{
"VPCPolicyServiceActionMap": {
"Amazon DynamoDB For VPC Policies": [
"DescribeContinuousBackups",
"DescribeBackup",
"DescribeReservedCapacity",
"PurchaseReservedCapacityOfferings",
"ListBackups",
"DeleteItem",
"Query",
"DeleteBackup",
"DescribeTable",
"CreateTable",
"BatchGetItem",
"BatchWriteItem",
"DeleteTable",
"RestoreTableFromBackup",
"GetItem",
"DescribeLimits",
"UpdateTable",
"UpdateItem",
"DescribeReservedCapacityOfferings",
"ListTables",
"Scan",
"PutItem",
"CreateBackup"
]
},
"conditionKeys": [
"aws:CurrentTime",
"aws:EpochTime",
"aws:MultiFactorAuthAge",
"aws:MultiFactorAuthPresent",
"aws:PrincipalArn",
"aws:PrincipalOrgID",
"aws:PrincipalTag/${TagKey}",
"aws:PrincipalType",
"aws:Referer",
"aws:RequestTag/${TagKey}",
"aws:RequestedRegion",
"aws:SecureTransport",
"aws:SourceAccount",
"aws:SourceArn",
"aws:SourceIp",
"aws:SourceVpc",
"aws:SourceVpce",
"aws:TagKeys",
"aws:TokenIssueTime",
"aws:UserAgent",
"aws:ViaAWSService",
"aws:userid",
"aws:username"
],
"conditionOperators": [
"ArnEquals",
"ArnEqualsIfExists",
"ArnLike",
"ArnLikeIfExists",
"ArnNotEquals",
"ArnNotEqualsIfExists",
"ArnNotLike",
"ArnNotLikeIfExists",
"BinaryEquals",
"BinaryEqualsIfExists",
"BinaryNotEquals",
"BinaryNotEqualsIfExists",
"Bool",
"BoolIfExists",
"DateEquals",
"DateEqualsIfExists",
"DateGreaterThan",
"DateGreaterThanEquals",
"DateGreaterThanEqualsIfExists",
"DateGreaterThanIfExists",
"DateLessThan",
"DateLessThanEquals",
"DateLessThanEqualsIfExists",
"DateLessThanIfExists",
"DateNotEquals",
"DateNotEqualsIfExists",
"IpAddress",
"IpAddressIfExists",
"NotIpAddress",
"NotIpAddressIfExists",
"Null",
"NumericEquals",
"NumericEqualsIfExists",
"NumericGreaterThan",
"NumericGreaterThanEquals",
"NumericGreaterThanEqualsIfExists",
"NumericGreaterThanIfExists",
"NumericLessThan",
"NumericLessThanEquals",
"NumericLessThanEqualsIfExists",
"NumericLessThanIfExists",
"NumericNotEquals",
"NumericNotEqualsIfExists",
"StringEquals",
"StringEqualsIfExists",
"StringEqualsIgnoreCase",
"StringEqualsIgnoreCaseIfExists",
"StringLike",
"StringLikeIfExists",
"StringNotEquals",
"StringNotEqualsIfExists",
"StringNotEqualsIgnoreCase",
"StringNotEqualsIgnoreCaseIfExists",
"StringNotLike",
"StringNotLikeIfExists"
],
"policyTypes": {
"IAMPolicy": {
"AssociatedService": [
"*"
],
"Name": "IAM Policy"
},
"S3Policy": {
"AssociatedService": [
"Amazon S3"
],
"Name": "S3 Bucket Policy"
},
"SNSPolicy": {
"AssociatedService": [
"Amazon SNS"
],
"Name": "SNS Topic Policy"
},
"SQSPolicy": {
"AssociatedService": [
"Amazon SQS"
],
"Name": "SQS Queue Policy"
},
"VPCPolicy": {
"AssociatedService": [
"Amazon S3",
"Amazon DynamoDB For VPC Policies"
],
"Name": "VPC Endpoint Policy"
}
},
"serviceMap": {
"AWS Account Management": {
"ARNFormat": "arn:aws:account::${Account}:account",
"ARNRegex": "^arn:aws:account::.+:account",
"Actions": [
"CloseAccount",
"DeleteAlternateContact",
"DisableRegion",
"EnableRegion",
"GetAccountInformation",
"GetAlternateContact",
"GetChallengeQuestions",
"GetContactInformation",
"GetRegionOptStatus",
"ListRegions",
"PutAlternateContact",
"PutChallengeQuestions",
"PutContactInformation"
],
"HasResource": true,
"StringPrefix": "account",
"conditionKeys": [
"account:AccountResourceOrgPaths",
"account:AccountResourceOrgTags/${TagKey}",
"account:AlternateContactTypes",
"account:TargetRegion"
]
},
"AWS Activate": {
"Actions": [
"CreateForm",
"GetAccountContact",
"GetContentInfo",
"GetCosts",
"GetCredits",
"GetMemberInfo",
"GetProgram",
"PutMemberInfo"
],
"HasResource": false,
"StringPrefix": "activate"
},
"AWS Amplify": {
"ARNFormat": "arn:aws:amplify:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:amplify:.+:.+:.+",
"Actions": [
"CreateApp",
"CreateBackendEnvironment",
"CreateBranch",
"CreateDeployment",
"CreateDomainAssociation",
"CreateWebHook",
"DeleteApp",
"DeleteBackendEnvironment",
"DeleteBranch",
"DeleteDomainAssociation",
"DeleteJob",
"DeleteWebHook",
"GenerateAccessLogs",
"GetApp",
"GetArtifactUrl",
"GetBackendEnvironment",
"GetBranch",
"GetDomainAssociation",
"GetJob",
"GetWebHook",
"ListApps",
"ListArtifacts",
"ListBackendEnvironments",
"ListBranches",
"ListDomainAssociations",
"ListJobs",
"ListTagsForResource",
"ListWebHooks",
"StartDeployment",
"StartJob",
"StopJob",
"TagResource",
"UntagResource",
"UpdateApp",
"UpdateBranch",
"UpdateDomainAssociation",
"UpdateWebHook"
],
"HasResource": true,
"StringPrefix": "amplify",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Amplify Admin": {
"ARNFormat": "arn:aws:amplifybackend:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:amplifybackend:.+:.+:.+",
"Actions": [
"CloneBackend",
"CreateBackend",
"CreateBackendAPI",
"CreateBackendAuth",
"CreateBackendConfig",
"CreateBackendStorage",
"CreateToken",
"DeleteBackend",
"DeleteBackendAPI",
"DeleteBackendAuth",
"DeleteBackendStorage",
"DeleteToken",
"GenerateBackendAPIModels",
"GetBackend",
"GetBackendAPI",
"GetBackendAPIModels",
"GetBackendAuth",
"GetBackendJob",
"GetBackendStorage",
"GetToken",
"ImportBackendAuth",
"ImportBackendStorage",
"ListBackendJobs",
"ListS3Buckets",
"RemoveAllBackends",
"RemoveBackendConfig",
"UpdateBackendAPI",
"UpdateBackendAuth",
"UpdateBackendConfig",
"UpdateBackendJob",
"UpdateBackendStorage"
],
"HasResource": true,
"StringPrefix": "amplifybackend"
},
"AWS Amplify UI Builder": {
"ARNFormat": "arn:aws:amplifyuibuilder:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:amplifyuibuilder:.+:.+:.+",
"Actions": [
"CreateComponent",
"CreateForm",
"CreateTheme",
"DeleteComponent",
"DeleteForm",
"DeleteTheme",
"ExportComponents",
"ExportForms",
"ExportThemes",
"GetComponent",
"GetForm",
"GetMetadata",
"GetTheme",
"ListComponents",
"ListForms",
"ListThemes",
"PutMetadataFlag",
"ResetMetadataFlag",
"UpdateComponent",
"UpdateForm",
"UpdateTheme"
],
"HasResource": true,
"StringPrefix": "amplifyuibuilder",
"conditionKeys": [
"amplifyuibuilder:ComponentResourceAppId",
"amplifyuibuilder:ComponentResourceEnvironmentName",
"amplifyuibuilder:ComponentResourceId",
"amplifyuibuilder:FormResourceAppId",
"amplifyuibuilder:FormResourceEnvironmentName",
"amplifyuibuilder:FormResourceId",
"amplifyuibuilder:ThemeResourceAppId",
"amplifyuibuilder:ThemeResourceEnvironmentName",
"amplifyuibuilder:ThemeResourceId",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS App Mesh": {
"ARNFormat": "arn:aws:appmesh:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:appmesh:.+:.+:.+",
"Actions": [
"CreateGatewayRoute",
"CreateMesh",
"CreateRoute",
"CreateVirtualGateway",
"CreateVirtualNode",
"CreateVirtualRouter",
"CreateVirtualService",
"DeleteGatewayRoute",
"DeleteMesh",
"DeleteRoute",
"DeleteVirtualGateway",
"DeleteVirtualNode",
"DeleteVirtualRouter",
"DeleteVirtualService",
"DescribeGatewayRoute",
"DescribeMesh",
"DescribeRoute",
"DescribeVirtualGateway",
"DescribeVirtualNode",
"DescribeVirtualRouter",
"DescribeVirtualService",
"ListGatewayRoutes",
"ListMeshes",
"ListRoutes",
"ListTagsForResource",
"ListVirtualGateways",
"ListVirtualNodes",
"ListVirtualRouters",
"ListVirtualServices",
"StreamAggregatedResources",
"TagResource",
"UntagResource",
"UpdateGatewayRoute",
"UpdateMesh",
"UpdateRoute",
"UpdateVirtualGateway",
"UpdateVirtualNode",
"UpdateVirtualRouter",
"UpdateVirtualService"
],
"HasResource": true,
"StringPrefix": "appmesh",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS App Mesh Preview": {
"ARNFormat": "arn:aws:appmesh-preview:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:appmesh-preview:.+:.+:.+",
"Actions": [
"CreateGatewayRoute",
"CreateMesh",
"CreateRoute",
"CreateVirtualGateway",
"CreateVirtualNode",
"CreateVirtualRouter",
"CreateVirtualService",
"DeleteGatewayRoute",
"DeleteMesh",
"DeleteRoute",
"DeleteVirtualGateway",
"DeleteVirtualNode",
"DeleteVirtualRouter",
"DeleteVirtualService",
"DescribeGatewayRoute",
"DescribeMesh",
"DescribeRoute",
"DescribeVirtualGateway",
"DescribeVirtualNode",
"DescribeVirtualRouter",
"DescribeVirtualService",
"ListGatewayRoutes",
"ListMeshes",
"ListRoutes",
"ListVirtualGateways",
"ListVirtualNodes",
"ListVirtualRouters",
"ListVirtualServices",
"StreamAggregatedResources",
"UpdateGatewayRoute",
"UpdateMesh",
"UpdateRoute",
"UpdateVirtualGateway",
"UpdateVirtualNode",
"UpdateVirtualRouter",
"UpdateVirtualService"
],
"HasResource": true,
"StringPrefix": "appmesh-preview"
},
"AWS App Runner": {
"ARNFormat": "arn:aws:apprunner:${Region}:${Account}:${ResourceType}/${PathToResource}",
"ARNRegex": "^arn:aws:apprunner:.+",
"Actions": [
"AssociateCustomDomain",
"AssociateWebAcl",
"CreateAutoScalingConfiguration",
"CreateConnection",
"CreateObservabilityConfiguration",
"CreateService",
"CreateVpcConnector",
"CreateVpcIngressConnection",
"DeleteAutoScalingConfiguration",
"DeleteConnection",
"DeleteObservabilityConfiguration",
"DeleteService",
"DeleteVpcConnector",
"DeleteVpcIngressConnection",
"DescribeAutoScalingConfiguration",
"DescribeCustomDomains",
"DescribeObservabilityConfiguration",
"DescribeOperation",
"DescribeService",
"DescribeVpcConnector",
"DescribeVpcIngressConnection",
"DescribeWebAclForService",
"DisassociateCustomDomain",
"DisassociateWebAcl",
"ListAssociatedServicesForWebAcl",
"ListAutoScalingConfigurations",
"ListConnections",
"ListObservabilityConfigurations",
"ListOperations",
"ListServices",
"ListTagsForResource",
"ListVpcConnectors",
"ListVpcIngressConnections",
"PauseService",
"ResumeService",
"StartDeployment",
"TagResource",
"UntagResource",
"UpdateService",
"UpdateVpcIngressConnection"
],
"HasResource": true,
"StringPrefix": "apprunner",
"conditionKeys": [
"apprunner:AutoScalingConfigurationArn",
"apprunner:ConnectionArn",
"apprunner:ObservabilityConfigurationArn",
"apprunner:ServiceArn",
"apprunner:VpcConnectorArn",
"apprunner:VpcEndpointId",
"apprunner:VpcId",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS App2Container": {
"ARNFormat": "arn:${Partition}:a2c:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:${Partition}:a2c:.+:.+:.+",
"Actions": [
"GetContainerizationJobDetails",
"GetDeploymentJobDetails",
"StartContainerizationJob",
"StartDeploymentJob"
],
"HasResource": false,
"StringPrefix": "a2c"
},
"AWS AppConfig": {
"ARNFormat": "arn:aws:appconfig:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:appconfig:.+",
"Actions": [
"CreateApplication",
"CreateConfigurationProfile",
"CreateDeploymentStrategy",
"CreateEnvironment",
"CreateExtension",
"CreateExtensionAssociation",
"CreateHostedConfigurationVersion",
"DeleteApplication",
"DeleteConfigurationProfile",
"DeleteDeploymentStrategy",
"DeleteEnvironment",
"DeleteExtension",
"DeleteExtensionAssociation",
"DeleteHostedConfigurationVersion",
"GetApplication",
"GetConfiguration",
"GetConfigurationProfile",
"GetDeployment",
"GetDeploymentStrategy",
"GetEnvironment",
"GetExtension",
"GetExtensionAssociation",
"GetHostedConfigurationVersion",
"GetLatestConfiguration",
"ListApplications",
"ListConfigurationProfiles",
"ListDeploymentStrategies",
"ListDeployments",
"ListEnvironments",
"ListExtensionAssociations",
"ListExtensions",
"ListHostedConfigurationVersions",
"ListTagsForResource",
"StartConfigurationSession",
"StartDeployment",
"StopDeployment",
"TagResource",
"UntagResource",
"UpdateApplication",
"UpdateConfigurationProfile",
"UpdateDeploymentStrategy",
"UpdateEnvironment",
"UpdateExtension",
"UpdateExtensionAssociation",
"ValidateConfiguration"
],
"HasResource": true,
"StringPrefix": "appconfig",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS AppSync": {
"ARNFormat": "arn:aws:appsync:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:appsync:.+",
"Actions": [
"AssociateApi",
"CreateApiCache",
"CreateApiKey",
"CreateDataSource",
"CreateDomainName",
"CreateFunction",
"CreateGraphqlApi",
"CreateResolver",
"CreateType",
"DeleteApiCache",
"DeleteApiKey",
"DeleteDataSource",
"DeleteDomainName",
"DeleteFunction",
"DeleteGraphqlApi",
"DeleteResolver",
"DeleteType",
"DisassociateApi",
"EvaluateCode",
"EvaluateMappingTemplate",
"FlushApiCache",
"GetApiAssociation",
"GetApiCache",
"GetDataSource",
"GetDomainName",
"GetFunction",
"GetGraphqlApi",
"GetIntrospectionSchema",
"GetResolver",
"GetSchemaCreationStatus",
"GetType",
"GraphQL",
"ListApiKeys",
"ListDataSources",
"ListDomainNames",
"ListFunctions",
"ListGraphqlApis",
"ListResolvers",
"ListResolversByFunction",
"ListTagsForResource",
"ListTypes",
"SetWebACL",
"StartSchemaCreation",
"TagResource",
"UntagResource",
"UpdateApiCache",
"UpdateApiKey",
"UpdateDataSource",
"UpdateDomainName",
"UpdateFunction",
"UpdateGraphqlApi",
"UpdateResolver",
"UpdateType"
],
"HasResource": true,
"StringPrefix": "appsync",
"conditionKeys": [
"appsync:Visibility",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Application Auto Scaling": {
"ARNFormat": "arn:aws:application-autoscaling:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:application-autoscaling:.+:.+:.+",
"Actions": [
"DeleteScalingPolicy",
"DeleteScheduledAction",
"DeregisterScalableTarget",
"DescribeScalableTargets",
"DescribeScalingActivities",
"DescribeScalingPolicies",
"DescribeScheduledActions",
"ListTagsForResource",
"PutScalingPolicy",
"PutScheduledAction",
"RegisterScalableTarget",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "application-autoscaling",
"conditionKeys": [
"application-autoscaling:scalable-dimension",
"application-autoscaling:service-namespace",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Application Cost Profiler Service": {
"Actions": [
"DeleteReportDefinition",
"GetReportDefinition",
"ImportApplicationUsage",
"ListReportDefinitions",
"PutReportDefinition",
"UpdateReportDefinition"
],
"HasResource": false,
"StringPrefix": "application-cost-profiler"
},
"AWS Application Discovery Service": {
"Actions": [
"AssociateConfigurationItemsToApplication",
"BatchDeleteImportData",
"CreateApplication",
"CreateTags",
"DeleteApplications",
"DeleteTags",
"DescribeAgents",
"DescribeConfigurations",
"DescribeContinuousExports",
"DescribeExportConfigurations",
"DescribeExportTasks",
"DescribeImportTasks",
"DescribeTags",
"DisassociateConfigurationItemsFromApplication",
"ExportConfigurations",
"GetDiscoverySummary",
"GetNetworkConnectionGraph",
"ListConfigurations",
"ListServerNeighbors",
"StartContinuousExport",
"StartDataCollectionByAgentIds",
"StartExportTask",
"StartImportTask",
"StopContinuousExport",
"StopDataCollectionByAgentIds",
"UpdateApplication"
],
"HasResource": false,
"StringPrefix": "discovery"
},
"AWS Application Migration Service": {
"ARNFormat": "arn:aws:mgn:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:mgn:.+",
"Actions": [
"ArchiveApplication",
"ArchiveWave",
"AssociateApplications",
"AssociateSourceServers",
"BatchCreateVolumeSnapshotGroupForMgn",
"BatchDeleteSnapshotRequestForMgn",
"ChangeServerLifeCycleState",
"CreateApplication",
"CreateLaunchConfigurationTemplate",
"CreateReplicationConfigurationTemplate",
"CreateVcenterClientForMgn",
"CreateWave",
"DeleteApplication",
"DeleteJob",
"DeleteLaunchConfigurationTemplate",
"DeleteReplicationConfigurationTemplate",
"DeleteSourceServer",
"DeleteVcenterClient",
"DeleteWave",
"DescribeJobLogItems",
"DescribeJobs",
"DescribeLaunchConfigurationTemplates",
"DescribeReplicationConfigurationTemplates",
"DescribeReplicationServerAssociationsForMgn",
"DescribeSnapshotRequestsForMgn",
"DescribeSourceServers",
"DescribeVcenterClients",
"DisassociateApplications",
"DisassociateSourceServers",
"DisconnectFromService",
"FinalizeCutover",
"GetAgentCommandForMgn",
"GetAgentConfirmedResumeInfoForMgn",
"GetAgentInstallationAssetsForMgn",
"GetAgentReplicationInfoForMgn",
"GetAgentRuntimeConfigurationForMgn",
"GetAgentSnapshotCreditsForMgn",
"GetChannelCommandsForMgn",
"GetLaunchConfiguration",
"GetReplicationConfiguration",
"GetVcenterClientCommandsForMgn",
"InitializeService",
"IssueClientCertificateForMgn",
"ListApplications",
"ListExportErrors",
"ListExports",
"ListImportErrors",
"ListImports",
"ListSourceServerActions",
"ListTagsForResource",
"ListTemplateActions",
"ListWaves",
"MarkAsArchived",
"NotifyAgentAuthenticationForMgn",
"NotifyAgentConnectedForMgn",
"NotifyAgentDisconnectedForMgn",
"NotifyAgentReplicationProgressForMgn",
"NotifyVcenterClientStartedForMgn",
"PutSourceServerAction",
"PutTemplateAction",
"RegisterAgentForMgn",
"RemoveSourceServerAction",
"RemoveTemplateAction",
"RetryDataReplication",
"SendAgentLogsForMgn",
"SendAgentMetricsForMgn",
"SendChannelCommandResultForMgn",
"SendClientLogsForMgn",
"SendClientMetricsForMgn",
"SendVcenterClientCommandResultForMgn",
"SendVcenterClientLogsForMgn",
"SendVcenterClientMetricsForMgn",
"StartCutover",
"StartExport",
"StartImport",
"StartReplication",
"StartTest",
"TagResource",
"TerminateTargetInstances",
"UnarchiveApplication",
"UnarchiveWave",
"UntagResource",
"UpdateAgentBacklogForMgn",
"UpdateAgentConversionInfoForMgn",
"UpdateAgentReplicationInfoForMgn",
"UpdateAgentReplicationProcessStateForMgn",
"UpdateAgentSourcePropertiesForMgn",
"UpdateApplication",
"UpdateLaunchConfiguration",
"UpdateLaunchConfigurationTemplate",
"UpdateReplicationConfiguration",
"UpdateReplicationConfigurationTemplate",
"UpdateSourceServerReplicationType",
"UpdateWave",
"VerifyClientRoleForMgn"
],
"HasResource": true,
"StringPrefix": "mgn",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"mgn:CreateAction"
]
},
"AWS Artifact": {
"ARNFormat": "arn:aws:artifact:::${Resource}",
"ARNRegex": "^arn:aws:artifact::.+",
"Actions": [
"AcceptAgreement",
"DownloadAgreement",
"Get",
"GetReport",
"GetReportMetadata",
"GetTermForReport",
"ListReports",
"TerminateAgreement"
],
"HasResource": true,
"StringPrefix": "artifact"
},
"AWS Audit Manager": {
"ARNFormat": "arn:aws:auditmanager:::${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:auditmanager::.+",
"Actions": [
"AssociateAssessmentReportEvidenceFolder",
"BatchAssociateAssessmentReportEvidence",
"BatchCreateDelegationByAssessment",
"BatchDeleteDelegationByAssessment",
"BatchDisassociateAssessmentReportEvidence",
"BatchImportEvidenceToAssessmentControl",
"CreateAssessment",
"CreateAssessmentFramework",
"CreateAssessmentReport",
"CreateControl",
"DeleteAssessment",
"DeleteAssessmentFramework",
"DeleteAssessmentFrameworkShare",
"DeleteAssessmentReport",
"DeleteControl",
"DeregisterAccount",
"DeregisterOrganizationAdminAccount",
"DisassociateAssessmentReportEvidenceFolder",
"GetAccountStatus",
"GetAssessment",
"GetAssessmentFramework",
"GetAssessmentReportUrl",
"GetChangeLogs",
"GetControl",
"GetDelegations",
"GetEvidence",
"GetEvidenceByEvidenceFolder",
"GetEvidenceFolder",
"GetEvidenceFoldersByAssessment",
"GetEvidenceFoldersByAssessmentControl",
"GetInsights",
"GetInsightsByAssessment",
"GetOrganizationAdminAccount",
"GetServicesInScope",
"GetSettings",
"ListAssessmentControlInsightsByControlDomain",
"ListAssessmentFrameworkShareRequests",
"ListAssessmentFrameworks",
"ListAssessmentReports",
"ListAssessments",
"ListControlDomainInsights",
"ListControlDomainInsightsByAssessment",
"ListControlInsightsByControlDomain",
"ListControls",
"ListKeywordsForDataSource",
"ListNotifications",
"ListTagsForResource",
"RegisterAccount",
"RegisterOrganizationAdminAccount",
"StartAssessmentFrameworkShare",
"TagResource",
"UntagResource",
"UpdateAssessment",
"UpdateAssessmentControl",
"UpdateAssessmentControlSetStatus",
"UpdateAssessmentFramework",
"UpdateAssessmentFrameworkShare",
"UpdateAssessmentStatus",
"UpdateControl",
"UpdateSettings",
"ValidateAssessmentReportIntegrity"
],
"HasResource": true,
"StringPrefix": "auditmanager",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Auto Scaling": {
"Actions": [
"CreateScalingPlan",
"DeleteScalingPlan",
"DescribeScalingPlanResources",
"DescribeScalingPlans",
"GetScalingPlanResourceForecastData",
"UpdateScalingPlan"
],
"HasResource": false,
"StringPrefix": "autoscaling-plans"
},
"AWS Backup": {
"ARNFormat": "arn:aws:backup:${Region}:${Account}:${ResourceType}:${ResourceName}",
"ARNRegex": "^arn:aws:backup:.+:.+:.+",
"Actions": [
"CancelLegalHold",
"CopyFromBackupVault",
"CopyIntoBackupVault",
"CreateBackupPlan",
"CreateBackupSelection",
"CreateBackupVault",
"CreateFramework",
"CreateLegalHold",
"CreateReportPlan",
"DeleteBackupPlan",
"DeleteBackupSelection",
"DeleteBackupVault",
"DeleteBackupVaultAccessPolicy",
"DeleteBackupVaultLockConfiguration",
"DeleteBackupVaultNotifications",
"DeleteFramework",
"DeleteRecoveryPoint",
"DeleteReportPlan",
"DescribeBackupJob",
"DescribeBackupVault",
"DescribeCopyJob",
"DescribeFramework",
"DescribeGlobalSettings",
"DescribeProtectedResource",
"DescribeRecoveryPoint",
"DescribeRegionSettings",
"DescribeReportJob",
"DescribeReportPlan",
"DescribeRestoreJob",
"DisassociateRecoveryPoint",
"DisassociateRecoveryPointFromParent",
"ExportBackupPlanTemplate",
"GetBackupPlan",
"GetBackupPlanFromJSON",
"GetBackupPlanFromTemplate",
"GetBackupSelection",
"GetBackupVaultAccessPolicy",
"GetBackupVaultNotifications",
"GetLegalHold",
"GetRecoveryPointRestoreMetadata",
"GetSupportedResourceTypes",
"ListBackupJobs",
"ListBackupPlanTemplates",
"ListBackupPlanVersions",
"ListBackupPlans",
"ListBackupSelections",
"ListBackupVaults",
"ListCopyJobs",
"ListFrameworks",
"ListLegalHolds",
"ListProtectedResources",
"ListRecoveryPointsByBackupVault",
"ListRecoveryPointsByLegalHold",
"ListRecoveryPointsByResource",
"ListReportJobs",
"ListReportPlans",
"ListRestoreJobs",
"ListTags",
"PutBackupVaultAccessPolicy",
"PutBackupVaultLockConfiguration",
"PutBackupVaultNotifications",
"StartBackupJob",
"StartCopyJob",
"StartReportJob",
"StartRestoreJob",
"StopBackupJob",
"TagResource",
"UntagResource",
"UpdateBackupPlan",
"UpdateFramework",
"UpdateGlobalSettings",
"UpdateRecoveryPointLifecycle",
"UpdateRegionSettings",
"UpdateReportPlan"
],
"HasResource": true,
"StringPrefix": "backup",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"backup:ChangeableForDays",
"backup:CopyTargetOrgPaths",
"backup:CopyTargets",
"backup:FrameworkArns"
]
},
"AWS Backup Gateway": {
"ARNFormat": "arn:aws:backup-gateway:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:*:backup-gateway:.+:.+:.+",
"Actions": [
"AssociateGatewayToServer",
"Backup",
"CreateGateway",
"DeleteGateway",
"DeleteHypervisor",
"DisassociateGatewayFromServer",
"GetBandwidthRateLimitSchedule",
"GetGateway",
"GetHypervisor",
"GetHypervisorPropertyMappings",
"GetVirtualMachine",
"ImportHypervisorConfiguration",
"ListGateways",
"ListHypervisors",
"ListTagsForResource",
"ListVirtualMachines",
"PutBandwidthRateLimitSchedule",
"PutHypervisorPropertyMappings",
"PutMaintenanceStartTime",
"Restore",
"StartVirtualMachinesMetadataSync",
"TagResource",
"TestHypervisorConfiguration",
"UntagResource",
"UpdateGatewayInformation",
"UpdateGatewaySoftwareNow",
"UpdateHypervisor"
],
"HasResource": true,
"StringPrefix": "backup-gateway",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Backup storage": {
"ARNFormat": "arn:${Partition}:backup-storage:${Region}:${Account}:${ResourceType}:${ResourceName}",
"ARNRegex": "^^arn:aws:backup-storage:.+:.+:.+",
"Actions": [
"CommitBackupJob",
"DeleteObjects",
"DescribeBackupJob",
"GetBaseBackup",
"GetChunk",
"GetIncrementalBaseBackup",
"GetObjectMetadata",
"ListChunks",
"ListObjects",
"MountCapsule",
"NotifyObjectComplete",
"PutChunk",
"PutObject",
"StartObject",
"UpdateObjectComplete"
],
"HasResource": false,
"StringPrefix": "backup-storage"
},
"AWS Batch": {
"ARNFormat": "arn:aws:batch:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:batch:.+",
"Actions": [
"CancelJob",
"CreateComputeEnvironment",
"CreateJobQueue",
"CreateSchedulingPolicy",
"DeleteComputeEnvironment",
"DeleteJobQueue",
"DeleteSchedulingPolicy",
"DeregisterJobDefinition",
"DescribeComputeEnvironments",
"DescribeJobDefinitions",
"DescribeJobQueues",
"DescribeJobs",
"DescribeSchedulingPolicies",
"ListJobs",
"ListSchedulingPolicies",
"ListTagsForResource",
"RegisterJobDefinition",
"SubmitJob",
"TagResource",
"TerminateJob",
"UntagResource",
"UpdateComputeEnvironment",
"UpdateJobQueue",
"UpdateSchedulingPolicy"
],
"HasResource": true,
"StringPrefix": "batch",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"batch:AWSLogsCreateGroup",
"batch:AWSLogsGroup",
"batch:AWSLogsRegion",
"batch:AWSLogsStreamPrefix",
"batch:EKSImage",
"batch:EKSPrivileged",
"batch:EKSRunAsGroup",
"batch:EKSRunAsUser",
"batch:EKSServiceAccountName",
"batch:Image",
"batch:LogDriver",
"batch:Privileged",
"batch:ShareIdentifier",
"batch:User"
]
},
"AWS Billing ": {
"Actions": [
"GetBillingData",
"GetBillingDetails",
"GetBillingNotifications",
"GetBillingPreferences",
"GetContractInformation",
"GetCredits",
"GetIAMAccessPreference",
"GetSellerOfRecord",
"ListBillingViews",
"PutContractInformation",
"RedeemCredits",
"UpdateBillingPreferences",
"UpdateIAMAccessPreference"
],
"HasResource": false,
"StringPrefix": "billing"
},
"AWS Billing Conductor": {
"ARNFormat": "arn:aws:billingconductor::${Account}:${ResourceType}",
"ARNRegex": "^arn:aws:billingconductor:.+",
"Actions": [
"AssociateAccounts",
"AssociatePricingRules",
"BatchAssociateResourcesToCustomLineItem",
"BatchDisassociateResourcesFromCustomLineItem",
"CreateBillingGroup",
"CreateCustomLineItem",
"CreatePricingPlan",
"CreatePricingRule",
"DeleteBillingGroup",
"DeleteCustomLineItem",
"DeletePricingPlan",
"DeletePricingRule",
"DisassociateAccounts",
"DisassociatePricingRules",
"ListAccountAssociations",
"ListBillingGroupCostReports",
"ListBillingGroups",
"ListCustomLineItemVersions",
"ListCustomLineItems",
"ListPricingPlans",
"ListPricingPlansAssociatedWithPricingRule",
"ListPricingRules",
"ListPricingRulesAssociatedToPricingPlan",
"ListResourcesAssociatedToCustomLineItem",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateBillingGroup",
"UpdateCustomLineItem",
"UpdatePricingPlan",
"UpdatePricingRule"
],
"HasResource": true,
"StringPrefix": "billingconductor",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Billing Console": {
"Actions": [
"GetConsoleActionSetEnforced",
"ModifyAccount",
"ModifyBilling",
"ModifyPaymentMethods",
"UpdateConsoleActionSetEnforced",
"ViewAccount",
"ViewBilling",
"ViewPaymentMethods",
"ViewUsage"
],
"HasResource": false,
"StringPrefix": "aws-portal"
},
"AWS Budget Service": {
"ARNFormat": "arn:aws:budgets::${Account}:budget/${BudgetName}",
"ARNRegex": "^arn:aws:budgets::.+:.+",
"Actions": [
"CreateBudgetAction",
"DeleteBudgetAction",
"DescribeBudgetAction",
"DescribeBudgetActionHistories",
"DescribeBudgetActionsForAccount",
"DescribeBudgetActionsForBudget",
"ExecuteBudgetAction",
"ModifyBudget",
"UpdateBudgetAction",
"ViewBudget"
],
"HasResource": true,
"StringPrefix": "budgets"
},
"AWS BugBust": {
"ARNFormat": "arn:aws:bugbust:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:bugbust:.+:.+:.+",
"Actions": [
"CreateEvent",
"EvaluateProfilingGroups",
"GetEvent",
"GetJoinEventStatus",
"JoinEvent",
"ListBugs",
"ListEventParticipants",
"ListEventScores",
"ListEvents",
"ListProfilingGroups",
"ListPullRequests",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateEvent",
"UpdateWorkItem",
"UpdateWorkItemAdmin"
],
"HasResource": true,
"StringPrefix": "bugbust",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Certificate Manager": {
"ARNFormat": "arn:aws:acm:${Region}:${AccountId}:${ArnType}/${ResourceId}",
"ARNRegex": "^arn:aws:acm:.+:[0-9]+:.+",
"Actions": [
"AddTagsToCertificate",
"DeleteCertificate",
"DescribeCertificate",
"ExportCertificate",
"GetAccountConfiguration",
"GetCertificate",
"ImportCertificate",
"ListCertificates",
"ListTagsForCertificate",
"PutAccountConfiguration",
"RemoveTagsFromCertificate",
"RenewCertificate",
"RequestCertificate",
"ResendValidationEmail",
"UpdateCertificateOptions"
],
"HasResource": true,
"StringPrefix": "acm",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Chatbot": {
"ARNFormat": "arn:aws:chatbot::${Account}:chat-configuration/${ConfigurationType}/${ChatbotConfigurationName}",
"ARNRegex": "^arn:aws:chatbot:.+",
"Actions": [
"CreateChimeWebhookConfiguration",
"CreateMicrosoftTeamsChannelConfiguration",
"CreateSlackChannelConfiguration",
"DeleteChimeWebhookConfiguration",
"DeleteMicrosoftTeamsChannelConfiguration",
"DeleteMicrosoftTeamsConfiguredTeam",
"DeleteMicrosoftTeamsUserIdentity",
"DeleteSlackChannelConfiguration",
"DeleteSlackUserIdentity",
"DeleteSlackWorkspaceAuthorization",
"DescribeChimeWebhookConfigurations",
"DescribeSlackChannelConfigurations",
"DescribeSlackChannels",
"DescribeSlackUserIdentities",
"DescribeSlackWorkspaces",
"GetAccountPreferences",
"GetMicrosoftTeamsChannelConfiguration",
"GetMicrosoftTeamsOauthParameters",
"GetSlackOauthParameters",
"ListMicrosoftTeamsChannelConfigurations",
"ListMicrosoftTeamsConfiguredTeams",
"ListMicrosoftTeamsUserIdentities",
"RedeemMicrosoftTeamsOauthCode",
"RedeemSlackOauthCode",
"UpdateAccountPreferences",
"UpdateChimeWebhookConfiguration",
"UpdateMicrosoftTeamsChannelConfiguration",
"UpdateSlackChannelConfiguration"
],
"HasResource": true,
"StringPrefix": "chatbot"
},
"AWS Clean Rooms": {
"ARNFormat": "arn:aws:cleanrooms:${Region}:${Account}:${ResourceType}/${PathToResource}",
"ARNRegex": "^arn:aws:cleanrooms:.+",
"Actions": [
"BatchGetSchema",
"CreateCollaboration",
"CreateConfiguredTable",
"CreateConfiguredTableAnalysisRule",
"CreateConfiguredTableAssociation",
"CreateMembership",
"DeleteCollaboration",
"DeleteConfiguredTable",
"DeleteConfiguredTableAnalysisRule",
"DeleteConfiguredTableAssociation",
"DeleteMember",
"DeleteMembership",
"GetCollaboration",
"GetConfiguredTable",
"GetConfiguredTableAnalysisRule",
"GetConfiguredTableAssociation",
"GetMembership",
"GetProtectedQuery",
"GetSchema",
"GetSchemaAnalysisRule",
"ListCollaborations",
"ListConfiguredTableAssociations",
"ListConfiguredTables",
"ListMembers",
"ListMemberships",
"ListProtectedQueries",
"ListSchemas",
"ListTagsForResource",
"StartProtectedQuery",
"TagResource",
"UntagResource",
"UpdateCollaboration",
"UpdateConfiguredTable",
"UpdateConfiguredTableAnalysisRule",
"UpdateConfiguredTableAssociation",
"UpdateMembership",
"UpdateProtectedQuery"
],
"HasResource": true,
"StringPrefix": "cleanrooms",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Cloud Control API": {
"ARNFormat": "arn:aws:cloudformation:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:cloudformation:.+:[0-9]+:.+",
"Actions": [
"CancelResourceRequest",
"CreateResource",
"DeleteResource",
"GetResource",
"GetResourceRequestStatus",
"ListResourceRequests",
"ListResources",
"UpdateResource"
],
"HasResource": false,
"StringPrefix": "cloudformation"
},
"AWS Cloud Map": {
"ARNFormat": "arn:aws:servicediscovery:${Region}:${AccountId}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:servicediscovery:.+",
"Actions": [
"CreateHttpNamespace",
"CreatePrivateDnsNamespace",
"CreatePublicDnsNamespace",
"CreateService",
"DeleteNamespace",
"DeleteService",
"DeregisterInstance",
"DiscoverInstances",
"GetInstance",
"GetInstancesHealthStatus",
"GetNamespace",
"GetOperation",
"GetService",
"ListInstances",
"ListNamespaces",
"ListOperations",
"ListServices",
"ListTagsForResource",
"RegisterInstance",
"TagResource",
"UntagResource",
"UpdateHttpNamespace",
"UpdateInstanceCustomHealthStatus",
"UpdatePrivateDnsNamespace",
"UpdatePublicDnsNamespace",
"UpdateService"
],
"HasResource": true,
"StringPrefix": "servicediscovery",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"servicediscovery:NamespaceArn",
"servicediscovery:NamespaceName",
"servicediscovery:ServiceArn",
"servicediscovery:ServiceName"
]
},
"AWS Cloud9": {
"ARNFormat": "arn:aws:cloud9:${Region}:${Account}:${ResourceType}:${ResourceId}",
"ARNRegex": "^arn:aws:cloud9:.+:[0-9]+:.+:.+",
"Actions": [
"ActivateEC2Remote",
"CreateEnvironmentEC2",
"CreateEnvironmentMembership",
"CreateEnvironmentSSH",
"CreateEnvironmentToken",
"DeleteEnvironment",
"DeleteEnvironmentMembership",
"DescribeEC2Remote",
"DescribeEnvironmentMemberships",
"DescribeEnvironmentStatus",
"DescribeEnvironments",
"DescribeSSHRemote",
"GetEnvironmentConfig",
"GetEnvironmentSettings",
"GetMembershipSettings",
"GetUserPublicKey",
"GetUserSettings",
"ListEnvironments",
"ListTagsForResource",
"ModifyTemporaryCredentialsOnEnvironmentEC2",
"TagResource",
"UntagResource",
"UpdateEnvironment",
"UpdateEnvironmentMembership",
"UpdateEnvironmentSettings",
"UpdateMembershipSettings",
"UpdateSSHRemote",
"UpdateUserSettings",
"ValidateEnvironmentName"
],
"HasResource": true,
"StringPrefix": "cloud9",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"cloud9:EnvironmentId",
"cloud9:EnvironmentName",
"cloud9:InstanceType",
"cloud9:OwnerArn",
"cloud9:Permissions",
"cloud9:SubnetId",
"cloud9:UserArn"
]
},
"AWS CloudFormation": {
"ARNFormat": "arn:aws:cloudformation:${Region}:${Account}:${ResourceType}/${Id}",
"ARNRegex": "^arn:aws:cloudformation:.+:[0-9]+:.+",
"Actions": [
"ActivateType",
"BatchDescribeTypeConfigurations",
"CancelUpdateStack",
"ContinueUpdateRollback",
"CreateChangeSet",
"CreateStack",
"CreateStackInstances",
"CreateStackSet",
"CreateUploadBucket",
"DeactivateType",
"DeleteChangeSet",
"DeleteStack",
"DeleteStackInstances",
"DeleteStackSet",
"DeregisterType",
"DescribeAccountLimits",
"DescribeChangeSet",
"DescribeChangeSetHooks",
"DescribePublisher",
"DescribeStackDriftDetectionStatus",
"DescribeStackEvents",
"DescribeStackInstance",
"DescribeStackResource",
"DescribeStackResourceDrifts",
"DescribeStackResources",
"DescribeStackSet",
"DescribeStackSetOperation",
"DescribeStacks",
"DescribeType",
"DescribeTypeRegistration",
"DetectStackDrift",
"DetectStackResourceDrift",
"DetectStackSetDrift",
"EstimateTemplateCost",
"ExecuteChangeSet",
"GetStackPolicy",
"GetTemplate",
"GetTemplateSummary",
"ImportStacksToStackSet",
"ListChangeSets",
"ListExports",
"ListImports",
"ListStackInstances",
"ListStackResources",
"ListStackSetOperationResults",
"ListStackSetOperations",
"ListStackSets",
"ListStacks",
"ListTypeRegistrations",
"ListTypeVersions",
"ListTypes",
"PublishType",
"RecordHandlerProgress",
"RegisterPublisher",
"RegisterType",
"RollbackStack",
"SetStackPolicy",
"SetTypeConfiguration",
"SetTypeDefaultVersion",
"SignalResource",
"StopStackSetOperation",
"TagResource",
"TestType",
"UntagResource",
"UpdateStack",
"UpdateStackInstances",
"UpdateStackSet",
"UpdateTerminationProtection",
"ValidateTemplate"
],
"HasResource": true,
"StringPrefix": "cloudformation",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"cloudformation:ChangeSetName",
"cloudformation:ImportResourceTypes",
"cloudformation:ResourceTypes",
"cloudformation:RoleArn",
"cloudformation:StackPolicyUrl",
"cloudformation:TargetRegion",
"cloudformation:TemplateUrl"
]
},
"AWS CloudHSM": {
"ARNFormat": "arn:aws:cloudhsm:${Region}:${Account}:${ResourceName}",
"ARNRegex": "^arn:aws:cloudhsm:.+",
"Actions": [
"AddTagsToResource",
"CopyBackupToRegion",
"CreateCluster",
"CreateHapg",
"CreateHsm",
"CreateLunaClient",
"DeleteBackup",
"DeleteCluster",
"DeleteHapg",
"DeleteHsm",
"DeleteLunaClient",
"DescribeBackups",
"DescribeClusters",
"DescribeHapg",
"DescribeHsm",
"DescribeLunaClient",
"GetConfig",
"InitializeCluster",
"ListAvailableZones",
"ListHapgs",
"ListHsms",
"ListLunaClients",
"ListTags",
"ListTagsForResource",
"ModifyBackupAttributes",
"ModifyCluster",
"ModifyHapg",
"ModifyHsm",
"ModifyLunaClient",
"RemoveTagsFromResource",
"RestoreBackup",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "cloudhsm",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS CloudShell": {
"ARNFormat": "arn:aws:cloudshell:${Region}:${Account}:environment/${EnvironmentId}",
"ARNRegex": "^arn:aws:cloudshell:${Region}:${Account}:environment/.+?",
"Actions": [
"CreateEnvironment",
"CreateSession",
"DeleteEnvironment",
"GetEnvironmentStatus",
"GetFileDownloadUrls",
"GetFileUploadUrls",
"PutCredentials",
"StartEnvironment",
"StopEnvironment"
],
"HasResource": true,
"StringPrefix": "cloudshell"
},
"AWS CloudTrail": {
"ARNFormat": "arn:aws:cloudtrail:${Region}:${Account}:${Resource}",
"ARNRegex": "^arn:aws:cloudtrail:.+:[0-9]+:.+",
"Actions": [
"AddTags",
