diff --git a/CHANGELOG/v0.680.0.md b/CHANGELOG/v0.680.0.md new file mode 100644 index 000000000..2c12cfcb4 --- /dev/null +++ b/CHANGELOG/v0.680.0.md @@ -0,0 +1,17 @@ +**New services:** + +- gameliftstreams + +**New actions:** + +- rum:DeleteResourcePolicy +- rum:GetResourcePolicy +- rum:PutResourcePolicy +- sso-directory:IsMemberInGroups +- workspaces:ModifyEndpointEncryptionMode + +**New condition keys:** + +- bedrock:GuardrailIdentifier +- connect:Channel +- connect:ContactAssociationId diff --git a/README.md b/README.md index b9bfe45d9..6f4da303d 100644 --- a/README.md +++ b/README.md @@ -16,10 +16,10 @@ Support for: -- 418 Services -- 18369 Actions -- 1970 Resource Types -- 1923 Condition keys +- 419 Services +- 18398 Actions +- 1972 Resource Types +- 1929 Condition keys ![EXPERIMENTAL](https://img.shields.io/badge/stability-experimantal-orange?style=for-the-badge)**
This is an early version of the package. The API will change while I implement new features. Therefore make sure you use an exact version in your `package.json` before it reaches 1.0.0.** diff --git a/VERSION b/VERSION index e1ab3dae1..a5a0857d1 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.679.0 +0.680.0 diff --git a/docs/source/conf.py b/docs/source/conf.py index 07ec65514..aeded0207 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -24,7 +24,7 @@ author = 'Daniel Schroeder' # The full version, including alpha/beta/rc tags -release = '0.679.0' +release = '0.680.0' # -- General configuration --------------------------------------------------- diff --git a/docs/source/index.rst b/docs/source/index.rst index 5ed142673..87bdcdccb 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -30,10 +30,10 @@ AWS IAM policy statement generator with fluent interface. Support for: -- 418 Services -- 18369 Actions -- 1970 Resource Types -- 1923 Condition keys +- 419 Services +- 18398 Actions +- 1972 Resource Types +- 1929 Condition keys .. /stats diff --git a/lib/generated/index.ts b/lib/generated/index.ts index 742586861..c0506deee 100644 --- a/lib/generated/index.ts +++ b/lib/generated/index.ts @@ -76,6 +76,7 @@ export { Frauddetector } from './policy-statements/frauddetector'; export { Freertos } from './policy-statements/freertos'; export { Fsx } from './policy-statements/fsx'; export { Gamelift } from './policy-statements/gamelift'; +export { Gameliftstreams } from './policy-statements/gameliftstreams'; export { Groundtruthlabeling } from './policy-statements/groundtruthlabeling'; export { Guardduty } from './policy-statements/guardduty'; export { Honeycode } from './policy-statements/honeycode'; diff --git a/lib/generated/policy-statements/bedrock.ts b/lib/generated/policy-statements/bedrock.ts index 1d4fb2411..a6b788d20 100644 --- a/lib/generated/policy-statements/bedrock.ts +++ b/lib/generated/policy-statements/bedrock.ts @@ -1316,6 +1316,7 @@ export class Bedrock extends PolicyStatement { * - .ifPromptRouterArn() * - .ifAwsRequestTag() * - .ifAwsTagKeys() + * - .ifGuardrailIdentifier() * * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_InvokeModel.html */ @@ -1331,6 +1332,7 @@ export class Bedrock extends PolicyStatement { * Possible conditions: * - .ifInferenceProfileArn() * - .ifPromptRouterArn() + * - .ifGuardrailIdentifier() * * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_InvokeModelWithResponseStream.html */ @@ -2905,6 +2907,22 @@ export class Bedrock extends PolicyStatement { return this.if(`aws:TagKeys`, value, operator ?? 'StringLike'); } + /** + * Filters access by the GuardrailIdentifier containing the GuardrailArn or the GuardrailArn:NumericVersion + * + * https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonbedrock.html#amazonbedrock-policy-keys + * + * Applies to actions: + * - .toInvokeModel() + * - .toInvokeModelWithResponseStream() + * + * @param value The value(s) to check + * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` + */ + public ifGuardrailIdentifier(value: string | string[], operator?: Operator | string) { + return this.if(`GuardrailIdentifier`, value, operator ?? 