diff --git a/README.md b/README.md index b51a7cba0..3ac8d0bbc 100644 --- a/README.md +++ b/README.md @@ -466,4 +466,3 @@ The Terraform module is published and maintained [here](https://github.com/sales [13]: https://policy-sentry.readthedocs.io/en/latest/user-guide/write-policy.html#crud-mode-arns-and-access-levels [14]: https://policy-sentry.readthedocs.io/en/latest/user-guide/write-policy.html#actions-mode-lists-of-iam-actions [15]: https://policy-sentry.readthedocs.io/en/latest/user-guide/write-policy.html#folder-mode-write-multiple-policies-from-crud-mode-files - diff --git a/policy_sentry/shared/data/docs/list_amazonappintegrations.html b/policy_sentry/shared/data/docs/list_amazonappintegrations.html index aefc82dd4..b304bfca2 100644 --- a/policy_sentry/shared/data/docs/list_amazonappintegrations.html +++ b/policy_sentry/shared/data/docs/list_amazonappintegrations.html @@ -231,6 +231,77 @@

+ + + + + + CreateDataIntegration + + + + Grants permissions to create a new DataIntegration + + + Write + + +

+ + data-integration* + +

+ + + + + + + + + + +

+ + aws:RequestTag/${TagKey} + +

+

+ + aws:TagKeys + +

+ + + + + + + + + + CreateDataIntegrationAssociation + + [permission only] + + + Grants permissions to create a DataIntegrationAssociation + + + Write + + +

+ + data-integration* + +

+ + + + + + @@ -292,8 +363,8 @@

- - event-integration-association* + + event-integration*

@@ -308,6 +379,72 @@

+ + + + + + DeleteDataIntegration + + + + Grants permissions to delete a DataIntegration + + + Write + + +

+ + data-integration* + +

+ + + + + + + + + + +

+ + aws:ResourceTag/${TagKey} + +

+ + + + + + + + + + DeleteDataIntegrationAssociation + + [permission only] + + + Grants permissions to delete a DataIntegrationAssociation + + + Write + + +

+ + data-integration-association* + +

+ + + + + + @@ -383,6 +520,45 @@

+ + + + + + GetDataIntegration + + + + Grants permissions to view details about DataIntegrations + + + Read + + +

+ + data-integration* + +

+ + + + + + + + + + +

+ + aws:ResourceTag/${TagKey} + +

+ + + + @@ -422,6 +598,48 @@

+ + + + + + ListDataIntegrationAssociations + + + + Grants permissions to list DataIntegrationAssociations + + + List + + + + + + + + + + + + + + ListDataIntegrations + + + + Grants permissions to list DataIntegrations + + + List + + + + + + + + @@ -465,19 +683,45 @@

- + ListTagsForResource - + Grants permission to lists tag for an Amazon AppIntegration resource - + Read + +

+ + data-integration + +

+ + + + + + + + +

+ + data-integration-association + +

+ + + + + + +

@@ -517,19 +761,45 @@

- + TagResource - + Grants permission to tag an Amazon AppIntegration resource - + Tagging + +

+ + data-integration + +

+ + + + + + + + +

+ + data-integration-association + +

+ + + + + + +

@@ -579,19 +849,45 @@

- + UntagResource - + Grants permissions to untag an Amazon AppIntegration resource - + Tagging + +

+ + data-integration + +

+ + + + + + + + +

+ + data-integration-association + +

+ + + + + + +

@@ -635,6 +931,45 @@

+ + + + + + UpdateDataIntegration + + + + Grants permissions to modify a DataIntegration + + + Write + + +

+ + data-integration* + +

+ + + + + + + + + + +

+ + aws:ResourceTag/${TagKey} + +

+ + + + @@ -792,6 +1127,84 @@

+ + + + + + data-integration + + + + + arn:$ + + { + + Partition}:app-integrations:$ + + { + + Region}:$ + + { + + Account}:data-integration/$ + + { + + DataIntegrationId} + + + +

+ + aws:ResourceTag/${TagKey} + +

+ + + + + + + + data-integration-association + + + + + arn:$ + + { + + Partition}:app-integrations:$ + + { + + Region}:$ + + { + + Account}:data-integration-association/$ + + { + + DataIntegrationId}/$ + + { + + ResourceId} + + + +

+ + aws:ResourceTag/${TagKey} + +

+ + diff --git a/policy_sentry/shared/data/docs/list_amazonappstream2.0.html b/policy_sentry/shared/data/docs/list_amazonappstream2.0.html index e20eca518..e1470b369 100644 --- a/policy_sentry/shared/data/docs/list_amazonappstream2.0.html +++ b/policy_sentry/shared/data/docs/list_amazonappstream2.0.html @@ -680,6 +680,50 @@

+ + + + + + CreateUpdatedImage + + + + Grants permission to update an existing image within customer account + + + Write + + +