"CancelQuery",
"CreateChannel",
"CreateEventDataStore",
"CreateServiceLinkedChannel",
"CreateTrail",
"DeleteChannel",
"DeleteEventDataStore",
"DeleteResourcePolicy",
"DeleteServiceLinkedChannel",
"DeleteTrail",
"DeregisterOrganizationDelegatedAdmin",
"DescribeQuery",
"DescribeTrails",
"GetChannel",
"GetEventDataStore",
"GetEventSelectors",
"GetImport",
"GetInsightSelectors",
"GetQueryResults",
"GetResourcePolicy",
"GetServiceLinkedChannel",
"GetTrail",
"GetTrailStatus",
"ListChannels",
"ListEventDataStores",
"ListImportFailures",
"ListImports",
"ListPublicKeys",
"ListQueries",
"ListServiceLinkedChannels",
"ListTags",
"ListTrails",
"LookupEvents",
"PutEventSelectors",
"PutInsightSelectors",
"PutResourcePolicy",
"RegisterOrganizationDelegatedAdmin",
"RemoveTags",
"RestoreEventDataStore",
"StartImport",
"StartLogging",
"StartQuery",
"StopImport",
"StopLogging",
"UpdateChannel",
"UpdateEventDataStore",
"UpdateServiceLinkedChannel",
"UpdateTrail"
],
"HasResource": true,
"StringPrefix": "cloudtrail",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS CloudTrail Data": {
"ARNFormat": "arn:aws:cloudtrail:${Region}:${Account}:${Resource}",
"ARNRegex": "^arn:aws:cloudtrail:.+:[0-9]+:.+",
"Actions": [
"PutAuditEvents"
],
"HasResource": true,
"StringPrefix": "cloudtrail-data",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS CloudWatch RUM": {
"ARNFormat": "arn:aws:rum:${Region}:${Account}:appmonitor/${Name}",
"ARNRegex": "^arn:aws:rum:.+:.+:.+",
"Actions": [
"BatchCreateRumMetricDefinitions",
"BatchDeleteRumMetricDefinitions",
"BatchGetRumMetricDefinitions",
"CreateAppMonitor",
"DeleteAppMonitor",
"DeleteRumMetricsDestination",
"GetAppMonitor",
"GetAppMonitorData",
"ListAppMonitors",
"ListRumMetricsDestinations",
"ListTagsForResource",
"PutRumEvents",
"PutRumMetricsDestination",
"TagResource",
"UntagResource",
"UpdateAppMonitor",
"UpdateRumMetricDefinition"
],
"HasResource": true,
"StringPrefix": "rum",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS CodeArtifact": {
"ARNFormat": "arn:aws:codeartifact:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:codeartifact:.+:[0-9]+:.+/.+",
"Actions": [
"AssociateExternalConnection",
"AssociateWithDownstreamRepository",
"CopyPackageVersions",
"CreateDomain",
"CreateRepository",
"DeleteDomain",
"DeleteDomainPermissionsPolicy",
"DeletePackage",
"DeletePackageVersions",
"DeleteRepository",
"DeleteRepositoryPermissionsPolicy",
"DescribeDomain",
"DescribePackage",
"DescribePackageVersion",
"DescribeRepository",
"DisassociateExternalConnection",
"DisposePackageVersions",
"GetAuthorizationToken",
"GetDomainPermissionsPolicy",
"GetPackageVersionAsset",
"GetPackageVersionReadme",
"GetRepositoryEndpoint",
"GetRepositoryPermissionsPolicy",
"ListDomains",
"ListPackageVersionAssets",
"ListPackageVersionDependencies",
"ListPackageVersions",
"ListPackages",
"ListRepositories",
"ListRepositoriesInDomain",
"ListTagsForResource",
"PublishPackageVersion",
"PutDomainPermissionsPolicy",
"PutPackageMetadata",
"PutPackageOriginConfiguration",
"PutRepositoryPermissionsPolicy",
"ReadFromRepository",
"TagResource",
"UntagResource",
"UpdatePackageVersionsStatus",
"UpdateRepository"
],
"HasResource": true,
"StringPrefix": "codeartifact",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS CodeBuild": {
"ARNFormat": "arn:aws:codebuild:${Region}:${Account}:build/${BuildId}",
"ARNRegex": "^arn:aws:codebuild:.+:[0-9]+:.+/.+",
"Actions": [
"BatchDeleteBuilds",
"BatchGetBuildBatches",
"BatchGetBuilds",
"BatchGetProjects",
"BatchGetReportGroups",
"BatchGetReports",
"BatchPutCodeCoverages",
"BatchPutTestCases",
"CreateProject",
"CreateReport",
"CreateReportGroup",
"CreateWebhook",
"DeleteBuildBatch",
"DeleteOAuthToken",
"DeleteProject",
"DeleteReport",
"DeleteReportGroup",
"DeleteResourcePolicy",
"DeleteSourceCredentials",
"DeleteWebhook",
"DescribeCodeCoverages",
"DescribeTestCases",
"GetReportGroupTrend",
"GetResourcePolicy",
"ImportSourceCredentials",
"InvalidateProjectCache",
"ListBuildBatches",
"ListBuildBatchesForProject",
"ListBuilds",
"ListBuildsForProject",
"ListConnectedOAuthAccounts",
"ListCuratedEnvironmentImages",
"ListProjects",
"ListReportGroups",
"ListReports",
"ListReportsForReportGroup",
"ListRepositories",
"ListSharedProjects",
"ListSharedReportGroups",
"ListSourceCredentials",
"PersistOAuthToken",
"PutResourcePolicy",
"RetryBuild",
"RetryBuildBatch",
"StartBuild",
"StartBuildBatch",
"StopBuild",
"StopBuildBatch",
"UpdateProject",
"UpdateProjectVisibility",
"UpdateReport",
"UpdateReportGroup",
"UpdateWebhook"
],
"HasResource": true,
"StringPrefix": "codebuild",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS CodeCommit": {
"ARNFormat": "arn:aws:codecommit:${Region}:${Account}:${RepositoryName}",
"ARNRegex": "^arn:aws:codecommit:.+",
"Actions": [
"AssociateApprovalRuleTemplateWithRepository",
"BatchAssociateApprovalRuleTemplateWithRepositories",
"BatchDescribeMergeConflicts",
"BatchDisassociateApprovalRuleTemplateFromRepositories",
"BatchGetCommits",
"BatchGetPullRequests",
"BatchGetRepositories",
"CancelUploadArchive",
"CreateApprovalRuleTemplate",
"CreateBranch",
"CreateCommit",
"CreatePullRequest",
"CreatePullRequestApprovalRule",
"CreateRepository",
"CreateUnreferencedMergeCommit",
"DeleteApprovalRuleTemplate",
"DeleteBranch",
"DeleteCommentContent",
"DeleteFile",
"DeletePullRequestApprovalRule",
"DeleteRepository",
"DescribeMergeConflicts",
"DescribePullRequestEvents",
"DisassociateApprovalRuleTemplateFromRepository",
"EvaluatePullRequestApprovalRules",
"GetApprovalRuleTemplate",
"GetBlob",
"GetBranch",
"GetComment",
"GetCommentReactions",
"GetCommentsForComparedCommit",
"GetCommentsForPullRequest",
"GetCommit",
"GetCommitHistory",
"GetCommitsFromMergeBase",
"GetDifferences",
"GetFile",
"GetFolder",
"GetMergeCommit",
"GetMergeConflicts",
"GetMergeOptions",
"GetObjectIdentifier",
"GetPullRequest",
"GetPullRequestApprovalStates",
"GetPullRequestOverrideState",
"GetReferences",
"GetRepository",
"GetRepositoryTriggers",
"GetTree",
"GetUploadArchiveStatus",
"GitPull",
"GitPush",
"ListApprovalRuleTemplates",
"ListAssociatedApprovalRuleTemplatesForRepository",
"ListBranches",
"ListPullRequests",
"ListRepositories",
"ListRepositoriesForApprovalRuleTemplate",
"ListTagsForResource",
"MergeBranchesByFastForward",
"MergeBranchesBySquash",
"MergeBranchesByThreeWay",
"MergePullRequestByFastForward",
"MergePullRequestBySquash",
"MergePullRequestByThreeWay",
"OverridePullRequestApprovalRules",
"PostCommentForComparedCommit",
"PostCommentForPullRequest",
"PostCommentReply",
"PutCommentReaction",
"PutFile",
"PutRepositoryTriggers",
"TagResource",
"TestRepositoryTriggers",
"UntagResource",
"UpdateApprovalRuleTemplateContent",
"UpdateApprovalRuleTemplateDescription",
"UpdateApprovalRuleTemplateName",
"UpdateComment",
"UpdateDefaultBranch",
"UpdatePullRequestApprovalRuleContent",
"UpdatePullRequestApprovalState",
"UpdatePullRequestDescription",
"UpdatePullRequestStatus",
"UpdatePullRequestTitle",
"UpdateRepositoryDescription",
"UpdateRepositoryName",
"UploadArchive"
],
"HasResource": true,
"StringPrefix": "codecommit",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"codecommit:References"
]
},
"AWS CodeDeploy": {
"ARNFormat": "arn:aws:codedeploy:${Region}:${Account}:${ResourceType}:${ResourceSpecifier}",
"ARNRegex": "^arn:aws:codedeploy:.+",
"Actions": [
"AddTagsToOnPremisesInstances",
"BatchGetApplicationRevisions",
"BatchGetApplications",
"BatchGetDeploymentGroups",
"BatchGetDeploymentInstances",
"BatchGetDeploymentTargets",
"BatchGetDeployments",
"BatchGetOnPremisesInstances",
"ContinueDeployment",
"CreateApplication",
"CreateCloudFormationDeployment",
"CreateDeployment",
"CreateDeploymentConfig",
"CreateDeploymentGroup",
"DeleteApplication",
"DeleteDeploymentConfig",
"DeleteDeploymentGroup",
"DeleteGitHubAccountToken",
"DeleteResourcesByExternalId",
"DeregisterOnPremisesInstance",
"GetApplication",
"GetApplicationRevision",
"GetDeployment",
"GetDeploymentConfig",
"GetDeploymentGroup",
"GetDeploymentInstance",
"GetDeploymentTarget",
"GetOnPremisesInstance",
"ListApplicationRevisions",
"ListApplications",
"ListDeploymentConfigs",
"ListDeploymentGroups",
"ListDeploymentInstances",
"ListDeploymentTargets",
"ListDeployments",
"ListGitHubAccountTokenNames",
"ListOnPremisesInstances",
"ListTagsForResource",
"PutLifecycleEventHookExecutionStatus",
"RegisterApplicationRevision",
"RegisterOnPremisesInstance",
"RemoveTagsFromOnPremisesInstances",
"SkipWaitTimeForInstanceTermination",
"StopDeployment",
"TagResource",
"UntagResource",
"UpdateApplication",
"UpdateDeploymentGroup"
],
"HasResource": true,
"StringPrefix": "codedeploy",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS CodeDeploy secure host commands service": {
"Actions": [
"GetDeploymentSpecification",
"PollHostCommand",
"PutHostCommandAcknowledgement",
"PutHostCommandComplete"
],
"HasResource": false,
"StringPrefix": "codedeploy-commands-secure"
},
"AWS CodePipeline": {
"ARNFormat": "arn:aws:codepipeline:${Region}:${Account}:${PathToPipelineResource}",
"ARNRegex": "^arn:aws:codepipeline:.+",
"Actions": [
"AcknowledgeJob",
"AcknowledgeThirdPartyJob",
"CreateCustomActionType",
"CreatePipeline",
"DeleteCustomActionType",
"DeletePipeline",
"DeleteWebhook",
"DeregisterWebhookWithThirdParty",
"DisableStageTransition",
"EnableStageTransition",
"GetActionType",
"GetJobDetails",
"GetPipeline",
"GetPipelineExecution",
"GetPipelineState",
"GetThirdPartyJobDetails",
"ListActionExecutions",
"ListActionTypes",
"ListPipelineExecutions",
"ListPipelines",
"ListTagsForResource",
"ListWebhooks",
"PollForJobs",
"PollForThirdPartyJobs",
"PutActionRevision",
"PutApprovalResult",
"PutJobFailureResult",
"PutJobSuccessResult",
"PutThirdPartyJobFailureResult",
"PutThirdPartyJobSuccessResult",
"PutWebhook",
"RegisterWebhookWithThirdParty",
"RetryStageExecution",
"StartPipelineExecution",
"StopPipelineExecution",
"TagResource",
"UntagResource",
"UpdateActionType",
"UpdatePipeline"
],
"HasResource": true,
"StringPrefix": "codepipeline",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS CodeStar": {
"ARNFormat": "arn:aws:codestar:${Region}:${Account}:project/${ResourceId}",
"ARNRegex": "^arn:aws:codestar:.+:[0-9]+:project/.+",
"Actions": [
"AssociateTeamMember",
"CreateProject",
"CreateUserProfile",
"DeleteExtendedAccess",
"DeleteProject",
"DeleteUserProfile",
"DescribeProject",
"DescribeUserProfile",
"DisassociateTeamMember",
"GetExtendedAccess",
"ListProjects",
"ListResources",
"ListTagsForProject",
"ListTeamMembers",
"ListUserProfiles",
"PutExtendedAccess",
"TagProject",
"UntagProject",
"UpdateProject",
"UpdateTeamMember",
"UpdateUserProfile",
"VerifyServiceRole"
],
"HasResource": true,
"StringPrefix": "codestar",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"iam:ResourceTag/${TagKey}"
]
},
"AWS CodeStar Connections": {
"ARNFormat": "arn:aws:codestar-connections:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:codestar-connections:.+:.+:.+",
"Actions": [
"CreateConnection",
"CreateHost",
"DeleteConnection",
"DeleteHost",
"GetConnection",
"GetHost",
"GetIndividualAccessToken",
"GetInstallationUrl",
"ListConnections",
"ListHosts",
"ListInstallationTargets",
"ListTagsForResource",
"PassConnection",
"RegisterAppCode",
"StartAppRegistrationHandshake",
"StartOAuthHandshake",
"TagResource",
"UntagResource",
"UpdateConnectionInstallation",
"UpdateHost",
"UseConnection"
],
"HasResource": true,
"StringPrefix": "codestar-connections",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"codestar-connections:BranchName",
"codestar-connections:FullRepositoryId",
"codestar-connections:HostArn",
"codestar-connections:InstallationId",
"codestar-connections:OwnerId",
"codestar-connections:PassedToService",
"codestar-connections:ProviderAction",
"codestar-connections:ProviderPermissionsRequired",
"codestar-connections:ProviderType",
"codestar-connections:ProviderTypeFilter",
"codestar-connections:RepositoryName"
]
},
"AWS CodeStar Notifications": {
"ARNFormat": "arn:aws:codestar-notifications:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:codestar-notifications:.+:.+:.+",
"Actions": [
"CreateNotificationRule",
"DeleteNotificationRule",
"DeleteTarget",
"DescribeNotificationRule",
"ListEventTypes",
"ListNotificationRules",
"ListTagsForResource",
"ListTargets",
"Subscribe",
"TagResource",
"Unsubscribe",
"UntagResource",
"UpdateNotificationRule"
],
"HasResource": true,
"StringPrefix": "codestar-notifications",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"codestar-notifications:NotificationsForResource"
]
},
"AWS Compute Optimizer": {
"Actions": [
"DeleteRecommendationPreferences",
"DescribeRecommendationExportJobs",
"ExportAutoScalingGroupRecommendations",
"ExportEBSVolumeRecommendations",
"ExportEC2InstanceRecommendations",
"ExportECSServiceRecommendations",
"ExportLambdaFunctionRecommendations",
"GetAutoScalingGroupRecommendations",
"GetEBSVolumeRecommendations",
"GetEC2InstanceRecommendations",
"GetEC2RecommendationProjectedMetrics",
"GetECSServiceRecommendationProjectedMetrics",
"GetECSServiceRecommendations",
"GetEffectiveRecommendationPreferences",
"GetEnrollmentStatus",
"GetEnrollmentStatusesForOrganization",
"GetLambdaFunctionRecommendations",
"GetRecommendationPreferences",
"GetRecommendationSummaries",
"PutRecommendationPreferences",
"UpdateEnrollmentStatus"
],
"HasResource": false,
"StringPrefix": "compute-optimizer",
"conditionKeys": [
"compute-optimizer:ResourceType"
]
},
"AWS Config": {
"ARNFormat": "arn:aws:config:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:config:.+",
"Actions": [
"BatchGetAggregateResourceConfig",
"BatchGetResourceConfig",
"DeleteAggregationAuthorization",
"DeleteConfigRule",
"DeleteConfigurationAggregator",
"DeleteConfigurationRecorder",
"DeleteConformancePack",
"DeleteDeliveryChannel",
"DeleteEvaluationResults",
"DeleteOrganizationConfigRule",
"DeleteOrganizationConformancePack",
"DeletePendingAggregationRequest",
"DeleteRemediationConfiguration",
"DeleteRemediationExceptions",
"DeleteResourceConfig",
"DeleteRetentionConfiguration",
"DeleteStoredQuery",
"DeliverConfigSnapshot",
"DescribeAggregateComplianceByConfigRules",
"DescribeAggregateComplianceByConformancePacks",
"DescribeAggregationAuthorizations",
"DescribeComplianceByConfigRule",
"DescribeComplianceByResource",
"DescribeConfigRuleEvaluationStatus",
"DescribeConfigRules",
"DescribeConfigurationAggregatorSourcesStatus",
"DescribeConfigurationAggregators",
"DescribeConfigurationRecorderStatus",
"DescribeConfigurationRecorders",
"DescribeConformancePackCompliance",
"DescribeConformancePackStatus",
"DescribeConformancePacks",
"DescribeDeliveryChannelStatus",
"DescribeDeliveryChannels",
"DescribeOrganizationConfigRuleStatuses",
"DescribeOrganizationConfigRules",
"DescribeOrganizationConformancePackStatuses",
"DescribeOrganizationConformancePacks",
"DescribePendingAggregationRequests",
"DescribeRemediationConfigurations",
"DescribeRemediationExceptions",
"DescribeRemediationExecutionStatus",
"DescribeRetentionConfigurations",
"GetAggregateComplianceDetailsByConfigRule",
"GetAggregateConfigRuleComplianceSummary",
"GetAggregateConformancePackComplianceSummary",
"GetAggregateDiscoveredResourceCounts",
"GetAggregateResourceConfig",
"GetComplianceDetailsByConfigRule",
"GetComplianceDetailsByResource",
"GetComplianceSummaryByConfigRule",
"GetComplianceSummaryByResourceType",
"GetConformancePackComplianceDetails",
"GetConformancePackComplianceSummary",
"GetCustomRulePolicy",
"GetDiscoveredResourceCounts",
"GetOrganizationConfigRuleDetailedStatus",
"GetOrganizationConformancePackDetailedStatus",
"GetOrganizationCustomRulePolicy",
"GetResourceConfigHistory",
"GetResourceEvaluationSummary",
"GetStoredQuery",
"ListAggregateDiscoveredResources",
"ListConformancePackComplianceScores",
"ListDiscoveredResources",
"ListResourceEvaluations",
"ListStoredQueries",
"ListTagsForResource",
"PutAggregationAuthorization",
"PutConfigRule",
"PutConfigurationAggregator",
"PutConfigurationRecorder",
"PutConformancePack",
"PutDeliveryChannel",
"PutEvaluations",
"PutExternalEvaluation",
"PutOrganizationConfigRule",
"PutOrganizationConformancePack",
"PutRemediationConfigurations",
"PutRemediationExceptions",
"PutResourceConfig",
"PutRetentionConfiguration",
"PutStoredQuery",
"SelectAggregateResourceConfig",
"SelectResourceConfig",
"StartConfigRulesEvaluation",
"StartConfigurationRecorder",
"StartRemediationExecution",
"StartResourceEvaluation",
"StopConfigurationRecorder",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "config",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Connector Service": {
"ARNFormat": "arn:aws:<serviceName>:<region>:<account-id>:<resource-type>/<resource_name>",
"ARNRegex": "^arn:aws:<serviceName>:.+:.+:.+",
"Actions": [
"GetConnectorHealth",
"RegisterConnector",
"ValidateConnectorId"
],
"HasResource": false,
"StringPrefix": "awsconnector"
},
"AWS Console Mobile App": {
"ARNFormat": "arn:aws:consoleapp:${Region}:${Account}:${ResourceType}",
"ARNRegex": "^arn:aws:consoleapp:.+:.+:.+",
"Actions": [
"GetDeviceIdentity",
"ListDeviceIdentities"
],
"HasResource": true,
"StringPrefix": "consoleapp",
"conditionKeys": [
"consoleapp:DeviceIdentityArn"
]
},
"AWS Consolidated Billing": {
"ARNFormat": "arn:${Partition}:consolidatedbilling::${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:${Partition}:consolidatedbilling::.+:.+",
"Actions": [
"GetAccountBillingRole",
"ListLinkedAccounts"
],
"HasResource": false,
"StringPrefix": "consolidatedbilling"
},
"AWS Control Tower": {
"ARNFormat": "arn:${Partition}:controltower:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:${Partition}:controltower:.+:.+:.+",
"Actions": [
"CreateManagedAccount",
"DeleteLandingZone",
"DeregisterManagedAccount",
"DeregisterOrganizationalUnit",
"DescribeAccountFactoryConfig",
"DescribeCoreService",
"DescribeGuardrail",
"DescribeGuardrailForTarget",
"DescribeLandingZoneConfiguration",
"DescribeManagedAccount",
"DescribeManagedOrganizationalUnit",
"DescribeRegisterOrganizationalUnitOperation",
"DescribeSingleSignOn",
"DisableControl",
"DisableGuardrail",
"EnableControl",
"EnableGuardrail",
"GetAccountInfo",
"GetAvailableUpdates",
"GetControlOperation",
"GetGuardrailComplianceStatus",
"GetHomeRegion",
"GetLandingZoneDriftStatus",
"GetLandingZoneStatus",
"ListDirectoryGroups",
"ListDriftDetails",
"ListEnabledControls",
"ListEnabledGuardrails",
"ListExtendGovernancePrecheckDetails",
"ListExternalConfigRuleCompliance",
"ListGuardrailViolations",
"ListGuardrails",
"ListGuardrailsForTarget",
"ListManagedAccounts",
"ListManagedAccountsForGuardrail",
"ListManagedAccountsForParent",
"ListManagedOrganizationalUnits",
"ListManagedOrganizationalUnitsForGuardrail",
"ManageOrganizationalUnit",
"PerformPreLaunchChecks",
"SetupLandingZone",
"UpdateAccountFactoryConfig"
],
"HasResource": false,
"StringPrefix": "controltower"
},
"AWS Cost Explorer Service": {
"ARNFormat": "arn:aws:ce::${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:ce::.+:.+",
"Actions": [
"CreateAnomalyMonitor",
"CreateAnomalySubscription",
"CreateCostCategoryDefinition",
"CreateNotificationSubscription",
"CreateReport",
"DeleteAnomalyMonitor",
"DeleteAnomalySubscription",
"DeleteCostCategoryDefinition",
"DeleteNotificationSubscription",
"DeleteReport",
"DescribeCostCategoryDefinition",
"DescribeNotificationSubscription",
"DescribeReport",
"GetAnomalies",
"GetAnomalyMonitors",
"GetAnomalySubscriptions",
"GetConsoleActionSetEnforced",
"GetCostAndUsage",
"GetCostAndUsageWithResources",
"GetCostCategories",
"GetCostForecast",
"GetDimensionValues",
"GetPreferences",
"GetReservationCoverage",
"GetReservationPurchaseRecommendation",
"GetReservationUtilization",
"GetRightsizingRecommendation",
"GetSavingsPlansCoverage",
"GetSavingsPlansPurchaseRecommendation",
"GetSavingsPlansUtilization",
"GetSavingsPlansUtilizationDetails",
"GetTags",
"GetUsageForecast",
"ListCostAllocationTags",
"ListCostCategoryDefinitions",
"ListSavingsPlansPurchaseRecommendationGeneration",
"ListTagsForResource",
"ProvideAnomalyFeedback",
"StartSavingsPlansPurchaseRecommendationGeneration",
"TagResource",
"UntagResource",
"UpdateAnomalyMonitor",
"UpdateAnomalySubscription",
"UpdateConsoleActionSetEnforced",
"UpdateCostAllocationTagsStatus",
"UpdateCostCategoryDefinition",
"UpdateNotificationSubscription",
"UpdatePreferences",
"UpdateReport"
],
"HasResource": true,
"StringPrefix": "ce",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Cost and Usage Report": {
"ARNFormat": "arn:aws:cur:${Region}:${Account}:definition/${ResourceName}",
"ARNRegex": "^arn:aws:cur:.+:.+:.+",
"Actions": [
"DeleteReportDefinition",
"DescribeReportDefinitions",
"GetClassicReport",
"GetClassicReportPreferences",
"GetUsageReport",
"ModifyReportDefinition",
"PutClassicReportPreferences",
"PutReportDefinition",
"ValidateReportDestination"
],
"HasResource": true,
"StringPrefix": "cur"
},
"AWS Data Exchange": {
"ARNFormat": "arn:aws:dataexchange:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:dataexchange:.+",
"Actions": [
"CancelJob",
"CreateAsset",
"CreateDataSet",
"CreateEventAction",
"CreateJob",
"CreateRevision",
"DeleteAsset",
"DeleteDataSet",
"DeleteEventAction",
"DeleteRevision",
"GetAsset",
"GetDataSet",
"GetEventAction",
"GetJob",
"GetRevision",
"ListDataSetRevisions",
"ListDataSets",
"ListEventActions",
"ListJobs",
"ListRevisionAssets",
"ListTagsForResource",
"PublishDataSet",
"RevokeRevision",
"SendApiAsset",
"StartJob",
"TagResource",
"UntagResource",
"UpdateAsset",
"UpdateDataSet",
"UpdateEventAction",
"UpdateRevision"
],
"HasResource": true,
"StringPrefix": "dataexchange",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"dataexchange:JobType"
]
},
"AWS Data Pipeline": {
"ARNFormat": "arn:aws:datapipeline:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:datapipeline:.+:.+",
"Actions": [
"ActivatePipeline",
"AddTags",
"CreatePipeline",
"DeactivatePipeline",
"DeletePipeline",
"DescribeObjects",
"DescribePipelines",
"EvaluateExpression",
"GetAccountLimits",
"GetPipelineDefinition",
"ListPipelines",
"PollForTask",
"PutAccountLimits",
"PutPipelineDefinition",
"QueryObjects",
"RemoveTags",
"ReportTaskProgress",
"ReportTaskRunnerHeartbeat",
"SetStatus",
"SetTaskStatus",
"ValidatePipelineDefinition"
],
"HasResource": true,
"StringPrefix": "datapipeline",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"datapipeline:PipelineCreator",
"datapipeline:Tag",
"datapipeline:workerGroup"
]
},
"AWS DataSync": {
"ARNFormat": "arn:aws:datasync:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:datasync:.+",
"Actions": [
"CancelTaskExecution",
"CreateAgent",
"CreateLocationEfs",
"CreateLocationFsxLustre",
"CreateLocationFsxOntap",
"CreateLocationFsxOpenZfs",
"CreateLocationFsxWindows",
"CreateLocationHdfs",
"CreateLocationNfs",
"CreateLocationObjectStorage",
"CreateLocationS3",
"CreateLocationSmb",
"CreateTask",
"DeleteAgent",
"DeleteLocation",
"DeleteTask",
"DescribeAgent",
"DescribeLocationEfs",
"DescribeLocationFsxLustre",
"DescribeLocationFsxOntap",
"DescribeLocationFsxOpenZfs",
"DescribeLocationFsxWindows",
"DescribeLocationHdfs",
"DescribeLocationNfs",
"DescribeLocationObjectStorage",
"DescribeLocationS3",
"DescribeLocationSmb",
"DescribeTask",
"DescribeTaskExecution",
"ListAgents",
"ListLocations",
"ListTagsForResource",
"ListTaskExecutions",
"ListTasks",
"StartTaskExecution",
"TagResource",
"UntagResource",
"UpdateAgent",
"UpdateLocationHdfs",
"UpdateLocationNfs",
"UpdateLocationObjectStorage",
"UpdateLocationSmb",
"UpdateTask",
"UpdateTaskExecution"
],
"HasResource": true,
"StringPrefix": "datasync",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Database Migration Service": {
"ARNFormat": "arn:aws:dms:${Region}:${Account}:${Resource}",
"ARNRegex": "^arn:aws:dms:.+",
"Actions": [
"AddTagsToResource",
"ApplyPendingMaintenanceAction",
"AssociateExtensionPack",
"BatchStartRecommendations",
"CancelMetadataModelAssessment",
"CancelMetadataModelConversion",
"CancelMetadataModelExport",
"CancelReplicationTaskAssessmentRun",
"CreateDataProvider",
"CreateEndpoint",
"CreateEventSubscription",
"CreateFleetAdvisorCollector",
"CreateInstanceProfile",
"CreateMigrationProject",
"CreateReplicationInstance",
"CreateReplicationSubnetGroup",
"CreateReplicationTask",
"DeleteCertificate",
"DeleteConnection",
"DeleteDataProvider",
"DeleteEndpoint",
"DeleteEventSubscription",
"DeleteFleetAdvisorCollector",
"DeleteFleetAdvisorDatabases",
"DeleteInstanceProfile",
"DeleteMigrationProject",
"DeleteReplicationInstance",
"DeleteReplicationSubnetGroup",
"DeleteReplicationTask",
"DeleteReplicationTaskAssessmentRun",
"DescribeAccountAttributes",
"DescribeApplicableIndividualAssessments",
"DescribeCertificates",
"DescribeConnections",
"DescribeEndpointSettings",
"DescribeEndpointTypes",
"DescribeEndpoints",
"DescribeEventCategories",
"DescribeEventSubscriptions",
"DescribeEvents",
"DescribeFleetAdvisorCollectors",
"DescribeFleetAdvisorDatabases",
"DescribeFleetAdvisorLsaAnalysis",
"DescribeFleetAdvisorSchemaObjectSummary",
"DescribeFleetAdvisorSchemas",
"DescribeOrderableReplicationInstances",
"DescribePendingMaintenanceActions",
"DescribeRecommendationLimitations",
"DescribeRecommendations",
"DescribeRefreshSchemasStatus",
"DescribeReplicationInstanceTaskLogs",
"DescribeReplicationInstances",
"DescribeReplicationSubnetGroups",
"DescribeReplicationTaskAssessmentResults",
"DescribeReplicationTaskAssessmentRuns",
"DescribeReplicationTaskIndividualAssessments",
"DescribeReplicationTasks",
"DescribeSchemas",
"DescribeTableStatistics",
"DisassociateExtensionPack",
"ExportMetadataModelAssessment",
"GetMetadataModel",
"ImportCertificate",
"ListDataProviders",
"ListExtensionPacks",
"ListInstanceProfiles",
"ListMetadataModelAssessmentActionItems",
"ListMetadataModelAssessments",
"ListMetadataModelConversions",
"ListMetadataModelExports",
"ListMigrationProjects",
"ListTagsForResource",
"ModifyEndpoint",
"ModifyEventSubscription",
"ModifyFleetAdvisorCollector",
"ModifyFleetAdvisorCollectorStatuses",
"ModifyReplicationInstance",
"ModifyReplicationSubnetGroup",
"ModifyReplicationTask",
"MoveReplicationTask",
"RebootReplicationInstance",
"RefreshSchemas",
"ReloadTables",
"RemoveTagsFromResource",
"RunFleetAdvisorLsaAnalysis",
"StartMetadataModelAssessment",
"StartMetadataModelConversion",
"StartMetadataModelExportAsScripts",
"StartMetadataModelExportToTarget",
"StartMetadataModelImport",
"StartRecommendations",
"StartReplicationTask",
"StartReplicationTaskAssessment",
"StartReplicationTaskAssessmentRun",
"StopReplicationTask",
"TestConnection",
"UpdateConversionConfiguration",
"UpdateDataProvider",
"UpdateInstanceProfile",
"UpdateMigrationProject",
"UpdateSubscriptionsToEventBridge",
"UploadFileMetadataList"
],
"HasResource": true,
"StringPrefix": "dms",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"dms:cert-tag/${TagKey}",
"dms:dp-tag/${TagKey}",
"dms:endpoint-tag/${TagKey}",
"dms:es-tag/${TagKey}",
"dms:ip-tag/${TagKey}",
"dms:mp-tag/${TagKey}",
"dms:rep-tag/${TagKey}",
"dms:req-tag/${TagKey}",
"dms:subgrp-tag/${TagKey}",
"dms:task-tag/${TagKey}"
]
},
"AWS DeepComposer": {
"ARNFormat": "arn:aws:deepcomposer:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:deepcomposer:.+:.+:.+",
"Actions": [
"AssociateCoupon",
"CreateAudio",
"CreateComposition",
"CreateModel",
"DeleteComposition",
"DeleteModel",
"GetComposition",
"GetModel",
"GetSampleModel",
"ListCompositions",
"ListModels",
"ListSampleModels",
"ListTagsForResource",
"ListTrainingTopics",
"TagResource",
"UntagResource",
"UpdateComposition",
"UpdateModel"
],
"HasResource": true,
"StringPrefix": "deepcomposer",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS DeepLens": {
"ARNFormat": "arn:aws:deeplens:<region>:<account-id>:<resource-type>/<resource_name>",
"ARNRegex": "^arn:aws:deeplens:.+:.+:.+",
"Actions": [
"AssociateServiceRoleToAccount",
"BatchGetDevice",
"BatchGetModel",
"BatchGetProject",
"CreateDeviceCertificates",
"CreateModel",
"CreateProject",
"DeleteModel",
"DeleteProject",
"DeployProject",
"DeregisterDevice",
"GetAssociatedResources",
"GetDeploymentStatus",
"GetDevice",
"GetModel",
"GetProject",
"ImportProjectFromTemplate",
"ListDeployments",
"ListDevices",
"ListModels",
"ListProjects",
"RegisterDevice",
"RemoveProject",
"UpdateProject"
],
"HasResource": true,
"StringPrefix": "deeplens"
},
"AWS DeepRacer": {
"ARNFormat": "arn:aws:deepracer:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:deepracer:.+",
"Actions": [
"AddLeaderboardAccessPermission",
"AdminGetAccountConfig",
"AdminListAssociatedResources",
"AdminListAssociatedUsers",
"AdminManageUser",
"AdminSetAccountConfig",
"CloneReinforcementLearningModel",
"CreateCar",
"CreateLeaderboard",
"CreateLeaderboardAccessToken",
"CreateLeaderboardSubmission",
"CreateReinforcementLearningModel",
"DeleteLeaderboard",
"DeleteModel",
"EditLeaderboard",
"GetAccountConfig",
"GetAlias",
"GetAssetUrl",
"GetCar",
"GetCars",
"GetEvaluation",
"GetLatestUserSubmission",
"GetLeaderboard",
"GetModel",
"GetPrivateLeaderboard",
"GetRankedUserSubmission",
"GetTrack",
"GetTrainingJob",
"ImportModel",
"ListEvaluations",
"ListLeaderboardSubmissions",
"ListLeaderboards",
"ListModels",
"ListPrivateLeaderboardParticipants",
"ListPrivateLeaderboards",
"ListSubscribedPrivateLeaderboards",
"ListTagsForResource",
"ListTracks",
"ListTrainingJobs",
"MigrateModels",
"PerformLeaderboardOperation",
"RemoveLeaderboardAccessPermission",
"SetAlias",
"StartEvaluation",
"StopEvaluation",
"StopTrainingReinforcementLearningModel",
"TagResource",
"TestRewardFunction",
"UntagResource",
"UpdateCar"
],
"HasResource": true,
"StringPrefix": "deepracer",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"deepracer:MultiUser",
"deepracer:UserToken"
]
},
"AWS Device Farm": {
"ARNFormat": "arn:aws:devicefarm:${Region}:${Account}:${ResourceType}:${ResourceId}",
"ARNRegex": "^arn:aws:devicefarm:.+",
"Actions": [
"CreateDevicePool",
"CreateInstanceProfile",
"CreateNetworkProfile",
"CreateProject",
"CreateRemoteAccessSession",
"CreateTestGridProject",
"CreateTestGridUrl",
"CreateUpload",
"CreateVPCEConfiguration",
"DeleteDevicePool",
"DeleteInstanceProfile",
"DeleteNetworkProfile",
"DeleteProject",
"DeleteRemoteAccessSession",
"DeleteRun",
"DeleteTestGridProject",
"DeleteUpload",
"DeleteVPCEConfiguration",
"GetAccountSettings",
"GetDevice",
"GetDeviceInstance",
"GetDevicePool",
"GetDevicePoolCompatibility",
"GetInstanceProfile",
"GetJob",
"GetNetworkProfile",
"GetOfferingStatus",
"GetProject",
"GetRemoteAccessSession",
"GetRun",
"GetSuite",
"GetTest",
"GetTestGridProject",
"GetTestGridSession",
"GetUpload",
"GetVPCEConfiguration",
"InstallToRemoteAccessSession",
"ListArtifacts",
"ListDeviceInstances",
"ListDevicePools",
"ListDevices",
"ListInstanceProfiles",
"ListJobs",
"ListNetworkProfiles",
"ListOfferingPromotions",
"ListOfferingTransactions",
"ListOfferings",
"ListProjects",
"ListRemoteAccessSessions",
"ListRuns",
"ListSamples",
"ListSuites",
"ListTagsForResource",
"ListTestGridProjects",
"ListTestGridSessionActions",
"ListTestGridSessionArtifacts",
"ListTestGridSessions",
"ListTests",
"ListUniqueProblems",
"ListUploads",
"ListVPCEConfigurations",
"PurchaseOffering",
"RenewOffering",
"ScheduleRun",
"StopJob",
"StopRemoteAccessSession",
"StopRun",
"TagResource",
"UntagResource",
"UpdateDeviceInstance",
"UpdateDevicePool",
"UpdateInstanceProfile",
"UpdateNetworkProfile",
"UpdateProject",
"UpdateTestGridProject",
"UpdateUpload",
"UpdateVPCEConfiguration"
],
"HasResource": true,
"StringPrefix": "devicefarm",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Direct Connect": {
"ARNFormat": "arn:aws:directconnect:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:directconnect:.+",
"Actions": [
"AcceptDirectConnectGatewayAssociationProposal",
"AllocateConnectionOnInterconnect",
"AllocateHostedConnection",
"AllocatePrivateVirtualInterface",
"AllocatePublicVirtualInterface",
"AllocateTransitVirtualInterface",
"AssociateConnectionWithLag",
"AssociateHostedConnection",
"AssociateMacSecKey",
"AssociateVirtualInterface",
"ConfirmConnection",
"ConfirmCustomerAgreement",
"ConfirmPrivateVirtualInterface",
"ConfirmPublicVirtualInterface",
"ConfirmTransitVirtualInterface",
"CreateBGPPeer",
"CreateConnection",
"CreateDirectConnectGateway",
"CreateDirectConnectGatewayAssociation",
"CreateDirectConnectGatewayAssociationProposal",
"CreateInterconnect",
"CreateLag",
"CreatePrivateVirtualInterface",
"CreatePublicVirtualInterface",
"CreateTransitVirtualInterface",
"DeleteBGPPeer",
"DeleteConnection",
"DeleteDirectConnectGateway",
"DeleteDirectConnectGatewayAssociation",
"DeleteDirectConnectGatewayAssociationProposal",
"DeleteInterconnect",
"DeleteLag",
"DeleteVirtualInterface",
"DescribeConnectionLoa",
"DescribeConnections",
"DescribeConnectionsOnInterconnect",
"DescribeCustomerMetadata",
"DescribeDirectConnectGatewayAssociationProposals",
"DescribeDirectConnectGatewayAssociations",
"DescribeDirectConnectGatewayAttachments",
"DescribeDirectConnectGateways",
"DescribeHostedConnections",
"DescribeInterconnectLoa",
"DescribeInterconnects",
"DescribeLags",
"DescribeLoa",
"DescribeLocations",
"DescribeRouterConfiguration",
"DescribeTags",
"DescribeVirtualGateways",
"DescribeVirtualInterfaces",
"DisassociateConnectionFromLag",
"DisassociateMacSecKey",
"ListVirtualInterfaceTestHistory",
"StartBgpFailoverTest",
"StopBgpFailoverTest",
"TagResource",
"UntagResource",
"UpdateConnection",
"UpdateDirectConnectGateway",
"UpdateDirectConnectGatewayAssociation",
"UpdateLag",
"UpdateVirtualInterfaceAttributes"
],
"HasResource": true,
"StringPrefix": "directconnect",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Directory Service": {
"ARNFormat": "arn:aws:ds:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:ds:.+",
"Actions": [
"AcceptSharedDirectory",
"AddIpRoutes",
"AddRegion",
"AddTagsToResource",
"AuthorizeApplication",
"CancelSchemaExtension",
"CheckAlias",
"ConnectDirectory",
"CreateAlias",
"CreateComputer",
"CreateConditionalForwarder",
"CreateDirectory",
"CreateIdentityPoolDirectory",
"CreateLogSubscription",
"CreateMicrosoftAD",
"CreateSnapshot",
"CreateTrust",
"DeleteConditionalForwarder",
"DeleteDirectory",
"DeleteLogSubscription",
"DeleteSnapshot",
"DeleteTrust",
"DeregisterCertificate",
"DeregisterEventTopic",
"DescribeCertificate",
"DescribeClientAuthenticationSettings",
"DescribeConditionalForwarders",
"DescribeDirectories",
"DescribeDomainControllers",
"DescribeEventTopics",
"DescribeLDAPSSettings",
"DescribeRegions",
"DescribeSettings",
"DescribeSharedDirectories",
"DescribeSnapshots",
"DescribeTrusts",
"DescribeUpdateDirectory",
"DisableClientAuthentication",
"DisableLDAPS",
"DisableRadius",
"DisableSso",
"EnableClientAuthentication",
"EnableLDAPS",
"EnableRadius",
"EnableSso",
"GetAuthorizedApplicationDetails",
"GetDirectoryLimits",
"GetSnapshotLimits",
"ListAuthorizedApplications",
"ListCertificates",
"ListIpRoutes",
"ListLogSubscriptions",
"ListSchemaExtensions",
"ListTagsForResource",
"RegisterCertificate",
"RegisterEventTopic",
"RejectSharedDirectory",
"RemoveIpRoutes",
"RemoveRegion",
"RemoveTagsFromResource",
"ResetUserPassword",
"RestoreFromSnapshot",
"ShareDirectory",
"StartSchemaExtension",
"UnauthorizeApplication",
"UnshareDirectory",
"UpdateConditionalForwarder",
"UpdateDirectorySetup",
"UpdateNumberOfDomainControllers",
"UpdateRadius",
"UpdateSettings",
"UpdateTrust",
"VerifyTrust"
],
"HasResource": true,
"StringPrefix": "ds",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Elastic Beanstalk": {
"ARNFormat": "arn:aws:elasticbeanstalk:${Region}:${AccountID}:${ResourceType}/${PathToResource}",
"ARNRegex": "^arn:aws:elasticbeanstalk:.+:.*:.+/.+",
"Actions": [
"AbortEnvironmentUpdate",
"AddTags",
"ApplyEnvironmentManagedAction",
"AssociateEnvironmentOperationsRole",
"CheckDNSAvailability",
"ComposeEnvironments",
"CreateApplication",
"CreateApplicationVersion",
