoringAlerts", "ListMonitoringExecutions", "ListMonitoringSchedules", "ListNotebookInstanceLifecycleConfigs", "ListNotebookInstances", + "ListPipelineExecutionSteps", + "ListPipelineExecutions", + "ListPipelineParametersForExecution", + "ListPipelines", "ListProcessingJobs", + "ListProjects", + "ListResourceCatalogs", + "ListSharedModelEvents", + "ListSharedModelVersions", + "ListSharedModels", + "ListSpaces", + "ListStageDevices", + "ListStudioLifecycleConfigs", "ListSubscribedWorkteams", "ListTags", "ListTrainingJobs", @@ -9013,30 +19543,72 @@ "ListTrialComponents", "ListTrials", "ListUserProfiles", + "ListWorkforces", "ListWorkteams", + "PutLineageGroupPolicy", + "PutModelPackageGroupPolicy", + "PutRecord", + "QueryLineage", + "RegisterDevices", "RenderUiTemplate", + "RetryPipelineExecution", "Search", + "SendHeartbeat", + "SendPipelineExecutionStepFailure", + "SendPipelineExecutionStepSuccess", + "SendSharedModelEvent", + "StartEdgeDeploymentStage", "StartHumanLoop", + "StartInferenceExperiment", "StartMonitoringSchedule", "StartNotebookInstance", + "StartPipelineExecution", "StopAutoMLJob", "StopCompilationJob", + "StopEdgeDeploymentStage", + "StopEdgePackagingJob", "StopHumanLoop", "StopHyperParameterTuningJob", + "StopInferenceExperiment", + "StopInferenceRecommendationsJob", "StopLabelingJob", "StopMonitoringSchedule", "StopNotebookInstance", + "StopPipelineExecution", "StopProcessingJob", "StopTrainingJob", "StopTransformJob", + "UpdateAction", + "UpdateAppImageConfig", + "UpdateArtifact", "UpdateCodeRepository", + "UpdateContext", + "UpdateDeviceFleet", + "UpdateDevices", "UpdateDomain", "UpdateEndpoint", "UpdateEndpointWeightsAndCapacities", "UpdateExperiment", + "UpdateFeatureGroup", + "UpdateFeatureMetadata", + "UpdateHub", + "UpdateImage", + "UpdateImageVersion", + "UpdateInferenceComponent", + "UpdateInferenceComponentRuntimeConfig", + "UpdateInferenceExperiment", + "UpdateModelCard", + "UpdateModelPackage", + "UpdateMonitoringAlert", "UpdateMonitoringSchedule", "UpdateNotebookInstance", "UpdateNotebookInstanceLifecycleConfig", + "UpdatePipeline", + "UpdatePipelineExecution", + "UpdateProject", + "UpdateSharedModel", + "UpdateSpace", + "UpdateTrainingJob", "UpdateTrial", "UpdateTrialComponent", "UpdateUserProfile", @@ -9050,23 +19622,40 @@ "aws:ResourceTag/${TagKey}", "aws:TagKeys", "sagemaker:AcceleratorTypes", - "sagemaker:AppNetworkAccess", + "sagemaker:AppNetworkAccessType", + "sagemaker:CustomerMetadataProperties/${MetadataKey}", + "sagemaker:CustomerMetadataPropertiesToRemove", "sagemaker:DirectInternetAccess", "sagemaker:DomainSharingOutputKmsKey", + "sagemaker:FeatureGroupDisableGlueTableCreation", + "sagemaker:FeatureGroupEnableOnlineStore", + "sagemaker:FeatureGroupOfflineStoreConfig", + "sagemaker:FeatureGroupOfflineStoreKmsKey", + "sagemaker:FeatureGroupOfflineStoreS3Uri", + "sagemaker:FeatureGroupOnlineStoreKmsKey", "sagemaker:FileSystemAccessMode", "sagemaker:FileSystemDirectoryPath", "sagemaker:FileSystemId", "sagemaker:FileSystemType", "sagemaker:HomeEfsFileSystemKmsKey", + "sagemaker:ImageArns", + "sagemaker:ImageVersionArns", "sagemaker:InstanceTypes", "sagemaker:InterContainerTrafficEncryption", + "sagemaker:KeepAlivePeriod", "sagemaker:MaxRuntimeInSeconds", + "sagemaker:MinimumInstanceMetadataServiceVersion", + "sagemaker:ModelApprovalStatus", "sagemaker:ModelArn", "sagemaker:NetworkIsolation", "sagemaker:OutputKmsKey", "sagemaker:ResourceTag/", "sagemaker:ResourceTag/${TagKey}", "sagemaker:RootAccess", + "sagemaker:ServerlessMaxConcurrency", + "sagemaker:ServerlessMemorySize", + "sagemaker:TaggingAction", + "sagemaker:TargetModel", "sagemaker:VolumeKmsKey", "sagemaker:VpcSecurityGroupIds", "sagemaker:VpcSubnets", @@ -9074,1063 +19663,1164 @@ "sagemaker:WorkteamType" ] }, - "Amazon Session Manager Message Gateway Service": { + "Amazon SageMaker Ground Truth Synthetic": { + "ARNFormat": "arn:${Partition}:sagemaker-groundtruth-synthetic:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:${Partition}:sagemaker-groundtruth-synthetic:.+", "Actions": [ - "CreateControlChannel", - "CreateDataChannel", - "OpenControlChannel", - "OpenDataChannel" + "CreateProject", + "DeleteProject", + "GetAccountDetails", + "GetBatch", + "GetProject", + "ListBatchDataTransfers", + "ListBatchSummaries", + "ListProjectDataTransfers", + "ListProjectSummaries", + "StartBatchDataTransfer", + "StartProjectDataTransfer", + "UpdateBatch" ], "HasResource": false, - "StringPrefix": "ssmmessages" - }, - "Amazon Simple Workflow Service": { - "ARNFormat": "arn:aws:swf:\u003cregion\u003e:\u003caccount\u003e:/\u003cdomain\u003e/\u003cdomainName\u003e", - "ARNRegex": "^arn:aws:swf:.+", - "Actions": [ - "CancelTimer", - "CancelWorkflowExecution", - "CompleteWorkflowExecution", - "ContinueAsNewWorkflowExecution", - "CountClosedWorkflowExecutions", - "CountOpenWorkflowExecutions", - "CountPendingActivityTasks", - "CountPendingDecisionTasks", - "DeprecateActivityType", - "DeprecateDomain", - "DeprecateWorkflowType", - "DescribeActivityType", - "DescribeDomain", - "DescribeWorkflowExecution", - "DescribeWorkflowType", - "FailWorkflowExecution", - "GetWorkflowExecutionHistory", - "ListActivityTypes", - "ListClosedWorkflowExecutions", - "ListDomains", - "ListOpenWorkflowExecutions", - "ListTagsForResource", - "ListWorkflowTypes", - "PollForActivityTask", - "PollForDecisionTask", - "RecordActivityTaskHeartbeat", - "RecordMarker", - "RegisterActivityType", - "RegisterDomain", - "RegisterWorkflowType", - "RequestCancelActivityTask", - "RequestCancelExternalWorkflowExecution", - "RequestCancelWorkflowExecution", - "RespondActivityTaskCanceled", - "RespondActivityTaskCompleted", - "RespondActivityTaskFailed", - "RespondDecisionTaskCompleted", - "ScheduleActivityTask", - "SignalExternalWorkflowExecution", - "SignalWorkflowExecution", - "StartChildWorkflowExecution", - "StartTimer", - "StartWorkflowExecution", - "TagResource", - "TerminateWorkflowExecution", - "UntagResource" - ], - "HasResource": true, - "StringPrefix": "swf", - "conditionKeys": [ - " swf:workflowType.name", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "swf:activityType.name", - "swf:activityType.version", - "swf:defaultTaskList.name", - "swf:name", - "swf:tagFilter.tag", - "swf:tagList.member.0", - "swf:tagList.member.1", - "swf:tagList.member.2", - "swf:tagList.member.3", - "swf:tagList.member.4", - "swf:taskList.name", - "swf:typeFilter.name", - "swf:typeFilter.version", - "swf:version", - "swf:workflowType.name", - "swf:workflowType.version" - ] - }, - "Amazon SimpleDB": { - "ARNFormat": "arn:aws:sdb:\u003cregion\u003e:\u003caccount_ID\u003e:domain/\u003cdomain_name\u003e", - "ARNRegex": "^arn:aws:sdb:.+", - "Actions": [ - "BatchDeleteAttributes", - "BatchPutAttributes", - "CreateDomain", - "DeleteAttributes", - "DeleteDomain", - "DomainMetadata", - "GetAttributes", - "ListDomains", - "PutAttributes", - "Select" - ], - "HasResource": true, - "StringPrefix": "sdb" - }, - "Amazon Storage Gateway": { - "ARNFormat": "arn:aws:storagegateway:us-east-1:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceName\u003e", - "ARNRegex": "^arn:aws:storagegateway:.