+ + image* + +

+ + + + + + + + + + +

+ + aws:ResourceTag/${TagKey} + +

+

+ + aws:TagKeys + +

+ + + + diff --git a/policy_sentry/shared/data/docs/list_amazonconnectcustomerprofiles.html b/policy_sentry/shared/data/docs/list_amazonconnectcustomerprofiles.html index 8c482478b..3cf8efcb7 100644 --- a/policy_sentry/shared/data/docs/list_amazonconnectcustomerprofiles.html +++ b/policy_sentry/shared/data/docs/list_amazonconnectcustomerprofiles.html @@ -1431,8 +1431,8 @@

- diff --git a/policy_sentry/shared/data/docs/list_amazonconnectvoiceid.html b/policy_sentry/shared/data/docs/list_amazonconnectvoiceid.html new file mode 100644 index 000000000..f41600d81 --- /dev/null +++ b/policy_sentry/shared/data/docs/list_amazonconnectvoiceid.html @@ -0,0 +1,1117 @@ + + + + + + Actions, resources, and condition keys for Amazon Connect Voice ID - Service Authorization Reference + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +
+ + +
+
+ +
+ + + Actions, resources, and condition keys for Amazon Connect Voice ID - Service Authorization Reference + + + + + + + + +
+ + +
+ + Actions + + + Resource types + + + Condition keys + +
+
+
+ + +

+ Actions, resources, and condition keys for Amazon Connect Voice ID +

+
+ + + + +
+

+ Amazon Connect Voice ID (service prefix: + + voiceid + + ) provides the following service-specific resources, actions, and condition context + keys for use in IAM permission policies. +

+

+ References: +

+
+ +
+ +

+ Actions defined by Amazon Connect Voice ID +

+

+ You can specify the following actions in the + + Action + + element of an IAM policy statement. Use policies to grant permissions to perform + an operation in AWS. When you use an action in a policy, you usually allow or + deny access to the API operation or CLI command with the same name. However, + in some cases, a single action controls access to more than one operation. Alternatively, + some operations require several different actions. +

+

+ The + + Resource types + + column indicates whether each action supports resource-level permissions. If + there is no value for this column, you must specify all resources ("*") in the + + Resource + + element of your policy statement. If the column includes a resource type, then + you can specify an ARN of that type in a statement with that action. Required + resources are indicated in the table with an asterisk (*). If you specify a resource-level + permission ARN in a statement using this action, then it must be of this type. + Some actions support multiple resource types. If the resource type is optional (not + indicated as required), then you can choose to use one but not the other. +

+

+ For details about the columns in the following table, see + + The actions table + + . +

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Actions + + Description + + Access level + + Resource types (*required) + + Condition keys + + Dependent actions +
+ + + + CreateDomain + + + Grants permission to create a domain + + Write + + +

+ + aws:RequestTag/${TagKey} + +

+

+ + aws:TagKeys + +

+ 		+
+ + + + DeleteDomain + + + Grants permission to delete a domain + + Write + +

+ + domain* + +

+ 		+ +
+ + + + DeleteFraudster + + + Grants permission to delete a fraudster + + Write + +

+ + domain* + +

+ 		+ +
+ + + + DeleteSpeaker + + + Grants permission to delete a speaker + + Write + +

+ + domain* + +

+ 		+ +
+ + + + DescribeComplianceConsent + + [permission only] + + Grants permission to describe compliance consent + + Read + + + +
+ + + + DescribeDomain + + + Grants permission to describe a domain + + Read + +

+ + domain* + +

+ 		+ +
+ + + + DescribeFraudster + + + Grants permission to describe a fraudster + + Read + +

+ + domain* + +

+ 		+ +
+ + + + DescribeFraudsterRegistrationJob + + + Grants permission to describe a fraudster registration job + + Read + +

+ + domain* + +

+ 		+ +
+ + + + DescribeSpeaker + + + Grants permission to describe a speaker + + Read + +

+ + domain* + +

+ 		+ +
+ + + + DescribeSpeakerEnrollmentJob + + + Grants permission to describe a speaker enrollment job + + Read + +

+ + domain* + +

+ 		+ +
+ + + + EvaluateSession + + + Grants permission to evaluate a session + + Write + +

+ + domain* + +

+ 		+ +
+ + + + ListDomains + + + Grants permission to list domains for an account + + List + + + +
+ + + + ListFraudsterRegistrationJobs + + + Grants permission to list fraudster registration jobs for a domain + + List + +

+ + domain* + +

+ 		+ +
+ + + + ListSpeakerEnrollmentJobs + + + Grants permission to list speaker enrollment jobs for a domain + + List + +

+ + domain* + +

+ 		+ +
+ + + + ListSpeakers + + + Grants permission to list speakers for a domain + + List + +

+ + domain* + +

+ 		+ +
+ + + + ListTagsForResource + + + Grants permission to list tags for a Voice ID resource + + Read + +

+ + domain + +

+ 		+ +
+ + + + OptOutSpeaker + + + Grants permission to opt out a speaker + + Write + +

+ + domain* + +

+ 		+ +
+ + + + RegisterComplianceConsent + + [permission only] + + Grants permission to register compliance consent + + Write + + + +
+ + + + StartFraudsterRegistrationJob + + + Grants permission to start a fraudster registration job + + Write + +

