├── .editorconfig ├── .eslintrc.json ├── .github ├── FUNDING.yml └── workflows │ ├── publish.yml │ ├── scrape.yml │ └── test.yml ├── .gitignore ├── .husky ├── commit-msg ├── pre-commit └── pre-push ├── .releaserc ├── .vscode ├── extensions.json ├── launch.json ├── settings.json └── tasks.json ├── .vscodeignore ├── .yarnrc ├── CHANGELOG.md ├── LICENSE.md ├── README.md ├── babel.config.js ├── commitlint.config.js ├── images ├── action_suggest.png ├── icon.png ├── service_suggest.png └── wildcard_hover.png ├── package.json ├── scraper └── scraper.mjs ├── src ├── completionProvider.ts ├── data │ └── iam-services │ │ ├── alexa-for-business.json │ │ ├── amazon-ai-operations.json │ │ ├── amazon-api-gateway-management-v2.json │ │ ├── amazon-api-gateway-management.json │ │ ├── amazon-api-gateway.json │ │ ├── amazon-appflow.json │ │ ├── amazon-appintegrations.json │ │ ├── amazon-application-recovery-controller---zonal-shift.json │ │ ├── amazon-appstream-2.0.json │ │ ├── amazon-athena.json │ │ ├── amazon-aurora-dsql.json │ │ ├── amazon-bedrock.json │ │ ├── amazon-braket.json │ │ ├── amazon-chime.json │ │ ├── amazon-cloud-directory.json │ │ ├── amazon-cloudfront-keyvaluestore.json │ │ ├── amazon-cloudfront.json │ │ ├── amazon-cloudsearch.json │ │ ├── amazon-cloudwatch-application-insights.json │ │ ├── amazon-cloudwatch-application-signals.json │ │ ├── amazon-cloudwatch-evidently.json │ │ ├── amazon-cloudwatch-internet-monitor.json │ │ ├── amazon-cloudwatch-logs.json │ │ ├── amazon-cloudwatch-network-monitor.json │ │ ├── amazon-cloudwatch-observability-access-manager.json │ │ ├── amazon-cloudwatch-observability-admin-service.json │ │ ├── amazon-cloudwatch-synthetics.json │ │ ├── amazon-cloudwatch.json │ │ ├── amazon-codecatalyst.json │ │ ├── amazon-codeguru-profiler.json │ │ ├── amazon-codeguru-reviewer.json │ │ ├── amazon-codeguru-security.json │ │ ├── amazon-codeguru.json │ │ ├── amazon-codewhisperer.json │ │ ├── amazon-cognito-identity.json │ │ ├── amazon-cognito-sync.json │ │ ├── amazon-cognito-user-pools.json │ │ ├── amazon-comprehend-medical.json │ │ ├── amazon-comprehend.json │ │ ├── amazon-connect-cases.json │ │ ├── amazon-connect-customer-profiles.json │ │ ├── amazon-connect-outbound-campaigns.json │ │ ├── amazon-connect-voice-id.json │ │ ├── amazon-connect-wisdom.json │ │ ├── amazon-connect.json │ │ ├── amazon-data-lifecycle-manager.json │ │ ├── amazon-datazone-control.json │ │ ├── amazon-datazone.json │ │ ├── amazon-detective.json │ │ ├── amazon-devops-guru.json │ │ ├── amazon-documentdb-elastic-clusters.json │ │ ├── amazon-dynamodb-accelerator-(dax).json │ │ ├── amazon-dynamodb.json │ │ ├── amazon-ec2-auto-scaling.json │ │ ├── amazon-ec2-image-builder.json │ │ ├── amazon-ec2-instance-connect.json │ │ ├── amazon-ec2.json │ │ ├── amazon-eks-auth.json │ │ ├── amazon-elastic-block-store.json │ │ ├── amazon-elastic-container-registry-public.json │ │ ├── amazon-elastic-container-registry.json │ │ ├── amazon-elastic-container-service.json │ │ ├── amazon-elastic-file-system.json │ │ ├── amazon-elastic-inference.json │ │ ├── amazon-elastic-kubernetes-service.json │ │ ├── amazon-elastic-mapreduce.json │ │ ├── amazon-elastic-transcoder.json │ │ ├── amazon-elasticache.json │ │ ├── amazon-emr-on-eks-(emr-containers).json │ │ ├── amazon-emr-serverless.json │ │ ├── amazon-eventbridge-pipes.json │ │ ├── amazon-eventbridge-scheduler.json │ │ ├── amazon-eventbridge-schemas.json │ │ ├── amazon-eventbridge.json │ │ ├── amazon-finspace-api.json │ │ ├── amazon-finspace.json │ │ ├── amazon-forecast.json │ │ ├── amazon-fraud-detector.json │ │ ├── amazon-freertos.json │ │ ├── amazon-fsx.json │ │ ├── amazon-gamelift-streams.json │ │ ├── amazon-gamelift.json │ │ ├── amazon-gamesparks.json │ │ ├── amazon-glacier.json │ │ ├── amazon-groundtruth-labeling.json │ │ ├── amazon-guardduty.json │ │ ├── amazon-healthlake.json │ │ ├── amazon-honeycode.json │ │ ├── amazon-inspector.json │ │ ├── amazon-inspector2.json │ │ ├── amazon-inspectorscan.json │ │ ├── amazon-interactive-video-service-chat.json │ │ ├── amazon-interactive-video-service.json │ │ ├── amazon-kendra-intelligent-ranking.json │ │ ├── amazon-kendra.json │ │ ├── amazon-keyspaces-(for-apache-cassandra).json │ │ ├── amazon-kinesis-analytics-v2.json │ │ ├── amazon-kinesis-analytics.json │ │ ├── amazon-kinesis-data-streams.json │ │ ├── amazon-kinesis-firehose.json │ │ ├── amazon-kinesis-video-streams.json │ │ ├── amazon-kinesis.json │ │ ├── amazon-lex-v2.json │ │ ├── amazon-lex.json │ │ ├── amazon-lightsail.json │ │ ├── amazon-location-service-maps.json │ │ ├── amazon-location-service-places.json │ │ ├── amazon-location-service-routes.json │ │ ├── amazon-location.json │ │ ├── amazon-lookout-for-equipment.json │ │ ├── amazon-lookout-for-metrics.json │ │ ├── amazon-lookout-for-vision.json │ │ ├── amazon-machine-learning.json │ │ ├── amazon-macie-classic.json │ │ ├── amazon-macie.json │ │ ├── amazon-managed-blockchain-query.json │ │ ├── amazon-managed-blockchain.json │ │ ├── amazon-managed-grafana.json │ │ ├── amazon-managed-service-for-prometheus.json │ │ ├── amazon-managed-streaming-for-apache-kafka.json │ │ ├── amazon-managed-streaming-for-kafka-connect.json │ │ ├── amazon-managed-workflows-for-apache-airflow.json │ │ ├── amazon-mechanical-turk.json │ │ ├── amazon-memorydb.json │ │ ├── amazon-message-delivery-service.json │ │ ├── amazon-message-gateway-service.json │ │ ├── amazon-mobile-analytics.json │ │ ├── amazon-monitron.json │ │ ├── amazon-mq.json │ │ ├── amazon-neptune-analytics.json │ │ ├── amazon-neptune.json │ │ ├── amazon-nimble-studio.json │ │ ├── amazon-omics.json │ │ ├── amazon-one-enterprise.json │ │ ├── amazon-opensearch-ingestion.json │ │ ├── amazon-opensearch-serverless.json │ │ ├── amazon-opensearch-service-(successor-to-amazon-elasticsearch-service).json │ │ ├── amazon-opensearch-service.json │ │ ├── amazon-opensearch.json │ │ ├── amazon-personalize.json │ │ ├── amazon-pinpoint-email-service.json │ │ ├── amazon-pinpoint-sms-and-voice-service.json │ │ ├── amazon-pinpoint-sms-voice-v2.json │ │ ├── amazon-pinpoint.json │ │ ├── amazon-polly.json │ │ ├── amazon-q-business-q-apps.json │ │ ├── amazon-q-business.json │ │ ├── amazon-q-developer.json │ │ ├── amazon-q-in-connect.json │ │ ├── amazon-q.json │ │ ├── amazon-qldb.json │ │ ├── amazon-quicksight.json │ │ ├── amazon-rds-data-api.json │ │ ├── amazon-rds-iam-authentication.json │ │ ├── amazon-rds.json │ │ ├── amazon-redshift-data-api.json │ │ ├── amazon-redshift-serverless.json │ │ ├── amazon-redshift.json │ │ ├── amazon-rekognition.json │ │ ├── amazon-resource-group-tagging-api.json │ │ ├── amazon-rhel-knowledgebase-portal.json │ │ ├── amazon-route-53-application-recovery-controller---zonal-shift.json │ │ ├── amazon-route-53-domains.json │ │ ├── amazon-route-53-profiles-enables-sharing-dns-settings-with-vpcs.json │ │ ├── amazon-route-53-profiles.json │ │ ├── amazon-route-53-recovery-cluster.json │ │ ├── amazon-route-53-recovery-controls.json │ │ ├── amazon-route-53-recovery-readiness.json │ │ ├── amazon-route-53-resolver.json │ │ ├── amazon-route-53.json │ │ ├── amazon-s3-express.json │ │ ├── amazon-s3-glacier.json │ │ ├── amazon-s3-object-lambda.json │ │ ├── amazon-s3-on-outposts.json │ │ ├── amazon-s3-tables.json │ │ ├── amazon-s3.json │ │ ├── amazon-sagemaker-data-science-assistant.json │ │ ├── amazon-sagemaker-geospatial-capabilities.json │ │ ├── amazon-sagemaker-ground-truth-synthetic.json │ │ ├── amazon-sagemaker-with-mlflow.json │ │ ├── amazon-sagemaker.json │ │ ├── amazon-security-lake.json │ │ ├── amazon-ses.json │ │ ├── amazon-session-manager-message-gateway-service.json │ │ ├── amazon-simple-email-service---mail-manager.json │ │ ├── amazon-simple-email-service-v2.json │ │ ├── amazon-simple-workflow-service.json │ │ ├── amazon-simpledb.json │ │ ├── amazon-sns.json │ │ ├── amazon-sqs.json │ │ ├── amazon-storage-gateway.json │ │ ├── amazon-sumerian.json │ │ ├── amazon-textract.json │ │ ├── amazon-timestream-influxdb.json │ │ ├── amazon-timestream.json │ │ ├── amazon-transcribe.json │ │ ├── amazon-translate.json │ │ ├── amazon-verified-permissions.json │ │ ├── amazon-vpc-lattice-services.json │ │ ├── amazon-vpc-lattice.json │ │ ├── amazon-workdocs.json │ │ ├── amazon-worklink.json │ │ ├── amazon-workmail-message-flow.json │ │ ├── amazon-workmail.json │ │ ├── amazon-workspaces-application-manager.json │ │ ├── amazon-workspaces-secure-browser.json │ │ ├── amazon-workspaces-thin-client.json │ │ ├── amazon-workspaces-web.json │ │ ├── amazon-workspaces.json │ │ ├── amazonmediaimport.json │ │ ├── apache-kafka-apis-for-amazon-msk-clusters.json │ │ ├── application-discovery-arsenal.json │ │ ├── application-discovery.json │ │ ├── aws-account-management.json │ │ ├── aws-activate.json │ │ ├── aws-amplify-admin.json │ │ ├── aws-amplify-ui-builder.json │ │ ├── aws-amplify.json │ │ ├── aws-app-mesh-preview.json │ │ ├── aws-app-mesh.json │ │ ├── aws-app-runner.json │ │ ├── aws-app-studio.json │ │ ├── aws-app2container.json │ │ ├── aws-appconfig.json │ │ ├── aws-appfabric.json │ │ ├── aws-application-auto-scaling.json │ │ ├── aws-application-cost-profiler-service.json │ │ ├── aws-application-discovery-service.json │ │ ├── aws-application-migration-service.json │ │ ├── aws-application-transformation-service.json │ │ ├── aws-appsync.json │ │ ├── aws-artifact.json │ │ ├── aws-audit-manager.json │ │ ├── aws-auto-scaling.json │ │ ├── aws-b2b-data-interchange.json │ │ ├── aws-backup-gateway.json │ │ ├── aws-backup-search.json │ │ ├── aws-backup-storage.json │ │ ├── aws-backup.json │ │ ├── aws-batch.json │ │ ├── aws-billing-and-cost-management-console.json │ │ ├── aws-billing-and-cost-management-data-exports.json │ │ ├── aws-billing-and-cost-management-pricing-calculator.json │ │ ├── aws-billing-and-cost-management.json │ │ ├── aws-billing-conductor.json │ │ ├── aws-billing-console.json │ │ ├── aws-billing.json │ │ ├── aws-budget-service.json │ │ ├── aws-bugbust.json │ │ ├── aws-certificate-manager-private-certificate-authority.json │ │ ├── aws-certificate-manager.json │ │ ├── aws-chatbot.json │ │ ├── aws-clean-rooms-ml.json │ │ ├── aws-clean-rooms.json │ │ ├── aws-cloud-control-api.json │ │ ├── aws-cloud-map.json │ │ ├── aws-cloud9.json │ │ ├── aws-cloudformation.json │ │ ├── aws-cloudhsm.json │ │ ├── aws-cloudshell.json │ │ ├── aws-cloudtrail-data.json │ │ ├── aws-cloudtrail.json │ │ ├── aws-cloudwatch-rum.json │ │ ├── aws-codeartifact.json │ │ ├── aws-codebuild.json │ │ ├── aws-codecommit.json │ │ ├── aws-codeconnections.json │ │ ├── aws-codedeploy-secure-host-commands-service.json │ │ ├── aws-codedeploy.json │ │ ├── aws-codepipeline.json │ │ ├── aws-codestar-connections.json │ │ ├── aws-codestar-notifications.json │ │ ├── aws-codestar.json │ │ ├── aws-compute-optimizer.json │ │ ├── aws-config.json │ │ ├── aws-connector-service.json │ │ ├── aws-consolidated-billing.json │ │ ├── aws-control-catalog.json │ │ ├── aws-control-tower.json │ │ ├── aws-cost-and-usage-report.json │ │ ├── aws-cost-explorer-service.json │ │ ├── aws-cost-optimization-hub.json │ │ ├── aws-customer-verification-service.json │ │ ├── aws-data-exchange.json │ │ ├── aws-data-pipeline.json │ │ ├── aws-database-migration-service.json │ │ ├── aws-datasync.json │ │ ├── aws-deadline-cloud.json │ │ ├── aws-deepcomposer.json │ │ ├── aws-deeplens.json │ │ ├── aws-deepracer.json │ │ ├── aws-device-farm.json │ │ ├── aws-diagnostic-tools.json │ │ ├── aws-direct-connect.json │ │ ├── aws-directory-service-data.json │ │ ├── aws-directory-service.json │ │ ├── aws-elastic-beanstalk.json │ │ ├── aws-elastic-disaster-recovery.json │ │ ├── aws-elastic-load-balancing-v2.json │ │ ├── aws-elastic-load-balancing.json │ │ ├── aws-elemental-appliances-and-software-activation-service.json │ │ ├── aws-elemental-appliances-and-software.json │ │ ├── aws-elemental-mediaconnect.json │ │ ├── aws-elemental-mediaconvert.json │ │ ├── aws-elemental-medialive.json │ │ ├── aws-elemental-mediapackage-v2.json │ │ ├── aws-elemental-mediapackage-vod.json │ │ ├── aws-elemental-mediapackage.json │ │ ├── aws-elemental-mediastore.json │ │ ├── aws-elemental-mediatailor.json │ │ ├── aws-elemental-support-cases.json │ │ ├── aws-elemental-support-content.json │ │ ├── aws-end-user-messaging-sms-and-voice-v2.json │ │ ├── aws-end-user-messaging-social.json │ │ ├── aws-entity-resolution.json │ │ ├── aws-fault-injection-service.json │ │ ├── aws-fault-injection-simulator.json │ │ ├── aws-firewall-manager.json │ │ ├── aws-free-tier.json │ │ ├── aws-global-accelerator.json │ │ ├── aws-glue-databrew.json │ │ ├── aws-glue.json │ │ ├── aws-ground-station.json │ │ ├── aws-health-apis-and-notifications.json │ │ ├── aws-healthimaging.json │ │ ├── aws-healthlake.json │ │ ├── aws-healthomics.json │ │ ├── aws-iam-access-analyzer.json │ │ ├── aws-iam-identity-center-(successor-to-aws-single-sign-on)-directory.json │ │ ├── aws-iam-identity-center-(successor-to-aws-single-sign-on).json │ │ ├── aws-iam-identity-center-oidc-service.json │ │ ├── aws-identity-and-access-management-(iam).json │ │ ├── aws-identity-and-access-management-roles-anywhere.json │ │ ├── aws-identity-and-access-management.json │ │ ├── aws-identity-store-auth.json │ │ ├── aws-identity-store.json │ │ ├── aws-identity-sync.json │ │ ├── aws-identity-synchronization-service.json │ │ ├── aws-import-export-disk-service.json │ │ ├── aws-invoicing-service.json │ │ ├── aws-iot-1-click.json │ │ ├── aws-iot-analytics.json │ │ ├── aws-iot-core-device-advisor.json │ │ ├── aws-iot-core-for-lorawan.json │ │ ├── aws-iot-device-tester.json │ │ ├── aws-iot-events.json │ │ ├── aws-iot-fleet-hub-for-device-management.json │ │ ├── aws-iot-fleetwise.json │ │ ├── aws-iot-greengrass-v2.json │ │ ├── aws-iot-greengrass.json │ │ ├── aws-iot-jobs-dataplane.json │ │ ├── aws-iot-managed-integrations-feature-of-iot-device-management.json │ │ ├── aws-iot-roborunner.json │ │ ├── aws-iot-sitewise.json │ │ ├── aws-iot-things-graph.json │ │ ├── aws-iot-twinmaker.json │ │ ├── aws-iot-wireless.json │ │ ├── aws-iot.json │ │ ├── aws-iq-permissions.json │ │ ├── aws-iq.json │ │ ├── aws-key-management-service.json │ │ ├── aws-lake-formation.json │ │ ├── aws-lambda.json │ │ ├── aws-launch-wizard.json │ │ ├── aws-license-manager-linux-subscriptions-manager.json │ │ ├── aws-license-manager-user-subscriptions.json │ │ ├── aws-license-manager.json │ │ ├── aws-mainframe-modernization-application-testing-provides-tools-and-resources-for-automated-functional-equivalence-testing-for-your-migration-projects..json │ │ ├── aws-mainframe-modernization-application-testing.json │ │ ├── aws-mainframe-modernization-service.json │ │ ├── aws-management-console-mobile-app.json │ │ ├── aws-marketplace-catalog.json │ │ ├── aws-marketplace-commerce-analytics-service.json │ │ ├── aws-marketplace-deployment-service.json │ │ ├── aws-marketplace-discovery.json │ │ ├── aws-marketplace-entitlement-service.json │ │ ├── aws-marketplace-image-building-service.json │ │ ├── aws-marketplace-management-portal.json │ │ ├── aws-marketplace-metering-service.json │ │ ├── aws-marketplace-private-marketplace.json │ │ ├── aws-marketplace-procurement-systems-integration.json │ │ ├── aws-marketplace-reporting.json │ │ ├── aws-marketplace-seller-reporting.json │ │ ├── aws-marketplace-vendor-insights.json │ │ ├── aws-marketplace.json │ │ ├── aws-microservice-extractor-for-.net.json │ │ ├── aws-migration-acceleration-program-credits.json │ │ ├── aws-migration-hub-orchestrator.json │ │ ├── aws-migration-hub-refactor-spaces.json │ │ ├── aws-migration-hub-strategy-recommendations..json │ │ ├── aws-migration-hub-strategy-recommendations.json │ │ ├── aws-migration-hub.json │ │ ├── aws-mobile-hub.json │ │ ├── aws-network-firewall.json │ │ ├── aws-network-manager-chat.json │ │ ├── aws-network-manager.json │ │ ├── aws-opsworks-configuration-management.json │ │ ├── aws-opsworks.json │ │ ├── aws-organizations.json │ │ ├── aws-outposts.json │ │ ├── aws-panorama.json │ │ ├── aws-parallel-computing-service.json │ │ ├── aws-partner-central-account-management.json │ │ ├── aws-partner-central-selling.json │ │ ├── aws-payment-cryptography.json │ │ ├── aws-payments.json │ │ ├── aws-performance-insights.json │ │ ├── aws-price-list.json │ │ ├── aws-private-ca-connector-for-active-directory.json │ │ ├── aws-private-ca-connector-for-scep.json │ │ ├── aws-private-certificate-authority.json │ │ ├── aws-privatelink.json │ │ ├── aws-proton.json │ │ ├── aws-purchase-orders-console.json │ │ ├── aws-re-post-private.json │ │ ├── aws-recycle-bin.json │ │ ├── aws-repost-private.json │ │ ├── aws-resilience-hub-service.json │ │ ├── aws-resilience-hub.json │ │ ├── aws-resource-access-manager-(ram).json │ │ ├── aws-resource-access-manager.json │ │ ├── aws-resource-explorer.json │ │ ├── aws-resource-groups.json │ │ ├── aws-robomaker.json │ │ ├── aws-savings-plans.json │ │ ├── aws-secrets-manager.json │ │ ├── aws-security-hub.json │ │ ├── aws-security-incident-response.json │ │ ├── aws-security-token-service.json │ │ ├── aws-server-migration-service.json │ │ ├── aws-serverless-application-repository.json │ │ ├── aws-service-catalog.json │ │ ├── aws-service-providing-managed-private-networks.json │ │ ├── aws-service-to-enable-5g-automation.json │ │ ├── aws-shield.json │ │ ├── aws-signer.json │ │ ├── aws-signin.json │ │ ├── aws-simspace-weaver.json │ │ ├── aws-snow-device-management.json │ │ ├── aws-snowball.json │ │ ├── aws-sql-workbench.json │ │ ├── aws-sso-directory.json │ │ ├── aws-sso.json │ │ ├── aws-step-functions.json │ │ ├── aws-storage-gateway.json │ │ ├── aws-supply-chain.json │ │ ├── aws-support-app-for-slack.json │ │ ├── aws-support-app-in-slack.json │ │ ├── aws-support-plans.json │ │ ├── aws-support-recommendations.json │ │ ├── aws-support.json │ │ ├── aws-sustainability.json │ │ ├── aws-systems-manager-for-sap.json │ │ ├── aws-systems-manager-gui-connect.json │ │ ├── aws-systems-manager-incident-manager-contacts.json │ │ ├── aws-systems-manager-incident-manager.json │ │ ├── aws-systems-manager-quick-setup.json │ │ ├── aws-systems-manager.json │ │ ├── aws-tag-editor.json │ │ ├── aws-tax-settings.json │ │ ├── aws-telco-network-builder.json │ │ ├── aws-tiros.json │ │ ├── aws-transfer-family.json │ │ ├── aws-trusted-advisor.json │ │ ├── aws-user-notifications-contacts.json │ │ ├── aws-user-notifications.json │ │ ├── aws-user-subscriptions.json │ │ ├── aws-verified-access.json │ │ ├── aws-waf-regional.json │ │ ├── aws-waf-v2.json │ │ ├── aws-waf.json │ │ ├── aws-well-architected-tool.json │ │ ├── aws-wickr.json │ │ ├── aws-x-ray.json │ │ ├── awsdatasync.json │ │ ├── cloudwatch-application-insights.json │ │ ├── data-pipeline.json │ │ ├── database-query-metadata-service.json │ │ ├── elastic-load-balancing-v2.json │ │ ├── elastic-load-balancing.json │ │ ├── elemental-support-cases.json │ │ ├── elemental-support-content.json │ │ ├── high-volume-outbound-communications.json │ │ ├── identity-and-access-management.json │ │ ├── launch-wizard.json │ │ ├── network-flow-monitor.json │ │ ├── network-manager.json │ │ ├── recycle-bin.json │ │ ├── service-quotas.json │ │ └── tag-editor.json ├── documentParser.ts ├── documentation.ts ├── domain │ ├── IamAction.ts │ ├── IamService.ts │ ├── index.ts │ └── utility │ │ ├── groupBy.ts │ │ ├── iam.ts │ │ ├── index.ts │ │ └── match.ts ├── extension.ts ├── hoverProvider.ts ├── iamProvider.ts └── test │ ├── runTest.ts │ ├── suite │ ├── extension.test.ts │ └── index.ts │ └── unit │ ├── groupBy.test.ts │ ├── iam.test.ts │ └── match.test.ts ├── tsconfig.json ├── webpack.config.js └── yarn.lock /.editorconfig: -------------------------------------------------------------------------------- 1 | [*] 2 | charset = utf-8 3 | end_of_line = lf 4 | indent_style = space 5 | indent_size = 2 6 | insert_final_newline = true 7 | trim_trailing_whitespace = true 8 | -------------------------------------------------------------------------------- /.eslintrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "root": true, 3 | "parser": "@typescript-eslint/parser", 4 | "parserOptions": { 5 | "ecmaVersion": 6, 6 | "sourceType": "module" 7 | }, 8 | "plugins": [ 9 | "@typescript-eslint" 10 | ], 11 | "rules": { 12 | "@typescript-eslint/naming-convention": "warn", 13 | "@typescript-eslint/semi": "warn", 14 | "eqeqeq": "warn", 15 | "no-throw-literal": "warn", 16 | "semi": "off", 17 | "no-tabs": "error" 18 | }, 19 | "ignorePatterns": [ 20 | "out", 21 | "dist", 22 | "**/*.d.ts" 23 | ] 24 | } 25 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: [TastefulElk] 2 | -------------------------------------------------------------------------------- /.github/workflows/publish.yml: -------------------------------------------------------------------------------- 1 | name: Publish 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | publish: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v2 13 | - uses: actions/setup-node@v4 14 | with: 15 | node-version: 20.x 16 | - name: Install dependencies 17 | run: yarn install --frozen-lockfile 18 | - name: Publish to Visual Studio Marketplace, Open VSX, and GitHub Releases 19 | run: npx semantic-release 20 | env: 21 | VSCE_PAT: ${{ secrets.VS_MARKETPLACE_PAT }} 22 | GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }} 23 | OVSX_PAT: ${{ secrets.OPENVSX_PAT }} 24 | -------------------------------------------------------------------------------- /.github/workflows/scrape.yml: -------------------------------------------------------------------------------- 1 | name: Scrape 2 | 3 | on: 4 | workflow_dispatch: 5 | schedule: 6 | - cron: "0 6 * * 1" # run every monday at 06:00 UTC 7 | 8 | jobs: 9 | scrape: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v2 13 | - name: Setup node 14 | uses: actions/setup-node@v4 15 | with: 16 | node-version: 20.x 17 | - name: Setup Chrome 18 | uses: browser-actions/setup-chrome@v1 19 | with: 20 | chrome-version: stable 21 | - name: Install dependencies 22 | run: yarn install --frozen-lockfile 23 | - name: Scrape 24 | run: node scraper/scraper.mjs 25 | - name: Create Pull Request 26 | uses: peter-evans/create-pull-request@v6 27 | with: 28 | token: ${{ secrets.ACCESS_TOKEN }} 29 | commit-message: "fix: update IAM service definitions" 30 | title: Update IAM service definitions 31 | body: This is an auto-generated PR with IAM service updates. 32 | branch: service-updates 33 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: Test 2 | 3 | on: 4 | workflow_dispatch: 5 | push: 6 | 7 | jobs: 8 | build: 9 | runs-on: ${{ matrix.os }} 10 | 11 | strategy: 12 | max-parallel: 3 13 | matrix: 14 | os: [macos-latest, windows-latest, ubuntu-latest] 15 | node-version: [20.x] 16 | 17 | steps: 18 | - uses: actions/checkout@v1 19 | - name: Use Node.js ${{ matrix.node-version }} 20 | uses: actions/setup-node@v4 21 | with: 22 | node-version: ${{ matrix.node-version }} 23 | - name: Install dependencies 24 | run: yarn install --frozen-lockfile 25 | - name: Unit Tests 26 | run: yarn test 27 | - name: Integration tests - Linux 28 | run: xvfb-run -a yarn test:integration 29 | if: runner.os == 'Linux' 30 | - name: Integration tests - macos/windows 31 | run: yarn test:integration 32 | if: runner.os != 'Linux' 33 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | out 2 | dist 3 | node_modules 4 | .vscode-test/ 5 | *.vsix 6 | -------------------------------------------------------------------------------- /.husky/commit-msg: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | . "$(dirname "$0")/_/husky.sh" 3 | 4 | yarn commitlint --edit 5 | -------------------------------------------------------------------------------- /.husky/pre-commit: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | . "$(dirname "$0")/_/husky.sh" 3 | 4 | yarn lint 5 | -------------------------------------------------------------------------------- /.husky/pre-push: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | . "$(dirname "$0")/_/husky.sh" 3 | 4 | yarn test 5 | -------------------------------------------------------------------------------- /.releaserc: -------------------------------------------------------------------------------- 1 | { 2 | "branches": [ 3 | "master" 4 | ], 5 | "plugins": [ 6 | "@semantic-release/commit-analyzer", 7 | "@semantic-release/release-notes-generator", 8 | "@semantic-release/changelog", 9 | [ 10 | "semantic-release-vsce", 11 | { 12 | "packageVsix": true 13 | } 14 | ], 15 | [ 16 | "@semantic-release/github", 17 | { 18 | "assets": [ 19 | { 20 | "path": "*.vsix", 21 | "label": "Extension File" 22 | } 23 | ] 24 | } 25 | ], 26 | [ 27 | "@semantic-release/git", 28 | { 29 | "message": "chore(release): ${nextRelease.version} [skip ci]" 30 | } 31 | ] 32 | ] 33 | } 34 | -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | // See http://go.microsoft.com/fwlink/?LinkId=827846 3 | // for the documentation about the extensions.json format 4 | "recommendations": ["dbaeumer.vscode-eslint", "amodio.tsl-problem-matcher"] 5 | } 6 | -------------------------------------------------------------------------------- /.vscode/launch.json: -------------------------------------------------------------------------------- 1 | // A launch configuration that compiles the extension and then opens it inside a new window 2 | // Use IntelliSense to learn about possible attributes. 3 | // Hover to view descriptions of existing attributes. 4 | // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 5 | { 6 | "version": "0.2.0", 7 | "configurations": [ 8 | { 9 | "name": "Run Extension", 10 | "type": "extensionHost", 11 | "request": "launch", 12 | "args": [ 13 | "--extensionDevelopmentPath=${workspaceFolder}" 14 | ], 15 | "outFiles": [ 16 | "${workspaceFolder}/dist/**/*.js" 17 | ], 18 | "preLaunchTask": "${defaultBuildTask}" 19 | }, 20 | { 21 | "name": "Extension Tests", 22 | "type": "extensionHost", 23 | "request": "launch", 24 | "args": [ 25 | "--extensionDevelopmentPath=${workspaceFolder}", 26 | "--extensionTestsPath=${workspaceFolder}/out/test/suite/index" 27 | ], 28 | "outFiles": [ 29 | "${workspaceFolder}/out/**/*.js", 30 | "${workspaceFolder}/dist/**/*.js" 31 | ], 32 | "preLaunchTask": "tasks: watch-tests" 33 | } 34 | ] 35 | } 36 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | // Place your settings in this file to overwrite default and user settings. 