"CreateConfigurationTemplate",
"CreateEnvironment",
"CreatePlatformVersion",
"CreateStorageLocation",
"DeleteApplication",
"DeleteApplicationVersion",
"DeleteConfigurationTemplate",
"DeleteEnvironmentConfiguration",
"DeletePlatformVersion",
"DescribeAccountAttributes",
"DescribeApplicationVersions",
"DescribeApplications",
"DescribeConfigurationOptions",
"DescribeConfigurationSettings",
"DescribeEnvironmentHealth",
"DescribeEnvironmentManagedActionHistory",
"DescribeEnvironmentManagedActions",
"DescribeEnvironmentResources",
"DescribeEnvironments",
"DescribeEvents",
"DescribeInstancesHealth",
"DescribePlatformVersion",
"DisassociateEnvironmentOperationsRole",
"ListAvailableSolutionStacks",
"ListPlatformBranches",
"ListPlatformVersions",
"ListTagsForResource",
"PutInstanceStatistics",
"RebuildEnvironment",
"RemoveTags",
"RequestEnvironmentInfo",
"RestartAppServer",
"RetrieveEnvironmentInfo",
"SwapEnvironmentCNAMEs",
"TerminateEnvironment",
"UpdateApplication",
"UpdateApplicationResourceLifecycle",
"UpdateApplicationVersion",
"UpdateConfigurationTemplate",
"UpdateEnvironment",
"UpdateTagsForResource",
"ValidateConfigurationSettings"
],
"HasResource": true,
"StringPrefix": "elasticbeanstalk",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"elasticbeanstalk:FromApplication",
"elasticbeanstalk:FromApplicationVersion",
"elasticbeanstalk:FromConfigurationTemplate",
"elasticbeanstalk:FromEnvironment",
"elasticbeanstalk:FromPlatform",
"elasticbeanstalk:FromSolutionStack",
"elasticbeanstalk:InApplication"
]
},
"AWS Elastic Disaster Recovery": {
"ARNFormat": "arn:aws:drs:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:drs:.+",
"Actions": [
"AssociateFailbackClientToRecoveryInstanceForDrs",
"BatchCreateVolumeSnapshotGroupForDrs",
"BatchDeleteSnapshotRequestForDrs",
"CreateConvertedSnapshotForDrs",
"CreateExtendedSourceServer",
"CreateLaunchConfigurationTemplate",
"CreateRecoveryInstanceForDrs",
"CreateReplicationConfigurationTemplate",
"CreateSourceServerForDrs",
"DeleteJob",
"DeleteLaunchConfigurationTemplate",
"DeleteRecoveryInstance",
"DeleteReplicationConfigurationTemplate",
"DeleteSourceServer",
"DescribeJobLogItems",
"DescribeJobs",
"DescribeLaunchConfigurationTemplates",
"DescribeRecoveryInstances",
"DescribeRecoverySnapshots",
"DescribeReplicationConfigurationTemplates",
"DescribeReplicationServerAssociationsForDrs",
"DescribeSnapshotRequestsForDrs",
"DescribeSourceServers",
"DisconnectRecoveryInstance",
"DisconnectSourceServer",
"GetAgentCommandForDrs",
"GetAgentConfirmedResumeInfoForDrs",
"GetAgentInstallationAssetsForDrs",
"GetAgentReplicationInfoForDrs",
"GetAgentRuntimeConfigurationForDrs",
"GetAgentSnapshotCreditsForDrs",
"GetChannelCommandsForDrs",
"GetFailbackCommandForDrs",
"GetFailbackLaunchRequestedForDrs",
"GetFailbackReplicationConfiguration",
"GetLaunchConfiguration",
"GetReplicationConfiguration",
"GetSuggestedFailbackClientDeviceMappingForDrs",
"InitializeService",
"IssueAgentCertificateForDrs",
"ListExtensibleSourceServers",
"ListStagingAccounts",
"ListTagsForResource",
"NotifyAgentAuthenticationForDrs",
"NotifyAgentConnectedForDrs",
"NotifyAgentDisconnectedForDrs",
"NotifyAgentReplicationProgressForDrs",
"NotifyConsistencyAttainedForDrs",
"NotifyReplicationServerAuthenticationForDrs",
"NotifyVolumeEventForDrs",
"RetryDataReplication",
"ReverseReplication",
"SendAgentLogsForDrs",
"SendAgentMetricsForDrs",
"SendChannelCommandResultForDrs",
"SendClientLogsForDrs",
"SendClientMetricsForDrs",
"SendVolumeStatsForDrs",
"StartFailbackLaunch",
"StartRecovery",
"StartReplication",
"StopFailback",
"StopReplication",
"TagResource",
"TerminateRecoveryInstances",
"UntagResource",
"UpdateAgentBacklogForDrs",
"UpdateAgentConversionInfoForDrs",
"UpdateAgentReplicationInfoForDrs",
"UpdateAgentReplicationProcessStateForDrs",
"UpdateAgentSourcePropertiesForDrs",
"UpdateFailbackClientDeviceMappingForDrs",
"UpdateFailbackClientLastSeenForDrs",
"UpdateFailbackReplicationConfiguration",
"UpdateLaunchConfiguration",
"UpdateLaunchConfigurationTemplate",
"UpdateReplicationCertificateForDrs",
"UpdateReplicationConfiguration",
"UpdateReplicationConfigurationTemplate"
],
"HasResource": true,
"StringPrefix": "drs",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"drs:CreateAction",
"drs:EC2InstanceARN"
]
},
"AWS Elastic Load Balancing": {
"ARNFormat": "arn:aws:elasticloadbalancing:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:elasticloadbalancing:.+",
"Actions": [
"AddTags",
"ApplySecurityGroupsToLoadBalancer",
"AttachLoadBalancerToSubnets",
"ConfigureHealthCheck",
"CreateAppCookieStickinessPolicy",
"CreateLBCookieStickinessPolicy",
"CreateLoadBalancer",
"CreateLoadBalancerListeners",
"CreateLoadBalancerPolicy",
"DeleteLoadBalancer",
"DeleteLoadBalancerListeners",
"DeleteLoadBalancerPolicy",
"DeregisterInstancesFromLoadBalancer",
"DescribeInstanceHealth",
"DescribeLoadBalancerAttributes",
"DescribeLoadBalancerPolicies",
"DescribeLoadBalancerPolicyTypes",
"DescribeLoadBalancers",
"DescribeTags",
"DetachLoadBalancerFromSubnets",
"DisableAvailabilityZonesForLoadBalancer",
"EnableAvailabilityZonesForLoadBalancer",
"ModifyLoadBalancerAttributes",
"RegisterInstancesWithLoadBalancer",
"RemoveTags",
"SetLoadBalancerListenerSSLCertificate",
"SetLoadBalancerPoliciesForBackendServer",
"SetLoadBalancerPoliciesOfListener"
],
"HasResource": true,
"StringPrefix": "elasticloadbalancing",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"elasticloadbalancing:CreateAction",
"elasticloadbalancing:ResourceTag/",
"elasticloadbalancing:ResourceTag/${TagKey}"
]
},
"AWS Elemental Appliances and Software": {
"ARNFormat": "arn:aws:elemental-appliances-software:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:elemental-appliances-software:.+:.+:.+",
"Actions": [
"CompleteUpload",
"CreateOrderV1",
"CreateQuote",
"GetAvsCorrectAddress",
"GetBillingAddresses",
"GetDeliveryAddressesV2",
"GetOrder",
"GetOrdersV2",
"GetQuote",
"GetTaxes",
"ListQuotes",
"ListTagsForResource",
"StartUpload",
"SubmitOrderV1",
"TagResource",
"UntagResource",
"UpdateQuote"
],
"HasResource": true,
"StringPrefix": "elemental-appliances-software",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Elemental Appliances and Software Activation Service": {
"ARNFormat": "arn:aws:elemental-activations:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:elemental-activations:.+:.+:.+",
"Actions": [
"CompleteAccountRegistration",
"CompleteFileUpload",
"DownloadSoftware",
"GenerateLicenses",
"GetActivation",
"ListTagsForResource",
"StartAccountRegistration",
"StartFileUpload",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "elemental-activations",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Elemental MediaConnect": {
"ARNFormat": "arn:aws:mediaconnect:${Region}:${Account}:${Namespace}:${RelativeId}:${RelativeName}",
"ARNRegex": "^arn:aws:mediaconnect:.+",
"Actions": [
"AddBridgeOutputs",
"AddBridgeSources",
"AddFlowMediaStreams",
"AddFlowOutputs",
"AddFlowSources",
"AddFlowVpcInterfaces",
"CreateBridge",
"CreateFlow",
"CreateGateway",
"DeleteBridge",
"DeleteFlow",
"DeleteGateway",
"DeregisterGatewayInstance",
"DescribeBridge",
"DescribeFlow",
"DescribeGateway",
"DescribeGatewayInstance",
"DescribeOffering",
"DescribeReservation",
"DiscoverGatewayPollEndpoint",
"GrantFlowEntitlements",
"ListBridges",
"ListEntitlements",
"ListFlows",
"ListGatewayInstances",
"ListGateways",
"ListOfferings",
"ListReservations",
"ListTagsForResource",
"PollGateway",
"PurchaseOffering",
"RemoveBridgeOutput",
"RemoveBridgeSource",
"RemoveFlowMediaStream",
"RemoveFlowOutput",
"RemoveFlowSource",
"RemoveFlowVpcInterface",
"RevokeFlowEntitlement",
"StartFlow",
"StopFlow",
"SubmitGatewayStateChange",
"TagResource",
"UntagResource",
"UpdateBridge",
"UpdateBridgeOutput",
"UpdateBridgeSource",
"UpdateBridgeState",
"UpdateFlow",
"UpdateFlowEntitlement",
"UpdateFlowMediaStream",
"UpdateFlowOutput",
"UpdateFlowSource",
"UpdateGatewayInstance"
],
"HasResource": true,
"StringPrefix": "mediaconnect"
},
"AWS Elemental MediaConvert": {
"ARNFormat": "arn:aws:mediaconvert:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:mediaconvert:.+",
"Actions": [
"AssociateCertificate",
"CancelJob",
"CreateJob",
"CreateJobTemplate",
"CreatePreset",
"CreateQueue",
"DeleteJobTemplate",
"DeletePolicy",
"DeletePreset",
"DeleteQueue",
"DescribeEndpoints",
"DisassociateCertificate",
"GetJob",
"GetJobTemplate",
"GetPolicy",
"GetPreset",
"GetQueue",
"ListJobTemplates",
"ListJobs",
"ListPresets",
"ListQueues",
"ListTagsForResource",
"PutPolicy",
"TagResource",
"UntagResource",
"UpdateJobTemplate",
"UpdatePreset",
"UpdateQueue"
],
"HasResource": true,
"StringPrefix": "mediaconvert",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Elemental MediaLive": {
"ARNFormat": "arn:aws:medialive:${Region}:${Account}:${ResourceType}:${ResourceId}",
"ARNRegex": "^arn:aws:medialive:${Region}:${Account}:.+",
"Actions": [
"AcceptInputDeviceTransfer",
"BatchDelete",
"BatchStart",
"BatchStop",
"BatchUpdateSchedule",
"CancelInputDeviceTransfer",
"ClaimDevice",
"CreateChannel",
"CreateInput",
"CreateInputSecurityGroup",
"CreateMultiplex",
"CreateMultiplexProgram",
"CreatePartnerInput",
"CreateTags",
"DeleteChannel",
"DeleteInput",
"DeleteInputSecurityGroup",
"DeleteMultiplex",
"DeleteMultiplexProgram",
"DeleteReservation",
"DeleteSchedule",
"DeleteTags",
"DescribeChannel",
"DescribeInput",
"DescribeInputDevice",
"DescribeInputDeviceThumbnail",
"DescribeInputSecurityGroup",
"DescribeMultiplex",
"DescribeMultiplexProgram",
"DescribeOffering",
"DescribeReservation",
"DescribeSchedule",
"ListChannels",
"ListInputDeviceTransfers",
"ListInputDevices",
"ListInputSecurityGroups",
"ListInputs",
"ListMultiplexPrograms",
"ListMultiplexes",
"ListOfferings",
"ListReservations",
"ListTagsForResource",
"PurchaseOffering",
"RebootInputDevice",
"RejectInputDeviceTransfer",
"StartChannel",
"StartInputDeviceMaintenanceWindow",
"StartMultiplex",
"StopChannel",
"StopMultiplex",
"TransferInputDevice",
"UpdateChannel",
"UpdateChannelClass",
"UpdateInput",
"UpdateInputDevice",
"UpdateInputSecurityGroup",
"UpdateMultiplex",
"UpdateMultiplexProgram",
"UpdateReservation"
],
"HasResource": true,
"StringPrefix": "medialive",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Elemental MediaPackage": {
"ARNFormat": "arn:aws:mediapackage:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}",
"ARNRegex": "^arn:aws:mediapackage:.+",
"Actions": [
"ConfigureLogs",
"CreateChannel",
"CreateHarvestJob",
"CreateOriginEndpoint",
"DeleteChannel",
"DeleteOriginEndpoint",
"DescribeChannel",
"DescribeHarvestJob",
"DescribeOriginEndpoint",
"ListChannels",
"ListHarvestJobs",
"ListOriginEndpoints",
"ListTagsForResource",
"RotateChannelCredentials",
"RotateIngestEndpointCredentials",
"TagResource",
"UntagResource",
"UpdateChannel",
"UpdateOriginEndpoint"
],
"HasResource": true,
"StringPrefix": "mediapackage",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Elemental MediaPackage VOD": {
"ARNFormat": "arn:aws:mediapackage-vod:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}",
"ARNRegex": "^arn:aws:mediapackage-vod:.+:.+:.+",
"Actions": [
"ConfigureLogs",
"CreateAsset",
"CreatePackagingConfiguration",
"CreatePackagingGroup",
"DeleteAsset",
"DeletePackagingConfiguration",
"DeletePackagingGroup",
"DescribeAsset",
"DescribePackagingConfiguration",
"DescribePackagingGroup",
"ListAssets",
"ListPackagingConfigurations",
"ListPackagingGroups",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdatePackagingGroup"
],
"HasResource": true,
"StringPrefix": "mediapackage-vod",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Elemental MediaStore": {
"ARNFormat": "arn:aws:mediastore:${Region}:${Account}:${Resource}",
"ARNRegex": "^arn:aws:mediastore:.+:.+",
"Actions": [
"CreateContainer",
"DeleteContainer",
"DeleteContainerPolicy",
"DeleteCorsPolicy",
"DeleteLifecyclePolicy",
"DeleteMetricPolicy",
"DeleteObject",
"DescribeContainer",
"DescribeObject",
"GetContainerPolicy",
"GetCorsPolicy",
"GetLifecyclePolicy",
"GetMetricPolicy",
"GetObject",
"ListContainers",
"ListItems",
"ListTagsForResource",
"PutContainerPolicy",
"PutCorsPolicy",
"PutLifecyclePolicy",
"PutMetricPolicy",
"PutObject",
"StartAccessLogging",
"StopAccessLogging",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "mediastore",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Elemental MediaTailor": {
"ARNFormat": "arn:aws:mediatailor:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:mediatailor:.+:.+:.+",
"Actions": [
"ConfigureLogsForChannel",
"ConfigureLogsForPlaybackConfiguration",
"CreateChannel",
"CreateLiveSource",
"CreatePrefetchSchedule",
"CreateProgram",
"CreateSourceLocation",
"CreateVodSource",
"DeleteChannel",
"DeleteChannelPolicy",
"DeleteLiveSource",
"DeletePlaybackConfiguration",
"DeletePrefetchSchedule",
"DeleteProgram",
"DeleteSourceLocation",
"DeleteVodSource",
"DescribeChannel",
"DescribeLiveSource",
"DescribeProgram",
"DescribeSourceLocation",
"DescribeVodSource",
"GetChannelPolicy",
"GetChannelSchedule",
"GetPlaybackConfiguration",
"GetPrefetchSchedule",
"ListAlerts",
"ListChannels",
"ListLiveSources",
"ListPlaybackConfigurations",
"ListPrefetchSchedules",
"ListSourceLocations",
"ListTagsForResource",
"ListVodSources",
"PutChannelPolicy",
"PutPlaybackConfiguration",
"StartChannel",
"StopChannel",
"TagResource",
"UntagResource",
"UpdateChannel",
"UpdateLiveSource",
"UpdateProgram",
"UpdateSourceLocation",
"UpdateVodSource"
],
"HasResource": true,
"StringPrefix": "mediatailor",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Elemental Support Cases": {
"ARNFormat": "arn:${Partition}:elemental-support-cases:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:${Partition}:elemental-support-cases:.+:.+:.+",
"Actions": [
"CheckCasePermission",
"CreateCase",
"GetCase",
"GetCases",
"UpdateCase"
],
"HasResource": false,
"StringPrefix": "elemental-support-cases"
},
"AWS Elemental Support Content": {
"ARNFormat": "arn:${Partition}:elemental-support-content:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:${Partition}:elemental-support-content:.+:.+:.+",
"Actions": [
"Query"
],
"HasResource": false,
"StringPrefix": "elemental-support-content"
},
"AWS Fault Injection Simulator": {
"ARNFormat": "arn:aws:fis:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:fis:.+:.+:.+",
"Actions": [
"CreateExperimentTemplate",
"DeleteExperimentTemplate",
"GetAction",
"GetExperiment",
"GetExperimentTemplate",
"GetTargetResourceType",
"InjectApiInternalError",
"InjectApiThrottleError",
"InjectApiUnavailableError",
"ListActions",
"ListExperimentTemplates",
"ListExperiments",
"ListTagsForResource",
"ListTargetResourceTypes",
"StartExperiment",
"StopExperiment",
"TagResource",
"UntagResource",
"UpdateExperimentTemplate"
],
"HasResource": true,
"StringPrefix": "fis",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"fis:Operations",
"fis:Percentage",
"fis:Service",
"fis:Targets"
]
},
"AWS Firewall Manager": {
"ARNFormat": "arn:aws:fms:${Region}:${Account}:${Resource}/${Id}",
"ARNRegex": "^arn:aws:fms:.+:[0-9]+:.+/.+",
"Actions": [
"AssociateAdminAccount",
"AssociateThirdPartyFirewall",
"BatchAssociateResource",
"BatchDisassociateResource",
"DeleteAppsList",
"DeleteNotificationChannel",
"DeletePolicy",
"DeleteProtocolsList",
"DeleteResourceSet",
"DisassociateAdminAccount",
"DisassociateThirdPartyFirewall",
"GetAdminAccount",
"GetAdminScope",
"GetAppsList",
"GetComplianceDetail",
"GetNotificationChannel",
"GetPolicy",
"GetProtectionStatus",
"GetProtocolsList",
"GetResourceSet",
"GetThirdPartyFirewallAssociationStatus",
"GetViolationDetails",
"ListAdminAccountsForOrganization",
"ListAdminsManagingAccount",
"ListAppsLists",
"ListComplianceStatus",
"ListDiscoveredResources",
"ListMemberAccounts",
"ListPolicies",
"ListProtocolsLists",
"ListResourceSetResources",
"ListResourceSets",
"ListTagsForResource",
"ListThirdPartyFirewallFirewallPolicies",
"PutAdminAccount",
"PutAppsList",
"PutNotificationChannel",
"PutPolicy",
"PutProtocolsList",
"PutResourceSet",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "fms",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Free Tier": {
"Actions": [
"GetFreeTierAlertPreference",
"GetFreeTierUsage",
"PutFreeTierAlertPreference"
],
"HasResource": false,
"StringPrefix": "freetier"
},
"AWS Global Accelerator": {
"ARNFormat": "arn:aws:globalaccelerator::${Account}:accelerator/${AcceleratorId}",
"ARNRegex": "^arn:aws:globalaccelerator::.+:.+",
"Actions": [
"AddCustomRoutingEndpoints",
"AddEndpoints",
"AdvertiseByoipCidr",
"AllowCustomRoutingTraffic",
"CreateAccelerator",
"CreateCustomRoutingAccelerator",
"CreateCustomRoutingEndpointGroup",
"CreateCustomRoutingListener",
"CreateEndpointGroup",
"CreateListener",
"DeleteAccelerator",
"DeleteCustomRoutingAccelerator",
"DeleteCustomRoutingEndpointGroup",
"DeleteCustomRoutingListener",
"DeleteEndpointGroup",
"DeleteListener",
"DenyCustomRoutingTraffic",
"DeprovisionByoipCidr",
"DescribeAccelerator",
"DescribeAcceleratorAttributes",
"DescribeCustomRoutingAccelerator",
"DescribeCustomRoutingAcceleratorAttributes",
"DescribeCustomRoutingEndpointGroup",
"DescribeCustomRoutingListener",
"DescribeEndpointGroup",
"DescribeListener",
"ListAccelerators",
"ListByoipCidrs",
"ListCustomRoutingAccelerators",
"ListCustomRoutingEndpointGroups",
"ListCustomRoutingListeners",
"ListCustomRoutingPortMappings",
"ListCustomRoutingPortMappingsByDestination",
"ListEndpointGroups",
"ListListeners",
"ListTagsForResource",
"ProvisionByoipCidr",
"RemoveCustomRoutingEndpoints",
"RemoveEndpoints",
"TagResource",
"UntagResource",
"UpdateAccelerator",
"UpdateAcceleratorAttributes",
"UpdateCustomRoutingAccelerator",
"UpdateCustomRoutingAcceleratorAttributes",
"UpdateCustomRoutingListener",
"UpdateEndpointGroup",
"UpdateListener",
"WithdrawByoipCidr"
],
"HasResource": true,
"StringPrefix": "globalaccelerator",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Glue": {
"ARNFormat": "arn:aws:glue:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:glue:.+:.+",
"Actions": [
"BatchCreatePartition",
"BatchDeleteConnection",
"BatchDeletePartition",
"BatchDeleteTable",
"BatchDeleteTableVersion",
"BatchGetBlueprints",
"BatchGetCrawlers",
"BatchGetCustomEntityTypes",
"BatchGetDevEndpoints",
"BatchGetJobs",
"BatchGetPartition",
"BatchGetTriggers",
"BatchGetWorkflows",
"BatchStopJobRun",
"BatchUpdatePartition",
"CancelDataQualityRuleRecommendationRun",
"CancelDataQualityRulesetEvaluationRun",
"CancelMLTaskRun",
"CancelStatement",
"CheckSchemaVersionValidity",
"CreateBlueprint",
"CreateClassifier",
"CreateConnection",
"CreateCrawler",
"CreateCustomEntityType",
"CreateDataQualityRuleset",
"CreateDatabase",
"CreateDevEndpoint",
"CreateJob",
"CreateMLTransform",
"CreatePartition",
"CreatePartitionIndex",
"CreateRegistry",
"CreateSchema",
"CreateScript",
"CreateSecurityConfiguration",
"CreateSession",
"CreateTable",
"CreateTrigger",
"CreateUserDefinedFunction",
"CreateWorkflow",
"DeleteBlueprint",
"DeleteClassifier",
"DeleteColumnStatisticsForPartition",
"DeleteColumnStatisticsForTable",
"DeleteConnection",
"DeleteCrawler",
"DeleteCustomEntityType",
"DeleteDataQualityRuleset",
"DeleteDatabase",
"DeleteDevEndpoint",
"DeleteJob",
"DeleteMLTransform",
"DeletePartition",
"DeletePartitionIndex",
"DeleteRegistry",
"DeleteResourcePolicy",
"DeleteSchema",
"DeleteSchemaVersions",
"DeleteSecurityConfiguration",
"DeleteSession",
"DeleteTable",
"DeleteTableVersion",
"DeleteTrigger",
"DeleteUserDefinedFunction",
"DeleteWorkflow",
"DeregisterDataPreview",
"GetBlueprint",
"GetBlueprintRun",
"GetBlueprintRuns",
"GetCatalogImportStatus",
"GetClassifier",
"GetClassifiers",
"GetColumnStatisticsForPartition",
"GetColumnStatisticsForTable",
"GetConnection",
"GetConnections",
"GetCrawler",
"GetCrawlerMetrics",
"GetCrawlers",
"GetCustomEntityType",
"GetDataCatalogEncryptionSettings",
"GetDataPreviewStatement",
"GetDataQualityResult",
"GetDataQualityRuleRecommendationRun",
"GetDataQualityRuleset",
"GetDataQualityRulesetEvaluationRun",
"GetDatabase",
"GetDatabases",
"GetDataflowGraph",
"GetDevEndpoint",
"GetDevEndpoints",
"GetJob",
"GetJobBookmark",
"GetJobRun",
"GetJobRuns",
"GetJobs",
"GetMLTaskRun",
"GetMLTaskRuns",
"GetMLTransform",
"GetMLTransforms",
"GetMapping",
"GetNotebookInstanceStatus",
"GetPartition",
"GetPartitionIndexes",
"GetPartitions",
"GetPlan",
"GetRegistry",
"GetResourcePolicies",
"GetResourcePolicy",
"GetSchema",
"GetSchemaByDefinition",
"GetSchemaVersion",
"GetSchemaVersionsDiff",
"GetSecurityConfiguration",
"GetSecurityConfigurations",
"GetSession",
"GetStatement",
"GetTable",
"GetTableVersion",
"GetTableVersions",
"GetTables",
"GetTags",
"GetTrigger",
"GetTriggers",
"GetUserDefinedFunction",
"GetUserDefinedFunctions",
"GetWorkflow",
"GetWorkflowRun",
"GetWorkflowRunProperties",
"GetWorkflowRuns",
"GlueNotebookAuthorize",
"GlueNotebookRefreshCredentials",
"ImportCatalogToGlue",
"ListBlueprints",
"ListCrawlers",
"ListCrawls",
"ListCustomEntityTypes",
"ListDataQualityResults",
"ListDataQualityRuleRecommendationRuns",
"ListDataQualityRulesetEvaluationRuns",
"ListDataQualityRulesets",
"ListDevEndpoints",
"ListJobs",
"ListMLTransforms",
"ListRegistries",
"ListSchemaVersions",
"ListSchemas",
"ListSessions",
"ListStatements",
"ListTriggers",
"ListWorkflows",
"NotifyEvent",
"PublishDataQuality",
"PutDataCatalogEncryptionSettings",
"PutResourcePolicy",
"PutSchemaVersionMetadata",
"PutWorkflowRunProperties",
"QuerySchemaVersionMetadata",
"RegisterSchemaVersion",
"RemoveSchemaVersionMetadata",
"ResetJobBookmark",
"ResumeWorkflowRun",
"RunDataPreviewStatement",
"RunStatement",
"SearchTables",
"StartBlueprintRun",
"StartCrawler",
"StartCrawlerSchedule",
"StartDataQualityRuleRecommendationRun",
"StartDataQualityRulesetEvaluationRun",
"StartExportLabelsTaskRun",
"StartImportLabelsTaskRun",
"StartJobRun",
"StartMLEvaluationTaskRun",
"StartMLLabelingSetGenerationTaskRun",
"StartNotebook",
"StartTrigger",
"StartWorkflowRun",
"StopCrawler",
"StopCrawlerSchedule",
"StopSession",
"StopTrigger",
"StopWorkflowRun",
"TagResource",
"TerminateNotebook",
"UntagResource",
"UpdateBlueprint",
"UpdateClassifier",
"UpdateColumnStatisticsForPartition",
"UpdateColumnStatisticsForTable",
"UpdateConnection",
"UpdateCrawler",
"UpdateCrawlerSchedule",
"UpdateDataQualityRuleset",
"UpdateDatabase",
"UpdateDevEndpoint",
"UpdateJob",
"UpdateJobFromSourceControl",
"UpdateMLTransform",
"UpdatePartition",
"UpdateRegistry",
"UpdateSchema",
"UpdateSourceControlFromJob",
"UpdateTable",
"UpdateTrigger",
"UpdateUserDefinedFunction",
"UpdateWorkflow",
"UseGlueStudio",
"UseMLTransforms"
],
"HasResource": true,
"StringPrefix": "glue",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"glue:CredentialIssuingService",
"glue:RoleAssumedBy",
"glue:SecurityGroupIds",
"glue:SubnetIds",
"glue:VpcIds"
]
},
"AWS Glue DataBrew": {
"ARNFormat": "arn:aws:databrew:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:databrew:.+:.+:.+",
"Actions": [
"BatchDeleteRecipeVersion",
"CreateDataset",
"CreateProfileJob",
"CreateProject",
"CreateRecipe",
"CreateRecipeJob",
"CreateRuleset",
"CreateSchedule",
"DeleteDataset",
"DeleteJob",
"DeleteProject",
"DeleteRecipeVersion",
"DeleteRuleset",
"DeleteSchedule",
"DescribeDataset",
"DescribeJob",
"DescribeJobRun",
"DescribeProject",
"DescribeRecipe",
"DescribeRuleset",
"DescribeSchedule",
"ListDatasets",
"ListJobRuns",
"ListJobs",
"ListProjects",
"ListRecipeVersions",
"ListRecipes",
"ListRulesets",
"ListSchedules",
"ListTagsForResource",
"PublishRecipe",
"SendProjectSessionAction",
"StartJobRun",
"StartProjectSession",
"StopJobRun",
"TagResource",
"UntagResource",
"UpdateDataset",
"UpdateProfileJob",
"UpdateProject",
"UpdateRecipe",
"UpdateRecipeJob",
"UpdateRuleset",
"UpdateSchedule"
],
"HasResource": true,
"StringPrefix": "databrew",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Ground Station": {
"ARNFormat": "arn:aws:groundstation:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:groundstation:.+",
"Actions": [
"CancelContact",
"CreateConfig",
"CreateDataflowEndpointGroup",
"CreateEphemeris",
"CreateMissionProfile",
"DeleteConfig",
"DeleteDataflowEndpointGroup",
"DeleteEphemeris",
"DeleteMissionProfile",
"DescribeContact",
"DescribeEphemeris",
"GetAgentConfiguration",
"GetConfig",
"GetDataflowEndpointGroup",
"GetMinuteUsage",
"GetMissionProfile",
"GetSatellite",
"ListConfigs",
"ListContacts",
"ListDataflowEndpointGroups",
"ListEphemerides",
"ListGroundStations",
"ListMissionProfiles",
"ListSatellites",
"ListTagsForResource",
"RegisterAgent",
"ReserveContact",
"TagResource",
"UntagResource",
"UpdateAgentStatus",
"UpdateConfig",
"UpdateEphemeris",
"UpdateMissionProfile"
],
"HasResource": true,
"StringPrefix": "groundstation",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"groundstation:AgentId",
"groundstation:ConfigId",
"groundstation:ConfigType",
"groundstation:ContactId",
"groundstation:DataflowEndpointGroupId",
"groundstation:EphemerisId",
"groundstation:GroundStationId",
"groundstation:MissionProfileId",
"groundstation:SatelliteId"
]
},
"AWS Health APIs and Notifications": {
"ARNFormat": "arn:aws:health::${Namespace}:${RelativeId}",
"ARNRegex": "^arn:aws:health:[^:]*:[^:]*:.+",
"Actions": [
"DescribeAffectedAccountsForOrganization",
"DescribeAffectedEntities",
"DescribeAffectedEntitiesForOrganization",
"DescribeEntityAggregates",
"DescribeEventAggregates",
"DescribeEventDetails",
"DescribeEventDetailsForOrganization",
"DescribeEventTypes",
"DescribeEvents",
"DescribeEventsForOrganization",
"DescribeHealthServiceStatusForOrganization",
"DisableHealthServiceAccessForOrganization",
"EnableHealthServiceAccessForOrganization"
],
"HasResource": true,
"StringPrefix": "health",
"conditionKeys": [
"health:eventTypeCode",
"health:service"
]
},
"AWS IAM Access Analyzer": {
"ARNFormat": "arn:aws:access-analyzer:${Region}:${Account}:analyzer/${AnalyzerName}",
"ARNRegex": "^arn:aws:access-analyzer:.+",
"Actions": [
"ApplyArchiveRule",
"CancelPolicyGeneration",
"CreateAccessPreview",
"CreateAnalyzer",
"CreateArchiveRule",
"DeleteAnalyzer",
"DeleteArchiveRule",
"GetAccessPreview",
"GetAnalyzedResource",
"GetAnalyzer",
"GetArchiveRule",
"GetFinding",
"GetGeneratedPolicy",
"ListAccessPreviewFindings",
"ListAccessPreviews",
"ListAnalyzedResources",
"ListAnalyzers",
"ListArchiveRules",
"ListFindings",
"ListPolicyGenerations",
"ListTagsForResource",
"StartPolicyGeneration",
"StartResourceScan",
"TagResource",
"UntagResource",
"UpdateArchiveRule",
"UpdateFindings",
"ValidatePolicy"
],
"HasResource": true,
"StringPrefix": "access-analyzer",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS IAM Identity Center (successor to AWS Single Sign-On)": {
"ARNFormat": "arn:aws:sso:::${RelativeId}",
"ARNRegex": "^arn:aws:sso:::.+",
"Actions": [
"AssociateDirectory",
"AssociateProfile",
"AttachCustomerManagedPolicyReferenceToPermissionSet",
"AttachManagedPolicyToPermissionSet",
"CreateAccountAssignment",
"CreateApplicationInstance",
"CreateApplicationInstanceCertificate",
"CreateInstanceAccessControlAttributeConfiguration",
"CreateManagedApplicationInstance",
"CreatePermissionSet",
"CreateProfile",
"CreateTrust",
"DeleteAccountAssignment",
"DeleteApplicationInstance",
"DeleteApplicationInstanceCertificate",
"DeleteInlinePolicyFromPermissionSet",
"DeleteInstanceAccessControlAttributeConfiguration",
"DeleteManagedApplicationInstance",
"DeletePermissionSet",
"DeletePermissionsBoundaryFromPermissionSet",
"DeletePermissionsPolicy",
"DeleteProfile",
"DescribeAccountAssignmentCreationStatus",
"DescribeAccountAssignmentDeletionStatus",
"DescribeDirectories",
"DescribeInstanceAccessControlAttributeConfiguration",
"DescribePermissionSet",
"DescribePermissionSetProvisioningStatus",
"DescribePermissionsPolicies",
"DescribeRegisteredRegions",
"DescribeTrusts",
"DetachCustomerManagedPolicyReferenceFromPermissionSet",
"DetachManagedPolicyFromPermissionSet",
"DisassociateDirectory",
"DisassociateProfile",
"GetApplicationInstance",
"GetApplicationTemplate",
"GetInlinePolicyForPermissionSet",
"GetManagedApplicationInstance",
"GetMfaDeviceManagementForDirectory",
"GetPermissionSet",
"GetPermissionsBoundaryForPermissionSet",
"GetPermissionsPolicy",
"GetProfile",
"GetSSOStatus",
"GetSharedSsoConfiguration",
"GetSsoConfiguration",
"GetTrust",
"ImportApplicationInstanceServiceProviderMetadata",
"ListAccountAssignmentCreationStatus",
"ListAccountAssignmentDeletionStatus",
"ListAccountAssignments",
"ListAccountsForProvisionedPermissionSet",
"ListApplicationInstanceCertificates",
"ListApplicationInstances",
"ListApplicationTemplates",
"ListApplications",
"ListCustomerManagedPolicyReferencesInPermissionSet",
"ListDirectoryAssociations",
"ListInstances",
"ListManagedPoliciesInPermissionSet",
"ListPermissionSetProvisioningStatus",
"ListPermissionSets",
"ListPermissionSetsProvisionedToAccount",
"ListProfileAssociations",
"ListProfiles",
"ListTagsForResource",
"ProvisionPermissionSet",
"PutApplicationAssignmentConfiguration",
"PutInlinePolicyToPermissionSet",
"PutMfaDeviceManagementForDirectory",
"PutPermissionsBoundaryToPermissionSet",
"PutPermissionsPolicy",
"SearchGroups",
"SearchUsers",
"StartSSO",
"TagResource",
"UntagResource",
"UpdateApplicationInstanceActiveCertificate",
"UpdateApplicationInstanceDisplayData",
"UpdateApplicationInstanceResponseConfiguration",
"UpdateApplicationInstanceResponseSchemaConfiguration",
"UpdateApplicationInstanceSecurityConfiguration",
"UpdateApplicationInstanceServiceProviderConfiguration",
"UpdateApplicationInstanceStatus",
"UpdateDirectoryAssociation",
"UpdateInstanceAccessControlAttributeConfiguration",
"UpdateManagedApplicationInstanceStatus",
"UpdatePermissionSet",
"UpdateProfile",
"UpdateSSOConfiguration",
"UpdateTrust"
],
"HasResource": true,
"StringPrefix": "sso",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS IAM Identity Center (successor to AWS Single Sign-On) directory": {
"ARNFormat": "arn:${Partition}:sso-directory:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:${Partition}:sso-directory:${Region}:.+",
"Actions": [
"AddMemberToGroup",
"CompleteVirtualMfaDeviceRegistration",
"CompleteWebAuthnDeviceRegistration",
"CreateAlias",
"CreateBearerToken",
"CreateExternalIdPConfigurationForDirectory",
"CreateGroup",
"CreateProvisioningTenant",
"CreateUser",
"DeleteBearerToken",
"DeleteExternalIdPCertificate",
"DeleteExternalIdPConfigurationForDirectory",
"DeleteGroup",
"DeleteMfaDeviceForUser",
"DeleteProvisioningTenant",
"DeleteUser",
"DescribeDirectory",
"DescribeGroup",
"DescribeGroups",
"DescribeProvisioningTenant",
"DescribeUser",
"DescribeUserByUniqueAttribute",
"DescribeUsers",
"DisableExternalIdPConfigurationForDirectory",
"DisableUser",
"EnableExternalIdPConfigurationForDirectory",
"EnableUser",
"GetAWSSPConfigurationForDirectory",
"GetUserPoolInfo",
"ImportExternalIdPCertificate",
"IsMemberInGroup",
"ListBearerTokens",
"ListExternalIdPCertificates",
"ListExternalIdPConfigurationsForDirectory",
"ListGroupsForMember",
"ListGroupsForUser",
"ListMembersInGroup",
"ListMfaDevicesForUser",
"ListProvisioningTenants",
"RemoveMemberFromGroup",
"SearchGroups",
"SearchUsers",
"StartVirtualMfaDeviceRegistration",
"StartWebAuthnDeviceRegistration",
"UpdateExternalIdPConfigurationForDirectory",
"UpdateGroup",
"UpdateGroupDisplayName",
"UpdateMfaDeviceForUser",
"UpdatePassword",
"UpdateUser",
"UpdateUserName",
"VerifyEmail"
],
"HasResource": false,
"StringPrefix": "sso-directory"
},
"AWS IQ": {
"ARNFormat": "arn:aws:iq:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:iq:.+",
"Actions": [
"AcceptCall",
"ApprovePaymentRequest",
"ApproveProposal",
"ArchiveConversation",
"CompleteProposal",
"CreateConversation",
"CreateExpert",
"CreateListing",
"CreateMilestoneProposal",
"CreatePaymentRequest",
"CreateProject",
"CreateRequest",
"CreateScheduledProposal",
"CreateSeller",
"CreateUpfrontProposal",
"DeclineCall",
"DeleteAttachment",
"EndCall",
"GetBuyer",
"GetCall",
"GetChatInfo",
"GetChatMessages",
"GetChatToken",
"GetCompanyProfile",
"GetConversation",
"GetExpert",
"GetListing",
"GetMarketplaceSeller",
"GetPaymentRequest",
"GetProposal",
"GetReview",
"HideRequest",
"InitiateCall",
"ListConversations",
"ListListings",
"ListPaymentRequests",
"ListProposals",
"ListRequests",
"ListReviews",
"MarkChatMessageRead",
"RejectPaymentRequest",
"RejectProposal",
"SendCompanyChatMessage",
"SendIndividualChatMessage",
"UnarchiveConversation",
"UpdateCompanyProfile",
"UpdateConversationMembers",
"UpdateExpert",
"UpdateListing",
"UpdateRequest",
"UploadAttachment",
"WithdrawPaymentRequest",
"WithdrawProposal",
"WriteReview"
],
"HasResource": true,
"StringPrefix": "iq"
},
"AWS IQ Permissions": {
"ARNFormat": "arn:aws:iq-permission:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:iq-permission:.+",
"Actions": [
"ApproveAccessGrant",
"ApprovePermissionRequest",
"CreatePermissionRequest",
"GetPermissionRequest",
"ListPermissionRequests",
"RejectPermissionRequest",
"RevokePermissionRequest",
"WithdrawPermissionRequest"
],
"HasResource": true,
"StringPrefix": "iq-permission"
},
"AWS Identity Store": {
"ARNFormat": "arn:aws:identitystore::${AwsAccountId}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:identitystore:.+",
"Actions": [
"CreateGroup",
"CreateGroupMembership",
"CreateUser",
"DeleteGroup",
"DeleteGroupMembership",
"DeleteUser",
"DescribeGroup",
"DescribeGroupMembership",
"DescribeUser",
"GetGroupId",
"GetGroupMembershipId",
"GetUserId",
"IsMemberInGroups",
"ListGroupMemberships",
"ListGroupMembershipsForMember",
"ListGroups",
"ListUsers",
"UpdateGroup",
"UpdateUser"
],
"HasResource": true,
"StringPrefix": "identitystore"
},
"AWS Identity Store Auth": {
"ARNFormat": "arn:${Partition}:identitystore-auth:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:${Partition}:identitystore-auth:${Region}:.+",
"Actions": [
"BatchDeleteSession",
"BatchGetSession",
"ListSessions"
],
"HasResource": false,
"StringPrefix": "identitystore-auth"
},
"AWS Identity Sync": {
"ARNFormat": "arn:aws:identity-sync:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:identity-sync:.+:.+:.+",
"Actions": [
"CreateSyncFilter",
"CreateSyncProfile",
"CreateSyncTarget",
"DeleteSyncFilter",
"DeleteSyncProfile",
"DeleteSyncTarget",
"GetSyncProfile",
"GetSyncTarget",
"ListSyncFilters",
"StartSync",
"StopSync",
"UpdateSyncTarget"
],
"HasResource": true,
"StringPrefix": "identity-sync"
},
"AWS Identity and Access Management": {
"ARNFormat": "arn:aws:iam::${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:iam::.+",
"Actions": [
"AddClientIDToOpenIDConnectProvider",
"AddRoleToInstanceProfile",
"AddUserToGroup",
"AttachGroupPolicy",
"AttachRolePolicy",
"AttachUserPolicy",
"ChangePassword",
"CreateAccessKey",
"CreateAccountAlias",
"CreateGroup",
"CreateInstanceProfile",
"CreateLoginProfile",
"CreateOpenIDConnectProvider",
"CreatePolicy",
"CreatePolicyVersion",
"CreateRole",
"CreateSAMLProvider",
"CreateServiceLinkedRole",
"CreateServiceSpecificCredential",
"CreateUser",
"CreateVirtualMFADevice",
"DeactivateMFADevice",
"DeleteAccessKey",
"DeleteAccountAlias",
"DeleteAccountPasswordPolicy",
"DeleteCloudFrontPublicKey",
"DeleteGroup",
"DeleteGroupPolicy",
"DeleteInstanceProfile",
"DeleteLoginProfile",
"DeleteOpenIDConnectProvider",
"DeletePolicy",
"DeletePolicyVersion",
"DeleteRole",
"DeleteRolePermissionsBoundary",
"DeleteRolePolicy",
"DeleteSAMLProvider",
"DeleteSSHPublicKey",
"DeleteServerCertificate",
"DeleteServiceLinkedRole",
"DeleteServiceSpecificCredential",
"DeleteSigningCertificate",
"DeleteUser",
"DeleteUserPermissionsBoundary",
"DeleteUserPolicy",
"DeleteVirtualMFADevice",
"DetachGroupPolicy",
"DetachRolePolicy",
"DetachUserPolicy",
"EnableMFADevice",
"GenerateCredentialReport",
"GenerateOrganizationsAccessReport",
"GenerateServiceLastAccessedDetails",
"GetAccessKeyLastUsed",
"GetAccountAuthorizationDetails",
"GetAccountEmailAddress",
"GetAccountName",
"GetAccountPasswordPolicy",
