diff --git a/policy_sentry/shared/data/docs/list_amazonappintegrations.html b/policy_sentry/shared/data/docs/list_amazonappintegrations.html index 5ea0fa8d..26d1b16c 100644 --- a/policy_sentry/shared/data/docs/list_amazonappintegrations.html +++ b/policy_sentry/shared/data/docs/list_amazonappintegrations.html @@ -384,6 +384,49 @@
+ + + + CreateApplicationAssociation + + [permission only] + + + Grants permission to create an ApplicationAssociation + + + Write + + +

+ + application* + +

+ + + + + + + + + + +

+ + aws:RequestTag/${TagKey} + +

+

+ + aws:TagKeys + +

+ + + + @@ -614,6 +657,68 @@
+ + + + DeleteApplication + + + + Grants permission to delete an Application + + + Write + + +

+ + application* + +

+ + + + + + + + + + +

+ + aws:ResourceTag/${TagKey} + +

+ + + + + + + + DeleteApplicationAssociation + + [permission only] + + + Grants permission to delete an ApplicationAssociation + + + Write + + +

+ + application-association* + +

+ + + + + + @@ -879,6 +984,25 @@
+ + + + ListApplicationAssociations + + + + Grants permission to list ApplicationAssociations + + + List + + + + + + + + @@ -1064,15 +1188,15 @@
- + TagResource - + Grants permission to tag an Amazon AppIntegration resource - + Tagging @@ -1087,6 +1211,19 @@
+ + +

+ + application-association + +

+ + + + + +

@@ -1163,15 +1300,15 @@

- + UntagResource - + Grants permission to untag an Amazon AppIntegration resource - + Tagging @@ -1186,6 +1323,19 @@
+ + +

+ + application-association + +

+ + + + + +

@@ -1554,7 +1704,7 @@

- + application @@ -1587,6 +1737,45 @@

+ + + + application-association + + + + + arn:$ + + { + + Partition}:app-integrations:$ + + { + + Region}:$ + + { + + Account}:application-association/$ + + { + + ApplicationId}/$ + + { + + ApplicationAssociationId} + + + +

+ + aws:ResourceTag/${TagKey} + +

+ + diff --git a/policy_sentry/shared/data/docs/list_amazonathena.html b/policy_sentry/shared/data/docs/list_amazonathena.html index 0cd65687..8214ab1b 100644 --- a/policy_sentry/shared/data/docs/list_amazonathena.html +++ b/policy_sentry/shared/data/docs/list_amazonathena.html @@ -429,6 +429,30 @@

+ + + + CancelQueryExecution + + + + Grants permission to cancel query execution. Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use StopQueryExecution otherwise + + + Write + + +

+ + workgroup* + +

+ + + + + + @@ -939,6 +963,25 @@
+ + + + GetCatalogs + + + + Grants permission to enable access to databases and tables. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 + + + Read + + + + + + + + @@ -987,6 +1030,44 @@
+ + + + GetExecutionEngine + + + + Grants permission to enable access to the specified database and table. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 + + + Read + + + + + + + + + + + + GetExecutionEngines + + + + Grants permission to enable access to databases and tables. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 + + + Read + + + + + + + + @@ -1011,6 +1092,44 @@
+ + + + GetNamespace + + + + Grants permission to enable access to the specified database and table. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 + + + Read + + + + + + + + + + + + GetNamespaces + + + + Grants permission to enable access to databases and tables. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 + + + Read + + + + + + + + @@ -1083,6 +1202,25 @@
+ + + + GetQueryExecutions + + + + Grants permission to get query executions. Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use ListQueryExecutions otherwise + + + Read + + + + + + + + @@ -1203,6 +1341,25 @@
+ + + + GetTable + + + + Grants permission to enable access to the specified table. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 + + + Read + + + + + + + + @@ -1227,6 +1384,25 @@
+ + + + GetTables + + + + Grants permission to enable access to tables. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0 + + + Read + + + + + + + + @@ -1692,6 +1868,25 @@
+ + + + RunQuery + + + + Grants permission to run a query. Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use StartQueryExecution otherwise + + + Write + + + + + + + + diff --git a/policy_sentry/shared/data/docs/list_amazonbedrock.html b/policy_sentry/shared/data/docs/list_amazonbedrock.html index 0f3219e1..9571fb2c 100644 --- a/policy_sentry/shared/data/docs/list_amazonbedrock.html +++ b/policy_sentry/shared/data/docs/list_amazonbedrock.html @@ -310,7 +310,7 @@

- +
@@ -397,7 +397,7 @@
@@ -410,20 +410,30 @@
- - - - + + + + + - - - - - @@ -530,13 +552,13 @@
- - - - @@ -573,19 +605,17 @@
- - - - - - - - - - @@ -707,40 +726,39 @@
- - - - - - @@ -750,40 +768,52 @@
- + + - - - @@ -793,21 +823,10 @@
- - - @@ -817,29 +836,34 @@
+ - - - - - - - - - - - - - @@ -963,21 +974,21 @@
- @@ -987,23 +998,18 @@
- @@ -1011,21 +1017,21 @@
- @@ -1035,18 +1041,23 @@
- @@ -1054,23 +1065,18 @@
- @@ -1078,21 +1084,21 @@
- @@ -1102,21 +1108,21 @@
- - - @@ -1126,18 +1132,12 @@
- - - @@ -1145,21 +1145,21 @@
- @@ -1169,18 +1169,23 @@
- @@ -1188,13 +1193,13 @@
- - @@ -1238,8 +1243,8 @@
@@ -1249,21 +1254,21 @@
- - - @@ -1273,10 +1278,21 @@
+ + + @@ -1286,21 +1302,21 @@
- @@ -1310,21 +1326,21 @@
- @@ -1334,23 +1350,18 @@
- @@ -1358,21 +1369,21 @@
- @@ -1382,18 +1393,23 @@
- @@ -1401,18 +1417,23 @@
- @@ -1420,21 +1441,21 @@
- @@ -1444,18 +1465,23 @@
- @@ -1463,16 +1489,40 @@
- + + + + + + + + @@ -1482,21 +1532,21 @@
- @@ -1506,16 +1556,16 @@
- @@ -1525,18 +1575,23 @@
- @@ -1544,40 +1599,71 @@
- + + + + + - + + + + + @@ -1589,8 +1675,8 @@
@@ -1602,8 +1688,8 @@
@@ -1613,18 +1699,23 @@
- @@ -1632,18 +1723,701 @@
- + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1651,18 +2425,25 @@
- + + @@ -1670,22 +2451,23 @@
- + + @@ -1695,45 +2477,52 @@
- + + + - - - - @@ -1743,17 +2532,19 @@
- - - + + @@ -1782,8 +2573,8 @@
@@ -1794,38 +2585,22 @@
- + - - - @@ -1837,8 +2612,8 @@
@@ -1875,7 +2650,7 @@
@@ -1899,7 +2674,7 @@
@@ -1923,7 +2698,7 @@
@@ -1947,7 +2722,7 @@
@@ -1984,7 +2759,7 @@
@@ -2007,8 +2782,32 @@
- + + + + + + + + @@ -2103,7 +2902,7 @@