+ + domain* + +

+ 		+ +
+ + + + StartSpeakerEnrollmentJob + + + Grants permission to start a speaker enrollment job + + Write + +

+ + domain* + +

+ 		+ +
+ + + + TagResource + + + Grants permission to tag a Voice ID resource + + Tagging + +

+ + domain + +

+ 		+ +
+ +

+ + aws:RequestTag/${TagKey} + +

+

+ + aws:TagKeys + +

+ 		+
+ + + + UntagResource + + + Grants permission to remove a tag from a Voice ID resource + + Tagging + +

+ + domain + +

+ 		+ +
+ +

+ + aws:TagKeys + +

+ 		+
+ + + + UpdateDomain + + + Grants permission to update a domain + + Write + +

+ + domain* + +

+ 		+ +
+
+
+

+ Resource types defined by Amazon Connect Voice ID +

+

+ The following resource types are defined by this service and can be used in the + + Resource + + element of IAM permission policy statements. Each action in the + + Actions table + + identifies the resource types that can be specified with that action. A resource + type can also define which condition keys you can include in a policy. These + keys are displayed in the last column of the table. For details about the columns + in the following table, see + + The resource types table + + . +

+
+
+ + + + + + + + + + + + + +
+ Resource types + + ARN + + Condition keys +
+ + + + domain + + + + arn:$ + + { + + Partition}:voiceid:$ + + { + + Region}:$ + + { + + Account}:domain/$ + + { + + DomainId} + + +

+ + aws:ResourceTag/${TagKey} + +

+
+
+
+

+ Condition keys for Amazon Connect Voice ID +

+

+ Amazon Connect Voice ID defines the following condition keys that can be used in the + + Condition + + element of an IAM policy. You can use these keys to further refine the conditions + under which the policy statement applies. For details about the columns in the + following table, see + + The condition keys table + + . +

+

+ To view the global condition keys that are available to all services, see + + Available global condition keys + + . +

+
+
+ + + + + + + + + + + + + + + + + + + + + + + +
+ Condition keys + + Description + + Type +
+ + + + aws:RequestTag/${TagKey} + + + Filters access by tags that are passed in the request + + String +
+ + + + aws:ResourceTag/${TagKey} + + + Filters access by tags associated with the resource + + String +
+ + + + aws:TagKeys + + + Filters access by tag keys that are passed in the request + + String +
+
+
+ + + + +
+ + + + +
+ + +
+ +
+ +
+ + +
+
+
+ + +
+ + + +
+ + \ No newline at end of file diff --git a/policy_sentry/shared/data/docs/list_amazonconnectwisdom.html b/policy_sentry/shared/data/docs/list_amazonconnectwisdom.html new file mode 100644 index 000000000..b07eb7677 --- /dev/null +++ b/policy_sentry/shared/data/docs/list_amazonconnectwisdom.html @@ -0,0 +1,1611 @@ + + + + + + Actions, resources, and condition keys for Amazon Connect Wisdom - Service Authorization Reference + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +
+ + +
+
+ +
+ + + Actions, resources, and condition keys for Amazon Connect Wisdom - Service Authorization Reference + + + + + + + + +
+
+ + +
+ +
+ + Actions + + + Resource types + + + Condition keys + +
+
+
+ + +

+ Actions, resources, and condition keys for Amazon Connect Wisdom +

+
+ + + + +
+

+ Amazon Connect Wisdom (service prefix: + + wisdom + + ) provides the following service-specific resources, actions, and condition context + keys for use in IAM permission policies. +

+

+ References: +

+
+ +
+ +

+ Actions defined by Amazon Connect Wisdom +

+

+ You can specify the following actions in the + + Action + + element of an IAM policy statement. Use policies to grant permissions to perform + an operation in AWS. When you use an action in a policy, you usually allow or + deny access to the API operation or CLI command with the same name. However, + in some cases, a single action controls access to more than one operation. Alternatively, + some operations require several different actions. +

+

+ The + + Resource types + + column indicates whether each action supports resource-level permissions. If + there is no value for this column, you must specify all resources ("*") in the + + Resource + + element of your policy statement. If the column includes a resource type, then + you can specify an ARN of that type in a statement with that action. Required + resources are indicated in the table with an asterisk (*). If you specify a resource-level + permission ARN in a statement using this action, then it must be of this type. + Some actions support multiple resource types. If the resource type is optional (not + indicated as required), then you can choose to use one but not the other. +

+

+ For details about the columns in the following table, see + + The actions table + + . +

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Actions + + Description + + Access level + + Resource types (*required) + + Condition keys + + Dependent actions +
+ + + + CreateAssistant + + + Grants permission to create an assistant + + Write + + +

+ + aws:TagKeys + +

+

+ + aws:RequestTag/${TagKey} + +

+ 		+
+ + + + CreateAssistantAssociation + + + Grants permission to create an association between an assistant and another resource + + Write + +