"GetAccountSummary",
"GetCloudFrontPublicKey",
"GetContextKeysForCustomPolicy",
"GetContextKeysForPrincipalPolicy",
"GetCredentialReport",
"GetGroup",
"GetGroupPolicy",
"GetInstanceProfile",
"GetLoginProfile",
"GetOpenIDConnectProvider",
"GetOrganizationsAccessReport",
"GetPolicy",
"GetPolicyVersion",
"GetRole",
"GetRolePolicy",
"GetSAMLProvider",
"GetSSHPublicKey",
"GetServerCertificate",
"GetServiceLastAccessedDetails",
"GetServiceLastAccessedDetailsWithEntities",
"GetServiceLinkedRoleDeletionStatus",
"GetUser",
"GetUserPolicy",
"ListAccessKeys",
"ListAccountAliases",
"ListAttachedGroupPolicies",
"ListAttachedRolePolicies",
"ListAttachedUserPolicies",
"ListCloudFrontPublicKeys",
"ListEntitiesForPolicy",
"ListGroupPolicies",
"ListGroups",
"ListGroupsForUser",
"ListInstanceProfileTags",
"ListInstanceProfiles",
"ListInstanceProfilesForRole",
"ListMFADeviceTags",
"ListMFADevices",
"ListOpenIDConnectProviderTags",
"ListOpenIDConnectProviders",
"ListPolicies",
"ListPoliciesGrantingServiceAccess",
"ListPolicyTags",
"ListPolicyVersions",
"ListRolePolicies",
"ListRoleTags",
"ListRoles",
"ListSAMLProviderTags",
"ListSAMLProviders",
"ListSSHPublicKeys",
"ListSTSRegionalEndpointsStatus",
"ListServerCertificateTags",
"ListServerCertificates",
"ListServiceSpecificCredentials",
"ListSigningCertificates",
"ListUserPolicies",
"ListUserTags",
"ListUsers",
"ListVirtualMFADevices",
"PassRole",
"PutGroupPolicy",
"PutRolePermissionsBoundary",
"PutRolePolicy",
"PutUserPermissionsBoundary",
"PutUserPolicy",
"RemoveClientIDFromOpenIDConnectProvider",
"RemoveRoleFromInstanceProfile",
"RemoveUserFromGroup",
"ResetServiceSpecificCredential",
"ResyncMFADevice",
"SetDefaultPolicyVersion",
"SetSTSRegionalEndpointStatus",
"SetSecurityTokenServicePreferences",
"SimulateCustomPolicy",
"SimulatePrincipalPolicy",
"TagInstanceProfile",
"TagMFADevice",
"TagOpenIDConnectProvider",
"TagPolicy",
"TagRole",
"TagSAMLProvider",
"TagServerCertificate",
"TagUser",
"UntagInstanceProfile",
"UntagMFADevice",
"UntagOpenIDConnectProvider",
"UntagPolicy",
"UntagRole",
"UntagSAMLProvider",
"UntagServerCertificate",
"UntagUser",
"UpdateAccessKey",
"UpdateAccountEmailAddress",
"UpdateAccountName",
"UpdateAccountPasswordPolicy",
"UpdateAssumeRolePolicy",
"UpdateCloudFrontPublicKey",
"UpdateGroup",
"UpdateLoginProfile",
"UpdateOpenIDConnectProviderThumbprint",
"UpdateRole",
"UpdateRoleDescription",
"UpdateSAMLProvider",
"UpdateSSHPublicKey",
"UpdateServerCertificate",
"UpdateServiceSpecificCredential",
"UpdateSigningCertificate",
"UpdateUser",
"UploadCloudFrontPublicKey",
"UploadSSHPublicKey",
"UploadServerCertificate",
"UploadSigningCertificate"
],
"HasResource": true,
"StringPrefix": "iam",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"iam:AWSServiceName",
"iam:AssociatedResourceArn",
"iam:OrganizationsPolicyId",
"iam:PassedToService",
"iam:PermissionsBoundary",
"iam:PolicyARN",
"iam:ResourceTag/${TagKey}"
]
},
"AWS Identity and Access Management Roles Anywhere": {
"ARNFormat": "arn:aws:rolesanywhere:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:rolesanywhere:.+:.+:.+",
"Actions": [
"CreateProfile",
"CreateTrustAnchor",
"DeleteCrl",
"DeleteProfile",
"DeleteTrustAnchor",
"DisableCrl",
"DisableProfile",
"DisableTrustAnchor",
"EnableCrl",
"EnableProfile",
"EnableTrustAnchor",
"GetCrl",
"GetProfile",
"GetSubject",
"GetTrustAnchor",
"ImportCrl",
"ListCrls",
"ListProfiles",
"ListSubjects",
"ListTagsForResource",
"ListTrustAnchors",
"TagResource",
"UntagResource",
"UpdateCrl",
"UpdateProfile",
"UpdateTrustAnchor"
],
"HasResource": true,
"StringPrefix": "rolesanywhere",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Import Export Disk Service": {
"Actions": [
"CancelJob",
"CreateJob",
"GetShippingLabel",
"GetStatus",
"ListJobs",
"UpdateJob"
],
"HasResource": false,
"StringPrefix": "importexport"
},
"AWS Invoicing Service": {
"Actions": [
"GetInvoiceEmailDeliveryPreferences",
"GetInvoicePDF",
"ListInvoiceSummaries",
"PutInvoiceEmailDeliveryPreferences"
],
"HasResource": false,
"StringPrefix": "invoicing"
},
"AWS IoT": {
"ARNFormat": "arn:aws:iot:${Region}:${Account}:${Type}/${Name}",
"ARNRegex": "^arn:aws:iot:.+:[0-9]+:.+",
"Actions": [
"AcceptCertificateTransfer",
"AddThingToBillingGroup",
"AddThingToThingGroup",
"AssociateTargetsWithJob",
"AttachPolicy",
"AttachPrincipalPolicy",
"AttachSecurityProfile",
"AttachThingPrincipal",
"CancelAuditMitigationActionsTask",
"CancelAuditTask",
"CancelCertificateTransfer",
"CancelDetectMitigationActionsTask",
"CancelJob",
"CancelJobExecution",
"ClearDefaultAuthorizer",
"CloseTunnel",
"ConfirmTopicRuleDestination",
"Connect",
"CreateAuditSuppression",
"CreateAuthorizer",
"CreateBillingGroup",
"CreateCertificateFromCsr",
"CreateCustomMetric",
"CreateDimension",
"CreateDomainConfiguration",
"CreateDynamicThingGroup",
"CreateFleetMetric",
"CreateJob",
"CreateJobTemplate",
"CreateKeysAndCertificate",
"CreateMitigationAction",
"CreateOTAUpdate",
"CreatePolicy",
"CreatePolicyVersion",
"CreateProvisioningClaim",
"CreateProvisioningTemplate",
"CreateProvisioningTemplateVersion",
"CreateRoleAlias",
"CreateScheduledAudit",
"CreateSecurityProfile",
"CreateStream",
"CreateThing",
"CreateThingGroup",
"CreateThingType",
"CreateTopicRule",
"CreateTopicRuleDestination",
"DeleteAccountAuditConfiguration",
"DeleteAuditSuppression",
"DeleteAuthorizer",
"DeleteBillingGroup",
"DeleteCACertificate",
"DeleteCertificate",
"DeleteCustomMetric",
"DeleteDimension",
"DeleteDomainConfiguration",
"DeleteDynamicThingGroup",
"DeleteFleetMetric",
"DeleteJob",
"DeleteJobExecution",
"DeleteJobTemplate",
"DeleteMitigationAction",
"DeleteOTAUpdate",
"DeletePolicy",
"DeletePolicyVersion",
"DeleteProvisioningTemplate",
"DeleteProvisioningTemplateVersion",
"DeleteRegistrationCode",
"DeleteRoleAlias",
"DeleteScheduledAudit",
"DeleteSecurityProfile",
"DeleteStream",
"DeleteThing",
"DeleteThingGroup",
"DeleteThingShadow",
"DeleteThingType",
"DeleteTopicRule",
"DeleteTopicRuleDestination",
"DeleteV2LoggingLevel",
"DeprecateThingType",
"DescribeAccountAuditConfiguration",
"DescribeAuditFinding",
"DescribeAuditMitigationActionsTask",
"DescribeAuditSuppression",
"DescribeAuditTask",
"DescribeAuthorizer",
"DescribeBillingGroup",
"DescribeCACertificate",
"DescribeCertificate",
"DescribeCustomMetric",
"DescribeDefaultAuthorizer",
"DescribeDetectMitigationActionsTask",
"DescribeDimension",
"DescribeDomainConfiguration",
"DescribeEndpoint",
"DescribeEventConfigurations",
"DescribeFleetMetric",
"DescribeIndex",
"DescribeJob",
"DescribeJobExecution",
"DescribeJobTemplate",
"DescribeManagedJobTemplate",
"DescribeMitigationAction",
"DescribeProvisioningTemplate",
"DescribeProvisioningTemplateVersion",
"DescribeRoleAlias",
"DescribeScheduledAudit",
"DescribeSecurityProfile",
"DescribeStream",
"DescribeThing",
"DescribeThingGroup",
"DescribeThingRegistrationTask",
"DescribeThingType",
"DescribeTunnel",
"DetachPolicy",
"DetachPrincipalPolicy",
"DetachSecurityProfile",
"DetachThingPrincipal",
"DisableTopicRule",
"EnableTopicRule",
"GetBehaviorModelTrainingSummaries",
"GetBucketsAggregation",
"GetCardinality",
"GetEffectivePolicies",
"GetIndexingConfiguration",
"GetJobDocument",
"GetLoggingOptions",
"GetOTAUpdate",
"GetPercentiles",
"GetPolicy",
"GetPolicyVersion",
"GetRegistrationCode",
"GetRetainedMessage",
"GetStatistics",
"GetThingShadow",
"GetTopicRule",
"GetTopicRuleDestination",
"GetV2LoggingOptions",
"ListActiveViolations",
"ListAttachedPolicies",
"ListAuditFindings",
"ListAuditMitigationActionsExecutions",
"ListAuditMitigationActionsTasks",
"ListAuditSuppressions",
"ListAuditTasks",
"ListAuthorizers",
"ListBillingGroups",
"ListCACertificates",
"ListCertificates",
"ListCertificatesByCA",
"ListCustomMetrics",
"ListDetectMitigationActionsExecutions",
"ListDetectMitigationActionsTasks",
"ListDimensions",
"ListDomainConfigurations",
"ListFleetMetrics",
"ListIndices",
"ListJobExecutionsForJob",
"ListJobExecutionsForThing",
"ListJobTemplates",
"ListJobs",
"ListManagedJobTemplates",
"ListMetricValues",
"ListMitigationActions",
"ListNamedShadowsForThing",
"ListOTAUpdates",
"ListOutgoingCertificates",
"ListPolicies",
"ListPolicyPrincipals",
"ListPolicyVersions",
"ListPrincipalPolicies",
"ListPrincipalThings",
"ListProvisioningTemplateVersions",
"ListProvisioningTemplates",
"ListRelatedResourcesForAuditFinding",
"ListRetainedMessages",
"ListRoleAliases",
"ListScheduledAudits",
"ListSecurityProfiles",
"ListSecurityProfilesForTarget",
"ListStreams",
"ListTagsForResource",
"ListTargetsForPolicy",
"ListTargetsForSecurityProfile",
"ListThingGroups",
"ListThingGroupsForThing",
"ListThingPrincipals",
"ListThingRegistrationTaskReports",
"ListThingRegistrationTasks",
"ListThingTypes",
"ListThings",
"ListThingsInBillingGroup",
"ListThingsInThingGroup",
"ListTopicRuleDestinations",
"ListTopicRules",
"ListTunnels",
"ListV2LoggingLevels",
"ListViolationEvents",
"OpenTunnel",
"Publish",
"PutVerificationStateOnViolation",
"Receive",
"RegisterCACertificate",
"RegisterCertificate",
"RegisterCertificateWithoutCA",
"RegisterThing",
"RejectCertificateTransfer",
"RemoveThingFromBillingGroup",
"RemoveThingFromThingGroup",
"ReplaceTopicRule",
"RetainPublish",
"RotateTunnelAccessToken",
"SearchIndex",
"SetDefaultAuthorizer",
"SetDefaultPolicyVersion",
"SetLoggingOptions",
"SetV2LoggingLevel",
"SetV2LoggingOptions",
"StartAuditMitigationActionsTask",
"StartDetectMitigationActionsTask",
"StartOnDemandAuditTask",
"StartThingRegistrationTask",
"StopThingRegistrationTask",
"Subscribe",
"TagResource",
"TestAuthorization",
"TestInvokeAuthorizer",
"TransferCertificate",
"UntagResource",
"UpdateAccountAuditConfiguration",
"UpdateAuditSuppression",
"UpdateAuthorizer",
"UpdateBillingGroup",
"UpdateCACertificate",
"UpdateCertificate",
"UpdateCustomMetric",
"UpdateDimension",
"UpdateDomainConfiguration",
"UpdateDynamicThingGroup",
"UpdateEventConfigurations",
"UpdateFleetMetric",
"UpdateIndexingConfiguration",
"UpdateJob",
"UpdateMitigationAction",
"UpdateProvisioningTemplate",
"UpdateRoleAlias",
"UpdateScheduledAudit",
"UpdateSecurityProfile",
"UpdateStream",
"UpdateThing",
"UpdateThingGroup",
"UpdateThingGroupsForThing",
"UpdateThingShadow",
"UpdateTopicRuleDestination",
"ValidateSecurityProfileBehaviors"
],
"HasResource": true,
"StringPrefix": "iot",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"iot:ClientMode",
"iot:Delete",
"iot:DomainName",
"iot:ThingGroupArn",
"iot:TunnelDestinationService"
]
},
"AWS IoT 1-Click": {
"ARNFormat": "arn:aws:iot1click:${Region}:${Account}:${Type}/${Name}",
"ARNRegex": "^arn:aws:iot1click:.+:[0-9]+:.+",
"Actions": [
"AssociateDeviceWithPlacement",
"ClaimDevicesByClaimCode",
"CreatePlacement",
"CreateProject",
"DeletePlacement",
"DeleteProject",
"DescribeDevice",
"DescribePlacement",
"DescribeProject",
"DisassociateDeviceFromPlacement",
"FinalizeDeviceClaim",
"GetDeviceMethods",
"GetDevicesInPlacement",
"InitiateDeviceClaim",
"InvokeDeviceMethod",
"ListDeviceEvents",
"ListDevices",
"ListPlacements",
"ListProjects",
"ListTagsForResource",
"TagResource",
"UnclaimDevice",
"UntagResource",
"UpdateDeviceState",
"UpdatePlacement",
"UpdateProject"
],
"HasResource": true,
"StringPrefix": "iot1click",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS IoT Analytics": {
"ARNFormat": "arn:aws:iotanalytics:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:iotanalytics:.+",
"Actions": [
"BatchPutMessage",
"CancelPipelineReprocessing",
"CreateChannel",
"CreateDataset",
"CreateDatasetContent",
"CreateDatastore",
"CreatePipeline",
"DeleteChannel",
"DeleteDataset",
"DeleteDatasetContent",
"DeleteDatastore",
"DeletePipeline",
"DescribeChannel",
"DescribeDataset",
"DescribeDatastore",
"DescribeLoggingOptions",
"DescribePipeline",
"GetDatasetContent",
"ListChannels",
"ListDatasetContents",
"ListDatasets",
"ListDatastores",
"ListPipelines",
"ListTagsForResource",
"PutLoggingOptions",
"RunPipelineActivity",
"SampleChannelData",
"StartPipelineReprocessing",
"TagResource",
"UntagResource",
"UpdateChannel",
"UpdateDataset",
"UpdateDatastore",
"UpdatePipeline"
],
"HasResource": true,
"StringPrefix": "iotanalytics",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"iotanalytics:ResourceTag/${TagKey}"
]
},
"AWS IoT Core Device Advisor": {
"ARNFormat": "arn:aws:iotdeviceadvisor:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:iotdeviceadvisor:.+",
"Actions": [
"CreateSuiteDefinition",
"DeleteSuiteDefinition",
"GetEndpoint",
"GetSuiteDefinition",
"GetSuiteRun",
"GetSuiteRunReport",
"ListSuiteDefinitions",
"ListSuiteRuns",
"ListTagsForResource",
"StartSuiteRun",
"StopSuiteRun",
"TagResource",
"UntagResource",
"UpdateSuiteDefinition"
],
"HasResource": true,
"StringPrefix": "iotdeviceadvisor",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS IoT Device Tester": {
"ARNFormat": "arn:${Partition}:iot-device-tester:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:.+:iot-device-tester:.+:.+:.+",
"Actions": [
"CheckVersion",
"DownloadTestSuite",
"LatestIdt",
"SendMetrics",
"SupportedVersion"
],
"HasResource": false,
"StringPrefix": "iot-device-tester"
},
"AWS IoT Events": {
"ARNFormat": "arn:aws:iotevents:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:iotevents:.+",
"Actions": [
"BatchAcknowledgeAlarm",
"BatchDeleteDetector",
"BatchDisableAlarm",
"BatchEnableAlarm",
"BatchPutMessage",
"BatchResetAlarm",
"BatchSnoozeAlarm",
"BatchUpdateDetector",
"CreateAlarmModel",
"CreateDetectorModel",
"CreateInput",
"DeleteAlarmModel",
"DeleteDetectorModel",
"DeleteInput",
"DescribeAlarm",
"DescribeAlarmModel",
"DescribeDetector",
"DescribeDetectorModel",
"DescribeDetectorModelAnalysis",
"DescribeInput",
"DescribeLoggingOptions",
"GetDetectorModelAnalysisResults",
"ListAlarmModelVersions",
"ListAlarmModels",
"ListAlarms",
"ListDetectorModelVersions",
"ListDetectorModels",
"ListDetectors",
"ListInputRoutings",
"ListInputs",
"ListTagsForResource",
"PutLoggingOptions",
"StartDetectorModelAnalysis",
"TagResource",
"UntagResource",
"UpdateAlarmModel",
"UpdateDetectorModel",
"UpdateInput",
"UpdateInputRouting"
],
"HasResource": true,
"StringPrefix": "iotevents",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"iotevents:keyValue"
]
},
"AWS IoT Fleet Hub for Device Management": {
"ARNFormat": "arn:aws:iotfleethub:${Region}:${AccountId}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:iotfleethub:.+:.+:.+",
"Actions": [
"CreateApplication",
"DeleteApplication",
"DescribeApplication",
"ListApplications",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateApplication"
],
"HasResource": true,
"StringPrefix": "iotfleethub",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS IoT FleetWise": {
"ARNFormat": "arn:aws:iotfleetwise:${Region}:${Account}:${Type}/${Name}",
"ARNRegex": "^arn:aws:iotfleetwise:.+:[0-9]+:.+",
"Actions": [
"AssociateVehicleFleet",
"BatchCreateVehicle",
"BatchUpdateVehicle",
"CreateCampaign",
"CreateDecoderManifest",
"CreateFleet",
"CreateModelManifest",
"CreateSignalCatalog",
"CreateVehicle",
"DeleteCampaign",
"DeleteDecoderManifest",
"DeleteFleet",
"DeleteModelManifest",
"DeleteSignalCatalog",
"DeleteVehicle",
"DisassociateVehicleFleet",
"GetCampaign",
"GetDecoderManifest",
"GetFleet",
"GetLoggingOptions",
"GetModelManifest",
"GetRegisterAccountStatus",
"GetSignalCatalog",
"GetVehicle",
"GetVehicleStatus",
"ImportDecoderManifest",
"ImportSignalCatalog",
"ListCampaigns",
"ListDecoderManifestNetworkInterfaces",
"ListDecoderManifestSignals",
"ListDecoderManifests",
"ListFleets",
"ListFleetsForVehicle",
"ListModelManifestNodes",
"ListModelManifests",
"ListSignalCatalogNodes",
"ListSignalCatalogs",
"ListTagsForResource",
"ListVehicles",
"ListVehiclesInFleet",
"PutLoggingOptions",
"RegisterAccount",
"TagResource",
"UntagResource",
"UpdateCampaign",
"UpdateDecoderManifest",
"UpdateFleet",
"UpdateModelManifest",
"UpdateSignalCatalog",
"UpdateVehicle"
],
"HasResource": true,
"StringPrefix": "iotfleetwise",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"iotfleetwise:UpdateToDecoderManifestArn",
"iotfleetwise:UpdateToModelManifestArn"
]
},
"AWS IoT Greengrass": {
"ARNFormat": "arn:aws:greengrass:${Region}:${Account}:/greengrass/${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:greengrass:.+:[0-9]+:.+",
"Actions": [
"AssociateRoleToGroup",
"AssociateServiceRoleToAccount",
"CreateConnectorDefinition",
"CreateConnectorDefinitionVersion",
"CreateCoreDefinition",
"CreateCoreDefinitionVersion",
"CreateDeployment",
"CreateDeviceDefinition",
"CreateDeviceDefinitionVersion",
"CreateFunctionDefinition",
"CreateFunctionDefinitionVersion",
"CreateGroup",
"CreateGroupCertificateAuthority",
"CreateGroupVersion",
"CreateLoggerDefinition",
"CreateLoggerDefinitionVersion",
"CreateResourceDefinition",
"CreateResourceDefinitionVersion",
"CreateSoftwareUpdateJob",
"CreateSubscriptionDefinition",
"CreateSubscriptionDefinitionVersion",
"DeleteConnectorDefinition",
"DeleteCoreDefinition",
"DeleteDeviceDefinition",
"DeleteFunctionDefinition",
"DeleteGroup",
"DeleteLoggerDefinition",
"DeleteResourceDefinition",
"DeleteSubscriptionDefinition",
"DisassociateRoleFromGroup",
"DisassociateServiceRoleFromAccount",
"Discover",
"GetAssociatedRole",
"GetBulkDeploymentStatus",
"GetConnectivityInfo",
"GetConnectorDefinition",
"GetConnectorDefinitionVersion",
"GetCoreDefinition",
"GetCoreDefinitionVersion",
"GetDeploymentStatus",
"GetDeviceDefinition",
"GetDeviceDefinitionVersion",
"GetFunctionDefinition",
"GetFunctionDefinitionVersion",
"GetGroup",
"GetGroupCertificateAuthority",
"GetGroupCertificateConfiguration",
"GetGroupVersion",
"GetLoggerDefinition",
"GetLoggerDefinitionVersion",
"GetResourceDefinition",
"GetResourceDefinitionVersion",
"GetServiceRoleForAccount",
"GetSubscriptionDefinition",
"GetSubscriptionDefinitionVersion",
"GetThingRuntimeConfiguration",
"ListBulkDeploymentDetailedReports",
"ListBulkDeployments",
"ListConnectorDefinitionVersions",
"ListConnectorDefinitions",
"ListCoreDefinitionVersions",
"ListCoreDefinitions",
"ListDeployments",
"ListDeviceDefinitionVersions",
"ListDeviceDefinitions",
"ListFunctionDefinitionVersions",
"ListFunctionDefinitions",
"ListGroupCertificateAuthorities",
"ListGroupVersions",
"ListGroups",
"ListLoggerDefinitionVersions",
"ListLoggerDefinitions",
"ListResourceDefinitionVersions",
"ListResourceDefinitions",
"ListSubscriptionDefinitionVersions",
"ListSubscriptionDefinitions",
"ListTagsForResource",
"ResetDeployments",
"StartBulkDeployment",
"StopBulkDeployment",
"TagResource",
"UntagResource",
"UpdateConnectivityInfo",
"UpdateConnectorDefinition",
"UpdateCoreDefinition",
"UpdateDeviceDefinition",
"UpdateFunctionDefinition",
"UpdateGroup",
"UpdateGroupCertificateConfiguration",
"UpdateLoggerDefinition",
"UpdateResourceDefinition",
"UpdateSubscriptionDefinition",
"UpdateThingRuntimeConfiguration"
],
"HasResource": true,
"StringPrefix": "greengrass",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS IoT Greengrass V2": {
"ARNFormat": "arn:aws:greengrass:${Region}:${Account}:${ResourceType}:${ResourcePath}",
"ARNRegex": "^arn:aws:greengrass:.+",
"Actions": [
"AssociateServiceRoleToAccount",
"BatchAssociateClientDeviceWithCoreDevice",
"BatchDisassociateClientDeviceFromCoreDevice",
"CancelDeployment",
"CreateComponentVersion",
"CreateDeployment",
"DeleteComponent",
"DeleteCoreDevice",
"DeleteDeployment",
"DescribeComponent",
"DisassociateServiceRoleFromAccount",
"GetComponent",
"GetComponentVersionArtifact",
"GetConnectivityInfo",
"GetCoreDevice",
"GetDeployment",
"GetServiceRoleForAccount",
"ListClientDevicesAssociatedWithCoreDevice",
"ListComponentVersions",
"ListComponents",
"ListCoreDevices",
"ListDeployments",
"ListEffectiveDeployments",
"ListInstalledComponents",
"ListTagsForResource",
"ResolveComponentCandidates",
"TagResource",
"UntagResource",
"UpdateConnectivityInfo"
],
"HasResource": true,
"StringPrefix": "greengrass",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS IoT Jobs DataPlane": {
"ARNFormat": "arn:aws:iot:${Region}:${Account}:${Type}/${Name}",
"ARNRegex": "^arn:aws:iot:.+:[0-9]+:.+",
"Actions": [
"DescribeJobExecution",
"GetPendingJobExecutions",
"StartNextPendingJobExecution",
"UpdateJobExecution"
],
"HasResource": true,
"StringPrefix": "iotjobsdata",
"conditionKeys": [
"iot:JobId"
]
},
"AWS IoT RoboRunner": {
"ARNFormat": "arn:aws:iotroborunner:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:iotroborunner:.+:.+:.+",
"Actions": [
"CreateDestination",
"CreateSite",
"CreateWorker",
"CreateWorkerFleet",
"DeleteDestination",
"DeleteSite",
"DeleteWorker",
"DeleteWorkerFleet",
"GetDestination",
"GetSite",
"GetWorker",
"GetWorkerFleet",
"ListDestinations",
"ListSites",
"ListWorkerFleets",
"ListWorkers",
"UpdateDestination",
"UpdateSite",
"UpdateWorker",
"UpdateWorkerFleet"
],
"HasResource": true,
"StringPrefix": "iotroborunner",
"conditionKeys": [
"iotroborunner:DestinationResourceId",
"iotroborunner:SiteResourceId",
"iotroborunner:WorkerFleetResourceId",
"iotroborunner:WorkerResourceId"
]
},
"AWS IoT SiteWise": {
"ARNFormat": "arn:aws:iotsitewise:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:iotsitewise:.+:.+:.+",
"Actions": [
"AssociateAssets",
"AssociateTimeSeriesToAssetProperty",
"BatchAssociateProjectAssets",
"BatchDisassociateProjectAssets",
"BatchGetAssetPropertyAggregates",
"BatchGetAssetPropertyValue",
"BatchGetAssetPropertyValueHistory",
"BatchPutAssetPropertyValue",
"CreateAccessPolicy",
"CreateAsset",
"CreateAssetModel",
"CreateBulkImportJob",
"CreateDashboard",
"CreateGateway",
"CreatePortal",
"CreateProject",
"DeleteAccessPolicy",
"DeleteAsset",
"DeleteAssetModel",
"DeleteDashboard",
"DeleteGateway",
"DeletePortal",
"DeleteProject",
"DeleteTimeSeries",
"DescribeAccessPolicy",
"DescribeAsset",
"DescribeAssetModel",
"DescribeAssetProperty",
"DescribeBulkImportJob",
"DescribeDashboard",
"DescribeDefaultEncryptionConfiguration",
"DescribeGateway",
"DescribeGatewayCapabilityConfiguration",
"DescribeLoggingOptions",
"DescribePortal",
"DescribeProject",
"DescribeStorageConfiguration",
"DescribeTimeSeries",
"DisassociateAssets",
"DisassociateTimeSeriesFromAssetProperty",
"GetAssetPropertyAggregates",
"GetAssetPropertyValue",
"GetAssetPropertyValueHistory",
"GetInterpolatedAssetPropertyValues",
"ListAccessPolicies",
"ListAssetModelProperties",
"ListAssetModels",
"ListAssetProperties",
"ListAssetRelationships",
"ListAssets",
"ListAssociatedAssets",
"ListBulkImportJobs",
"ListDashboards",
"ListGateways",
"ListPortals",
"ListProjectAssets",
"ListProjects",
"ListTagsForResource",
"ListTimeSeries",
"PutDefaultEncryptionConfiguration",
"PutLoggingOptions",
"PutStorageConfiguration",
"TagResource",
"UntagResource",
"UpdateAccessPolicy",
"UpdateAsset",
"UpdateAssetModel",
"UpdateAssetModelPropertyRouting",
"UpdateAssetProperty",
"UpdateDashboard",
"UpdateGateway",
"UpdateGatewayCapabilityConfiguration",
"UpdatePortal",
"UpdateProject"
],
"HasResource": true,
"StringPrefix": "iotsitewise",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"iotsitewise:assetHierarchyPath",
"iotsitewise:childAssetId",
"iotsitewise:group",
"iotsitewise:iam",
"iotsitewise:isAssociatedWithAssetProperty",
"iotsitewise:portal",
"iotsitewise:project",
"iotsitewise:propertyAlias",
"iotsitewise:propertyId",
"iotsitewise:user"
]
},
"AWS IoT TwinMaker": {
"ARNFormat": "arn:aws:iottwinmaker:${Region}:${Account}:${ResourceType}/${ResourceTypeId}",
"ARNRegex": "^arn:aws:iottwinmaker:.+:.+:.+",
"Actions": [
"BatchPutPropertyValues",
"CreateComponentType",
"CreateEntity",
"CreateScene",
"CreateSyncJob",
"CreateWorkspace",
"DeleteComponentType",
"DeleteEntity",
"DeleteScene",
"DeleteSyncJob",
"DeleteWorkspace",
"ExecuteQuery",
"GetComponentType",
"GetEntity",
"GetPricingPlan",
"GetPropertyValue",
"GetPropertyValueHistory",
"GetScene",
"GetSyncJob",
"GetWorkspace",
"ListComponentTypes",
"ListEntities",
"ListScenes",
"ListSyncJobs",
"ListSyncResources",
"ListTagsForResource",
"ListWorkspaces",
"TagResource",
"UntagResource",
"UpdateComponentType",
"UpdateEntity",
"UpdatePricingPlan",
"UpdateScene",
"UpdateWorkspace"
],
"HasResource": true,
"StringPrefix": "iottwinmaker",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS IoT Wireless": {
"ARNFormat": "arn:aws:iotwireless:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:iotwireless:.+",
"Actions": [
"AssociateAwsAccountWithPartnerAccount",
"AssociateMulticastGroupWithFuotaTask",
"AssociateWirelessDeviceWithFuotaTask",
"AssociateWirelessDeviceWithMulticastGroup",
"AssociateWirelessDeviceWithThing",
"AssociateWirelessGatewayWithCertificate",
"AssociateWirelessGatewayWithThing",
"CancelMulticastGroupSession",
"CreateDestination",
"CreateDeviceProfile",
"CreateFuotaTask",
"CreateMulticastGroup",
"CreateNetworkAnalyzerConfiguration",
"CreateServiceProfile",
"CreateWirelessDevice",
"CreateWirelessGateway",
"CreateWirelessGatewayTask",
"CreateWirelessGatewayTaskDefinition",
"DeleteDestination",
"DeleteDeviceProfile",
"DeleteFuotaTask",
"DeleteMulticastGroup",
"DeleteNetworkAnalyzerConfiguration",
"DeleteQueuedMessages",
"DeleteServiceProfile",
"DeleteWirelessDevice",
"DeleteWirelessDeviceImportTask",
"DeleteWirelessGateway",
"DeleteWirelessGatewayTask",
"DeleteWirelessGatewayTaskDefinition",
"DeregisterWirelessDevice",
"DisassociateAwsAccountFromPartnerAccount",
"DisassociateMulticastGroupFromFuotaTask",
"DisassociateWirelessDeviceFromFuotaTask",
"DisassociateWirelessDeviceFromMulticastGroup",
"DisassociateWirelessDeviceFromThing",
"DisassociateWirelessGatewayFromCertificate",
"DisassociateWirelessGatewayFromThing",
"GetDestination",
"GetDeviceProfile",
"GetEventConfigurationByResourceTypes",
"GetFuotaTask",
"GetLogLevelsByResourceTypes",
"GetMulticastGroup",
"GetMulticastGroupSession",
"GetNetworkAnalyzerConfiguration",
"GetPartnerAccount",
"GetPosition",
"GetPositionConfiguration",
"GetPositionEstimate",
"GetResourceEventConfiguration",
"GetResourceLogLevel",
"GetResourcePosition",
"GetServiceEndpoint",
"GetServiceProfile",
"GetWirelessDevice",
"GetWirelessDeviceImportTask",
"GetWirelessDeviceStatistics",
"GetWirelessGateway",
"GetWirelessGatewayCertificate",
"GetWirelessGatewayFirmwareInformation",
"GetWirelessGatewayStatistics",
"GetWirelessGatewayTask",
"GetWirelessGatewayTaskDefinition",
"ListDestinations",
"ListDeviceProfiles",
"ListDevicesForWirelessDeviceImportTask",
"ListEventConfigurations",
"ListFuotaTasks",
"ListMulticastGroups",
"ListMulticastGroupsByFuotaTask",
"ListNetworkAnalyzerConfigurations",
"ListPartnerAccounts",
"ListPositionConfigurations",
"ListQueuedMessages",
"ListServiceProfiles",
"ListTagsForResource",
"ListWirelessDeviceImportTasks",
"ListWirelessDevices",
"ListWirelessGatewayTaskDefinitions",
"ListWirelessGateways",
"PutPositionConfiguration",
"PutResourceLogLevel",
"ResetAllResourceLogLevels",
"ResetResourceLogLevel",
"SendDataToMulticastGroup",
"SendDataToWirelessDevice",
"StartBulkAssociateWirelessDeviceWithMulticastGroup",
"StartBulkDisassociateWirelessDeviceFromMulticastGroup",
"StartFuotaTask",
"StartMulticastGroupSession",
"StartNetworkAnalyzerStream",
"StartSingleWirelessDeviceImportTask",
"StartWirelessDeviceImportTask",
"TagResource",
"TestWirelessDevice",
"UntagResource",
"UpdateDestination",
"UpdateEventConfigurationByResourceTypes",
"UpdateFuotaTask",
"UpdateLogLevelsByResourceTypes",
"UpdateMulticastGroup",
"UpdateNetworkAnalyzerConfiguration",
"UpdatePartnerAccount",
"UpdatePosition",
"UpdateResourceEventConfiguration",
"UpdateResourcePosition",
"UpdateWirelessDevice",
"UpdateWirelessDeviceImportTask",
"UpdateWirelessGateway"
],
"HasResource": true,
"StringPrefix": "iotwireless",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Key Management Service": {
"ARNFormat": "arn:aws:kms:${Region}:${Account}:${ResourceType}/${Id}",
"ARNRegex": "^arn:aws:kms:.+",
"Actions": [
"CancelKeyDeletion",
"ConnectCustomKeyStore",
"CreateAlias",
"CreateCustomKeyStore",
"CreateGrant",
"CreateKey",
"Decrypt",
"DeleteAlias",
"DeleteCustomKeyStore",
"DeleteImportedKeyMaterial",
"DescribeCustomKeyStores",
"DescribeKey",
"DisableKey",
"DisableKeyRotation",
"DisconnectCustomKeyStore",
"EnableKey",
"EnableKeyRotation",
"Encrypt",
"GenerateDataKey",
"GenerateDataKeyPair",
"GenerateDataKeyPairWithoutPlaintext",
"GenerateDataKeyWithoutPlaintext",
"GenerateMac",
"GenerateRandom",
"GetKeyPolicy",
"GetKeyRotationStatus",
"GetParametersForImport",
"GetPublicKey",
"ImportKeyMaterial",
"ListAliases",
"ListGrants",
"ListKeyPolicies",
"ListKeys",
"ListResourceTags",
"ListRetirableGrants",
"PutKeyPolicy",
"ReEncryptFrom",
"ReEncryptTo",
"ReplicateKey",
"RetireGrant",
"RevokeGrant",
"ScheduleKeyDeletion",
"Sign",
"SynchronizeMultiRegionKey",
"TagResource",
"UntagResource",
"UpdateAlias",
"UpdateCustomKeyStore",
"UpdateKeyDescription",
"UpdatePrimaryRegion",
"Verify",
"VerifyMac"
],
"HasResource": true,
"StringPrefix": "kms",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"kms:BypassPolicyLockoutSafetyCheck",
"kms:CallerAccount",
"kms:CustomerMasterKeySpec",
"kms:CustomerMasterKeyUsage",
"kms:DataKeyPairSpec",
"kms:EncryptionAlgorithm",
"kms:EncryptionContext:${EncryptionContextKey}",
"kms:EncryptionContextKeys",
"kms:ExpirationModel",
"kms:GrantConstraintType",
"kms:GrantIsForAWSResource",
"kms:GrantOperations",
"kms:GranteePrincipal",
"kms:KeyOrigin",
"kms:KeySpec",
"kms:KeyUsage",
"kms:MacAlgorithm",
"kms:MessageType",
"kms:MultiRegion",
"kms:MultiRegionKeyType",
"kms:PrimaryRegion",
"kms:ReEncryptOnSameKey",
"kms:RecipientAttestation:ImageSha384",
"kms:RecipientAttestation:PCR",
"kms:ReplicaRegion",
"kms:RequestAlias",
"kms:ResourceAliases",
"kms:RetiringPrincipal",
"kms:SigningAlgorithm",
"kms:ValidTo",
"kms:ViaService",
"kms:WrappingAlgorithm",
"kms:WrappingKeySpec"
]
},
"AWS Lake Formation": {
"ARNFormat": "arn:${Partition}:lakeformation:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:lakeformation:.+:.+",
"Actions": [
"AddLFTagsToResource",
"BatchGrantPermissions",
"BatchRevokePermissions",
"CancelTransaction",
"CommitTransaction",
"CreateDataCellsFilter",
"CreateLFTag",
"DeleteDataCellsFilter",
"DeleteLFTag",
"DeleteObjectsOnCancel",
"DeregisterResource",
"DescribeResource",
"DescribeTransaction",
"ExtendTransaction",
"GetDataAccess",
"GetDataCellsFilter",
"GetDataLakeSettings",
"GetEffectivePermissionsForPath",
"GetLFTag",
"GetQueryState",
"GetQueryStatistics",
"GetResourceLFTags",
"GetTableObjects",
"GetWorkUnitResults",
"GetWorkUnits",
"GrantPermissions",
"ListDataCellsFilter",
"ListLFTags",
"ListPermissions",
"ListResources",
"ListTableStorageOptimizers",
"ListTransactions",
"PutDataLakeSettings",
"RegisterResource",
"RemoveLFTagsFromResource",
"RevokePermissions",
"SearchDatabasesByLFTags",
"SearchTablesByLFTags",
"StartQueryPlanning",
"StartTransaction",
"UpdateDataCellsFilter",
"UpdateLFTag",
"UpdateResource",
"UpdateTableObjects",
"UpdateTableStorageOptimizer"
],
"HasResource": false,
"StringPrefix": "lakeformation"
},
"AWS Lambda": {
"ARNFormat": "arn:aws:lambda:${Region}:${Account}:${ResourceType}:${ResourceId}",
"ARNRegex": "^arn:aws:lambda:.+",
"Actions": [
"AddLayerVersionPermission",
"AddPermission",
"CreateAlias",
"CreateCodeSigningConfig",
"CreateEventSourceMapping",
"CreateFunction",
"CreateFunctionUrlConfig",
"DeleteAlias",
"DeleteCodeSigningConfig",
"DeleteEventSourceMapping",
"DeleteFunction",
"DeleteFunctionCodeSigningConfig",
"DeleteFunctionConcurrency",
"DeleteFunctionEventInvokeConfig",
"DeleteFunctionUrlConfig",
"DeleteLayerVersion",
"DeleteProvisionedConcurrencyConfig",
"DisableReplication",
"EnableReplication",
"GetAccountSettings",
"GetAlias",
"GetCodeSigningConfig",
"GetEventSourceMapping",
"GetFunction",
"GetFunctionCodeSigningConfig",
"GetFunctionConcurrency",
"GetFunctionConfiguration",
"GetFunctionEventInvokeConfig",
"GetFunctionUrlConfig",
"GetLayerVersion",
"GetLayerVersionPolicy",
"GetPolicy",
"GetProvisionedConcurrencyConfig",
"GetRuntimeManagementConfig",
"InvokeAsync",
"InvokeFunction",
"InvokeFunctionUrl",
"ListAliases",
"ListCodeSigningConfigs",
"ListEventSourceMappings",
"ListFunctionEventInvokeConfigs",
"ListFunctionUrlConfigs",
"ListFunctions",
"ListFunctionsByCodeSigningConfig",
"ListLayerVersions",
"ListLayers",
"ListProvisionedConcurrencyConfigs",
"ListTags",
"ListVersionsByFunction",
"PublishLayerVersion",
"PublishVersion",
"PutFunctionCodeSigningConfig",
"PutFunctionConcurrency",
"PutFunctionEventInvokeConfig",
"PutProvisionedConcurrencyConfig",
"PutRuntimeManagementConfig",
"RemoveLayerVersionPermission",
"RemovePermission",
"TagResource",
"UntagResource",
"UpdateAlias",
"UpdateCodeSigningConfig",
"UpdateEventSourceMapping",
"UpdateFunctionCode",
"UpdateFunctionCodeSigningConfig",
"UpdateFunctionConfiguration",
"UpdateFunctionEventInvokeConfig",
"UpdateFunctionUrlConfig"
],
"HasResource": true,
"StringPrefix": "lambda",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"lambda:CodeSigningConfigArn",
"lambda:FunctionArn",
"lambda:FunctionUrlAuthType",
"lambda:Layer",
"lambda:Principal",
"lambda:SecurityGroupIds",
"lambda:SourceFunctionArn",
"lambda:SubnetIds",
"lambda:VpcIds"
]
},
"AWS Launch Wizard": {
"ARNRegex": "^arn:aws:launchwizard:.+:.+:.+",
"Actions": [
"CreateAdditionalNode",
"CreateSettingsSet",
"DeleteAdditionalNode",
"DeleteApp",
"DeleteSettingsSet",
"DescribeAdditionalNode",
"DescribeProvisionedApp",
"DescribeProvisioningEvents",
"DescribeSettingsSet",
"GetInfrastructureSuggestion",
"GetIpAddress",
"GetResourceCostEstimate",
"GetWorkloadAssets",
"ListAdditionalNodes",
"ListProvisionedApps",
"ListSettingsSets",
"ListWorkloadDeploymentOptions",
"ListWorkloads",
"StartProvisioning",
"UpdateSettingsSet"
],
"HasResource": false,
"StringPrefix": "launchwizard"
},
"AWS License Manager": {
"ARNFormat": "arn:aws:license-manager:${Region}:${Account}:${ResourceType}:${ResourceId}",
"ARNRegex": "^arn:aws:license-manager:.+:.+:.+",
"Actions": [
"AcceptGrant",
"CheckInLicense",
"CheckoutBorrowLicense",
"CheckoutLicense",
"CreateGrant",
"CreateGrantVersion",
"CreateLicense",
"CreateLicenseConfiguration",
"CreateLicenseConversionTaskForResource",
"CreateLicenseManagerReportGenerator",
"CreateLicenseVersion",
"CreateToken",
"DeleteGrant",
"DeleteLicense",
"DeleteLicenseConfiguration",
"DeleteLicenseManagerReportGenerator",
"DeleteToken",
"ExtendLicenseConsumption",
"GetAccessToken",
"GetGrant",
"GetLicense",
"GetLicenseConfiguration",
"GetLicenseConversionTask",
"GetLicenseManagerReportGenerator",
"GetLicenseUsage",
"GetServiceSettings",
"ListAssociationsForLicenseConfiguration",
"ListDistributedGrants",
"ListFailuresForLicenseConfigurationOperations",
"ListLicenseConfigurations",
"ListLicenseConversionTasks",
"ListLicenseManagerReportGenerators",
"ListLicenseSpecificationsForResource",
"ListLicenseVersions",
"ListLicenses",
"ListReceivedGrants",
"ListReceivedGrantsForOrganization",
"ListReceivedLicenses",
"ListReceivedLicensesForOrganization",
"ListResourceInventory",
"ListTagsForResource",
"ListTokens",
"ListUsageForLicenseConfiguration",
"RejectGrant",
"TagResource",
"UntagResource",
"UpdateLicenseConfiguration",
"UpdateLicenseManagerReportGenerator",
"UpdateLicenseSpecificationsForResource",
"UpdateServiceSettings"
],
"HasResource": true,
"StringPrefix": "license-manager",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"license-manager:ResourceTag/${TagKey}"
]
},
"AWS License Manager Linux Subscriptions Manager": {
"Actions": [
"GetServiceSettings",
"ListLinuxSubscriptionInstances",
"ListLinuxSubscriptions",
"UpdateServiceSettings"
],
"HasResource": false,
"StringPrefix": "license-manager-linux-subscriptions"
},
"AWS License Manager User Subscriptions": {
"Actions": [
"AssociateUser",
"DeregisterIdentityProvider",
"DisassociateUser",
"ListIdentityProviders",
"ListInstances",
"ListProductSubscriptions",
"ListUserAssociations",
"RegisterIdentityProvider",
"StartProductSubscription",
"StopProductSubscription",
"UpdateIdentityProviderSettings"
],
"HasResource": false,