-

@@ -335,7 +335,7 @@
- + AssociateAgentKnowledgeBase
- + CreateAgent +

+ + aws:RequestTag/${TagKey} + +

+

+ + aws:TagKeys + +

- + + CreateAgentActionGroup + Grants permission to create a new action group in an existing agent + Write @@ -439,15 +449,33 @@
- + + +

+ + aws:RequestTag/${TagKey} + +

+

+ + aws:TagKeys + +

+ 		+
+ CreateAgentAlias + Grants permission to create a new alias for an agent + Write @@ -463,32 +491,26 @@
- - CreateAgentDraftSnapshot - - - Grants permission to create a draft version snapshot for an agent - - Write

- - agent* + + aws:RequestTag/${TagKey} + +

+

+ + aws:TagKeys

-
- + CreateDataSource
+ - CreateKnowledgeBase + CreateGuardrail - Grants permission to create a knowledge base + Grants permission to create a new guardrail Write @@ -544,26 +566,36 @@
+

+ + aws:RequestTag/${TagKey} + +

+

+ + aws:TagKeys + +

- - CreateModelCustomizationJob + + + CreateGuardrailVersion - Grants permission to create a job for customizing the model with your custom training data + + Grants permission to create a new guardrail version + Write

- - custom-model* + + guardrail*

-

- - foundation-model* - -

+ 		+ + CreateKnowledgeBase + + Grants permission to create a knowledge base + Write
@@ -604,13 +634,13 @@
- - CreateProvisionedModelThroughput + + + CreateModelCustomizationJob - Grants permission to create a new provisioned model throughput + Grants permission to create a job for customizing the model with your custom training data Write @@ -659,15 +689,15 @@
- - DeleteCustomModel + + + CreateModelEvaluationJob - Grants permission to delete a custom model that you created earlier + + Grants permission to create a job for evaluation foundation models or custom models + Write @@ -683,21 +713,10 @@
- - DeleteDataSource - - - Grants permission to delete a data source - - Write -

- - knowledge-base* + + foundation-model*

- - DeleteFoundationModelAgreement - - - Grants permission to delete a foundation model agreement that you created earlier - - Write - +

+ + aws:RequestTag/${TagKey} + +

+

+ + aws:TagKeys + +

- - DeleteKnowledgeBase + + + CreateModelInvocationJob - Grants permission to delete a knowledge base + + Grants permission to create a new model invocation job + Write

- - knowledge-base* + + custom-model*

- - DeleteModelInvocationLoggingConfiguration - + +

+ + foundation-model* + +

- Grants permission to delete an existing Invocation logging configuration - Write
+

+ + aws:RequestTag/${TagKey} + +

+

+ + aws:TagKeys + +

- - DeleteProvisionedModelThroughput + + + CreateProvisionedModelThroughput - Grants permission to delete a provisioned model throughput that you created earlier + + Grants permission to create a new provisioned model throughput + Write

- - provisioned-model* + + custom-model*

- - DisassociateAgentKnowledgeBase - - - Grants permission to disassociate a knowledge base from the agent - - Write -

- - agent* + + foundation-model*

+

- - knowledge-base* + + aws:RequestTag/${TagKey} + +

+

+ + aws:TagKeys

-
- - GetAgent + + + DeleteAgent - Grants permission to retrieve an existing agent + Grants permission to delete an Agent that you created earlier - Read + Write

@@ -854,16 +878,16 @@

- - GetAgentActionGroup + + + DeleteAgentActionGroup - Grants permission to retrieve an existing action group + Grants permission to delete an actionGroup that you created earlier - Read + Write

@@ -878,16 +902,16 @@

- - GetAgentAlias + + + DeleteAgentAlias - Grants permission to retrieve an existing alias + Grants permission to delete an AgentAlias that you created earlier - Read + Write

@@ -902,16 +926,16 @@

- - GetAgentKnowledgeBase + + + DeleteAgentVersion - Grants permission to describe a knowledge base associated with an agent + + Grants permission to delete an Agent Version that you created earlier - Read + + Write

@@ -926,34 +950,21 @@

-

- - knowledge-base* - -

- 		- -
- - GetAgentVersion + + + DeleteCustomModel - Grants permission to retrieve an existing version of an agent + Grants permission to delete a custom model that you created earlier - Read + Write

- - agent* + + custom-model*

- - GetCustomModel + + + DeleteDataSource - Grants permission to get the properties associated with a Bedrock custom model that you have created + Grants permission to delete a data source - Read + Write

- - custom-model* + + knowledge-base*

- - GetDataSource + + + DeleteFoundationModelAgreement - Grants permission to retrieve an existing data source + Grants permission to delete a foundation model agreement that you created earlier - Read + Write -