+", - "Actions": [ - "ActivateGateway", - "AddCache", - "AddTagsToResource", - "AddUploadBuffer", - "AddWorkingStorage", - "AttachVolume", - "CancelArchival", - "CancelRetrieval", - "CreateCachediSCSIVolume", - "CreateNFSFileShare", - "CreateSMBFileShare", - "CreateSnapshot", - "CreateSnapshotFromVolumeRecoveryPoint", - "CreateStorediSCSIVolume", - "CreateTapeWithBarcode", - "CreateTapes", - "DeleteBandwidthRateLimit", - "DeleteChapCredentials", - "DeleteFileShare", - "DeleteGateway", - "DeleteSnapshotSchedule", - "DeleteTape", - "DeleteTapeArchive", - "DeleteVolume", - "DescribeBandwidthRateLimit", - "DescribeCache", - "DescribeCachediSCSIVolumes", - "DescribeChapCredentials", - "DescribeGatewayInformation", - "DescribeMaintenanceStartTime", - "DescribeNFSFileShares", - "DescribeSMBFileShares", - "DescribeSMBSettings", - "DescribeSnapshotSchedule", - "DescribeStorediSCSIVolumes", - "DescribeTapeArchives", - "DescribeTapeRecoveryPoints", - "DescribeTapes", - "DescribeUploadBuffer", - "DescribeVTLDevices", - "DescribeWorkingStorage", - "DetachVolume", - "DisableGateway", - "JoinDomain", - "ListFileShares", - "ListGateways", - "ListLocalDisks", + "StringPrefix": "sagemaker-groundtruth-synthetic" + }, + "Amazon SageMaker geospatial capabilities": { + "ARNFormat": "arn:aws:sagemaker-geospatial:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:sagemaker-geospatial:.+:.+", + "Actions": [ + "DeleteEarthObservationJob", + "DeleteVectorEnrichmentJob", + "ExportEarthObservationJob", + "ExportVectorEnrichmentJob", + "GetEarthObservationJob", + "GetRasterDataCollection", + "GetTile", + "GetVectorEnrichmentJob", + "ListEarthObservationJobs", + "ListRasterDataCollections", "ListTagsForResource", - "ListTapes", - "ListVolumeInitiators", - "ListVolumeRecoveryPoints", - "ListVolumes", - "NotifyWhenUploaded", - "RefreshCache", - "RemoveTagsFromResource", - "ResetCache", - "RetrieveTapeArchive", - "RetrieveTapeRecoveryPoint", - "SetLocalConsolePassword", - "SetSMBGuestPassword", - "ShutdownGateway", - "StartGateway", - "UpdateBandwidthRateLimit", - "UpdateChapCredentials", - "UpdateGatewayInformation", - "UpdateGatewaySoftwareNow", - "UpdateMaintenanceStartTime", - "UpdateNFSFileShare", - "UpdateSMBFileShare", - "UpdateSnapshotSchedule", - "UpdateVTLDeviceType" + "ListVectorEnrichmentJobs", + "SearchRasterDataCollection", + "StartEarthObservationJob", + "StartVectorEnrichmentJob", + "StopEarthObservationJob", + "StopVectorEnrichmentJob", + "TagResource", + "UntagResource" ], "HasResource": true, - "StringPrefix": "storagegateway", + "StringPrefix": "sagemaker-geospatial", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys" ] }, - "Amazon Sumerian": { - "ARNFormat": "arn:aws:sumerian:\u003cregion\u003e:\u003caccount-id\u003e:\u003csumerian_resource_path\u003e", - "ARNRegex": "^arn:aws:sumerian:.+:.+:.+", + "Amazon Security Lake": { + "ARNFormat": "arn:aws:securitylake:${Region}:${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:securitylake:.+:.+:.+", "Actions": [ - "Login", - "ViewRelease" + "CreateAwsLogSource", + "CreateCustomLogSource", + "CreateDataLake", + "CreateDataLakeExceptionSubscription", + "CreateDataLakeOrganizationConfiguration", + "CreateSubscriber", + "CreateSubscriberNotification", + "DeleteAwsLogSource", + "DeleteCustomLogSource", + "DeleteDataLake", + "DeleteDataLakeExceptionSubscription", + "DeleteDataLakeOrganizationConfiguration", + "DeleteSubscriber", + "DeleteSubscriberNotification", + "DeregisterDataLakeDelegatedAdministrator", + "GetDataLakeExceptionSubscription", + "GetDataLakeOrganizationConfiguration", + "GetDataLakeSources", + "GetSubscriber", + "ListDataLakeExceptions", + "ListDataLakes", + "ListLogSources", + "ListSubscribers", + "ListTagsForResource", + "RegisterDataLakeDelegatedAdministrator", + "TagResource", + "UntagResource", + "UpdateDataLake", + "UpdateDataLakeExceptionSubscription", + "UpdateSubscriber", + "UpdateSubscriberNotification" ], "HasResource": true, - "StringPrefix": "sumerian" - }, - "Amazon Textract": { - "ARNFormat": "arn:aws:textract:\u003cregion\u003e:\u003caccountID\u003e:\u003crelative-id\u003e", - "ARNRegex": "^arn:aws:textract::.+", - "Actions": [ - "AnalyzeDocument", - "DetectDocumentText", - "GetDocumentAnalysis", - "GetDocumentTextDetection", - "StartDocumentAnalysis", - "StartDocumentTextDetection" - ], - "HasResource": false, - "StringPrefix": "textract" - }, - "Amazon Transcribe": { - "ARNFormat": "arn:${Partition}:transcribe:${Region}:${AccountId}:${ResourceType}/${ResourceName}", - "ARNRegex": "^arn:${Partition}:transcribe:.+:.+:.+", - "Actions": [ - "CreateVocabulary", - "CreateVocabularyFilter", - "DeleteTranscriptionJob", - "DeleteVocabulary", - "DeleteVocabularyFilter", - "GetTranscriptionJob", - "GetVocabulary", - "GetVocabularyFilter", - "ListTranscriptionJobs", - "ListVocabularies", - "ListVocabularyFilters", - "StartMedicalStreamTranscription", - "StartStreamTranscription", - "StartTranscriptionJob", - "UpdateVocabulary", - "UpdateVocabularyFilter" - ], - "HasResource": false, - "StringPrefix": "transcribe" - }, - "Amazon Translate": { - "ARNFormat": "arn:${Partition}:translate:${Region}:${AccountId}:${ResourceType}/${ResourceName}", - "ARNRegex": "^arn:${Partition}:translate:.+:.+:.+", - "Actions": [ - "DeleteTerminology", - "DescribeTextTranslationJob", - "GetTerminology", - "ImportTerminology", - "ListTerminologies", - "ListTextTranslationJobs", - "StartTextTranslationJob", - "StopTextTranslationJob", - "TranslateText" - ], - "HasResource": false, - "StringPrefix": "translate" + "StringPrefix": "securitylake", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, - "Amazon WorkDocs": { + "Amazon Session Manager Message Gateway Service": { "Actions": [ - "AbortDocumentVersionUpload", - "ActivateUser", - "AddResourcePermissions", - "AddUserToGroup", - "CheckAlias", - "CreateComment", - "CreateCustomMetadata", - "CreateFolder", - "CreateInstance", - "CreateLabels", - "CreateNotificationSubscription", - "CreateUser", - "DeactivateUser", - "DeleteComment", - "DeleteCustomMetadata", - "DeleteDocument", - "DeleteFolder", - "DeleteFolderContents", - "DeleteInstance", - "DeleteLabels", - "DeleteNotificationSubscription", - "DeleteUser", - "DeregisterDirectory", - "DescribeActivities", - "DescribeAvailableDirectories", - "DescribeComments", - "DescribeDocumentVersions", - "DescribeFolderContents", - "DescribeGroups", - "DescribeInstances", - "DescribeNotificationSubscriptions", - "DescribeResourcePermissions", - "DescribeRootFolders", - "DescribeUsers", - "DownloadDocumentVersion", - "GetCurrentUser", - "GetDocument", - "GetDocumentPath", - "GetDocumentVersion", - "GetFolder", - "GetFolderPath", - "GetResources", - "InitiateDocumentVersionUpload", - "RegisterDirectory", - "RemoveAllResourcePermissions", - "RemoveResourcePermission", - "UpdateDocument", - "UpdateDocumentVersion", - "UpdateFolder", - "UpdateInstanceAlias", - "UpdateUser" + "CreateControlChannel", + "CreateDataChannel", + "OpenControlChannel", + "OpenDataChannel" ], "HasResource": false, - "StringPrefix": "workdocs" - }, - "Amazon WorkLink": { - "ARNFormat": "arn:${Partition}:worklink::${account}:${resourceType}/${resourcePath}", - "ARNRegex": "^arn:${Partition}:worklink:.