2 | { 3 | "files.exclude": { 4 | "out": false, // set this to true to hide the "out" folder with the compiled JS files 5 | "dist": false // set this to true to hide the "dist" folder with the compiled JS files 6 | }, 7 | "search.exclude": { 8 | "out": true, // set this to false to include "out" folder in search results 9 | "dist": true // set this to false to include "dist" folder in search results 10 | }, 11 | // Turn off tsc task auto detection since we have the necessary tasks as npm scripts 12 | "typescript.tsc.autoDetect": "off", 13 | "editor.defaultFormatter": "esbenp.prettier-vscode", 14 | "cSpell.words": [ 15 | "readdirsync" 16 | ] 17 | } -------------------------------------------------------------------------------- /.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | // See https://go.microsoft.com/fwlink/?LinkId=733558 2 | // for the documentation about the tasks.json format 3 | { 4 | "version": "2.0.0", 5 | "tasks": [ 6 | { 7 | "type": "npm", 8 | "script": "watch", 9 | "problemMatcher": [ 10 | "$ts-webpack-watch", 11 | "$tslint-webpack-watch" 12 | ], 13 | "isBackground": true, 14 | "presentation": { 15 | "reveal": "never", 16 | "group": "watchers" 17 | }, 18 | "group": { 19 | "kind": "build", 20 | "isDefault": true 21 | } 22 | }, 23 | { 24 | "type": "npm", 25 | "script": "watch-tests", 26 | "problemMatcher": "$tsc-watch", 27 | "isBackground": true, 28 | "presentation": { 29 | "reveal": "never", 30 | "group": "watchers" 31 | }, 32 | "group": "build" 33 | }, 34 | { 35 | "label": "tasks: watch-tests", 36 | "dependsOn": [ 37 | "npm: watch", 38 | "npm: watch-tests" 39 | ], 40 | "problemMatcher": [] 41 | } 42 | ] 43 | } -------------------------------------------------------------------------------- /.vscodeignore: -------------------------------------------------------------------------------- 1 | .vscode/** 2 | .vscode-test/** 3 | out/** 4 | node_modules/** 5 | src/** 6 | .gitignore 7 | .yarnrc 8 | webpack.config.js 9 | vsc-extension-quickstart.md 10 | **/tsconfig.json 11 | **/.eslintrc.json 12 | **/*.map 13 | **/*.ts 14 | -------------------------------------------------------------------------------- /.yarnrc: -------------------------------------------------------------------------------- 1 | --ignore-engines true -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Sebastian Bille 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Visual Studio Marketplace Version](https://img.shields.io/visual-studio-marketplace/v/sebastianbille.iam-legend.svg?style=flat-square)](https://marketplace.visualstudio.com/items?itemName=sebastianbille.iam-legend) 2 | [![Visual Studio Marketplace Rating Stars](https://img.shields.io/visual-studio-marketplace/stars/sebastianbille.iam-legend.svg?style=flat-square)](https://marketplace.visualstudio.com/items?itemName=sebastianbille.iam-legend) 3 | [![Visual Studio Marketplace Downloads](https://img.shields.io/visual-studio-marketplace/d/sebastianbille.iam-legend.svg?style=flat-square)](https://marketplace.visualstudio.com/items?itemName=sebastianbille.iam-legend) 4 | 5 | # IAM Legend 6 | 7 | AWS [IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) actions autocomplete, documentation and wildcard resolution for Visual Studio Code. 8 | 9 | Supports Serverless Framework, AWS SAM, CloudFormation and Terraform. 10 | 11 | ## Features 12 | 13 | - Autocomplete for all IAM services & actions 14 | 15 | ![service suggestions](https://raw.githubusercontent.com/TastefulElk/iam-legend/master/images/service_suggest.png) 16 | 17 | - Inline documentation for each action, including what *Resources* and *Condition Keys* they support as well as any *Dependent Actions* 18 | 19 | ![action suggestions and documentation](https://raw.githubusercontent.com/TastefulElk/iam-legend/master/images/action_suggest.png) 20 | 21 | - Wildcard support when hovering an action definition to easily see exactly what action(s) will be granted 22 | 23 | ![docs for multiple actions when hovering action with wildcard](https://raw.githubusercontent.com/TastefulElk/iam-legend/master/images/wildcard_hover.png) 24 | 25 | ## Contributions 26 | 27 | Feedback, suggestions, bug reports or any other kind of contributions are very welcome! You can find the source [here](https://github.com/TastefulElk/iam-legend)! 28 | 29 | ## Author 30 | 31 | [Sebastian Bille](https://twitter.com/TastefulElk) -------------------------------------------------------------------------------- /babel.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | presets: [ 3 | ['@babel/preset-env', {targets: {node: 'current'}}], 4 | '@babel/preset-typescript', 5 | ], 6 | }; -------------------------------------------------------------------------------- /commitlint.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { extends: ["@commitlint/config-conventional"] }; 2 | -------------------------------------------------------------------------------- /images/action_suggest.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TastefulElk/iam-legend/5d590a22dde94fdf9aa291e68f6d319ae10378bd/images/action_suggest.png -------------------------------------------------------------------------------- /images/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TastefulElk/iam-legend/5d590a22dde94fdf9aa291e68f6d319ae10378bd/images/icon.png -------------------------------------------------------------------------------- /images/service_suggest.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TastefulElk/iam-legend/5d590a22dde94fdf9aa291e68f6d319ae10378bd/images/service_suggest.png -------------------------------------------------------------------------------- /images/wildcard_hover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/TastefulElk/iam-legend/5d590a22dde94fdf9aa291e68f6d319ae10378bd/images/wildcard_hover.png -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "iam-legend", 3 | "displayName": "IAM Legend", 4 | "description": "IAM policy actions autocomplete, documentation & wildcard resolution", 5 | "version": "1.1.63", 6 | "engines": { 7 | "vscode": "^1.63.0" 8 | }, 9 | "repository": { 10 | "type": "git", 11 | "url": "https://github.com/TastefulElk/iam-legend" 12 | }, 13 | "galleryBanner": { 14 | "color": "#232323", 15 | "theme": "dark" 16 | }, 17 | "icon": "images/icon.png", 18 | "keywords": [ 19 | "aws", 20 | "iam", 21 | "serverless", 22 | "cloudformation", 23 | "sam", 24 | "yaml", 25 | "json", 26 | "sls", 27 | "terraform" 28 | ], 29 | "categories": [ 30 | "Other", 31 | "Programming Languages", 32 | "Education" 33 | ], 34 | "activationEvents": [ 35 | "onLanguage:yaml", 36 | "onLanguage:json", 37 | "onLanguage:typescript", 38 | "workspaceContains:**/*.{tf,tfvars}" 39 | ], 40 | "main": "./dist/extension.js", 41 | "publisher": "SebastianBille", 42 | "scripts": { 43 | "vscode:prepublish": "yarn run package", 44 | "compile": "rimraf dist && webpack", 45 | "watch": "webpack --watch", 46 | "package": "rimraf dist && webpack --mode production --devtool hidden-source-map", 47 | "compile-integration-tests": "tsc -p . --outDir out --types mocha", 48 | "watch-tests": "tsc -p . -w --outDir out", 49 | "lint": "eslint src --ext ts", 50 | "test": "jest", 51 | "pretest:integration": "yarn run compile-integration-tests && yarn run compile && yarn run lint", 52 | "test:integration": "node ./out/test/runTest.js", 53 | "prepare": "is-ci || husky install" 54 | }, 55 | "devDependencies": { 56 | "@babel/preset-env": "^7.16.8", 57 | "@babel/preset-typescript": "^7.16.7", 58 | "@commitlint/config-conventional": "^16.0.0", 59 | "@semantic-release/changelog": "^6.0.1", 60 | "@semantic-release/commit-analyzer": "^9.0.2", 61 | "@semantic-release/git": "^10.0.1", 62 | "@semantic-release/github": "^8.0.6", 63 | "@semantic-release/release-notes-generator": "^10.0.3", 64 | "@types/glob": "^7.2.0", 65 | "@types/jest": "^27.4.0", 66 | "@types/mocha": "^9.0.0", 67 | "@types/node": "14.x", 68 | "@types/vscode": "^1.63.0", 69 | "@typescript-eslint/eslint-plugin": "^5.9.1", 70 | "@typescript-eslint/parser": "^5.9.1", 71 | "@vscode/test-electron": "^2.4.1", 72 | "cheerio": "^1.0.0-rc.10", 73 | "commitlint": "^16.1.0", 74 | "copy-webpack-plugin": "^10.2.0", 75 | "eslint": "^8.6.0", 76 | "glob": "^7.2.0", 77 | "husky": "^7.0.4", 78 | "is-ci": "^3.0.1", 79 | "jest": "^27.4.7", 80 | "mocha": "^9.1.4", 81 | "p-limit": "^4.0.0", 82 | "puppeteer": "^13.0.1", 83 | "rimraf": "^3.0.2", 84 | "semantic-release": "^19.0.5", 85 | "semantic-release-vsce": "^5.2.0", 86 | "ts-loader": "^9.2.6", 87 | "typescript": "^4.5.4", 88 | "webpack": "^5.66.0", 89 | "webpack-cli": "^4.9.1" 90 | }, 91 | "dependencies": {}, 92 | "jest": { 93 | "testMatch": [ 94 | "/src/test/unit/**/*.test.ts" 95 | ] 96 | } 97 | } 98 | -------------------------------------------------------------------------------- /src/data/iam-services/amazon-api-gateway.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon API Gateway", 3 | "servicePrefix": "execute-api", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonapigateway.html", 5 | "actions": [ 6 | { 7 | "name": "InvalidateCache", 8 | "documentationUrl": "https://docs.aws.amazon.com/apigateway/api-reference/api-gateway-caching.html", 9 | "description": "Used to invalidate API cache upon a client request", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "execute-api-general*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "Invoke", 19 | "documentationUrl": "https://docs.aws.amazon.com/apigateway/api-reference/how-to-call-api.html", 20 | "description": "Used to invoke an API upon a client request", 21 | "accessLevel": "Write", 22 | "resourceTypes": [ 23 | "execute-api-domain", 24 | "execute-api-general" 25 | ], 26 | "conditionKeys": [], 27 | "dependentActions": [] 28 | }, 29 | { 30 | "name": "ManageConnections", 31 | "documentationUrl": "https://docs.aws.amazon.com/apigateway/api-reference/apigateway-websocket-control-access-iam.html", 32 | "description": "ManageConnections controls access to the @connections API", 33 | "accessLevel": "Write", 34 | "resourceTypes": [ 35 | "execute-api-general*" 36 | ], 37 | "conditionKeys": [], 38 | "dependentActions": [] 39 | } 40 | ] 41 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-cloudfront-keyvaluestore.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon CloudFront KeyValueStore", 3 | "servicePrefix": "cloudfront-keyvaluestore", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazoncloudfrontkeyvaluestore.html", 5 | "actions": [ 6 | { 7 | "name": "DeleteKey", 8 | "documentationUrl": "https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_kvs_DeleteKey.html", 9 | "description": "Grants permission to delete the key value pair specified by the key", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "key-value-store*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "DescribeKeyValueStore", 19 | "documentationUrl": "https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_kvs_DescribeKeyValueStore.html", 20 | "description": "Grants permission to return metadata information about Key Value Store", 21 | "accessLevel": "Read", 22 | "resourceTypes": [ 23 | "key-value-store*" 24 | ], 25 | "conditionKeys": [], 26 | "dependentActions": [] 27 | }, 28 | { 29 | "name": "GetKey", 30 | "documentationUrl": "https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_kvs_GetKey.html", 31 | "description": "Grants permission to return a key value pair", 32 | "accessLevel": "Read", 33 | "resourceTypes": [ 34 | "key-value-store*" 35 | ], 36 | "conditionKeys": [], 37 | "dependentActions": [] 38 | }, 39 | { 40 | "name": "ListKeys", 41 | "documentationUrl": "https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_kvs_ListKeys.html", 42 | "description": "Grants permission to returns a list of key value pairs", 43 | "accessLevel": "List", 44 | "resourceTypes": [ 45 | "key-value-store*" 46 | ], 47 | "conditionKeys": [], 48 | "dependentActions": [] 49 | }, 50 | { 51 | "name": "PutKey", 52 | "documentationUrl": "https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_kvs_PutKey.html", 53 | "description": "Grants permission to create a new key value pair or replace the value of an existing key", 54 | "accessLevel": "Write", 55 | "resourceTypes": [ 56 | "key-value-store*" 57 | ], 58 | "conditionKeys": [], 59 | "dependentActions": [] 60 | }, 61 | { 62 | "name": "UpdateKeys", 63 | "documentationUrl": "https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_kvs_UpdateKeys.html", 64 | "description": "Grants permission to put or delete multiple key value pairs in a single, all-or-nothing operation", 65 | "accessLevel": "Write", 66 | "resourceTypes": [ 67 | "key-value-store*" 68 | ], 69 | "conditionKeys": [], 70 | "dependentActions": [] 71 | } 72 | ] 73 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-cloudwatch-observability-admin-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon CloudWatch Observability Admin Service", 3 | "servicePrefix": "observabilityadmin", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazoncloudwatchobservabilityadminservice.html", 5 | "actions": [ 6 | { 7 | "name": "GetTelemetryEvaluationStatus", 8 | "documentationUrl": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_GetTelemetryEvaluationStatus.html", 9 | "description": "Grants permission to retrieve the Telemetry Config feature status for the account", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "GetTelemetryEvaluationStatusForOrganization", 17 | "documentationUrl": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_GetTelemetryEvaluationStatusForOrganization.html", 18 | "description": "Grants permission to retrieve the Telemetry Config feature status for the organization", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "ListResourceTelemetry", 26 | "documentationUrl": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_ListResourceTelemetry.html", 27 | "description": "Grants permission to retrieve telemetry configurations for resources associated with the account", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "ListResourceTelemetryForOrganization", 35 | "documentationUrl": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_ListResourceTelemetryForOrganization.html", 36 | "description": "Grants permission to retrieve telemetry configurations for resources associated with accounts in the organization", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "StartTelemetryEvaluation", 44 | "documentationUrl": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_StartTelemetryEvaluation.html", 45 | "description": "Grants permission to start the Telemetry Config feature for the account", 46 | "accessLevel": "Write", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | }, 51 | { 52 | "name": "StartTelemetryEvaluationForOrganization", 53 | "documentationUrl": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_StartTelemetryEvaluationForOrganization.html", 54 | "description": "Grants permission to start the Telemetry Config feature for the organization", 55 | "accessLevel": "Write", 56 | "resourceTypes": [], 57 | "conditionKeys": [], 58 | "dependentActions": [] 59 | }, 60 | { 61 | "name": "StopTelemetryEvaluation", 62 | "documentationUrl": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_StopTelemetryEvaluation.html", 63 | "description": "Grants permission to stop the Telemetry Config feature for the account", 64 | "accessLevel": "Write", 65 | "resourceTypes": [], 66 | "conditionKeys": [], 67 | "dependentActions": [] 68 | }, 69 | { 70 | "name": "StopTelemetryEvaluationForOrganization", 71 | "documentationUrl": "https://docs.aws.amazon.com/ObservabilityAdmin/latest/APIReference/API_StopTelemetryEvaluationForOrganization.html", 72 | "description": "Grants permission to stop the Telemetry Config feature for the organization", 73 | "accessLevel": "Write", 74 | "resourceTypes": [], 75 | "conditionKeys": [], 76 | "dependentActions": [] 77 | } 78 | ] 79 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-codeguru.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon CodeGuru", 3 | "servicePrefix": "codeguru", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazoncodeguru.html", 5 | "actions": [ 6 | { 7 | "name": "GetCodeGuruFreeTrialSummary", 8 | "documentationUrl": "https://docs.aws.amazon.com/codeguru/latest/profiler-api/API_GetCodeGuruFreeTrialSummary.html", 9 | "description": "Grants permission to get free trial summary for the CodeGuru service which includes expiration date", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-data-lifecycle-manager.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Data Lifecycle Manager", 3 | "servicePrefix": "dlm", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazondatalifecyclemanager.html", 5 | "actions": [ 6 | { 7 | "name": "CreateLifecyclePolicy", 8 | "documentationUrl": "https://docs.aws.amazon.com/dlm/latest/APIReference/API_CreateLifecyclePolicy.html", 9 | "description": "Grants permission to create a data lifecycle policy to manage the scheduled creation and retention of Amazon EBS snapshots. You may have up to 100 policies", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [ 13 | "aws:RequestTag/${TagKey}", 14 | "aws:TagKeys" 15 | ], 16 | "dependentActions": [] 17 | }, 18 | { 19 | "name": "DeleteLifecyclePolicy", 20 | "documentationUrl": "https://docs.aws.amazon.com/dlm/latest/APIReference/API_DeleteLifecyclePolicy.html", 21 | "description": "Grants permission to delete an existing data lifecycle policy. In addition, this action halts the creation and deletion of snapshots that the policy specified. Existing snapshots are not affected", 22 | "accessLevel": "Write", 23 | "resourceTypes": [ 24 | "policy*" 25 | ], 26 | "conditionKeys": [], 27 | "dependentActions": [] 28 | }, 29 | { 30 | "name": "GetLifecyclePolicies", 31 | "documentationUrl": "https://docs.aws.amazon.com/dlm/latest/APIReference/API_GetLifecyclePolicies.html", 32 | "description": "Grants permission to returns a list of summary descriptions of data lifecycle policies", 33 | "accessLevel": "List", 34 | "resourceTypes": [], 35 | "conditionKeys": [], 36 | "dependentActions": [] 37 | }, 38 | { 39 | "name": "GetLifecyclePolicy", 40 | "documentationUrl": "https://docs.aws.amazon.com/dlm/latest/APIReference/API_GetLifecyclePolicy.html", 41 | "description": "Grants permission to return a complete description of a single data lifecycle policy", 42 | "accessLevel": "Read", 43 | "resourceTypes": [ 44 | "policy*" 45 | ], 46 | "conditionKeys": [], 47 | "dependentActions": [] 48 | }, 49 | { 50 | "name": "ListTagsForResource", 51 | "documentationUrl": "https://docs.aws.amazon.com/dlm/latest/APIReference/API_ListTagsForResource.html", 52 | "description": "Grants permission to list the tags associated with a resource", 53 | "accessLevel": "Read", 54 | "resourceTypes": [ 55 | "policy*" 56 | ], 57 | "conditionKeys": [], 58 | "dependentActions": [] 59 | }, 60 | { 61 | "name": "TagResource", 62 | "documentationUrl": "https://docs.aws.amazon.com/dlm/latest/APIReference/API_TagResource.html", 63 | "description": "Grants permission to add or update tags of a resource", 64 | "accessLevel": "Tagging", 65 | "resourceTypes": [ 66 | "policy*" 67 | ], 68 | "conditionKeys": [ 69 | "aws:RequestTag/${TagKey}", 70 | "aws:TagKeys" 71 | ], 72 | "dependentActions": [] 73 | }, 74 | { 75 | "name": "UntagResource", 76 | "documentationUrl": "https://docs.aws.amazon.com/dlm/latest/APIReference/API_UntagResource.html", 77 | "description": "Grants permission to remove tags associated with a resource", 78 | "accessLevel": "Tagging", 79 | "resourceTypes": [ 80 | "policy*" 81 | ], 82 | "conditionKeys": [ 83 | "aws:TagKeys" 84 | ], 85 | "dependentActions": [] 86 | }, 87 | { 88 | "name": "UpdateLifecyclePolicy", 89 | "documentationUrl": "https://docs.aws.amazon.com/dlm/latest/APIReference/API_UpdateLifecyclePolicy.html", 90 | "description": "Grants permission to update an existing data lifecycle policy", 91 | "accessLevel": "Write", 92 | "resourceTypes": [ 93 | "policy*" 94 | ], 95 | "conditionKeys": [], 96 | "dependentActions": [] 97 | } 98 | ] 99 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-ec2-instance-connect.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon EC2 Instance Connect", 3 | "servicePrefix": "ec2-instance-connect", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonec2instanceconnect.html", 5 | "actions": [ 6 | { 7 | "name": "OpenTunnel", 8 | "documentationUrl": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/permissions-for-ec2-instance-connect-endpoint.html#iam-OpenTunnel", 9 | "description": "Grants permission to establish SSH connection to an EC2 instance using EC2 Instance Connect Endpoint", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "instance-connect-endpoint*", 13 | "instance-connect-endpoint" 14 | ], 15 | "conditionKeys": [ 16 | "aws:ResourceTag/${TagKey}", 17 | "ec2:ResourceTag/${TagKey}", 18 | "ec2-instance-connect:remotePort", 19 | "ec2-instance-connect:privateIpAddress", 20 | "ec2-instance-connect:MaxTunnelDuration" 21 | ], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "SendSSHPublicKey", 26 | "documentationUrl": "https://docs.aws.amazon.com/ec2-instance-connect/latest/APIReference/API_SendSSHPublicKey.html", 27 | "description": "Grants permission to push an SSH public key to the specified EC2 instance to be used for standard SSH", 28 | "accessLevel": "Write", 29 | "resourceTypes": [ 30 | "instance*" 31 | ], 32 | "conditionKeys": [ 33 | "ec2:osuser" 34 | ], 35 | "dependentActions": [] 36 | }, 37 | { 38 | "name": "SendSerialConsoleSSHPublicKey", 39 | "documentationUrl": "https://docs.aws.amazon.com/ec2-instance-connect/latest/APIReference/API_SendSerialConsoleSSHPublicKey.html", 40 | "description": "Grants permission to push an SSH public key to the specified EC2 instance to be used for serial console SSH", 41 | "accessLevel": "Write", 42 | "resourceTypes": [ 43 | "instance*" 44 | ], 45 | "conditionKeys": [], 46 | "dependentActions": [] 47 | } 48 | ] 49 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-eks-auth.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon EKS Auth", 3 | "servicePrefix": "eks-auth", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazoneksauth.html", 5 | "actions": [ 6 | { 7 | "name": "AssumeRoleForPodIdentity", 8 | "documentationUrl": "https://docs.aws.amazon.com/eks/latest/APIReference/API_auth_AssumeRoleForPodIdentity.html", 9 | "description": "Grants permission to exchange a Kubernetes service account token for temporary AWS credentials", 10 | "accessLevel": "Read", 11 | "resourceTypes": [ 12 | "cluster*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-elastic-block-store.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Elastic Block Store", 3 | "servicePrefix": "ebs", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonelasticblockstore.html", 5 | "actions": [ 6 | { 7 | "name": "CompleteSnapshot", 8 | "documentationUrl": "https://docs.aws.amazon.com/ebs/latest/APIReference/API_CompleteSnapshot.html", 9 | "description": "Grants permission to seal and complete the snapshot after all of the required blocks of data have been written to it", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "snapshot*" 13 | ], 14 | "conditionKeys": [ 15 | "aws:ResourceTag/${TagKey}" 16 | ], 17 | "dependentActions": [] 18 | }, 19 | { 20 | "name": "GetSnapshotBlock", 21 | "documentationUrl": "https://docs.aws.amazon.com/ebs/latest/APIReference/API_GetSnapshotBlock.html", 22 | "description": "Grants permission to return the data of a block in an Amazon Elastic Block Store (EBS) snapshot", 23 | "accessLevel": "Read", 24 | "resourceTypes": [ 25 | "snapshot*" 26 | ], 27 | "conditionKeys": [ 28 | "aws:ResourceTag/${TagKey}" 29 | ], 30 | "dependentActions": [] 31 | }, 32 | { 33 | "name": "ListChangedBlocks", 34 | "documentationUrl": "https://docs.aws.amazon.com/ebs/latest/APIReference/API_ListChangedBlocks.html", 35 | "description": "Grants permission to list the blocks that are different between two Amazon Elastic Block Store (EBS) snapshots of the same volume/snapshot lineage", 36 | "accessLevel": "Read", 37 | "resourceTypes": [ 38 | "snapshot*" 39 | ], 40 | "conditionKeys": [ 41 | "aws:ResourceTag/${TagKey}" 42 | ], 43 | "dependentActions": [] 44 | }, 45 | { 46 | "name": "ListSnapshotBlocks", 47 | "documentationUrl": "https://docs.aws.amazon.com/ebs/latest/APIReference/API_ListSnapshotBlocks.html", 48 | "description": "Grants permission to list the blocks in an Amazon Elastic Block Store (EBS) snapshot", 49 | "accessLevel": "Read", 50 | "resourceTypes": [ 51 | "snapshot*" 52 | ], 53 | "conditionKeys": [ 54 | "aws:ResourceTag/${TagKey}" 55 | ], 56 | "dependentActions": [] 57 | }, 58 | { 59 | "name": "PutSnapshotBlock", 60 | "documentationUrl": "https://docs.aws.amazon.com/ebs/latest/APIReference/API_PutSnapshotBlock.html", 61 | "description": "Grants permission to write a block of data to a snapshot created by the StartSnapshot operation", 62 | "accessLevel": "Write", 63 | "resourceTypes": [ 64 | "snapshot*" 65 | ], 66 | "conditionKeys": [ 67 | "aws:ResourceTag/${TagKey}" 68 | ], 69 | "dependentActions": [] 70 | }, 71 | { 72 | "name": "StartSnapshot", 73 | "documentationUrl": "https://docs.aws.amazon.com/ebs/latest/APIReference/API_StartSnapshot.html", 74 | "description": "Grants permission to create a new EBS snapshot", 75 | "accessLevel": "Write", 76 | "resourceTypes": [ 77 | "snapshot" 78 | ], 79 | "conditionKeys": [ 80 | "aws:RequestTag/${TagKey}", 81 | "aws:ResourceTag/${TagKey}", 82 | "aws:TagKeys", 83 | "ebs:Description", 84 | "ebs:ParentSnapshot", 85 | "ebs:VolumeSize" 86 | ], 87 | "dependentActions": [] 88 | } 89 | ] 90 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-elastic-inference.