Merge pull request #1103 from udondan/iam-updates

udondan · Jan 25, 2025 · f692481 · f692481
2 parents 748e62e + 63da837
commit f692481
Show file tree

Hide file tree

Showing 15 changed files with 117 additions and 14 deletions.
diff --git a/CHANGELOG/v0.667.0.md b/CHANGELOG/v0.667.0.md
@@ -0,0 +1,11 @@
+**New actions:**
+
+- connect:DeleteContactFlowVersion
+- healthlake:GetExportedFile
+- healthlake:StartFHIRExportJobWithGet
+
+**New condition keys:**
+
+- datazone:domainId
+- datazone:projectId
+- datazone:userId
diff --git a/README.md b/README.md
@@ -17,9 +17,9 @@
 Support for:
 
 - 417 Services
-- 18219 Actions
+- 18222 Actions
 - 1960 Resource Types
-- 1906 Condition keys
+- 1909 Condition keys
 <!-- /stats -->
 
 ![EXPERIMENTAL](https://img.shields.io/badge/stability-experimantal-orange?style=for-the-badge)**<br>This is an early version of the package. The API will change while I implement new features. Therefore make sure you use an exact version in your `package.json` before it reaches 1.0.0.**

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.666.0
+0.667.0
diff --git a/docs/source/conf.py b/docs/source/conf.py
@@ -24,7 +24,7 @@
 author = 'Daniel Schroeder'
 
 # The full version, including alpha/beta/rc tags
-release = '0.666.0'
+release = '0.667.0'
 
 # -- General configuration ---------------------------------------------------
 

diff --git a/docs/source/index.rst b/docs/source/index.rst
@@ -31,9 +31,9 @@ AWS IAM policy statement generator with fluent interface.
 Support for:
 
 - 417 Services
-- 18219 Actions
+- 18222 Actions
 - 1960 Resource Types
-- 1906 Condition keys
+- 1909 Condition keys
 
 ..
    /stats

diff --git a/lib/generated/policy-statements/cloudwatchlogs.ts b/lib/generated/policy-statements/cloudwatchlogs.ts
@@ -119,11 +119,11 @@ export class Logs extends PolicyStatement {
   }
 
   /**
-   * Grants permission to delete a data protection policy attached to an account
+   * Grants permission to delete an account policy
    *
    * Access Level: Write
    *
-   * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDataProtectionPolicy.html
+   * https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteAccountPolicy.html
    */
   public toDeleteAccountPolicy() {
     return this.to('DeleteAccountPolicy');
@@ -328,7 +328,7 @@ export class Logs extends PolicyStatement {
   }
 
   /**
-   * Grants permission to retrieve a data protection policy attached to an account
+   * Grants permission to retrieve account policies
    *
    * Access Level: List
    *
@@ -779,7 +779,7 @@ export class Logs extends PolicyStatement {
   }
 
   /**
-   * Grants permission to attach a data protection policy at account level to detect and redact sensitive information from log events
+   * Grants permission to attach an account policy
    *
    * Access Level: Write
    *

diff --git a/lib/generated/policy-statements/connect.ts b/lib/generated/policy-statements/connect.ts
@@ -964,6 +964,22 @@ export class Connect extends PolicyStatement {
     return this.to('DeleteContactFlowModule');
   }
 
+  /**
+   * Grants permission to delete a version of a flow in an Amazon Connect instance
+   *
+   * Access Level: Write
+   *
+   * Possible conditions:
+   * - .ifAwsResourceTag()
+   * - .ifInstanceId()
+   * - .ifFlowType()
+   *
+   * https://docs.aws.amazon.com/connect/latest/APIReference/API_DeleteContactFlowVersion.html
+   */
+  public toDeleteContactFlowVersion() {
+    return this.to('DeleteContactFlowVersion');
+  }
+
   /**
    * Grants permission to delete an email address resource in an Amazon Connect instance
    *
@@ -4447,6 +4463,7 @@ export class Connect extends PolicyStatement {
       'DeleteContactEvaluation',
       'DeleteContactFlow',
       'DeleteContactFlowModule',
+      'DeleteContactFlowVersion',
       'DeleteEmailAddress',
       'DeleteEvaluationForm',
       'DeleteHoursOfOperation',
@@ -5378,6 +5395,7 @@ export class Connect extends PolicyStatement {
    * - .toDeleteContactEvaluation()
    * - .toDeleteContactFlow()
    * - .toDeleteContactFlowModule()
+   * - .toDeleteContactFlowVersion()
    * - .toDeleteEmailAddress()
    * - .toDeleteEvaluationForm()
    * - .toDeleteHoursOfOperation()
@@ -5598,6 +5616,7 @@ export class Connect extends PolicyStatement {
    * - .toCreateContactFlow()
    * - .toCreateContactFlowVersion()
    * - .toDeleteContactFlow()
+   * - .toDeleteContactFlowVersion()
    * - .toDescribeContactFlow()
    * - .toListContactFlowVersions()
    * - .toSearchContactFlows()
@@ -5672,6 +5691,7 @@ export class Connect extends PolicyStatement {
    * - .toDeleteContactEvaluation()
    * - .toDeleteContactFlow()
    * - .toDeleteContactFlowModule()
+   * - .toDeleteContactFlowVersion()
    * - .toDeleteEmailAddress()
    * - .toDeleteEvaluationForm()
    * - .toDeleteHoursOfOperation()