+", - "Actions": [ - "AssociateDomain", - "AssociateWebsiteAuthorizationProvider", - "AssociateWebsiteCertificateAuthority", - "CreateFleet", - "DeleteFleet", - "DescribeAuditStreamConfiguration", - "DescribeCompanyNetworkConfiguration", - "DescribeDevice", - "DescribeDevicePolicyConfiguration", - "DescribeDomain", - "DescribeFleetMetadata", - "DescribeIdentityProviderConfiguration", - "DescribeWebsiteCertificateAuthority", - "DisassociateDomain", - "DisassociateWebsiteAuthorizationProvider", - "DisassociateWebsiteCertificateAuthority", - "ListDevices", - "ListDomains", - "ListFleets", - "ListWebsiteAuthorizationProviders", - "ListWebsiteCertificateAuthorities", - "RestoreDomainAccess", - "RevokeDomainAccess", - "SignOutUser", - "UpdateAuditStreamConfiguration", - "UpdateCompanyNetworkConfiguration", - "UpdateDevicePolicyConfiguration", - "UpdateDomainMetadata", - "UpdateFleetMetadata", - "UpdateIdentityProviderConfiguration" - ], - "HasResource": true, - "StringPrefix": "worklink" + "StringPrefix": "ssmmessages", + "conditionKeys": [ + "ec2:SourceInstanceARN", + "ssm:SourceInstanceARN" + ] }, - "Amazon WorkMail": { - "ARNFormat": "arn:${Partition}:workmail:${Region}:${Account}:${ResourceType}/${ResourceId}", - "ARNRegex": "^arn:${Partition}:workmail:.+:.+:.+", + "Amazon Simple Email Service v2": { + "ARNFormat": "arn:aws:ses:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:ses:.+:[0-9]+:.+", "Actions": [ - "AddMembersToGroup", - "AssociateDelegateToResource", - "AssociateMemberToGroup", - "CreateAlias", - "CreateGroup", - "CreateInboundMailFlowRule", - "CreateMailDomain", - "CreateMailUser", - "CreateOrganization", - "CreateOutboundMailFlowRule", - "CreateResource", - "CreateSmtpGateway", - "CreateUser", - "DeleteAccessControlRule", - "DeleteAlias", - "DeleteGroup", - "DeleteInboundMailFlowRule", - "DeleteMailDomain", - "DeleteMailboxPermissions", - "DeleteMobileDevice", - "DeleteOrganization", - "DeleteOutboundMailFlowRule", - "DeleteResource", - "DeleteSmtpGateway", - "DeleteUser", - "DeregisterFromWorkMail", - "DescribeDirectories", - "DescribeGroup", - "DescribeInboundMailFlowRule", - "DescribeKmsKeys", - "DescribeMailDomains", - "DescribeMailGroups", - "DescribeMailUsers", - "DescribeOrganization", - "DescribeOrganizations", - "DescribeOutboundMailFlowRule", - "DescribeResource", - "DescribeSmtpGateway", - "DescribeUser", - "DisableMailGroups", - "DisableMailUsers", - "DisassociateDelegateFromResource", - "DisassociateMemberFromGroup", - "EnableMailDomain", - "EnableMailGroups", - "EnableMailUsers", - "GetAccessControlEffect", - "GetJournalingRules", - "GetMailDomainDetails", - "GetMailGroupDetails", - "GetMailUserDetails", - "GetMailboxDetails", - "GetMobileDeviceDetails", - "GetMobileDevicesForUser", - "GetMobilePolicyDetails", - "ListAccessControlRules", - "ListAliases", - "ListGroupMembers", - "ListGroups", - "ListInboundMailFlowRules", - "ListMailboxPermissions", - "ListMembersInMailGroup", - "ListOrganizations", - "ListOutboundMailFlowRules", - "ListResourceDelegates", - "ListResources", - "ListSmtpGateways", + "BatchGetMetricData", + "CancelExportJob", + "CreateConfigurationSet", + "CreateConfigurationSetEventDestination", + "CreateContact", + "CreateContactList", + "CreateCustomVerificationEmailTemplate", + "CreateDedicatedIpPool", + "CreateDeliverabilityTestReport", + "CreateEmailIdentity", + "CreateEmailIdentityPolicy", + "CreateEmailTemplate", + "CreateExportJob", + "CreateImportJob", + "DeleteConfigurationSet", + "DeleteConfigurationSetEventDestination", + "DeleteContact", + "DeleteContactList", + "DeleteCustomVerificationEmailTemplate", + "DeleteDedicatedIpPool", + "DeleteEmailIdentity", + "DeleteEmailIdentityPolicy", + "DeleteEmailTemplate", + "DeleteSuppressedDestination", + "GetAccount", + "GetBlacklistReports", + "GetConfigurationSet", + "GetConfigurationSetEventDestinations", + "GetContact", + "GetContactList", + "GetCustomVerificationEmailTemplate", + "GetDedicatedIp", + "GetDedicatedIpPool", + "GetDedicatedIps", + "GetDeliverabilityDashboardOptions", + "GetDeliverabilityTestReport", + "GetDomainDeliverabilityCampaign", + "GetDomainStatisticsReport", + "GetEmailIdentity", + "GetEmailIdentityPolicies", + "GetEmailTemplate", + "GetExportJob", + "GetImportJob", + "GetMessageInsights", + "GetSuppressedDestination", + "ListConfigurationSets", + "ListContactLists", + "ListContacts", + "ListCustomVerificationEmailTemplates", + "ListDedicatedIpPools", + "ListDeliverabilityTestReports", + "ListDomainDeliverabilityCampaigns", + "ListEmailIdentities", + "ListEmailTemplates", + "ListExportJobs", + "ListImportJobs", + "ListRecommendations", + "ListSuppressedDestinations", "ListTagsForResource", - "ListUsers", - "PutAccessControlRule", - "PutMailboxPermissions", - "RegisterToWorkMail", - "RemoveMembersFromGroup", - "ResetPassword", - "ResetUserPassword", - "SearchMembers", - "SetAdmin", - "SetDefaultMailDomain", - "SetJournalingRules", - "SetMailGroupDetails", - "SetMailUserDetails", - "SetMobilePolicyDetails", + "PutAccountDedicatedIpWarmupAttributes", + "PutAccountDetails", + "PutAccountSendingAttributes", + "PutAccountSuppressionAttributes", + "PutAccountVdmAttributes", + "PutConfigurationSetDeliveryOptions", + "PutConfigurationSetReputationOptions", + "PutConfigurationSetSendingOptions", + "PutConfigurationSetSuppressionOptions", + "PutConfigurationSetTrackingOptions", + "PutConfigurationSetVdmOptions", + "PutDedicatedIpInPool", + "PutDedicatedIpPoolScalingAttributes", + "PutDedicatedIpWarmupAttributes", + "PutDeliverabilityDashboardOption", + "PutEmailIdentityConfigurationSetAttributes", + "PutEmailIdentityDkimAttributes", + "PutEmailIdentityDkimSigningAttributes", + "PutEmailIdentityFeedbackAttributes", + "PutEmailIdentityMailFromAttributes", + "PutSuppressedDestination", + "SendBulkEmail", + "SendCustomVerificationEmail", + "SendEmail", "TagResource", - "TestInboundMailFlowRules", - "TestOutboundMailFlowRules", + "TestRenderEmailTemplate", "UntagResource", - "UpdateInboundMailFlowRule", - "UpdateMailboxQuota", - "UpdateOutboundMailFlowRule", - "UpdatePrimaryEmailAddress", - "UpdateResource", - "UpdateSmtpGateway", - "WipeMobileDevice" + "UpdateConfigurationSetEventDestination", + "UpdateContact", + "UpdateContactList", + "UpdateCustomVerificationEmailTemplate", + "UpdateEmailIdentityPolicy", + "UpdateEmailTemplate" ], "HasResource": true, - "StringPrefix": "workmail", + "StringPrefix": "ses", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "ses:ApiVersion", + "ses:ExportSourceType", + "ses:FeedbackAddress", + "ses:FromAddress", + "ses:FromDisplayName", + "ses:Recipients" ] }, - "Amazon WorkMail Message Flow": { - "ARNFormat": "arn:${Partition}:workmailmessageflow:${Region}:${Account}:message/${OrganizationId}/${Context}/${MessageId}", - "ARNRegex": "^arn:${Partition}:workmailmessageflow:.+:.+:.+", + "Amazon Simple Workflow Service": { + "ARNFormat": "arn:aws:swf:${Region}:${Account}:/domain/${DomainName}", + "ARNRegex": "^arn:aws:swf:.