- - knowledge-base* - -

- - GetFoundationModel + + + DeleteGuardrail - Grants permission to get the properties associated with a Bedrock foundation model + Grants permission to delete a guardrail or its version - Read + Write

- - foundation-model* + + guardrail*

- - GetFoundationModelAvailability + + + DeleteKnowledgeBase - Grants permission to get the availability of a foundation model + Grants permission to delete a knowledge base - Read + Write +

+ + knowledge-base* + +

- - GetIngestionJob + + + DeleteModelInvocationLoggingConfiguration - Grants permission to retrieve an existing ingestion job + Grants permission to delete an existing Invocation logging configuration - Read + Write -

- - knowledge-base* - -

- - GetKnowledgeBase + + + DeleteProvisionedModelThroughput - Grants permission to retrieve an existing knowledge base + Grants permission to delete a provisioned model throughput that you created earlier - Read + Write

- - knowledge-base* + + provisioned-model*

- - GetModelCustomizationJob + + + DisassociateAgentKnowledgeBase - Grants permission to get the properties associated with a model-customization job. Use this operation to get the status of a model-customization job + + Grants permission to disassociate a knowledge base from the agent - Read + + Write

- - model-customization-job* + + agent*

- - GetModelInvocationLoggingConfiguration - - - Grants permission to retrieve an existing Invocation logging configuration - - Read - +

+ + knowledge-base* + +

- - GetProvisionedModelThroughput + + + GetAgent - Grants permission to retrieve a provisioned model throughput + Grants permission to retrieve an existing agent Read

- - provisioned-model* + + agent*

- - GetUseCaseForModelAccess + + + GetAgentActionGroup - Grants permission to retrieve a use case for model access + Grants permission to retrieve an existing action group Read +

+ + agent* + +

- - InvokeAgent + + + GetAgentAlias - Grants permission to send user input (text-only) to the alias of an agent for Bedrock + Grants permission to retrieve an existing alias Read @@ -1212,21 +1217,21 @@
- - InvokeModel + + + GetAgentKnowledgeBase - Grants permission to invoke the specified Bedrock model to run inference using the input provided in the request body + Grants permission to describe a knowledge base associated with an agent Read

- - foundation-model* + + agent*

- - provisioned-model* + + knowledge-base*

- - InvokeModelWithResponseStream + + + GetAgentVersion - Grants permission to invoke the specified Bedrock model to run inference using the input provided in the request body with streaming response + + Grants permission to retrieve an existing version of an agent + Read

- - foundation-model* + + agent*

+ + GetCustomModel + + + Grants permission to get the properties associated with a Bedrock custom model that you have created + + Read +

- - provisioned-model* + + custom-model*

- - ListAgentActionGroups + + + GetDataSource - Grants permission to list action groups in an agent + Grants permission to retrieve an existing data source - List + Read

- - agent* + + knowledge-base*

- - ListAgentAliases + + + GetFoundationModel - Grants permission to list aliases for an agent + Grants permission to get the properties associated with a Bedrock foundation model - List + Read

- - agent* + + foundation-model*

- - ListAgentKnowledgeBases + + + GetFoundationModelAvailability - Grants permission to list knowledge bases associated with an agent + Grants permission to get the availability of a foundation model - List + Read -

- - agent* - -

+ - ListAgentVersions + GetGuardrail - Grants permission to list existing versions of an agent + Grants permission to retrieve a guardrail or its version - List + Read

- - agent* + + guardrail*

- - ListAgents + + + GetIngestionJob - Grants permission to list existing agents + Grants permission to retrieve an existing ingestion job - List + Read +

+ + knowledge-base* + +

- - ListCustomModels + + + GetKnowledgeBase - Grants permission to get a list of Bedrock custom models that you have created + Grants permission to retrieve an existing knowledge base - List + Read +

+ + knowledge-base* + +

- - ListDataSources + + + GetModelCustomizationJob - Grants permission to list existing data sources in an knowledge base + Grants permission to get the properties associated with a model-customization job. Use this operation to get the status of a model-customization job - List + Read

- - knowledge-base* + + model-customization-job*

- - ListFoundationModelAgreementOffers + + + GetModelEvaluationJob - Grants permission to get a list of foundation model agreement offers + Grants permission to get the properties associated with a model-evaluation job. Use this operation to get the status of a model-evaluation job - List + Read +

+ + model-evaluation-job* + +

- - ListFoundationModels + + + GetModelInvocationJob - Grants permission to list Bedrock foundation models that you can use + Grants permission to retrieve a model invocation job - List + Read + +

+ + model-invocation-job* + +

+ 		+ +
+ + GetModelInvocationLoggingConfiguration + + + Grants permission to retrieve an existing Invocation logging configuration + + Read
- - ListIngestionJobs + + + GetProvisionedModelThroughput - Grants permission to list ingestion jobs in a data source + Grants permission to retrieve a provisioned model throughput - List + Read

- - knowledge-base* + + provisioned-model*

- - ListKnowledgeBases + + + GetUseCaseForModelAccess - Grants permission to list existing knowledge bases + Grants permission to retrieve a use case for model access - List + Read
- - ListModelCustomizationJobs + + + InvokeAgent - Grants permission to get the list of model customization jobs that you have submitted + Grants permission to send user input (text-only) to the alias of an agent for Bedrock - List + Read +

+ + agent-alias* + +

- - ListProvisionedModelThroughputs + + + InvokeModel + Grants permission to invoke the specified Bedrock model to run inference using the input provided in the request body + + Read + - Grants permission to list provisioned model throughputs that you created earlier +

+ + foundation-model* + +

- List
+

+ + provisioned-model* + +

+
- - ListTagsForResource + +

+ + guardrail + +

+ 		+ +
+ + InvokeModelWithResponseStream - Grants permission to list tags for a Bedrock resource + Grants permission to invoke the specified Bedrock model to run inference using the input provided in the request body with streaming response Read

- - custom-model* + + foundation-model*

- - model-customization-job* + + provisioned-model*

- - provisioned-model* + + guardrail

- - PutFoundationModelEntitlement + + + ListAgentActionGroups - Grants permission to put entitlement to access a foundation model + Grants permission to list action groups in an agent - Write + List +