+ + Assistant* + +

+ 		+ +
+ +

+ + aws:TagKeys + +

+

+ + aws:RequestTag/${TagKey} + +

+ 		+
+ + + + CreateContent + + + Grants permission to create content + + Write + +

+ + KnowledgeBase* + +

+ 		+ +
+ +

+ + aws:TagKeys + +

+

+ + aws:RequestTag/${TagKey} + +

+ 		+
+ + + + CreateKnowledgeBase + + + Grants permission to create a knowledge base + + Write + + +

+ + aws:TagKeys + +

+

+ + aws:RequestTag/${TagKey} + +

+ 		+
+ + + + CreateSession + + + Grants permission to create a session + + Write + +

+ + Assistant* + +

+ 		+ +
+ +

+ + aws:TagKeys + +

+

+ + aws:RequestTag/${TagKey} + +

+ 		+
+ + + + DeleteAssistant + + + Grants permission to delete an assistant + + Write + +

+ + Assistant* + +

+ 		+ +
+ + + + DeleteAssistantAssociation + + + Grants permission to delete an assistant association + + Write + +

+ + Assistant* + +

+ 		+ +
+

+ + AssistantAssociation* + +

+ 		+ +
+ + + + DeleteContent + + + Grants permission to delete content + + Write + +

+ + Content* + +

+ 		+ +
+

+ + KnowledgeBase* + +

+ 		+ +
+ + + + DeleteKnowledgeBase + + + Grants permission to delete a knowledge base + + Write + +

+ + KnowledgeBase* + +

+ 		+ +
+ + + + GetAssistant + + + Grants permission to retrieve information about an assistant + + Read + +

+ + Assistant* + +

+ 		+ +
+ + + + GetAssistantAssociation + + + Grants permission to retrieve information about an assistant association + + Read + +

+ + Assistant* + +

+ 		+ +
+

+ + AssistantAssociation* + +

+ 		+ +
+ + + + GetContent + + + Grants permission to retrieve content, including a pre-signed URL to download the + content + + Read + +

+ + Content* + +

+ 		+ +
+

+ + KnowledgeBase* + +

+ 		+ +
+ + + + GetContentSummary + + + Grants permission to retrieve summary information about the content + + Read + +

+ + Content* + +

+ 		+ +
+

+ + KnowledgeBase* + +

+ 		+ +
+ + + + GetKnowledgeBase + + + Grants permission to retrieve information about the knowledge base + + Read + +

+ + KnowledgeBase* + +

+ 		+ +
+ + + + GetRecommendations + + + Grants permission to retrieve recommendations for the specified session + + Read + +

+ + Assistant* + +

+ 		+ +
+ + + + GetSession + + + Grants permission to retrieve information for a specified session + + Read + +

+ + Assistant* + +

+ 		+ +
+

+ + Session* + +

+ 		+ +
+ + + + ListAssistantAssociations + + + Grants permission to list information about assistant associations + + List + +

+ + Assistant* + +

+ 		+ +
+ + + + ListAssistants + + + Grants permission to list information about assistants + + List + + + +
+ + + + ListContents + + + Grants permission to list the content with a knowledge base + + List + +

+ + KnowledgeBase* + +

+ 		+ +
+ + + + ListKnowledgeBases + + + Grants permission to list information about knowledge bases + + List + + + +
+ + + + ListTagsForResource + + + Grants permission to list the tags for the specified resource + + Read + + + +
+ + + + NotifyRecommendationsReceived + + + Grants permission to remove the specified recommendations from the specified assistant's + queue of newly available recommendations + + Write + +

+ + Assistant* + +

+ 		+ +
+ + + + QueryAssistant + + + Grants permission to perform a manual search against the specified assistant + + Read + +

+ + Assistant* + +

+ 		+ +
+ + + + RemoveKnowledgeBaseTemplateUri + + + Grants permission to remove a URI template from a knowledge base + + Write + +

+ + KnowledgeBase* + +

+ 		+ +
+ + + + SearchContent + + + Grants permission to search for content referencing a specified knowledge base. Can + be used to get a specific content resource by its name + + Read + +

+ + KnowledgeBase* + +

+ 		+ +
+ + + + SearchSessions + + + Grants permission to search for sessions referencing a specified assistant. Can be + used to et a specific session resource by its name + + Read + +

+ + Assistant* + +

+ 		+ +
+ + + + StartContentUpload + + + Grants permission to get a URL to upload content to a knowledge base + + Write + +

+ + KnowledgeBase* + +

+ 		+ +
+ + + + TagResource + + + Grants permission to add the specified tags to the specified resource + + Tagging + + +

+ + aws:TagKeys + +

+

+ + aws:RequestTag/${TagKey} + +

+ 		+
+ + + + UntagResource + + + Grants permission to remove the specified tags from the specified resource + + Tagging + + +

+ + aws:TagKeys + +

+ 		+
+ + + + UpdateContent + + + Grants permission to update information about the content + + Write + +

+ + Content* + +

+ 		+ +
+

+ + KnowledgeBase* + +

+ 		+ +
+ + + + UpdateKnowledgeBaseTemplateUri + + + Grants permission to update the template URI of a knowledge base + + Write + +