+", "Actions": [ - "GetRawMessageContent" + "CancelTimer", + "CancelWorkflowExecution", + "CompleteWorkflowExecution", + "ContinueAsNewWorkflowExecution", + "CountClosedWorkflowExecutions", + "CountOpenWorkflowExecutions", + "CountPendingActivityTasks", + "CountPendingDecisionTasks", + "DeprecateActivityType", + "DeprecateDomain", + "DeprecateWorkflowType", + "DescribeActivityType", + "DescribeDomain", + "DescribeWorkflowExecution", + "DescribeWorkflowType", + "FailWorkflowExecution", + "GetWorkflowExecutionHistory", + "ListActivityTypes", + "ListClosedWorkflowExecutions", + "ListDomains", + "ListOpenWorkflowExecutions", + "ListTagsForResource", + "ListWorkflowTypes", + "PollForActivityTask", + "PollForDecisionTask", + "RecordActivityTaskHeartbeat", + "RecordMarker", + "RegisterActivityType", + "RegisterDomain", + "RegisterWorkflowType", + "RequestCancelActivityTask", + "RequestCancelExternalWorkflowExecution", + "RequestCancelWorkflowExecution", + "RespondActivityTaskCanceled", + "RespondActivityTaskCompleted", + "RespondActivityTaskFailed", + "RespondDecisionTaskCompleted", + "ScheduleActivityTask", + "SignalExternalWorkflowExecution", + "SignalWorkflowExecution", + "StartChildWorkflowExecution", + "StartTimer", + "StartWorkflowExecution", + "TagResource", + "TerminateWorkflowExecution", + "UndeprecateActivityType", + "UndeprecateDomain", + "UndeprecateWorkflowType", + "UntagResource" ], "HasResource": true, - "StringPrefix": "workmailmessageflow" + "StringPrefix": "swf", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "swf:activityType.name", + "swf:activityType.version", + "swf:defaultTaskList.name", + "swf:name", + "swf:tagFilter.tag", + "swf:tagList.member.0", + "swf:tagList.member.1", + "swf:tagList.member.2", + "swf:tagList.member.3", + "swf:tagList.member.4", + "swf:taskList.name", + "swf:typeFilter.name", + "swf:typeFilter.version", + "swf:version", + "swf:workflowType.name", + "swf:workflowType.version" + ] }, - "Amazon WorkSpaces": { - "ARNFormat": "arn:aws:workspaces:*:*", - "ARNRegex": "arn:aws:workspaces:*", + "Amazon SimpleDB": { + "ARNFormat": "arn:aws:sdb:${Region}:${Account}:domain/${DomainName}", + "ARNRegex": "^arn:aws:sdb:.+", "Actions": [ - "AssociateIpGroups", - "AuthorizeIpRules", - "CreateIpGroup", - "CreateTags", - "CreateWorkspaces", - "DeleteIpGroup", - "DeleteTags", - "DeleteWorkspaceImage", - "DescribeAccount", - "DescribeAccountModifications", - "DescribeClientProperties", - "DescribeIpGroups", - "DescribeTags", - "DescribeWorkspaceBundles", - "DescribeWorkspaceDirectories", - "DescribeWorkspaceImages", - "DescribeWorkspaces", - "DescribeWorkspacesConnectionStatus", - "DisassociateIpGroups", - "ImportWorkspaceImage", - "ListAvailableManagementCidrRanges", - "ModifyAccount", - "ModifyClientProperties", - "ModifyWorkspaceProperties", - "ModifyWorkspaceState", - "RebootWorkspaces", - "RebuildWorkspaces", - "RevokeIpRules", - "StartWorkspaces", - "StopWorkspaces", - "TerminateWorkspaces", - "UpdateRulesOfIpGroup" + "BatchDeleteAttributes", + "BatchPutAttributes", + "CreateDomain", + "DeleteAttributes", + "DeleteDomain", + "DomainMetadata", + "GetAttributes", + "ListDomains", + "PutAttributes", + "Select" ], "HasResource": true, - "StringPrefix": "workspaces" - }, - "Amazon WorkSpaces Application Manager": { - "Actions": [ - "AuthenticatePackager" - ], - "HasResource": false, - "StringPrefix": "wam" + "StringPrefix": "sdb" }, - "Application Auto Scaling": { + "Amazon Textract": { + "ARNFormat": "arn:aws:textract:${Region}:${Account}:${RelativeId}", + "ARNRegex": "^arn:aws:textract:.+", "Actions": [ - "DeleteScalingPolicy", - "DeleteScheduledAction", - "DeregisterScalableTarget", - "DescribeScalableTargets", - "DescribeScalingActivities", - "DescribeScalingPolicies", - "DescribeScheduledActions", - "PutScalingPolicy", - "PutScheduledAction", - "RegisterScalableTarget" + "AnalyzeDocument", + "AnalyzeExpense", + "AnalyzeID", + "CreateAdapter", + "CreateAdapterVersion", + "DeleteAdapter", + "DeleteAdapterVersion", + "DetectDocumentText", + "GetAdapter", + "GetAdapterVersion", + "GetDocumentAnalysis", + "GetDocumentTextDetection", + "GetExpenseAnalysis", + "GetLendingAnalysis", + "GetLendingAnalysisSummary", + "ListAdapterVersions", + "ListAdapters", + "ListTagsForResource", + "StartDocumentAnalysis", + "StartDocumentTextDetection", + "StartExpenseAnalysis", + "StartLendingAnalysis", + "TagResource", + "UntagResource", + "UpdateAdapter" ], - "HasResource": false, - "StringPrefix": "application-autoscaling" + "HasResource": true, + "StringPrefix": "textract", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, - "Application Discovery": { + "Amazon Timestream": { + "ARNFormat": "arn:aws:timestream:${Region}:${Account}:database/${DatabaseName}/table/${TableName}", + "ARNRegex": "^arn:aws:timestream:.+", "Actions": [ - "AssociateConfigurationItemsToApplication", - "BatchDeleteImportData", - "CreateApplication", - "CreateTags", - "DeleteApplications", - "DeleteTags", - "DescribeAgents", - "DescribeConfigurations", - "DescribeContinuousExports", - "DescribeExportConfigurations", - "DescribeExportTasks", - "DescribeImportTasks", - "DescribeTags", - "DisassociateConfigurationItemsFromApplication", - "ExportConfigurations", - "GetDiscoverySummary", - "ListConfigurations", - "ListServerNeighbors", - "StartContinuousExport", - "StartDataCollectionByAgentIds", - "StartExportTask", - "StartImportTask", - "StopContinuousExport", - "StopDataCollectionByAgentIds", - "UpdateApplication" + "CancelQuery", + "CreateBatchLoadTask", + "CreateDatabase", + "CreateScheduledQuery", + "CreateTable", + "DeleteDatabase", + "DeleteScheduledQuery", + "DeleteTable", + "DescribeBatchLoadTask", + "DescribeDatabase", + "DescribeEndpoints", + "DescribeScheduledQuery", + "DescribeTable", + "ExecuteScheduledQuery", + "GetAwsBackupStatus", + "GetAwsRestoreStatus", + "ListBatchLoadTasks", + "ListDatabases", + "ListMeasures", + "ListScheduledQueries", + "ListTables", + "ListTagsForResource", + "PrepareQuery", + "ResumeBatchLoadTask", + "Select", + "SelectValues", + "StartAwsBackupJob", + "StartAwsRestoreJob", + "TagResource", + "Unload", + "UntagResource", + "UpdateDatabase", + "UpdateScheduledQuery", + "UpdateTable", + "WriteRecords" ], - "HasResource": false, - "StringPrefix": "discovery" + "HasResource": true, + "StringPrefix": "timestream", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, - "Application Discovery Arsenal": { + "Amazon Transcribe": { + "ARNFormat": "arn:aws:transcribe:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:transcribe:.+:.+:.+", "Actions": [ - "RegisterOnPremisesAgent" + "CreateCallAnalyticsCategory", + "CreateLanguageModel", + "CreateMedicalVocabulary", + "CreateVocabulary", + "CreateVocabularyFilter", + "DeleteCallAnalyticsCategory", + "DeleteCallAnalyticsJob", + "DeleteLanguageModel", + "DeleteMedicalTranscriptionJob", + "DeleteMedicalVocabulary", + "DeleteTranscriptionJob", + "DeleteVocabulary", + "DeleteVocabularyFilter", + "DescribeLanguageModel", + "GetCallAnalyticsCategory", + "GetCallAnalyticsJob", + "GetMedicalTranscriptionJob", + "GetMedicalVocabulary", + "GetTranscriptionJob", + "GetVocabulary", + "GetVocabularyFilter", + "ListCallAnalyticsCategories", + "ListCallAnalyticsJobs", + "ListLanguageModels", + "ListMedicalTranscriptionJobs", + "ListMedicalVocabularies", + "ListTagsForResource", + "ListTranscriptionJobs", + "ListVocabularies", + "ListVocabularyFilters", + "StartCallAnalyticsJob", + "StartCallAnalyticsStreamTranscription", + "StartCallAnalyticsStreamTranscriptionWebSocket", + "StartMedicalStreamTranscription", + "StartMedicalStreamTranscriptionWebSocket", + "StartMedicalTranscriptionJob", + "StartStreamTranscription", + "StartStreamTranscriptionWebSocket", + "StartTranscriptionJob", + "TagResource", + "UntagResource", + "UpdateCallAnalyticsCategory", + "UpdateMedicalVocabulary", + "UpdateVocabulary", + "UpdateVocabularyFilter" ], - "HasResource": false, - "StringPrefix": "arsenal" + "HasResource": true, + "StringPrefix": "transcribe", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "transcribe:OutputBucketName", + "transcribe:OutputEncryptionKMSKeyId", + "transcribe:OutputKey", + "transcribe:OutputLocation" + ] }, - "CloudWatch Application Insights": { + "Amazon Translate": { + "ARNFormat": "arn:aws:translate:${Region}:${Account}:${ResourceType}/${ResourceName}", + "ARNRegex": "^arn:aws:translate:.