+ + agent* + +

- - PutModelInvocationLoggingConfiguration + + + ListAgentAliases + + + Grants permission to list aliases for an agent + + List + +

+ + agent* + +

+ 		+ +
+ + ListAgentKnowledgeBases + + + Grants permission to list knowledge bases associated with an agent + + List + +

+ + agent* + +

+ 		+ +
+ + ListAgentVersions - Grants permission to create an existing Invocation logging configuration + Grants permission to list existing versions of an agent + + List + +

+ + agent* + +

+ 		+ +
+ + ListAgents + + + Grants permission to list existing agents + + List + + + +
+ + ListCustomModels + + + Grants permission to get a list of Bedrock custom models that you have created + + List + + + +
+ + ListDataSources + + + Grants permission to list existing data sources in an knowledge base + + List + +

+ + knowledge-base* + +

+ 		+ +
+ + ListFoundationModelAgreementOffers + + + Grants permission to get a list of foundation model agreement offers + + List + + + +
+ + ListFoundationModels + + + Grants permission to list Bedrock foundation models that you can use + + List + + + +
+ + ListGuardrails + + + Grants permission to list guardrails or its versions + + List + +

+ + guardrail + +

+ 		+ +
+ + ListIngestionJobs + + + Grants permission to list ingestion jobs in a data source + + List + +

+ + knowledge-base* + +

+ 		+ +
+ + ListKnowledgeBases + + + Grants permission to list existing knowledge bases + + List + + + +
+ + ListModelCustomizationJobs + + + Grants permission to get the list of model customization jobs that you have submitted + + List + + + +
+ + ListModelEvaluationJobs + + + Grants permission to get the list of model evaluation jobs that you have submitted + + List + + + +
+ + ListModelInvocationJobs + + + Grants permission to list model invocation jobs that you created earlier + + List + + + +
+ + ListProvisionedModelThroughputs + + + Grants permission to list provisioned model throughputs that you created earlier + + List + + + +
+ + ListTagsForResource + + + Grants permission to list tags for a Bedrock resource + + Read + +

+ + agent* + +

+ 		+ +
+

+ + agent-alias* + +

+ 		+ +
+

+ + custom-model* + +

+ 		+ +
+

+ + guardrail* + +

+ 		+ +
+

+ + knowledge-base* + +

+ 		+ +
+

+ + model-customization-job* + +

+ 		+ +
+

+ + model-evaluation-job* + +

+ 		+ +
+

+ + model-invocation-job* + +

+ 		+ +
+

+ + provisioned-model* + +

+ 		+ +
+ + PrepareAgent + + + Grants permission to prepare an existing agent to receive runtime requests + + Write + +

+ + agent* + +

+ 		+ +
+ + PutFoundationModelEntitlement + + + Grants permission to put entitlement to access a foundation model + + Write + + + +
+ + PutModelInvocationLoggingConfiguration + + + Grants permission to create an existing Invocation logging configuration + + Write + + + +
+ + PutUseCaseForModelAccess + + + Grants permission to put a use case for model access + + Write + + + +
+ + Retrieve + + + Grants permission to retrieve ingested data from a knowledge base + + Read + +

+ + knowledge-base* + +

+ 		+ +
+ + RetrieveAndGenerate + + + Grants permission to send user input to perform retrieval and generation + + Write + + + +
+ + StartIngestionJob + + + Grants permission to start an ingestion job + + Write + +

+ + knowledge-base* + +

+ 		+ +
+ + StopModelCustomizationJob + + + Grants permission to stop a Bedrock model customization job while in progress + + Write + +

+ + model-customization-job* + +

+ 		+ +
+ + StopModelInvocationJob + + + Grants permission to stop a model invocation job that you started earlier + + Write + +

+ + model-invocation-job* + +

+ 		+ +
+ + TagResource + + + Grants permission to Tag a Bedrock resource + + Tagging + +

+ + agent + +

+ 		+ +
+

+ + agent-alias + +

+ 		+ +
+

+ + custom-model + +

+ 		- Write
+

+ + guardrail + +

- - PutUseCaseForModelAccess - + +

+ + knowledge-base + +

- Grants permission to put a use case for model access - Write
+

+ + model-customization-job + +

- - QueryKnowledgeBase - - [permission only] + +

+ + model-evaluation-job + +

- Grants permission to retrieve ingested data from a knowledge base. - Read

- - knowledge-base* + + model-invocation-job

- - StartIngestionJob - + +

+ + provisioned-model + +

- Grants permission to start an ingestion job - Write +

- - knowledge-base* + + aws:TagKeys + +

+

+ + aws:RequestTag/${TagKey}

-
- - StopModelCustomizationJob + + + UntagResource - Grants permission to stop a Bedrock model customization job while in progress + + Grants permission to Untag a Bedrock resource - Write + + Tagging

- - model-customization-job* + + agent

- - TagResource - + +

+ + agent-alias + +

- Grants permission to Tag a Bedrock resource + - Tagging +

@@ -1769,8 +2560,8 @@

- - model-customization-job + + guardrail

- - provisioned-model + + knowledge-base

- -

- - aws:TagKeys - -

- - aws:RequestTag/${TagKey} + + model-customization-job

+
- - UntagResource - - - Grants permission to Untag a Bedrock resource - - Tagging -

- - custom-model + + model-evaluation-job

- - model-customization-job + + model-invocation-job

- + UpdateAgent
- + UpdateAgentActionGroup
- + UpdateAgentAlias
- + UpdateAgentKnowledgeBase
- + UpdateDataSource
+ + UpdateGuardrail + + + Grants permission to update a guardrail + + Write + +