diff --git a/lib/generated/policy-statements/datazone.ts b/lib/generated/policy-statements/datazone.ts
@@ -1948,4 +1948,40 @@ export class Datazone extends PolicyStatement {
   public ifAwsTagKeys(value: string | string[], operator?: Operator | string) {
     return this.if(`aws:TagKeys`, value, operator ?? 'StringLike');
   }
+
+  /**
+   * Filters access by the domain ID passed in the request
+   *
+   * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#amazondatazone-policy-keys
+   *
+   * @param value The value(s) to check
+   * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
+   */
+  public ifDomainId(value: string | string[], operator?: Operator | string) {
+    return this.if(`domainId`, value, operator ?? 'StringLike');
+  }
+
+  /**
+   * Filters access by the project ID passed in the request
+   *
+   * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#amazondatazone-policy-keys
+   *
+   * @param value The value(s) to check
+   * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
+   */
+  public ifProjectId(value: string | string[], operator?: Operator | string) {
+    return this.if(`projectId`, value, operator ?? 'StringLike');
+  }
+
+  /**
+   * Filters access by the user ID passed in the request
+   *
+   * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#amazondatazone-policy-keys
+   *
+   * @param value The value(s) to check
+   * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
+   */
+  public ifUserId(value: string | string[], operator?: Operator | string) {
+    return this.if(`userId`, value, operator ?? 'StringLike');
+  }
 }
diff --git a/lib/generated/policy-statements/ec2.ts b/lib/generated/policy-statements/ec2.ts
@@ -11969,6 +11969,7 @@ export class Ec2 extends PolicyStatement {
    * - .ifAttribute()
    * - .ifAttribute()
    * - .ifRegion()
+   * - .ifResourceTag()
    */
   public onTrafficMirrorFilterRule(trafficMirrorFilterRuleId: string, account?: string, region?: string, partition?: string) {
     return this.on(`arn:${ partition ?? this.defaultPartition }:ec2:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:traffic-mirror-filter-rule/${ trafficMirrorFilterRuleId }`);
@@ -12662,6 +12663,7 @@ export class Ec2 extends PolicyStatement {
    * - .toCreateSnapshot()
    * - .toCreateSnapshots()
    * - .toCreateSubnet()
+   * - .toCreateTags()
    * - .toCreateTrafficMirrorFilter()
    * - .toCreateTrafficMirrorFilterRule()
    * - .toCreateTrafficMirrorSession()
@@ -12681,11 +12683,13 @@ export class Ec2 extends PolicyStatement {
    * - .toCreateVerifiedAccessTrustProvider()
    * - .toCreateVolume()
    * - .toCreateVpc()
+   * - .toCreateVpcBlockPublicAccessExclusion()
    * - .toCreateVpcEndpoint()
    * - .toCreateVpcEndpointServiceConfiguration()
    * - .toCreateVpcPeeringConnection()
    * - .toCreateVpnConnection()
    * - .toCreateVpnGateway()
+   * - .toDeleteTags()
    * - .toExportImage()
    * - .toImportImage()
    * - .toImportKeyPair()
@@ -13371,6 +13375,7 @@ export class Ec2 extends PolicyStatement {
    * - .toCreateSnapshot()
    * - .toCreateSnapshots()
    * - .toCreateSubnet()
+   * - .toCreateTags()
    * - .toCreateTrafficMirrorFilter()
    * - .toCreateTrafficMirrorFilterRule()
    * - .toCreateTrafficMirrorSession()
@@ -13390,6 +13395,7 @@ export class Ec2 extends PolicyStatement {
    * - .toCreateVerifiedAccessTrustProvider()
    * - .toCreateVolume()
    * - .toCreateVpc()
+   * - .toCreateVpcBlockPublicAccessExclusion()
    * - .toCreateVpcEndpoint()
    * - .toCreateVpcEndpointServiceConfiguration()
    * - .toCreateVpcPeeringConnection()
@@ -14946,6 +14952,7 @@ export class Ec2 extends PolicyStatement {
    * - .toPauseVolumeIO()
    * - .toRebootInstances()
    * - .toReplaceIamInstanceProfileAssociation()
+   * - .toReportInstanceStatus()
    * - .toResetInstanceAttribute()
    * - .toRunInstances()
    * - .toSendDiagnosticInterrupt()
@@ -17868,6 +17875,7 @@ export class Ec2 extends PolicyStatement {
    * - subnet-cidr-reservation
    * - subnet
    * - traffic-mirror-filter
+   * - traffic-mirror-filter-rule
    * - traffic-mirror-session
    * - traffic-mirror-target
    * - transit-gateway-attachment

diff --git a/lib/generated/policy-statements/healthlake.ts b/lib/generated/policy-statements/healthlake.ts
@@ -132,6 +132,17 @@ export class Healthlake extends PolicyStatement {
     return this.to('GetCapabilities');
   }
 