+:.+:.+", "Actions": [ - "CreateApplication", - "CreateComponent", - "DeleteApplication", - "DeleteComponent", - "DescribeApplication", - "DescribeComponent", - "DescribeComponentConfiguration", - "DescribeComponentConfigurationRecommendation", - "DescribeObservation", - "DescribeProblem", - "DescribeProblemObservations", - "ListApplications", - "ListComponents", - "ListProblems", - "UpdateApplication", - "UpdateComponent", - "UpdateComponentConfiguration" + "CreateParallelData", + "DeleteParallelData", + "DeleteTerminology", + "DescribeTextTranslationJob", + "GetParallelData", + "GetTerminology", + "ImportTerminology", + "ListLanguages", + "ListParallelData", + "ListTagsForResource", + "ListTerminologies", + "ListTextTranslationJobs", + "StartTextTranslationJob", + "StopTextTranslationJob", + "TagResource", + "TranslateDocument", + "TranslateText", + "UntagResource", + "UpdateParallelData" ], - "HasResource": false, - "StringPrefix": "applicationinsights" + "HasResource": true, + "StringPrefix": "translate", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, - "Comprehend Medical": { - "ARNFormat": "arn:${Partition}:comprehendmedical:${Region}:${AccountId}:${ResourceType}/${ResourceName}", - "ARNRegex": "^arn:${Partition}:comprehendmedical:.+:.+:.+", + "Amazon VPC Lattice": { + "ARNFormat": "arn:aws:vpc-lattice:${Region}:${Account}:${ResourceType}/${RelativeId}", + "ARNRegex": "^arn:aws:vpc-lattice:.+", "Actions": [ - "DetectEntities", - "DetectPHI" + "CreateAccessLogSubscription", + "CreateListener", + "CreateRule", + "CreateService", + "CreateServiceNetwork", + "CreateServiceNetworkServiceAssociation", + "CreateServiceNetworkVpcAssociation", + "CreateTargetGroup", + "DeleteAccessLogSubscription", + "DeleteAuthPolicy", + "DeleteListener", + "DeleteResourcePolicy", + "DeleteRule", + "DeleteService", + "DeleteServiceNetwork", + "DeleteServiceNetworkServiceAssociation", + "DeleteServiceNetworkVpcAssociation", + "DeleteTargetGroup", + "DeregisterTargets", + "GetAccessLogSubscription", + "GetAuthPolicy", + "GetListener", + "GetResourcePolicy", + "GetRule", + "GetService", + "GetServiceNetwork", + "GetServiceNetworkServiceAssociation", + "GetServiceNetworkVpcAssociation", + "GetTargetGroup", + "ListAccessLogSubscriptions", + "ListListeners", + "ListRules", + "ListServiceNetworkServiceAssociations", + "ListServiceNetworkVpcAssociations", + "ListServiceNetworks", + "ListServices", + "ListTagsForResource", + "ListTargetGroups", + "ListTargets", + "PutAuthPolicy", + "PutResourcePolicy", + "RegisterTargets", + "TagResource", + "UntagResource", + "UpdateAccessLogSubscription", + "UpdateListener", + "UpdateRule", + "UpdateService", + "UpdateServiceNetwork", + "UpdateServiceNetworkVpcAssociation", + "UpdateTargetGroup" ], - "HasResource": false, - "StringPrefix": "comprehendmedical" + "HasResource": true, + "StringPrefix": "vpc-lattice", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "vpc-lattice:AuthType", + "vpc-lattice:Protocol", + "vpc-lattice:SecurityGroupIds", + "vpc-lattice:ServiceArn", + "vpc-lattice:ServiceNetworkArn", + "vpc-lattice:TargetGroupArns", + "vpc-lattice:VpcId" + ] }, - "Compute Optimizer": { + "Amazon VPC Lattice Services": { + "ARNFormat": "arn:aws:vpc-lattice:${Region}:${Account}:${ResourceType}/${RelativeId}", + "ARNRegex": "^arn:aws:vpc-lattice:.+", "Actions": [ - "GetAutoScalingGroupRecommendations", - "GetEC2InstanceRecommendations", - "GetEC2RecommendationProjectedMetrics", - "GetEnrollmentStatus", - "GetRecommendationSummaries", - "UpdateEnrollmentStatus" + "Invoke" ], - "HasResource": false, - "StringPrefix": "compute-optimizer" + "HasResource": true, + "StringPrefix": "vpc-lattice-svcs", + "conditionKeys": [ + "vpc-lattice-svcs:Port", + "vpc-lattice-svcs:RequestHeader/${HeaderName}", + "vpc-lattice-svcs:RequestMethod", + "vpc-lattice-svcs:RequestQueryString/${QueryStringKey}", + "vpc-lattice-svcs:ServiceArn", + "vpc-lattice-svcs:ServiceNetworkArn", + "vpc-lattice-svcs:SourceVpc", + "vpc-lattice-svcs:SourceVpcOwnerAccount" + ] }, - "Data Pipeline": { + "Amazon Verified Permissions": { + "ARNFormat": "arn:aws:verifiedpermissions:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:verifiedpermissions:.+", "Actions": [ - "ActivatePipeline", - "AddTags", - "CreatePipeline", - "DeactivatePipeline", - "DeletePipeline", - "DescribeObjects", - "DescribePipelines", - "EvaluateExpression", - "GetAccountLimits", - "GetPipelineDefinition", - "ListPipelines", - "PollForTask", - "PutAccountLimits", - "PutPipelineDefinition", - "QueryObjects", - "RemoveTags", - "ReportTaskProgress", - "ReportTaskRunnerHeartbeat", - "SetStatus", - "SetTaskStatus", - "ValidatePipelineDefinition" + "CreateIdentitySource", + "CreatePolicy", + "CreatePolicyStore", + "CreatePolicyTemplate", + "DeleteIdentitySource", + "DeletePolicy", + "DeletePolicyStore", + "DeletePolicyTemplate", + "GetIdentitySource", + "GetPolicy", + "GetPolicyStore", + "GetPolicyTemplate", + "GetSchema", + "IsAuthorized", + "IsAuthorizedWithToken", + "ListIdentitySources", + "ListPolicies", + "ListPolicyStores", + "ListPolicyTemplates", + "PutSchema", + "UpdateIdentitySource", + "UpdatePolicy", + "UpdatePolicyStore", + "UpdatePolicyTemplate" + ], + "HasResource": true, + "StringPrefix": "verifiedpermissions" + }, + "Amazon WorkDocs": { + "Actions": [ + "AbortDocumentVersionUpload", + "ActivateUser", + "AddNotificationPermissions", + "AddResourcePermissions", + "AddUserToGroup", + "CheckAlias", + "CreateComment", + "CreateCustomMetadata", + "CreateFolder", + "CreateInstance", + "CreateLabels", + "CreateNotificationSubscription", + "CreateUser", + "DeactivateUser", + "DeleteComment", + "DeleteCustomMetadata", + "DeleteDocument", + "DeleteDocumentVersion", + "DeleteFolder", + "DeleteFolderContents", + "DeleteInstance", + "DeleteLabels", + "DeleteNotificationPermissions", + "DeleteNotificationSubscription", + "DeleteUser", + "DeregisterDirectory", + "DescribeActivities", + "DescribeAvailableDirectories", + "DescribeComments", + "DescribeDocumentVersions", + "DescribeFolderContents", + "DescribeGroups", + "DescribeInstances", + "DescribeNotificationPermissions", + "DescribeNotificationSubscriptions", + "DescribeResourcePermissions", + "DescribeRootFolders", + "DescribeUsers", + "DownloadDocumentVersion", + "GetCurrentUser", + "GetDocument", + "GetDocumentPath", + "GetDocumentVersion", + "GetFolder", + "GetFolderPath", + "GetGroup", + "GetResources", + "InitiateDocumentVersionUpload", + "RegisterDirectory", + "RemoveAllResourcePermissions", + "RemoveResourcePermission", + "RestoreDocumentVersions", + "SearchResources", + "UpdateDocument", + "UpdateDocumentVersion", + "UpdateFolder", + "UpdateInstanceAlias", + "UpdateUser", + "UpdateUserAdministrativeSettings" ], "HasResource": false, - "StringPrefix": "datapipeline", - "conditionKeys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag", - "datapipeline:workerGroup" - ] + "StringPrefix": "workdocs" }, - "DataSync": { - "ARNFormat": "arn:${Partition}:datasync:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceName\u003e", - "ARNRegex": "^arn:${Partition}:datasync:.+", + "Amazon WorkLink": { + "ARNFormat": "arn:aws:worklink::${Account}:${ResourceType}/${ResourcePath}", + "ARNRegex": "^arn:aws:worklink:.