+ + guardrail* + +

+ 		+ +
+ UpdateKnowledgeBase
+
@@ -2310,6 +3114,11 @@

@@ -2340,6 +3149,116 @@

+ + + + + + + + + + + + + + +
@@ -2276,6 +3075,11 @@

+

+ + aws:ResourceTag/${TagKey} + +

+

+ + aws:ResourceTag/${TagKey} + +

+

+ + aws:ResourceTag/${TagKey} + +

+
+ + model-evaluation-job + + + + arn:$ + + { + + Partition}:bedrock:$ + + { + + Region}:$ + + { + + Account}:model-evaluation-job/$ + + { + + ResourceId} + + +

+ + aws:ResourceTag/${TagKey} + +

+
+ + model-invocation-job + + + + arn:$ + + { + + Partition}:bedrock:$ + + { + + Region}:$ + + { + + Account}:model-invocation-job/$ + + { + + JobIdentifier} + + +

+ + aws:ResourceTag/${TagKey} + +

+
+ + guardrail + + + + arn:$ + + { + + Partition}:bedrock:$ + + { + + Region}:$ + + { + + Account}:guardrail/$ + + { + + GuardrailId} + + +

+ + aws:ResourceTag/${TagKey} + +

@@ -2368,7 +3287,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonbraket.html b/policy_sentry/shared/data/docs/list_amazonbraket.html index 914b7031..11a9c9e0 100644 --- a/policy_sentry/shared/data/docs/list_amazonbraket.html +++ b/policy_sentry/shared/data/docs/list_amazonbraket.html @@ -310,7 +310,7 @@

- +
@@ -804,7 +804,7 @@

- +
@@ -914,7 +914,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonchime.html b/policy_sentry/shared/data/docs/list_amazonchime.html index 60e8f5ac..4c9fff07 100644 --- a/policy_sentry/shared/data/docs/list_amazonchime.html +++ b/policy_sentry/shared/data/docs/list_amazonchime.html @@ -310,7 +310,7 @@

- +
@@ -8994,7 +8994,7 @@

-

@@ -8962,7 +8962,7 @@
Grants permission to validate an address to be used for 911 calls made with Amazon Chime Voice Connectors
- Write + Read
+
@@ -9496,7 +9496,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazonclouddirectory.html b/policy_sentry/shared/data/docs/list_amazonclouddirectory.html index 96e869d3..7209b473 100644 --- a/policy_sentry/shared/data/docs/list_amazonclouddirectory.html +++ b/policy_sentry/shared/data/docs/list_amazonclouddirectory.html @@ -310,7 +310,7 @@

- +
@@ -2183,7 +2183,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazoncloudfront.html b/policy_sentry/shared/data/docs/list_amazoncloudfront.html index 8b3b53ee..9eed0e1b 100644 --- a/policy_sentry/shared/data/docs/list_amazoncloudfront.html +++ b/policy_sentry/shared/data/docs/list_amazoncloudfront.html @@ -310,7 +310,7 @@

- +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
@@ -591,6 +591,30 @@
+ + CreateKeyValueStore + + + Grants permission to create a CloudFront KeyValueStore + + Write + +

+ + key-value-store* + +

+ 		+ +
@@ -993,6 +1017,30 @@
+ + DeleteKeyValueStore + + + Grants permission to delete a CloudFront KeyValueStore + + Write + +

+ + key-value-store* + +

+ 		+ +
@@ -1175,6 +1223,30 @@
+ + DescribeKeyValueStore + + + Grants permission to get a CloudFront KeyValueStore summary + + Read + +

+ + key-value-store* + +

+ 		+ +
@@ -2176,6 +2248,25 @@
+ + ListKeyValueStores + + + Grants permission to get a list of CloudFront KeyValueStores + + List + + + +
@@ -2709,6 +2800,30 @@
+ + UpdateKeyValueStore + + + Grants permission to update a CloudFront KeyValueStore + + Write + +

+ + key-value-store* + +

+ 		+ +
@@ -2891,7 +3006,7 @@

- +
+ + + + +
@@ -3149,6 +3264,32 @@

+ + key-value-store + + + + arn:$ + + { + + Partition}:cloudfront::$ + + { + + Account}:key-value-store/$ + + { + + Name} + + +
@@ -3253,7 +3394,7 @@

- +
@@ -3343,8 +3484,8 @@

- diff --git a/policy_sentry/shared/data/docs/list_amazoncloudfrontkeyvaluestore.html b/policy_sentry/shared/data/docs/list_amazoncloudfrontkeyvaluestore.html new file mode 100644 index 00000000..cf2dd88a --- /dev/null +++ b/policy_sentry/shared/data/docs/list_amazoncloudfrontkeyvaluestore.html @@ -0,0 +1,654 @@ + + + + + + Actions, resources, and condition keys for Amazon CloudFront KeyValueStore - Service Authorization Reference + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +
+ + +
+
+ +
+ + + Actions, resources, and condition keys for Amazon CloudFront KeyValueStore - Service Authorization Reference + + + + + + + + + +
+
+ + +
+ +
+ + Actions + + + Resource types + + + Condition keys + +
+
+
+ + +

+ Actions, resources, and condition keys for Amazon CloudFront KeyValueStore +

+
+ + + + +
+

+ Amazon CloudFront KeyValueStore (service prefix: + + cloudfront-keyvaluestore + + ) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies. +

+

+ References: +

+
+ +
+ +

+ Actions defined by Amazon CloudFront KeyValueStore +

+

+ You can specify the following actions in the + + Action + + element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. +

+

+ The + + Resource types + + column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") to which the policy applies in the + + Resource + + element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (*). If you limit resource access with the + + Resource + + element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types. +

+

+ The + + Condition keys + + column of the Actions table includes keys that you can specify in a policy statement's + + Condition + + element. For more information on the condition keys that are associated with resources for the service, see the + + Condition keys + + column of the Resource types table. +

+
+
+ + +
+ Note +
+
+
+

+ Resource condition keys are listed in the + + Resource types + + table. You can find a link to the resource type that applies to an action in the + + Resource types (*required) + + column of the Actions table. The resource type in the Resource types table includes the + + Condition keys + + column, which are the resource condition keys that apply to an action in the Actions table. +