"StringPrefix": "license-manager-user-subscriptions"
},
"AWS Mainframe Modernization Service": {
"ARNFormat": "arn:aws:m2:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:m2:${Region}:${Account}:.+",
"Actions": [
"CancelBatchJobExecution",
"CreateApplication",
"CreateDataSetImportTask",
"CreateDeployment",
"CreateEnvironment",
"DeleteApplication",
"DeleteApplicationFromEnvironment",
"DeleteEnvironment",
"GetApplication",
"GetApplicationVersion",
"GetBatchJobExecution",
"GetDataSetDetails",
"GetDataSetImportTask",
"GetDeployment",
"GetEnvironment",
"ListApplicationVersions",
"ListApplications",
"ListBatchJobDefinitions",
"ListBatchJobExecutions",
"ListDataSetImportHistory",
"ListDataSets",
"ListDeployments",
"ListEngineVersions",
"ListEnvironments",
"ListTagsForResource",
"StartApplication",
"StartBatchJob",
"StopApplication",
"TagResource",
"UntagResource",
"UpdateApplication",
"UpdateEnvironment"
],
"HasResource": true,
"StringPrefix": "m2",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Marketplace": {
"Actions": [
"AcceptAgreementApprovalRequest",
"AcceptAgreementRequest",
"CancelAgreement",
"CancelAgreementRequest",
"CreateAgreementRequest",
"DescribeAgreement",
"GetAgreementApprovalRequest",
"GetAgreementRequest",
"GetAgreementTerms",
"ListAgreementApprovalRequests",
"ListAgreementRequests",
"ListEntitlementDetails",
"RejectAgreementApprovalRequest",
"SearchAgreements",
"Subscribe",
"Unsubscribe",
"UpdateAgreementApprovalRequest",
"ViewSubscriptions"
],
"HasResource": false,
"StringPrefix": "aws-marketplace",
"conditionKeys": [
"aws-marketplace:AgreementType",
"aws-marketplace:PartyType",
"aws-marketplace:ProductId"
]
},
"AWS Marketplace Catalog": {
"ARNFormat": "arn:aws:aws-marketplace:${Region}:${Account}:${Catalog}/${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:aws-marketplace:.+",
"Actions": [
"CancelChangeSet",
"CompleteTask",
"DeleteResourcePolicy",
"DescribeChangeSet",
"DescribeEntity",
"DescribeTask",
"GetResourcePolicy",
"ListChangeSets",
"ListEntities",
"ListTagsForResource",
"ListTasks",
"PutResourcePolicy",
"StartChangeSet",
"TagResource",
"UntagResource",
"UpdateTask"
],
"HasResource": true,
"StringPrefix": "aws-marketplace",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"catalog:ChangeType"
]
},
"AWS Marketplace Commerce Analytics Service": {
"Actions": [
"GenerateDataSet",
"StartSupportDataExport"
],
"HasResource": false,
"StringPrefix": "marketplacecommerceanalytics"
},
"AWS Marketplace Discovery": {
"Actions": [
"ListPrivateListings"
],
"HasResource": false,
"StringPrefix": "aws-marketplace"
},
"AWS Marketplace Entitlement Service": {
"Actions": [
"GetEntitlements"
],
"HasResource": false,
"StringPrefix": "aws-marketplace"
},
"AWS Marketplace Image Building Service": {
"Actions": [
"DescribeBuilds",
"ListBuilds",
"StartBuild"
],
"HasResource": false,
"StringPrefix": "aws-marketplace"
},
"AWS Marketplace Management Portal": {
"Actions": [
"uploadFiles",
"viewMarketing",
"viewReports",
"viewSettings",
"viewSupport"
],
"HasResource": false,
"StringPrefix": "aws-marketplace-management"
},
"AWS Marketplace Metering Service": {
"Actions": [
"BatchMeterUsage",
"MeterUsage",
"RegisterUsage",
"ResolveCustomer"
],
"HasResource": false,
"StringPrefix": "aws-marketplace"
},
"AWS Marketplace Private Marketplace": {
"Actions": [
"AssociateProductsWithPrivateMarketplace",
"CreatePrivateMarketplaceRequests",
"DescribePrivateMarketplaceRequests",
"DisassociateProductsFromPrivateMarketplace",
"ListPrivateMarketplaceRequests"
],
"HasResource": false,
"StringPrefix": "aws-marketplace"
},
"AWS Marketplace Procurement Systems Integration": {
"Actions": [
"DescribeProcurementSystemConfiguration",
"PutProcurementSystemConfiguration"
],
"HasResource": false,
"StringPrefix": "aws-marketplace"
},
"AWS Marketplace Seller Reporting": {
"ARNFormat": "arn:aws:aws-marketplace::${Account}:${Catalog}/${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:aws-marketplace:.+",
"Actions": [
"GetSellerDashboard"
],
"HasResource": true,
"StringPrefix": "aws-marketplace"
},
"AWS Marketplace Vendor Insights": {
"ARNFormat": "arn:aws:vendor-insights:::${ResourceType}:${ResourceId}",
"ARNRegex": "^arn:aws:vendor-insights:.+",
"Actions": [
"ActivateSecurityProfile",
"AssociateDataSource",
"CreateDataSource",
"CreateSecurityProfile",
"DeactivateSecurityProfile",
"DeleteDataSource",
"DisassociateDataSource",
"GetDataSource",
"GetEntitledSecurityProfileSnapshot",
"GetProfileAccessTerms",
"GetSecurityProfile",
"GetSecurityProfileSnapshot",
"ListDataSources",
"ListEntitledSecurityProfileSnapshots",
"ListEntitledSecurityProfiles",
"ListSecurityProfileSnapshots",
"ListSecurityProfiles",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateSecurityProfile",
"UpdateSecurityProfileSnapshotCreationConfiguration",
"UpdateSecurityProfileSnapshotReleaseConfiguration"
],
"HasResource": true,
"StringPrefix": "vendor-insights",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Microservice Extractor for .NET": {
"ARNFormat": "arn:${Partition}:serviceextract:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:serviceextract:.+:.+:.+",
"Actions": [
"GetConfig"
],
"HasResource": false,
"StringPrefix": "serviceextract"
},
"AWS Migration Hub": {
"ARNFormat": "arn:aws:mgh:<region>:<namespace>:<relative-id>",
"ARNRegex": "^arn:aws:mgh:[a-z0-9-]+:[0-9]{12}:.+",
"Actions": [
"AssociateCreatedArtifact",
"AssociateDiscoveredResource",
"CreateHomeRegionControl",
"CreateProgressUpdateStream",
"DeleteProgressUpdateStream",
"DescribeApplicationState",
"DescribeHomeRegionControls",
"DescribeMigrationTask",
"DisassociateCreatedArtifact",
"DisassociateDiscoveredResource",
"GetHomeRegion",
"ImportMigrationTask",
"ListApplicationStates",
"ListCreatedArtifacts",
"ListDiscoveredResources",
"ListMigrationTasks",
"ListProgressUpdateStreams",
"NotifyApplicationState",
"NotifyMigrationTaskState",
"PutResourceAttributes"
],
"HasResource": true,
"StringPrefix": "mgh"
},
"AWS Migration Hub Orchestrator": {
"ARNFormat": "arn:aws:migrationhub-orchestrator:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:migrationhub-orchestrator:.+:.+:.+",
"Actions": [
"CreateWorkflow",
"CreateWorkflowStep",
"CreateWorkflowStepGroup",
"DeleteWorkflow",
"DeleteWorkflowStep",
"DeleteWorkflowStepGroup",
"GetMessage",
"GetTemplate",
"GetTemplateStep",
"GetTemplateStepGroup",
"GetWorkflow",
"GetWorkflowStep",
"GetWorkflowStepGroup",
"ListPlugins",
"ListTagsForResource",
"ListTemplateStepGroups",
"ListTemplateSteps",
"ListTemplates",
"ListWorkflowStepGroups",
"ListWorkflowSteps",
"ListWorkflows",
"RegisterPlugin",
"RetryWorkflowStep",
"SendMessage",
"StartWorkflow",
"StopWorkflow",
"TagResource",
"UntagResource",
"UpdateWorkflow",
"UpdateWorkflowStep",
"UpdateWorkflowStepGroup"
],
"HasResource": true,
"StringPrefix": "migrationhub-orchestrator",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Migration Hub Refactor Spaces": {
"ARNFormat": "arn:aws:refactor-spaces:${Region}:${Account}:${ResourceType}/${RelativeId}",
"ARNRegex": "^arn:aws:refactor-spaces:.+",
"Actions": [
"CreateApplication",
"CreateEnvironment",
"CreateRoute",
"CreateService",
"DeleteApplication",
"DeleteEnvironment",
"DeleteResourcePolicy",
"DeleteRoute",
"DeleteService",
"GetApplication",
"GetEnvironment",
"GetResourcePolicy",
"GetRoute",
"GetService",
"ListApplications",
"ListEnvironmentVpcs",
"ListEnvironments",
"ListRoutes",
"ListServices",
"ListTagsForResource",
"PutResourcePolicy",
"TagResource",
"UntagResource",
"UpdateRoute"
],
"HasResource": true,
"StringPrefix": "refactor-spaces",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"refactor-spaces:ApplicationCreatedByAccount",
"refactor-spaces:CreatedByAccountIds",
"refactor-spaces:RouteCreatedByAccount",
"refactor-spaces:ServiceCreatedByAccount",
"refactor-spaces:SourcePath"
]
},
"AWS Migration Hub Strategy Recommendations": {
"ARNFormat": "arn:${Partition}:iam:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:${Partition}:${ServiceName}:.+:.+:.+",
"Actions": [
"GetAntiPattern",
"GetApplicationComponentDetails",
"GetApplicationComponentStrategies",
"GetAssessment",
"GetImportFileTask",
"GetLatestAssessmentId",
"GetMessage",
"GetPortfolioPreferences",
"GetPortfolioSummary",
"GetRecommendationReportDetails",
"GetServerDetails",
"GetServerStrategies",
"ListAntiPatterns",
"ListApplicationComponents",
"ListCollectors",
"ListImportFileTask",
"ListJarArtifacts",
"ListServers",
"PutPortfolioPreferences",
"RegisterCollector",
"SendMessage",
"StartAssessment",
"StartImportFileTask",
"StartRecommendationReportGeneration",
"StopAssessment",
"UpdateApplicationComponentConfig",
"UpdateCollectorConfiguration",
"UpdateServerConfig"
],
"HasResource": false,
"StringPrefix": "migrationhub-strategy"
},
"AWS Mobile Hub": {
"ARNFormat": "arn:aws:mobilehub:<region>:<aws_account_ID>:project/<project_ID>",
"ARNRegex": "^arn:aws:mobilehub:.+:[0-9]+:.+",
"Actions": [
"CreateProject",
"CreateServiceRole",
"DeleteProject",
"DeleteProjectSnapshot",
"DeployToStage",
"DescribeBundle",
"ExportBundle",
"ExportProject",
"GenerateProjectParameters",
"GetProject",
"GetProjectSnapshot",
"ImportProject",
"InstallBundle",
"ListAvailableConnectors",
"ListAvailableFeatures",
"ListAvailableRegions",
"ListBundles",
"ListProjectSnapshots",
"ListProjects",
"SynchronizeProject",
"UpdateProject",
"ValidateProject",
"VerifyServiceRole"
],
"HasResource": true,
"StringPrefix": "mobilehub"
},
"AWS Network Firewall": {
"ARNFormat": "arn:aws:network-firewall:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:network-firewall:.+:.+:.+",
"Actions": [
"AssociateFirewallPolicy",
"AssociateSubnets",
"CreateFirewall",
"CreateFirewallPolicy",
"CreateRuleGroup",
"CreateTLSInspectionConfiguration",
"DeleteFirewall",
"DeleteFirewallPolicy",
"DeleteResourcePolicy",
"DeleteRuleGroup",
"DeleteTLSInspectionConfiguration",
"DescribeFirewall",
"DescribeFirewallPolicy",
"DescribeLoggingConfiguration",
"DescribeResourcePolicy",
"DescribeRuleGroup",
"DescribeRuleGroupMetadata",
"DescribeTLSInspectionConfiguration",
"DisassociateSubnets",
"ListFirewallPolicies",
"ListFirewalls",
"ListRuleGroups",
"ListTLSInspectionConfigurations",
"ListTagsForResource",
"PutResourcePolicy",
"TagResource",
"UntagResource",
"UpdateFirewallDeleteProtection",
"UpdateFirewallDescription",
"UpdateFirewallEncryptionConfiguration",
"UpdateFirewallPolicy",
"UpdateFirewallPolicyChangeProtection",
"UpdateLoggingConfiguration",
"UpdateRuleGroup",
"UpdateSubnetChangeProtection",
"UpdateTLSInspectionConfiguration"
],
"HasResource": true,
"StringPrefix": "network-firewall",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Network Manager": {
"ARNFormat": "arn:aws:networkmanager::${AccountId}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:networkmanager::.+:.+",
"Actions": [
"AcceptAttachment",
"AssociateConnectPeer",
"AssociateCustomerGateway",
"AssociateLink",
"AssociateTransitGatewayConnectPeer",
"CreateConnectAttachment",
"CreateConnectPeer",
"CreateConnection",
"CreateCoreNetwork",
"CreateDevice",
"CreateGlobalNetwork",
"CreateLink",
"CreateSite",
"CreateSiteToSiteVpnAttachment",
"CreateTransitGatewayPeering",
"CreateTransitGatewayRouteTableAttachment",
"CreateVpcAttachment",
"DeleteAttachment",
"DeleteConnectPeer",
"DeleteConnection",
"DeleteCoreNetwork",
"DeleteCoreNetworkPolicyVersion",
"DeleteDevice",
"DeleteGlobalNetwork",
"DeleteLink",
"DeletePeering",
"DeleteResourcePolicy",
"DeleteSite",
"DeregisterTransitGateway",
"DescribeGlobalNetworks",
"DisassociateConnectPeer",
"DisassociateCustomerGateway",
"DisassociateLink",
"DisassociateTransitGatewayConnectPeer",
"ExecuteCoreNetworkChangeSet",
"GetConnectAttachment",
"GetConnectPeer",
"GetConnectPeerAssociations",
"GetConnections",
"GetCoreNetwork",
"GetCoreNetworkChangeEvents",
"GetCoreNetworkChangeSet",
"GetCoreNetworkPolicy",
"GetCustomerGatewayAssociations",
"GetDevices",
"GetLinkAssociations",
"GetLinks",
"GetNetworkResourceCounts",
"GetNetworkResourceRelationships",
"GetNetworkResources",
"GetNetworkRoutes",
"GetNetworkTelemetry",
"GetResourcePolicy",
"GetRouteAnalysis",
"GetSiteToSiteVpnAttachment",
"GetSites",
"GetTransitGatewayConnectPeerAssociations",
"GetTransitGatewayPeering",
"GetTransitGatewayRegistrations",
"GetTransitGatewayRouteTableAttachment",
"GetVpcAttachment",
"ListAttachments",
"ListConnectPeers",
"ListCoreNetworkPolicyVersions",
"ListCoreNetworks",
"ListOrganizationServiceAccessStatus",
"ListPeerings",
"ListTagsForResource",
"PutCoreNetworkPolicy",
"PutResourcePolicy",
"RegisterTransitGateway",
"RejectAttachment",
"RestoreCoreNetworkPolicyVersion",
"StartOrganizationServiceAccessUpdate",
"StartRouteAnalysis",
"TagResource",
"UntagResource",
"UpdateConnection",
"UpdateCoreNetwork",
"UpdateDevice",
"UpdateGlobalNetwork",
"UpdateLink",
"UpdateNetworkResourceMetadata",
"UpdateSite",
"UpdateVpcAttachment"
],
"HasResource": true,
"StringPrefix": "networkmanager",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"networkmanager:cgwArn",
"networkmanager:subnetArns",
"networkmanager:tgwArn",
"networkmanager:tgwConnectPeerArn",
"networkmanager:tgwRtbArn",
"networkmanager:vpcArn",
"networkmanager:vpnConnectionArn"
]
},
"AWS OpsWorks": {
"ARNFormat": "arn:aws:${ServiceName}:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:opsworks:.+",
"Actions": [
"AssignInstance",
"AssignVolume",
"AssociateElasticIp",
"AttachElasticLoadBalancer",
"CloneStack",
"CreateApp",
"CreateDeployment",
"CreateInstance",
"CreateLayer",
"CreateStack",
"CreateUserProfile",
"DeleteApp",
"DeleteInstance",
"DeleteLayer",
"DeleteStack",
"DeleteUserProfile",
"DeregisterEcsCluster",
"DeregisterElasticIp",
"DeregisterInstance",
"DeregisterRdsDbInstance",
"DeregisterVolume",
"DescribeAgentVersions",
"DescribeApps",
"DescribeCommands",
"DescribeDeployments",
"DescribeEcsClusters",
"DescribeElasticIps",
"DescribeElasticLoadBalancers",
"DescribeInstances",
"DescribeLayers",
"DescribeLoadBasedAutoScaling",
"DescribeMyUserProfile",
"DescribeOperatingSystems",
"DescribePermissions",
"DescribeRaidArrays",
"DescribeRdsDbInstances",
"DescribeServiceErrors",
"DescribeStackProvisioningParameters",
"DescribeStackSummary",
"DescribeStacks",
"DescribeTimeBasedAutoScaling",
"DescribeUserProfiles",
"DescribeVolumes",
"DetachElasticLoadBalancer",
"DisassociateElasticIp",
"GetHostnameSuggestion",
"GrantAccess",
"ListTags",
"RebootInstance",
"RegisterEcsCluster",
"RegisterElasticIp",
"RegisterInstance",
"RegisterRdsDbInstance",
"RegisterVolume",
"SetLoadBasedAutoScaling",
"SetPermission",
"SetTimeBasedAutoScaling",
"StartInstance",
"StartStack",
"StopInstance",
"StopStack",
"TagResource",
"UnassignInstance",
"UnassignVolume",
"UntagResource",
"UpdateApp",
"UpdateElasticIp",
"UpdateInstance",
"UpdateLayer",
"UpdateMyUserProfile",
"UpdateRdsDbInstance",
"UpdateStack",
"UpdateUserProfile",
"UpdateVolume"
],
"HasResource": true,
"StringPrefix": "opsworks"
},
"AWS OpsWorks Configuration Management": {
"ARNFormat": "arn:aws:opsworks-cm:<region>:<account>:<resourceType>/<id>",
"ARNRegex": "^arn:aws:opsworks-cm:.+:[0-9]+:.+",
"Actions": [
"AssociateNode",
"CreateBackup",
"CreateServer",
"DeleteBackup",
"DeleteServer",
"DescribeAccountAttributes",
"DescribeBackups",
"DescribeEvents",
"DescribeNodeAssociationStatus",
"DescribeServers",
"DisassociateNode",
"ExportServerEngineAttribute",
"ListTagsForResource",
"RestoreServer",
"StartMaintenance",
"TagResource",
"UntagResource",
"UpdateServer",
"UpdateServerEngineAttributes"
],
"HasResource": true,
"StringPrefix": "opsworks-cm"
},
"AWS Organizations": {
"ARNFormat": "arn:aws:organizations::${Account}:${Resource}/o-${OrganizationId}(/${ResourceType}/${ResourceId})?",
"ARNRegex": "^arn:aws:organizations::.+:.+",
"Actions": [
"AcceptHandshake",
"AttachPolicy",
"CancelHandshake",
"CloseAccount",
"CreateAccount",
"CreateGovCloudAccount",
"CreateOrganization",
"CreateOrganizationalUnit",
"CreatePolicy",
"DeclineHandshake",
"DeleteOrganization",
"DeleteOrganizationalUnit",
"DeletePolicy",
"DeleteResourcePolicy",
"DeregisterDelegatedAdministrator",
"DescribeAccount",
"DescribeCreateAccountStatus",
"DescribeEffectivePolicy",
"DescribeHandshake",
"DescribeOrganization",
"DescribeOrganizationalUnit",
"DescribePolicy",
"DescribeResourcePolicy",
"DetachPolicy",
"DisableAWSServiceAccess",
"DisablePolicyType",
"EnableAWSServiceAccess",
"EnableAllFeatures",
"EnablePolicyType",
"InviteAccountToOrganization",
"LeaveOrganization",
"ListAWSServiceAccessForOrganization",
"ListAccounts",
"ListAccountsForParent",
"ListChildren",
"ListCreateAccountStatus",
"ListDelegatedAdministrators",
"ListDelegatedServicesForAccount",
"ListHandshakesForAccount",
"ListHandshakesForOrganization",
"ListOrganizationalUnitsForParent",
"ListParents",
"ListPolicies",
"ListPoliciesForTarget",
"ListRoots",
"ListTagsForResource",
"ListTargetsForPolicy",
"MoveAccount",
"PutResourcePolicy",
"RegisterDelegatedAdministrator",
"RemoveAccountFromOrganization",
"TagResource",
"UntagResource",
"UpdateOrganizationalUnit",
"UpdatePolicy"
],
"HasResource": true,
"StringPrefix": "organizations",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"organizations:PolicyType",
"organizations:ServicePrincipal"
]
},
"AWS Outposts": {
"ARNFormat": "arn:aws:outposts:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:outposts:.+:.+:.+",
"Actions": [
"CancelOrder",
"CreateOrder",
"CreateOutpost",
"CreatePrivateConnectivityConfig",
"CreateSite",
"DeleteOutpost",
"DeleteSite",
"GetCatalogItem",
"GetConnection",
"GetOrder",
"GetOutpost",
"GetOutpostInstanceTypes",
"GetPrivateConnectivityConfig",
"GetSite",
"GetSiteAddress",
"ListAssets",
"ListCatalogItems",
"ListOrders",
"ListOutposts",
"ListSites",
"ListTagsForResource",
"StartConnection",
"TagResource",
"UntagResource",
"UpdateOutpost",
"UpdateSite",
"UpdateSiteAddress",
"UpdateSiteRackPhysicalProperties"
],
"HasResource": true,
"StringPrefix": "outposts"
},
"AWS Panorama": {
"ARNFormat": "arn:aws:panorama:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:panorama:.+:.+:.+",
"Actions": [
"CreateApplicationInstance",
"CreateJobForDevices",
"CreateNodeFromTemplateJob",
"CreatePackage",
"CreatePackageImportJob",
"DeleteDevice",
"DeletePackage",
"DeregisterPackageVersion",
"DescribeApplicationInstance",
"DescribeApplicationInstanceDetails",
"DescribeDevice",
"DescribeDeviceJob",
"DescribeNode",
"DescribeNodeFromTemplateJob",
"DescribePackage",
"DescribePackageImportJob",
"DescribePackageVersion",
"DescribeSoftware",
"GetWebSocketURL",
"ListApplicationInstanceDependencies",
"ListApplicationInstanceNodeInstances",
"ListApplicationInstances",
"ListDevices",
"ListDevicesJobs",
"ListNodeFromTemplateJobs",
"ListNodes",
"ListPackageImportJobs",
"ListPackages",
"ListTagsForResource",
"ProvisionDevice",
"RegisterPackageVersion",
"RemoveApplicationInstance",
"SignalApplicationInstanceNodeInstances",
"TagResource",
"UntagResource",
"UpdateDeviceMetadata"
],
"HasResource": true,
"StringPrefix": "panorama",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Payments": {
"Actions": [
"CreatePaymentInstrument",
"DeletePaymentInstrument",
"GetPaymentInstrument",
"GetPaymentStatus",
"ListPaymentPreferences",
"MakePayment",
"UpdatePaymentPreferences"
],
"HasResource": false,
"StringPrefix": "payments"
},
"AWS Performance Insights": {
"ARNFormat": "arn:aws:pi:${Region}:${Account}:${ResourceType}/${RelativeId}",
"ARNRegex": "^arn:aws:pi:.+",
"Actions": [
"DescribeDimensionKeys",
"GetDimensionKeyDetails",
"GetResourceMetadata",
"GetResourceMetrics",
"ListAvailableResourceDimensions",
"ListAvailableResourceMetrics"
],
"HasResource": true,
"StringPrefix": "pi"
},
"AWS Price List": {
"Actions": [
"DescribeServices",
"GetAttributeValues",
"GetPriceListFileUrl",
"GetProducts",
"ListPriceLists"
],
"HasResource": false,
"StringPrefix": "pricing"
},
"AWS Private Certificate Authority": {
"ARNFormat": "arn:aws:acm-pca:${Region}:${Account}:${ARNType}/${ResourceId}",
"ARNRegex": "^arn:aws:acm-pca:.+:[0-9]+:.+",
"Actions": [
"CreateCertificateAuthority",
"CreateCertificateAuthorityAuditReport",
"CreatePermission",
"DeleteCertificateAuthority",
"DeletePermission",
"DeletePolicy",
"DescribeCertificateAuthority",
"DescribeCertificateAuthorityAuditReport",
"GetCertificate",
"GetCertificateAuthorityCertificate",
"GetCertificateAuthorityCsr",
"GetPolicy",
"ImportCertificateAuthorityCertificate",
"IssueCertificate",
"ListCertificateAuthorities",
"ListPermissions",
"ListTags",
"PutPolicy",
"RestoreCertificateAuthority",
"RevokeCertificate",
"TagCertificateAuthority",
"UntagCertificateAuthority",
"UpdateCertificateAuthority"
],
"HasResource": true,
"StringPrefix": "acm-pca",
"conditionKeys": [
"acm-pca:TemplateArn",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Proton": {
"ARNFormat": "arn:aws:proton:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:proton:.+:.+:.+",
"Actions": [
"AcceptEnvironmentAccountConnection",
"CancelComponentDeployment",
"CancelEnvironmentDeployment",
"CancelServiceInstanceDeployment",
"CancelServicePipelineDeployment",
"CreateComponent",
"CreateEnvironment",
"CreateEnvironmentAccountConnection",
"CreateEnvironmentTemplate",
"CreateEnvironmentTemplateMajorVersion",
"CreateEnvironmentTemplateMinorVersion",
"CreateEnvironmentTemplateVersion",
"CreateRepository",
"CreateService",
"CreateServiceInstance",
"CreateServiceSyncConfig",
"CreateServiceTemplate",
"CreateServiceTemplateMajorVersion",
"CreateServiceTemplateMinorVersion",
"CreateServiceTemplateVersion",
"CreateTemplateSyncConfig",
"DeleteAccountRoles",
"DeleteComponent",
"DeleteEnvironment",
"DeleteEnvironmentAccountConnection",
"DeleteEnvironmentTemplate",
"DeleteEnvironmentTemplateMajorVersion",
"DeleteEnvironmentTemplateMinorVersion",
"DeleteEnvironmentTemplateVersion",
"DeleteRepository",
"DeleteService",
"DeleteServiceSyncConfig",
"DeleteServiceTemplate",
"DeleteServiceTemplateMajorVersion",
"DeleteServiceTemplateMinorVersion",
"DeleteServiceTemplateVersion",
"DeleteTemplateSyncConfig",
"GetAccountRoles",
"GetAccountSettings",
"GetComponent",
"GetEnvironment",
"GetEnvironmentAccountConnection",
"GetEnvironmentTemplate",
"GetEnvironmentTemplateMajorVersion",
"GetEnvironmentTemplateMinorVersion",
"GetEnvironmentTemplateVersion",
"GetRepository",
"GetRepositorySyncStatus",
"GetResourceTemplateVersionStatusCounts",
"GetResourcesSummary",
"GetService",
"GetServiceInstance",
"GetServiceInstanceSyncStatus",
"GetServiceSyncBlockerSummary",
"GetServiceSyncConfig",
"GetServiceTemplate",
"GetServiceTemplateMajorVersion",
"GetServiceTemplateMinorVersion",
"GetServiceTemplateVersion",
"GetTemplateSyncConfig",
"GetTemplateSyncStatus",
"ListComponentOutputs",
"ListComponentProvisionedResources",
"ListComponents",
"ListEnvironmentAccountConnections",
"ListEnvironmentOutputs",
"ListEnvironmentProvisionedResources",
"ListEnvironmentTemplateMajorVersions",
"ListEnvironmentTemplateMinorVersions",
"ListEnvironmentTemplateVersions",
"ListEnvironmentTemplates",
"ListEnvironments",
"ListRepositories",
"ListRepositorySyncDefinitions",
"ListServiceInstanceOutputs",
"ListServiceInstanceProvisionedResources",
"ListServiceInstances",
"ListServicePipelineOutputs",
"ListServicePipelineProvisionedResources",
"ListServiceTemplateMajorVersions",
"ListServiceTemplateMinorVersions",
"ListServiceTemplateVersions",
"ListServiceTemplates",
"ListServices",
"ListTagsForResource",
"NotifyResourceDeploymentStatusChange",
"RejectEnvironmentAccountConnection",
"TagResource",
"UntagResource",
"UpdateAccountRoles",
"UpdateAccountSettings",
"UpdateComponent",
"UpdateEnvironment",
"UpdateEnvironmentAccountConnection",
"UpdateEnvironmentTemplate",
"UpdateEnvironmentTemplateMajorVersion",
"UpdateEnvironmentTemplateMinorVersion",
"UpdateEnvironmentTemplateVersion",
"UpdateService",
"UpdateServiceInstance",
"UpdateServicePipeline",
"UpdateServiceSyncBlocker",
"UpdateServiceSyncConfig",
"UpdateServiceTemplate",
"UpdateServiceTemplateMajorVersion",
"UpdateServiceTemplateMinorVersion",
"UpdateServiceTemplateVersion",
"UpdateTemplateSyncConfig"
],
"HasResource": true,
"StringPrefix": "proton",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"proton:EnvironmentTemplate",
"proton:ServiceTemplate"
]
},
"AWS Purchase Orders Console": {
"ARNFormat": "arn:${Partition}:purchase-orders::${Account}:${ResourceType}:${ResourceName}",
"ARNRegex": "^arn:${Partition}:purchase-orders::.+:.+:.+",
"Actions": [
"AddPurchaseOrder",
"DeletePurchaseOrder",
"GetConsoleActionSetEnforced",
"GetPurchaseOrder",
"ListPurchaseOrderInvoices",
"ListPurchaseOrders",
"ModifyPurchaseOrders",
"UpdateConsoleActionSetEnforced",
"UpdatePurchaseOrder",
"UpdatePurchaseOrderStatus",
"ViewPurchaseOrders"
],
"HasResource": false,
"StringPrefix": "purchase-orders"
},
"AWS Recycle Bin": {
"ARNFormat": "arn:aws:rbin:${Region}:${Account}:rule/${ResourceName}",
"ARNRegex": "^arn:aws:rbin:.+:.+:.+",
"Actions": [
"CreateRule",
"DeleteRule",
"GetRule",
"ListRules",
"ListTagsForResource",
"LockRule",
"TagResource",
"UnlockRule",
"UntagResource",
"UpdateRule"
],
"HasResource": true,
"StringPrefix": "rbin",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"rbin:Attribute/ResourceType",
"rbin:Request/ResourceType"
]
},
"AWS Resilience Hub Service": {
"ARNFormat": "arn:aws:resiliencehub:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:resiliencehub:.+",
"Actions": [
"AddDraftAppVersionResourceMappings",
"CreateApp",
"CreateAppVersionAppComponent",
"CreateAppVersionResource",
"CreateRecommendationTemplate",
"CreateResiliencyPolicy",
"DeleteApp",
"DeleteAppAssessment",
"DeleteAppInputSource",
"DeleteAppVersionAppComponent",
"DeleteAppVersionResource",
"DeleteRecommendationTemplate",
"DeleteResiliencyPolicy",
"DescribeApp",
"DescribeAppAssessment",
"DescribeAppVersion",
"DescribeAppVersionAppComponent",
"DescribeAppVersionResource",
"DescribeAppVersionResourcesResolutionStatus",
"DescribeAppVersionTemplate",
"DescribeDraftAppVersionResourcesImportStatus",
"DescribeResiliencyPolicy",
"ImportResourcesToDraftAppVersion",
"ListAlarmRecommendations",
"ListAppAssessments",
"ListAppComponentCompliances",
"ListAppComponentRecommendations",
"ListAppInputSources",
"ListAppVersionAppComponents",
"ListAppVersionResourceMappings",
"ListAppVersionResources",
"ListAppVersions",
"ListApps",
"ListRecommendationTemplates",
"ListResiliencyPolicies",
"ListSopRecommendations",
"ListSuggestedResiliencyPolicies",
"ListTagsForResource",
"ListTestRecommendations",
"ListUnsupportedAppVersionResources",
"PublishAppVersion",
"PutDraftAppVersionTemplate",
"RemoveDraftAppVersionResourceMappings",
"ResolveAppVersionResources",
"StartAppAssessment",
"TagResource",
"UntagResource",
"UpdateApp",
"UpdateAppVersion",
"UpdateAppVersionAppComponent",
"UpdateAppVersionResource",
"UpdateResiliencyPolicy"
],
"HasResource": true,
"StringPrefix": "resiliencehub",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Resource Access Manager (RAM)": {
"ARNFormat": "arn:aws:ram:${Region}:${Account}:resource-share/${ResourceUUID}",
"ARNRegex": "^arn:aws:ram:.+:.+:.+",
"Actions": [
"AcceptResourceShareInvitation",
"AssociateResourceShare",
"AssociateResourceSharePermission",
"CreatePermission",
"CreatePermissionVersion",
"CreateResourceShare",
"DeletePermission",
"DeletePermissionVersion",
"DeleteResourceShare",
"DisassociateResourceShare",
"DisassociateResourceSharePermission",
"EnableSharingWithAwsOrganization",
"GetPermission",
"GetResourcePolicies",
"GetResourceShareAssociations",
"GetResourceShareInvitations",
"GetResourceShares",
"ListPendingInvitationResources",
"ListPermissionAssociations",
"ListPermissionVersions",
"ListPermissions",
"ListPrincipals",
"ListReplacePermissionAssociationsWork",
"ListResourceSharePermissions",
"ListResourceTypes",
"ListResources",
"PromotePermissionCreatedFromPolicy",
"PromoteResourceShareCreatedFromPolicy",
"RejectResourceShareInvitation",
"ReplacePermissionAssociations",
"SetDefaultPermissionVersion",
"TagResource",
"UntagResource",
"UpdateResourceShare"
],
"HasResource": true,
"StringPrefix": "ram",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"ram:AllowsExternalPrincipals",
"ram:PermissionArn",
"ram:PermissionResourceType",
"ram:Principal",
"ram:RequestedAllowsExternalPrincipals",
"ram:RequestedResourceType",
"ram:ResourceArn",
"ram:ResourceShareName",
"ram:ResourceTag/${TagKey}",
"ram:ShareOwnerAccountId"
]
},
"AWS Resource Explorer": {
"ARNFormat": "arn:aws:resource-explorer-2:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}",
"ARNRegex": "^arn:aws:resource-explorer-2:.+:.+:.+",
"Actions": [
"AssociateDefaultView",
"BatchGetView",
"CreateIndex",
"CreateView",
"DeleteIndex",
"DeleteView",
"DisassociateDefaultView",
"GetDefaultView",
"GetIndex",
"GetView",
"ListIndexes",
"ListSupportedResourceTypes",
"ListTagsForResource",
"ListViews",
"Search",
"TagResource",
"UntagResource",
"UpdateIndexType",
"UpdateView"
],
"HasResource": true,
"StringPrefix": "resource-explorer-2",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Resource Groups": {
"ARNFormat": "arn:aws:resource-groups:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:resource-groups:.+",
"Actions": [
"CreateGroup",
"DeleteGroup",
"GetAccountSettings",
"GetGroup",
"GetGroupConfiguration",
"GetGroupQuery",
"GetTags",
"GroupResources",
"ListGroupResources",
"ListGroups",
"PutGroupConfiguration",
"PutGroupPolicy",
"SearchResources",
"Tag",
"UngroupResources",
"Untag",
"UpdateAccountSettings",
"UpdateGroup",
"UpdateGroupQuery"
],
"HasResource": true,
"StringPrefix": "resource-groups",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS RoboMaker": {
"ARNFormat": "arn:aws:robomaker:${Region}:${AccountId}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:robomaker:.+:.+:.+",
"Actions": [
"BatchDeleteWorlds",
"BatchDescribeSimulationJob",
"CancelDeploymentJob",
"CancelSimulationJob",
"CancelSimulationJobBatch",
"CancelWorldExportJob",
"CancelWorldGenerationJob",
"CreateDeploymentJob",
"CreateFleet",
"CreateRobot",
"CreateRobotApplication",
"CreateRobotApplicationVersion",
"CreateSimulationApplication",
"CreateSimulationApplicationVersion",
"CreateSimulationJob",
"CreateWorldExportJob",
"CreateWorldGenerationJob",
"CreateWorldTemplate",
"DeleteFleet",
"DeleteRobot",
"DeleteRobotApplication",
"DeleteSimulationApplication",
"DeleteWorldTemplate",
"DeregisterRobot",
"DescribeDeploymentJob",
"DescribeFleet",
"DescribeRobot",
"DescribeRobotApplication",
"DescribeSimulationApplication",
"DescribeSimulationJob",
"DescribeSimulationJobBatch",
"DescribeWorld",
"DescribeWorldExportJob",
"DescribeWorldGenerationJob",
"DescribeWorldTemplate",
"GetWorldTemplateBody",
"ListDeploymentJobs",
"ListFleets",
"ListRobotApplications",
"ListRobots",
"ListSimulationApplications",
"ListSimulationJobBatches",
"ListSimulationJobs",
"ListSupportedAvailabilityZones",
"ListTagsForResource",
"ListWorldExportJobs",
"ListWorldGenerationJobs",
"ListWorldTemplates",
"ListWorlds",
"RegisterRobot",
"RestartSimulationJob",
"StartSimulationJobBatch",
"SyncDeploymentJob",
"TagResource",
"UntagResource",
"UpdateRobotApplication",
"UpdateRobotDeployment",
"UpdateSimulationApplication",
"UpdateWorldTemplate"
],
"HasResource": true,
"StringPrefix": "robomaker",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS SQL Workbench": {
"ARNFormat": "arn:aws:sqlworkbench:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:sqlworkbench:.+:.+:.+",
"Actions": [
"AssociateConnectionWithChart",
"AssociateConnectionWithTab",
"AssociateNotebookWithTab",
"AssociateQueryWithTab",
"BatchDeleteFolder",
"BatchGetNotebookCell",
"CreateAccount",
"CreateChart",
"CreateConnection",
"CreateFolder",
"CreateNotebook",
"CreateNotebookCell",
"CreateNotebookFromVersion",
"CreateNotebookVersion",
"CreateSavedQuery",
"DeleteChart",
"DeleteConnection",
"DeleteNotebook",
"DeleteNotebookCell",
"DeleteNotebookVersion",
"DeleteSavedQuery",
"DeleteTab",
"DriverExecute",
"DuplicateNotebook",
"ExportNotebook",
"GenerateSession",
"GetAccountInfo",
"GetAccountSettings",
"GetChart",
"GetConnection",
"GetNotebook",
"GetNotebookVersion",
"GetQueryExecutionHistory",
"GetSavedQuery",
"GetSchemaInference",
"GetUserInfo",
"GetUserWorkspaceSettings",
"ImportNotebook",
"ListConnections",
"ListDatabases",
"ListFiles",
"ListNotebookVersions",
"ListNotebooks",
"ListQueryExecutionHistory",
"ListRedshiftClusters",
"ListSampleDatabases",
"ListSavedQueryVersions",
"ListTabs",
"ListTaggedResources",
"ListTagsForResource",
"PutTab",
"PutUserWorkspaceSettings",
"RestoreNotebookVersion",
"TagResource",
"UntagResource",
"UpdateAccountConnectionSettings",
"UpdateAccountExportSettings",
"UpdateAccountGeneralSettings",
"UpdateChart",
"UpdateConnection",
"UpdateFileFolder",
"UpdateFolder",
"UpdateNotebook",
"UpdateNotebookCellContent",
"UpdateNotebookCellLayout",
"UpdateSavedQuery"
],
"HasResource": true,
"StringPrefix": "sqlworkbench",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Savings Plans": {
"ARNFormat": "arn:aws:savingsplans::${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:savingsplans:.+",
"Actions": [
"CreateSavingsPlan",
"DeleteQueuedSavingsPlan",
"DescribeSavingsPlanRates",
"DescribeSavingsPlans",
"DescribeSavingsPlansOfferingRates",
"DescribeSavingsPlansOfferings",
"ListTagsForResource",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "savingsplans",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Secrets Manager": {
"ARNFormat": "arn:aws:secretsmanager:${Region}:${Account}:secret:${SecretId}",
"ARNRegex": "^arn:aws:secretsmanager:.+",
"Actions": [
"CancelRotateSecret",
"CreateSecret",
"DeleteResourcePolicy",
"DeleteSecret",
"DescribeSecret",
"GetRandomPassword",
"GetResourcePolicy",
"GetSecretValue",
"ListSecretVersionIds",
"ListSecrets",
"PutResourcePolicy",
"PutSecretValue",
"RemoveRegionsFromReplication",
"ReplicateSecretToRegions",
"RestoreSecret",
"RotateSecret",
"StopReplicationToReplica",
"TagResource",
"UntagResource",
"UpdateSecret",
"UpdateSecretVersionStage",
"ValidateResourcePolicy"
],
"HasResource": true,
"StringPrefix": "secretsmanager",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"secretsmanager:AddReplicaRegions",
"secretsmanager:BlockPublicPolicy",
"secretsmanager:Description",
"secretsmanager:ForceDeleteWithoutRecovery",
"secretsmanager:ForceOverwriteReplicaSecret",
"secretsmanager:KmsKeyId",
"secretsmanager:ModifyRotationRules",
"secretsmanager:Name",
"secretsmanager:RecoveryWindowInDays",
"secretsmanager:ResourceTag/tag-key",
"secretsmanager:RotateImmediately",
"secretsmanager:RotationLambdaARN",
"secretsmanager:SecretId",
"secretsmanager:SecretPrimaryRegion",
"secretsmanager:VersionId",
"secretsmanager:VersionStage",
"secretsmanager:resource/AllowRotationLambdaArn"
]
},
"AWS Security Hub": {
"ARNFormat": "arn:aws:securityhub:${Region}:${Account}:.+",
"ARNRegex": "^arn:aws:securityhub:.+",
"Actions": [
"AcceptAdministratorInvitation",
"AcceptInvitation",
"BatchDisableStandards",
"BatchEnableStandards",
"BatchGetControlEvaluations",
"BatchGetSecurityControls",
"BatchGetStandardsControlAssociations",
"BatchImportFindings",
"BatchUpdateFindings",
"BatchUpdateStandardsControlAssociations",
"CreateActionTarget",
"CreateFindingAggregator",
"CreateInsight",
"CreateMembers",
"DeclineInvitations",
"DeleteActionTarget",
"DeleteFindingAggregator",
"DeleteInsight",
"DeleteInvitations",
"DeleteMembers",
"DescribeActionTargets",
"DescribeHub",
"DescribeOrganizationConfiguration",
"DescribeProducts",
"DescribeStandards",
"DescribeStandardsControls",
"DisableImportFindingsForProduct",
"DisableOrganizationAdminAccount",
"DisableSecurityHub",
"DisassociateFromAdministratorAccount",
"DisassociateFromMasterAccount",
"DisassociateMembers",
"EnableImportFindingsForProduct",
"EnableOrganizationAdminAccount",
"EnableSecurityHub",
"GetAdhocInsightResults",
"GetAdministratorAccount",
"GetControlFindingSummary",
"GetEnabledStandards",
"GetFindingAggregator",
"GetFindingHistory",
"GetFindings",