+", "Actions": [ - "CancelTaskExecution", - "CreateAgent", - "CreateLocationEfs", - "CreateLocationNfs", - "CreateLocationS3", - "CreateLocationSmb", - "CreateTask", - "DeleteAgent", - "DeleteLocation", - "DeleteTask", - "DescribeAgent", - "DescribeLocationEfs", - "DescribeLocationNfs", - "DescribeLocationS3", - "DescribeLocationSmb", - "DescribeTask", - "DescribeTaskExecution", - "ListAgents", - "ListLocations", - "ListTagsForResource", - "ListTaskExecutions", - "ListTasks", - "StartTaskExecution", + "AssociateDomain", + "AssociateWebsiteAuthorizationProvider", + "AssociateWebsiteCertificateAuthority", + "CreateFleet", + "DeleteFleet", + "DescribeAuditStreamConfiguration", + "DescribeCompanyNetworkConfiguration", + "DescribeDevice", + "DescribeDevicePolicyConfiguration", + "DescribeDomain", + "DescribeFleetMetadata", + "DescribeIdentityProviderConfiguration", + "DescribeWebsiteCertificateAuthority", + "DisassociateDomain", + "DisassociateWebsiteAuthorizationProvider", + "DisassociateWebsiteCertificateAuthority", + "ListDevices", + "ListDomains", + "ListFleets", + "ListTagsForResource", + "ListWebsiteAuthorizationProviders", + "ListWebsiteCertificateAuthorities", + "RestoreDomainAccess", + "RevokeDomainAccess", + "SearchEntity", + "SignOutUser", "TagResource", "UntagResource", - "UpdateAgent", - "UpdateTask" + "UpdateAuditStreamConfiguration", + "UpdateCompanyNetworkConfiguration", + "UpdateDevicePolicyConfiguration", + "UpdateDomainMetadata", + "UpdateFleetMetadata", + "UpdateIdentityProviderConfiguration" ], "HasResource": true, - "StringPrefix": "datasync", + "StringPrefix": "worklink", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys" ] }, - "Database Query Metadata Service": { - "ARNFormat": "arn:${Partition}:dbqms::", - "ARNRegex": "^arn:${Partition}:dbqms::.+", + "Amazon WorkMail": { + "ARNFormat": "arn:aws:workmail:${Region}:${Account}:${ResourceType}/${ResourceId}", + "ARNRegex": "^arn:aws:workmail:.+:.+:.+", "Actions": [ - "CreateFavoriteQuery", - "CreateQueryHistory", - "DeleteFavoriteQueries", - "DeleteQueryHistory", - "DescribeFavoriteQueries", - "DescribeQueryHistory", - "GetQueryString", - "UpdateFavoriteQuery", - "UpdateQueryHistory" + "AddMembersToGroup", + "AssociateDelegateToResource", + "AssociateMemberToGroup", + "AssumeImpersonationRole", + "CancelMailboxExportJob", + "CreateAlias", + "CreateAvailabilityConfiguration", + "CreateGroup", + "CreateImpersonationRole", + "CreateInboundMailFlowRule", + "CreateMailDomain", + "CreateMailUser", + "CreateMobileDeviceAccessRule", + "CreateOrganization", + "CreateOutboundMailFlowRule", + "CreateResource", + "CreateSmtpGateway", + "CreateUser", + "DeleteAccessControlRule", + "DeleteAlias", + "DeleteAvailabilityConfiguration", + "DeleteEmailMonitoringConfiguration", + "DeleteGroup", + "DeleteImpersonationRole", + "DeleteInboundMailFlowRule", + "DeleteMailDomain", + "DeleteMailboxPermissions", + "DeleteMobileDevice", + "DeleteMobileDeviceAccessOverride", + "DeleteMobileDeviceAccessRule", + "DeleteOrganization", + "DeleteOutboundMailFlowRule", + "DeleteResource", + "DeleteRetentionPolicy", + "DeleteSmtpGateway", + "DeleteUser", + "DeregisterFromWorkMail", + "DeregisterMailDomain", + "DescribeDirectories", + "DescribeEmailMonitoringConfiguration", + "DescribeEntity", + "DescribeGroup", + "DescribeInboundDmarcSettings", + "DescribeInboundMailFlowRule", + "DescribeKmsKeys", + "DescribeMailDomains", + "DescribeMailGroups", + "DescribeMailUsers", + "DescribeMailboxExportJob", + "DescribeOrganization", + "DescribeOrganizations", + "DescribeOutboundMailFlowRule", + "DescribeResource", + "DescribeSmtpGateway", + "DescribeUser", + "DisableMailGroups", + "DisableMailUsers", + "DisassociateDelegateFromResource", + "DisassociateMemberFromGroup", + "EnableMailDomain", + "EnableMailGroups", + "EnableMailUsers", + "GetAccessControlEffect", + "GetDefaultRetentionPolicy", + "GetImpersonationRole", + "GetImpersonationRoleEffect", + "GetJournalingRules", + "GetMailDomain", + "GetMailDomainDetails", + "GetMailGroupDetails", + "GetMailUserDetails", + "GetMailboxDetails", + "GetMobileDeviceAccessEffect", + "GetMobileDeviceAccessOverride", + "GetMobileDeviceDetails", + "GetMobileDevicesForUser", + "GetMobilePolicyDetails", + "ListAccessControlRules", + "ListAliases", + "ListAvailabilityConfigurations", + "ListGroupMembers", + "ListGroups", + "ListGroupsForEntity", + "ListImpersonationRoles", + "ListInboundMailFlowRules", + "ListMailDomains", + "ListMailboxExportJobs", + "ListMailboxPermissions", + "ListMembersInMailGroup", + "ListMobileDeviceAccessOverrides", + "ListMobileDeviceAccessRules", + "ListOrganizations", + "ListOutboundMailFlowRules", + "ListResourceDelegates", + "ListResources", + "ListSmtpGateways", + "ListTagsForResource", + "ListUsers", + "PutAccessControlRule", + "PutEmailMonitoringConfiguration", + "PutInboundDmarcSettings", + "PutMailboxPermissions", + "PutMobileDeviceAccessOverride", + "PutRetentionPolicy", + "RegisterMailDomain", + "RegisterToWorkMail", + "RemoveMembersFromGroup", + "ResetPassword", + "ResetUserPassword", + "SearchMembers", + "SetAdmin", + "SetDefaultMailDomain", + "SetJournalingRules", + "SetMailGroupDetails", + "SetMailUserDetails", + "SetMobilePolicyDetails", + "StartMailboxExportJob", + "TagResource", + "TestAvailabilityConfiguration", + "TestInboundMailFlowRules", + "TestOutboundMailFlowRules", + "UntagResource", + "UpdateAvailabilityConfiguration", + "UpdateDefaultMailDomain", + "UpdateGroup", + "UpdateImpersonationRole", + "UpdateInboundMailFlowRule", + "UpdateMailboxQuota", + "UpdateMobileDeviceAccessRule", + "UpdateOutboundMailFlowRule", + "UpdatePrimaryEmailAddress", + "UpdateResource", + "UpdateSmtpGateway", + "UpdateUser", + "WipeMobileDevice" ], - "HasResource": false, - "StringPrefix": "dbqms" + "HasResource": true, + "StringPrefix": "workmail", + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ] }, - "Elastic Load Balancing": { - "ARNFormat": "arn:aws:elasticloadbalancing:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceid\u003e", - "ARNRegex": "^arn:aws:elasticloadbalancing:.+", + "Amazon WorkMail Message Flow": { + "ARNFormat": "arn:aws:workmailmessageflow:${Region}:${Account}:message/${OrganizationId}/${Context}/${MessageId}", + "ARNRegex": "^arn:aws:workmailmessageflow:.+:.+:.+", "Actions": [ - "AddTags", - "ApplySecurityGroupsToLoadBalancer", - "AttachLoadBalancerToSubnets", - "ConfigureHealthCheck", - "CreateAppCookieStickinessPolicy", - "CreateLBCookieStickinessPolicy", - "CreateLoadBalancer", - "CreateLoadBalancerListeners", - "CreateLoadBalancerPolicy", - "DeleteLoadBalancer", - "DeleteLoadBalancerListeners", - "DeleteLoadBalancerPolicy", - "DeregisterInstancesFromLoadBalancer", - "DescribeInstanceHealth", - "DescribeLoadBalancerAttributes", - "DescribeLoadBalancerPolicies", - "DescribeLoadBalancerPolicyTypes", - "DescribeLoadBalancers", - "DescribeTags", - "DetachLoadBalancerFromSubnets", - "DisableAvailabilityZonesForLoadBalancer", - "EnableAvailabilityZonesForLoadBalancer", - "ModifyLoadBalancerAttributes", - "RegisterInstancesWithLoadBalancer", - "RemoveTags", - "SetLoadBalancerListenerSSLCertificate", - "SetLoadBalancerPoliciesForBackendServer", - "SetLoadBalancerPoliciesOfListener" + "GetRawMessageContent", + "PutRawMessageContent" ], "HasResource": true, - "StringPrefix": "elasticloadbalancing", - "conditionKeys": [ - "aws:RequestTag/tag-key", - "aws:TagKeys", - "elasticloadbalancing:ResourceTag/", - "elasticloadbalancing:ResourceTag/tag-key" - ] + "StringPrefix": "workmailmessageflow" }, - "Elastic Load Balancing V2": { - "ARNFormat": "arn:aws:elasticloadbalancing:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceid\u003e", - "ARNRegex": "^arn:aws:elasticloadbalancing:.