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Elastic Inference", 3 | "servicePrefix": "elastic-inference", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonelasticinference.html", 5 | "actions": [ 6 | { 7 | "name": "Connect", 8 | "description": "Grants permission to customer for connecting to Elastic Inference accelerator", 9 | "accessLevel": "Write", 10 | "resourceTypes": [ 11 | "accelerator*" 12 | ], 13 | "conditionKeys": [], 14 | "dependentActions": [] 15 | }, 16 | { 17 | "name": "DescribeAcceleratorOfferings", 18 | "description": "Grants permission to describe the locations in which a given accelerator type or set of types is present in a given region", 19 | "accessLevel": "List", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "DescribeAcceleratorTypes", 26 | "description": "Grants permission to describe the accelerator types available in a given region, as well as their characteristics, such as memory and throughput", 27 | "accessLevel": "List", 28 | "resourceTypes": [], 29 | "conditionKeys": [], 30 | "dependentActions": [] 31 | }, 32 | { 33 | "name": "DescribeAccelerators", 34 | "description": "Grants permission to describe information over a provided set of accelerators belonging to an account", 35 | "accessLevel": "List", 36 | "resourceTypes": [], 37 | "conditionKeys": [], 38 | "dependentActions": [] 39 | }, 40 | { 41 | "name": "ListTagsForResource", 42 | "description": "Grants permission to list all tags on an Amazon RDS resource", 43 | "accessLevel": "Read", 44 | "resourceTypes": [], 45 | "conditionKeys": [], 46 | "dependentActions": [] 47 | }, 48 | { 49 | "name": "TagResource", 50 | "description": "Grants permission to assign one or more tags (key-value pairs) to the specified QuickSight resource", 51 | "accessLevel": "Tagging", 52 | "resourceTypes": [], 53 | "conditionKeys": [], 54 | "dependentActions": [] 55 | }, 56 | { 57 | "name": "UntagResource", 58 | "description": "Grants permission to remove a tag or tags from a resource", 59 | "accessLevel": "Tagging", 60 | "resourceTypes": [], 61 | "conditionKeys": [], 62 | "dependentActions": [] 63 | } 64 | ] 65 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-finspace-api.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon FinSpace API", 3 | "servicePrefix": "finspace-api", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonfinspaceapi.html", 5 | "actions": [ 6 | { 7 | "name": "GetProgrammaticAccessCredentials", 8 | "documentationUrl": "https://docs.aws.amazon.com/finspace/latest/data-api/API_GetProgrammaticAccessCredentials.html", 9 | "description": "Grants permission to retrieve FinSpace programmatic access credentials", 10 | "accessLevel": "Read", 11 | "resourceTypes": [ 12 | "credential*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-inspectorscan.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon InspectorScan", 3 | "servicePrefix": "inspector-scan", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazoninspectorscan.html", 5 | "actions": [ 6 | { 7 | "name": "ScanSbom", 8 | "documentationUrl": "https://docs.aws.amazon.com/inspector/v2/APIReference/API_ScanSbom.html", 9 | "description": "Grants permission to scan the customer provided SBOM and return vulnerabilities detected within", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-location-service-maps.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Location Service Maps", 3 | "servicePrefix": "geo-maps", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonlocationservicemaps.html", 5 | "actions": [ 6 | { 7 | "name": "GetStaticMap", 8 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_geomaps_GetStaticMap.html", 9 | "description": "Grants permission to retrieve the static map", 10 | "accessLevel": "Read", 11 | "resourceTypes": [ 12 | "provider*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "GetTile", 19 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_geomaps_GetTile.html", 20 | "description": "Grants permission to retrieve the map tile", 21 | "accessLevel": "Read", 22 | "resourceTypes": [ 23 | "provider*" 24 | ], 25 | "conditionKeys": [], 26 | "dependentActions": [] 27 | } 28 | ] 29 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-location-service-places.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Location Service Places", 3 | "servicePrefix": "geo-places", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonlocationserviceplaces.html", 5 | "actions": [ 6 | { 7 | "name": "Autocomplete", 8 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_geoplaces_Autocomplete.html", 9 | "description": "Grants permission to autocomplete text input with potential places and addresses as the user types", 10 | "accessLevel": "Read", 11 | "resourceTypes": [ 12 | "provider*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "Geocode", 19 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_geoplaces_Geocode.html", 20 | "description": "Grants permission to geocode a textual address or place into geographic coordinates", 21 | "accessLevel": "Read", 22 | "resourceTypes": [ 23 | "provider*" 24 | ], 25 | "conditionKeys": [], 26 | "dependentActions": [] 27 | }, 28 | { 29 | "name": "GetPlace", 30 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_geoplaces_GetPlace.html", 31 | "description": "Grants permission to query a place by it's unqiue place ID", 32 | "accessLevel": "Read", 33 | "resourceTypes": [ 34 | "provider*" 35 | ], 36 | "conditionKeys": [], 37 | "dependentActions": [] 38 | }, 39 | { 40 | "name": "ReverseGeocode", 41 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_geoplaces_ReverseGeocode.html", 42 | "description": "Grants permission to convert geographic coordinates into a human-readable address or place", 43 | "accessLevel": "Read", 44 | "resourceTypes": [ 45 | "provider*" 46 | ], 47 | "conditionKeys": [], 48 | "dependentActions": [] 49 | }, 50 | { 51 | "name": "SearchNearby", 52 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_geoplaces_SearchNearby.html", 53 | "description": "Grants permission to retrieve places near a position which match to a set of user defined restrictions such as category or food type offered by the place", 54 | "accessLevel": "Read", 55 | "resourceTypes": [ 56 | "provider*" 57 | ], 58 | "conditionKeys": [], 59 | "dependentActions": [] 60 | }, 61 | { 62 | "name": "SearchText", 63 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_geoplaces_SearchText.html", 64 | "description": "Grants permission to query for places using a single free-form text input", 65 | "accessLevel": "Read", 66 | "resourceTypes": [ 67 | "provider*" 68 | ], 69 | "conditionKeys": [], 70 | "dependentActions": [] 71 | }, 72 | { 73 | "name": "Suggest", 74 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_geoplaces_Suggest.html", 75 | "description": "Grants permission to suggest potential places based on the user's input", 76 | "accessLevel": "Read", 77 | "resourceTypes": [ 78 | "provider*" 79 | ], 80 | "conditionKeys": [], 81 | "dependentActions": [] 82 | } 83 | ] 84 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-location-service-routes.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Location Service Routes", 3 | "servicePrefix": "geo-routes", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonlocationserviceroutes.html", 5 | "actions": [ 6 | { 7 | "name": "CalculateIsolines", 8 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_CalculateIsolines.html", 9 | "description": "Grants permission to determine destinations or service areas reachable within a specified time", 10 | "accessLevel": "Read", 11 | "resourceTypes": [ 12 | "provider*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "CalculateRouteMatrix", 19 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_CalculateRouteMatrix.html", 20 | "description": "Grants permission to calculate routing matrice which providing travel time and distances between sets of origins and destinations", 21 | "accessLevel": "Read", 22 | "resourceTypes": [ 23 | "provider*" 24 | ], 25 | "conditionKeys": [], 26 | "dependentActions": [] 27 | }, 28 | { 29 | "name": "CalculateRoutes", 30 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_CalculateRoutes.html", 31 | "description": "Grants permission to calculates routes between two or more locations", 32 | "accessLevel": "Read", 33 | "resourceTypes": [ 34 | "provider*" 35 | ], 36 | "conditionKeys": [], 37 | "dependentActions": [] 38 | }, 39 | { 40 | "name": "OptimizeWaypoints", 41 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_OptimizeWaypoints.html", 42 | "description": "Grants permission to calculate the most efficient sequence for visiting multiple waypoints or locations along a route", 43 | "accessLevel": "Read", 44 | "resourceTypes": [ 45 | "provider*" 46 | ], 47 | "conditionKeys": [], 48 | "dependentActions": [] 49 | }, 50 | { 51 | "name": "SnapToRoads", 52 | "documentationUrl": "https://docs.aws.amazon.com/location/latest/APIReference/API_SnapToRoads.html", 53 | "description": "Grants permission to enhances the accuracy of geographic positioning by aligning GPS coordinates to the nearest road segments on a digital map", 54 | "accessLevel": "Read", 55 | "resourceTypes": [ 56 | "provider*" 57 | ], 58 | "conditionKeys": [], 59 | "dependentActions": [] 60 | } 61 | ] 62 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-macie-classic.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Macie Classic", 3 | "servicePrefix": "macie", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonmacieclassic.html", 5 | "actions": [ 6 | { 7 | "name": "AssociateMemberAccount", 8 | "documentationUrl": "https://docs.aws.amazon.com/macie/1.0/APIReference/API_AssociateMemberAccount.html", 9 | "description": "Enables the user to associate a specified AWS account with Amazon Macie as a member account.", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "AssociateS3Resources", 17 | "documentationUrl": "https://docs.aws.amazon.com/macie/1.0/APIReference/API_AssociateS3Resources.html", 18 | "description": "Enables the user to associate specified S3 resources with Amazon Macie for monitoring and data classification.", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [ 22 | "aws:SourceArn" 23 | ], 24 | "dependentActions": [] 25 | }, 26 | { 27 | "name": "DisassociateMemberAccount", 28 | "documentationUrl": "https://docs.aws.amazon.com/macie/1.0/APIReference/API_DisassociateMemberAccount.html", 29 | "description": "Enables the user to remove the specified member account from Amazon Macie.", 30 | "accessLevel": "Write", 31 | "resourceTypes": [], 32 | "conditionKeys": [], 33 | "dependentActions": [] 34 | }, 35 | { 36 | "name": "DisassociateS3Resources", 37 | "documentationUrl": "https://docs.aws.amazon.com/macie/1.0/APIReference/API_DisassociateS3Resources.html", 38 | "description": "Enables the user to remove specified S3 resources from being monitored by Amazon Macie.", 39 | "accessLevel": "Write", 40 | "resourceTypes": [], 41 | "conditionKeys": [ 42 | "aws:SourceArn" 43 | ], 44 | "dependentActions": [] 45 | }, 46 | { 47 | "name": "ListMemberAccounts", 48 | "documentationUrl": "https://docs.aws.amazon.com/macie/1.0/APIReference/API_ListMemberAccounts.html", 49 | "description": "Enables the user to list all Amazon Macie member accounts for the current Macie master account.", 50 | "accessLevel": "List", 51 | "resourceTypes": [], 52 | "conditionKeys": [], 53 | "dependentActions": [] 54 | }, 55 | { 56 | "name": "ListS3Resources", 57 | "documentationUrl": "https://docs.aws.amazon.com/macie/1.0/APIReference/API_ListS3Resources.html", 58 | "description": "Enables the user to list all the S3 resources associated with Amazon Macie.", 59 | "accessLevel": "List", 60 | "resourceTypes": [], 61 | "conditionKeys": [], 62 | "dependentActions": [] 63 | }, 64 | { 65 | "name": "UpdateS3Resources", 66 | "documentationUrl": "https://docs.aws.amazon.com/macie/1.0/APIReference/API_UpdateS3Resources.html", 67 | "description": "Enables the user to update the classification types for the specified S3 resources.", 68 | "accessLevel": "Write", 69 | "resourceTypes": [], 70 | "conditionKeys": [ 71 | "aws:SourceArn" 72 | ], 73 | "dependentActions": [] 74 | } 75 | ] 76 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-managed-blockchain-query.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Managed Blockchain Query", 3 | "servicePrefix": "managedblockchain-query", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonmanagedblockchainquery.html", 5 | "actions": [ 6 | { 7 | "name": "BatchGetTokenBalance", 8 | "documentationUrl": "${APIReferenceDocPage}API_BatchGetTokenBalance.html", 9 | "description": "Grants permission to batch calls for GetTokenBalance API", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "GetAssetContract", 17 | "documentationUrl": "${APIReferenceDocPage}API_GetAssetContract.html", 18 | "description": "Grants permission to fetch information about a contract on the blockchain", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "GetTokenBalance", 26 | "documentationUrl": "${APIReferenceDocPage}API_GetTokenBalance.html", 27 | "description": "Grants permission to retrieve balance of a token for an address on the blockchain", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "GetTransaction", 35 | "documentationUrl": "${APIReferenceDocPage}API_GetTransaction.html", 36 | "description": "Grants permission to retrieve a transaction on the blockchain", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "ListAssetContracts", 44 | "documentationUrl": "${APIReferenceDocPage}API_ListAssetContracts.html", 45 | "description": "Grants permission to fetch multiple contracts on the blockchain", 46 | "accessLevel": "List", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | }, 51 | { 52 | "name": "ListFilteredTransactionEvents", 53 | "documentationUrl": "${APIReferenceDocPage}API_ListFilteredTransactionEvents.html", 54 | "description": "Grants permission to retrieve events on the blockchain with additional filters", 55 | "accessLevel": "List", 56 | "resourceTypes": [], 57 | "conditionKeys": [], 58 | "dependentActions": [] 59 | }, 60 | { 61 | "name": "ListTokenBalances", 62 | "documentationUrl": "${APIReferenceDocPage}API_ListTokenBalances.html", 63 | "description": "Grants permission to retrieve multiple balances on the blockchain", 64 | "accessLevel": "List", 65 | "resourceTypes": [], 66 | "conditionKeys": [], 67 | "dependentActions": [] 68 | }, 69 | { 70 | "name": "ListTransactionEvents", 71 | "documentationUrl": "${APIReferenceDocPage}API_ListTransactionEvents.html", 72 | "description": "Grants permission to retrieve events in a transaction on the blockchain", 73 | "accessLevel": "List", 74 | "resourceTypes": [], 75 | "conditionKeys": [], 76 | "dependentActions": [] 77 | }, 78 | { 79 | "name": "ListTransactions", 80 | "documentationUrl": "${APIReferenceDocPage}API_ListTransactions.html", 81 | "description": "Grants permission to retrieve a multiple transactions on a blockchain", 82 | "accessLevel": "List", 83 | "resourceTypes": [], 84 | "conditionKeys": [], 85 | "dependentActions": [] 86 | } 87 | ] 88 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-message-delivery-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Message Delivery Service", 3 | "servicePrefix": "ec2messages", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonmessagedeliveryservice.html", 5 | "actions": [ 6 | { 7 | "name": "AcknowledgeMessage", 8 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html", 9 | "description": "Grants permission to acknowledge a message, ensuring it will not be delivered again", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "DeleteMessage", 17 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html", 18 | "description": "Grants permission to delete a message", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "FailMessage", 26 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html", 27 | "description": "Grants permission to fail a message, signifying the message could not be processed successfully, ensuring it cannot be replied to or delivered again", 28 | "accessLevel": "Write", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "GetEndpoint", 35 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html", 36 | "description": "Grants permission to route traffic to the correct endpoint based on the given destination for the messages", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "GetMessages", 44 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html", 45 | "description": "Grants permission to deliver messages to clients/instances using long polling", 46 | "accessLevel": "Read", 47 | "resourceTypes": [], 48 | "conditionKeys": [ 49 | "ssm:SourceInstanceARN", 50 | "ec2:SourceInstanceARN" 51 | ], 52 | "dependentActions": [] 53 | }, 54 | { 55 | "name": "SendReply", 56 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-messageAPIs.html", 57 | "description": "Grants permission to send replies from clients/instances to upstream service", 58 | "accessLevel": "Write", 59 | "resourceTypes": [], 60 | "conditionKeys": [ 61 | "ssm:SourceInstanceARN", 62 | "ec2:SourceInstanceARN" 63 | ], 64 | "dependentActions": [] 65 | } 66 | ] 67 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-message-gateway-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Message Gateway Service", 3 | "servicePrefix": "ssmmessages", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonmessagegatewayservice.html", 5 | "actions": [ 6 | { 7 | "name": "CreateControlChannel", 8 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-create-iam-instance-profile.html", 9 | "description": "Grants permission to register a control channel for an instance to send control messages to Systems Manager service", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [ 13 | "ssm:SourceInstanceARN", 14 | "ec2:SourceInstanceARN" 15 | ], 16 | "dependentActions": [] 17 | }, 18 | { 19 | "name": "CreateDataChannel", 20 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-create-iam-instance-profile.html", 21 | "description": "Grants permission to register a data channel for an instance to send data messages to Systems Manager service", 22 | "accessLevel": "Write", 23 | "resourceTypes": [], 24 | "conditionKeys": [], 25 | "dependentActions": [] 26 | }, 27 | { 28 | "name": "OpenControlChannel", 29 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-create-iam-instance-profile.html", 30 | "description": "Grants permission to open a websocket connection for a registered control channel stream from an instance to Systems Manager service", 31 | "accessLevel": "Write", 32 | "resourceTypes": [], 33 | "conditionKeys": [], 34 | "dependentActions": [] 35 | }, 36 | { 37 | "name": "OpenDataChannel", 38 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-create-iam-instance-profile.html", 39 | "description": "Grants permission to open a websocket connection for a registered data channel stream from an instance to Systems Manager service", 40 | "accessLevel": "Write", 41 | "resourceTypes": [], 42 | "conditionKeys": [], 43 | "dependentActions": [] 44 | } 45 | ] 46 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-mobile-analytics.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Mobile Analytics", 3 | "servicePrefix": "mobileanalytics", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonmobileanalytics.html", 5 | "actions": [ 6 | { 7 | "name": "GetFinancialReports", 8 | "description": "Grant access to financial metrics for an app", 9 | "accessLevel": "Read", 10 | "resourceTypes": [], 11 | "conditionKeys": [], 12 | "dependentActions": [] 13 | }, 14 | { 15 | "name": "GetReports", 16 | "description": "Grant access to standard metrics for an app", 17 | "accessLevel": "Read", 18 | "resourceTypes": [], 19 | "conditionKeys": [], 20 | "dependentActions": [] 21 | }, 22 | { 23 | "name": "PutEvents", 24 | "documentationUrl": "https://docs.aws.amazon.com/mobileanalytics/latest/ug/PutEvents.html", 25 | "description": "The PutEvents operation records one or more events", 26 | "accessLevel": "Write", 27 | "resourceTypes": [], 28 | "conditionKeys": [], 29 | "dependentActions": [] 30 | } 31 | ] 32 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-opensearch.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon OpenSearch", 3 | "servicePrefix": "opensearch", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonopensearch.html", 5 | "actions": [ 6 | { 7 | "name": "ApplicationAccessAll", 8 | "documentationUrl": "https://docs.aws.amazon.com/opensearch-service/latest/developerguide/", 9 | "description": "Grants permission to access OpenSearch Application", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "application*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "CancelDirectQuery", 19 | "documentationUrl": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_CancelDirectQuery.html", 20 | "description": "Grants permission to cancel the query that is submitted on the OpenSearch DataSource resource", 21 | "accessLevel": "Write", 22 | "resourceTypes": [ 23 | "datasource*" 24 | ], 25 | "conditionKeys": [], 26 | "dependentActions": [] 27 | }, 28 | { 29 | "name": "GetDirectQuery", 30 | "documentationUrl": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_GetDirectQuery.html", 31 | "description": "Grants permission to get the query status that are performed on the OpenSearch DataSource resource", 32 | "accessLevel": "Read", 33 | "resourceTypes": [ 34 | "datasource*" 35 | ], 36 | "conditionKeys": [], 37 | "dependentActions": [] 38 | }, 39 | { 40 | "name": "GetDirectQueryResult", 41 | "documentationUrl": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_GetDirectQueryResult.html", 42 | "description": "Grants permission to get the results of a query that is performed on the OpenSearch DataSource resource", 43 | "accessLevel": "Read", 44 | "resourceTypes": [ 45 | "datasource*" 46 | ], 47 | "conditionKeys": [], 48 | "dependentActions": [] 49 | }, 50 | { 51 | "name": "StartDirectQuery", 52 | "documentationUrl": "https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_StartDirectQuery.html", 53 | "description": "Grants permission to start a direct query on the provided OpenSearch DataSource arns", 54 | "accessLevel": "Write", 55 | "resourceTypes": [ 56 | "datasource*" 57 | ], 58 | "conditionKeys": [], 59 | "dependentActions": [] 60 | } 61 | ] 62 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-polly.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Polly", 3 | "servicePrefix": "polly", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonpolly.html", 5 | "actions": [ 6 | { 7 | "name": "DeleteLexicon", 8 | "documentationUrl": "https://docs.aws.amazon.com/polly/latest/dg/API_DeleteLexicon.html", 9 | "description": "Grants permission to delete the specified pronunciation lexicon stored in an AWS Region", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "lexicon*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "DescribeVoices", 19 | "documentationUrl": "https://docs.aws.amazon.com/polly/latest/dg/API_DescribeVoices.html", 20 | "description": "Grants permission to describe the list of voices that are available for use when requesting speech synthesis", 21 | "accessLevel": "List", 22 | "resourceTypes": [], 23 | "conditionKeys": [], 24 | "dependentActions": [] 25 | }, 26 | { 27 | "name": "GetLexicon", 28 | "documentationUrl": "https://docs.aws.amazon.com/polly/latest/dg/API_GetLexicon.html", 29 | "description": "Grants permission to retrieve the content of the specified pronunciation lexicon stored in an AWS Region", 30 | "accessLevel": "Read", 31 | "resourceTypes": [ 32 | "lexicon*" 33 | ], 34 | "conditionKeys": [], 35 | "dependentActions": [] 36 | }, 37 | { 38 | "name": "GetSpeechSynthesisTask", 39 | "documentationUrl": "https://docs.aws.amazon.com/polly/latest/dg/API_GetSpeechSynthesisTask.html", 40 | "description": "Grants permission to get information about specific speech synthesis task", 41 | "accessLevel": "Read", 42 | "resourceTypes": [], 43 | "conditionKeys": [], 44 | "dependentActions": [] 45 | }, 46 | { 47 | "name": "ListLexicons", 48 | "documentationUrl": "https://docs.aws.amazon.com/polly/latest/dg/API_ListLexicons.html", 49 | "description": "Grants permission to list the pronunciation lexicons stored in an AWS Region", 50 | "accessLevel": "List", 51 | "resourceTypes": [], 52 | "conditionKeys": [], 53 | "dependentActions": [] 54 | }, 55 | { 56 | "name": "ListSpeechSynthesisTasks", 57 | "documentationUrl": "https://docs.aws.amazon.com/polly/latest/dg/API_ListSpeechSynthesisTasks.html", 58 | "description": "Grants permission to list requested speech synthesis tasks", 59 | "accessLevel": "List", 60 | "resourceTypes": [], 61 | "conditionKeys": [], 62 | "dependentActions": [] 63 | }, 64 | { 65 | "name": "PutLexicon", 66 | "documentationUrl": "https://docs.aws.amazon.com/polly/latest/dg/API_PutLexicon.html", 67 | "description": "Grants permission to store a pronunciation lexicon in an AWS Region", 68 | "accessLevel": "Write", 69 | "resourceTypes": [ 70 | "lexicon*" 71 | ], 72 | "conditionKeys": [], 73 | "dependentActions": [] 74 | }, 75 | { 76 | "name": "StartSpeechSynthesisTask", 77 | "documentationUrl": "https://docs.aws.amazon.com/polly/latest/dg/API_StartSpeechSynthesisTask.html", 78 | "description": "Grants permission to synthesize long inputs to the provided S3 location", 79 | "accessLevel": "Write", 80 | "resourceTypes": [ 81 | "lexicon" 82 | ], 83 | "conditionKeys": [], 84 | "dependentActions": [ 85 | "s3:PutObject" 86 | ] 87 | }, 88 | { 89 | "name": "SynthesizeSpeech", 90 | "documentationUrl": "https://docs.aws.amazon.com/polly/latest/dg/API_SynthesizeSpeech.html", 91 | "description": "Grants permission to synthesize speech", 92 | "accessLevel": "Read", 93 | "resourceTypes": [ 94 | "lexicon" 95 | ], 96 | "conditionKeys": [], 97 | "dependentActions": [] 98 | } 99 | ] 100 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-q-developer.