+ + KnowledgeBase* + +

+ 		+ +
+
+
+

+ Resource types defined by Amazon Connect Wisdom +

+

+ The following resource types are defined by this service and can be used in the + + Resource + + element of IAM permission policy statements. Each action in the + + Actions table + + identifies the resource types that can be specified with that action. A resource + type can also define which condition keys you can include in a policy. These + keys are displayed in the last column of the table. For details about the columns + in the following table, see + + The resource types table + + . +

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Resource types + + ARN + + Condition keys +
+ + + + Assistant + + + + arn:$ + + { + + Partition}:wisdom:$ + + { + + Region}:$ + + { + + Account}:assistant/$ + + { + + AssistantId} + + +

+ + aws:ResourceTag/${TagKey} + +

+
+ + + + AssistantAssociation + + + + arn:$ + + { + + Partition}:wisdom:$ + + { + + Region}:$ + + { + + Account}:association/$ + + { + + AssistantId}/$ + + { + + AssistantAssociationId} + + +

+ + aws:ResourceTag/${TagKey} + +

+
+ + + + Content + + + + arn:$ + + { + + Partition}:wisdom:$ + + { + + Region}:$ + + { + + Account}:content/$ + + { + + KnowledgeBaseId}/$ + + { + + ContentId} + + +

+ + aws:ResourceTag/${TagKey} + +

+
+ + + + KnowledgeBase + + + + arn:$ + + { + + Partition}:wisdom:$ + + { + + Region}:$ + + { + + Account}:knowledge-base/$ + + { + + KnowledgeBaseId} + + +

+ + aws:ResourceTag/${TagKey} + +

+
+ + + + Session + + + + arn:$ + + { + + Partition}:wisdom:$ + + { + + Region}:$ + + { + + Account}:session/$ + + { + + AssistantId}/$ + + { + + SessionId} + + +

+ + aws:ResourceTag/${TagKey} + +

+
+
+
+

+ Condition keys for Amazon Connect Wisdom +

+

+ Amazon Connect Wisdom defines the following condition keys that can be used in the + + Condition + + element of an IAM policy. You can use these keys to further refine the conditions + under which the policy statement applies. For details about the columns in the + following table, see + + The condition keys table + + . +

+

+ To view the global condition keys that are available to all services, see + + Available global condition keys + + . +

+
+
+ + + + + + + + + + + + + + + + + + + + + + + +
+ Condition keys + + Description + + Type +
+ + + + aws:RequestTag/${TagKey} + + + Filters actions based on the tags that are passed in the request + + String +
+ + + + aws:ResourceTag/${TagKey} + + + Filters actions based on the tags associated with the resource + + String +
+ + + + aws:TagKeys + + + Filters actions based on the tag keys that are passed in the request + + String +
+
+
+ + + + +
+ + + + +
+ + +
+ +
+ +
+ + +
+
+
+ + +
+ + + +
+ + \ No newline at end of file diff --git a/policy_sentry/shared/data/docs/list_amazondatalifecyclemanager.html b/policy_sentry/shared/data/docs/list_amazondatalifecyclemanager.html index f9b30a6aa..0d6c27a5e 100644 --- a/policy_sentry/shared/data/docs/list_amazondatalifecyclemanager.html +++ b/policy_sentry/shared/data/docs/list_amazondatalifecyclemanager.html @@ -208,7 +208,7 @@

- +
@@ -467,7 +467,7 @@

- +
@@ -547,7 +547,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazondetective.html b/policy_sentry/shared/data/docs/list_amazondetective.html index 07d875d99..704a83adb 100644 --- a/policy_sentry/shared/data/docs/list_amazondetective.html +++ b/policy_sentry/shared/data/docs/list_amazondetective.html @@ -208,7 +208,7 @@

- +
@@ -794,7 +794,7 @@

- +
@@ -873,7 +873,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazondevopsguru.html b/policy_sentry/shared/data/docs/list_amazondevopsguru.html index fb3c1ee7d..78fd2d70a 100644 --- a/policy_sentry/shared/data/docs/list_amazondevopsguru.html +++ b/policy_sentry/shared/data/docs/list_amazondevopsguru.html @@ -208,7 +208,7 @@

- +
@@ -726,7 +726,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazondynamodb.html b/policy_sentry/shared/data/docs/list_amazondynamodb.html index 9c6372817..2383d9973 100644 --- a/policy_sentry/shared/data/docs/list_amazondynamodb.html +++ b/policy_sentry/shared/data/docs/list_amazondynamodb.html @@ -208,7 +208,7 @@

- +
@@ -2226,7 +2226,7 @@

- +
@@ -2495,7 +2495,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazondynamodbacceleratordax.html b/policy_sentry/shared/data/docs/list_amazondynamodbacceleratordax.html index 959f6b833..a5770ed59 100644 --- a/policy_sentry/shared/data/docs/list_amazondynamodbacceleratordax.html +++ b/policy_sentry/shared/data/docs/list_amazondynamodbacceleratordax.html @@ -208,7 +208,7 @@