"GetFreeTrialEndDate",
"GetFreeTrialUsage",
"GetInsightFindingTrend",
"GetInsightResults",
"GetInsights",
"GetInvitationsCount",
"GetMasterAccount",
"GetMembers",
"GetUsage",
"InviteMembers",
"ListControlEvaluationSummaries",
"ListEnabledProductsForImport",
"ListFindingAggregators",
"ListInvitations",
"ListMembers",
"ListOrganizationAdminAccounts",
"ListSecurityControlDefinitions",
"ListStandardsControlAssociations",
"ListTagsForResource",
"SendFindingEvents",
"SendInsightEvents",
"TagResource",
"UntagResource",
"UpdateActionTarget",
"UpdateFindingAggregator",
"UpdateFindings",
"UpdateInsight",
"UpdateOrganizationConfiguration",
"UpdateSecurityHubConfiguration",
"UpdateStandardsControl"
],
"HasResource": true,
"StringPrefix": "securityhub",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"securityhub:ASFFSyntaxPath/${ASFFSyntaxPath}",
"securityhub:TargetAccount"
]
},
"AWS Security Token Service": {
"ARNFormat": "arn:aws:iam::${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:iam::.+",
"Actions": [
"AssumeRole",
"AssumeRoleWithSAML",
"AssumeRoleWithWebIdentity",
"DecodeAuthorizationMessage",
"GetAccessKeyInfo",
"GetCallerIdentity",
"GetFederationToken",
"GetServiceBearerToken",
"GetSessionToken",
"SetSourceIdentity",
"TagSession"
],
"HasResource": true,
"StringPrefix": "sts",
"conditionKeys": [
"accounts.google.com:aud",
"accounts.google.com:oaud",
"accounts.google.com:sub",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"cognito-identity.amazonaws.com:amr",
"cognito-identity.amazonaws.com:aud",
"cognito-identity.amazonaws.com:sub",
"graph.facebook.com:app_id",
"graph.facebook.com:id",
"iam:ResourceTag/${TagKey}",
"saml:aud",
"saml:cn",
"saml:commonName",
"saml:doc",
"saml:eduorghomepageuri",
"saml:eduorgidentityauthnpolicyuri",
"saml:eduorglegalname",
"saml:eduorgsuperioruri",
"saml:eduorgwhitepagesuri",
"saml:edupersonaffiliation",
"saml:edupersonassurance",
"saml:edupersonentitlement",
"saml:edupersonnickname",
"saml:edupersonorgdn",
"saml:edupersonorgunitdn",
"saml:edupersonprimaryaffiliation",
"saml:edupersonprimaryorgunitdn",
"saml:edupersonprincipalname",
"saml:edupersonscopedaffiliation",
"saml:edupersontargetedid",
"saml:givenName",
"saml:iss",
"saml:mail",
"saml:name",
"saml:namequalifier",
"saml:organizationStatus",
"saml:primaryGroupSID",
"saml:sub",
"saml:sub_type",
"saml:surname",
"saml:uid",
"saml:x500UniqueIdentifier",
"sts:AWSServiceName",
"sts:ExternalId",
"sts:RoleSessionName",
"sts:SourceIdentity",
"sts:TransitiveTagKeys",
"www.amazon.com:app_id",
"www.amazon.com:user_id"
]
},
"AWS Server Migration Service": {
"ARNFormat": "arn:aws:<serviceName>:<region>:<account-id>:<resource-type>/<resource_name>",
"ARNRegex": "^arn:aws:<serviceName>:.+:.+:.+",
"Actions": [
"CreateApp",
"CreateReplicationJob",
"DeleteApp",
"DeleteAppLaunchConfiguration",
"DeleteAppReplicationConfiguration",
"DeleteAppValidationConfiguration",
"DeleteReplicationJob",
"DeleteServerCatalog",
"DisassociateConnector",
"GenerateChangeSet",
"GenerateTemplate",
"GetApp",
"GetAppLaunchConfiguration",
"GetAppReplicationConfiguration",
"GetAppValidationConfiguration",
"GetAppValidationOutput",
"GetConnectors",
"GetMessages",
"GetReplicationJobs",
"GetReplicationRuns",
"GetServers",
"ImportAppCatalog",
"ImportServerCatalog",
"LaunchApp",
"ListApps",
"NotifyAppValidationOutput",
"PutAppLaunchConfiguration",
"PutAppReplicationConfiguration",
"PutAppValidationConfiguration",
"SendMessage",
"StartAppReplication",
"StartOnDemandAppReplication",
"StartOnDemandReplicationRun",
"StopAppReplication",
"TerminateApp",
"UpdateApp",
"UpdateReplicationJob"
],
"HasResource": false,
"StringPrefix": "sms"
},
"AWS Serverless Application Repository": {
"ARNFormat": "arn:aws:serverlessrepo:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:serverlessrepo:.+:.+:.+",
"Actions": [
"CreateApplication",
"CreateApplicationVersion",
"CreateCloudFormationChangeSet",
"CreateCloudFormationTemplate",
"DeleteApplication",
"GetApplication",
"GetApplicationPolicy",
"GetCloudFormationTemplate",
"ListApplicationDependencies",
"ListApplicationVersions",
"ListApplications",
"PutApplicationPolicy",
"SearchApplications",
"UnshareApplication",
"UpdateApplication"
],
"HasResource": true,
"StringPrefix": "serverlessrepo",
"conditionKeys": [
"serverlessrepo:applicationType"
]
},
"AWS Service Catalog": {
"ARNFormat": "arn:aws:(catalog|servicecatalog):${Region}:${Account}:${ResourceType}/${Id}",
"ARNRegex": "^arn:aws:(catalog|servicecatalog):.+",
"Actions": [
"AcceptPortfolioShare",
"AssociateAttributeGroup",
"AssociateBudgetWithResource",
"AssociatePrincipalWithPortfolio",
"AssociateProductWithPortfolio",
"AssociateResource",
"AssociateServiceActionWithProvisioningArtifact",
"AssociateTagOptionWithResource",
"BatchAssociateServiceActionWithProvisioningArtifact",
"BatchDisassociateServiceActionFromProvisioningArtifact",
"CopyProduct",
"CreateApplication",
"CreateAttributeGroup",
"CreateConstraint",
"CreatePortfolio",
"CreatePortfolioShare",
"CreateProduct",
"CreateProvisionedProductPlan",
"CreateProvisioningArtifact",
"CreateServiceAction",
"CreateTagOption",
"DeleteApplication",
"DeleteAttributeGroup",
"DeleteConstraint",
"DeletePortfolio",
"DeletePortfolioShare",
"DeleteProduct",
"DeleteProvisionedProductPlan",
"DeleteProvisioningArtifact",
"DeleteServiceAction",
"DeleteTagOption",
"DescribeConstraint",
"DescribeCopyProductStatus",
"DescribePortfolio",
"DescribePortfolioShareStatus",
"DescribePortfolioShares",
"DescribeProduct",
"DescribeProductAsAdmin",
"DescribeProductView",
"DescribeProvisionedProduct",
"DescribeProvisionedProductPlan",
"DescribeProvisioningArtifact",
"DescribeProvisioningParameters",
"DescribeRecord",
"DescribeServiceAction",
"DescribeServiceActionExecutionParameters",
"DescribeTagOption",
"DisableAWSOrganizationsAccess",
"DisassociateAttributeGroup",
"DisassociateBudgetFromResource",
"DisassociatePrincipalFromPortfolio",
"DisassociateProductFromPortfolio",
"DisassociateResource",
"DisassociateServiceActionFromProvisioningArtifact",
"DisassociateTagOptionFromResource",
"EnableAWSOrganizationsAccess",
"ExecuteProvisionedProductPlan",
"ExecuteProvisionedProductServiceAction",
"GetAWSOrganizationsAccessStatus",
"GetApplication",
"GetAssociatedResource",
"GetAttributeGroup",
"GetConfiguration",
"GetProvisionedProductOutputs",
"ImportAsProvisionedProduct",
"ListAcceptedPortfolioShares",
"ListApplications",
"ListAssociatedAttributeGroups",
"ListAssociatedResources",
"ListAttributeGroups",
"ListAttributeGroupsForApplication",
"ListBudgetsForResource",
"ListConstraintsForPortfolio",
"ListLaunchPaths",
"ListOrganizationPortfolioAccess",
"ListPortfolioAccess",
"ListPortfolios",
"ListPortfoliosForProduct",
"ListPrincipalsForPortfolio",
"ListProvisionedProductPlans",
"ListProvisioningArtifacts",
"ListProvisioningArtifactsForServiceAction",
"ListRecordHistory",
"ListResourcesForTagOption",
"ListServiceActions",
"ListServiceActionsForProvisioningArtifact",
"ListStackInstancesForProvisionedProduct",
"ListTagOptions",
"ListTagsForResource",
"NotifyProvisionProductEngineWorkflowResult",
"NotifyTerminateProvisionedProductEngineWorkflowResult",
"NotifyUpdateProvisionedProductEngineWorkflowResult",
"ProvisionProduct",
"PutConfiguration",
"RejectPortfolioShare",
"ScanProvisionedProducts",
"SearchProducts",
"SearchProductsAsAdmin",
"SearchProvisionedProducts",
"SyncResource",
"TagResource",
"TerminateProvisionedProduct",
"UntagResource",
"UpdateApplication",
"UpdateAttributeGroup",
"UpdateConstraint",
"UpdatePortfolio",
"UpdatePortfolioShare",
"UpdateProduct",
"UpdateProvisionedProduct",
"UpdateProvisionedProductProperties",
"UpdateProvisioningArtifact",
"UpdateServiceAction",
"UpdateTagOption"
],
"HasResource": true,
"StringPrefix": "servicecatalog",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"servicecatalog:Resource",
"servicecatalog:ResourceType",
"servicecatalog:accountLevel",
"servicecatalog:roleLevel",
"servicecatalog:userLevel"
]
},
"AWS Shield": {
"ARNFormat": "arn:aws:shield::${Account}:${Resource}/${ResourceId}",
"ARNRegex": "^arn:aws:shield::[0-9]+:.+/.+",
"Actions": [
"AssociateDRTLogBucket",
"AssociateDRTRole",
"AssociateHealthCheck",
"AssociateProactiveEngagementDetails",
"CreateProtection",
"CreateProtectionGroup",
"CreateSubscription",
"DeleteProtection",
"DeleteProtectionGroup",
"DeleteSubscription",
"DescribeAttack",
"DescribeAttackStatistics",
"DescribeDRTAccess",
"DescribeEmergencyContactSettings",
"DescribeProtection",
"DescribeProtectionGroup",
"DescribeSubscription",
"DisableApplicationLayerAutomaticResponse",
"DisableProactiveEngagement",
"DisassociateDRTLogBucket",
"DisassociateDRTRole",
"DisassociateHealthCheck",
"EnableApplicationLayerAutomaticResponse",
"EnableProactiveEngagement",
"GetSubscriptionState",
"ListAttacks",
"ListProtectionGroups",
"ListProtections",
"ListResourcesInProtectionGroup",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateApplicationLayerAutomaticResponse",
"UpdateEmergencyContactSettings",
"UpdateProtectionGroup",
"UpdateSubscription"
],
"HasResource": true,
"StringPrefix": "shield",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Signer": {
"ARNFormat": "arn:aws:signer:${Region}:${Account}:/${ResourceType}/${ResourceIdentifier}",
"ARNRegex": "^arn:aws:signer:.+",
"Actions": [
"AddProfilePermission",
"CancelSigningProfile",
"DescribeSigningJob",
"GetSigningPlatform",
"GetSigningProfile",
"ListProfilePermissions",
"ListSigningJobs",
"ListSigningPlatforms",
"ListSigningProfiles",
"ListTagsForResource",
"PutSigningProfile",
"RemoveProfilePermission",
"RevokeSignature",
"RevokeSigningProfile",
"StartSigningJob",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "signer",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"signer:ProfileVersion"
]
},
"AWS SimSpace Weaver": {
"ARNFormat": "arn:aws:simspaceweaver:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:simspaceweaver:.+:.+:.+",
"Actions": [
"DeleteApp",
"DeleteSimulation",
"DescribeApp",
"DescribeSimulation",
"ListApps",
"ListSimulations",
"ListTagsForResource",
"StartApp",
"StartClock",
"StartSimulation",
"StopApp",
"StopClock",
"StopSimulation",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "simspaceweaver",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Snow Device Management": {
"ARNFormat": "arn:aws:snow-device-management:<region>:<account-id>:<resource-type>/<resource_name>",
"ARNRegex": "^arn:aws:snow-device-management:.+:.+:.+/.+",
"Actions": [
"CancelTask",
"CreateTask",
"DescribeDevice",
"DescribeDeviceEc2Instances",
"DescribeExecution",
"DescribeTask",
"ListDeviceResources",
"ListDevices",
"ListExecutions",
"ListTagsForResource",
"ListTasks",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "snow-device-management",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Snowball": {
"Actions": [
"CancelCluster",
"CancelJob",
"CreateAddress",
"CreateCluster",
"CreateJob",
"CreateLongTermPricing",
"CreateReturnShippingLabel",
"DescribeAddress",
"DescribeAddresses",
"DescribeCluster",
"DescribeJob",
"DescribeReturnShippingLabel",
"GetJobManifest",
"GetJobUnlockCode",
"GetSnowballUsage",
"GetSoftwareUpdates",
"ListClusterJobs",
"ListClusters",
"ListCompatibleImages",
"ListJobs",
"ListLongTermPricing",
"ListServiceVersions",
"UpdateCluster",
"UpdateJob",
"UpdateJobShipmentState",
"UpdateLongTermPricing"
],
"HasResource": false,
"StringPrefix": "snowball"
},
"AWS Step Functions": {
"ARNFormat": "arn:aws:states:${Region}:${Account}:${ResourceType}:${ResourceName}",
"ARNRegex": "^arn:aws:states:.+",
"Actions": [
"CreateActivity",
"CreateStateMachine",
"DeleteActivity",
"DeleteStateMachine",
"DescribeActivity",
"DescribeExecution",
"DescribeMapRun",
"DescribeStateMachine",
"DescribeStateMachineForExecution",
"GetActivityTask",
"GetExecutionHistory",
"ListActivities",
"ListExecutions",
"ListMapRuns",
"ListStateMachines",
"ListTagsForResource",
"SendTaskFailure",
"SendTaskHeartbeat",
"SendTaskSuccess",
"StartExecution",
"StartSyncExecution",
"StopExecution",
"TagResource",
"UntagResource",
"UpdateMapRun",
"UpdateStateMachine"
],
"HasResource": true,
"StringPrefix": "states",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Storage Gateway": {
"ARNFormat": "arn:aws:storagegateway:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:storagegateway:.+",
"Actions": [
"ActivateGateway",
"AddCache",
"AddTagsToResource",
"AddUploadBuffer",
"AddWorkingStorage",
"AssignTapePool",
"AssociateFileSystem",
"AttachVolume",
"BypassGovernanceRetention",
"CancelArchival",
"CancelRetrieval",
"CreateCachediSCSIVolume",
"CreateNFSFileShare",
"CreateSMBFileShare",
"CreateSnapshot",
"CreateSnapshotFromVolumeRecoveryPoint",
"CreateStorediSCSIVolume",
"CreateTapePool",
"CreateTapeWithBarcode",
"CreateTapes",
"DeleteAutomaticTapeCreationPolicy",
"DeleteBandwidthRateLimit",
"DeleteChapCredentials",
"DeleteFileShare",
"DeleteGateway",
"DeleteSnapshotSchedule",
"DeleteTape",
"DeleteTapeArchive",
"DeleteTapePool",
"DeleteVolume",
"DescribeAvailabilityMonitorTest",
"DescribeBandwidthRateLimit",
"DescribeBandwidthRateLimitSchedule",
"DescribeCache",
"DescribeCachediSCSIVolumes",
"DescribeChapCredentials",
"DescribeFileSystemAssociations",
"DescribeGatewayInformation",
"DescribeMaintenanceStartTime",
"DescribeNFSFileShares",
"DescribeSMBFileShares",
"DescribeSMBSettings",
"DescribeSnapshotSchedule",
"DescribeStorediSCSIVolumes",
"DescribeTapeArchives",
"DescribeTapeRecoveryPoints",
"DescribeTapes",
"DescribeUploadBuffer",
"DescribeVTLDevices",
"DescribeWorkingStorage",
"DetachVolume",
"DisableGateway",
"DisassociateFileSystem",
"JoinDomain",
"ListAutomaticTapeCreationPolicies",
"ListFileShares",
"ListFileSystemAssociations",
"ListGateways",
"ListLocalDisks",
"ListTagsForResource",
"ListTapePools",
"ListTapes",
"ListVolumeInitiators",
"ListVolumeRecoveryPoints",
"ListVolumes",
"NotifyWhenUploaded",
"RefreshCache",
"RemoveTagsFromResource",
"ResetCache",
"RetrieveTapeArchive",
"RetrieveTapeRecoveryPoint",
"SetLocalConsolePassword",
"SetSMBGuestPassword",
"ShutdownGateway",
"StartAvailabilityMonitorTest",
"StartGateway",
"UpdateAutomaticTapeCreationPolicy",
"UpdateBandwidthRateLimit",
"UpdateBandwidthRateLimitSchedule",
"UpdateChapCredentials",
"UpdateFileSystemAssociation",
"UpdateGatewayInformation",
"UpdateGatewaySoftwareNow",
"UpdateMaintenanceStartTime",
"UpdateNFSFileShare",
"UpdateSMBFileShare",
"UpdateSMBFileShareVisibility",
"UpdateSMBLocalGroups",
"UpdateSMBSecurityStrategy",
"UpdateSnapshotSchedule",
"UpdateVTLDeviceType"
],
"HasResource": true,
"StringPrefix": "storagegateway",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Supply Chain": {
"ARNFormat": "arn:aws:scn:${Region}:${Account}:instance/",
"ARNRegex": "^arn:aws:scn:.+",
"Actions": [
"AssignAdminPermissionsToUser",
"CreateInstance",
"CreateSSOApplication",
"DeleteInstance",
"DeleteSSOApplication",
"DescribeInstance",
"ListAdminUsers",
"ListInstances",
"ListTagsForResource",
"RemoveAdminPermissionsForUser",
"TagResource",
"UntagResource",
"UpdateInstance"
],
"HasResource": true,
"StringPrefix": "scn",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Support": {
"Actions": [
"AddAttachmentsToSet",
"AddCommunicationToCase",
"CreateCase",
"DescribeAttachment",
"DescribeCaseAttributes",
"DescribeCases",
"DescribeCommunications",
"DescribeIssueTypes",
"DescribeServices",
"DescribeSeverityLevels",
"DescribeSupportLevel",
"DescribeTrustedAdvisorCheckRefreshStatuses",
"DescribeTrustedAdvisorCheckResult",
"DescribeTrustedAdvisorCheckSummaries",
"DescribeTrustedAdvisorChecks",
"InitiateCallForCase",
"InitiateChatForCase",
"PutCaseAttributes",
"RateCaseCommunication",
"RefreshTrustedAdvisorCheck",
"ResolveCase",
"SearchForCases"
],
"HasResource": false,
"StringPrefix": "support"
},
"AWS Support App in Slack": {
"Actions": [
"CreateSlackChannelConfiguration",
"DeleteAccountAlias",
"DeleteSlackChannelConfiguration",
"DeleteSlackWorkspaceConfiguration",
"DescribeSlackChannels",
"GetAccountAlias",
"GetSlackOauthParameters",
"ListSlackChannelConfigurations",
"ListSlackWorkspaceConfigurations",
"PutAccountAlias",
"RedeemSlackOauthCode",
"RegisterSlackWorkspaceForOrganization",
"UpdateSlackChannelConfiguration"
],
"HasResource": false,
"StringPrefix": "supportapp"
},
"AWS Support Plans": {
"ARNFormat": "^arn:${Partition}:supportplans::${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:${Partition}:supportplans::.+:.+",
"Actions": [
"GetSupportPlan",
"GetSupportPlanUpdateStatus",
"StartSupportPlanUpdate"
],
"HasResource": false,
"StringPrefix": "supportplans"
},
"AWS Sustainability": {
"ARNFormat": "arn:${Partition}:sustainability:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:${Partition}:sustainability:.+:.+:.+",
"Actions": [
"GetCarbonFootprintSummary"
],
"HasResource": false,
"StringPrefix": "sustainability"
},
"AWS Systems Manager": {
"ARNFormat": "arn:aws:ssm:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:(ssm|ec2):.+",
"Actions": [
"AddTagsToResource",
"AssociateOpsItemRelatedItem",
"CancelCommand",
"CancelMaintenanceWindowExecution",
"CreateActivation",
"CreateAssociation",
"CreateAssociationBatch",
"CreateDocument",
"CreateMaintenanceWindow",
"CreateOpsItem",
"CreateOpsMetadata",
"CreatePatchBaseline",
"CreateResourceDataSync",
"DeleteActivation",
"DeleteAssociation",
"DeleteDocument",
"DeleteInventory",
"DeleteMaintenanceWindow",
"DeleteOpsMetadata",
"DeleteParameter",
"DeleteParameters",
"DeletePatchBaseline",
"DeleteResourceDataSync",
"DeleteResourcePolicy",
"DeregisterManagedInstance",
"DeregisterPatchBaselineForPatchGroup",
"DeregisterTargetFromMaintenanceWindow",
"DeregisterTaskFromMaintenanceWindow",
"DescribeActivations",
"DescribeAssociation",
"DescribeAssociationExecutionTargets",
"DescribeAssociationExecutions",
"DescribeAutomationExecutions",
"DescribeAutomationStepExecutions",
"DescribeAvailablePatches",
"DescribeDocument",
"DescribeDocumentParameters",
"DescribeDocumentPermission",
"DescribeEffectiveInstanceAssociations",
"DescribeEffectivePatchesForPatchBaseline",
"DescribeInstanceAssociationsStatus",
"DescribeInstanceInformation",
"DescribeInstancePatchStates",
"DescribeInstancePatchStatesForPatchGroup",
"DescribeInstancePatches",
"DescribeInstanceProperties",
"DescribeInventoryDeletions",
"DescribeMaintenanceWindowExecutionTaskInvocations",
"DescribeMaintenanceWindowExecutionTasks",
"DescribeMaintenanceWindowExecutions",
"DescribeMaintenanceWindowSchedule",
"DescribeMaintenanceWindowTargets",
"DescribeMaintenanceWindowTasks",
"DescribeMaintenanceWindows",
"DescribeMaintenanceWindowsForTarget",
"DescribeOpsItems",
"DescribeParameters",
"DescribePatchBaselines",
"DescribePatchGroupState",
"DescribePatchGroups",
"DescribePatchProperties",
"DescribeSessions",
"DisassociateOpsItemRelatedItem",
"GetAutomationExecution",
"GetCalendar",
"GetCalendarState",
"GetCommandInvocation",
"GetConnectionStatus",
"GetDefaultPatchBaseline",
"GetDeployablePatchSnapshotForInstance",
"GetDocument",
"GetInventory",
"GetInventorySchema",
"GetMaintenanceWindow",
"GetMaintenanceWindowExecution",
"GetMaintenanceWindowExecutionTask",
"GetMaintenanceWindowExecutionTaskInvocation",
"GetMaintenanceWindowTask",
"GetManifest",
"GetOpsItem",
"GetOpsMetadata",
"GetOpsSummary",
"GetParameter",
"GetParameterHistory",
"GetParameters",
"GetParametersByPath",
"GetPatchBaseline",
"GetPatchBaselineForPatchGroup",
"GetResourcePolicies",
"GetServiceSetting",
"LabelParameterVersion",
"ListAssociationVersions",
"ListAssociations",
"ListCommandInvocations",
"ListCommands",
"ListComplianceItems",
"ListComplianceSummaries",
"ListDocumentMetadataHistory",
"ListDocumentVersions",
"ListDocuments",
"ListInstanceAssociations",
"ListInventoryEntries",
"ListOpsItemEvents",
"ListOpsItemRelatedItems",
"ListOpsMetadata",
"ListResourceComplianceSummaries",
"ListResourceDataSync",
"ListTagsForResource",
"ModifyDocumentPermission",
"PutCalendar",
"PutComplianceItems",
"PutConfigurePackageResult",
"PutInventory",
"PutParameter",
"PutResourcePolicy",
"RegisterDefaultPatchBaseline",
"RegisterManagedInstance",
"RegisterPatchBaselineForPatchGroup",
"RegisterTargetWithMaintenanceWindow",
"RegisterTaskWithMaintenanceWindow",
"RemoveTagsFromResource",
"ResetServiceSetting",
"ResumeSession",
"SendAutomationSignal",
"SendCommand",
"StartAssociationsOnce",
"StartAutomationExecution",
"StartChangeRequestExecution",
"StartSession",
"StopAutomationExecution",
"TerminateSession",
"UnlabelParameterVersion",
"UpdateAssociation",
"UpdateAssociationStatus",
"UpdateDocument",
"UpdateDocumentDefaultVersion",
"UpdateDocumentMetadata",
"UpdateInstanceAssociationStatus",
"UpdateInstanceInformation",
"UpdateMaintenanceWindow",
"UpdateMaintenanceWindowTarget",
"UpdateMaintenanceWindowTask",
"UpdateManagedInstanceRole",
"UpdateOpsItem",
"UpdateOpsMetadata",
"UpdatePatchBaseline",
"UpdateResourceDataSync",
"UpdateServiceSetting"
],
"HasResource": true,
"StringPrefix": "ssm",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"ssm:AutoApprove",
"ssm:DocumentCategories",
"ssm:Overwrite",
"ssm:Recursive",
"ssm:SessionDocumentAccessCheck",
"ssm:SyncType",
"ssm:resourceTag/${TagKey}",
"ssm:resourceTag/tag-key"
]
},
"AWS Systems Manager GUI Connect": {
"Actions": [
"CancelConnection",
"GetConnection",
"StartConnection"
],
"HasResource": false,
"StringPrefix": "ssm-guiconnect"
},
"AWS Systems Manager Incident Manager": {
"ARNFormat": "arn:aws:ssm-incidents::${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:ssm-incidents::.+:.+",
"Actions": [
"CreateReplicationSet",
"CreateResponsePlan",
"CreateTimelineEvent",
"DeleteIncidentRecord",
"DeleteReplicationSet",
"DeleteResourcePolicy",
"DeleteResponsePlan",
"DeleteTimelineEvent",
"GetIncidentRecord",
"GetReplicationSet",
"GetResourcePolicies",
"GetResponsePlan",
"GetTimelineEvent",
"ListIncidentRecords",
"ListRelatedItems",
"ListReplicationSets",
"ListResponsePlans",
"ListTagsForResource",
"ListTimelineEvents",
"PutResourcePolicy",
"StartIncident",
"TagResource",
"UntagResource",
"UpdateDeletionProtection",
"UpdateIncidentRecord",
"UpdateRelatedItems",
"UpdateReplicationSet",
"UpdateResponsePlan",
"UpdateTimelineEvent"
],
"HasResource": true,
"StringPrefix": "ssm-incidents",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Systems Manager Incident Manager Contacts": {
"ARNFormat": "arn:aws:ssm-contacts:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:ssm-contacts:.+",
"Actions": [
"AcceptPage",
"ActivateContactChannel",
"AssociateContact",
"CreateContact",
"CreateContactChannel",
"CreateRotation",
"CreateRotationOverride",
"DeactivateContactChannel",
"DeleteContact",
"DeleteContactChannel",
"DeleteRotation",
"DeleteRotationOverride",
"DescribeEngagement",
"DescribePage",
"GetContact",
"GetContactChannel",
"GetContactPolicy",
"GetRotation",
"GetRotationOverride",
"ListContactChannels",
"ListContacts",
"ListEngagements",
"ListPageReceipts",
"ListPageResolutions",
"ListPagesByContact",
"ListPagesByEngagement",
"ListPreviewRotationShifts",
"ListRotationOverrides",
"ListRotationShifts",
"ListRotations",
"ListTagsForResource",
"PutContactPolicy",
"SendActivationCode",
"StartEngagement",
"StopEngagement",
"TagResource",
"UntagResource",
"UpdateContact",
"UpdateContactChannel",
"UpdateRotation"
],
"HasResource": true,
"StringPrefix": "ssm-contacts",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Systems Manager for SAP": {
"ARNFormat": "arn:aws:ssm-sap:${Region}:${Account}:${ApplicationType}/${ApplicationId}",
"ARNRegex": "^arn:aws:ssm-sap:.+",
"Actions": [
"BackupDatabase",
"DeleteResourcePermission",
"DeregisterApplication",
"GetApplication",
"GetComponent",
"GetDatabase",
"GetOperation",
"GetResourcePermission",
"ListApplications",
"ListComponents",
"ListDatabases",
"ListOperations",
"ListTagsForResource",
"PutResourcePermission",
"RegisterApplication",
"RestoreDatabase",
"TagResource",
"UntagResource",
"UpdateApplicationSettings",
"UpdateHANABackupSettings"
],
"HasResource": true,
"StringPrefix": "ssm-sap",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Tag Editor": {
"ARNFormat": "arn:${Partition}:resource-explorer:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:resource-explorer:.+",
"Actions": [
"ListResourceTypes",
"ListResources",
"ListTags"
],
"HasResource": false,
"StringPrefix": "resource-explorer"
},
"AWS Tax Settings": {
"Actions": [
"BatchPutTaxRegistration",
"DeleteTaxRegistration",
"GetExemptions",
"GetTaxInheritance",
"GetTaxInterview",
"GetTaxRegistration",
"GetTaxRegistrationDocument",
"ListTaxRegistrations",
"PutTaxInheritance",
"PutTaxInterview",
"PutTaxRegistration",
"UpdateExemptions"
],
"HasResource": false,
"StringPrefix": "tax"
},
"AWS Telco Network Builder": {
"ARNFormat": "arn:aws:tnb:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:tnb:.+",
"Actions": [
"CancelSolNetworkOperation",
"CreateSolFunctionPackage",
"CreateSolNetworkInstance",
"CreateSolNetworkPackage",
"DeleteSolFunctionPackage",
"DeleteSolNetworkInstance",
"DeleteSolNetworkPackage",
"GetSolFunctionInstance",
"GetSolFunctionPackage",
"GetSolFunctionPackageContent",
"GetSolFunctionPackageDescriptor",
"GetSolNetworkInstance",
"GetSolNetworkOperation",
"GetSolNetworkPackage",
"GetSolNetworkPackageContent",
"GetSolNetworkPackageDescriptor",
"InstantiateSolNetworkInstance",
"ListSolFunctionInstances",
"ListSolFunctionPackages",
"ListSolNetworkInstances",
"ListSolNetworkOperations",
"ListSolNetworkPackages",
"ListTagsForResource",
"PutSolFunctionPackageContent",
"PutSolNetworkPackageContent",
"TagResource",
"TerminateSolNetworkInstance",
"UntagResource",
"UpdateSolFunctionPackage",
"UpdateSolNetworkInstance",
"UpdateSolNetworkPackage",
"ValidateSolFunctionPackageContent",
"ValidateSolNetworkPackageContent"
],
"HasResource": true,
"StringPrefix": "tnb",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Tiros": {
"ARNFormat": "arn:${Partition}:tiros:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:tiros::.+",
"Actions": [
"CreateQuery",
"ExtendQuery",
"GetQueryAnswer",
"GetQueryExplanation",
"GetQueryExtensionAccounts"
],
"HasResource": false,
"StringPrefix": "tiros"
},
"AWS Transfer Family": {
"ARNFormat": "arn:aws:transfer:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:transfer:.+:.+:.+",
"Actions": [
"CreateAccess",
"CreateAgreement",
"CreateConnector",
"CreateProfile",
"CreateServer",
"CreateUser",
"CreateWorkflow",
"DeleteAccess",
"DeleteAgreement",
"DeleteCertificate",
"DeleteConnector",
"DeleteHostKey",
"DeleteProfile",
"DeleteServer",
"DeleteSshPublicKey",
"DeleteUser",
"DeleteWorkflow",
"DescribeAccess",
"DescribeAgreement",
"DescribeCertificate",
"DescribeConnector",
"DescribeExecution",
"DescribeHostKey",
"DescribeProfile",
"DescribeSecurityPolicy",
"DescribeServer",
"DescribeUser",
"DescribeWorkflow",
"ImportCertificate",
"ImportHostKey",
"ImportSshPublicKey",
"ListAccesses",
"ListAgreements",
"ListCertificates",
"ListConnectors",
"ListExecutions",
"ListHostKeys",
"ListProfiles",
"ListSecurityPolicies",
"ListServers",
"ListTagsForResource",
"ListUsers",
"ListWorkflows",
"SendWorkflowStepState",
"StartFileTransfer",
"StartServer",
"StopServer",
"TagResource",
"TestIdentityProvider",
"UntagResource",
"UpdateAccess",
"UpdateAgreement",
"UpdateCertificate",
"UpdateConnector",
"UpdateHostKey",
"UpdateProfile",
"UpdateServer",
"UpdateUser"
],
"HasResource": true,
"StringPrefix": "transfer",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Trusted Advisor": {
"ARNFormat": "arn:aws:trustedadvisor:${Region}:${Account}:checks/${Category}/${CheckId}",
"ARNRegex": "^arn:aws:trustedadvisor:.*",
"Actions": [
"CreateEngagement",
"CreateEngagementAttachment",
"CreateEngagementCommunication",
"DeleteNotificationConfigurationForDelegatedAdmin",
"DescribeAccount",
"DescribeAccountAccess",
"DescribeCheckItems",
"DescribeCheckRefreshStatuses",
"DescribeCheckStatusHistoryChanges",
"DescribeCheckSummaries",
"DescribeChecks",
"DescribeNotificationConfigurations",
"DescribeNotificationPreferences",
"DescribeOrganization",
"DescribeOrganizationAccounts",
"DescribeReports",
"DescribeRisk",
"DescribeRiskResources",
"DescribeRisks",
"DescribeServiceMetadata",
"DownloadRisk",
"ExcludeCheckItems",
"GenerateReport",
"GetEngagement",
"GetEngagementAttachment",
"GetEngagementType",
"IncludeCheckItems",
"ListAccountsForParent",
"ListEngagementCommunications",
"ListEngagementTypes",
"ListEngagements",
"ListOrganizationalUnitsForParent",
"ListRoots",
"RefreshCheck",
"SetAccountAccess",
"SetOrganizationAccess",
"UpdateEngagementStatus",
"UpdateNotificationConfigurations",
"UpdateNotificationPreferences",
"UpdateRiskStatus"
],
"HasResource": true,
"StringPrefix": "trustedadvisor"
},
"AWS User Notifications": {
"ARNFormat": "arn:aws:notifications::${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:notifications:.*:.+:.+",
"Actions": [
"AssociateChannel",
"CreateEventRule",
"CreateNotificationConfiguration",
"DeleteEventRule",
"DeleteNotificationConfiguration",
"DeregisterNotificationHub",
"DisassociateChannel",
"GetEventRule",
"GetNotificationConfiguration",
"GetNotificationEvent",
"ListChannels",
"ListEventRules",
"ListNotificationConfigurations",
"ListNotificationEvents",
"ListNotificationHubs",
"ListTagsForResource",
"RegisterNotificationHub",
"TagResource",
"UntagResource",
"UpdateEventRule",
"UpdateNotificationConfiguration"
],
"HasResource": true,
"StringPrefix": "notifications",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS User Notifications Contacts": {
"ARNFormat": "arn:aws:notifications-contacts::${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:notifications-contacts::.+:.+",
"Actions": [
"ActivateEmailContact",
"CreateEmailContact",
"DeleteEmailContact",
"GetEmailContact",
"ListEmailContacts",
"ListTagsForResource",
"SendActivationCode",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "notifications-contacts",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS WAF": {
"ARNFormat": "arn:aws:waf::${Account}:${ResourceId}/${Id}",
"ARNRegex": "^arn:aws:waf::[0-9]+:.+/.+",
"Actions": [
"CreateByteMatchSet",
"CreateGeoMatchSet",
"CreateIPSet",
"CreateRateBasedRule",
"CreateRegexMatchSet",
"CreateRegexPatternSet",
"CreateRule",
"CreateRuleGroup",
"CreateSizeConstraintSet",
"CreateSqlInjectionMatchSet",
"CreateWebACL",
"CreateWebACLMigrationStack",
"CreateXssMatchSet",
"DeleteByteMatchSet",
"DeleteGeoMatchSet",
"DeleteIPSet",
"DeleteLoggingConfiguration",
"DeletePermissionPolicy",
"DeleteRateBasedRule",
"DeleteRegexMatchSet",
"DeleteRegexPatternSet",
"DeleteRule",
"DeleteRuleGroup",
"DeleteSizeConstraintSet",
"DeleteSqlInjectionMatchSet",
"DeleteWebACL",
"DeleteXssMatchSet",
"GetByteMatchSet",
"GetChangeToken",
"GetChangeTokenStatus",
"GetGeoMatchSet",
"GetIPSet",
"GetLoggingConfiguration",
"GetPermissionPolicy",
"GetRateBasedRule",
"GetRateBasedRuleManagedKeys",
"GetRegexMatchSet",
"GetRegexPatternSet",
"GetRule",
"GetRuleGroup",
"GetSampledRequests",
"GetSizeConstraintSet",
"GetSqlInjectionMatchSet",
"GetWebACL",
"GetXssMatchSet",
"ListActivatedRulesInRuleGroup",
"ListByteMatchSets",
"ListGeoMatchSets",
"ListIPSets",
"ListLoggingConfigurations",
"ListRateBasedRules",
"ListRegexMatchSets",
"ListRegexPatternSets",
"ListRuleGroups",
"ListRules",
"ListSizeConstraintSets",
"ListSqlInjectionMatchSets",
"ListSubscribedRuleGroups",
"ListTagsForResource",
"ListWebACLs",
"ListXssMatchSets",
"PutLoggingConfiguration",
"PutPermissionPolicy",
"TagResource",
"UntagResource",
"UpdateByteMatchSet",
"UpdateGeoMatchSet",
"UpdateIPSet",
"UpdateRateBasedRule",
"UpdateRegexMatchSet",
"UpdateRegexPatternSet",
"UpdateRule",
"UpdateRuleGroup",
"UpdateSizeConstraintSet",
"UpdateSqlInjectionMatchSet",
"UpdateWebACL",
"UpdateXssMatchSet"
],
"HasResource": true,
"StringPrefix": "waf",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS WAF Regional": {
"ARNFormat": "arn:aws:waf-regional:${Region}:${Account}:${ResourceId}/${Id}",
"ARNRegex": "^arn:aws:waf-regional:.+:[0-9]+:.+/.+",
"Actions": [
"AssociateWebACL",
"CreateByteMatchSet",
"CreateGeoMatchSet",
"CreateIPSet",
"CreateRateBasedRule",
"CreateRegexMatchSet",
"CreateRegexPatternSet",
"CreateRule",
"CreateRuleGroup",
"CreateSizeConstraintSet",
"CreateSqlInjectionMatchSet",
"CreateWebACL",
"CreateWebACLMigrationStack",
"CreateXssMatchSet",
"DeleteByteMatchSet",
"DeleteGeoMatchSet",
"DeleteIPSet",
"DeleteLoggingConfiguration",
"DeletePermissionPolicy",
"DeleteRateBasedRule",
"DeleteRegexMatchSet",
"DeleteRegexPatternSet",
"DeleteRule",
"DeleteRuleGroup",
"DeleteSizeConstraintSet",
"DeleteSqlInjectionMatchSet",
"DeleteWebACL",
"DeleteXssMatchSet",
"DisassociateWebACL",
"GetByteMatchSet",
"GetChangeToken",
"GetChangeTokenStatus",
"GetGeoMatchSet",
"GetIPSet",
"GetLoggingConfiguration",
"GetPermissionPolicy",
"GetRateBasedRule",
"GetRateBasedRuleManagedKeys",
"GetRegexMatchSet",
"GetRegexPatternSet",
"GetRule",
"GetRuleGroup",
"GetSampledRequests",
"GetSizeConstraintSet",
"GetSqlInjectionMatchSet",
"GetWebACL",
"GetWebACLForResource",
"GetXssMatchSet",
"ListActivatedRulesInRuleGroup",
"ListByteMatchSets",
"ListGeoMatchSets",
"ListIPSets",
"ListLoggingConfigurations",
"ListRateBasedRules",
"ListRegexMatchSets",
"ListRegexPatternSets",
"ListResourcesForWebACL",
"ListRuleGroups",
"ListRules",
"ListSizeConstraintSets",
"ListSqlInjectionMatchSets",
"ListSubscribedRuleGroups",
"ListTagsForResource",
"ListWebACLs",
"ListXssMatchSets",
"PutLoggingConfiguration",
"PutPermissionPolicy",
"TagResource",
"UntagResource",
"UpdateByteMatchSet",
"UpdateGeoMatchSet",
"UpdateIPSet",
"UpdateRateBasedRule",
"UpdateRegexMatchSet",
"UpdateRegexPatternSet",
"UpdateRule",
"UpdateRuleGroup",
"UpdateSizeConstraintSet",
"UpdateSqlInjectionMatchSet",
"UpdateWebACL",
"UpdateXssMatchSet"
],
"HasResource": true,
"StringPrefix": "waf-regional",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS WAF V2": {
"ARNFormat": "arn:aws:wafv2:${Region}:${Account}:${Scope}/${ResourceType}/${ResourceName}/${ResourceId}",
"ARNRegex": "^arn:aws:wafv2:.+:.+:.+/.+/.+/.+",
"Actions": [
"AssociateWebACL",
"CheckCapacity",
"CreateAPIKey",
"CreateIPSet",
"CreateRegexPatternSet",
"CreateRuleGroup",
"CreateWebACL",
"DeleteFirewallManagerRuleGroups",
"DeleteIPSet",
"DeleteLoggingConfiguration",
"DeletePermissionPolicy",
"DeleteRegexPatternSet",
"DeleteRuleGroup",
"DeleteWebACL",
"DescribeManagedRuleGroup",
"DisassociateFirewallManager",
"DisassociateWebACL",
"GenerateMobileSdkReleaseUrl",
"GetDecryptedAPIKey",
"GetIPSet",
"GetLoggingConfiguration",
"GetManagedRuleSet",
"GetMobileSdkRelease",
"GetPermissionPolicy",
"GetRateBasedStatementManagedKeys",
"GetRegexPatternSet",
"GetRuleGroup",
"GetSampledRequests",
"GetWebACL",
"GetWebACLForResource",
"ListAPIKeys",
"ListAvailableManagedRuleGroupVersions",
"ListAvailableManagedRuleGroups",
"ListIPSets",
"ListLoggingConfigurations",
"ListManagedRuleSets",
"ListMobileSdkReleases",
"ListRegexPatternSets",
"ListResourcesForWebACL",
"ListRuleGroups",
"ListTagsForResource",
"ListWebACLs",
"PutFirewallManagerRuleGroups",
"PutLoggingConfiguration",
"PutManagedRuleSetVersions",
"PutPermissionPolicy",
"TagResource",
"UntagResource",
"UpdateIPSet",
"UpdateManagedRuleSetVersionExpiryDate",
"UpdateRegexPatternSet",
"UpdateRuleGroup",
"UpdateWebACL"
],
"HasResource": true,
"StringPrefix": "wafv2",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Well-Architected Tool": {
"ARNFormat": "arn:aws:wellarchitected:${Region}:${Account}:${ResourceName}/${ResourceId}",
"ARNRegex": "^arn:aws:wellarchitected:.+",
"Actions": [
"AssociateLenses",
"CreateLensShare",
"CreateLensVersion",
"CreateMilestone",
"CreateWorkload",
"CreateWorkloadShare",
"DeleteLens",
"DeleteLensShare",
"DeleteWorkload",
"DeleteWorkloadShare",
"DisassociateLenses",
"ExportLens",
"GetAnswer",
"GetConsolidatedReport",
"GetLens",
"GetLensReview",
"GetLensReviewReport",
"GetLensVersionDifference",
"GetMilestone",
"GetWorkload",
"ImportLens",
"ListAnswers",
"ListCheckDetails",