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Q Developer", 3 | "servicePrefix": "qdeveloper", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonqdeveloper.html", 5 | "actions": [ 6 | { 7 | "name": "ExportArtifact", 8 | "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-policies.html", 9 | "description": "Grants permission to export artifacts from Amazon Q Developer", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "codeTransformation" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "ImportArtifact", 19 | "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-policies.html", 20 | "description": "Grants permission to import artifacts to Amazon Q Developer", 21 | "accessLevel": "Write", 22 | "resourceTypes": [ 23 | "codeTransformation" 24 | ], 25 | "conditionKeys": [], 26 | "dependentActions": [] 27 | }, 28 | { 29 | "name": "ListTagsForResource", 30 | "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-policies.html", 31 | "description": "Grants permission to list all tags associated with an Amazon Q Developer resource", 32 | "accessLevel": "List", 33 | "resourceTypes": [ 34 | "codeTransformation" 35 | ], 36 | "conditionKeys": [], 37 | "dependentActions": [] 38 | }, 39 | { 40 | "name": "StartAgentSession", 41 | "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-policies.html", 42 | "description": "Grants permission to start an agent session with Amazon Q Developer", 43 | "accessLevel": "Write", 44 | "resourceTypes": [], 45 | "conditionKeys": [ 46 | "aws:TagKeys", 47 | "aws:RequestTag/${TagKey}" 48 | ], 49 | "dependentActions": [] 50 | }, 51 | { 52 | "name": "TagResource", 53 | "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-policies.html", 54 | "description": "Grants permission to associate tags with an Amazon Q Developer resource", 55 | "accessLevel": "Tagging", 56 | "resourceTypes": [ 57 | "codeTransformation" 58 | ], 59 | "conditionKeys": [ 60 | "aws:TagKeys", 61 | "aws:RequestTag/${TagKey}" 62 | ], 63 | "dependentActions": [] 64 | }, 65 | { 66 | "name": "TransformCode", 67 | "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-policies.html", 68 | "description": "Grants permission to transform code with Amazon Q Developer Transform Agent", 69 | "accessLevel": "Write", 70 | "resourceTypes": [ 71 | "codeTransformation" 72 | ], 73 | "conditionKeys": [], 74 | "dependentActions": [] 75 | }, 76 | { 77 | "name": "UntagResource", 78 | "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-policies.html", 79 | "description": "Grants permission to remove tags associated with an Amazon Q Developer resource", 80 | "accessLevel": "Tagging", 81 | "resourceTypes": [ 82 | "codeTransformation" 83 | ], 84 | "conditionKeys": [ 85 | "aws:TagKeys" 86 | ], 87 | "dependentActions": [] 88 | } 89 | ] 90 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-rds-data-api.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon RDS Data API", 3 | "servicePrefix": "rds-data", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonrdsdataapi.html", 5 | "actions": [ 6 | { 7 | "name": "BatchExecuteStatement", 8 | "documentationUrl": "https://docs.aws.amazon.com/rdsdataservice/latest/APIReference/API_BatchExecuteStatement.html", 9 | "description": "Grants permission to run a batch SQL statement over an array of data", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "cluster*" 13 | ], 14 | "conditionKeys": [ 15 | "aws:ResourceTag/${TagKey}", 16 | "aws:TagKeys" 17 | ], 18 | "dependentActions": [] 19 | }, 20 | { 21 | "name": "BeginTransaction", 22 | "documentationUrl": "https://docs.aws.amazon.com/rdsdataservice/latest/APIReference/API_BeginTransaction.html", 23 | "description": "Grants permission to start a SQL transaction", 24 | "accessLevel": "Write", 25 | "resourceTypes": [ 26 | "cluster*" 27 | ], 28 | "conditionKeys": [ 29 | "aws:ResourceTag/${TagKey}", 30 | "aws:TagKeys" 31 | ], 32 | "dependentActions": [] 33 | }, 34 | { 35 | "name": "CommitTransaction", 36 | "documentationUrl": "https://docs.aws.amazon.com/rdsdataservice/latest/APIReference/API_CommitTransaction.html", 37 | "description": "Grants permission to end a SQL transaction started with the BeginTransaction operation and commits the changes", 38 | "accessLevel": "Write", 39 | "resourceTypes": [ 40 | "cluster*" 41 | ], 42 | "conditionKeys": [ 43 | "aws:ResourceTag/${TagKey}", 44 | "aws:TagKeys" 45 | ], 46 | "dependentActions": [ 47 | "rds-data:BeginTransaction" 48 | ] 49 | }, 50 | { 51 | "name": "ExecuteSql", 52 | "documentationUrl": "https://docs.aws.amazon.com/rdsdataservice/latest/APIReference/API_ExecuteSql.html", 53 | "description": "Grants permission to run one or more SQL statements. This operation is deprecated. Use the BatchExecuteStatement or ExecuteStatement operation", 54 | "accessLevel": "Write", 55 | "resourceTypes": [ 56 | "cluster*" 57 | ], 58 | "conditionKeys": [ 59 | "aws:ResourceTag/${TagKey}", 60 | "aws:TagKeys" 61 | ], 62 | "dependentActions": [] 63 | }, 64 | { 65 | "name": "ExecuteStatement", 66 | "documentationUrl": "https://docs.aws.amazon.com/rdsdataservice/latest/APIReference/API_ExecuteStatement.html", 67 | "description": "Grants permission to run a SQL statement against a database", 68 | "accessLevel": "Write", 69 | "resourceTypes": [ 70 | "cluster*" 71 | ], 72 | "conditionKeys": [ 73 | "aws:ResourceTag/${TagKey}", 74 | "aws:TagKeys" 75 | ], 76 | "dependentActions": [] 77 | }, 78 | { 79 | "name": "RollbackTransaction", 80 | "documentationUrl": "https://docs.aws.amazon.com/rdsdataservice/latest/APIReference/API_RollbackTransaction.html", 81 | "description": "Grants permission to perform a rollback of a transaction. Rolling back a transaction cancels its changes", 82 | "accessLevel": "Write", 83 | "resourceTypes": [ 84 | "cluster*" 85 | ], 86 | "conditionKeys": [ 87 | "aws:ResourceTag/${TagKey}", 88 | "aws:TagKeys" 89 | ], 90 | "dependentActions": [ 91 | "rds-data:BeginTransaction" 92 | ] 93 | } 94 | ] 95 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-rds-iam-authentication.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon RDS IAM Authentication", 3 | "servicePrefix": "rds-db", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonrdsiamauthentication.html", 5 | "actions": [ 6 | { 7 | "name": "connect", 8 | "documentationUrl": "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.IAMPolicy.html", 9 | "description": "Allows IAM role or user to connect to RDS database", 10 | "accessLevel": "Permissions management", 11 | "resourceTypes": [ 12 | "db-user*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-resource-group-tagging-api.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Resource Group Tagging API", 3 | "servicePrefix": "tag", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonresourcegrouptaggingapi.html", 5 | "actions": [ 6 | { 7 | "name": "DescribeReportCreation", 8 | "documentationUrl": "https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_DescribeReportCreation.html", 9 | "description": "Grants permission to describe the status of the StartReportCreation operation", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "GetComplianceSummary", 17 | "documentationUrl": "https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_GetComplianceSummary.html", 18 | "description": "Grants permission to retrieve a summary of how many resources are noncompliant with their effective tag policies", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "GetResources", 26 | "documentationUrl": "https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_GetResources.html", 27 | "description": "Grants permission to return tagged or previously tagged resources in the specified AWS Region for the calling account", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "GetTagKeys", 35 | "documentationUrl": "https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_GetTagKeys.html", 36 | "description": "Grants permission to returns tag keys currently in use in the specified AWS Region for the calling account", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "GetTagValues", 44 | "documentationUrl": "https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_GetTagValues.html", 45 | "description": "Grants permission to return tag values for the specified key that are used in the specified AWS Region for the calling account", 46 | "accessLevel": "Read", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | }, 51 | { 52 | "name": "StartReportCreation", 53 | "documentationUrl": "https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_StartReportCreation.html", 54 | "description": "Grants permission to start generating a report listing all tagged resources in accounts across your organization, and whether each resource is compliant with the effective tag policy", 55 | "accessLevel": "Write", 56 | "resourceTypes": [], 57 | "conditionKeys": [], 58 | "dependentActions": [] 59 | }, 60 | { 61 | "name": "TagResources", 62 | "documentationUrl": "https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_TagResources.html", 63 | "description": "Grants permission to apply one or more tags to the specified resources", 64 | "accessLevel": "Tagging", 65 | "resourceTypes": [], 66 | "conditionKeys": [], 67 | "dependentActions": [] 68 | }, 69 | { 70 | "name": "UntagResources", 71 | "documentationUrl": "https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/API_UntagResources.html", 72 | "description": "Grants permission to remove the specified tags from the specified resources", 73 | "accessLevel": "Tagging", 74 | "resourceTypes": [], 75 | "conditionKeys": [], 76 | "dependentActions": [] 77 | } 78 | ] 79 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-rhel-knowledgebase-portal.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon RHEL Knowledgebase Portal", 3 | "servicePrefix": "rhelkb", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonrhelknowledgebaseportal.html", 5 | "actions": [ 6 | { 7 | "name": "GetRhelURL", 8 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-rhel.html", 9 | "description": "Grants permission to access the Red Hat Knowledgebase portal", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-route-53-recovery-cluster.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Route 53 Recovery Cluster", 3 | "servicePrefix": "route53-recovery-cluster", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonroute53recoverycluster.html", 5 | "actions": [ 6 | { 7 | "name": "GetRoutingControlState", 8 | "documentationUrl": "https://docs.aws.amazon.com/routing-control/latest/APIReference/API_GetRoutingControlState.html", 9 | "description": "Grants permission to get a routing control state", 10 | "accessLevel": "Read", 11 | "resourceTypes": [ 12 | "routingcontrol*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "ListRoutingControls", 19 | "documentationUrl": "https://docs.aws.amazon.com/routing-control/latest/APIReference/API_ListRoutingControls.html", 20 | "description": "Grants permission to list routing controls", 21 | "accessLevel": "Read", 22 | "resourceTypes": [], 23 | "conditionKeys": [], 24 | "dependentActions": [] 25 | }, 26 | { 27 | "name": "UpdateRoutingControlState", 28 | "documentationUrl": "https://docs.aws.amazon.com/routing-control/latest/APIReference/API_UpdateRoutingControlState.html", 29 | "description": "Grants permission to update a routing control state", 30 | "accessLevel": "Write", 31 | "resourceTypes": [ 32 | "routingcontrol*" 33 | ], 34 | "conditionKeys": [ 35 | "route53-recovery-cluster:AllowSafetyRulesOverrides" 36 | ], 37 | "dependentActions": [] 38 | }, 39 | { 40 | "name": "UpdateRoutingControlStates", 41 | "documentationUrl": "https://docs.aws.amazon.com/routing-control/latest/APIReference/API_UpdateRoutingControlStates.html", 42 | "description": "Grants permission to update a batch of routing control states", 43 | "accessLevel": "Write", 44 | "resourceTypes": [ 45 | "routingcontrol*" 46 | ], 47 | "conditionKeys": [ 48 | "route53-recovery-cluster:AllowSafetyRulesOverrides" 49 | ], 50 | "dependentActions": [] 51 | } 52 | ] 53 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-sagemaker-data-science-assistant.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon SageMaker data science assistant", 3 | "servicePrefix": "sagemaker-data-science-assistant", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonsagemakerdatascienceassistant.html", 5 | "actions": [ 6 | { 7 | "name": "SendConversation", 8 | "documentationUrl": "https://docs.aws.amazon.com/sagemaker-dsa/APIReference/", 9 | "description": "Grants permission to start a conversation with SageMaker data science assistant", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-session-manager-message-gateway-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Session Manager Message Gateway Service", 3 | "servicePrefix": "ssmmessages", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonsessionmanagermessagegatewayservice.html", 5 | "actions": [ 6 | { 7 | "name": "CreateControlChannel", 8 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-create-iam-instance-profile.html", 9 | "description": "Grants permission to register a control channel for an instance to send control messages to Systems Manager service", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [ 13 | "ssm:SourceInstanceARN", 14 | "ec2:SourceInstanceARN" 15 | ], 16 | "dependentActions": [] 17 | }, 18 | { 19 | "name": "CreateDataChannel", 20 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-create-iam-instance-profile.html", 21 | "description": "Grants permission to register a data channel for an instance to send data messages to Systems Manager service", 22 | "accessLevel": "Write", 23 | "resourceTypes": [], 24 | "conditionKeys": [], 25 | "dependentActions": [] 26 | }, 27 | { 28 | "name": "OpenControlChannel", 29 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-create-iam-instance-profile.html", 30 | "description": "Grants permission to open a websocket connection for a registered control channel stream from an instance to Systems Manager service", 31 | "accessLevel": "Write", 32 | "resourceTypes": [], 33 | "conditionKeys": [], 34 | "dependentActions": [] 35 | }, 36 | { 37 | "name": "OpenDataChannel", 38 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-create-iam-instance-profile.html", 39 | "description": "Grants permission to open a websocket connection for a registered data channel stream from an instance to Systems Manager service", 40 | "accessLevel": "Write", 41 | "resourceTypes": [], 42 | "conditionKeys": [], 43 | "dependentActions": [] 44 | } 45 | ] 46 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-sumerian.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon Sumerian", 3 | "servicePrefix": "sumerian", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonsumerian.html", 5 | "actions": [ 6 | { 7 | "name": "Login", 8 | "documentationUrl": "https://docs.aws.amazon.com/sumerian/latest/userguide/sumerian-permissions.html", 9 | "description": "Grants permission to log into the Sumerian console", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "ViewRelease", 17 | "documentationUrl": "https://docs.aws.amazon.com/sumerian/latest/userguide/sumerian-permissions.html", 18 | "description": "Grants permission to view a project release", 19 | "accessLevel": "Read", 20 | "resourceTypes": [ 21 | "project*" 22 | ], 23 | "conditionKeys": [], 24 | "dependentActions": [] 25 | } 26 | ] 27 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-vpc-lattice-services.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon VPC Lattice Services", 3 | "servicePrefix": "vpc-lattice-svcs", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonvpclatticeservices.html", 5 | "actions": [ 6 | { 7 | "name": "Connect", 8 | "documentationUrl": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/sigv4-authenticated-requests.html", 9 | "description": "Grants permission to connect to a VPC Lattice service", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "TCPService*" 13 | ], 14 | "conditionKeys": [ 15 | "vpc-lattice-svcs:Port", 16 | "vpc-lattice-svcs:ServiceNetworkArn", 17 | "vpc-lattice-svcs:ServiceArn", 18 | "vpc-lattice-svcs:SourceVpc", 19 | "vpc-lattice-svcs:SourceVpcOwnerAccount" 20 | ], 21 | "dependentActions": [] 22 | }, 23 | { 24 | "name": "Invoke", 25 | "documentationUrl": "https://docs.aws.amazon.com/vpc-lattice/latest/ug/sigv4-authenticated-requests.html", 26 | "description": "Grants permission to invoke a VPC Lattice service", 27 | "accessLevel": "Write", 28 | "resourceTypes": [ 29 | "Service*" 30 | ], 31 | "conditionKeys": [ 32 | "vpc-lattice-svcs:Port", 33 | "vpc-lattice-svcs:ServiceNetworkArn", 34 | "vpc-lattice-svcs:ServiceArn", 35 | "vpc-lattice-svcs:SourceVpc", 36 | "vpc-lattice-svcs:SourceVpcOwnerAccount", 37 | "vpc-lattice-svcs:RequestHeader/${HeaderName}", 38 | "vpc-lattice-svcs:RequestQueryString/${QueryStringKey}" 39 | ], 40 | "dependentActions": [] 41 | } 42 | ] 43 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-workmail-message-flow.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon WorkMail Message Flow", 3 | "servicePrefix": "workmailmessageflow", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonworkmailmessageflow.html", 5 | "actions": [ 6 | { 7 | "name": "GetRawMessageContent", 8 | "documentationUrl": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_messageflow_GetRawMessageContent.html", 9 | "description": "Grants permission to read the content of email messages with the specified message ID", 10 | "accessLevel": "Read", 11 | "resourceTypes": [ 12 | "RawMessage*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "PutRawMessageContent", 19 | "documentationUrl": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_messageflow_PutRawMessageContent.html", 20 | "description": "Grants permission to update the content of email messages with the specified message ID", 21 | "accessLevel": "Write", 22 | "resourceTypes": [ 23 | "RawMessage*" 24 | ], 25 | "conditionKeys": [], 26 | "dependentActions": [] 27 | } 28 | ] 29 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazon-workspaces-application-manager.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Amazon WorkSpaces Application Manager", 3 | "servicePrefix": "wam", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonworkspacesapplicationmanager.html", 5 | "actions": [ 6 | { 7 | "name": "AuthenticatePackager", 8 | "documentationUrl": "https://docs.aws.amazon.com/wam/latest/adminguide/iam.html", 9 | "description": "Allows the Amazon WAM packaging instance to access your application package catalog.", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/amazonmediaimport.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AmazonMediaImport", 3 | "servicePrefix": "mediaimport", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonmediaimport.html", 5 | "actions": [ 6 | { 7 | "name": "CreateDatabaseBinarySnapshot", 8 | "documentationUrl": "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html", 9 | "description": "Grants permission to create a database binary snapshot on the customer's aws account", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/application-discovery-arsenal.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Application Discovery Arsenal", 3 | "servicePrefix": "arsenal", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_applicationdiscoveryarsenal.html", 5 | "actions": [ 6 | { 7 | "name": "RegisterOnPremisesAgent", 8 | "documentationUrl": "https://docs.aws.amazon.com/application-discovery/latest/userguide/setting-up.html", 9 | "description": "Grants permission to register AWS provided data collectors to the Application Discovery Service", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-activate.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Activate", 3 | "servicePrefix": "activate", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsactivate.html", 5 | "actions": [ 6 | { 7 | "name": "CreateForm", 8 | "documentationUrl": "https://docs.aws.amazon.com/", 9 | "description": "Grants permission to submit an Activate application form", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "GetAccountContact", 17 | "documentationUrl": "https://docs.aws.amazon.com/", 18 | "description": "Grants permission to get the AWS account contact information", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "GetContentInfo", 26 | "documentationUrl": "https://docs.aws.amazon.com/", 27 | "description": "Grants permission to get Activate tech posts and offer information", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "GetCosts", 35 | "documentationUrl": "https://docs.aws.amazon.com/", 36 | "description": "Grants permission to get the AWS cost information", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "GetCredits", 44 | "documentationUrl": "https://docs.aws.amazon.com/", 45 | "description": "Grants permission to get the AWS credit information", 46 | "accessLevel": "Read", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | }, 51 | { 52 | "name": "GetMemberInfo", 53 | "documentationUrl": "https://docs.aws.amazon.com/", 54 | "description": "Grants permission to get the Activate member information", 55 | "accessLevel": "Read", 56 | "resourceTypes": [], 57 | "conditionKeys": [], 58 | "dependentActions": [] 59 | }, 60 | { 61 | "name": "GetProgram", 62 | "documentationUrl": "https://docs.aws.amazon.com/", 63 | "description": "Grants permission to get an Activate program", 64 | "accessLevel": "Read", 65 | "resourceTypes": [], 66 | "conditionKeys": [], 67 | "dependentActions": [] 68 | }, 69 | { 70 | "name": "PutMemberInfo", 71 | "documentationUrl": "https://docs.aws.amazon.com/", 72 | "description": "Grants permission to create or update the Activate member information", 73 | "accessLevel": "Write", 74 | "resourceTypes": [], 75 | "conditionKeys": [], 76 | "dependentActions": [] 77 | } 78 | ] 79 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-app-studio.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS App Studio", 3 | "servicePrefix": "appstudio", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsappstudio.html", 5 | "actions": [ 6 | { 7 | "name": "GetAccountStatus", 8 | "documentationUrl": "https://docs.aws.amazon.com/appstudio/latest/userguide/", 9 | "description": "Grants permission to describe the account's current status", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "GetEnablementJobStatus", 17 | "documentationUrl": "https://docs.aws.amazon.com/appstudio/latest/userguide/", 18 | "description": "Grants permission to fetch status of a enablement job", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "StartEnablementJob", 26 | "documentationUrl": "https://docs.aws.amazon.com/appstudio/latest/userguide/", 27 | "description": "Grants permission to submit a enablement job", 28 | "accessLevel": "Write", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "StartRollbackEnablementJob", 35 | "documentationUrl": "https://docs.aws.amazon.com/appstudio/latest/userguide/", 36 | "description": "Grants permission to rollback an enablement job", 37 | "accessLevel": "Write", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "StartTeamDeployment", 44 | "documentationUrl": "https://docs.aws.amazon.com/appstudio/latest/userguide/", 45 | "description": "Grants permission to start a team deployment", 46 | "accessLevel": "Write", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | } 51 | ] 52 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-app2container.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS App2Container", 3 | "servicePrefix": "a2c", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsapp2container.html", 5 | "actions": [ 6 | { 7 | "name": "GetContainerizationJobDetails", 8 | "documentationUrl": "https://docs.aws.amazon.com/tk-dotnet-refactoring/latest/userguide/what-is-tk-dotnet-refactoring.html", 9 | "description": "Grants permission to get the details of all Containerization jobs", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "GetDeploymentJobDetails", 17 | "documentationUrl": "https://docs.aws.amazon.com/tk-dotnet-refactoring/latest/userguide/what-is-tk-dotnet-refactoring.html", 18 | "description": "Grants permission to get the details of all Deployment jobs", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "StartContainerizationJob", 26 | "documentationUrl": "https://docs.aws.amazon.com/tk-dotnet-refactoring/latest/userguide/what-is-tk-dotnet-refactoring.html", 27 | "description": "Grants permission to start a Containerization job", 28 | "accessLevel": "Write", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "StartDeploymentJob", 35 | "documentationUrl": "https://docs.aws.amazon.com/tk-dotnet-refactoring/latest/userguide/what-is-tk-dotnet-refactoring.html", 36 | "description": "Grants permission to start a Deploymnet job", 37 | "accessLevel": "Write", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | } 42 | ] 43 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-application-cost-profiler-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Application Cost Profiler Service", 3 | "servicePrefix": "application-cost-profiler", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsapplicationcostprofilerservice.html", 5 | "actions": [ 6 | { 7 | "name": "DeleteReportDefinition", 8 | "documentationUrl": "https://docs.aws.amazon.com/application-cost-profiler/latest/APIReference/API_DeleteReportDefinition.html", 9 | "description": "Grants permission to delete the configuration with specific Application Cost Profiler Report thereby effectively disabling report generation", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "GetReportDefinition", 17 | "documentationUrl": "https://docs.aws.amazon.com/application-cost-profiler/latest/APIReference/API_GetReportDefinition.html", 18 | "description": "Grants permission to fetch the configuration with specific Application Cost Profiler Report request", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "ImportApplicationUsage", 26 | "documentationUrl": "https://docs.aws.amazon.com/application-cost-profiler/latest/APIReference/API_ImportApplicationUsage.html", 27 | "description": "Grants permission to import the application usage from S3", 28 | "accessLevel": "Write", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "ListReportDefinitions", 35 | "documentationUrl": "https://docs.aws.amazon.com/application-cost-profiler/latest/APIReference/API_ListReportDefinitions.html", 36 | "description": "Grants permission to get a list of the different Application Cost Profiler Report configurations they have created", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "PutReportDefinition", 44 | "documentationUrl": "https://docs.aws.amazon.com/application-cost-profiler/latest/APIReference/API_PutReportDefinition.html", 45 | "description": "Grants permission to create Application Cost Profiler Report configurations", 46 | "accessLevel": "Write", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | }, 51 | { 52 | "name": "UpdateReportDefinition", 53 | "documentationUrl": "https://docs.aws.amazon.com/application-cost-profiler/latest/APIReference/API_UpdateReportDefinition.html", 54 | "description": "Grants permission to update an existing Application Cost Profiler Report configuration", 55 | "accessLevel": "Write", 56 | "resourceTypes": [], 57 | "conditionKeys": [], 58 | "dependentActions": [] 59 | } 60 | ] 61 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-auto-scaling.