+", + "Amazon WorkSpaces": { + "ARNFormat": "arn:aws:workspaces:${Region}:${Account}:*", + "ARNRegex": "^arn:aws:workspaces:.*:.*:.*", "Actions": [ - "AddListenerCertificates", - "AddTags", - "CreateListener", - "CreateLoadBalancer", - "CreateRule", - "CreateTargetGroup", - "DeleteListener", - "DeleteLoadBalancer", - "DeleteRule", - "DeleteTargetGroup", - "DeregisterTargets", - "DescribeAccountLimits", - "DescribeListenerCertificates", - "DescribeListeners", - "DescribeLoadBalancerAttributes", - "DescribeLoadBalancers", - "DescribeRules", - "DescribeSSLPolicies", + "AssociateConnectionAlias", + "AssociateIpGroups", + "AssociateWorkspaceApplication", + "AuthorizeIpRules", + "CopyWorkspaceImage", + "CreateConnectClientAddIn", + "CreateConnectionAlias", + "CreateIpGroup", + "CreateStandbyWorkspaces", + "CreateTags", + "CreateUpdatedWorkspaceImage", + "CreateWorkspaceBundle", + "CreateWorkspaceImage", + "CreateWorkspaces", + "DeleteClientBranding", + "DeleteConnectClientAddIn", + "DeleteConnectionAlias", + "DeleteIpGroup", + "DeleteTags", + "DeleteWorkspaceBundle", + "DeleteWorkspaceImage", + "DeployWorkspaceApplications", + "DeregisterWorkspaceDirectory", + "DescribeAccount", + "DescribeAccountModifications", + "DescribeApplicationAssociations", + "DescribeApplications", + "DescribeBundleAssociations", + "DescribeClientBranding", + "DescribeClientProperties", + "DescribeConnectClientAddIns", + "DescribeConnectionAliasPermissions", + "DescribeConnectionAliases", + "DescribeImageAssociations", + "DescribeIpGroups", "DescribeTags", - "DescribeTargetGroupAttributes", - "DescribeTargetGroups", - "DescribeTargetHealth", - "ModifyListener", - "ModifyLoadBalancerAttributes", - "ModifyRule", - "ModifyTargetGroup", - "ModifyTargetGroupAttributes", - "RegisterTargets", - "RemoveListenerCertificates", - "RemoveTags", - "SetIpAddressType", - "SetRulePriorities", - "SetSecurityGroups", - "SetSubnets", - "SetWebAcl" + "DescribeWorkspaceAssociations", + "DescribeWorkspaceBundles", + "DescribeWorkspaceDirectories", + "DescribeWorkspaceImagePermissions", + "DescribeWorkspaceImages", + "DescribeWorkspaceSnapshots", + "DescribeWorkspaces", + "DescribeWorkspacesConnectionStatus", + "DisassociateConnectionAlias", + "DisassociateIpGroups", + "DisassociateWorkspaceApplication", + "ImportClientBranding", + "ImportWorkspaceImage", + "ListAvailableManagementCidrRanges", + "MigrateWorkspace", + "ModifyAccount", + "ModifyCertificateBasedAuthProperties", + "ModifyClientProperties", + "ModifySamlProperties", + "ModifySelfservicePermissions", + "ModifyWorkspaceAccessProperties", + "ModifyWorkspaceCreationProperties", + "ModifyWorkspaceProperties", + "ModifyWorkspaceState", + "RebootWorkspaces", + "RebuildWorkspaces", + "RegisterWorkspaceDirectory", + "RestoreWorkspace", + "RevokeIpRules", + "StartWorkspaces", + "StopWorkspaces", + "Stream", + "TerminateWorkspaces", + "UpdateConnectClientAddIn", + "UpdateConnectionAliasPermission", + "UpdateRulesOfIpGroup", + "UpdateWorkspaceBundle", + "UpdateWorkspaceImagePermission" ], "HasResource": true, - "StringPrefix": "elasticloadbalancing", + "StringPrefix": "workspaces", "conditionKeys": [ - "aws:RequestTag/tag-key", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "elasticloadbalancing:ResourceTag/tag-key" + "workspaces:userId" ] }, - "IAM Access Analyzer": { - "ARNFormat": "arn:${Partition}:access-analyzer::analyzer/${analyzerName}", - "ARNRegex": "^arn:${Partition}:access-analyzer::.+", + "Amazon WorkSpaces Application Manager": { "Actions": [ - "CreateAnalyzer", - "CreateArchiveRule", - "DeleteAnalyzer", - "DeleteArchiveRule", - "GetAnalyzedResource", - "GetAnalyzer", - "GetArchiveRule", - "GetFinding", - "ListAnalyzedResources", - "ListAnalyzers", - "ListArchiveRules", - "ListFindings", + "AuthenticatePackager" + ], + "HasResource": false, + "StringPrefix": "wam" + }, + "Amazon WorkSpaces Web": { + "ARNFormat": "arn:aws:workspaces-web:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}", + "ARNRegex": "^arn:aws:workspaces-web:.+", + "Actions": [ + "AssociateBrowserSettings", + "AssociateIpAccessSettings", + "AssociateNetworkSettings", + "AssociateTrustStore", + "AssociateUserAccessLoggingSettings", + "AssociateUserSettings", + "CreateBrowserSettings", + "CreateIdentityProvider", + "CreateIpAccessSettings", + "CreateNetworkSettings", + "CreatePortal", + "CreateTrustStore", + "CreateUserAccessLoggingSettings", + "CreateUserSettings", + "DeleteBrowserSettings", + "DeleteIdentityProvider", + "DeleteIpAccessSettings", + "DeleteNetworkSettings", + "DeletePortal", + "DeleteTrustStore", + "DeleteUserAccessLoggingSettings", + "DeleteUserSettings", + "DisassociateBrowserSettings", + "DisassociateIpAccessSettings", + "DisassociateNetworkSettings", + "DisassociateTrustStore", + "DisassociateUserAccessLoggingSettings", + "DisassociateUserSettings", + "GetBrowserSettings", + "GetIdentityProvider", + "GetIpAccessSettings", + "GetNetworkSettings", + "GetPortal", + "GetPortalServiceProviderMetadata", + "GetTrustStore", + "GetTrustStoreCertificate", + "GetUserAccessLoggingSettings", + "GetUserSettings", + "ListBrowserSettings", + "ListIdentityProviders", + "ListIpAccessSettings", + "ListNetworkSettings", + "ListPortals", "ListTagsForResource", - "StartResourceScan", + "ListTrustStoreCertificates", + "ListTrustStores", + "ListUserAccessLoggingSettings", + "ListUserSettings", "TagResource", "UntagResource", - "UpdateArchiveRule", - "UpdateFindings" + "UpdateBrowserSettings", + "UpdateIdentityProvider", + "UpdateIpAccessSettings", + "UpdateNetworkSettings", + "UpdatePortal", + "UpdateTrustStore", + "UpdateUserAccessLoggingSettings", + "UpdateUserSettings" ], "HasResource": true, - "StringPrefix": "access-analyzer", + "StringPrefix": "workspaces-web", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys" ] }, - "Identity And Access Management": { - "ARNFormat": "arn:aws:iam::\u003cnamespace\u003e:\u003crelative-id\u003e", - "ARNRegex": "^arn:aws:iam::.+", + "AmazonMediaImport": { + "ARNFormat": "arn:aws:mediaimport:${Region}:${Account}/*", "Actions": [ - "AddClientIDToOpenIDConnectProvider", - "AddRoleToInstanceProfile", - "AddUserToGroup", - "AttachGroupPolicy", - "AttachRolePolicy", - "AttachUserPolicy", - "ChangePassword", - "CreateAccessKey", - "CreateAccountAlias", - "CreateGroup", - "CreateInstanceProfile", - "CreateLoginProfile", - "CreateOpenIDConnectProvider", - "CreatePolicy", - "CreatePolicyVersion", - "CreateRole", - "CreateSAMLProvider", - "CreateServiceLinkedRole", - "CreateServiceSpecificCredential", - "CreateUser", - "CreateVirtualMFADevice", - "DeactivateMFADevice", - "DeleteAccessKey", - "DeleteAccountAlias", - "DeleteAccountPasswordPolicy", + "CreateDatabaseBinarySnapshot" + ], + "HasResource": false, + "StringPrefix": "mediaimport" + }, + "Apache Kafka APIs for Amazon MSK clusters": { + "ARNFormat": "arn:aws:kafka:${Region}:${Account}:${ResourceType}/${ResourceDescriptor}", + "ARNRegex": "^arn:aws:kafka:.