'ArnLike'); + } + /** * Filters access by the specified inference profile * diff --git a/lib/generated/policy-statements/cloudwatchrum.ts b/lib/generated/policy-statements/cloudwatchrum.ts index 6ab31a58a..226a5a534 100644 --- a/lib/generated/policy-statements/cloudwatchrum.ts +++ b/lib/generated/policy-statements/cloudwatchrum.ts @@ -81,6 +81,17 @@ export class Rum extends PolicyStatement { return this.to('DeleteAppMonitor'); } + /** + * Grants permission to delete a resource policy attached to an app monitor + * + * Access Level: Write + * + * https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_DeleteResourcePolicy.html + */ + public toDeleteResourcePolicy() { + return this.to('DeleteResourcePolicy'); + } + /** * Grants permission to delete rum metrics destinations * @@ -114,6 +125,17 @@ export class Rum extends PolicyStatement { return this.to('GetAppMonitorData'); } + /** + * Grants permission to retrieve a resource policy attached to an app monitor + * + * Access Level: Read + * + * https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_GetResourcePolicy.html + */ + public toGetResourcePolicy() { + return this.to('GetResourcePolicy'); + } + /** * Grants permission to list appMonitors metadata * @@ -147,6 +169,17 @@ export class Rum extends PolicyStatement { return this.to('ListTagsForResource'); } + /** + * Grants permission to attach a resource policy to an app monitor + * + * Access Level: Write + * + * https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_PutResourcePolicy.html + */ + public toPutResourcePolicy() { + return this.to('PutResourcePolicy'); + } + /** * Grants permission to put RUM events for appmonitor * @@ -230,7 +263,9 @@ export class Rum extends PolicyStatement { 'BatchDeleteRumMetricDefinitions', 'CreateAppMonitor', 'DeleteAppMonitor', + 'DeleteResourcePolicy', 'DeleteRumMetricsDestination', + 'PutResourcePolicy', 'PutRumEvents', 'PutRumMetricsDestination', 'UpdateAppMonitor', @@ -240,6 +275,7 @@ export class Rum extends PolicyStatement { 'BatchGetRumMetricDefinitions', 'GetAppMonitor', 'GetAppMonitorData', + 'GetResourcePolicy', 'ListRumMetricsDestinations', 'ListTagsForResource' ], diff --git a/lib/generated/policy-statements/connect.ts b/lib/generated/policy-statements/connect.ts index 4a9cc9420..0b64e5534 100644 --- a/lib/generated/policy-statements/connect.ts +++ b/lib/generated/policy-statements/connect.ts @@ -1373,6 +1373,9 @@ export class Connect extends PolicyStatement { * * Possible conditions: * - .ifInstanceId() + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() * * https://docs.aws.amazon.com/connect/latest/APIReference/API_DescribeContact.html */ @@ -2010,6 +2013,9 @@ export class Connect extends PolicyStatement { * * Possible conditions: * - .ifInstanceId() + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() * * https://docs.aws.amazon.com/connect/latest/APIReference/API_GetContactAttributes.html */ @@ -2325,6 +2331,9 @@ export class Connect extends PolicyStatement { * * Possible conditions: * - .ifInstanceId() + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() * * https://docs.aws.amazon.com/connect/latest/APIReference/API_ListContactReferences.html */ @@ -2962,6 +2971,11 @@ export class Connect extends PolicyStatement { * * Access Level: Write * + * Possible conditions: + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() + * * https://docs.aws.amazon.com/connect/latest/APIReference/API_ResumeContactRecording.html */ public toResumeContactRecording() { @@ -3369,6 +3383,11 @@ export class Connect extends PolicyStatement { * * Access Level: Write * + * Possible conditions: + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() + * * https://docs.aws.amazon.com/connect/latest/APIReference/API_StartContactRecording.html */ public toStartContactRecording() { @@ -3463,6 +3482,9 @@ export class Connect