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Auto Scaling", 3 | "servicePrefix": "autoscaling-plans", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsautoscaling.html", 5 | "actions": [ 6 | { 7 | "name": "CreateScalingPlan", 8 | "documentationUrl": "https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_CreateScalingPlan.html", 9 | "description": "Creates a scaling plan.", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "DeleteScalingPlan", 17 | "documentationUrl": "https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_DeleteScalingPlan.html", 18 | "description": "Deletes the specified scaling plan.", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "DescribeScalingPlanResources", 26 | "documentationUrl": "https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_DescribeScalingPlanResources.html", 27 | "description": "Describes the scalable resources in the specified scaling plan.", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "DescribeScalingPlans", 35 | "documentationUrl": "https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_DescribeScalingPlans.html", 36 | "description": "Describes the specified scaling plans or all of your scaling plans.", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "GetScalingPlanResourceForecastData", 44 | "documentationUrl": "https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_GetScalingPlanResourceForecastData.html", 45 | "description": "Retrieves the forecast data for a scalable resource.", 46 | "accessLevel": "Read", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | }, 51 | { 52 | "name": "UpdateScalingPlan", 53 | "documentationUrl": "https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_UpdateScalingPlan.html", 54 | "description": "Updates a scaling plan.", 55 | "accessLevel": "Write", 56 | "resourceTypes": [], 57 | "conditionKeys": [], 58 | "dependentActions": [] 59 | } 60 | ] 61 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-billing-console.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Billing Console", 3 | "servicePrefix": "aws-portal", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsbillingconsole.html", 5 | "actions": [ 6 | { 7 | "name": "GetConsoleActionSetEnforced", 8 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 9 | "description": "Grants permission to view whether existing or fine-grained IAM actions are being used to control authorization to Billing, Cost Management, and Account consoles", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "ModifyAccount", 17 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 18 | "description": "Allow or deny IAM users permission to modify Account Settings", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "ModifyBilling", 26 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 27 | "description": "Allow or deny IAM users permission to modify billing settings", 28 | "accessLevel": "Write", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "ModifyPaymentMethods", 35 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 36 | "description": "Allow or deny IAM users permission to modify payment methods", 37 | "accessLevel": "Write", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "UpdateConsoleActionSetEnforced", 44 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 45 | "description": "Grants permission to change whether existing or fine-grained IAM actions will be used to control authorization to Billing, Cost Management, and Account consoles", 46 | "accessLevel": "Write", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | }, 51 | { 52 | "name": "ViewAccount", 53 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 54 | "description": "Allow or deny IAM users permission to view account settings", 55 | "accessLevel": "Read", 56 | "resourceTypes": [], 57 | "conditionKeys": [], 58 | "dependentActions": [] 59 | }, 60 | { 61 | "name": "ViewBilling", 62 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 63 | "description": "Allow or deny IAM users permission to view billing pages in the console", 64 | "accessLevel": "Read", 65 | "resourceTypes": [], 66 | "conditionKeys": [], 67 | "dependentActions": [] 68 | }, 69 | { 70 | "name": "ViewPaymentMethods", 71 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 72 | "description": "Allow or deny IAM users permission to view payment methods", 73 | "accessLevel": "Read", 74 | "resourceTypes": [], 75 | "conditionKeys": [], 76 | "dependentActions": [] 77 | }, 78 | { 79 | "name": "ViewUsage", 80 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 81 | "description": "Allow or deny IAM users permission to view AWS usage reports", 82 | "accessLevel": "Read", 83 | "resourceTypes": [], 84 | "conditionKeys": [], 85 | "dependentActions": [] 86 | } 87 | ] 88 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-cloud-control-api.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Cloud Control API", 3 | "servicePrefix": "cloudformation", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awscloudcontrolapi.html", 5 | "actions": [ 6 | { 7 | "name": "CancelResourceRequest", 8 | "documentationUrl": "https://docs.aws.amazon.com/cloudcontrolapi/latest/APIReference/API_CancelResourceRequest.html", 9 | "description": "Grants permission to cancel resource requests in your account", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "CreateResource", 17 | "documentationUrl": "https://docs.aws.amazon.com/cloudcontrolapi/latest/APIReference/API_CreateResource.html", 18 | "description": "Grants permission to create resources in your account", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "DeleteResource", 26 | "documentationUrl": "https://docs.aws.amazon.com/cloudcontrolapi/latest/APIReference/API_DeleteResource.html", 27 | "description": "Grants permission to delete resources in your account", 28 | "accessLevel": "Write", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "GetResource", 35 | "documentationUrl": "https://docs.aws.amazon.com/cloudcontrolapi/latest/APIReference/API_GetResource.html", 36 | "description": "Grants permission to get resources in your account", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "GetResourceRequestStatus", 44 | "documentationUrl": "https://docs.aws.amazon.com/cloudcontrolapi/latest/APIReference/API_GetResourceRequestStatus.html", 45 | "description": "Grants permission to get resource requests in your account", 46 | "accessLevel": "Read", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | }, 51 | { 52 | "name": "ListResourceRequests", 53 | "documentationUrl": "https://docs.aws.amazon.com/cloudcontrolapi/latest/APIReference/API_ListResourceRequests.html", 54 | "description": "Grants permission to list resource requests in your account", 55 | "accessLevel": "Read", 56 | "resourceTypes": [], 57 | "conditionKeys": [], 58 | "dependentActions": [] 59 | }, 60 | { 61 | "name": "ListResources", 62 | "documentationUrl": "https://docs.aws.amazon.com/cloudcontrolapi/latest/APIReference/API_ListResources.html", 63 | "description": "Grants permission to list resources in your account", 64 | "accessLevel": "Read", 65 | "resourceTypes": [], 66 | "conditionKeys": [], 67 | "dependentActions": [] 68 | }, 69 | { 70 | "name": "UpdateResource", 71 | "documentationUrl": "https://docs.aws.amazon.com/cloudcontrolapi/latest/APIReference/API_UpdateResource.html", 72 | "description": "Grants permission to update resources in your account", 73 | "accessLevel": "Write", 74 | "resourceTypes": [], 75 | "conditionKeys": [], 76 | "dependentActions": [] 77 | } 78 | ] 79 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-cloudtrail-data.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS CloudTrail Data", 3 | "servicePrefix": "cloudtrail-data", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awscloudtraildata.html", 5 | "actions": [ 6 | { 7 | "name": "PutAuditEvents", 8 | "documentationUrl": "https://docs.aws.amazon.com/awscloudtraildata/latest/APIReference/API_PutAuditEvents.html", 9 | "description": "Grants permission to ingest your application events into CloudTrail Lake", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "channel*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-codedeploy-secure-host-commands-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS CodeDeploy secure host commands service", 3 | "servicePrefix": "codedeploy-commands-secure", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awscodedeploysecurehostcommandsservice.html", 5 | "actions": [ 6 | { 7 | "name": "GetDeploymentSpecification", 8 | "documentationUrl": "https://docs.aws.amazon.com/codedeploy/latest/userguide/vpc-endpoints.html#vpc-codedeploy-agent-configuration", 9 | "description": "Grants permission to get deployment specification", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "PollHostCommand", 17 | "documentationUrl": "https://docs.aws.amazon.com/codedeploy/latest/userguide/vpc-endpoints.html#vpc-codedeploy-agent-configuration", 18 | "description": "Grants permission to request host agent commands", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "PutHostCommandAcknowledgement", 26 | "documentationUrl": "https://docs.aws.amazon.com/codedeploy/latest/userguide/vpc-endpoints.html#vpc-codedeploy-agent-configuration", 27 | "description": "Grants permission to mark host agent commands acknowledged", 28 | "accessLevel": "Write", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "PutHostCommandComplete", 35 | "documentationUrl": "https://docs.aws.amazon.com/codedeploy/latest/userguide/vpc-endpoints.html#vpc-codedeploy-agent-configuration", 36 | "description": "Grants permission to mark host agent commands completed", 37 | "accessLevel": "Write", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | } 42 | ] 43 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-connector-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Connector Service", 3 | "servicePrefix": "awsconnector", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsconnectorservice.html", 5 | "actions": [ 6 | { 7 | "name": "GetConnectorHealth", 8 | "documentationUrl": "https://docs.aws.amazon.com/server-migration-service/latest/userguide/prereqs.html#connector-permissions", 9 | "description": "Retrieves all health metrics that were published from the Server Migration Connector.", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "RegisterConnector", 17 | "documentationUrl": "https://docs.aws.amazon.com/server-migration-service/latest/userguide/prereqs.html#connector-permissions", 18 | "description": "Registers AWS Connector with AWS Connector Service.", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "ValidateConnectorId", 26 | "documentationUrl": "https://docs.aws.amazon.com/server-migration-service/latest/userguide/prereqs.html#connector-permissions", 27 | "description": "Validates Server Migration Connector Id that was registered with AWS Connector Service.", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | } 33 | ] 34 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-consolidated-billing.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Consolidated Billing", 3 | "servicePrefix": "consolidatedbilling", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsconsolidatedbilling.html", 5 | "actions": [ 6 | { 7 | "name": "GetAccountBillingRole", 8 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", 9 | "description": "Grants permission to get account role (Payer, Linked, Regular)", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "ListLinkedAccounts", 17 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", 18 | "description": "Grants permission to get list of member/linked accounts", 19 | "accessLevel": "List", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | } 24 | ] 25 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-control-catalog.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Control Catalog", 3 | "servicePrefix": "controlcatalog", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awscontrolcatalog.html", 5 | "actions": [ 6 | { 7 | "name": "GetControl", 8 | "documentationUrl": "https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_GetControl.html", 9 | "description": "Grants permission to return details about a specific control", 10 | "accessLevel": "Read", 11 | "resourceTypes": [ 12 | "control*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "ListCommonControls", 19 | "documentationUrl": "https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListCommonControls.html", 20 | "description": "Grants permission to return a paginated list of common controls from the AWS Control Catalog", 21 | "accessLevel": "List", 22 | "resourceTypes": [], 23 | "conditionKeys": [], 24 | "dependentActions": [] 25 | }, 26 | { 27 | "name": "ListControls", 28 | "documentationUrl": "https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListControls.html", 29 | "description": "Grants permission to return a paginated list of all available controls in the AWS Control Catalog library", 30 | "accessLevel": "List", 31 | "resourceTypes": [ 32 | "control*" 33 | ], 34 | "conditionKeys": [], 35 | "dependentActions": [] 36 | }, 37 | { 38 | "name": "ListDomains", 39 | "documentationUrl": "https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html", 40 | "description": "Grants permission to return a paginated list of domains from the AWS Control Catalog", 41 | "accessLevel": "List", 42 | "resourceTypes": [], 43 | "conditionKeys": [], 44 | "dependentActions": [] 45 | }, 46 | { 47 | "name": "ListObjectives", 48 | "documentationUrl": "https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListObjectives.html", 49 | "description": "Grants permission to return a paginated list of objectives from the AWS Control Catalog", 50 | "accessLevel": "List", 51 | "resourceTypes": [], 52 | "conditionKeys": [], 53 | "dependentActions": [] 54 | } 55 | ] 56 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-cost-optimization-hub.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Cost Optimization Hub", 3 | "servicePrefix": "cost-optimization-hub", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awscostoptimizationhub.html", 5 | "actions": [ 6 | { 7 | "name": "GetPreferences", 8 | "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_CostOptimizationHub_GetPreferences.html", 9 | "description": "Grants permission to get preferences", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "GetRecommendation", 17 | "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_CostOptimizationHub_GetRecommendation.html", 18 | "description": "Grants permission to get resource configuration and estimated cost impact for a recommendation", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "ListEnrollmentStatuses", 26 | "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_CostOptimizationHub_ListEnrollmentStatuses.html", 27 | "description": "Grants permission to list enrollment statuses for the specified account or all members under a management account", 28 | "accessLevel": "List", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "ListRecommendationSummaries", 35 | "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_CostOptimizationHub_ListRecommendationSummaries.html", 36 | "description": "Grants permission to list recommendation summaries by group", 37 | "accessLevel": "List", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [ 41 | "cost-optimization-hub:GetRecommendation" 42 | ] 43 | }, 44 | { 45 | "name": "ListRecommendations", 46 | "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_CostOptimizationHub_ListRecommendations.html", 47 | "description": "Grants permission to list summary view of recommendations", 48 | "accessLevel": "List", 49 | "resourceTypes": [], 50 | "conditionKeys": [], 51 | "dependentActions": [ 52 | "cost-optimization-hub:GetRecommendation" 53 | ] 54 | }, 55 | { 56 | "name": "UpdateEnrollmentStatus", 57 | "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_CostOptimizationHub_UpdateEnrollmentStatus.html", 58 | "description": "Grants permission to update the enrollment status", 59 | "accessLevel": "Write", 60 | "resourceTypes": [], 61 | "conditionKeys": [], 62 | "dependentActions": [] 63 | }, 64 | { 65 | "name": "UpdatePreferences", 66 | "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_CostOptimizationHub_UpdatePreferences.html", 67 | "description": "Grants permission to update preferences", 68 | "accessLevel": "Write", 69 | "resourceTypes": [], 70 | "conditionKeys": [], 71 | "dependentActions": [] 72 | } 73 | ] 74 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-customer-verification-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Customer Verification Service", 3 | "servicePrefix": "customer-verification", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awscustomerverificationservice.html", 5 | "actions": [ 6 | { 7 | "name": "CreateCustomerVerificationDetails", 8 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 9 | "description": "Grants permission to create customer verification data", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "CreateUploadUrls", 17 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 18 | "description": "Grants permission to create upload URLs", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "GetCustomerVerificationDetails", 26 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 27 | "description": "Grants permission to get customer verification data", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "GetCustomerVerificationEligibility", 35 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 36 | "description": "Grants permission to get customer verification eligibility", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "UpdateCustomerVerificationDetails", 44 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", 45 | "description": "Grants permission to update customer verification data", 46 | "accessLevel": "Write", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | } 51 | ] 52 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-elemental-support-content.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Elemental Support Content", 3 | "servicePrefix": "elemental-support-content", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awselementalsupportcontent.html", 5 | "actions": [ 6 | { 7 | "name": "Query", 8 | "documentationUrl": "https://docs.aws.amazon.com/elemental-appliances-software", 9 | "description": "Grants permission to search support content", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-free-tier.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Free Tier", 3 | "servicePrefix": "freetier", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsfreetier.html", 5 | "actions": [ 6 | { 7 | "name": "GetFreeTierAlertPreference", 8 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/tracking-free-tier-usage.html", 9 | "description": "Grants permission to get free tier alert preference (email address)", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "GetFreeTierUsage", 17 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/tracking-free-tier-usage.html", 18 | "description": "Grants permission to get free tier usage limits and MTD usage status", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "PutFreeTierAlertPreference", 26 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/tracking-free-tier-usage.html", 27 | "description": "Grants permission to set free tier alert preference (email address)", 28 | "accessLevel": "Write", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | } 33 | ] 34 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-iam-identity-center-oidc-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS IAM Identity Center OIDC service", 3 | "servicePrefix": "sso-oauth", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsiamidentitycenteroidcservice.html", 5 | "actions": [ 6 | { 7 | "name": "CreateTokenWithIAM", 8 | "documentationUrl": "https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.html", 9 | "description": "Grants permission to create OAuth/OIDC tokens to access IAM Identity Center integrated applications", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "Application*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-identity-store-auth.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Identity Store Auth", 3 | "servicePrefix": "identitystore-auth", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsidentitystoreauth.html", 5 | "actions": [ 6 | { 7 | "name": "BatchDeleteSession", 8 | "documentationUrl": "https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-app-session.html", 9 | "description": "Grants permission to delete a batch of specified sessions", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "BatchGetSession", 17 | "documentationUrl": "https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-app-session.html", 18 | "description": "Grants permission to return session attributes for a batch of specified sessions", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "ListSessions", 26 | "documentationUrl": "https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-app-session.html", 27 | "description": "Grants permission to retrieve a list of active sessions for the specified user", 28 | "accessLevel": "List", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | } 33 | ] 34 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-import-export-disk-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Import Export Disk Service", 3 | "servicePrefix": "importexport", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsimportexportdiskservice.html", 5 | "actions": [ 6 | { 7 | "name": "CancelJob", 8 | "documentationUrl": "https://docs.aws.amazon.com/AWSImportExport/latest/DG/WebCancelJob.html", 9 | "description": "This action cancels a specified job. Only the job owner can cancel it. The action fails if the job has already started or is complete.", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "CreateJob", 17 | "documentationUrl": "https://docs.aws.amazon.com/AWSImportExport/latest/DG/WebCreateJob.html", 18 | "description": "This action initiates the process of scheduling an upload or download of your data.", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "GetShippingLabel", 26 | "documentationUrl": "https://docs.aws.amazon.com/AWSImportExport/latest/DG/WebGetShippingLabel.html", 27 | "description": "This action generates a pre-paid shipping label that you will use to ship your device to AWS for processing.", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "GetStatus", 35 | "documentationUrl": "https://docs.aws.amazon.com/AWSImportExport/latest/DG/WebGetStatus.html", 36 | "description": "This action returns information about a job, including where the job is in the processing pipeline, the status of the results, and the signature value associated with the job.", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "ListJobs", 44 | "documentationUrl": "https://docs.aws.amazon.com/AWSImportExport/latest/DG/WebListJobs.html", 45 | "description": "This action returns the jobs associated with the requester.", 46 | "accessLevel": "List", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | }, 51 | { 52 | "name": "UpdateJob", 53 | "documentationUrl": "https://docs.aws.amazon.com/AWSImportExport/latest/DG/WebUpdateJob.html", 54 | "description": "You use this action to change the parameters specified in the original manifest file by supplying a new manifest file.", 55 | "accessLevel": "Write", 56 | "resourceTypes": [], 57 | "conditionKeys": [], 58 | "dependentActions": [] 59 | } 60 | ] 61 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-iot-device-tester.