- +
@@ -1074,7 +1074,7 @@

- +
@@ -1149,7 +1149,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonec2.html b/policy_sentry/shared/data/docs/list_amazonec2.html index 8989defd5..6f8467f0f 100644 --- a/policy_sentry/shared/data/docs/list_amazonec2.html +++ b/policy_sentry/shared/data/docs/list_amazonec2.html @@ -208,7 +208,7 @@

- +
@@ -2955,6 +2955,11 @@

aws:ResourceTag/${TagKey}

+

+ + ec2:CapacityReservationFleet + +

ec2:Region @@ -3470,6 +3475,11 @@

aws:TagKeys

+

+ + ec2:CapacityReservationFleet + +

ec2:Region @@ -23227,6 +23237,11 @@

ec2:Attribute/${AttributeName}

+

+ + ec2:CapacityReservationFleet + +

ec2:Region @@ -32058,7 +32073,7 @@

- +
@@ -36141,7 +36156,7 @@

- +
+ + + + +
@@ -36337,6 +36352,21 @@

String

+ + + + ec2:CapacityReservationFleet + + + Filters access by the ARN of the Capacity Reservation Fleet + + ARN +
diff --git a/policy_sentry/shared/data/docs/list_amazonec2autoscaling.html b/policy_sentry/shared/data/docs/list_amazonec2autoscaling.html index 83c2f0234..a790dff58 100644 --- a/policy_sentry/shared/data/docs/list_amazonec2autoscaling.html +++ b/policy_sentry/shared/data/docs/list_amazonec2autoscaling.html @@ -208,7 +208,7 @@

- +
@@ -2384,7 +2384,7 @@

- +
@@ -2508,7 +2508,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonec2imagebuilder.html b/policy_sentry/shared/data/docs/list_amazonec2imagebuilder.html index de7555f76..a88e00f45 100644 --- a/policy_sentry/shared/data/docs/list_amazonec2imagebuilder.html +++ b/policy_sentry/shared/data/docs/list_amazonec2imagebuilder.html @@ -208,7 +208,7 @@

- +
@@ -2135,7 +2135,7 @@

- +
@@ -2575,7 +2575,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonec2instanceconnect.html b/policy_sentry/shared/data/docs/list_amazonec2instanceconnect.html index 4f814375c..275388c9b 100644 --- a/policy_sentry/shared/data/docs/list_amazonec2instanceconnect.html +++ b/policy_sentry/shared/data/docs/list_amazonec2instanceconnect.html @@ -208,7 +208,7 @@

- +
@@ -324,7 +324,7 @@

- +
@@ -409,7 +409,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonelasticache.html b/policy_sentry/shared/data/docs/list_amazonelasticache.html index d5795b573..10db2a357 100644 --- a/policy_sentry/shared/data/docs/list_amazonelasticache.html +++ b/policy_sentry/shared/data/docs/list_amazonelasticache.html @@ -232,7 +232,7 @@

- +
@@ -3823,7 +3823,7 @@

- +
@@ -4249,7 +4249,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonelasticblockstore.html b/policy_sentry/shared/data/docs/list_amazonelasticblockstore.html index f60dc52ca..2e8298439 100644 --- a/policy_sentry/shared/data/docs/list_amazonelasticblockstore.html +++ b/policy_sentry/shared/data/docs/list_amazonelasticblockstore.html @@ -208,7 +208,7 @@

- +
@@ -241,7 +241,7 @@

Grants permission to seal and complete the snapshot after all of the required blocks - of data have been written to it. + of data have been written to it Write @@ -360,7 +360,7 @@

- Grants permission to list the blocks in an Amazon Elastic Block Store (EBS) snapshot. + Grants permission to list the blocks in an Amazon Elastic Block Store (EBS) snapshot Read @@ -400,7 +400,7 @@

Grants permission to write a block of data to a snapshot created by the StartSnapshot - operation. + operation Write @@ -439,7 +439,7 @@

- Grants permission to create a new EBS snapshot. + Grants permission to create a new EBS snapshot Write @@ -520,7 +520,7 @@

- +
@@ -621,7 +621,7 @@

- +
@@ -683,7 +683,7 @@

ebs:Description

- Filters access by the description of the snapshot being created. + Filters access by the description of the snapshot being created String @@ -696,7 +696,7 @@

ebs:ParentSnapshot

- Filters access by the ID of the parent snapshot. + Filters access by the ID of the parent snapshot String @@ -709,7 +709,7 @@

ebs:VolumeSize

- Filters access by the size of the volume for the snapshot being created, in GiB. + Filters access by the size of the volume for the snapshot being created, in GiB Numeric diff --git a/policy_sentry/shared/data/docs/list_amazonelasticcontainerregistry.html b/policy_sentry/shared/data/docs/list_amazonelasticcontainerregistry.html index 85a3523e6..5e4ab3afb 100644 --- a/policy_sentry/shared/data/docs/list_amazonelasticcontainerregistry.html +++ b/policy_sentry/shared/data/docs/list_amazonelasticcontainerregistry.html @@ -208,7 +208,7 @@