+", + "Actions": [ + "AlterCluster", + "AlterClusterDynamicConfiguration", + "AlterGroup", + "AlterTopic", + "AlterTopicDynamicConfiguration", + "AlterTransactionalId", + "Connect", + "CreateTopic", "DeleteGroup", - "DeleteGroupPolicy", - "DeleteInstanceProfile", - "DeleteLoginProfile", - "DeleteOpenIDConnectProvider", - "DeletePolicy", - "DeletePolicyVersion", - "DeleteRole", - "DeleteRolePermissionsBoundary", - "DeleteRolePolicy", - "DeleteSAMLProvider", - "DeleteSSHPublicKey", - "DeleteServerCertificate", - "DeleteServiceLinkedRole", - "DeleteServiceSpecificCredential", - "DeleteSigningCertificate", - "DeleteUser", - "DeleteUserPermissionsBoundary", - "DeleteUserPolicy", - "DeleteVirtualMFADevice", - "DetachGroupPolicy", - "DetachRolePolicy", - "DetachUserPolicy", - "EnableMFADevice", - "GenerateCredentialReport", - "GenerateOrganizationsAccessReport", - "GenerateServiceLastAccessedDetails", - "GetAccessKeyLastUsed", - "GetAccountAuthorizationDetails", - "GetAccountPasswordPolicy", - "GetAccountSummary", - "GetContextKeysForCustomPolicy", - "GetContextKeysForPrincipalPolicy", - "GetCredentialReport", - "GetGroup", - "GetGroupPolicy", - "GetInstanceProfile", - "GetLoginProfile", - "GetOpenIDConnectProvider", - "GetOrganizationsAccessReport", - "GetPolicy", - "GetPolicyVersion", - "GetRole", - "GetRolePolicy", - "GetSAMLProvider", - "GetSSHPublicKey", - "GetServerCertificate", - "GetServiceLastAccessedDetails", - "GetServiceLastAccessedDetailsWithEntities", - "GetServiceLinkedRoleDeletionStatus", - "GetUser", - "GetUserPolicy", - "ListAccessKeys", - "ListAccountAliases", - "ListAttachedGroupPolicies", - "ListAttachedRolePolicies", - "ListAttachedUserPolicies", - "ListEntitiesForPolicy", - "ListGroupPolicies", - "ListGroups", - "ListGroupsForUser", - "ListInstanceProfiles", - "ListInstanceProfilesForRole", - "ListMFADevices", - "ListOpenIDConnectProviders", - "ListPolicies", - "ListPoliciesGrantingServiceAccess", - "ListPolicyVersions", - "ListRolePolicies", - "ListRoleTags", - "ListRoles", - "ListSAMLProviders", - "ListSSHPublicKeys", - "ListServerCertificates", - "ListServiceSpecificCredentials", - "ListSigningCertificates", - "ListUserPolicies", - "ListUserTags", - "ListUsers", - "ListVirtualMFADevices", - "PassRole", - "PutGroupPolicy", - "PutRolePermissionsBoundary", - "PutRolePolicy", - "PutUserPermissionsBoundary", - "PutUserPolicy", - "RemoveClientIDFromOpenIDConnectProvider", - "RemoveRoleFromInstanceProfile", - "RemoveUserFromGroup", - "ResetServiceSpecificCredential", - "ResyncMFADevice", - "SetDefaultPolicyVersion", - "SetSecurityTokenServicePreferences", - "SimulateCustomPolicy", - "SimulatePrincipalPolicy", - "TagRole", - "TagUser", - "UntagRole", - "UntagUser", - "UpdateAccessKey", - "UpdateAccountPasswordPolicy", - "UpdateAssumeRolePolicy", - "UpdateGroup", - "UpdateLoginProfile", - "UpdateOpenIDConnectProviderThumbprint", - "UpdateRole", - "UpdateRoleDescription", - "UpdateSAMLProvider", - "UpdateSSHPublicKey", - "UpdateServerCertificate", - "UpdateServiceSpecificCredential", - "UpdateSigningCertificate", - "UpdateUser", - "UploadSSHPublicKey", - "UploadServerCertificate", - "UploadSigningCertificate" + "DeleteTopic", + "DescribeCluster", + "DescribeClusterDynamicConfiguration", + "DescribeGroup", + "DescribeTopic", + "DescribeTopicDynamicConfiguration", + "DescribeTransactionalId", + "ReadData", + "WriteData", + "WriteDataIdempotently" ], "HasResource": true, - "StringPrefix": "iam", + "StringPrefix": "kafka-cluster", "conditionKeys": [ - "iam:AWSServiceName", - "iam:AssociatedResourceArn", - "iam:OrganizationsPolicyId", - "iam:PassedToService", - "iam:PermissionsBoundary", - "iam:PolicyARN", - "iam:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ] }, - "Launch Wizard": { - "ARNRegex": "^arn:aws:launchwizard:.+:.+:.+", + "Application Discovery Arsenal": { "Actions": [ - "DeleteApp", - "DescribeProvisionedApp", - "DescribeProvisioningEvents", - "GetInfrastructureSuggestion", - "GetIpAddress", - "GetResourceCostEstimate", - "ListProvisionedApps", - "StartProvisioning" + "RegisterOnPremisesAgent" ], "HasResource": false, - "StringPrefix": "launchwizard" + "StringPrefix": "arsenal" }, - "Manage Amazon API Gateway": { - "ARNFormat": "arn:aws:apigateway:\u003cregion\u003e::\u003capi_gateway_resource_path\u003e", - "ARNRegex": "^arn:aws:apigateway:.+", + "Database Query Metadata Service": { + "ARNFormat": "arn:${Partition}:dbqms::", + "ARNRegex": "^arn:${Partition}:dbqms::.+", "Actions": [ - "DELETE", - "GET", - "PATCH", - "POST", - "PUT", - "SetWebACL", - "UpdateRestApiPolicy" + "CreateFavoriteQuery", + "CreateQueryHistory", + "CreateTab", + "DeleteFavoriteQueries", + "DeleteQueryHistory", + "DeleteTab", + "DescribeFavoriteQueries", + "DescribeQueryHistory", + "DescribeTabs", + "GetQueryString", + "UpdateFavoriteQuery", + "UpdateQueryHistory", + "UpdateTab" ], - "HasResource": true, - "StringPrefix": "apigateway", - "conditionKeys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ] + "HasResource": false, + "StringPrefix": "dbqms" }, - "Network Manager": { - "ARNFormat": "arn:aws:networkmanager::\u003caccount-id\u003e:\u003cresource-type\u003e/\u003cresource_name\u003e", - "ARNRegex": "^arn:aws:networkmanager::.+:.+", + "High-volume outbound communications": { + "ARNFormat": "arn:aws:connect-campaigns:${Region}:${Account}:campaign/${CampaignId}", + "ARNRegex": "^arn:aws:connect-campaigns:.+:.*:campaign/.*", "Actions": [ - "AssociateCustomerGateway", - "AssociateLink", - "CreateDevice", - "CreateGlobalNetwork", - "CreateLink", - "CreateSite", - "DeleteDevice", - "DeleteGlobalNetwork", - "DeleteLink", - "DeleteSite", - "DeregisterTransitGateway", - "DescribeGlobalNetworks", - "DisassociateCustomerGateway", - "DisassociateLink", - "GetCustomerGatewayAssociations", - "GetDevices", - "GetLinkAssociations", - "GetLinks", - "GetSites", - "GetTransitGatewayRegistrations", + "CreateCampaign", + "DeleteCampaign", + "DeleteConnectInstanceConfig", + "DeleteInstanceOnboardingJob", + "DescribeCampaign", + "GetCampaignState", + "GetCampaignStateBatch", + "GetConnectInstanceConfig", + "GetInstanceOnboardingJobStatus", + "ListCampaigns", "ListTagsForResource", - "RegisterTransitGateway", + "PauseCampaign", + "PutDialRequestBatch", + "ResumeCampaign", + "StartCampaign", + "StartInstanceOnboardingJob", + "StopCampaign", "TagResource", "UntagResource", - "UpdateDevice", - "UpdateGlobalNetwork", - "UpdateLink", - "UpdateSite" + "UpdateCampaignDialerConfig", + "UpdateCampaignName", + "UpdateCampaignOutboundCallConfig" ], "HasResource": true, - "StringPrefix": "networkmanager", + "StringPrefix": "connect-campaigns", "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "networkmanager:cgwArn", - "networkmanager:tgwArn" + "aws:TagKeys" ] }, "Service Quotas": { - "ARNFormat": "arn:aws:servicequotas:\u003cregion\u003e:\u003caccount\u003e:\u003cresourceType\u003e/\u003cresourceName\u003e", + "ARNFormat": "arn:aws:servicequotas:${Region}:${Account}:${ResourceType}/${ResourceName}", "ARNRegex": "^arn:aws:servicequotas:.+", "Actions": [ "AssociateServiceQuotaTemplate", @@ -10147,12 +20837,18 @@ "ListServiceQuotaIncreaseRequestsInTemplate", "ListServiceQuotas", "ListServices", + "ListTagsForResource", "PutServiceQuotaIncreaseRequestIntoTemplate", - "RequestServiceQuotaIncrease" + "RequestServiceQuotaIncrease", + "TagResource", + "UntagResource" ], "HasResource": true, "StringPrefix": "servicequotas", "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", "servicequotas:service" ] }