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS IoT Device Tester", 3 | "servicePrefix": "iot-device-tester", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsiotdevicetester.html", 5 | "actions": [ 6 | { 7 | "name": "CheckVersion", 8 | "documentationUrl": "https://docs.aws.amazon.com/freertos/latest/userguide/dev-tester-prereqs.html", 9 | "description": "Grants permission to IoT Device Tester to check if a given set of product, test suite and device tester version are compatible", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "DownloadTestSuite", 17 | "documentationUrl": "https://docs.aws.amazon.com/freertos/latest/userguide/dev-tester-prereqs.html", 18 | "description": "Grants permission to IoT Device Tester to download compatible test suite versions", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "LatestIdt", 26 | "documentationUrl": "https://docs.aws.amazon.com/freertos/latest/userguide/dev-tester-prereqs.html", 27 | "description": "Grants permission to IoT Device Tester to get information on latest version of device tester available", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "SendMetrics", 35 | "documentationUrl": "https://docs.aws.amazon.com/freertos/latest/userguide/dev-tester-prereqs.html", 36 | "description": "Grants permission to IoT Device Tester to send usage metrics on your behalf", 37 | "accessLevel": "Write", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "SupportedVersion", 44 | "documentationUrl": "https://docs.aws.amazon.com/freertos/latest/userguide/dev-tester-prereqs.html", 45 | "description": "Grants permission to IoT Device Tester to get list of supported products and test suite versions", 46 | "accessLevel": "Read", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | } 51 | ] 52 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-iot-fleet-hub-for-device-management.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS IoT Fleet Hub for Device Management", 3 | "servicePrefix": "iotfleethub", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsiotfleethubfordevicemanagement.html", 5 | "actions": [ 6 | { 7 | "name": "CreateApplication", 8 | "documentationUrl": "https://docs.aws.amazon.com/iot/latest/apireference/API_iotfleethub_CreateApplication.html", 9 | "description": "Grants permission to create an application", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [ 13 | "aws:RequestTag/${TagKey}", 14 | "aws:TagKeys" 15 | ], 16 | "dependentActions": [ 17 | "sso:CreateManagedApplicationInstance", 18 | "sso:DescribeRegisteredRegions" 19 | ] 20 | }, 21 | { 22 | "name": "DeleteApplication", 23 | "documentationUrl": "https://docs.aws.amazon.com/iot/latest/apireference/API_iotfleethub_DeleteApplication.html", 24 | "description": "Grants permission to delete an application", 25 | "accessLevel": "Write", 26 | "resourceTypes": [ 27 | "application*" 28 | ], 29 | "conditionKeys": [], 30 | "dependentActions": [ 31 | "sso:DeleteManagedApplicationInstance" 32 | ] 33 | }, 34 | { 35 | "name": "DescribeApplication", 36 | "documentationUrl": "https://docs.aws.amazon.com/iot/latest/apireference/API_iotfleethub_DescribeApplication.html", 37 | "description": "Grants permission to describe an application", 38 | "accessLevel": "Read", 39 | "resourceTypes": [ 40 | "application*" 41 | ], 42 | "conditionKeys": [], 43 | "dependentActions": [] 44 | }, 45 | { 46 | "name": "ListApplications", 47 | "documentationUrl": "https://docs.aws.amazon.com/iot/latest/apireference/API_iotfleethub_ListApplications.html", 48 | "description": "Grants permission to list all applications", 49 | "accessLevel": "List", 50 | "resourceTypes": [], 51 | "conditionKeys": [], 52 | "dependentActions": [] 53 | }, 54 | { 55 | "name": "ListTagsForResource", 56 | "documentationUrl": "https://docs.aws.amazon.com/iot/latest/apireference/API_iotfleethub_ListTagsForResource.html", 57 | "description": "Grants permission to list all tags for a resource", 58 | "accessLevel": "Read", 59 | "resourceTypes": [ 60 | "application" 61 | ], 62 | "conditionKeys": [], 63 | "dependentActions": [] 64 | }, 65 | { 66 | "name": "TagResource", 67 | "documentationUrl": "https://docs.aws.amazon.com/iot/latest/apireference/API_iotfleethub_TagResource.html", 68 | "description": "Grants permission to tag a resource", 69 | "accessLevel": "Tagging", 70 | "resourceTypes": [ 71 | "application" 72 | ], 73 | "conditionKeys": [ 74 | "aws:TagKeys", 75 | "aws:RequestTag/${TagKey}" 76 | ], 77 | "dependentActions": [] 78 | }, 79 | { 80 | "name": "UntagResource", 81 | "documentationUrl": "https://docs.aws.amazon.com/iot/latest/apireference/API_iotfleethub_UntagResource.html", 82 | "description": "Grants permission to untag a resource", 83 | "accessLevel": "Tagging", 84 | "resourceTypes": [ 85 | "application" 86 | ], 87 | "conditionKeys": [ 88 | "aws:TagKeys" 89 | ], 90 | "dependentActions": [] 91 | }, 92 | { 93 | "name": "UpdateApplication", 94 | "documentationUrl": "https://docs.aws.amazon.com/iot/latest/apireference/API_iotfleethub_UpdateApplication.html", 95 | "description": "Grants permission to update an application", 96 | "accessLevel": "Write", 97 | "resourceTypes": [ 98 | "application*" 99 | ], 100 | "conditionKeys": [], 101 | "dependentActions": [] 102 | } 103 | ] 104 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-iot-jobs-dataplane.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS IoT Jobs DataPlane", 3 | "servicePrefix": "iotjobsdata", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsiotjobsdataplane.html", 5 | "actions": [ 6 | { 7 | "name": "DescribeJobExecution", 8 | "documentationUrl": "https://docs.aws.amazon.com/iot/latest/apireference/API_iot-jobs-data_DescribeJobExecution.html", 9 | "description": "Grants permission to describe a job execution", 10 | "accessLevel": "Read", 11 | "resourceTypes": [ 12 | "thing*" 13 | ], 14 | "conditionKeys": [ 15 | "iot:JobId" 16 | ], 17 | "dependentActions": [] 18 | }, 19 | { 20 | "name": "GetPendingJobExecutions", 21 | "documentationUrl": "https://docs.aws.amazon.com/iot/latest/apireference/API_iot-jobs-data_GetPendingJobExecutions.html", 22 | "description": "Grants permission to get the list of all jobs for a thing that are not in a terminal state", 23 | "accessLevel": "Read", 24 | "resourceTypes": [ 25 | "thing*" 26 | ], 27 | "conditionKeys": [], 28 | "dependentActions": [] 29 | }, 30 | { 31 | "name": "StartNextPendingJobExecution", 32 | "documentationUrl": "https://docs.aws.amazon.com/iot/latest/apireference/API_iot-jobs-data_StartNextPendingJobExecution.html", 33 | "description": "Grants permission to get and start the next pending job execution for a thing", 34 | "accessLevel": "Write", 35 | "resourceTypes": [ 36 | "thing*" 37 | ], 38 | "conditionKeys": [], 39 | "dependentActions": [] 40 | }, 41 | { 42 | "name": "UpdateJobExecution", 43 | "documentationUrl": "https://docs.aws.amazon.com/iot/latest/apireference/API_iot-jobs-data_UpdateJobExecution.html", 44 | "description": "Grants permission to update a job execution", 45 | "accessLevel": "Write", 46 | "resourceTypes": [ 47 | "thing*" 48 | ], 49 | "conditionKeys": [ 50 | "iot:JobId" 51 | ], 52 | "dependentActions": [] 53 | } 54 | ] 55 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-iq-permissions.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS IQ Permissions", 3 | "servicePrefix": "iq-permission", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsiqpermissions.html", 5 | "actions": [ 6 | { 7 | "name": "ApproveAccessGrant", 8 | "documentationUrl": "https://aws.amazon.com/iq/", 9 | "description": "Grants permission to approve a permission request", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "permission*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "ApprovePermissionRequest", 19 | "documentationUrl": "https://aws.amazon.com/iq/", 20 | "description": "Grants permission to approve a permission request", 21 | "accessLevel": "Write", 22 | "resourceTypes": [ 23 | "permission*" 24 | ], 25 | "conditionKeys": [], 26 | "dependentActions": [] 27 | }, 28 | { 29 | "name": "AssumePermissionRole", 30 | "documentationUrl": "https://aws.amazon.com/iq/", 31 | "description": "Grants permission to obtain a set of temporary security credentials for experts which they can use to access buyers' AWS resources", 32 | "accessLevel": "Write", 33 | "resourceTypes": [ 34 | "permission*" 35 | ], 36 | "conditionKeys": [], 37 | "dependentActions": [] 38 | }, 39 | { 40 | "name": "CreatePermissionRequest", 41 | "documentationUrl": "https://aws.amazon.com/iq/", 42 | "description": "Grants permission to create a permission request", 43 | "accessLevel": "Write", 44 | "resourceTypes": [ 45 | "permission*" 46 | ], 47 | "conditionKeys": [], 48 | "dependentActions": [] 49 | }, 50 | { 51 | "name": "GetPermissionRequest", 52 | "documentationUrl": "https://aws.amazon.com/iq/", 53 | "description": "Grants permission to get a permission request", 54 | "accessLevel": "Read", 55 | "resourceTypes": [ 56 | "permission*" 57 | ], 58 | "conditionKeys": [], 59 | "dependentActions": [] 60 | }, 61 | { 62 | "name": "ListPermissionRequests", 63 | "documentationUrl": "https://aws.amazon.com/iq/", 64 | "description": "Grants permission to list permission requests", 65 | "accessLevel": "Read", 66 | "resourceTypes": [ 67 | "permission*" 68 | ], 69 | "conditionKeys": [], 70 | "dependentActions": [] 71 | }, 72 | { 73 | "name": "RejectPermissionRequest", 74 | "documentationUrl": "https://aws.amazon.com/iq/", 75 | "description": "Grants permission to reject a permission request", 76 | "accessLevel": "Write", 77 | "resourceTypes": [ 78 | "permission*" 79 | ], 80 | "conditionKeys": [], 81 | "dependentActions": [] 82 | }, 83 | { 84 | "name": "RevokePermissionRequest", 85 | "documentationUrl": "https://aws.amazon.com/iq/", 86 | "description": "Grants permission to revoke a permission request which was previously approved", 87 | "accessLevel": "Write", 88 | "resourceTypes": [ 89 | "permission*" 90 | ], 91 | "conditionKeys": [], 92 | "dependentActions": [] 93 | }, 94 | { 95 | "name": "WithdrawPermissionRequest", 96 | "documentationUrl": "https://aws.amazon.com/iq/", 97 | "description": "Grants permission to withdraw a permission request that has not been approved or declined", 98 | "accessLevel": "Write", 99 | "resourceTypes": [ 100 | "permission*" 101 | ], 102 | "conditionKeys": [], 103 | "dependentActions": [] 104 | } 105 | ] 106 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-management-console-mobile-app.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Management Console Mobile App", 3 | "servicePrefix": "consoleapp", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsconsolemobileapp.html", 5 | "actions": [ 6 | { 7 | "name": "GetDeviceIdentity", 8 | "documentationUrl": "https://docs.aws.amazon.com/consolemobileapp/latest/userguide/permissions-policies.html", 9 | "description": "Grants permission to retrieve the device identity for a Console Mobile App device", 10 | "accessLevel": "Read", 11 | "resourceTypes": [ 12 | "DeviceIdentity*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "ListDeviceIdentities", 19 | "documentationUrl": "https://docs.aws.amazon.com/consolemobileapp/latest/userguide/permissions-policies.html", 20 | "description": "Grants permission to retrieve a list of device identities", 21 | "accessLevel": "List", 22 | "resourceTypes": [], 23 | "conditionKeys": [], 24 | "dependentActions": [] 25 | } 26 | ] 27 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-marketplace-commerce-analytics-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Marketplace Commerce Analytics Service", 3 | "servicePrefix": "marketplacecommerceanalytics", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsmarketplacecommerceanalyticsservice.html", 5 | "actions": [ 6 | { 7 | "name": "GenerateDataSet", 8 | "description": "Request a data set to be published to your Amazon S3 bucket.", 9 | "accessLevel": "Write", 10 | "resourceTypes": [], 11 | "conditionKeys": [], 12 | "dependentActions": [] 13 | }, 14 | { 15 | "name": "StartSupportDataExport", 16 | "description": "Request a support data set to be published to your Amazon S3 bucket.", 17 | "accessLevel": "Write", 18 | "resourceTypes": [], 19 | "conditionKeys": [], 20 | "dependentActions": [] 21 | } 22 | ] 23 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-marketplace-deployment-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Marketplace Deployment Service", 3 | "servicePrefix": "aws-marketplace", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsmarketplacedeploymentservice.html", 5 | "actions": [ 6 | { 7 | "name": "ListTagsForResource", 8 | "documentationUrl": "https://docs.aws.amazon.com/marketplace-deployment/latest/api-reference/API_ListTagsForResource.html", 9 | "description": "Grants permission to list tags for a deployment parameter resource", 10 | "accessLevel": "Read", 11 | "resourceTypes": [ 12 | "DeploymentParameter" 13 | ], 14 | "conditionKeys": [ 15 | "aws:ResourceTag/${TagKey}" 16 | ], 17 | "dependentActions": [] 18 | }, 19 | { 20 | "name": "PutDeploymentParameter", 21 | "documentationUrl": "https://docs.aws.amazon.com/marketplace-deployment/latest/api-reference/API_PutDeploymentParameter.html", 22 | "description": "Grants permission to create or update a deployment parameter resource", 23 | "accessLevel": "Write", 24 | "resourceTypes": [ 25 | "DeploymentParameter*" 26 | ], 27 | "conditionKeys": [ 28 | "aws:ResourceTag/${TagKey}", 29 | "aws:RequestTag/${TagKey}", 30 | "aws:TagKeys", 31 | "aws:ResourceTag/${TagKey}", 32 | "aws:RequestTag/${TagKey}", 33 | "aws:TagKeys" 34 | ], 35 | "dependentActions": [ 36 | "aws-marketplace:TagResource" 37 | ] 38 | }, 39 | { 40 | "name": "TagResource", 41 | "documentationUrl": "https://docs.aws.amazon.com/marketplace-deployment/latest/api-reference/API_TagResource.html", 42 | "description": "Grants permission to tag a deployment parameter resource", 43 | "accessLevel": "Tagging", 44 | "resourceTypes": [ 45 | "DeploymentParameter*" 46 | ], 47 | "conditionKeys": [ 48 | "aws:ResourceTag/${TagKey}", 49 | "aws:RequestTag/${TagKey}", 50 | "aws:TagKeys", 51 | "aws:ResourceTag/${TagKey}", 52 | "aws:RequestTag/${TagKey}", 53 | "aws:TagKeys" 54 | ], 55 | "dependentActions": [] 56 | }, 57 | { 58 | "name": "UntagResource", 59 | "documentationUrl": "https://docs.aws.amazon.com/marketplace-deployment/latest/api-reference/API_UntagResource.html", 60 | "description": "Grants permission to untag a deployment parameter resource", 61 | "accessLevel": "Tagging", 62 | "resourceTypes": [ 63 | "DeploymentParameter*" 64 | ], 65 | "conditionKeys": [ 66 | "aws:ResourceTag/${TagKey}", 67 | "aws:TagKeys", 68 | "aws:ResourceTag/${TagKey}", 69 | "aws:TagKeys" 70 | ], 71 | "dependentActions": [] 72 | } 73 | ] 74 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-marketplace-discovery.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Marketplace Discovery", 3 | "servicePrefix": "aws-marketplace", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsmarketplacediscovery.html", 5 | "actions": [ 6 | { 7 | "name": "ListPrivateListings", 8 | "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/buyerguide/private-offers-page.html", 9 | "description": "Grants permission to users to list their private offers", 10 | "accessLevel": "List", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-marketplace-entitlement-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Marketplace Entitlement Service", 3 | "servicePrefix": "aws-marketplace", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsmarketplaceentitlementservice.html", 5 | "actions": [ 6 | { 7 | "name": "GetEntitlements", 8 | "documentationUrl": "https://docs.aws.amazon.com/marketplaceentitlement/latest/APIReference/API_GetEntitlements.html", 9 | "description": "Grants permission to retrieve entitlement values for a given product. The results can be filtered based on customer identifier or product dimensions", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-marketplace-image-building-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Marketplace Image Building Service", 3 | "servicePrefix": "aws-marketplace", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsmarketplaceimagebuildingservice.html", 5 | "actions": [ 6 | { 7 | "name": "DescribeBuilds", 8 | "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/buyerguide/api-reference.html", 9 | "description": "Describes Image Builds identified by a build Id", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "ListBuilds", 17 | "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/buyerguide/api-reference.html", 18 | "description": "Lists Image Builds.", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "StartBuild", 26 | "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/buyerguide/api-reference.html", 27 | "description": "Starts an Image Build", 28 | "accessLevel": "Write", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | } 33 | ] 34 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-marketplace-metering-service.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Marketplace Metering Service", 3 | "servicePrefix": "aws-marketplace", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsmarketplacemeteringservice.html", 5 | "actions": [ 6 | { 7 | "name": "BatchMeterUsage", 8 | "documentationUrl": "https://docs.aws.amazon.com/marketplacemetering/latest/APIReference/API_BatchMeterUsage.html", 9 | "description": "Grants permission to post metering records for a set of customers for SaaS applications", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "MeterUsage", 17 | "documentationUrl": "https://docs.aws.amazon.com/marketplacemetering/latest/APIReference/API_MeterUsage.html", 18 | "description": "Grants permission to emit metering records", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "RegisterUsage", 26 | "documentationUrl": "https://docs.aws.amazon.com/marketplacemetering/latest/APIReference/API_RegisterUsage.html", 27 | "description": "Grants permission to to verify that the customer running your paid software is subscribed to your product on AWS Marketplace, enabling you to guard against unauthorized use. Meters software use per ECS task, per hour, with usage prorated to the second", 28 | "accessLevel": "Write", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "ResolveCustomer", 35 | "documentationUrl": "https://docs.aws.amazon.com/marketplacemetering/latest/APIReference/API_ResolveCustomer.html", 36 | "description": "Grants permission to resolve a registration token to obtain a CustomerIdentifier and product code", 37 | "accessLevel": "Write", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | } 42 | ] 43 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-marketplace-private-marketplace.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Marketplace Private Marketplace", 3 | "servicePrefix": "aws-marketplace", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsmarketplaceprivatemarketplace.html", 5 | "actions": [ 6 | { 7 | "name": "AssociateProductsWithPrivateMarketplace", 8 | "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/buyerguide/private-marketplace.html", 9 | "description": "Grants permission to approve a request for a product to be associated with the Private Marketplace. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "CreatePrivateMarketplaceRequests", 17 | "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/buyerguide/private-marketplace.html", 18 | "description": "Grants permission to create a new request for a product or products to be associated with the Private Marketplace. This action can be performed by any account in an in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "DescribePrivateMarketplaceRequests", 26 | "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/buyerguide/private-marketplace.html", 27 | "description": "Grants permission to describe requests and associated products in the Private Marketplace. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it", 28 | "accessLevel": "List", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "DisassociateProductsFromPrivateMarketplace", 35 | "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/buyerguide/private-marketplace.html", 36 | "description": "Grants permission to decline a request for a product to be associated with the Private Marketplace. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it", 37 | "accessLevel": "Write", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "ListPrivateMarketplaceRequests", 44 | "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/buyerguide/private-marketplace.html", 45 | "description": "Grants permission to get a queryable list for requests and associated products in the Private Marketplace. This action can be performed by any account in an AWS Organization, provided the user has permissions to do so, and the Organization's Service Control Policies allow it", 46 | "accessLevel": "List", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | } 51 | ] 52 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-marketplace-procurement-systems-integration.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Marketplace Procurement Systems Integration", 3 | "servicePrefix": "aws-marketplace", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsmarketplaceprocurementsystemsintegration.html", 5 | "actions": [ 6 | { 7 | "name": "DescribeProcurementSystemConfiguration", 8 | "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/buyerguide/procurement-systems-integration.html", 9 | "description": "Grants permission to describe the Procurement System integration configuration (e.g. Coupa) for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "PutProcurementSystemConfiguration", 17 | "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/buyerguide/procurement-systems-integration.html", 18 | "description": "Grants permission to create or update the Procurement System integration configuration (e.g. Coupa) for the individual account, or for the entire AWS Organization if one exists. This action can only be performed by the master account if using an AWS Organization", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | } 24 | ] 25 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-marketplace-reporting.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Marketplace Reporting", 3 | "servicePrefix": "aws-marketplace", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsmarketplacereporting.html", 5 | "actions": [ 6 | { 7 | "name": "GetBuyerDashboard", 8 | "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/APIReference/API_marketplace-reporting_GetBuyerDashboard.html", 9 | "description": "Grants permission to view a dashboard that shows a buyer's AWS Marketplace purchase data", 10 | "accessLevel": "Read", 11 | "resourceTypes": [ 12 | "Dashboard*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-marketplace-seller-reporting.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Marketplace Seller Reporting", 3 | "servicePrefix": "aws-marketplace", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsmarketplacesellerreporting.html", 5 | "actions": [ 6 | { 7 | "name": "GetSellerDashboard", 8 | "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/userguide/dashboards.html#reports-accessing", 9 | "description": "Grants permission to view a seller dashboard", 10 | "accessLevel": "Read", 11 | "resourceTypes": [ 12 | "SellerDashboard*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-microservice-extractor-for-.net.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Microservice Extractor for .NET", 3 | "servicePrefix": "serviceextract", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsmicroserviceextractorfor.net.html", 5 | "actions": [ 6 | { 7 | "name": "GetConfig", 8 | "documentationUrl": "https://docs.aws.amazon.com/microservice-extractor/latest/userguide/what-is-microservice-extractor.html", 9 | "description": "Grants permission to get required configuration for the AWS Microservice Extractor for .NET desktop client", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-migration-acceleration-program-credits.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Migration Acceleration Program Credits", 3 | "servicePrefix": "mapcredits", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsmigrationaccelerationprogramcredits.html", 5 | "actions": [ 6 | { 7 | "name": "ListAssociatedPrograms", 8 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", 9 | "description": "Grants permission to view the user's associated Migration Acceleration Program agreements", 10 | "accessLevel": "List", 11 | "resourceTypes": [ 12 | "agreement*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "ListQuarterCredits", 19 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", 20 | "description": "Grants permission to view Migration Acceleration Program agreements credits associated with the user's payer account", 21 | "accessLevel": "List", 22 | "resourceTypes": [ 23 | "agreement*" 24 | ], 25 | "conditionKeys": [], 26 | "dependentActions": [] 27 | }, 28 | { 29 | "name": "ListQuarterSpend", 30 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", 31 | "description": "Grants permission to view Migration Acceleration Program agreements eligible spend associated with the user's payer account", 32 | "accessLevel": "List", 33 | "resourceTypes": [ 34 | "agreement*" 35 | ], 36 | "conditionKeys": [], 37 | "dependentActions": [] 38 | } 39 | ] 40 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-network-manager-chat.