- +
+ + + + + + + +
@@ -481,6 +481,33 @@

+ + + + DescribeImageReplicationStatus + + + Grants permission to retrieve replication status about an image in a registry, including + failure reason if replication fails + + Read + +

+ + repository* + +

+ 		+ +
@@ -520,7 +547,7 @@

size, image tags, and creation date

- Read + List

@@ -567,7 +594,7 @@

Grants permission to describe image repositories in a registry

- List + Read

@@ -793,7 +820,7 @@

Grants permission to list the tags for an Amazon ECR resource

- List + Read

@@ -1180,7 +1207,7 @@

- +
@@ -1265,7 +1292,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonelasticcontainerregistrypublic.html b/policy_sentry/shared/data/docs/list_amazonelasticcontainerregistrypublic.html index bdac7c7d7..5851db424 100644 --- a/policy_sentry/shared/data/docs/list_amazonelasticcontainerregistrypublic.html +++ b/policy_sentry/shared/data/docs/list_amazonelasticcontainerregistrypublic.html @@ -209,7 +209,7 @@

- +
@@ -910,7 +910,7 @@

- +
@@ -1019,7 +1019,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonelasticcontainerservice.html b/policy_sentry/shared/data/docs/list_amazonelasticcontainerservice.html index aafc9c121..9dbc8217a 100644 --- a/policy_sentry/shared/data/docs/list_amazonelasticcontainerservice.html +++ b/policy_sentry/shared/data/docs/list_amazonelasticcontainerservice.html @@ -208,7 +208,7 @@

- +
@@ -2266,7 +2266,7 @@

- +
@@ -2615,7 +2615,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonelasticfilesystem.html b/policy_sentry/shared/data/docs/list_amazonelasticfilesystem.html index 9e20625d1..f7e286d22 100644 --- a/policy_sentry/shared/data/docs/list_amazonelasticfilesystem.html +++ b/policy_sentry/shared/data/docs/list_amazonelasticfilesystem.html @@ -208,7 +208,7 @@

- +
@@ -1246,7 +1246,7 @@

- +
@@ -1363,7 +1363,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonelasticinference.html b/policy_sentry/shared/data/docs/list_amazonelasticinference.html index befbc2172..580fe5039 100644 --- a/policy_sentry/shared/data/docs/list_amazonelasticinference.html +++ b/policy_sentry/shared/data/docs/list_amazonelasticinference.html @@ -208,7 +208,7 @@

- +
@@ -399,7 +399,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonelastickubernetesservice.html b/policy_sentry/shared/data/docs/list_amazonelastickubernetesservice.html index cb5d46645..b5c3083d7 100644 --- a/policy_sentry/shared/data/docs/list_amazonelastickubernetesservice.html +++ b/policy_sentry/shared/data/docs/list_amazonelastickubernetesservice.html @@ -208,7 +208,7 @@

- +
@@ -1445,7 +1445,7 @@

- +
@@ -1709,7 +1709,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonelasticmapreduce.html b/policy_sentry/shared/data/docs/list_amazonelasticmapreduce.html index b7063c83e..f4af10eb7 100644 --- a/policy_sentry/shared/data/docs/list_amazonelasticmapreduce.html +++ b/policy_sentry/shared/data/docs/list_amazonelasticmapreduce.html @@ -224,7 +224,7 @@

- +
@@ -1955,7 +1955,7 @@

- +
@@ -2166,7 +2166,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonelastictranscoder.html b/policy_sentry/shared/data/docs/list_amazonelastictranscoder.html index a9f1496a6..3008f0311 100644 --- a/policy_sentry/shared/data/docs/list_amazonelastictranscoder.html +++ b/policy_sentry/shared/data/docs/list_amazonelastictranscoder.html @@ -208,7 +208,7 @@

- +
@@ -695,7 +695,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonemroneksemrcontainers.html b/policy_sentry/shared/data/docs/list_amazonemroneksemrcontainers.html index 00d117d66..9cc0b4794 100644 --- a/policy_sentry/shared/data/docs/list_amazonemroneksemrcontainers.html +++ b/policy_sentry/shared/data/docs/list_amazonemroneksemrcontainers.html @@ -208,7 +208,7 @@

- +
@@ -802,7 +802,7 @@

- +
@@ -962,7 +962,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazoneventbridge.html b/policy_sentry/shared/data/docs/list_amazoneventbridge.html index 1fad96f5e..b6b5df44e 100644 --- a/policy_sentry/shared/data/docs/list_amazoneventbridge.html +++ b/policy_sentry/shared/data/docs/list_amazoneventbridge.html @@ -208,7 +208,7 @@

- +
@@ -1862,7 +1862,7 @@

- +
@@ -2138,7 +2138,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazoneventbridgeschemas.html b/policy_sentry/shared/data/docs/list_amazoneventbridgeschemas.html index 9532613ca..efb9689fe 100644 --- a/policy_sentry/shared/data/docs/list_amazoneventbridgeschemas.html +++ b/policy_sentry/shared/data/docs/list_amazoneventbridgeschemas.html @@ -208,7 +208,7 @@