"ListCheckSummaries",
"ListLensReviewImprovements",
"ListLensReviews",
"ListLensShares",
"ListLenses",
"ListMilestones",
"ListNotifications",
"ListShareInvitations",
"ListTagsForResource",
"ListWorkloadShares",
"ListWorkloads",
"TagResource",
"UntagResource",
"UpdateAnswer",
"UpdateGlobalSettings",
"UpdateLensReview",
"UpdateShareInvitation",
"UpdateWorkload",
"UpdateWorkloadShare",
"UpgradeLensReview"
],
"HasResource": true,
"StringPrefix": "wellarchitected",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS Wickr": {
"ARNFormat": "arn:aws:wickr:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:wickr:.+:.+:.+",
"Actions": [
"CreateAdminSession",
"CreateNetwork",
"ListNetworks",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateNetworkDetails"
],
"HasResource": true,
"StringPrefix": "wickr",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS X-Ray": {
"ARNFormat": "arn:aws:xray:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:xray:.+",
"Actions": [
"BatchGetTraceSummaryById",
"BatchGetTraces",
"CreateGroup",
"CreateSamplingRule",
"DeleteGroup",
"DeleteResourcePolicy",
"DeleteSamplingRule",
"GetDistinctTraceGraphs",
"GetEncryptionConfig",
"GetGroup",
"GetGroups",
"GetInsight",
"GetInsightEvents",
"GetInsightImpactGraph",
"GetInsightSummaries",
"GetSamplingRules",
"GetSamplingStatisticSummaries",
"GetSamplingTargets",
"GetServiceGraph",
"GetTimeSeriesServiceStatistics",
"GetTraceGraph",
"GetTraceSummaries",
"Link",
"ListResourcePolicies",
"ListTagsForResource",
"PutEncryptionConfig",
"PutResourcePolicy",
"PutTelemetryRecords",
"PutTraceSegments",
"TagResource",
"UntagResource",
"UpdateGroup",
"UpdateSamplingRule"
],
"HasResource": true,
"StringPrefix": "xray",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AWS service providing managed private networks": {
"ARNFormat": "arn:aws:private-networks:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:private-networks:.+",
"Actions": [
"AcknowledgeOrderReceipt",
"ActivateDeviceIdentifier",
"ActivateNetworkSite",
"ConfigureAccessPoint",
"CreateNetwork",
"CreateNetworkSite",
"DeactivateDeviceIdentifier",
"DeleteNetwork",
"DeleteNetworkSite",
"GetDeviceIdentifier",
"GetNetwork",
"GetNetworkResource",
"GetNetworkSite",
"GetOrder",
"ListDeviceIdentifiers",
"ListNetworkResources",
"ListNetworkSites",
"ListNetworks",
"ListOrders",
"ListTagsForResource",
"Ping",
"StartNetworkResourceUpdate",
"TagResource",
"UntagResource",
"UpdateNetworkSite",
"UpdateNetworkSitePlan"
],
"HasResource": true,
"StringPrefix": "private-networks",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Alexa for Business": {
"ARNFormat": "arn:aws:a4b:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:a4b:.+:.+:.+",
"Actions": [
"ApproveSkill",
"AssociateContactWithAddressBook",
"AssociateDeviceWithNetworkProfile",
"AssociateDeviceWithRoom",
"AssociateSkillGroupWithRoom",
"AssociateSkillWithSkillGroup",
"AssociateSkillWithUsers",
"CompleteRegistration",
"CreateAddressBook",
"CreateBusinessReportSchedule",
"CreateConferenceProvider",
"CreateContact",
"CreateGatewayGroup",
"CreateNetworkProfile",
"CreateProfile",
"CreateRoom",
"CreateSkillGroup",
"CreateUser",
"DeleteAddressBook",
"DeleteBusinessReportSchedule",
"DeleteConferenceProvider",
"DeleteContact",
"DeleteDevice",
"DeleteDeviceUsageData",
"DeleteGatewayGroup",
"DeleteNetworkProfile",
"DeleteProfile",
"DeleteRoom",
"DeleteRoomSkillParameter",
"DeleteSkillAuthorization",
"DeleteSkillGroup",
"DeleteUser",
"DisassociateContactFromAddressBook",
"DisassociateDeviceFromRoom",
"DisassociateSkillFromSkillGroup",
"DisassociateSkillFromUsers",
"DisassociateSkillGroupFromRoom",
"ForgetSmartHomeAppliances",
"GetAddressBook",
"GetConferencePreference",
"GetConferenceProvider",
"GetContact",
"GetDevice",
"GetGateway",
"GetGatewayGroup",
"GetInvitationConfiguration",
"GetNetworkProfile",
"GetProfile",
"GetRoom",
"GetRoomSkillParameter",
"GetSkillGroup",
"ListBusinessReportSchedules",
"ListConferenceProviders",
"ListDeviceEvents",
"ListGatewayGroups",
"ListGateways",
"ListSkills",
"ListSkillsStoreCategories",
"ListSkillsStoreSkillsByCategory",
"ListSmartHomeAppliances",
"ListTags",
"PutConferencePreference",
"PutDeviceSetupEvents",
"PutInvitationConfiguration",
"PutRoomSkillParameter",
"PutSkillAuthorization",
"RegisterAVSDevice",
"RegisterDevice",
"RejectSkill",
"ResolveRoom",
"RevokeInvitation",
"SearchAddressBooks",
"SearchContacts",
"SearchDevices",
"SearchNetworkProfiles",
"SearchProfiles",
"SearchRooms",
"SearchSkillGroups",
"SearchUsers",
"SendAnnouncement",
"SendInvitation",
"StartDeviceSync",
"StartSmartHomeApplianceDiscovery",
"TagResource",
"UntagResource",
"UpdateAddressBook",
"UpdateBusinessReportSchedule",
"UpdateConferenceProvider",
"UpdateContact",
"UpdateDevice",
"UpdateGateway",
"UpdateGatewayGroup",
"UpdateNetworkProfile",
"UpdateProfile",
"UpdateRoom",
"UpdateSkillGroup"
],
"HasResource": true,
"StringPrefix": "a4b",
"conditionKeys": [
"a4b:amazonId",
"a4b:filters_deviceType",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon API Gateway": {
"ARNFormat": "arn:aws:execute-api:<region>:<account_id>:<api_id>/<stage>/<method>/<api_specific_resource_path>",
"ARNRegex": "^arn:aws:execute-api:.+",
"Actions": [
"InvalidateCache",
"Invoke",
"ManageConnections"
],
"HasResource": true,
"StringPrefix": "execute-api"
},
"Amazon API Gateway Management": {
"ARNFormat": "arn:aws:apigateway:${Region}::${ApiGatewayResourcePath}",
"ARNRegex": "^arn:aws:apigateway:.+",
"Actions": [
"AddCertificateToDomain",
"DELETE",
"GET",
"PATCH",
"POST",
"PUT",
"RemoveCertificateFromDomain",
"SetWebACL",
"UpdateRestApiPolicy",
"HEAD",
"OPTIONS"
],
"HasResource": true,
"StringPrefix": "apigateway",
"conditionKeys": [
"apigateway:Request/AccessLoggingDestination",
"apigateway:Request/AccessLoggingFormat",
"apigateway:Request/ApiKeyRequired",
"apigateway:Request/ApiName",
"apigateway:Request/AuthorizerType",
"apigateway:Request/AuthorizerUri",
"apigateway:Request/DisableExecuteApiEndpoint",
"apigateway:Request/EndpointType",
"apigateway:Request/MtlsTrustStoreUri",
"apigateway:Request/MtlsTrustStoreVersion",
"apigateway:Request/RouteAuthorizationType",
"apigateway:Request/SecurityPolicy",
"apigateway:Request/StageName",
"apigateway:Resource/AccessLoggingDestination",
"apigateway:Resource/AccessLoggingFormat",
"apigateway:Resource/ApiKeyRequired",
"apigateway:Resource/ApiName",
"apigateway:Resource/AuthorizerType",
"apigateway:Resource/AuthorizerUri",
"apigateway:Resource/DisableExecuteApiEndpoint",
"apigateway:Resource/EndpointType",
"apigateway:Resource/MtlsTrustStoreUri",
"apigateway:Resource/MtlsTrustStoreVersion",
"apigateway:Resource/RouteAuthorizationType",
"apigateway:Resource/SecurityPolicy",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon API Gateway Management V2": {
"ARNFormat": "arn:aws:apigateway:${Region}::${ApiGatewayResourcePath}",
"ARNRegex": "^arn:aws:apigateway:.+",
"Actions": [
"DELETE",
"GET",
"PATCH",
"POST",
"PUT",
"HEAD",
"OPTIONS"
],
"HasResource": true,
"StringPrefix": "apigateway",
"conditionKeys": [
"apigateway:Request/AccessLoggingDestination",
"apigateway:Request/AccessLoggingFormat",
"apigateway:Request/ApiKeyRequired",
"apigateway:Request/ApiName",
"apigateway:Request/AuthorizerType",
"apigateway:Request/AuthorizerUri",
"apigateway:Request/DisableExecuteApiEndpoint",
"apigateway:Request/EndpointType",
"apigateway:Request/MtlsTrustStoreUri",
"apigateway:Request/MtlsTrustStoreVersion",
"apigateway:Request/RouteAuthorizationType",
"apigateway:Request/SecurityPolicy",
"apigateway:Request/StageName",
"apigateway:Resource/AccessLoggingDestination",
"apigateway:Resource/AccessLoggingFormat",
"apigateway:Resource/ApiKeyRequired",
"apigateway:Resource/ApiName",
"apigateway:Resource/AuthorizerType",
"apigateway:Resource/AuthorizerUri",
"apigateway:Resource/DisableExecuteApiEndpoint",
"apigateway:Resource/EndpointType",
"apigateway:Resource/MtlsTrustStoreUri",
"apigateway:Resource/MtlsTrustStoreVersion",
"apigateway:Resource/RouteAuthorizationType",
"apigateway:Resource/SecurityPolicy",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon AppFlow": {
"ARNFormat": "arn:aws:appflow:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:appflow:.+:.+:.+",
"Actions": [
"CreateConnectorProfile",
"CreateFlow",
"DeleteConnectorProfile",
"DeleteFlow",
"DescribeConnector",
"DescribeConnectorEntity",
"DescribeConnectorFields",
"DescribeConnectorProfiles",
"DescribeConnectors",
"DescribeFlow",
"DescribeFlowExecution",
"DescribeFlowExecutionRecords",
"DescribeFlows",
"ListConnectorEntities",
"ListConnectorFields",
"ListConnectors",
"ListFlows",
"ListTagsForResource",
"RegisterConnector",
"RunFlow",
"StartFlow",
"StopFlow",
"TagResource",
"UnRegisterConnector",
"UntagResource",
"UpdateConnectorProfile",
"UpdateConnectorRegistration",
"UpdateFlow",
"UseConnectorProfile"
],
"HasResource": true,
"StringPrefix": "appflow",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon AppIntegrations": {
"ARNFormat": "arn:aws:app-integrations:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:app-integrations:.+:.+:.+",
"Actions": [
"CreateDataIntegration",
"CreateDataIntegrationAssociation",
"CreateEventIntegration",
"CreateEventIntegrationAssociation",
"DeleteDataIntegration",
"DeleteDataIntegrationAssociation",
"DeleteEventIntegration",
"DeleteEventIntegrationAssociation",
"GetDataIntegration",
"GetEventIntegration",
"ListDataIntegrationAssociations",
"ListDataIntegrations",
"ListEventIntegrationAssociations",
"ListEventIntegrations",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateDataIntegration",
"UpdateEventIntegration"
],
"HasResource": true,
"StringPrefix": "app-integrations",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon AppStream 2.0": {
"ARNFormat": "arn:aws:appstream:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:appstream:.+",
"Actions": [
"AssociateApplicationFleet",
"AssociateApplicationToEntitlement",
"AssociateFleet",
"BatchAssociateUserStack",
"BatchDisassociateUserStack",
"CopyImage",
"CreateAppBlock",
"CreateApplication",
"CreateDirectoryConfig",
"CreateEntitlement",
"CreateFleet",
"CreateImageBuilder",
"CreateImageBuilderStreamingURL",
"CreateStack",
"CreateStreamingURL",
"CreateUpdatedImage",
"CreateUsageReportSubscription",
"CreateUser",
"DeleteAppBlock",
"DeleteApplication",
"DeleteDirectoryConfig",
"DeleteEntitlement",
"DeleteFleet",
"DeleteImage",
"DeleteImageBuilder",
"DeleteImagePermissions",
"DeleteStack",
"DeleteUsageReportSubscription",
"DeleteUser",
"DescribeAppBlocks",
"DescribeApplicationFleetAssociations",
"DescribeApplications",
"DescribeDirectoryConfigs",
"DescribeEntitlements",
"DescribeFleets",
"DescribeImageBuilders",
"DescribeImagePermissions",
"DescribeImages",
"DescribeSessions",
"DescribeStacks",
"DescribeUsageReportSubscriptions",
"DescribeUserStackAssociations",
"DescribeUsers",
"DisableUser",
"DisassociateApplicationFleet",
"DisassociateApplicationFromEntitlement",
"DisassociateFleet",
"EnableUser",
"ExpireSession",
"ListAssociatedFleets",
"ListAssociatedStacks",
"ListEntitledApplications",
"ListTagsForResource",
"StartFleet",
"StartImageBuilder",
"StopFleet",
"StopImageBuilder",
"Stream",
"TagResource",
"UntagResource",
"UpdateApplication",
"UpdateDirectoryConfig",
"UpdateEntitlement",
"UpdateFleet",
"UpdateImagePermissions",
"UpdateStack"
],
"HasResource": true,
"StringPrefix": "appstream",
"conditionKeys": [
"appstream:userId",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Athena": {
"ARNFormat": "arn:aws:athena:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:athena:.+",
"Actions": [
"BatchGetNamedQuery",
"BatchGetPreparedStatement",
"BatchGetQueryExecution",
"CancelCapacityReservation",
"CreateCapacityReservation",
"CreateDataCatalog",
"CreateNamedQuery",
"CreateNotebook",
"CreatePreparedStatement",
"CreatePresignedNotebookUrl",
"CreateWorkGroup",
"DeleteDataCatalog",
"DeleteNamedQuery",
"DeleteNotebook",
"DeletePreparedStatement",
"DeleteWorkGroup",
"ExportNotebook",
"GetCalculationExecution",
"GetCalculationExecutionCode",
"GetCalculationExecutionStatus",
"GetCapacityAssignmentConfiguration",
"GetCapacityReservation",
"GetDataCatalog",
"GetDatabase",
"GetNamedQuery",
"GetNotebookMetadata",
"GetPreparedStatement",
"GetQueryExecution",
"GetQueryResults",
"GetQueryResultsStream",
"GetQueryRuntimeStatistics",
"GetSession",
"GetSessionStatus",
"GetTableMetadata",
"GetWorkGroup",
"ImportNotebook",
"ListApplicationDPUSizes",
"ListCalculationExecutions",
"ListCapacityReservations",
"ListDataCatalogs",
"ListDatabases",
"ListEngineVersions",
"ListExecutors",
"ListNamedQueries",
"ListNotebookMetadata",
"ListNotebookSessions",
"ListPreparedStatements",
"ListQueryExecutions",
"ListSessions",
"ListTableMetadata",
"ListTagsForResource",
"ListWorkGroups",
"PutCapacityAssignmentConfiguration",
"StartCalculationExecution",
"StartQueryExecution",
"StartSession",
"StopCalculationExecution",
"StopQueryExecution",
"TagResource",
"TerminateSession",
"UntagResource",
"UpdateCapacityReservation",
"UpdateDataCatalog",
"UpdateNamedQuery",
"UpdateNotebook",
"UpdateNotebookMetadata",
"UpdatePreparedStatement",
"UpdateWorkGroup"
],
"HasResource": true,
"StringPrefix": "athena",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Braket": {
"ARNFormat": "arn:aws:braket:{$Region}:{$AccountI}>:.+",
"ARNRegex": "^arn:aws:braket::.+",
"Actions": [
"CancelJob",
"CancelQuantumTask",
"CreateJob",
"CreateQuantumTask",
"GetDevice",
"GetJob",
"GetQuantumTask",
"ListTagsForResource",
"SearchDevices",
"SearchJobs",
"SearchQuantumTasks",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "braket",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Chime": {
"ARNFormat": "arn:aws:chime:${Region}:${Account}:${ResourceType}/${ResourceID}",
"ARNRegex": "^arn:aws:chime:.+",
"Actions": [
"AcceptDelegate",
"ActivateUsers",
"AddDomain",
"AddOrUpdateGroups",
"AssociateChannelFlow",
"AssociatePhoneNumberWithUser",
"AssociatePhoneNumbersWithVoiceConnector",
"AssociatePhoneNumbersWithVoiceConnectorGroup",
"AssociateSigninDelegateGroupsWithAccount",
"AuthorizeDirectory",
"BatchCreateAttendee",
"BatchCreateChannelMembership",
"BatchCreateRoomMembership",
"BatchDeletePhoneNumber",
"BatchSuspendUser",
"BatchUnsuspendUser",
"BatchUpdateAttendeeCapabilitiesExcept",
"BatchUpdatePhoneNumber",
"BatchUpdateUser",
"ChannelFlowCallback",
"Connect",
"ConnectDirectory",
"CreateAccount",
"CreateApiKey",
"CreateAppInstance",
"CreateAppInstanceAdmin",
"CreateAppInstanceBot",
"CreateAppInstanceUser",
"CreateAttendee",
"CreateBot",
"CreateCDRBucket",
"CreateChannel",
"CreateChannelBan",
"CreateChannelFlow",
"CreateChannelMembership",
"CreateChannelModerator",
"CreateMediaCapturePipeline",
"CreateMediaConcatenationPipeline",
"CreateMediaInsightsPipeline",
"CreateMediaInsightsPipelineConfiguration",
"CreateMediaLiveConnectorPipeline",
"CreateMeeting",
"CreateMeetingDialOut",
"CreateMeetingWithAttendees",
"CreatePhoneNumberOrder",
"CreateProxySession",
"CreateRoom",
"CreateRoomMembership",
"CreateSipMediaApplication",
"CreateSipMediaApplicationCall",
"CreateSipRule",
"CreateUser",
"CreateVoiceConnector",
"CreateVoiceConnectorGroup",
"CreateVoiceProfile",
"CreateVoiceProfileDomain",
"DeleteAccount",
"DeleteAccountOpenIdConfig",
"DeleteApiKey",
"DeleteAppInstance",
"DeleteAppInstanceAdmin",
"DeleteAppInstanceBot",
"DeleteAppInstanceStreamingConfigurations",
"DeleteAppInstanceUser",
"DeleteAttendee",
"DeleteCDRBucket",
"DeleteChannel",
"DeleteChannelBan",
"DeleteChannelFlow",
"DeleteChannelMembership",
"DeleteChannelMessage",
"DeleteChannelModerator",
"DeleteDelegate",
"DeleteDomain",
"DeleteEventsConfiguration",
"DeleteGroups",
"DeleteMediaCapturePipeline",
"DeleteMediaInsightsPipelineConfiguration",
"DeleteMediaPipeline",
"DeleteMeeting",
"DeleteMessagingStreamingConfigurations",
"DeletePhoneNumber",
"DeleteProxySession",
"DeleteRoom",
"DeleteRoomMembership",
"DeleteSipMediaApplication",
"DeleteSipRule",
"DeleteVoiceConnector",
"DeleteVoiceConnectorEmergencyCallingConfiguration",
"DeleteVoiceConnectorGroup",
"DeleteVoiceConnectorOrigination",
"DeleteVoiceConnectorProxy",
"DeleteVoiceConnectorStreamingConfiguration",
"DeleteVoiceConnectorTermination",
"DeleteVoiceConnectorTerminationCredentials",
"DeleteVoiceProfile",
"DeleteVoiceProfileDomain",
"DeregisterAppInstanceUserEndpoint",
"DescribeAppInstance",
"DescribeAppInstanceAdmin",
"DescribeAppInstanceBot",
"DescribeAppInstanceUser",
"DescribeAppInstanceUserEndpoint",
"DescribeChannel",
"DescribeChannelBan",
"DescribeChannelFlow",
"DescribeChannelMembership",
"DescribeChannelMembershipForAppInstanceUser",
"DescribeChannelModeratedByAppInstanceUser",
"DescribeChannelModerator",
"DisassociateChannelFlow",
"DisassociatePhoneNumberFromUser",
"DisassociatePhoneNumbersFromVoiceConnector",
"DisassociatePhoneNumbersFromVoiceConnectorGroup",
"DisassociateSigninDelegateGroupsFromAccount",
"DisconnectDirectory",
"GetAccount",
"GetAccountResource",
"GetAccountSettings",
"GetAccountWithOpenIdConfig",
"GetAppInstanceRetentionSettings",
"GetAppInstanceStreamingConfigurations",
"GetAttendee",
"GetBot",
"GetCDRBucket",
"GetChannelMembershipPreferences",
"GetChannelMessage",
"GetChannelMessageStatus",
"GetDomain",
"GetEventsConfiguration",
"GetGlobalSettings",
"GetMediaCapturePipeline",
"GetMediaInsightsPipelineConfiguration",
"GetMediaPipeline",
"GetMeeting",
"GetMeetingDetail",
"GetMessagingSessionEndpoint",
"GetMessagingStreamingConfigurations",
"GetPhoneNumber",
"GetPhoneNumberOrder",
"GetPhoneNumberSettings",
"GetProxySession",
"GetRetentionSettings",
"GetRoom",
"GetSipMediaApplication",
"GetSipMediaApplicationAlexaSkillConfiguration",
"GetSipMediaApplicationLoggingConfiguration",
"GetSipRule",
"GetSpeakerSearchTask",
"GetTelephonyLimits",
"GetUser",
"GetUserActivityReportData",
"GetUserByEmail",
"GetUserSettings",
"GetVoiceConnector",
"GetVoiceConnectorEmergencyCallingConfiguration",
"GetVoiceConnectorGroup",
"GetVoiceConnectorLoggingConfiguration",
"GetVoiceConnectorOrigination",
"GetVoiceConnectorProxy",
"GetVoiceConnectorStreamingConfiguration",
"GetVoiceConnectorTermination",
"GetVoiceConnectorTerminationHealth",
"GetVoiceProfile",
"GetVoiceProfileDomain",
"GetVoiceToneAnalysisTask",
"InviteDelegate",
"InviteUsers",
"InviteUsersFromProvider",
"ListAccountUsageReportData",
"ListAccounts",
"ListApiKeys",
"ListAppInstanceAdmins",
"ListAppInstanceBots",
"ListAppInstanceUserEndpoints",
"ListAppInstanceUsers",
"ListAppInstances",
"ListAttendeeTags",
"ListAttendees",
"ListAvailableVoiceConnectorRegions",
"ListBots",
"ListCDRBucket",
"ListCallingRegions",
"ListChannelBans",
"ListChannelFlows",
"ListChannelMemberships",
"ListChannelMembershipsForAppInstanceUser",
"ListChannelMessages",
"ListChannelModerators",
"ListChannels",
"ListChannelsAssociatedWithChannelFlow",
"ListChannelsModeratedByAppInstanceUser",
"ListDelegates",
"ListDirectories",
"ListDomains",
"ListGroups",
"ListMediaCapturePipelines",
"ListMediaInsightsPipelineConfigurations",
"ListMediaPipelines",
"ListMeetingEvents",
"ListMeetingTags",
"ListMeetings",
"ListMeetingsReportData",
"ListPhoneNumberOrders",
"ListPhoneNumbers",
"ListProxySessions",
"ListRoomMemberships",
"ListRooms",
"ListSipMediaApplications",
"ListSipRules",
"ListSubChannels",
"ListSupportedPhoneNumberCountries",
"ListTagsForResource",
"ListUsers",
"ListVoiceConnectorGroups",
"ListVoiceConnectorTerminationCredentials",
"ListVoiceConnectors",
"ListVoiceProfileDomains",
"ListVoiceProfiles",
"LogoutUser",
"PutAppInstanceRetentionSettings",
"PutAppInstanceStreamingConfigurations",
"PutAppInstanceUserExpirationSettings",
"PutChannelExpirationSettings",
"PutChannelMembershipPreferences",
"PutEventsConfiguration",
"PutMessagingStreamingConfigurations",
"PutRetentionSettings",
"PutSipMediaApplicationAlexaSkillConfiguration",
"PutSipMediaApplicationLoggingConfiguration",
"PutVoiceConnectorEmergencyCallingConfiguration",
"PutVoiceConnectorLoggingConfiguration",
"PutVoiceConnectorOrigination",
"PutVoiceConnectorProxy",
"PutVoiceConnectorStreamingConfiguration",
"PutVoiceConnectorTermination",
"PutVoiceConnectorTerminationCredentials",
"RedactChannelMessage",
"RedactConversationMessage",
"RedactRoomMessage",
"RegenerateSecurityToken",
"RegisterAppInstanceUserEndpoint",
"RenameAccount",
"RenewDelegate",
"ResetAccountResource",
"ResetPersonalPIN",
"RestorePhoneNumber",
"RetrieveDataExports",
"SearchAvailablePhoneNumbers",
"SearchChannels",
"SendChannelMessage",
"StartDataExport",
"StartMeetingTranscription",
"StartSpeakerSearchTask",
"StartVoiceToneAnalysisTask",
"StopMeetingTranscription",
"StopSpeakerSearchTask",
"StopVoiceToneAnalysisTask",
"SubmitSupportRequest",
"SuspendUsers",
"TagAttendee",
"TagMeeting",
"TagResource",
"UnauthorizeDirectory",
"UntagAttendee",
"UntagMeeting",
"UntagResource",
"UpdateAccount",
"UpdateAccountOpenIdConfig",
"UpdateAccountResource",
"UpdateAccountSettings",
"UpdateAppInstance",
"UpdateAppInstanceBot",
"UpdateAppInstanceUser",
"UpdateAppInstanceUserEndpoint",
"UpdateAttendeeCapabilities",
"UpdateBot",
"UpdateCDRSettings",
"UpdateChannel",
"UpdateChannelFlow",
"UpdateChannelMessage",
"UpdateChannelReadMarker",
"UpdateGlobalSettings",
"UpdateMediaInsightsPipelineConfiguration",
"UpdateMediaInsightsPipelineStatus",
"UpdatePhoneNumber",
"UpdatePhoneNumberSettings",
"UpdateProxySession",
"UpdateRoom",
"UpdateRoomMembership",
"UpdateSipMediaApplication",
"UpdateSipMediaApplicationCall",
"UpdateSipRule",
"UpdateSupportedLicenses",
"UpdateUser",
"UpdateUserLicenses",
"UpdateUserSettings",
"UpdateVoiceConnector",
"UpdateVoiceConnectorGroup",
"UpdateVoiceProfile",
"UpdateVoiceProfileDomain",
"ValidateAccountResource",
"ValidateE911Address"
],
"HasResource": true,
"StringPrefix": "chime",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Cloud Directory": {
"ARNFormat": "arn:aws:clouddirectory::${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:clouddirectory:.+:[0-9]+:(directory|schema)/.+",
"Actions": [
"AddFacetToObject",
"ApplySchema",
"AttachObject",
"AttachPolicy",
"AttachToIndex",
"AttachTypedLink",
"BatchRead",
"BatchWrite",
"CreateDirectory",
"CreateFacet",
"CreateIndex",
"CreateObject",
"CreateSchema",
"CreateTypedLinkFacet",
"DeleteDirectory",
"DeleteFacet",
"DeleteObject",
"DeleteSchema",
"DeleteTypedLinkFacet",
"DetachFromIndex",
"DetachObject",
"DetachPolicy",
"DetachTypedLink",
"DisableDirectory",
"EnableDirectory",
"GetAppliedSchemaVersion",
"GetDirectory",
"GetFacet",
"GetLinkAttributes",
"GetObjectAttributes",
"GetObjectInformation",
"GetSchemaAsJson",
"GetTypedLinkFacetInformation",
"ListAppliedSchemaArns",
"ListAttachedIndices",
"ListDevelopmentSchemaArns",
"ListDirectories",
"ListFacetAttributes",
"ListFacetNames",
"ListIncomingTypedLinks",
"ListIndex",
"ListManagedSchemaArns",
"ListObjectAttributes",
"ListObjectChildren",
"ListObjectParentPaths",
"ListObjectParents",
"ListObjectPolicies",
"ListOutgoingTypedLinks",
"ListPolicyAttachments",
"ListPublishedSchemaArns",
"ListTagsForResource",
"ListTypedLinkFacetAttributes",
"ListTypedLinkFacetNames",
"LookupPolicy",
"PublishSchema",
"PutSchemaFromJson",
"RemoveFacetFromObject",
"TagResource",
"UntagResource",
"UpdateFacet",
"UpdateLinkAttributes",
"UpdateObjectAttributes",
"UpdateSchema",
"UpdateTypedLinkFacet",
"UpgradeAppliedSchema",
"UpgradePublishedSchema"
],
"HasResource": true,
"StringPrefix": "clouddirectory"
},
"Amazon CloudFront": {
"ARNFormat": "arn:aws:cloudfront:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:cloudfront:.+:[0-9]+:.+",
"Actions": [
"AssociateAlias",
"CopyDistribution",
"CreateCachePolicy",
"CreateCloudFrontOriginAccessIdentity",
"CreateContinuousDeploymentPolicy",
"CreateDistribution",
"CreateFieldLevelEncryptionConfig",
"CreateFieldLevelEncryptionProfile",
"CreateFunction",
"CreateInvalidation",
"CreateKeyGroup",
"CreateMonitoringSubscription",
"CreateOriginAccessControl",
"CreateOriginRequestPolicy",
"CreatePublicKey",
"CreateRealtimeLogConfig",
"CreateResponseHeadersPolicy",
"CreateSavingsPlan",
"CreateStreamingDistribution",
"CreateStreamingDistributionWithTags",
"DeleteCachePolicy",
"DeleteCloudFrontOriginAccessIdentity",
"DeleteContinuousDeploymentPolicy",
"DeleteDistribution",
"DeleteFieldLevelEncryptionConfig",
"DeleteFieldLevelEncryptionProfile",
"DeleteFunction",
"DeleteKeyGroup",
"DeleteMonitoringSubscription",
"DeleteOriginAccessControl",
"DeleteOriginRequestPolicy",
"DeletePublicKey",
"DeleteRealtimeLogConfig",
"DeleteResponseHeadersPolicy",
"DeleteStreamingDistribution",
"DescribeFunction",
"GetCachePolicy",
"GetCachePolicyConfig",
"GetCloudFrontOriginAccessIdentity",
"GetCloudFrontOriginAccessIdentityConfig",
"GetContinuousDeploymentPolicy",
"GetContinuousDeploymentPolicyConfig",
"GetDistribution",
"GetDistributionConfig",
"GetFieldLevelEncryption",
"GetFieldLevelEncryptionConfig",
"GetFieldLevelEncryptionProfile",
"GetFieldLevelEncryptionProfileConfig",
"GetFunction",
"GetInvalidation",
"GetKeyGroup",
"GetKeyGroupConfig",
"GetMonitoringSubscription",
"GetOriginAccessControl",
"GetOriginAccessControlConfig",
"GetOriginRequestPolicy",
"GetOriginRequestPolicyConfig",
"GetPublicKey",
"GetPublicKeyConfig",
"GetRealtimeLogConfig",
"GetResponseHeadersPolicy",
"GetResponseHeadersPolicyConfig",
"GetSavingsPlan",
"GetStreamingDistribution",
"GetStreamingDistributionConfig",
"ListCachePolicies",
"ListCloudFrontOriginAccessIdentities",
"ListConflictingAliases",
"ListContinuousDeploymentPolicies",
"ListDistributions",
"ListDistributionsByCachePolicyId",
"ListDistributionsByKeyGroup",
"ListDistributionsByLambdaFunction",
"ListDistributionsByOriginRequestPolicyId",
"ListDistributionsByRealtimeLogConfig",
"ListDistributionsByResponseHeadersPolicyId",
"ListDistributionsByWebACLId",
"ListFieldLevelEncryptionConfigs",
"ListFieldLevelEncryptionProfiles",
"ListFunctions",
"ListInvalidations",
"ListKeyGroups",
"ListOriginAccessControls",
"ListOriginRequestPolicies",
"ListPublicKeys",
"ListRateCards",
"ListRealtimeLogConfigs",
"ListResponseHeadersPolicies",
"ListSavingsPlans",
"ListStreamingDistributions",
"ListTagsForResource",
"ListUsages",
"PublishFunction",
"TagResource",
"TestFunction",
"UntagResource",
"UpdateCachePolicy",
"UpdateCloudFrontOriginAccessIdentity",
"UpdateContinuousDeploymentPolicy",
"UpdateDistribution",
"UpdateDistributionWithStagingConfig",
"UpdateFieldLevelEncryptionConfig",
"UpdateFieldLevelEncryptionProfile",
"UpdateFunction",
"UpdateKeyGroup",
"UpdateOriginAccessControl",
"UpdateOriginRequestPolicy",
"UpdatePublicKey",
"UpdateRealtimeLogConfig",
"UpdateResponseHeadersPolicy",
"UpdateSavingsPlan",
"UpdateStreamingDistribution"
],
"HasResource": true,
"StringPrefix": "cloudfront",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon CloudSearch": {
"ARNFormat": "arn:aws:cloudsearch:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:cloudsearch:.+:.+:.+",
"Actions": [
"AddTags",
"BuildSuggesters",
"CreateDomain",
"DefineAnalysisScheme",
"DefineExpression",
"DefineIndexField",
"DefineSuggester",
"DeleteAnalysisScheme",
"DeleteDomain",
"DeleteExpression",
"DeleteIndexField",
"DeleteSuggester",
"DescribeAnalysisSchemes",
"DescribeAvailabilityOptions",
"DescribeDomainEndpointOptions",
"DescribeDomains",
"DescribeExpressions",
"DescribeIndexFields",
"DescribeScalingParameters",
"DescribeServiceAccessPolicies",
"DescribeSuggesters",
"IndexDocuments",
"ListDomainNames",
"ListTags",
"RemoveTags",
"UpdateAvailabilityOptions",
"UpdateDomainEndpointOptions",
"UpdateScalingParameters",
"UpdateServiceAccessPolicies",
"document",
"search",
"suggest"
],
"HasResource": true,
"StringPrefix": "cloudsearch"
},
"Amazon CloudWatch": {
"ARNFormat": "arn:aws:cloudwatch:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:cloudwatch:.+",
"Actions": [
"DeleteAlarms",
"DeleteAnomalyDetector",
"DeleteDashboards",
"DeleteInsightRules",
"DeleteMetricStream",
"DescribeAlarmHistory",
"DescribeAlarms",
"DescribeAlarmsForMetric",
"DescribeAnomalyDetectors",
"DescribeInsightRules",
"DisableAlarmActions",
"DisableInsightRules",
"EnableAlarmActions",
"EnableInsightRules",
"GetDashboard",
"GetInsightRuleReport",
"GetMetricData",
"GetMetricStatistics",
"GetMetricStream",
"GetMetricWidgetImage",
"Link",
"ListDashboards",
"ListManagedInsightRules",
"ListMetricStreams",
"ListMetrics",
"ListTagsForResource",
"PutAnomalyDetector",
"PutCompositeAlarm",
"PutDashboard",
"PutInsightRule",
"PutManagedInsightRules",
"PutMetricAlarm",
"PutMetricData",
"PutMetricStream",
"SetAlarmState",
"StartMetricStreams",
"StopMetricStreams",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "cloudwatch",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"cloudwatch:AlarmActions",
"cloudwatch:namespace",
"cloudwatch:requestInsightRuleLogGroups",
"cloudwatch:requestManagedResourceARNs"
]
},
"Amazon CloudWatch Application Insights": {
"Actions": [
"CreateApplication",
"CreateComponent",
"CreateLogPattern",
"DeleteApplication",
"DeleteComponent",
"DeleteLogPattern",
"DescribeApplication",
"DescribeComponent",
"DescribeComponentConfiguration",
"DescribeComponentConfigurationRecommendation",
"DescribeLogPattern",
"DescribeObservation",
"DescribeProblem",
"DescribeProblemObservations",
"Link",
"ListApplications",
"ListComponents",
"ListConfigurationHistory",
"ListLogPatternSets",
"ListLogPatterns",
"ListProblems",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateApplication",
"UpdateComponent",
"UpdateComponentConfiguration",
"UpdateLogPattern"
],
"HasResource": false,
"StringPrefix": "applicationinsights",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon CloudWatch Evidently": {
"ARNFormat": "arn:aws:evidently:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:evidently:.+:.+:.+",
"Actions": [
"BatchEvaluateFeature",
"CreateExperiment",
"CreateFeature",
"CreateLaunch",
"CreateProject",
"CreateSegment",
"DeleteExperiment",
"DeleteFeature",
"DeleteLaunch",
"DeleteProject",
"DeleteSegment",
"EvaluateFeature",
"GetExperiment",
"GetExperimentResults",
"GetFeature",
"GetLaunch",
"GetProject",
"GetSegment",
"ListExperiments",
"ListFeatures",
"ListLaunches",
"ListProjects",
"ListSegmentReferences",
"ListSegments",
"ListTagsForResource",
"PutProjectEvents",
"StartExperiment",
"StartLaunch",
"StopExperiment",
"StopLaunch",
"TagResource",
"TestSegmentPattern",
"UntagResource",
"UpdateExperiment",
"UpdateFeature",
"UpdateLaunch",
"UpdateProject",
"UpdateProjectDataDelivery"
],
"HasResource": true,
"StringPrefix": "evidently",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon CloudWatch Internet Monitor": {
"ARNFormat": "arn:aws:internetmonitor:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:internetmonitor:.+:.+:.+",
"Actions": [
"CreateMonitor",
"DeleteMonitor",
"GetHealthEvent",
"GetMonitor",
"ListHealthEvents",
"ListMonitors",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateMonitor"
],
"HasResource": true,
"StringPrefix": "internetmonitor",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon CloudWatch Logs": {
"ARNFormat": "arn:aws:logs:${Region}:${Account}:.+",
"ARNRegex": "^arn:aws:logs:.+",
"Actions": [
"AssociateKmsKey",
"CancelExportTask",
"CreateExportTask",
"CreateLogDelivery",
"CreateLogGroup",
"CreateLogStream",
"DeleteDataProtectionPolicy",
"DeleteDestination",
"DeleteLogDelivery",
"DeleteLogGroup",
"DeleteLogStream",
"DeleteMetricFilter",
"DeleteQueryDefinition",
"DeleteResourcePolicy",
"DeleteRetentionPolicy",
"DeleteSubscriptionFilter",
"DescribeDestinations",
"DescribeExportTasks",
"DescribeLogGroups",
"DescribeLogStreams",
"DescribeMetricFilters",
"DescribeQueries",
"DescribeQueryDefinitions",
"DescribeResourcePolicies",
"DescribeSubscriptionFilters",
"DisassociateKmsKey",
"FilterLogEvents",
"GetDataProtectionPolicy",
"GetLogDelivery",
"GetLogEvents",
"GetLogGroupFields",
"GetLogRecord",
"GetQueryResults",
"Link",
"ListLogDeliveries",
"ListTagsForResource",
"ListTagsLogGroup",
"PutDataProtectionPolicy",
"PutDestination",
"PutDestinationPolicy",
"PutLogEvents",
"PutMetricFilter",
"PutQueryDefinition",
"PutResourcePolicy",
"PutRetentionPolicy",
"PutSubscriptionFilter",
"StartQuery",
"StopQuery",
"TagLogGroup",
"TagResource",
"TestMetricFilter",
"Unmask",
"UntagLogGroup",
"UntagResource",
"UpdateLogDelivery"
],
"HasResource": true,
"StringPrefix": "logs",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon CloudWatch Observability Access Manager": {
"ARNFormat": "arn:aws:oam:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:oam:.+:.+:.+",
"Actions": [
"CreateLink",
"CreateSink",
"DeleteLink",
"DeleteSink",
"GetLink",
"GetSink",
"GetSinkPolicy",
"ListAttachedLinks",
"ListLinks",
"ListSinks",
"ListTagsForResource",
"PutSinkPolicy",
"TagResource",
"UntagResource",
"UpdateLink"
],
"HasResource": true,
"StringPrefix": "oam",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"oam:ResourceTypes"
]
},
"Amazon CloudWatch Synthetics": {
"ARNFormat": "arn:aws:synthetics:${Region}:${Account}:${ResourceType}:${ResourceName}",
"ARNRegex": "^arn:aws:synthetics:.+",
"Actions": [
"AssociateResource",
"CreateCanary",
"CreateGroup",
"DeleteCanary",
"DeleteGroup",
"DescribeCanaries",
"DescribeCanariesLastRun",
"DescribeRuntimeVersions",
"DisassociateResource",
"GetCanary",
"GetCanaryRuns",
"GetGroup",
"ListAssociatedGroups",
"ListGroupResources",
"ListGroups",
"ListTagsForResource",
"StartCanary",
"StopCanary",
"TagResource",
"UntagResource",
"UpdateCanary"
],
"HasResource": true,
"StringPrefix": "synthetics",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"synthetics:Names"
]
},
"Amazon CodeCatalyst": {
"ARNFormat": "arn:aws:codecatalyst:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:codecatalyst:.+",
"Actions": [
"AcceptConnection",
"AssociateIamRoleToConnection",
"DeleteConnection",
"DisassociateIamRoleFromConnection",
"GetBillingAuthorization",
"GetConnection",
"GetPendingConnection",
"ListConnections",
"ListIamRolesForConnection",
"ListTagsForResource",
"PutBillingAuthorization",
"RejectConnection",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "codecatalyst",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon CodeGuru": {
"ARNFormat": "arn:${Partition}:codeguru:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:${Partition}:codeguru:.+:.+:.+",
"Actions": [
"GetCodeGuruFreeTrialSummary"
],
"HasResource": false,
"StringPrefix": "codeguru"
},
"Amazon CodeGuru Profiler": {
"ARNFormat": "arn:aws:codeguru-profiler:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:codeguru-profiler:.+:.+:.+",
"Actions": [
"AddNotificationChannels",
"BatchGetFrameMetricData",
"ConfigureAgent",
"CreateProfilingGroup",
"DeleteProfilingGroup",
"DescribeProfilingGroup",
"GetFindingsReportAccountSummary",
"GetNotificationConfiguration",
"GetPolicy",
"GetProfile",
"GetRecommendations",
"ListFindingsReports",
"ListProfileTimes",
"ListProfilingGroups",
"ListTagsForResource",
"PostAgentProfile",
"PutPermission",
"RemoveNotificationChannel",
"RemovePermission",
"SubmitFeedback",
"TagResource",
"UntagResource",
"UpdateProfilingGroup"
],
"HasResource": true,
"StringPrefix": "codeguru-profiler",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon CodeGuru Reviewer": {
"ARNFormat": "arn:aws:codeguru-reviewer:${Region}:${Account}:${ResourceType}:${ResourceName}",
"ARNRegex": "^arn:aws:codeguru-reviewer:.+:.+:.+",
"Actions": [
"AssociateRepository",
"CreateCodeReview",
"CreateConnectionToken",
"DescribeCodeReview",
"DescribeRecommendationFeedback",
"DescribeRepositoryAssociation",
"DisassociateRepository",
"GetMetricsData",
"ListCodeReviews",
"ListRecommendationFeedback",
"ListRecommendations",
"ListRepositoryAssociations",
"ListTagsForResource",
"ListThirdPartyRepositories",
"PutRecommendationFeedback",
"TagResource",
"UnTagResource"
],
"HasResource": true,
"StringPrefix": "codeguru-reviewer",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon CodeGuru Security": {
"ARNFormat": "arn:${Partition}:codeguru-security:${Region}:${Account}:*",