+  /**
+   * Grants permission to access exported files from a FHIR Export job initiated with Get
+   *
+   * Access Level: Read
+   *
+   * https://docs.aws.amazon.com/healthlake/latest/devguide/export-datastore-rest.html
+   */
+  public toGetExportedFile() {
+    return this.to('GetExportedFile');
+  }
+
   /**
    * Grants permission to list all FHIR datastores that are in the user's account, regardless of datastore status
    *
@@ -231,6 +242,17 @@ export class Healthlake extends PolicyStatement {
     return this.to('StartFHIRExportJob');
   }
 
+  /**
+   * Grants permission to begin a FHIR Export job with Get
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/healthlake/latest/devguide/export-datastore-rest.html
+   */
+  public toStartFHIRExportJobWithGet() {
+    return this.to('StartFHIRExportJobWithGet');
+  }
+
   /**
    * Grants permission to begin a FHIR Export job with Post
    *
@@ -302,6 +324,7 @@ export class Healthlake extends PolicyStatement {
       'DeleteFHIRDatastore',
       'DeleteResource',
       'StartFHIRExportJob',
+      'StartFHIRExportJobWithGet',
       'StartFHIRExportJobWithPost',
       'StartFHIRImportJob',
       'UpdateResource'
@@ -312,6 +335,7 @@ export class Healthlake extends PolicyStatement {
       'DescribeFHIRExportJobWithGet',
       'DescribeFHIRImportJob',
       'GetCapabilities',
+      'GetExportedFile',
       'ReadResource',
       'SearchEverything',
       'SearchWithGet',

diff --git a/lib/generated/policy-statements/iot.ts b/lib/generated/policy-statements/iot.ts
@@ -1788,8 +1788,6 @@ export class Iot extends PolicyStatement {
    * Grants permission to get the thing's connectivity data
    *
    * Access Level: Read
-   *
-   * https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html
    */
   public toGetThingConnectivityData() {
     return this.to('GetThingConnectivityData');

diff --git a/lib/generated/policy-statements/route53resolver.ts b/lib/generated/policy-statements/route53resolver.ts
@@ -531,7 +531,7 @@ export class Route53resolver extends PolicyStatement {
   }
 
   /**
-   * Grants permission to list all the Firewall domain under a speicfied Firewall domain list
+   * Grants permission to list all the Firewall domain under a specified Firewall domain list
    *
    * Access Level: List
    *
@@ -564,7 +564,7 @@ export class Route53resolver extends PolicyStatement {
   }
 
   /**
-   * Grants permission to list all the Firewall rule under a speicfied Firewall rule group
+   * Grants permission to list all the Firewall rule under a specified Firewall rule group
    *
    * Access Level: List
    *

diff --git a/stats/actions/connect b/stats/actions/connect
@@ -56,6 +56,7 @@ connect:DeleteAttachedFile;Write
 connect:DeleteContactEvaluation;Write
 connect:DeleteContactFlow;Write
 connect:DeleteContactFlowModule;Write
+connect:DeleteContactFlowVersion;Write
 connect:DeleteEmailAddress;Write
 connect:DeleteEvaluationForm;Write
 connect:DeleteHoursOfOperation;Write

diff --git a/stats/actions/healthlake b/stats/actions/healthlake
@@ -8,6 +8,7 @@ healthlake:DescribeFHIRExportJob;Read
 healthlake:DescribeFHIRExportJobWithGet;Read
 healthlake:DescribeFHIRImportJob;Read
 healthlake:GetCapabilities;Read
+healthlake:GetExportedFile;Read
 healthlake:ListFHIRDatastores;List
 healthlake:ListFHIRExportJobs;List
 healthlake:ListFHIRImportJobs;List
@@ -17,6 +18,7 @@ healthlake:SearchEverything;Read
 healthlake:SearchWithGet;Read
 healthlake:SearchWithPost;Read
 healthlake:StartFHIRExportJob;Write
+healthlake:StartFHIRExportJobWithGet;Write
 healthlake:StartFHIRExportJobWithPost;Write
 healthlake:StartFHIRImportJob;Write
 healthlake:TagResource;Tagging

diff --git a/stats/conditions/datazone b/stats/conditions/datazone
@@ -1,3 +1,6 @@
 datazone:RequestTag/${TagKey}
 datazone:ResourceTag/${TagKey}
 datazone:TagKeys
+datazone:domainId
+datazone:projectId
+datazone:userId