extends PolicyStatement { * * Possible conditions: * - .ifInstanceId() + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() * * https://docs.aws.amazon.com/connect/latest/APIReference/API_StartScreenSharing.html */ @@ -3507,6 +3529,9 @@ export class Connect extends PolicyStatement { * * Possible conditions: * - .ifInstanceId() + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() * * https://docs.aws.amazon.com/connect/latest/APIReference/API_StopContact.html */ @@ -3519,6 +3544,11 @@ export class Connect extends PolicyStatement { * * Access Level: Write * + * Possible conditions: + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() + * * https://docs.aws.amazon.com/connect/latest/APIReference/API_StopContactRecording.html */ public toStopContactRecording() { @@ -3569,6 +3599,11 @@ export class Connect extends PolicyStatement { * * Access Level: Write * + * Possible conditions: + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() + * * https://docs.aws.amazon.com/connect/latest/APIReference/API_SuspendContactRecording.html */ public toSuspendContactRecording() { @@ -3582,6 +3617,9 @@ export class Connect extends PolicyStatement { * * Possible conditions: * - .ifInstanceId() + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() * * https://docs.aws.amazon.com/connect/latest/APIReference/API_TagContact.html */ @@ -3611,6 +3649,9 @@ export class Connect extends PolicyStatement { * * Possible conditions: * - .ifInstanceId() + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() * * https://docs.aws.amazon.com/connect/latest/APIReference/API_TransferContact.html */ @@ -3625,6 +3666,9 @@ export class Connect extends PolicyStatement { * * Possible conditions: * - .ifInstanceId() + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() * * https://docs.aws.amazon.com/connect/latest/APIReference/API_UntagContact.html */ @@ -3682,6 +3726,9 @@ export class Connect extends PolicyStatement { * * Possible conditions: * - .ifInstanceId() + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() * * https://docs.aws.amazon.com/connect/latest/APIReference/API_UpdateContact.html */ @@ -3696,6 +3743,9 @@ export class Connect extends PolicyStatement { * * Possible conditions: * - .ifInstanceId() + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() * * https://docs.aws.amazon.com/connect/latest/APIReference/API_UpdateContactAttributes.html */ @@ -3802,6 +3852,9 @@ export class Connect extends PolicyStatement { * * Possible conditions: * - .ifInstanceId() + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() * * https://docs.aws.amazon.com/connect/latest/APIReference/API_UpdateContactRoutingData.html */ @@ -3816,6 +3869,9 @@ export class Connect extends PolicyStatement { * * Possible conditions: * - .ifInstanceId() + * - .ifContactAssociationId() + * - .ifChannel() + * - .ifUserArn() * * https://docs.aws.amazon.com/connect/latest/APIReference/API_UpdateContactSchedule.html */ @@ -5625,6 +5681,66 @@ export class Connect extends PolicyStatement { return this.if(`AttributeType`, value, operator ?? 'StringLike'); } + /** + * Filters access by Channel + * + * https://docs.aws.amazon.com/connect/latest/adminguide/security_iam_service-with-iam.html + * + * Applies to actions: + * - .toDescribeContact() + * - .toGetContactAttributes() + * - .toListContactReferences() + * - .toResumeContactRecording() + * - .toStartContactRecording() + * - .toStartScreenSharing() + * - .toStopContact() + * - .toStopContactRecording() + * - .toSuspendContactRecording() + * - .toTagContact() + * - .toTransferContact() + * - .toUntagContact() + * - .toUpdateContact() + * - .toUpdateContactAttributes() + * - .toUpdateContactRoutingData() + * - .toUpdateContactSchedule() + * + * @param value The value(s) to check + * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` + */ + public ifChannel(value: string | string[], operator?: Operator | string) { + return this.if(`Channel`, value, operator ?? 