- +
@@ -1184,7 +1184,7 @@

- +
@@ -1342,7 +1342,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonfinspace.html b/policy_sentry/shared/data/docs/list_amazonfinspace.html index 2ece43b46..f5460eb70 100644 --- a/policy_sentry/shared/data/docs/list_amazonfinspace.html +++ b/policy_sentry/shared/data/docs/list_amazonfinspace.html @@ -208,7 +208,7 @@

- +
@@ -679,7 +679,7 @@

- +
@@ -795,7 +795,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonforecast.html b/policy_sentry/shared/data/docs/list_amazonforecast.html index 6a2329082..f61894530 100644 --- a/policy_sentry/shared/data/docs/list_amazonforecast.html +++ b/policy_sentry/shared/data/docs/list_amazonforecast.html @@ -199,7 +199,7 @@

- +
@@ -1701,7 +1701,7 @@

- +
@@ -2026,7 +2026,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonfrauddetector.html b/policy_sentry/shared/data/docs/list_amazonfrauddetector.html index d603105e0..8b8d414e2 100644 --- a/policy_sentry/shared/data/docs/list_amazonfrauddetector.html +++ b/policy_sentry/shared/data/docs/list_amazonfrauddetector.html @@ -208,7 +208,7 @@

- +
@@ -2573,7 +2573,7 @@

- +
@@ -3059,7 +3059,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonfreertos.html b/policy_sentry/shared/data/docs/list_amazonfreertos.html index 3acdb4d4c..dc56821e6 100644 --- a/policy_sentry/shared/data/docs/list_amazonfreertos.html +++ b/policy_sentry/shared/data/docs/list_amazonfreertos.html @@ -208,7 +208,7 @@

- +
@@ -526,7 +526,7 @@

- +
@@ -605,7 +605,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonfsx.html b/policy_sentry/shared/data/docs/list_amazonfsx.html index 6ce1dc24e..5edc769cb 100644 --- a/policy_sentry/shared/data/docs/list_amazonfsx.html +++ b/policy_sentry/shared/data/docs/list_amazonfsx.html @@ -208,7 +208,7 @@

- +
@@ -1625,7 +1625,7 @@

- +
@@ -1860,7 +1860,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazongamelift.html b/policy_sentry/shared/data/docs/list_amazongamelift.html index 94ba1a4d8..990128b54 100644 --- a/policy_sentry/shared/data/docs/list_amazongamelift.html +++ b/policy_sentry/shared/data/docs/list_amazongamelift.html @@ -208,7 +208,7 @@

- +
@@ -2916,7 +2916,7 @@

- +
@@ -3250,7 +3250,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonglacier.html b/policy_sentry/shared/data/docs/list_amazonglacier.html index 54e8f29fc..08dd15730 100644 --- a/policy_sentry/shared/data/docs/list_amazonglacier.html +++ b/policy_sentry/shared/data/docs/list_amazonglacier.html @@ -208,7 +208,7 @@

- +
@@ -1117,7 +1117,7 @@

- +
@@ -1191,7 +1191,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazongroundtruthlabeling.html b/policy_sentry/shared/data/docs/list_amazongroundtruthlabeling.html index 0fd8a550b..c888a9f8f 100644 --- a/policy_sentry/shared/data/docs/list_amazongroundtruthlabeling.html +++ b/policy_sentry/shared/data/docs/list_amazongroundtruthlabeling.html @@ -208,7 +208,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonguardduty.html b/policy_sentry/shared/data/docs/list_amazonguardduty.html index eb33d058c..dc9460f3b 100644 --- a/policy_sentry/shared/data/docs/list_amazonguardduty.html +++ b/policy_sentry/shared/data/docs/list_amazonguardduty.html @@ -208,7 +208,7 @@

- +
@@ -1794,7 +1794,7 @@

- +
@@ -2032,7 +2032,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonhealthlake.html b/policy_sentry/shared/data/docs/list_amazonhealthlake.html index 0a889e3d7..761b96e9c 100644 --- a/policy_sentry/shared/data/docs/list_amazonhealthlake.html +++ b/policy_sentry/shared/data/docs/list_amazonhealthlake.html @@ -208,7 +208,7 @@

- +
@@ -818,7 +818,7 @@

- +
@@ -897,7 +897,7 @@

- +
@@ -994,8 +994,8 @@

- diff --git a/policy_sentry/shared/data/docs/list_amazonhoneycode.html b/policy_sentry/shared/data/docs/list_amazonhoneycode.html index 55dabeb79..47128026a 100644 --- a/policy_sentry/shared/data/docs/list_amazonhoneycode.html +++ b/policy_sentry/shared/data/docs/list_amazonhoneycode.html @@ -208,7 +208,7 @@

- +
@@ -881,7 +881,7 @@

- +
@@ -1097,8 +1097,8 @@

-