+
+
+

+ For details about the columns in the following table, see + + Actions table + + . +

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Actions + + Description + + Access level + + Resource types (*required) + + Condition keys + + Dependent actions +
+ + DeleteKey + + + Grants permission to delete the key value pair specified by the key + + Write + +

+ + key-value-store* + +

+ 		+ +
+ + DescribeKeyValueStore + + + Grants permission to return metadata information about Key Value Store + + Read + +

+ + key-value-store* + +

+ 		+ +
+ + GetKey + + + Grants permission to return a key value pair + + Read + +

+ + key-value-store* + +

+ 		+ +
+ + ListKeys + + + Grants permission to returns a list of key value pairs + + List + +

+ + key-value-store* + +

+ 		+ +
+ + PutKey + + + Grants permission to create a new key value pair or replace the value of an existing key + + Write + +

+ + key-value-store* + +

+ 		+ +
+ + UpdateKeys + + + Grants permission to put or delete multiple key value pairs in a single, all-or-nothing operation + + Write + +

+ + key-value-store* + +

+ 		+ +
+
+
+

+ Resource types defined by Amazon CloudFront KeyValueStore +

+

+ The following resource types are defined by this service and can be used in the + + Resource + + element of IAM permission policy statements. Each action in the + + Actions table + + identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the Resource types table. For details about the columns in the following table, see + + Resource types table + + . +

+
+
+ + + + + + + + + + + + + +
+ Resource types + + ARN + + Condition keys +
+ + key-value-store + + + + arn:$ + + { + + Partition}:cloudfront::$ + + { + + Account}:key-value-store/$ + + { + + ResourceId} + + +
+
+
+

+ Condition keys for Amazon CloudFront KeyValueStore +

+

+ CloudFront KeyValueStore has no service-specific context keys that can be used in the + + Condition + + element of policy statements. For the list of the global context keys that are available to all services, see + + Available keys for conditions + + . +

+ + + + +
+ + + + +
+ + +
+ +
+ +
+ + +
+
+
+ + +
+ + + +
+ + diff --git a/policy_sentry/shared/data/docs/list_amazoncloudsearch.html b/policy_sentry/shared/data/docs/list_amazoncloudsearch.html index 69e14ada..6e6673de 100644 --- a/policy_sentry/shared/data/docs/list_amazoncloudsearch.html +++ b/policy_sentry/shared/data/docs/list_amazoncloudsearch.html @@ -310,7 +310,7 @@

- +
@@ -1149,7 +1149,7 @@
- +
diff --git a/policy_sentry/shared/data/docs/list_amazoncloudwatch.html b/policy_sentry/shared/data/docs/list_amazoncloudwatch.html index 374dbf9d..e6766b5d 100644 --- a/policy_sentry/shared/data/docs/list_amazoncloudwatch.html +++ b/policy_sentry/shared/data/docs/list_amazoncloudwatch.html @@ -310,7 +310,7 @@

- +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + + + - - + + + + + + + + + + + + - - - + + + + + @@ -1430,15 +1763,38 @@
- + + + + + + + - - + + + + + @@ -1525,6 +1894,53 @@
+ + + + + + + + + + + + + + +
@@ -333,6 +333,78 @@
+ + BatchGetServiceLevelIndicatorReport + + + Grants permission to batch get service level indicator report + + Read + + + +
+ + BatchGetServiceLevelObjectiveBudgetReport + + + Grants permission to batch retrieve a service level objective budget report + + Read + +

+ + slo* + +

+ 		+ +
+ + CreateServiceLevelObjective + + + Grants permission to create a service level objective + + Write + + +

+ + aws:RequestTag/${TagKey} + +

+

+ + aws:TagKeys + +

+ 		+
@@ -448,6 +520,30 @@
+ + DeleteServiceLevelObjective + + + Grants permission to delete a service level objective + + Write + +

+ + slo* + +

+ 		+ +
@@ -649,6 +745,44 @@
+ + EnableTopologyDiscovery + + + Grants permission to enable a CloudWatch topology discovery + + Write + + + +
+ + GenerateQuery + + + Grants permission to generate a Metrics Insights or Logs Insights query string from a natural language prompt + + Read + + + +
@@ -778,6 +912,118 @@
+ + GetService + + + Grants permission to retrieve information about a service + + Read + +

+ + service* + +

+ 		+ +
+ + GetServiceData + + [permission only] + + Grants permission to retrieve service data + + Read + +

+ + service* + +

+ 		+ +
+ + GetServiceLevelObjective + + + Grants permission to retrieve information about service level objective + + Read + +

+ + slo* + +

+ 		+ +
+ + GetTopologyDiscoveryStatus + + [permission only] + + Grants permission to retrieve a CloudWatch topology discovery status + + Read + + + +
+ + GetTopologyMap + + + Grants permission to retrieve a CloudWatch topology map + + Read + + + +
+ + + ListServiceLevelObjectives + + + Grants permission to list service level objectives + + List + + + +
+ + ListServices + + + Grants permission to list services + + List + + + +
ListTagsForResource + Grants permission to list tags for an Amazon CloudWatch resource + List @@ -926,6 +1210,19 @@
+

+ + slo + +

+ 		+ +

@@ -972,6 +1269,29 @@

+

+ + SCENARIO: + + CloudWatch-ServiceLevelObjective +

+ 		+ +

+ + slo* + +

+ 		+ +
@@ -1329,15 +1649,15 @@
+ TagResource + Grants permission to add tags to an Amazon CloudWatch resource + Tagging @@ -1365,6 +1685,19 @@
+

+ + slo + +

+ 		+ +
+ +

+ + SCENARIO: + + CloudWatch-ServiceLevelObjective +

+ 		+ +

+ + slo* + +

+ 		+ +
UntagResource + Grants permission to remove a tag from an Amazon CloudWatch resource + Tagging @@ -1466,6 +1822,19 @@
+