'StringLike'); + } + + /** + * Filters access by ContactAssociationId + * + * https://docs.aws.amazon.com/connect/latest/adminguide/security_iam_service-with-iam.html + * + * Applies to actions: + * - .toDescribeContact() + * - .toGetContactAttributes() + * - .toListContactReferences() + * - .toResumeContactRecording() + * - .toStartContactRecording() + * - .toStartScreenSharing() + * - .toStopContact() + * - .toStopContactRecording() + * - .toSuspendContactRecording() + * - .toTagContact() + * - .toTransferContact() + * - .toUntagContact() + * - .toUpdateContact() + * - .toUpdateContactAttributes() + * - .toUpdateContactRoutingData() + * - .toUpdateContactSchedule() + * + * @param value The value(s) to check + * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` + */ + public ifContactAssociationId(value: string | string[], operator?: Operator | string) { + return this.if(`ContactAssociationId`, value, operator ?? 'StringLike'); + } + /** * Filters access by restricting access to create contacts based on the initiation method of the contact * @@ -6028,7 +6144,23 @@ export class Connect extends PolicyStatement { * https://docs.aws.amazon.com/connect/latest/adminguide/security_iam_service-with-iam.html * * Applies to actions: + * - .toDescribeContact() + * - .toGetContactAttributes() + * - .toListContactReferences() + * - .toResumeContactRecording() * - .toStartAttachedFileUpload() + * - .toStartContactRecording() + * - .toStartScreenSharing() + * - .toStopContact() + * - .toStopContactRecording() + * - .toSuspendContactRecording() + * - .toTagContact() + * - .toTransferContact() + * - .toUntagContact() + * - .toUpdateContact() + * - .toUpdateContactAttributes() + * - .toUpdateContactRoutingData() + * - .toUpdateContactSchedule() * * @param value The value(s) to check * @param operator Works with [arn operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). **Default:** `ArnLike` diff --git a/lib/generated/policy-statements/gameliftstreams.ts b/lib/generated/policy-statements/gameliftstreams.ts new file mode 100644 index 000000000..a3fc87641 --- /dev/null +++ b/lib/generated/policy-statements/gameliftstreams.ts @@ -0,0 +1,435 @@ +import { AccessLevelList } from '../../shared/access-level'; +import { PolicyStatement, Operator } from '../../shared'; + +/** + * Statement provider for service [gameliftstreams](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazongameliftstreams.html). + * + * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement + */ +export class Gameliftstreams extends PolicyStatement { + public servicePrefix = 'gameliftstreams'; + + /** + * Statement provider for service [gameliftstreams](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazongameliftstreams.html). + * + * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement + */ + constructor(sid?: string) { + super(sid); + } + + /** + * Grants permission to attach a StreamGroup remote location + * + * Access Level: Write + * + * Dependent actions: + * - ec2:DescribeRegions + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_AddStreamGroupLocations.html + */ + public toAddStreamGroupLocations() { + return this.to('AddStreamGroupLocations'); + } + + /** + * Grants permission to associate Applications to a StreamGroup + * + * Access Level: Write + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_AssociateApplications.html + */ + public toAssociateApplications() { + return this.to('AssociateApplications'); + } + + /** + * Grants permission to create application + * + * Access Level: Write + * + * Possible conditions: + * - .ifAwsRequestTag() + * - .ifAwsTagKeys() + * + * Dependent actions: + * - gameliftstreams:TagResource + * - s3:GetObject + * - s3:ListBucket + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_CreateApplication.html + */ + public toCreateApplication() { + return this.to('CreateApplication'); + } + + /** + * Grants permission to create a StreamGroup + * + * Access Level: Write + * + * Possible