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Network Manager Chat", 3 | "servicePrefix": "networkmanager-chat", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsnetworkmanagerchat.html", 5 | "actions": [ 6 | { 7 | "name": "CancelMessageResponse", 8 | "documentationUrl": "https://docs.aws.amazon.com/vpc/latest/reachability/security_iam_required-API-permissions.html", 9 | "description": "Grants permission to cancel a response to a message", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "CreateConversation", 17 | "documentationUrl": "https://docs.aws.amazon.com/vpc/latest/reachability/security_iam_required-API-permissions.html", 18 | "description": "Grants permission to create a conversation", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "DeleteConversation", 26 | "documentationUrl": "https://docs.aws.amazon.com/vpc/latest/reachability/security_iam_required-API-permissions.html", 27 | "description": "Grants permission to delete a conversation", 28 | "accessLevel": "Write", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "ListConversationMessages", 35 | "documentationUrl": "https://docs.aws.amazon.com/vpc/latest/reachability/security_iam_required-API-permissions.html", 36 | "description": "Grants permission to list conversation messages", 37 | "accessLevel": "List", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "ListConversations", 44 | "documentationUrl": "https://docs.aws.amazon.com/vpc/latest/reachability/security_iam_required-API-permissions.html", 45 | "description": "Grants permission to list conversations", 46 | "accessLevel": "List", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | }, 51 | { 52 | "name": "NotifyConversationIsActive", 53 | "documentationUrl": "https://docs.aws.amazon.com/vpc/latest/reachability/security_iam_required-API-permissions.html", 54 | "description": "Grants permission to notify whether there is activity in a conversation", 55 | "accessLevel": "Write", 56 | "resourceTypes": [], 57 | "conditionKeys": [], 58 | "dependentActions": [] 59 | }, 60 | { 61 | "name": "SendConversationMessage", 62 | "documentationUrl": "https://docs.aws.amazon.com/vpc/latest/reachability/security_iam_required-API-permissions.html", 63 | "description": "Grants permission to send a conversation message", 64 | "accessLevel": "Write", 65 | "resourceTypes": [], 66 | "conditionKeys": [], 67 | "dependentActions": [] 68 | } 69 | ] 70 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-partner-central-account-management.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Partner central account management", 3 | "servicePrefix": "partnercentral-account-management", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awspartnercentralaccountmanagement.html", 5 | "actions": [ 6 | { 7 | "name": "AssociatePartnerAccount", 8 | "documentationUrl": "https://docs.aws.amazon.com/partner-central/latest/getting-started/controlling-access-in-apc-account-management.html", 9 | "description": "Grants permission to associate Partner account to AWS account", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "AssociatePartnerUser", 17 | "documentationUrl": "https://docs.aws.amazon.com/partner-central/latest/getting-started/controlling-access-in-apc-account-management.html", 18 | "description": "Grants permission to associate Partner user to IAM role", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "DisassociatePartnerUser", 26 | "documentationUrl": "https://docs.aws.amazon.com/partner-central/latest/getting-started/controlling-access-in-apc-account-management.html", 27 | "description": "Grants permission to disassociate Partner user to IAM role", 28 | "accessLevel": "Write", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | } 33 | ] 34 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-price-list.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Price List", 3 | "servicePrefix": "pricing", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awspricelist.html", 5 | "actions": [ 6 | { 7 | "name": "DescribeServices", 8 | "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_pricing_DescribeServices.html", 9 | "description": "Grants permission to retrieve service details for all (paginated) services (if serviceCode is not set) or service detail for a particular service (if given serviceCode)", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "GetAttributeValues", 17 | "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_pricing_GetAttributeValues.html", 18 | "description": "Grants permission to retrieve all (paginated) possible values for a given attribute", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "GetPriceListFileUrl", 26 | "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_pricing_GetPriceListFileUrl.html", 27 | "description": "Grants permission to retrieve the price list file URL for the given parameters", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "GetProducts", 35 | "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_pricing_GetProducts.html", 36 | "description": "Grants permission to retrieve all matching products with given search criteria", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "ListPriceLists", 44 | "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_pricing_ListPriceLists.html", 45 | "description": "Grants permission to list all (paginated) eligible price lists for the given parameters", 46 | "accessLevel": "Read", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | } 51 | ] 52 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-privatelink.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS PrivateLink", 3 | "servicePrefix": "vpce", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsprivatelink.html", 5 | "actions": [ 6 | { 7 | "name": "AllowMultiRegion", 8 | "documentationUrl": "https://docs.aws.amazon.com/vpc/latest/privatelink/vpc/latest/privatelink/security_iam_service-with-iam.html", 9 | "description": "Grants permission to manage multi-region VPC endpoints and VPC endpoint service configurations", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-signin.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Signin", 3 | "servicePrefix": "signin", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awssignin.html", 5 | "actions": [ 6 | { 7 | "name": "CreateTrustedIdentityPropagationApplicationForConsole", 8 | "documentationUrl": "https://docs.aws.amazon.com/signin/latest/APIReference/create-trusted-identity-propagation-application-for-console.html", 9 | "description": "Grants permission to create an Identity Center application that represents the AWS Management Console on an Identity Center organization instance", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [ 14 | "sso:CreateApplication", 15 | "sso:GetSharedSsoConfiguration", 16 | "sso:ListApplications", 17 | "sso:PutApplicationAccessScope", 18 | "sso:PutApplicationAssignmentConfiguration", 19 | "sso:PutApplicationAuthenticationMethod", 20 | "sso:PutApplicationGrant" 21 | ] 22 | }, 23 | { 24 | "name": "ListTrustedIdentityPropagationApplicationsForConsole", 25 | "documentationUrl": "https://docs.aws.amazon.com/signin/latest/APIReference/list-trusted-identity-propagation-application-for-console.html", 26 | "description": "Grants permission to list all Identity Center applications that represent the AWS Management Console", 27 | "accessLevel": "List", 28 | "resourceTypes": [], 29 | "conditionKeys": [], 30 | "dependentActions": [ 31 | "sso:GetSharedSsoConfiguration", 32 | "sso:ListApplications" 33 | ] 34 | } 35 | ] 36 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-support-plans.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Support Plans", 3 | "servicePrefix": "supportplans", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awssupportplans.html", 5 | "actions": [ 6 | { 7 | "name": "CreateSupportPlanSchedule", 8 | "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/security-support-plans.html", 9 | "description": "Grants permission to create support plan schedules for this AWS account", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "GetSupportPlan", 17 | "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/security-support-plans.html", 18 | "description": "Grants permission to view details about the current support plan for this AWS account", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "GetSupportPlanUpdateStatus", 26 | "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/security-support-plans.html", 27 | "description": "Grants permission to view details about the status for a request to update a support plan", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "ListSupportPlanModifiers", 35 | "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/security-support-plans.html", 36 | "description": "Grants permission to view a list of all support plan modifiers for this AWS account", 37 | "accessLevel": "List", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "StartSupportPlanUpdate", 44 | "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/security-support-plans.html", 45 | "description": "Grants permission to update the support plan for this AWS account", 46 | "accessLevel": "Write", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | } 51 | ] 52 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-support-recommendations.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Support Recommendations", 3 | "servicePrefix": "supportrecommendations", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awssupportrecommendations.html", 5 | "actions": [ 6 | { 7 | "name": "GetSupportTroubleshootingResponse", 8 | "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/security-support-recommendations.html/", 9 | "description": "Grants permission to the GetSupportTroubleshootingResponse API which lists troubleshooting responses for users' issues", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "StartSupportTroubleshooting", 17 | "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/security-support-recommendations.html/", 18 | "description": "Grants permission to the StartSupportTroubleshooting API which starts troubleshooting for users' issues", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | } 24 | ] 25 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-sustainability.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Sustainability", 3 | "servicePrefix": "sustainability", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awssustainability.html", 5 | "actions": [ 6 | { 7 | "name": "GetCarbonFootprintSummary", 8 | "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", 9 | "description": "Grants permission to view the carbon footprint tool", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-systems-manager-gui-connect.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Systems Manager GUI Connect", 3 | "servicePrefix": "ssm-guiconnect", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awssystemsmanagerguiconnect.html", 5 | "actions": [ 6 | { 7 | "name": "CancelConnection", 8 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-remote-desktop-connections.html", 9 | "description": "Grants permission to terminate a GUI Connect connection", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "GetConnection", 17 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-remote-desktop-connections.html", 18 | "description": "Grants permission to get the metadata for a GUI Connect connection", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "ListConnections", 26 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-remote-desktop-connections.html", 27 | "description": "Grants permission to list the metadata for GUI Connect connections", 28 | "accessLevel": "List", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "StartConnection", 35 | "documentationUrl": "https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-remote-desktop-connections.html", 36 | "description": "Grants permission to start a GUI Connect connection", 37 | "accessLevel": "Write", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | } 42 | ] 43 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-tag-editor.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Tag Editor", 3 | "servicePrefix": "resource-explorer", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awstageditor.html", 5 | "actions": [ 6 | { 7 | "name": "ListResourceTypes", 8 | "documentationUrl": "https://docs.aws.amazon.com/ARG/latest/userguide/gettingstarted-prereqs.html#rg-permissions-te", 9 | "description": "Grants permission to retrieve the resource types currently supported by Tag Editor", 10 | "accessLevel": "List", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "ListResources", 17 | "documentationUrl": "https://docs.aws.amazon.com/ARG/latest/userguide/gettingstarted-prereqs.html#rg-permissions-te", 18 | "description": "Grants permission to retrieve the identifiers of the resources in the AWS account", 19 | "accessLevel": "List", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "ListTags", 26 | "documentationUrl": "https://docs.aws.amazon.com/ARG/latest/userguide/gettingstarted-prereqs.html#rg-permissions-te", 27 | "description": "Grants permission to retrieve the tags attached to the specified resource identifiers", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [ 32 | "tag:GetResources" 33 | ] 34 | } 35 | ] 36 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-tiros.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Tiros", 3 | "servicePrefix": "tiros", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awstiros.html", 5 | "actions": [ 6 | { 7 | "name": "CreateQuery", 8 | "documentationUrl": "https://docs.aws.amazon.com/vpc/latest/reachability/security_iam_required-API-permissions.html", 9 | "description": "Grants permission to create a VPC reachability query", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "ExtendQuery", 17 | "documentationUrl": "https://docs.aws.amazon.com/vpc/latest/reachability/security_iam_required-API-permissions.html", 18 | "description": "Grants permission to extend a VPC reachability query to include the calling principals account", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "GetQueryAnswer", 26 | "documentationUrl": "https://docs.aws.amazon.com/vpc/latest/reachability/security_iam_required-API-permissions.html", 27 | "description": "Grants permission to get VPC reachability query answers", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "GetQueryExplanation", 35 | "documentationUrl": "https://docs.aws.amazon.com/vpc/latest/reachability/security_iam_required-API-permissions.html", 36 | "description": "Grants permission to get VPC reachability query explanations", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "GetQueryExtensionAccounts", 44 | "documentationUrl": "https://docs.aws.amazon.com/vpc/latest/reachability/security_iam_required-API-permissions.html", 45 | "description": "Grants permission to list accounts that might be useful in a new query", 46 | "accessLevel": "Read", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | } 51 | ] 52 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-user-subscriptions.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS User Subscriptions", 3 | "servicePrefix": "user-subscriptions", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsusersubscriptions.html", 5 | "actions": [ 6 | { 7 | "name": "CreateClaim", 8 | "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_permissions.html", 9 | "description": "Grants permission to create a User subscription Claim", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [ 13 | "user-subscriptions:CreateForSelf" 14 | ], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "DeleteClaim", 19 | "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_permissions.html", 20 | "description": "Grants permission to delete a User subscription Claim", 21 | "accessLevel": "Write", 22 | "resourceTypes": [], 23 | "conditionKeys": [], 24 | "dependentActions": [] 25 | }, 26 | { 27 | "name": "ListApplicationClaims", 28 | "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_permissions.html", 29 | "description": "Grants permission to list all User subscription Claims for Application", 30 | "accessLevel": "List", 31 | "resourceTypes": [], 32 | "conditionKeys": [], 33 | "dependentActions": [] 34 | }, 35 | { 36 | "name": "ListClaims", 37 | "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_permissions.html", 38 | "description": "Grants permission to list all User subscription Claims", 39 | "accessLevel": "List", 40 | "resourceTypes": [], 41 | "conditionKeys": [], 42 | "dependentActions": [] 43 | }, 44 | { 45 | "name": "ListUserSubscriptions", 46 | "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_permissions.html", 47 | "description": "Grants permission to list all User subscriptions", 48 | "accessLevel": "List", 49 | "resourceTypes": [], 50 | "conditionKeys": [], 51 | "dependentActions": [] 52 | }, 53 | { 54 | "name": "UpdateClaim", 55 | "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/security_iam_permissions.html", 56 | "description": "Grants permission to update a User subscription Claim", 57 | "accessLevel": "Write", 58 | "resourceTypes": [], 59 | "conditionKeys": [], 60 | "dependentActions": [] 61 | } 62 | ] 63 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-verified-access.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Verified Access", 3 | "servicePrefix": "verified-access", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsverifiedaccess.html", 5 | "actions": [ 6 | { 7 | "name": "AllowVerifiedAccess", 8 | "documentationUrl": "https://docs.aws.amazon.com/verified-access/latest/ug/security_iam_id-based-policy-examples.html#security_iam_id-based-policy-examples-create-instance", 9 | "description": "Grants permission to create Verified Access Instance", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/aws-wickr.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "AWS Wickr", 3 | "servicePrefix": "wickr", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awswickr.html", 5 | "actions": [ 6 | { 7 | "name": "CreateAdminSession", 8 | "documentationUrl": "https://docs.aws.amazon.com/wickr/latest/adminguide/security-iam.html", 9 | "description": "Grants permission to create and manage Wickr networks", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "network*" 13 | ], 14 | "conditionKeys": [], 15 | "dependentActions": [] 16 | }, 17 | { 18 | "name": "CreateNetwork", 19 | "documentationUrl": "https://docs.aws.amazon.com/wickr/latest/adminguide/security-iam.html", 20 | "description": "Grants permission to create a new wickr network", 21 | "accessLevel": "Write", 22 | "resourceTypes": [], 23 | "conditionKeys": [], 24 | "dependentActions": [] 25 | }, 26 | { 27 | "name": "DeleteNetwork", 28 | "documentationUrl": "https://docs.aws.amazon.com/wickr/latest/adminguide/security-iam.html", 29 | "description": "Grants permission to create a delete Wickr networks", 30 | "accessLevel": "Write", 31 | "resourceTypes": [], 32 | "conditionKeys": [], 33 | "dependentActions": [] 34 | }, 35 | { 36 | "name": "ListNetworks", 37 | "documentationUrl": "https://docs.aws.amazon.com/wickr/latest/adminguide/security-iam.html", 38 | "description": "Grants permission to view Wickr networks", 39 | "accessLevel": "Write", 40 | "resourceTypes": [], 41 | "conditionKeys": [], 42 | "dependentActions": [] 43 | }, 44 | { 45 | "name": "ListTagsForResource", 46 | "documentationUrl": "https://docs.aws.amazon.com/wickr/latest/adminguide/security-iam.html", 47 | "description": "Grants permission to list the tags applied to a Wickr resource", 48 | "accessLevel": "Read", 49 | "resourceTypes": [], 50 | "conditionKeys": [], 51 | "dependentActions": [] 52 | }, 53 | { 54 | "name": "TagResource", 55 | "documentationUrl": "https://docs.aws.amazon.com/wickr/latest/adminguide/security-iam.html", 56 | "description": "Grants permission to add tags to a specified wickr resource", 57 | "accessLevel": "Tagging", 58 | "resourceTypes": [ 59 | "network*" 60 | ], 61 | "conditionKeys": [ 62 | "aws:TagKeys", 63 | "aws:RequestTag/${TagKey}", 64 | "aws:ResourceTag/${TagKey}" 65 | ], 66 | "dependentActions": [] 67 | }, 68 | { 69 | "name": "UntagResource", 70 | "documentationUrl": "https://docs.aws.amazon.com/wickr/latest/adminguide/security-iam.html", 71 | "description": "Grants permission to untag the specified tags from the specified wickr resource", 72 | "accessLevel": "Tagging", 73 | "resourceTypes": [ 74 | "network*" 75 | ], 76 | "conditionKeys": [ 77 | "aws:TagKeys" 78 | ], 79 | "dependentActions": [] 80 | }, 81 | { 82 | "name": "UpdateNetworkDetails", 83 | "documentationUrl": "https://docs.aws.amazon.com/wickr/latest/adminguide/security-iam.html", 84 | "description": "Grants permission to update Wickr network details", 85 | "accessLevel": "Write", 86 | "resourceTypes": [ 87 | "network*" 88 | ], 89 | "conditionKeys": [], 90 | "dependentActions": [] 91 | } 92 | ] 93 | } -------------------------------------------------------------------------------- /src/data/iam-services/elemental-support-cases.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Elemental Support Cases", 3 | "servicePrefix": "elemental-support-cases", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_elementalsupportcases.html", 5 | "actions": [ 6 | { 7 | "name": "CheckCasePermission", 8 | "documentationUrl": "https://docs.aws.amazon.com/elemental-appliances-software", 9 | "description": "Verify whether the caller has the permissions to perform support case operations", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "CreateCase", 17 | "documentationUrl": "https://docs.aws.amazon.com/elemental-appliances-software", 18 | "description": "Grant the permission to create a support case", 19 | "accessLevel": "Write", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "GetCase", 26 | "documentationUrl": "https://docs.aws.amazon.com/elemental-appliances-software", 27 | "description": "Grant the permission to describe a support case in your account", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "GetCases", 35 | "documentationUrl": "https://docs.aws.amazon.com/elemental-appliances-software", 36 | "description": "Grant the permission to list the support cases in your account", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "UpdateCase", 44 | "documentationUrl": "https://docs.aws.amazon.com/elemental-appliances-software", 45 | "description": "Grant the permission to update a support case", 46 | "accessLevel": "Write", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | } 51 | ] 52 | } -------------------------------------------------------------------------------- /src/data/iam-services/elemental-support-content.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Elemental Support Content", 3 | "servicePrefix": "elemental-support-content", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_elementalsupportcontent.html", 5 | "actions": [ 6 | { 7 | "name": "Query", 8 | "documentationUrl": "https://docs.aws.amazon.com/elemental-appliances-software", 9 | "description": "Grant the permission to search support content", 10 | "accessLevel": "Read", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /src/data/iam-services/launch-wizard.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Launch Wizard", 3 | "servicePrefix": "launchwizard", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_launchwizard.html", 5 | "actions": [ 6 | { 7 | "name": "DeleteApp", 8 | "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", 9 | "description": "Delete an application", 10 | "accessLevel": "Write", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "DescribeProvisionedApp", 17 | "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", 18 | "description": "Describe provisioning applications", 19 | "accessLevel": "Read", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "DescribeProvisioningEvents", 26 | "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", 27 | "description": "Describe provisioning events", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [] 32 | }, 33 | { 34 | "name": "GetInfrastructureSuggestion", 35 | "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", 36 | "description": "Get infrastructure suggestion", 37 | "accessLevel": "Read", 38 | "resourceTypes": [], 39 | "conditionKeys": [], 40 | "dependentActions": [] 41 | }, 42 | { 43 | "name": "GetIpAddress", 44 | "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", 45 | "description": "Get customer's ip address", 46 | "accessLevel": "Read", 47 | "resourceTypes": [], 48 | "conditionKeys": [], 49 | "dependentActions": [] 50 | }, 51 | { 52 | "name": "GetResourceCostEstimate", 53 | "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", 54 | "description": "Get resource cost estimate", 55 | "accessLevel": "Read", 56 | "resourceTypes": [], 57 | "conditionKeys": [], 58 | "dependentActions": [] 59 | }, 60 | { 61 | "name": "ListProvisionedApps", 62 | "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", 63 | "description": "List provisioning applications", 64 | "accessLevel": "List", 65 | "resourceTypes": [], 66 | "conditionKeys": [], 67 | "dependentActions": [] 68 | }, 69 | { 70 | "name": "StartProvisioning", 71 | "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", 72 | "description": "Start a provisioning", 73 | "accessLevel": "Write", 74 | "resourceTypes": [], 75 | "conditionKeys": [], 76 | "dependentActions": [] 77 | } 78 | ] 79 | } -------------------------------------------------------------------------------- /src/data/iam-services/recycle-bin.