+ + slo + +

+ 		+ +
+

+ + SCENARIO: + + CloudWatch-ServiceLevelObjective +

+ 		+ +

+ + slo* + +

+ 		+ +
+ + UpdateServiceLevelObjective + + + Grants permission to update a service level objective + + Write + +

+ + slo* + +

+ 		+ +
@@ -1548,7 +1964,7 @@

- +
+ + + + + + + + + +
@@ -1693,6 +2109,80 @@

+ + slo + + + + arn:$ + + { + + Partition}:cloudwatch:$ + + { + + Region}:$ + + { + + Account}:slo/$ + + { + + SloName} + + +

+ + aws:ResourceTag/${TagKey} + +

+
+ + service + + + + arn:$ + + { + + Partition}:cloudwatch:$ + + { + + Region}:$ + + { + + Account}:service/$ + + { + + ServiceName}-$ + + { + + UniqueAttributesHex} + + +

+ + aws:ResourceTag/${TagKey} + +

+
@@ -1719,7 +2209,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazoncloudwatchapplicationinsights.html b/policy_sentry/shared/data/docs/list_amazoncloudwatchapplicationinsights.html index f21bfad8..47b6ac33 100644 --- a/policy_sentry/shared/data/docs/list_amazoncloudwatchapplicationinsights.html +++ b/policy_sentry/shared/data/docs/list_amazoncloudwatchapplicationinsights.html @@ -310,7 +310,7 @@

- +
@@ -1035,7 +1035,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazoncloudwatchevidently.html b/policy_sentry/shared/data/docs/list_amazoncloudwatchevidently.html index 9e32d823..8bad162a 100644 --- a/policy_sentry/shared/data/docs/list_amazoncloudwatchevidently.html +++ b/policy_sentry/shared/data/docs/list_amazoncloudwatchevidently.html @@ -310,7 +310,7 @@

- +
@@ -1400,7 +1400,7 @@

- +
@@ -1627,7 +1627,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazoncloudwatchinternetmonitor.html b/policy_sentry/shared/data/docs/list_amazoncloudwatchinternetmonitor.html index 73412de8..8fa11cd9 100644 --- a/policy_sentry/shared/data/docs/list_amazoncloudwatchinternetmonitor.html +++ b/policy_sentry/shared/data/docs/list_amazoncloudwatchinternetmonitor.html @@ -310,7 +310,7 @@

- +
@@ -736,7 +736,7 @@

- +
@@ -845,7 +845,7 @@

- +
diff --git a/policy_sentry/shared/data/docs/list_amazoncloudwatchlogs.html b/policy_sentry/shared/data/docs/list_amazoncloudwatchlogs.html index 76d911d2..d3c46a4a 100644 --- a/policy_sentry/shared/data/docs/list_amazoncloudwatchlogs.html +++ b/policy_sentry/shared/data/docs/list_amazoncloudwatchlogs.html @@ -310,7 +310,7 @@

- +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + + + @@ -2013,7 +2168,7 @@
[permission only]
- - - + + + + + - - - + + + + + + + + + + + + + + + + + + + + +
@@ -468,6 +468,48 @@
+ + CreateLogAnomalyDetector + + + Grants permission to create a log anomaly detector + + Write + +

+ + log-group* + +

+ 		+ +
+ +

+ + aws:TagKeys + +

+

+ + aws:RequestTag/${TagKey} + +

+ 		+
@@ -717,6 +759,30 @@
+ + DeleteLogAnomalyDetector + + + Grants permission to delete a log anomaly detector + + Write + +

+ + anomaly-detector* + +

+ 		+ +
@@ -1325,6 +1391,30 @@
+ + GetLogAnomalyDetector + + + Grants permission to get a log anomaly detector + + Read + +

+ + anomaly-detector* + +

+ 		+ +
@@ -1461,6 +1551,54 @@
+ + ListAnomalies + + + Grants permission to list all anomalies detected in the AWS account making the request + + List + +

+ + anomaly-detector + +

+ 		+ +
+ + ListLogAnomalyDetectors + + + Grants permission to return all the anomaly detectors that are associated with the AWS account making the request + + List + +

+ + log-group + +

+ 		+ +
@@ -1482,17 +1620,30 @@
+ ListTagsForResource + Grants permission to list the tags for the specified resource + List +

+ + anomaly-detector + +

+ 		+ +

@@ -1963,18 +2114,22 @@

- + StartLiveTail - [permission only] - Grants permission to start a livetail session in CloudWatch Logs + Grants permission to start a Live Tail session in CloudWatch Logs Read +

+ + log-group* + +

- Grants permission to stop a CloudWatch Logs livetail session that is in progress + Grants permission to stop a Live Tail session that is in progress Read @@ -2087,17 +2242,30 @@
+ TagResource + Grants permission to add or update the specified tags for the specified resource + Tagging +

+ + anomaly-detector + +

+ 		+ +

@@ -2262,17 +2430,30 @@

+ UntagResource + Grants permission to remove the specified tags from the specified resource + Tagging +

+ + anomaly-detector + +

+ 		+ +

@@ -2350,6 +2531,54 @@

+ + UpdateAnomaly + + + Grants permission to update an anomaly reported by a log anomaly detector + + Write + +

+ + anomaly-detector* + +

+ 		+ +
+ + UpdateLogAnomalyDetector + + + Grants permission to update a log anomaly detector + + Write + +

+ + anomaly-detector* + +

+ 		+ +
@@ -2393,7 +2622,7 @@

- +
+ + + + +
@@ -2621,6 +2850,41 @@

+ + anomaly-detector + + + + arn:$ + + { + + Partition}:logs:$ + + { + + Region}:$ + + { + + Account}:anomaly-detector:$ + + { + + DetectorId} + + +