conditions: + * - .ifAwsRequestTag() + * - .ifAwsTagKeys() + * + * Dependent actions: + * - gameliftstreams:TagResource + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_CreateStreamGroup.html + */ + public toCreateStreamGroup() { + return this.to('CreateStreamGroup'); + } + + /** + * Grants permission to create a stream session connection + * + * Access Level: Write + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_CreateStreamSessionConnection.html + */ + public toCreateStreamSessionConnection() { + return this.to('CreateStreamSessionConnection'); + } + + /** + * Grants permission to delete an application + * + * Access Level: Write + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_DeleteApplication.html + */ + public toDeleteApplication() { + return this.to('DeleteApplication'); + } + + /** + * Grants permission to delete a StreamGroup + * + * Access Level: Write + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_DeleteStreamGroup.html + */ + public toDeleteStreamGroup() { + return this.to('DeleteStreamGroup'); + } + + /** + * Grants permission to disassociate Applications from a StreamGroup + * + * Access Level: Write + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_DisassociateApplications.html + */ + public toDisassociateApplications() { + return this.to('DisassociateApplications'); + } + + /** + * Grants permission to export stream session files that your application generates + * + * Access Level: Write + * + * Dependent actions: + * - s3:PutObject + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_ExportStreamSessionFiles.html + */ + public toExportStreamSessionFiles() { + return this.to('ExportStreamSessionFiles'); + } + + /** + * Grants permission to get an application + * + * Access Level: Read + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_GetApplication.html + */ + public toGetApplication() { + return this.to('GetApplication'); + } + + /** + * Grants `permission` to get a StreamGroup + * + * Access Level: Read + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_GetStreamGroup.html + */ + public toGetStreamGroup() { + return this.to('GetStreamGroup'); + } + + /** + * Grants permission to get a stream session + * + * Access Level: Read + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_GetStreamSession.html + */ + public toGetStreamSession() { + return this.to('GetStreamSession'); + } + + /** + * Grants permission to list applications + * + * Access Level: List + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_ListApplications.html + */ + public toListApplications() { + return this.to('ListApplications'); + } + + /** + * Grants permission to list StreamGroups + * + * Access Level: List + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_ListStreamGroups.html + */ + public toListStreamGroups() { + return this.to('ListStreamGroups'); + } + + /** + * Grants permission to list stream sessions + * + * Access Level: Read + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_ListStreamSessions.html + */ + public toListStreamSessions() { + return this.to('ListStreamSessions'); + } + + /** + * Grants permission to list stream sessions + * + * Access Level: Read + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_ListStreamSessionsByAccount.html + */ + public toListStreamSessionsByAccount() { + return this.to('ListStreamSessionsByAccount'); + } + + /** + * Grants permission to list tags for a resource + * + * Access Level: Read + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_ListTagsForResource.html + */ + public toListTagsForResource() { + return this.to('ListTagsForResource'); + } + + /** + * Grants permission to detach a StreamGroup remote location + * + * Access Level: Write + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_RemoveStreamGroupLocations.html + */ + public toRemoveStreamGroupLocations() { + return this.to('RemoveStreamGroupLocations'); + } + + /** + * Grants permission to create a stream