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Recycle Bin", 3 | "servicePrefix": "rbin", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_recyclebin.html", 5 | "actions": [ 6 | { 7 | "name": "CreateRule", 8 | "documentationUrl": "https://docs.aws.amazon.com/recyclebin/latest/APIReference/API_CreateRule.html", 9 | "description": "Grants permission to create a Recycle Bin retention rule", 10 | "accessLevel": "Write", 11 | "resourceTypes": [ 12 | "rule*" 13 | ], 14 | "conditionKeys": [ 15 | "aws:RequestTag/${TagKey}", 16 | "aws:TagKeys" 17 | ], 18 | "dependentActions": [] 19 | }, 20 | { 21 | "name": "DeleteRule", 22 | "documentationUrl": "https://docs.aws.amazon.com/recyclebin/latest/APIReference/API_DeleteRule.html", 23 | "description": "Grants permission to delete a Recycle Bin retention rule", 24 | "accessLevel": "Write", 25 | "resourceTypes": [ 26 | "rule*" 27 | ], 28 | "conditionKeys": [], 29 | "dependentActions": [] 30 | }, 31 | { 32 | "name": "GetRule", 33 | "documentationUrl": "https://docs.aws.amazon.com/recyclebin/latest/APIReference/API_GetRule.html", 34 | "description": "Grants permission to get detailed information about a Recycle Bin retention rule", 35 | "accessLevel": "Read", 36 | "resourceTypes": [ 37 | "rule*" 38 | ], 39 | "conditionKeys": [ 40 | "aws:ResourceTag/${TagKey}" 41 | ], 42 | "dependentActions": [] 43 | }, 44 | { 45 | "name": "ListRules", 46 | "documentationUrl": "https://docs.aws.amazon.com/recyclebin/latest/APIReference/API_ListRules.html", 47 | "description": "Grants permission to list the Recycle Bin retention rules in the Region", 48 | "accessLevel": "Read", 49 | "resourceTypes": [], 50 | "conditionKeys": [], 51 | "dependentActions": [] 52 | }, 53 | { 54 | "name": "ListTagsForResource", 55 | "documentationUrl": "https://docs.aws.amazon.com/recyclebin/latest/APIReference/API_ListTagsForResource.html", 56 | "description": "Grants permission to list the tags associated with a resource", 57 | "accessLevel": "Read", 58 | "resourceTypes": [ 59 | "rule*" 60 | ], 61 | "conditionKeys": [], 62 | "dependentActions": [] 63 | }, 64 | { 65 | "name": "TagResource", 66 | "documentationUrl": "https://docs.aws.amazon.com/recyclebin/latest/APIReference/API_TagResource.html", 67 | "description": "Grants permission to add or update tags of a resource", 68 | "accessLevel": "Tagging", 69 | "resourceTypes": [ 70 | "rule*" 71 | ], 72 | "conditionKeys": [ 73 | "aws:RequestTag/${TagKey}", 74 | "aws:TagKeys" 75 | ], 76 | "dependentActions": [] 77 | }, 78 | { 79 | "name": "UntagResource", 80 | "documentationUrl": "https://docs.aws.amazon.com/recyclebin/latest/APIReference/API_UntagResource.html", 81 | "description": "Grants permission to remove tags associated with a resource", 82 | "accessLevel": "Tagging", 83 | "resourceTypes": [ 84 | "rule*" 85 | ], 86 | "conditionKeys": [ 87 | "aws:RequestTag/${TagKey}", 88 | "aws:TagKeys" 89 | ], 90 | "dependentActions": [] 91 | }, 92 | { 93 | "name": "UpdateRule", 94 | "documentationUrl": "https://docs.aws.amazon.com/recyclebin/latest/APIReference/API_UpdateRule.html", 95 | "description": "Grants permission to update an existing Recycle Bin retention rule", 96 | "accessLevel": "Write", 97 | "resourceTypes": [ 98 | "rule*" 99 | ], 100 | "conditionKeys": [], 101 | "dependentActions": [] 102 | } 103 | ] 104 | } -------------------------------------------------------------------------------- /src/data/iam-services/tag-editor.json: -------------------------------------------------------------------------------- 1 | { 2 | "serviceName": "Tag Editor", 3 | "servicePrefix": "resource-explorer", 4 | "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_tageditor.html", 5 | "actions": [ 6 | { 7 | "name": "ListResourceTypes", 8 | "documentationUrl": "https://docs.aws.amazon.com/ARG/latest/userguide/gettingstarted-prereqs.html#rg-permissions-te", 9 | "description": "Grants permission to retrieve the resource types currently supported by Tag Editor", 10 | "accessLevel": "List", 11 | "resourceTypes": [], 12 | "conditionKeys": [], 13 | "dependentActions": [] 14 | }, 15 | { 16 | "name": "ListResources", 17 | "documentationUrl": "https://docs.aws.amazon.com/ARG/latest/userguide/gettingstarted-prereqs.html#rg-permissions-te", 18 | "description": "Grants permission to retrieve the identifiers of the resources in the AWS account", 19 | "accessLevel": "List", 20 | "resourceTypes": [], 21 | "conditionKeys": [], 22 | "dependentActions": [] 23 | }, 24 | { 25 | "name": "ListTags", 26 | "documentationUrl": "https://docs.aws.amazon.com/ARG/latest/userguide/gettingstarted-prereqs.html#rg-permissions-te", 27 | "description": "Grants permission to retrieve the tags attached to the specified resource identifiers", 28 | "accessLevel": "Read", 29 | "resourceTypes": [], 30 | "conditionKeys": [], 31 | "dependentActions": [ 32 | "tag:GetResources" 33 | ] 34 | } 35 | ] 36 | } -------------------------------------------------------------------------------- /src/documentParser.ts: -------------------------------------------------------------------------------- 1 | import { Position, Range, TextDocument } from "vscode"; 2 | 3 | export const getActionOffset = (word: string, range: Range) => 4 | word.indexOf(':') >= 0 ? word.indexOf(':') + 1 + range?.start.character : 0; 5 | 6 | export const getActionRange = (position: Position, actionOffset: number) => 7 | new Range(position.line, actionOffset, position.line, position.character); 8 | 9 | export const getFullWordAtPosition = (document: TextDocument, position: Position) => { 10 | const range = document.getWordRangeAtPosition(position, /[a-z0-9:-]+/i); 11 | const word = range && document.getText(range); 12 | 13 | return { range, word }; 14 | }; 15 | 16 | export const getWordAtPosition = (document: TextDocument, position: Position) => { 17 | const range = document.getWordRangeAtPosition(position); 18 | const word = range && document.getText(range); 19 | 20 | return { range, word }; 21 | }; 22 | 23 | /** 24 | * Check whether or not the given position appears to be within an array of actions 25 | * 26 | * @param {TextDocument} document 27 | * @param {Position} position 28 | * @return {*} {boolean} 29 | */ 30 | export const isInsideActionsArray = (document: TextDocument, position: Position): boolean => { 31 | // if current line is actions/notActions field, we are inside the actions field 32 | const actionsPatternSameLine = /^"?(not)?actions?"?\s*[:=]\s+/i; // TODO: Separate matching by file type 33 | let lineText = document.getText(new Range(position.line, 0, position.line, Number.MAX_VALUE)).trimStart().toLowerCase(); 34 | if (actionsPatternSameLine.test(lineText)) { 35 | return true; 36 | } 37 | 38 | // if all previous lines start with '-' or '"' until we find a line that starts with 'actions/notActions', then we're also good 39 | const actionsPatternOtherLine = /^"?(not)?actions?"?\s*[:=]/i; // same as above minus the trailing whitespace 40 | let line = position.line - 1; 41 | while (line > 0) { 42 | lineText = document.lineAt(line).text.trimStart().toLowerCase(); 43 | 44 | if (actionsPatternOtherLine.test(lineText)) { 45 | return true; 46 | } 47 | 48 | if (/^["\[-]/.test(lineText)) { 49 | line--; 50 | continue; 51 | } 52 | 53 | return false; 54 | } 55 | 56 | return false; 57 | }; 58 | -------------------------------------------------------------------------------- /src/documentation.ts: -------------------------------------------------------------------------------- 1 | import { EOL } from 'os'; 2 | import { MarkdownString } from 'vscode'; 3 | import { IamService, IamAction } from "./domain"; 4 | 5 | const mdEOL = EOL + EOL; // use two line breaks because markdown.. 6 | 7 | export const createServiceDocs = ({ serviceName, url }: IamService) => 8 | new MarkdownString(`${serviceName} [IAM Reference](${url})`); 9 | 10 | export const createActionDocs = (action: IamAction) => { 11 | const lines = []; 12 | lines.push( 13 | action.documentationUrl 14 | ? `**[${action.name}](${action.documentationUrl})**` 15 | : `**${action.name}**` 16 | ); 17 | 18 | lines.push(`${action.description}`); 19 | 20 | if (action.resourceTypes && action.resourceTypes.length) { 21 | lines.push('Resource Types:'); 22 | lines.push(action.resourceTypes.map(x => '- ' + x).join(EOL)); 23 | } 24 | 25 | if (action.conditionKeys && action.conditionKeys.length) { 26 | lines.push('Condition Keys:'); 27 | lines.push(action.conditionKeys.map(x => '- ' + x).join(EOL)); 28 | } 29 | 30 | if (action.dependentActions && action.dependentActions.length) { 31 | lines.push('Dependent Actions:'); 32 | lines.push(action.dependentActions.map(x => '- ' + x).join(EOL)); 33 | } 34 | 35 | return new MarkdownString(lines.join(mdEOL)); 36 | }; 37 | 38 | const createServiceActionDocs = ({ serviceName }: IamService, actions: IamAction[]) => { 39 | const lines = []; 40 | lines.push(`**${serviceName}**`); 41 | lines.push(actions.map(x => createShortActionDocs(x).value).join(mdEOL)); 42 | 43 | return new MarkdownString(lines.join(mdEOL)); 44 | }; 45 | 46 | const createShortActionDocs = ({ name, documentationUrl, description }: IamAction) => { 47 | const lines = []; 48 | lines.push( 49 | documentationUrl 50 | ? `**[${name}](${documentationUrl})**` 51 | : `**${name}**` 52 | ); 53 | 54 | lines.push(`${description}`); 55 | 56 | return new MarkdownString(lines.join(mdEOL)); 57 | }; 58 | 59 | export const createServicesActionDocs = (items: { service: IamService; actions: IamAction[]; }[]): MarkdownString[] => { 60 | if (items.length === 0) { 61 | return [new MarkdownString('No matching actions')]; 62 | }; 63 | 64 | if (items.length === 1 && items[0].actions.length === 1) { 65 | return [...items.map(({ service, actions }) => createServiceActionDocs(service, actions))]; 66 | } 67 | 68 | return [new MarkdownString(`Matches multiple actions:${EOL}`), ...items.map(({ service, actions }) => createServiceActionDocs(service, actions))]; 69 | }; 70 | -------------------------------------------------------------------------------- /src/domain/IamAction.ts: -------------------------------------------------------------------------------- 1 | export interface IamAction { 2 | name: string; 3 | description: string; 4 | resourceTypes: string[]; 5 | conditionKeys: string[]; 6 | dependentActions: string[]; 7 | documentationUrl: string; 8 | } 9 | -------------------------------------------------------------------------------- /src/domain/IamService.ts: -------------------------------------------------------------------------------- 1 | import { IamAction } from "./IamAction"; 2 | 3 | export interface IamService { 4 | serviceName: string; 5 | servicePrefix: string; 6 | url: string; 7 | actions: IamAction[]; 8 | } 9 | 10 | export type IamServicesByPrefix = Record; 11 | 12 | type ServicePrefix = string; 13 | -------------------------------------------------------------------------------- /src/domain/index.ts: -------------------------------------------------------------------------------- 1 | export * from "./IamAction"; 2 | export * from './IamService'; 3 | -------------------------------------------------------------------------------- /src/domain/utility/groupBy.ts: -------------------------------------------------------------------------------- 1 | export const groupBy = (arr: Record[], key: string): Record => 2 | arr.reduce((acc, curr) => { 3 | if (curr[key] === undefined) { 4 | throw new Error(`Key ${key} is not present in the object`); 5 | } 6 | 7 | const value = curr[key]; 8 | 9 | acc[value] = [curr, ...acc[value] || []]; 10 | return acc; 11 | }, {}); 12 | -------------------------------------------------------------------------------- /src/domain/utility/iam.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Normalize string to remove invalid characters from service/action names 3 | * 4 | * @param {string} text 5 | */ 6 | export const normalize = (text: string) => 7 | text.replace(/[^a-z0-9-\*:]/gi, ' ').trim(); 8 | 9 | export const getServiceFromServiceAction = (serviceAction: string): string => 10 | serviceAction.split(':')[0]; 11 | -------------------------------------------------------------------------------- /src/domain/utility/index.ts: -------------------------------------------------------------------------------- 1 | export * from './groupBy'; 2 | export * from './iam'; 3 | export * from './match'; 4 | -------------------------------------------------------------------------------- /src/domain/utility/match.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Match a pattern that supports * and ? wildcards against a string 3 | * Allows for partial matches 4 | * 5 | * @param {string} pattern The pattern to match with 6 | * @param {string} str The string to match against 7 | * @return {boolean} True if the pattern matches the string 8 | */ 9 | export const match = (pattern: string, str: string): boolean => { 10 | const regexPattern = "^" + pattern.replace(/\*/g, ".*") + "$"; 11 | const regex = new RegExp(regexPattern, "i"); 12 | 13 | return regex.test(str); 14 | }; 15 | -------------------------------------------------------------------------------- /src/extension.ts: -------------------------------------------------------------------------------- 1 | // The module 'vscode' contains the VS Code extensibility API 2 | // Import the module and reference it with the alias vscode in your code below 3 | import { DocumentSelector, ExtensionContext, languages } from "vscode"; 4 | 5 | import { getIamServicesByPrefix } from "./iamProvider"; 6 | import { IamServicesByPrefix } from './domain'; 7 | 8 | import { getHoverProvider } from "./hoverProvider"; 9 | import { getCompletionItemProvider } from "./completionProvider"; 10 | 11 | export async function activate(context: ExtensionContext) { 12 | console.info("iam-legend extension activating"); 13 | 14 | const iamServicesByPrefix = await getIamServicesByPrefix(); 15 | registerHoverProviders(iamServicesByPrefix, context); 16 | registerCompletionItemProviders(iamServicesByPrefix, context); 17 | } 18 | 19 | const supportedLanguages: DocumentSelector[] = [{ 20 | language: 'yaml' 21 | }, { 22 | language: 'json' 23 | }, { 24 | language: 'typescript' 25 | }, { 26 | pattern: '**/*.{tf,tfvars}' 27 | } 28 | ]; 29 | 30 | const registerHoverProviders = (services: IamServicesByPrefix, context: ExtensionContext) => { 31 | const hoverProvider = getHoverProvider(services); 32 | context.subscriptions.push(...supportedLanguages.map(language => languages.registerHoverProvider( 33 | language, 34 | hoverProvider 35 | ))); 36 | }; 37 | 38 | const registerCompletionItemProviders = ( 39 | iamServicesByPrefix: IamServicesByPrefix, 40 | context: ExtensionContext 41 | ) => { 42 | const completionItemProvider = getCompletionItemProvider(iamServicesByPrefix); 43 | context.subscriptions.push(...supportedLanguages.map(language => languages.registerCompletionItemProvider( 44 | language, 45 | completionItemProvider, 46 | ':' 47 | ))); 48 | }; 49 | -------------------------------------------------------------------------------- /src/hoverProvider.ts: -------------------------------------------------------------------------------- 1 | import { HoverProvider, Position } from "vscode"; 2 | import { createServicesActionDocs, createServiceDocs } from "./documentation"; 3 | import { isInsideActionsArray } from "./documentParser"; 4 | import { IamServicesByPrefix } from "./domain"; 5 | import { match, normalize } from "./domain/utility"; 6 | 7 | export const getHoverProvider = (iamServicesByPrefix: IamServicesByPrefix): HoverProvider => ({ 8 | provideHover(document, position) { 9 | const wordRange = document.getWordRangeAtPosition(position, /[a-z0-9-*]+/i); 10 | 11 | const emptyResult = { contents: [] }; 12 | if (!wordRange) { return emptyResult; } 13 | 14 | if (!isInsideActionsArray(document, position)) { 15 | return emptyResult; 16 | } 17 | 18 | const word = normalize(document.getText(wordRange)); 19 | 20 | let [serviceName, action] = word.split(':'); 21 | if (!iamServicesByPrefix[serviceName]) { 22 | // if the hovered word doesn't include a known service, try with previous word 23 | action = serviceName; 24 | let serviceWordRange = document.getWordRangeAtPosition(new Position( 25 | position.line, 26 | wordRange.start.character - 2 27 | ), /[a-z0-9-]+/i); 28 | serviceName = normalize(document.getText(serviceWordRange)); 29 | } 30 | 31 | const services = iamServicesByPrefix[serviceName]; 32 | if (!services) { 33 | return emptyResult; 34 | } 35 | 36 | // if word matches 'service' but no action 37 | // return hover with documentation for that service 38 | if (services && !action) { 39 | return { 40 | contents: services.map(x => createServiceDocs(x)), 41 | }; 42 | } 43 | 44 | if (word.includes(':') && position.character < wordRange.start.character + serviceName.length + 1) { 45 | return { 46 | contents: services.map(x => createServiceDocs(x)), 47 | }; 48 | } 49 | 50 | const serviceActions = services.map(x => ({ service: x, actions: x.actions.filter(x => match(action, x.name)) })).filter(x => x.actions.length > 0); 51 | if (!serviceActions) { return emptyResult; } 52 | 53 | return { 54 | contents: [...createServicesActionDocs(serviceActions)], 55 | }; 56 | } 57 | }); 58 | -------------------------------------------------------------------------------- /src/iamProvider.ts: -------------------------------------------------------------------------------- 1 | import { promisify } from 'util'; 2 | import { readdir, readFile } from 'fs'; 3 | import { resolve } from 'path'; 4 | import { groupBy } from './domain/utility'; 5 | import { IamService, IamServicesByPrefix } from './domain'; 6 | 7 | const readdirAsync = promisify(readdir); 8 | const readFileAsync = promisify(readFile); 9 | 10 | export const getIamServicesByPrefix = async (): Promise => { 11 | const directory = resolve(__dirname, 'data', 'iam-services'); 12 | const files = await readdirAsync(directory); 13 | const readFiles = files.map( 14 | file => readFileAsync(resolve(directory, file), 'utf8') 15 | .then((data) => JSON.parse(data) as IamService) 16 | ); 17 | 18 | const services = await Promise.all(readFiles); 19 | const servicesByPrefix = groupBy(services, 'servicePrefix'); 20 | return servicesByPrefix as IamServicesByPrefix; 21 | }; 22 | -------------------------------------------------------------------------------- /src/test/runTest.ts: -------------------------------------------------------------------------------- 1 | import * as path from "path"; 2 | 3 | import { runTests } from "@vscode/test-electron"; 4 | 5 | async function main() { 6 | try { 7 | // The folder containing the Extension Manifest package.json 8 | // Passed to `--extensionDevelopmentPath` 9 | const extensionDevelopmentPath = path.resolve(__dirname, "../../"); 10 | 11 | // The path to test runner 12 | // Passed to --extensionTestsPath 13 | const extensionTestsPath = path.resolve(__dirname, "./suite/index"); 14 | 15 | // Download VS Code, unzip it and run the integration test 16 | await runTests({ extensionDevelopmentPath, extensionTestsPath }); 17 | } catch (err) { 18 | console.error("Failed to run tests"); 19 | process.exit(1); 20 | } 21 | } 22 | 23 | main(); 24 | -------------------------------------------------------------------------------- /src/test/suite/index.ts: -------------------------------------------------------------------------------- 1 | import * as path from "path"; 2 | import * as Mocha from "mocha"; 3 | import * as glob from "glob"; 4 | 5 | export function run(): Promise { 6 | // Create the mocha test 7 | const mocha = new Mocha({ 8 | ui: "tdd", 9 | color: true, 10 | }); 11 | 12 | const testsRoot = path.resolve(__dirname, ".."); 13 | 14 | return new Promise((c, e) => { 15 | glob("**/suite/*.test.js", { cwd: testsRoot }, (err, files) => { 16 | if (err) { 17 | return e(err); 18 | } 19 | 20 | // Add files to the test suite 21 | files.forEach((f) => mocha.addFile(path.resolve(testsRoot, f))); 22 | 23 | try { 24 | // Run the mocha test 25 | mocha.run((failures) => { 26 | if (failures > 0) { 27 | e(new Error(`${failures} tests failed.`)); 28 | } else { 29 | c(); 30 | } 31 | }); 32 | } catch (err) { 33 | console.error(err); 34 | e(err); 35 | } 36 | }); 37 | }); 38 | } 39 | -------------------------------------------------------------------------------- /src/test/unit/groupBy.test.ts: -------------------------------------------------------------------------------- 1 | import { groupBy } from '../../domain/utility'; 2 | 3 | describe('[groupBy]', () => { 4 | it('should group an array of objects by the given key', () => { 5 | const arr = [{ 6 | a: '123', 7 | b: '456' 8 | }, { 9 | a: '123', 10 | b: '789' 11 | }, { 12 | a: '456', 13 | b: '123' 14 | }]; 15 | 16 | const actual = groupBy(arr, 'a'); 17 | 18 | expect(actual['123'].length).toBe(2); 19 | expect(actual['456'].length).toBe(1); 20 | }); 21 | 22 | it('should return an empty object if the array is empty', () => { 23 | const arr = []; 24 | const actual = groupBy(arr, 'a'); 25 | 26 | expect(Object.keys(actual).length).toBe(0); 27 | }); 28 | 29 | it('should throw if the given key is not present in all objects', () => { 30 | const arr = [{ 31 | a: '123', 32 | b: '456', 33 | c: '789' 34 | }, { 35 | a: '123', 36 | b: '789' 37 | }]; 38 | 39 | expect(() => groupBy(arr, 'c')).toThrow(); 40 | }); 41 | }); 42 | -------------------------------------------------------------------------------- /src/test/unit/iam.test.ts: -------------------------------------------------------------------------------- 1 | import { getServiceFromServiceAction, normalize } from "../../domain/utility"; 2 | 3 | describe('[iam]', () => { 4 | describe('[getServiceFromServiceAction]', () => { 5 | it('should return service from serviceAction string', () => { 6 | const serviceAction = 'dynamodb:PutItem'; 7 | const expected = 'dynamodb'; 8 | const actual = getServiceFromServiceAction(serviceAction); 9 | 10 | expect(actual).toEqual(expected); 11 | }); 12 | 13 | it('should return full input string if no action', () => { 14 | const serviceAction = 'dynamodb'; 15 | const expected = 'dynamodb'; 16 | const actual = getServiceFromServiceAction(serviceAction); 17 | 18 | expect(actual).toEqual(expected); 19 | }); 20 | }); 21 | 22 | describe('[normalize]', () => { 23 | it('should normalize service/action', () => { 24 | const input = ' "dynamodb:GetItem"'; 25 | const expected = 'dynamodb:GetItem'; 26 | 27 | const actual = normalize(input); 28 | expect(actual).toEqual(expected); 29 | }); 30 | }); 31 | }); 32 | -------------------------------------------------------------------------------- /src/test/unit/match.test.ts: -------------------------------------------------------------------------------- 1 | import { match } from "../../domain/utility"; 2 | 3 | describe("[match]", () => { 4 | it("should match same values", () => { 5 | expect(match("abc", "abc")).toBe(true); 6 | }); 7 | 8 | it("should not match different values", () => { 9 | expect(match("abc", "def")).toBe(false); 10 | }); 11 | 12 | it("should not match if substring", () => { 13 | expect(match("abc", "abcdef")).toBe(false); 14 | expect(match("abc", "defabc")).toBe(false); 15 | }); 16 | 17 | it("should respect * wildcard at start", () => { 18 | expect(match("*def", "abcdef")).toBe(true); 19 | }); 20 | 21 | it("should respect * wildcard at end", () => { 22 | expect(match("abc*", "abcdef")).toBe(true); 23 | }); 24 | 25 | it("should respect * wildcard in the middle", () => { 26 | expect(match("ab*ef", "abcdef")).toBe(true); 27 | }); 28 | 29 | it("should respect multiple * wildcards", () => { 30 | expect(match("a*c*ef", "abcdef")).toBe(true); 31 | }); 32 | 33 | it("should be case insensitive", () => { 34 | expect(match("ABC", "abc")).toBe(true); 35 | }); 36 | }); 37 | -------------------------------------------------------------------------------- /tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "module": "commonjs", 4 | "target": "ES2020", 5 | "lib": [ 6 | "ES2020" 7 | ], 8 | "sourceMap": true, 9 | "rootDir": "src", 10 | "strict": true /* enable all strict type-checking options */ 11 | /* Additional Checks */ 12 | // "noImplicitReturns": true, /* Report error when not all code paths in function return a value. */ 13 | // "noFallthroughCasesInSwitch": true, /* Report errors for fallthrough cases in switch statement. */ 14 | // "noUnusedParameters": true, /* Report errors on unused parameters. */ 15 | }, 16 | "exclude": [ 17 | "node_modules", 18 | ".vscode-test", 19 | "src/test/unit" 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /webpack.config.js: -------------------------------------------------------------------------------- 1 | //@ts-check 2 | 3 | "use strict"; 4 | 5 | const path = require("path"); 6 | const CopyPlugin = require("copy-webpack-plugin"); 7 | 8 | //@ts-check 9 | /** @typedef {import('webpack').Configuration} WebpackConfig **/ 10 | 11 | /** @type WebpackConfig */ 12 | const extensionConfig = { 13 | target: "node", // vscode extensions run in a Node.js-context 📖 -> https://webpack.js.org/configuration/node/ 14 | mode: "none", // this leaves the source code as close as possible to the original (when packaging we set this to 'production') 15 | 16 | entry: "./src/extension.ts", // the entry point of this extension, 📖 -> https://webpack.js.org/configuration/entry-context/ 17 | output: { 18 | // the bundle is stored in the 'dist' folder (check package.json), 📖 -> https://webpack.js.org/configuration/output/ 19 | path: path.resolve(__dirname, "dist"), 20 | filename: "extension.js", 21 | libraryTarget: "commonjs2", 22 | }, 23 | externals: { 24 | vscode: "commonjs vscode", // the vscode-module is created on-the-fly and must be excluded. Add other modules that cannot be webpack'ed, 📖 -> https://webpack.js.org/configuration/externals/ 25 | // modules added here also need to be added in the .vscodeignore file 26 | }, 27 | resolve: { 28 | // support reading TypeScript and JavaScript files, 📖 -> https://github.com/TypeStrong/ts-loader 29 | extensions: [".ts", ".js"], 30 | }, 31 | module: { 32 | rules: [ 33 | { 34 | test: /\.ts$/, 35 | exclude: /node_modules/, 36 | use: [ 37 | { 38 | loader: "ts-loader", 39 | }, 40 | ], 41 | }, 42 | ], 43 | }, 44 | devtool: "nosources-source-map", 45 | infrastructureLogging: { 46 | level: "log", // enables logging required for problem matchers 47 | }, 48 | plugins: [ 49 | new CopyPlugin({ 50 | patterns: [ 51 | { 52 | from: path.resolve(__dirname, "src/data/iam-services"), 53 | to: path.resolve(__dirname, "dist/data/iam-services") 54 | }, 55 | ], 56 | }), 57 | ], 58 | }; 59 | module.exports = [extensionConfig]; 60 | --------------------------------------------------------------------------------