+ + aws:ResourceTag/${TagKey} + +

+
@@ -2647,7 +2911,7 @@

- +
@@ -2763,8 +3027,8 @@

- diff --git a/policy_sentry/shared/data/docs/list_amazoncloudwatchnetworkmonitor.html b/policy_sentry/shared/data/docs/list_amazoncloudwatchnetworkmonitor.html new file mode 100644 index 00000000..b6692d47 --- /dev/null +++ b/policy_sentry/shared/data/docs/list_amazoncloudwatchnetworkmonitor.html @@ -0,0 +1,949 @@ + + + + + + Actions, resources, and condition keys for Amazon CloudWatch Network Monitor - Service Authorization Reference + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +
+ + +
+
+ +
+ + + Actions, resources, and condition keys for Amazon CloudWatch Network Monitor - Service Authorization Reference + + + + + + + + + +
+
+ + +
+ +
+ + Actions + + + Resource types + + + Condition keys + +
+
+
+ + +

+ Actions, resources, and condition keys for Amazon CloudWatch Network Monitor +

+
+ + + + +
+

+ Amazon CloudWatch Network Monitor (service prefix: + + networkmonitor + + ) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies. +

+

+ References: +

+
+ +
+ +

+ Actions defined by Amazon CloudWatch Network Monitor +

+

+ You can specify the following actions in the + + Action + + element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. +

+

+ The + + Resource types + + column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") to which the policy applies in the + + Resource + + element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (*). If you limit resource access with the + + Resource + + element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types. +

+

+ The + + Condition keys + + column of the Actions table includes keys that you can specify in a policy statement's + + Condition + + element. For more information on the condition keys that are associated with resources for the service, see the + + Condition keys + + column of the Resource types table. +

+
+
+ + +
+ Note +
+
+
+

+ Resource condition keys are listed in the + + Resource types + + table. You can find a link to the resource type that applies to an action in the + + Resource types (*required) + + column of the Actions table. The resource type in the Resource types table includes the + + Condition keys + + column, which are the resource condition keys that apply to an action in the Actions table. +

+
+
+

+ For details about the columns in the following table, see + + Actions table + + . +

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Actions + + Description + + Access level + + Resource types (*required) + + Condition keys + + Dependent actions +
+ + CreateMonitor + + + Grants permission to create a monitor + + Write + +

+ + monitor* + +

+ 		+ +
+ + CreateProbe + + + Grants permission to create a probe + + Write + + + +
+ + DeleteMonitor + + + Grants permission to delete a monitor + + Write + +

+ + monitor* + +

+ 		+ +
+ + DeleteProbe + + + Grants permission to delete a probe + + Write + +

+ + probe* + +

+ 		+ +
+ + GetMonitor + + + Grants permission to get information about a monitor + + Read + +

+ + monitor* + +

+ 		+ +
+ + GetProbe + + + Grants permission to get information about a probe + + Read + +

+ + probe* + +

+ 		+ +
+ + ListMonitors + + + Grants permission to list all monitors in an account and their statuses + + List + + + +
+ + ListTagsForResource + + + Grants permission to list the tags for a resource + + Read + +

+ + monitor + +

+ 		+ +
+

+ + probe + +

+ 		+ +
+ + TagResource + + + Grants permission to add tags to a resource + + Tagging + +

+ + monitor + +

+ 		+ +
+

+ + probe + +

+ 		+ +
+ + UntagResource + + + Grants permission to remove tags from a resource + + Tagging + +

+ + monitor + +

+ 		+ +
+

+ + probe + +

+ 		+ +
+ +

+ + aws:TagKeys + +

+ 		+
+ + UpdateMonitor + + + Grants permission to update a monitor + + Write + +

+ + monitor* + +

+ 		+ +
+ + UpdateProbe + + + Grants permission to update a probe + + Write + +

+ + probe* + +

+ 		+ +
+
+
+

+ Resource types defined by Amazon CloudWatch Network Monitor +

+

+ The following resource types are defined by this service and can be used in the + + Resource + + element of IAM permission policy statements. Each action in the + + Actions table + + identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the Resource types table. For details about the columns in the following table, see + + Resource types table + + . +

+
+
+ + + + + + + + + + + + + + + + + + +
+ Resource types + + ARN + + Condition keys +
+ + monitor + + + + arn:$ + + { + + Partition}:networkmonitor:$ + + { + + Region}:$ + + { + + Account}:monitor/$ + + { + + MonitorName} + + +

+ + aws:ResourceTag/${TagKey} + +

+
+ + probe + + + + arn:$ + + { + + Partition}:networkmonitor:$ + + { + + Region}:$ + + { + + Account}:probe/$ + + { + + ProbeId} + + +

+ + aws:ResourceTag/${TagKey} + +

+
+
+
+

+ Condition keys for Amazon CloudWatch Network Monitor +

+

+ Amazon CloudWatch Network Monitor defines the following condition keys that can be used in the + + Condition + + element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see + + Condition keys table + + . +

+

+ To view the global condition keys that are available to all services, see + + Available global condition keys + + . +

+
+
+ + + + + + + + + + + + + + + + + + + + + + + +
+ Condition keys + + Description + + Type +
+ + aws:RequestTag/${TagKey} + + + Filters access by the tag key-value pairs in the request + + String +
+ + aws:ResourceTag/${TagKey} + + + Filters access by the tag key-value pairs attached to the resource + + String +
+ + aws:TagKeys + + + Filters access by the tag keys in the request + + ArrayOfString +
+
+
+ + + + +
+ + + + +
+ + +
+ +
+ +
+ + +
+
+
+ + +
+ + + +
+ + diff --git a/policy_sentry/shared/data/docs/list_amazoncloudwatchobservabilityaccessmanager.html b/policy_sentry/shared/data/docs/list_amazoncloudwatchobservabilityaccessmanager.html index 42c88387..620b6d36 100644 --- a/policy_sentry/shared/data/docs/list_amazoncloudwatchobservabilityaccessmanager.html +++ b/policy_sentry/shared/data/docs/list_amazoncloudwatchobservabilityaccessmanager.html @@ -310,7 +310,7 @@

- +
@@ -919,7 +919,7 @@

- +
@@ -1029,7 +1029,7 @@

- +
@@ -1129,8 +1129,8 @@

-