session + * + * Access Level: Write + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_StartStreamSession.html + */ + public toStartStreamSession() { + return this.to('StartStreamSession'); + } + + /** + * Grants permission to tag a resource + * + * Access Level: Tagging + * + * Possible conditions: + * - .ifAwsRequestTag() + * - .ifAwsTagKeys() + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_TagResource.html + */ + public toTagResource() { + return this.to('TagResource'); + } + + /** + * Grants permission to terminate a stream session + * + * Access Level: Write + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_TerminateStreamSession.html + */ + public toTerminateStreamSession() { + return this.to('TerminateStreamSession'); + } + + /** + * Grants permission to untag a resource + * + * Access Level: Tagging + * + * Possible conditions: + * - .ifAwsTagKeys() + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_UntagResource.html + */ + public toUntagResource() { + return this.to('UntagResource'); + } + + /** + * Grants permission to update an application + * + * Access Level: Write + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_UpdateApplication.html + */ + public toUpdateApplication() { + return this.to('UpdateApplication'); + } + + /** + * Grants permission to update a StreamGroup + * + * Access Level: Write + * + * https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_UpdateStreamGroup.html + */ + public toUpdateStreamGroup() { + return this.to('UpdateStreamGroup'); + } + + protected accessLevelList: AccessLevelList = { + Write: [ + 'AddStreamGroupLocations', + 'AssociateApplications', + 'CreateApplication', + 'CreateStreamGroup', + 'CreateStreamSessionConnection', + 'DeleteApplication', + 'DeleteStreamGroup', + 'DisassociateApplications', + 'ExportStreamSessionFiles', + 'RemoveStreamGroupLocations', + 'StartStreamSession', + 'TerminateStreamSession', + 'UpdateApplication', + 'UpdateStreamGroup' + ], + Read: [ + 'GetApplication', + 'GetStreamGroup', + 'GetStreamSession', + 'ListStreamSessions', + 'ListStreamSessionsByAccount', + 'ListTagsForResource' + ], + List: [ + 'ListApplications', + 'ListStreamGroups' + ], + Tagging: [ + 'TagResource', + 'UntagResource' + ] + }; + + /** + * Adds a resource of type application to the statement + * + * https://docs.aws.amazon.com/gameliftstreams/latest/developerguide/applications.html + * + * @param applicationId - Identifier for the applicationId. + * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. + * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. + * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. + * + * Possible conditions: + * - .ifAwsResourceTag() + */ + public onApplication(applicationId: string, account?: string, region?: string, partition?: string) { + return this.on(`arn:${ partition ?? this.defaultPartition }:gameliftstreams:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:application/${ applicationId }`); + } + + /** + * Adds a resource of type stream group to the statement + * + * https://docs.aws.amazon.com/gameliftstreams/latest/developerguide/stream-groups.html + * + * @param streamGroupId - Identifier for the streamGroupId. + * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. + * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. + * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. + * + * Possible conditions: + * - .ifAwsResourceTag() + */ + public onStreamGroup(streamGroupId: string, account?: string, region?: string, partition?: string) { + return this.on(`arn:${ partition ?? this.defaultPartition }:gameliftstreams:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:streamgroup/${ streamGroupId }`); + } + + /** + * Filters access by tags that are passed in the request + * + * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag + * + * Applies to actions: + * - .toCreateApplication() + * - .toCreateStreamGroup() + * - .toTagResource() + * + * @param tagKey The tag key to check + * @param value The value(s) to check + * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` + */ + public ifAwsRequestTag(tagKey: string, value: string | string[], operator?: Operator | string) { + return this.if(`aws:RequestTag/${ tagKey }`, value, operator ?? 'StringLike'); + } + + /** + * Filters access by the tags associated with the resource + * + * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag + * + * Applies to resource types: + * - application + * - stream group + * + * @param tagKey The tag key to check + * @param value The value(s) to check + * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` + */ + public ifAwsResourceTag(tagKey: string, value: string | string[], operator?: Operator | string) { + return this.if(`aws:ResourceTag/${ tagKey }`, value, operator ?? 'StringLike'); + } + + /** + * Filters access by a list of tag keys that are allowed in the request + * + * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys + * + * Applies to actions: + * - .toCreateApplication() + * - .toCreateStreamGroup() + * - .toTagResource() + * - .toUntagResource() + * + * @param value The value(s) to check + * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike` + */ + public ifAwsTagKeys(value: string | string[], operator?: Operator | string) { + return this.if(`aws:TagKeys`, value, operator ?? 'StringLike'); + } +} diff --git a/lib/generated/policy-statements/iamidentitycentersuccessortoawssinglesign-ondirectory.ts b/lib/generated/policy-statements/iamidentitycentersuccessortoawssinglesign-ondirectory.ts index 51ec831c9..965996bb2 100644 --- a/lib/generated/policy-statements/iamidentitycentersuccessortoawssinglesign-ondirectory.ts +++ b/lib/generated/policy-statements/iamidentitycentersuccessortoawssinglesign-ondirectory.ts @@ -381,6 +381,17 @@ export class SsoDirectory extends PolicyStatement { return this.to('IsMemberInGroup'); } + /** + * Grants permission to check if a member is a part of multiple groups in the directory that AWS IAM Identity Center provides by default + * + * Access Level: Read + * + * https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_IsMemberInGroups.html + */ + public toIsMemberInGroups() { + return this.to('IsMemberInGroups'); + } + /** * Grants permission to list bearer tokens for a given provisioning tenant * @@ -682,6 +693,7 @@ export class SsoDirectory extends PolicyStatement { 'GetUserId', 'GetUserPoolInfo', 'IsMemberInGroup', + 'IsMemberInGroups', 'ListBearerTokens', 'ListExternalIdPCertificates', 'ListExternalIdPConfigurationsForDirectory', diff --git a/lib/generated/policy-statements/workspaces.ts b/lib/generated/policy-statements/workspaces.ts index 8b49347c5..aa696552f 100644 --- a/lib/generated/policy-statements/workspaces.ts +++ b/lib/generated/policy-statements/workspaces.ts @@ -778,6 +778,17 @@ export class Workspaces extends PolicyStatement { return this.to('ModifyClientProperties'); } + /** + * Grants permission to configure the specified directory between Standard TLS and FIPS 140-2 validated mode + * + * Access Level: Write + * + * https://docs.aws.amazon.com/workspaces/latest/api/API_ModifyEndpointEncryptionMode.html + */ + public toModifyEndpointEncryptionMode() { + return this.to('ModifyEndpointEncryptionMode'); + } + /** * Grants permission to modify the SAML properties of a directory * @@ -1125,6 +1136,7 @@ export class Workspaces extends PolicyStatement { 'ModifyAccount', 'ModifyCertificateBasedAuthProperties', 'ModifyClientProperties', + 'ModifyEndpointEncryptionMode', 'ModifySamlProperties', 'ModifyStreamingProperties', 'ModifyWorkspaceAccessProperties', diff --git a/stats/actions/gameliftstreams b/stats/actions/gameliftstreams new file mode 100644 index 000000000..4f8467a70 --- /dev/null +++ b/stats/actions/gameliftstreams @@ -0,0 +1,24 @@ +gameliftstreams:AddStreamGroupLocations;Write +gameliftstreams:AssociateApplications;Write +gameliftstreams:CreateApplication;Write +gameliftstreams:CreateStreamGroup;Write +gameliftstreams:CreateStreamSessionConnection;Write +gameliftstreams:DeleteApplication;Write +gameliftstreams:DeleteStreamGroup;Write +gameliftstreams:DisassociateApplications;Write +gameliftstreams:ExportStreamSessionFiles;Write +gameliftstreams:GetApplication;Read +gameliftstreams:GetStreamGroup;Read +gameliftstreams:GetStreamSession;Read +gameliftstreams:ListApplications;List +gameliftstreams:ListStreamGroups;List +gameliftstreams:ListStreamSessions;Read +gameliftstreams:ListStreamSessionsByAccount;Read +gameliftstreams:ListTagsForResource;Read +gameliftstreams:RemoveStreamGroupLocations;Write +gameliftstreams:StartStreamSession;Write +gameliftstreams:TagResource;Tagging +gameliftstreams:TerminateStreamSession;Write +gameliftstreams:UntagResource;Tagging +gameliftstreams:UpdateApplication;Write +gameliftstreams:UpdateStreamGroup;Write diff --git a/stats/actions/rum b/stats/actions/rum index 40236314d..3b8f01de6 100644 --- a/stats/actions/rum +++ b/stats/actions/rum @@ -3,12 +3,15 @@ rum:BatchDeleteRumMetricDefinitions;Write rum:BatchGetRumMetricDefinitions;Read rum:CreateAppMonitor;Write rum:DeleteAppMonitor;Write +rum:DeleteResourcePolicy;Write rum:DeleteRumMetricsDestination;Write rum:GetAppMonitor;Read rum:GetAppMonitorData;Read +rum:GetResourcePolicy;Read rum:ListAppMonitors;List rum:ListRumMetricsDestinations;Read rum:ListTagsForResource;Read +rum:PutResourcePolicy;Write rum:PutRumEvents;Write rum:PutRumMetricsDestination;Write rum:TagResource;Tagging diff --git a/stats/actions/sso-directory b/stats/actions/sso-directory index fddc7a226..07dd003b5 100644 --- a/stats/actions/sso-directory +++ b/stats/actions/sso-directory @@ -31,6 +31,7 @@ sso-directory:GetUserId;Read sso-directory:GetUserPoolInfo;Read sso-directory:ImportExternalIdPCertificate;Write sso-directory:IsMemberInGroup;Read +sso-directory:IsMemberInGroups;Read sso-directory:ListBearerTokens;Read sso-directory:ListExternalIdPCertificates;Read sso-directory:ListExternalIdPConfigurationsForDirectory;Read diff --git a/stats/actions/workspaces b/stats/actions/workspaces index f1d4d97f8..c4516ad87 100644 --- a/stats/actions/workspaces +++ b/stats/actions/workspaces @@ -60,6 +60,7 @@ workspaces:MigrateWorkspace;Write workspaces:ModifyAccount;Write workspaces:ModifyCertificateBasedAuthProperties;Write workspaces:ModifyClientProperties;Write +workspaces:ModifyEndpointEncryptionMode;Write workspaces:ModifySamlProperties;Write workspaces:ModifySelfservicePermissions;Permissions management workspaces:ModifyStreamingProperties;Write diff --git a/stats/conditions/bedrock b/stats/conditions/bedrock index 779537d86..02e5ee21f 100644 --- a/stats/conditions/bedrock +++ b/stats/conditions/bedrock @@ -1,3 +1,4 @@ +bedrock:GuardrailIdentifier bedrock:InferenceProfileArn bedrock:PromptRouterArn bedrock:RequestTag/${TagKey} diff --git a/stats/conditions/connect b/stats/conditions/connect index 59ada99d9..f074d7b9b 100644 --- a/stats/conditions/connect +++ b/stats/conditions/connect @@ -1,5 +1,7 @@ connect:AssignmentType connect:AttributeType +connect:Channel +connect:ContactAssociationId connect:ContactInitiationMethod connect:FlowType connect:InstanceId diff --git a/stats/conditions/gameliftstreams b/stats/conditions/gameliftstreams new file mode 100644 index 000000000..3fe9a3a7a --- /dev/null +++ b/stats/conditions/gameliftstreams @@ -0,0 +1,3 @@ +gameliftstreams:RequestTag/${TagKey} +gameliftstreams:ResourceTag/${TagKey} +gameliftstreams:TagKeys diff --git a/stats/resources/gameliftstreams b/stats/resources/gameliftstreams new file mode 100644 index 000000000..48eb5cee7 --- /dev/null +++ b/stats/resources/gameliftstreams @@ -0,0 +1,2 @@ +gameliftstreams:application +gameliftstreams:stream group diff --git a/stats/services b/stats/services index d2f333a45..b84341a03 100644 --- a/stats/services +++ b/stats/services @@ -165,6 +165,7 @@ freertos freetier fsx gamelift +gameliftstreams geo geo-maps geo-places