"ARNRegex": "^arn:${Partition}:codeguru-security:.+:.+:.+",
"Actions": [
"BatchGetFindings",
"CreateScan",
"CreateUploadUrl",
"DeleteScansByCategory",
"GetScan",
"ListFindings",
"ListScans",
"UpdateAccountConfiguration"
],
"HasResource": false,
"StringPrefix": "codeguru-security"
},
"Amazon CodeWhisperer": {
"ARNFormat": "arn:aws:codewhisperer:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:codewhisperer:.+:[0-9]+:.+",
"Actions": [
"CreateProfile",
"DeleteProfile",
"GenerateRecommendations",
"ListProfiles",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateProfile"
],
"HasResource": true,
"StringPrefix": "codewhisperer",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Cognito Identity": {
"ARNFormat": "arn:aws:cognito-identity:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:cognito-identity:.+",
"Actions": [
"CreateIdentityPool",
"DeleteIdentities",
"DeleteIdentityPool",
"DescribeIdentity",
"DescribeIdentityPool",
"GetCredentialsForIdentity",
"GetId",
"GetIdentityPoolRoles",
"GetOpenIdToken",
"GetOpenIdTokenForDeveloperIdentity",
"GetPrincipalTagAttributeMap",
"ListIdentities",
"ListIdentityPools",
"ListTagsForResource",
"LookupDeveloperIdentity",
"MergeDeveloperIdentities",
"SetIdentityPoolRoles",
"SetPrincipalTagAttributeMap",
"TagResource",
"UnlinkDeveloperIdentity",
"UnlinkIdentity",
"UntagResource",
"UpdateIdentityPool"
],
"HasResource": true,
"StringPrefix": "cognito-identity",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Cognito Sync": {
"ARNFormat": "arn:aws:cognito-sync:${Region}:${Account}:${ResourceType}/${ResourcePath}:",
"ARNRegex": "^arn:aws:cognito-sync:.+",
"Actions": [
"BulkPublish",
"DeleteDataset",
"DescribeDataset",
"DescribeIdentityPoolUsage",
"DescribeIdentityUsage",
"GetBulkPublishDetails",
"GetCognitoEvents",
"GetIdentityPoolConfiguration",
"ListDatasets",
"ListIdentityPoolUsage",
"ListRecords",
"QueryRecords",
"RegisterDevice",
"SetCognitoEvents",
"SetDatasetConfiguration",
"SetIdentityPoolConfiguration",
"SubscribeToDataset",
"UnsubscribeFromDataset",
"UpdateRecords"
],
"HasResource": true,
"StringPrefix": "cognito-sync"
},
"Amazon Cognito User Pools": {
"ARNFormat": "arn:aws:cognito-idp:${Region}:${Account}:${ResourceType}/${ResourcePath}:",
"ARNRegex": "^arn:aws:cognito-idp:.+",
"Actions": [
"AddCustomAttributes",
"AdminAddUserToGroup",
"AdminConfirmSignUp",
"AdminCreateUser",
"AdminDeleteUser",
"AdminDeleteUserAttributes",
"AdminDisableProviderForUser",
"AdminDisableUser",
"AdminEnableUser",
"AdminForgetDevice",
"AdminGetDevice",
"AdminGetUser",
"AdminInitiateAuth",
"AdminLinkProviderForUser",
"AdminListDevices",
"AdminListGroupsForUser",
"AdminListUserAuthEvents",
"AdminRemoveUserFromGroup",
"AdminResetUserPassword",
"AdminRespondToAuthChallenge",
"AdminSetUserMFAPreference",
"AdminSetUserPassword",
"AdminSetUserSettings",
"AdminUpdateAuthEventFeedback",
"AdminUpdateDeviceStatus",
"AdminUpdateUserAttributes",
"AdminUserGlobalSignOut",
"AssociateSoftwareToken",
"AssociateWebACL",
"ChangePassword",
"ConfirmDevice",
"ConfirmForgotPassword",
"ConfirmSignUp",
"CreateGroup",
"CreateIdentityProvider",
"CreateResourceServer",
"CreateUserImportJob",
"CreateUserPool",
"CreateUserPoolClient",
"CreateUserPoolDomain",
"DeleteGroup",
"DeleteIdentityProvider",
"DeleteResourceServer",
"DeleteUser",
"DeleteUserAttributes",
"DeleteUserPool",
"DeleteUserPoolClient",
"DeleteUserPoolDomain",
"DescribeIdentityProvider",
"DescribeResourceServer",
"DescribeRiskConfiguration",
"DescribeUserImportJob",
"DescribeUserPool",
"DescribeUserPoolClient",
"DescribeUserPoolDomain",
"DisassociateWebACL",
"ForgetDevice",
"ForgotPassword",
"GetCSVHeader",
"GetDevice",
"GetGroup",
"GetIdentityProviderByIdentifier",
"GetSigningCertificate",
"GetUICustomization",
"GetUser",
"GetUserAttributeVerificationCode",
"GetUserPoolMfaConfig",
"GetWebACLForResource",
"GlobalSignOut",
"InitiateAuth",
"ListDevices",
"ListGroups",
"ListIdentityProviders",
"ListResourceServers",
"ListResourcesForWebACL",
"ListTagsForResource",
"ListUserImportJobs",
"ListUserPoolClients",
"ListUserPools",
"ListUsers",
"ListUsersInGroup",
"ResendConfirmationCode",
"RespondToAuthChallenge",
"RevokeToken",
"SetRiskConfiguration",
"SetUICustomization",
"SetUserMFAPreference",
"SetUserPoolMfaConfig",
"SetUserSettings",
"SignUp",
"StartUserImportJob",
"StopUserImportJob",
"TagResource",
"UntagResource",
"UpdateAuthEventFeedback",
"UpdateDeviceStatus",
"UpdateGroup",
"UpdateIdentityProvider",
"UpdateResourceServer",
"UpdateUserAttributes",
"UpdateUserPool",
"UpdateUserPoolClient",
"UpdateUserPoolDomain",
"VerifySoftwareToken",
"VerifyUserAttribute"
],
"HasResource": true,
"StringPrefix": "cognito-idp",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Comprehend": {
"ARNFormat": "arn:aws:comprehend:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:comprehend:.+:.+:.+",
"Actions": [
"BatchDetectDominantLanguage",
"BatchDetectEntities",
"BatchDetectKeyPhrases",
"BatchDetectSentiment",
"BatchDetectSyntax",
"BatchDetectTargetedSentiment",
"ClassifyDocument",
"ContainsPiiEntities",
"CreateDataset",
"CreateDocumentClassifier",
"CreateEndpoint",
"CreateEntityRecognizer",
"CreateFlywheel",
"DeleteDocumentClassifier",
"DeleteEndpoint",
"DeleteEntityRecognizer",
"DeleteFlywheel",
"DeleteResourcePolicy",
"DescribeDataset",
"DescribeDocumentClassificationJob",
"DescribeDocumentClassifier",
"DescribeDominantLanguageDetectionJob",
"DescribeEndpoint",
"DescribeEntitiesDetectionJob",
"DescribeEntityRecognizer",
"DescribeEventsDetectionJob",
"DescribeFlywheel",
"DescribeFlywheelIteration",
"DescribeKeyPhrasesDetectionJob",
"DescribePiiEntitiesDetectionJob",
"DescribeResourcePolicy",
"DescribeSentimentDetectionJob",
"DescribeTargetedSentimentDetectionJob",
"DescribeTopicsDetectionJob",
"DetectDominantLanguage",
"DetectEntities",
"DetectKeyPhrases",
"DetectPiiEntities",
"DetectSentiment",
"DetectSyntax",
"DetectTargetedSentiment",
"ImportModel",
"ListDatasets",
"ListDocumentClassificationJobs",
"ListDocumentClassifierSummaries",
"ListDocumentClassifiers",
"ListDominantLanguageDetectionJobs",
"ListEndpoints",
"ListEntitiesDetectionJobs",
"ListEntityRecognizerSummaries",
"ListEntityRecognizers",
"ListEventsDetectionJobs",
"ListFlywheelIterationHistory",
"ListFlywheels",
"ListKeyPhrasesDetectionJobs",
"ListPiiEntitiesDetectionJobs",
"ListSentimentDetectionJobs",
"ListTagsForResource",
"ListTargetedSentimentDetectionJobs",
"ListTopicsDetectionJobs",
"PutResourcePolicy",
"StartDocumentClassificationJob",
"StartDominantLanguageDetectionJob",
"StartEntitiesDetectionJob",
"StartEventsDetectionJob",
"StartFlywheelIteration",
"StartKeyPhrasesDetectionJob",
"StartPiiEntitiesDetectionJob",
"StartSentimentDetectionJob",
"StartTargetedSentimentDetectionJob",
"StartTopicsDetectionJob",
"StopDominantLanguageDetectionJob",
"StopEntitiesDetectionJob",
"StopEventsDetectionJob",
"StopKeyPhrasesDetectionJob",
"StopPiiEntitiesDetectionJob",
"StopSentimentDetectionJob",
"StopTargetedSentimentDetectionJob",
"StopTrainingDocumentClassifier",
"StopTrainingEntityRecognizer",
"TagResource",
"UntagResource",
"UpdateEndpoint",
"UpdateFlywheel"
],
"HasResource": true,
"StringPrefix": "comprehend",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"comprehend:DataLakeKmsKey",
"comprehend:FlywheelIterationId",
"comprehend:ModelKmsKey",
"comprehend:OutputKmsKey",
"comprehend:VolumeKmsKey",
"comprehend:VpcSecurityGroupIds",
"comprehend:VpcSubnets"
]
},
"Amazon Comprehend Medical": {
"ARNFormat": "arn:${Partition}:comprehendmedical:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:${Partition}:comprehendmedical:.+:.+:.+",
"Actions": [
"DescribeEntitiesDetectionV2Job",
"DescribeICD10CMInferenceJob",
"DescribePHIDetectionJob",
"DescribeRxNormInferenceJob",
"DescribeSNOMEDCTInferenceJob",
"DetectEntitiesV2",
"DetectPHI",
"InferICD10CM",
"InferRxNorm",
"InferSNOMEDCT",
"ListEntitiesDetectionV2Jobs",
"ListICD10CMInferenceJobs",
"ListPHIDetectionJobs",
"ListRxNormInferenceJobs",
"ListSNOMEDCTInferenceJobs",
"StartEntitiesDetectionV2Job",
"StartICD10CMInferenceJob",
"StartPHIDetectionJob",
"StartRxNormInferenceJob",
"StartSNOMEDCTInferenceJob",
"StopEntitiesDetectionV2Job",
"StopICD10CMInferenceJob",
"StopPHIDetectionJob",
"StopRxNormInferenceJob",
"StopSNOMEDCTInferenceJob"
],
"HasResource": false,
"StringPrefix": "comprehendmedical",
"conditionKeys": [
"aws:TagKeys"
]
},
"Amazon Connect": {
"ARNFormat": "arn:aws:connect:${Region}:${Account}:instance/${InstanceId}",
"ARNRegex": "^arn:aws:connect:.+:.+:instance/.+",
"Actions": [
"ActivateEvaluationForm",
"AssociateApprovedOrigin",
"AssociateBot",
"AssociateCustomerProfilesDomain",
"AssociateDefaultVocabulary",
"AssociateInstanceStorageConfig",
"AssociateLambdaFunction",
"AssociateLexBot",
"AssociatePhoneNumberContactFlow",
"AssociateQueueQuickConnects",
"AssociateRoutingProfileQueues",
"AssociateSecurityKey",
"BatchAssociateAnalyticsDataSet",
"BatchDisassociateAnalyticsDataSet",
"ClaimPhoneNumber",
"CreateAgentStatus",
"CreateContactFlow",
"CreateContactFlowModule",
"CreateEvaluationForm",
"CreateHoursOfOperation",
"CreateInstance",
"CreateIntegrationAssociation",
"CreateParticipant",
"CreateQueue",
"CreateQuickConnect",
"CreateRoutingProfile",
"CreateRule",
"CreateSecurityProfile",
"CreateTaskTemplate",
"CreateTrafficDistributionGroup",
"CreateUseCase",
"CreateUser",
"CreateUserHierarchyGroup",
"CreateVocabulary",
"DeactivateEvaluationForm",
"DeleteContactEvaluation",
"DeleteContactFlow",
"DeleteContactFlowModule",
"DeleteEvaluationForm",
"DeleteHoursOfOperation",
"DeleteInstance",
"DeleteIntegrationAssociation",
"DeleteQuickConnect",
"DeleteRule",
"DeleteSecurityProfile",
"DeleteTaskTemplate",
"DeleteTrafficDistributionGroup",
"DeleteUseCase",
"DeleteUser",
"DeleteUserHierarchyGroup",
"DeleteVocabulary",
"DescribeAgentStatus",
"DescribeContact",
"DescribeContactEvaluation",
"DescribeContactFlow",
"DescribeContactFlowModule",
"DescribeEvaluationForm",
"DescribeForecastingPlanningSchedulingIntegration",
"DescribeHoursOfOperation",
"DescribeInstance",
"DescribeInstanceAttribute",
"DescribeInstanceStorageConfig",
"DescribePhoneNumber",
"DescribeQueue",
"DescribeQuickConnect",
"DescribeRoutingProfile",
"DescribeRule",
"DescribeSecurityProfile",
"DescribeTrafficDistributionGroup",
"DescribeUser",
"DescribeUserHierarchyGroup",
"DescribeUserHierarchyStructure",
"DescribeVocabulary",
"DisassociateApprovedOrigin",
"DisassociateBot",
"DisassociateCustomerProfilesDomain",
"DisassociateInstanceStorageConfig",
"DisassociateLambdaFunction",
"DisassociateLexBot",
"DisassociatePhoneNumberContactFlow",
"DisassociateQueueQuickConnects",
"DisassociateRoutingProfileQueues",
"DisassociateSecurityKey",
"DismissUserContact",
"GetContactAttributes",
"GetCurrentMetricData",
"GetCurrentUserData",
"GetFederationToken",
"GetFederationTokens",
"GetMetricData",
"GetMetricDataV2",
"GetTaskTemplate",
"GetTrafficDistribution",
"ListAgentStatuses",
"ListApprovedOrigins",
"ListBots",
"ListContactEvaluations",
"ListContactFlowModules",
"ListContactFlows",
"ListContactReferences",
"ListDefaultVocabularies",
"ListEvaluationFormVersions",
"ListEvaluationForms",
"ListHoursOfOperations",
"ListInstanceAttributes",
"ListInstanceStorageConfigs",
"ListInstances",
"ListIntegrationAssociations",
"ListLambdaFunctions",
"ListLexBots",
"ListPhoneNumbers",
"ListPhoneNumbersV2",
"ListPrompts",
"ListQueueQuickConnects",
"ListQueues",
"ListQuickConnects",
"ListRealtimeContactAnalysisSegments",
"ListRoutingProfileQueues",
"ListRoutingProfiles",
"ListRules",
"ListSecurityKeys",
"ListSecurityProfilePermissions",
"ListSecurityProfiles",
"ListTagsForResource",
"ListTaskTemplates",
"ListTrafficDistributionGroups",
"ListUseCases",
"ListUserHierarchyGroups",
"ListUsers",
"MonitorContact",
"PutUserStatus",
"ReleasePhoneNumber",
"ReplicateInstance",
"ResumeContactRecording",
"SearchAvailablePhoneNumbers",
"SearchQueues",
"SearchRoutingProfiles",
"SearchSecurityProfiles",
"SearchUsers",
"SearchVocabularies",
"StartChatContact",
"StartContactEvaluation",
"StartContactRecording",
"StartContactStreaming",
"StartForecastingPlanningSchedulingIntegration",
"StartOutboundVoiceContact",
"StartTaskContact",
"StopContact",
"StopContactRecording",
"StopContactStreaming",
"StopForecastingPlanningSchedulingIntegration",
"SubmitContactEvaluation",
"SuspendContactRecording",
"TagResource",
"TransferContact",
"UntagResource",
"UpdateAgentStatus",
"UpdateContact",
"UpdateContactAttributes",
"UpdateContactEvaluation",
"UpdateContactFlowContent",
"UpdateContactFlowMetadata",
"UpdateContactFlowModuleContent",
"UpdateContactFlowModuleMetadata",
"UpdateContactFlowName",
"UpdateContactSchedule",
"UpdateEvaluationForm",
"UpdateHoursOfOperation",
"UpdateInstanceAttribute",
"UpdateInstanceStorageConfig",
"UpdateParticipantRoleConfig",
"UpdatePhoneNumber",
"UpdateQueueHoursOfOperation",
"UpdateQueueMaxContacts",
"UpdateQueueName",
"UpdateQueueOutboundCallerConfig",
"UpdateQueueStatus",
"UpdateQuickConnectConfig",
"UpdateQuickConnectName",
"UpdateRoutingProfileConcurrency",
"UpdateRoutingProfileDefaultOutboundQueue",
"UpdateRoutingProfileName",
"UpdateRoutingProfileQueues",
"UpdateRule",
"UpdateSecurityProfile",
"UpdateTaskTemplate",
"UpdateTrafficDistribution",
"UpdateUserHierarchy",
"UpdateUserHierarchyGroupName",
"UpdateUserHierarchyStructure",
"UpdateUserIdentityInfo",
"UpdateUserPhoneConfig",
"UpdateUserRoutingProfile",
"UpdateUserSecurityProfiles",
"UpdatedescribeContent"
],
"HasResource": true,
"StringPrefix": "connect",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"connect:AttributeType",
"connect:InstanceId",
"connect:MonitorCapabilities",
"connect:SearchTag/${TagKey}",
"connect:StorageResourceType"
]
},
"Amazon Connect Cases": {
"ARNFormat": "arn:aws:cases:${Region}:${Account}:domain/${DomainId}",
"ARNRegex": "^arn:aws:cases:.+",
"Actions": [
"BatchGetField",
"BatchPutFieldOptions",
"CreateCase",
"CreateDomain",
"CreateField",
"CreateLayout",
"CreateRelatedItem",
"CreateTemplate",
"DeleteDomain",
"GetCase",
"GetCaseEventConfiguration",
"GetDomain",
"GetLayout",
"GetTemplate",
"ListCasesForContact",
"ListDomains",
"ListFieldOptions",
"ListFields",
"ListLayouts",
"ListTagsForResource",
"ListTemplates",
"PutCaseEventConfiguration",
"SearchCases",
"SearchRelatedItems",
"TagResource",
"UntagResource",
"UpdateCase",
"UpdateField",
"UpdateLayout",
"UpdateTemplate"
],
"HasResource": true,
"StringPrefix": "cases",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Connect Customer Profiles": {
"ARNFormat": "arn:aws:profile:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:profile:.+:.+:.+",
"Actions": [
"AddProfileKey",
"CreateDomain",
"CreateIntegrationWorkflow",
"CreateProfile",
"DeleteDomain",
"DeleteIntegration",
"DeleteProfile",
"DeleteProfileKey",
"DeleteProfileObject",
"DeleteProfileObjectType",
"DeleteWorkflow",
"GetAutoMergingPreview",
"GetDomain",
"GetIdentityResolutionJob",
"GetIntegration",
"GetMatches",
"GetProfileObjectType",
"GetProfileObjectTypeTemplate",
"GetWorkflow",
"GetWorkflowSteps",
"ListAccountIntegrations",
"ListDomains",
"ListIdentityResolutionJobs",
"ListIntegrations",
"ListProfileObjectTypeTemplates",
"ListProfileObjectTypes",
"ListProfileObjects",
"ListTagsForResource",
"ListWorkflows",
"MergeProfiles",
"PutIntegration",
"PutProfileObject",
"PutProfileObjectType",
"SearchProfiles",
"TagResource",
"UntagResource",
"UpdateDomain",
"UpdateProfile"
],
"HasResource": true,
"StringPrefix": "profile",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Connect Voice ID": {
"ARNFormat": "arn:aws:voiceid:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:voiceid:.+",
"Actions": [
"AssociateFraudster",
"CreateDomain",
"CreateWatchlist",
"DeleteDomain",
"DeleteFraudster",
"DeleteSpeaker",
"DeleteWatchlist",
"DescribeComplianceConsent",
"DescribeDomain",
"DescribeFraudster",
"DescribeFraudsterRegistrationJob",
"DescribeSpeaker",
"DescribeSpeakerEnrollmentJob",
"DescribeWatchlist",
"DisassociateFraudster",
"EvaluateSession",
"ListDomains",
"ListFraudsterRegistrationJobs",
"ListFraudsters",
"ListSpeakerEnrollmentJobs",
"ListSpeakers",
"ListTagsForResource",
"ListWatchlists",
"OptOutSpeaker",
"RegisterComplianceConsent",
"StartFraudsterRegistrationJob",
"StartSpeakerEnrollmentJob",
"TagResource",
"UntagResource",
"UpdateDomain",
"UpdateWatchlist"
],
"HasResource": true,
"StringPrefix": "voiceid",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Connect Wisdom": {
"ARNFormat": "arn:aws:wisdom:${Region}:${Account}:${Resource}/${ResourceId}",
"ARNRegex": "^arn:aws:wisdom:.+:.+:.+",
"Actions": [
"CreateAssistant",
"CreateAssistantAssociation",
"CreateContent",
"CreateKnowledgeBase",
"CreateSession",
"DeleteAssistant",
"DeleteAssistantAssociation",
"DeleteContent",
"DeleteKnowledgeBase",
"GetAssistant",
"GetAssistantAssociation",
"GetContent",
"GetContentSummary",
"GetKnowledgeBase",
"GetRecommendations",
"GetSession",
"ListAssistantAssociations",
"ListAssistants",
"ListContents",
"ListKnowledgeBases",
"ListTagsForResource",
"NotifyRecommendationsReceived",
"QueryAssistant",
"RemoveKnowledgeBaseTemplateUri",
"SearchContent",
"SearchSessions",
"StartContentUpload",
"TagResource",
"UntagResource",
"UpdateContent",
"UpdateKnowledgeBaseTemplateUri"
],
"HasResource": true,
"StringPrefix": "wisdom",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Data Lifecycle Manager": {
"ARNFormat": "arn:aws:dlm:${Region}:${Account}:policy/${ResourceName}",
"ARNRegex": "^arn:aws:dlm:.+:.+:.+",
"Actions": [
"CreateLifecyclePolicy",
"DeleteLifecyclePolicy",
"GetLifecyclePolicies",
"GetLifecyclePolicy",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateLifecyclePolicy"
],
"HasResource": true,
"StringPrefix": "dlm",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon DataZone": {
"ARNFormat": "arn:${Partition}:datazone:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:${Partition}:datazone:.+:.+:.+",
"Actions": [
"GetProject",
"GetProjectConfiguration",
"GetProjectCredentials",
"ListProjects",
"ListUserProjects"
],
"HasResource": false,
"StringPrefix": "datazone"
},
"Amazon DataZone Control": {
"ARNFormat": "arn:aws:datazonecontrol:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:datazonecontrol:.+:.+:.+",
"Actions": [
"CreateAccountAssociationInvitation",
"CreateDataSource",
"CreateEnvironment",
"DeleteDataSource",
"DeleteEnvironment",
"DissociateAccount",
"GetAssociatedDomain",
"GetDataSourceByEnvironment",
"GetDomain",
"GetEnvironment",
"GetMetadataCollector",
"GetUserPortalLoginAuthCode",
"ListAccountAssociationInvitations",
"ListAllAssociatedAccountsForEnvironment",
"ListAssociatedEnvironments",
"ListDataSources",
"ListDataSourcesByEnvironment",
"ListDomains",
"ListEnvironment",
"ListMetadataCollectorRuns",
"ListMetadataCollectors",
"ListProjects",
"ListTagsForResource",
"ReviewAccountAssociationInvitation",
"TagResource",
"UntagResource",
"UpdateAccountAssociationDescription",
"UpdateDataSource",
"UpdateEnvironment"
],
"HasResource": true,
"StringPrefix": "datazonecontrol",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Detective": {
"ARNFormat": "arn:aws:detective:${Region}:${Account}:graph:${GraphId}",
"ARNRegex": "^arn:aws:detective:.+",
"Actions": [
"AcceptInvitation",
"BatchGetGraphMemberDatasources",
"BatchGetMembershipDatasources",
"CreateGraph",
"CreateMembers",
"DeleteGraph",
"DeleteMembers",
"DescribeOrganizationConfiguration",
"DisableOrganizationAdminAccount",
"DisassociateMembership",
"EnableOrganizationAdminAccount",
"GetFreeTrialEligibility",
"GetGraphIngestState",
"GetMembers",
"GetPricingInformation",
"GetUsageInformation",
"ListDatasourcePackages",
"ListGraphs",
"ListHighDegreeEntities",
"ListInvitations",
"ListMembers",
"ListOrganizationAdminAccount",
"ListTagsForResource",
"RejectInvitation",
"SearchGraph",
"StartMonitoringMember",
"TagResource",
"UntagResource",
"UpdateDatasourcePackages",
"UpdateOrganizationConfiguration"
],
"HasResource": true,
"StringPrefix": "detective",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon DevOps Guru": {
"ARNFormat": "arn:aws:devops-guru:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:devops-guru:.+:.+:.+/.+",
"Actions": [
"AddNotificationChannel",
"DeleteInsight",
"DescribeAccountHealth",
"DescribeAccountOverview",
"DescribeAnomaly",
"DescribeEventSourcesConfig",
"DescribeFeedback",
"DescribeInsight",
"DescribeOrganizationHealth",
"DescribeOrganizationOverview",
"DescribeOrganizationResourceCollectionHealth",
"DescribeResourceCollectionHealth",
"DescribeServiceIntegration",
"GetCostEstimation",
"GetResourceCollection",
"ListAnomaliesForInsight",
"ListAnomalousLogGroups",
"ListEvents",
"ListInsights",
"ListMonitoredResources",
"ListNotificationChannels",
"ListOrganizationInsights",
"ListRecommendations",
"PutFeedback",
"RemoveNotificationChannel",
"SearchInsights",
"SearchOrganizationInsights",
"StartCostEstimation",
"UpdateEventSourcesConfig",
"UpdateResourceCollection",
"UpdateServiceIntegration"
],
"HasResource": true,
"StringPrefix": "devops-guru",
"conditionKeys": [
"devops-guru:ServiceNames"
]
},
"Amazon DocumentDB Elastic Clusters": {
"ARNFormat": "arn:aws:docdb-elastic:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:docdb-elastic:.+:.+:.+",
"Actions": [
"CreateCluster",
"CreateClusterSnapshot",
"DeleteCluster",
"DeleteClusterSnapshot",
"GetCluster",
"GetClusterSnapshot",
"ListClusterSnapshots",
"ListClusters",
"ListTagsForResource",
"RestoreClusterFromSnapshot",
"TagResource",
"UntagResource",
"UpdateCluster"
],
"HasResource": true,
"StringPrefix": "docdb-elastic",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon DynamoDB": {
"ARNFormat": "arn:aws:dynamodb:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:dynamodb:.+:.+",
"Actions": [
"BatchGetItem",
"BatchWriteItem",
"ConditionCheckItem",
"CreateBackup",
"CreateGlobalTable",
"CreateTable",
"CreateTableReplica",
"DeleteBackup",
"DeleteItem",
"DeleteTable",
"DeleteTableReplica",
"DescribeBackup",
"DescribeContinuousBackups",
"DescribeContributorInsights",
"DescribeEndpoints",
"DescribeExport",
"DescribeGlobalTable",
"DescribeGlobalTableSettings",
"DescribeImport",
"DescribeKinesisStreamingDestination",
"DescribeLimits",
"DescribeReservedCapacity",
"DescribeReservedCapacityOfferings",
"DescribeStream",
"DescribeTable",
"DescribeTableReplicaAutoScaling",
"DescribeTimeToLive",
"DisableKinesisStreamingDestination",
"EnableKinesisStreamingDestination",
"ExportTableToPointInTime",
"GetItem",
"GetRecords",
"GetShardIterator",
"ImportTable",
"ListBackups",
"ListContributorInsights",
"ListExports",
"ListGlobalTables",
"ListImports",
"ListStreams",
"ListTables",
"ListTagsOfResource",
"PartiQLDelete",
"PartiQLInsert",
"PartiQLSelect",
"PartiQLUpdate",
"PurchaseReservedCapacityOfferings",
"PutItem",
"Query",
"RestoreTableFromAwsBackup",
"RestoreTableFromBackup",
"RestoreTableToPointInTime",
"Scan",
"StartAwsBackupJob",
"TagResource",
"UntagResource",
"UpdateContinuousBackups",
"UpdateContributorInsights",
"UpdateGlobalTable",
"UpdateGlobalTableSettings",
"UpdateGlobalTableVersion",
"UpdateItem",
"UpdateTable",
"UpdateTableReplicaAutoScaling",
"UpdateTimeToLive"
],
"HasResource": true,
"StringPrefix": "dynamodb",
"conditionKeys": [
"aws:TagKeys",
"dynamodb:Attributes",
"dynamodb:EnclosingOperation",
"dynamodb:FullTableScan",
"dynamodb:LeadingKeys",
"dynamodb:ReturnConsumedCapacity",
"dynamodb:ReturnValues",
"dynamodb:Select"
]
},
"Amazon DynamoDB Accelerator (DAX)": {
"ARNFormat": "arn:aws:dax:${Region}:${Account}:cache/${ClusterName}",
"ARNRegex": "^arn:aws:dax:.+:[0-9]+:cache/[a-zA-Z0-9_.-]+",
"Actions": [
"BatchGetItem",
"BatchWriteItem",
"ConditionCheckItem",
"CreateCluster",
"CreateParameterGroup",
"CreateSubnetGroup",
"DecreaseReplicationFactor",
"DeleteCluster",
"DeleteItem",
"DeleteParameterGroup",
"DeleteSubnetGroup",
"DescribeClusters",
"DescribeDefaultParameters",
"DescribeEvents",
"DescribeParameterGroups",
"DescribeParameters",
"DescribeSubnetGroups",
"GetItem",
"IncreaseReplicationFactor",
"ListTags",
"PutItem",
"Query",
"RebootNode",
"Scan",
"TagResource",
"UntagResource",
"UpdateCluster",
"UpdateItem",
"UpdateParameterGroup",
"UpdateSubnetGroup"
],
"HasResource": true,
"StringPrefix": "dax",
"conditionKeys": [
"dax:EnclosingOperation"
]
},
"Amazon EC2": {
"ARNFormat": "arn:aws:ec2:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:ec2:.+",
"Actions": [
"AcceptAddressTransfer",
"AcceptReservedInstancesExchangeQuote",
"AcceptTransitGatewayMulticastDomainAssociations",
"AcceptTransitGatewayPeeringAttachment",
"AcceptTransitGatewayVpcAttachment",
"AcceptVpcEndpointConnections",
"AcceptVpcPeeringConnection",
"AdvertiseByoipCidr",
"AllocateAddress",
"AllocateHosts",
"AllocateIpamPoolCidr",
"ApplySecurityGroupsToClientVpnTargetNetwork",
"AssignIpv6Addresses",
"AssignPrivateIpAddresses",
"AssignPrivateNatGatewayAddress",
"AssociateAddress",
"AssociateClientVpnTargetNetwork",
"AssociateDhcpOptions",
"AssociateEnclaveCertificateIamRole",
"AssociateIamInstanceProfile",
"AssociateInstanceEventWindow",
"AssociateIpamResourceDiscovery",
"AssociateNatGatewayAddress",
"AssociateRouteTable",
"AssociateSubnetCidrBlock",
"AssociateTransitGatewayMulticastDomain",
"AssociateTransitGatewayPolicyTable",
"AssociateTransitGatewayRouteTable",
"AssociateTrunkInterface",
"AssociateVpcCidrBlock",
"AttachClassicLinkVpc",
"AttachInternetGateway",
"AttachNetworkInterface",
"AttachVerifiedAccessTrustProvider",
"AttachVolume",
"AttachVpnGateway",
"AuthorizeClientVpnIngress",
"AuthorizeSecurityGroupEgress",
"AuthorizeSecurityGroupIngress",
"BundleInstance",
"CancelBundleTask",
"CancelCapacityReservation",
"CancelCapacityReservationFleets",
"CancelConversionTask",
"CancelExportTask",
"CancelImageLaunchPermission",
"CancelImportTask",
"CancelReservedInstancesListing",
"CancelSpotFleetRequests",
"CancelSpotInstanceRequests",
"ConfirmProductInstance",
"CopyFpgaImage",
"CopyImage",
"CopySnapshot",
"CreateCapacityReservation",
"CreateCapacityReservationFleet",
"CreateCarrierGateway",
"CreateClientVpnEndpoint",
"CreateClientVpnRoute",
"CreateCoipCidr",
"CreateCoipPool",
"CreateCoipPoolPermission",
"CreateCustomerGateway",
"CreateDefaultSubnet",
"CreateDefaultVpc",
"CreateDhcpOptions",
"CreateEgressOnlyInternetGateway",
"CreateFleet",
"CreateFlowLogs",
"CreateFpgaImage",
"CreateImage",
"CreateInstanceEventWindow",
"CreateInstanceExportTask",
"CreateInternetGateway",
"CreateIpam",
"CreateIpamPool",
"CreateIpamResourceDiscovery",
"CreateIpamScope",
"CreateKeyPair",
"CreateLaunchTemplate",
"CreateLaunchTemplateVersion",
"CreateLocalGatewayRoute",
"CreateLocalGatewayRouteTable",
"CreateLocalGatewayRouteTablePermission",
"CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation",
"CreateLocalGatewayRouteTableVpcAssociation",
"CreateManagedPrefixList",
"CreateNatGateway",
"CreateNetworkAcl",
"CreateNetworkAclEntry",
"CreateNetworkInsightsAccessScope",
"CreateNetworkInsightsPath",
"CreateNetworkInterface",
"CreateNetworkInterfacePermission",
"CreatePlacementGroup",
"CreatePublicIpv4Pool",
"CreateReplaceRootVolumeTask",
"CreateReservedInstancesListing",
"CreateRestoreImageTask",
"CreateRoute",
"CreateRouteTable",
"CreateSecurityGroup",
"CreateSnapshot",
"CreateSnapshots",
"CreateSpotDatafeedSubscription",
"CreateStoreImageTask",
"CreateSubnet",
"CreateSubnetCidrReservation",
"CreateTags",
"CreateTrafficMirrorFilter",
"CreateTrafficMirrorFilterRule",
"CreateTrafficMirrorSession",
"CreateTrafficMirrorTarget",
"CreateTransitGateway",
"CreateTransitGatewayConnect",
"CreateTransitGatewayConnectPeer",
"CreateTransitGatewayMulticastDomain",
"CreateTransitGatewayPeeringAttachment",
"CreateTransitGatewayPolicyTable",
"CreateTransitGatewayPrefixListReference",
"CreateTransitGatewayRoute",
"CreateTransitGatewayRouteTable",
"CreateTransitGatewayRouteTableAnnouncement",
"CreateTransitGatewayVpcAttachment",
"CreateVerifiedAccessEndpoint",
"CreateVerifiedAccessGroup",
"CreateVerifiedAccessInstance",
"CreateVerifiedAccessTrustProvider",
"CreateVolume",
"CreateVpc",
"CreateVpcEndpoint",
"CreateVpcEndpointConnectionNotification",
"CreateVpcEndpointServiceConfiguration",
"CreateVpcPeeringConnection",
"CreateVpnConnection",
"CreateVpnConnectionRoute",
"CreateVpnGateway",
"DeleteCarrierGateway",
"DeleteClientVpnEndpoint",
"DeleteClientVpnRoute",
"DeleteCoipCidr",
"DeleteCoipPool",
"DeleteCoipPoolPermission",
"DeleteCustomerGateway",
"DeleteDhcpOptions",
"DeleteEgressOnlyInternetGateway",
"DeleteFleets",
"DeleteFlowLogs",
"DeleteFpgaImage",
"DeleteInstanceEventWindow",
"DeleteInternetGateway",
"DeleteIpam",
"DeleteIpamPool",
"DeleteIpamResourceDiscovery",
"DeleteIpamScope",
"DeleteKeyPair",
"DeleteLaunchTemplate",
"DeleteLaunchTemplateVersions",
"DeleteLocalGatewayRoute",
"DeleteLocalGatewayRouteTable",
"DeleteLocalGatewayRouteTablePermission",
"DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociation",
"DeleteLocalGatewayRouteTableVpcAssociation",
"DeleteManagedPrefixList",
"DeleteNatGateway",
"DeleteNetworkAcl",
"DeleteNetworkAclEntry",
"DeleteNetworkInsightsAccessScope",
"DeleteNetworkInsightsAccessScopeAnalysis",
"DeleteNetworkInsightsAnalysis",
"DeleteNetworkInsightsPath",
"DeleteNetworkInterface",
"DeleteNetworkInterfacePermission",
"DeletePlacementGroup",
"DeletePublicIpv4Pool",
"DeleteQueuedReservedInstances",
"DeleteResourcePolicy",
"DeleteRoute",
"DeleteRouteTable",
"DeleteSecurityGroup",
"DeleteSnapshot",
"DeleteSpotDatafeedSubscription",
"DeleteSubnet",
"DeleteSubnetCidrReservation",
"DeleteTags",
"DeleteTrafficMirrorFilter",
"DeleteTrafficMirrorFilterRule",
"DeleteTrafficMirrorSession",
"DeleteTrafficMirrorTarget",
"DeleteTransitGateway",
"DeleteTransitGatewayConnect",
"DeleteTransitGatewayConnectPeer",
"DeleteTransitGatewayMulticastDomain",
"DeleteTransitGatewayPeeringAttachment",
"DeleteTransitGatewayPolicyTable",
"DeleteTransitGatewayPrefixListReference",
"DeleteTransitGatewayRoute",
"DeleteTransitGatewayRouteTable",
"DeleteTransitGatewayRouteTableAnnouncement",
"DeleteTransitGatewayVpcAttachment",
"DeleteVerifiedAccessEndpoint",
"DeleteVerifiedAccessGroup",
"DeleteVerifiedAccessInstance",
"DeleteVerifiedAccessTrustProvider",
"DeleteVolume",
"DeleteVpc",
"DeleteVpcEndpointConnectionNotifications",
"DeleteVpcEndpointServiceConfigurations",
"DeleteVpcEndpoints",
"DeleteVpcPeeringConnection",
"DeleteVpnConnection",
"DeleteVpnConnectionRoute",
"DeleteVpnGateway",
"DeprovisionByoipCidr",
"DeprovisionIpamPoolCidr",
"DeprovisionPublicIpv4PoolCidr",
"DeregisterImage",
"DeregisterInstanceEventNotificationAttributes",
"DeregisterTransitGatewayMulticastGroupMembers",
"DeregisterTransitGatewayMulticastGroupSources",
"DescribeAccountAttributes",
"DescribeAddressTransfers",
"DescribeAddresses",
"DescribeAddressesAttribute",
"DescribeAggregateIdFormat",
"DescribeAvailabilityZones",
"DescribeAwsNetworkPerformanceMetricSubscriptions",
"DescribeBundleTasks",
"DescribeByoipCidrs",
"DescribeCapacityReservationFleets",
"DescribeCapacityReservations",
"DescribeCarrierGateways",
"DescribeClassicLinkInstances",
"DescribeClientVpnAuthorizationRules",
"DescribeClientVpnConnections",
"DescribeClientVpnEndpoints",
"DescribeClientVpnRoutes",
"DescribeClientVpnTargetNetworks",
"DescribeCoipPools",
"DescribeConversionTasks",
"DescribeCustomerGateways",
"DescribeDhcpOptions",
"DescribeEgressOnlyInternetGateways",
"DescribeElasticGpus",
"DescribeExportImageTasks",
"DescribeExportTasks",
"DescribeFastLaunchImages",
"DescribeFastSnapshotRestores",
"DescribeFleetHistory",
"DescribeFleetInstances",
"DescribeFleets",
"DescribeFlowLogs",
"DescribeFpgaImageAttribute",
"DescribeFpgaImages",
"DescribeHostReservationOfferings",
"DescribeHostReservations",
"DescribeHosts",
"DescribeIamInstanceProfileAssociations",
"DescribeIdFormat",
"DescribeIdentityIdFormat",
"DescribeImageAttribute",
"DescribeImages",
"DescribeImportImageTasks",
"DescribeImportSnapshotTasks",
"DescribeInstanceAttribute",
"DescribeInstanceCreditSpecifications",
"DescribeInstanceEventNotificationAttributes",
"DescribeInstanceEventWindows",
"DescribeInstanceStatus",
"DescribeInstanceTypeOfferings",
"DescribeInstanceTypes",
"DescribeInstances",
"DescribeInternetGateways",
"DescribeIpamPools",
"DescribeIpamResourceDiscoveries",
"DescribeIpamResourceDiscoveryAssociations",
"DescribeIpamScopes",
"DescribeIpams",
"DescribeIpv6Pools",
"DescribeKeyPairs",
"DescribeLaunchTemplateVersions",
"DescribeLaunchTemplates",
"DescribeLocalGatewayRouteTablePermissions",
"DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations",
"DescribeLocalGatewayRouteTableVpcAssociations",
"DescribeLocalGatewayRouteTables",
"DescribeLocalGatewayVirtualInterfaceGroups",
"DescribeLocalGatewayVirtualInterfaces",
"DescribeLocalGateways",
"DescribeManagedPrefixLists",
"DescribeMovingAddresses",
"DescribeNatGateways",
"DescribeNetworkAcls",
"DescribeNetworkInsightsAccessScopeAnalyses",
"DescribeNetworkInsightsAccessScopes",
"DescribeNetworkInsightsAnalyses",
"DescribeNetworkInsightsPaths",
"DescribeNetworkInterfaceAttribute",
"DescribeNetworkInterfacePermissions",
"DescribeNetworkInterfaces",
"DescribePlacementGroups",
"DescribePrefixLists",
"DescribePrincipalIdFormat",
"DescribePublicIpv4Pools",
"DescribeRegions",
"DescribeReplaceRootVolumeTasks",
"DescribeReservedInstances",
"DescribeReservedInstancesListings",
"DescribeReservedInstancesModifications",
"DescribeReservedInstancesOfferings",
"DescribeRouteTables",
"DescribeScheduledInstanceAvailability",
"DescribeScheduledInstances",
"DescribeSecurityGroupReferences",
"DescribeSecurityGroupRules",
"DescribeSecurityGroups",
"DescribeSnapshotAttribute",
"DescribeSnapshotTierStatus",
"DescribeSnapshots",
"DescribeSpotDatafeedSubscription",
"DescribeSpotFleetInstances",
"DescribeSpotFleetRequestHistory",
"DescribeSpotFleetRequests",
"DescribeSpotInstanceRequests",
"DescribeSpotPriceHistory",
"DescribeStaleSecurityGroups",
"DescribeStoreImageTasks",
"DescribeSubnets",
"DescribeTags",
"DescribeTrafficMirrorFilters",
"DescribeTrafficMirrorSessions",
"DescribeTrafficMirrorTargets",
"DescribeTransitGatewayAttachments",
"DescribeTransitGatewayConnectPeers",
"DescribeTransitGatewayConnects",
"DescribeTransitGatewayMulticastDomains",
"DescribeTransitGatewayPeeringAttachments",
"DescribeTransitGatewayPolicyTables",
"DescribeTransitGatewayRouteTableAnnouncements",
"DescribeTransitGatewayRouteTables",
"DescribeTransitGatewayVpcAttachments",
"DescribeTransitGateways",
"DescribeTrunkInterfaceAssociations",
"DescribeVerifiedAccessEndpoints",
"DescribeVerifiedAccessGroups",
"DescribeVerifiedAccessInstanceLoggingConfigurations",
"DescribeVerifiedAccessInstances",
"DescribeVerifiedAccessTrustProviders",
"DescribeVolumeAttribute",
"DescribeVolumeStatus",
"DescribeVolumes",
"DescribeVolumesModifications",
"DescribeVpcAttribute",
"DescribeVpcClassicLink",
"DescribeVpcClassicLinkDnsSupport",
"DescribeVpcEndpointConnectionNotifications",
"DescribeVpcEndpointConnections",
"DescribeVpcEndpointServiceConfigurations",
"DescribeVpcEndpointServicePermissions",
"DescribeVpcEndpointServices",
"DescribeVpcEndpoints",
"DescribeVpcPeeringConnections",
"DescribeVpcs",
"DescribeVpnConnections",
"DescribeVpnGateways",
"DetachClassicLinkVpc",
"DetachInternetGateway",
"DetachNetworkInterface",
"DetachVerifiedAccessTrustProvider",
"DetachVolume",
"DetachVpnGateway",
"DisableAddressTransfer",
"DisableAwsNetworkPerformanceMetricSubscription",
"DisableEbsEncryptionByDefault",
"DisableFastLaunch",
"DisableFastSnapshotRestores",
"DisableImageDeprecation",
"DisableIpamOrganizationAdminAccount",
"DisableSerialConsoleAccess",
"DisableTransitGatewayRouteTablePropagation",
"DisableVgwRoutePropagation",
"DisableVpcClassicLink",
"DisableVpcClassicLinkDnsSupport",
"DisassociateAddress",
"DisassociateClientVpnTargetNetwork",
"DisassociateEnclaveCertificateIamRole",
"DisassociateIamInstanceProfile",
"DisassociateInstanceEventWindow",
"DisassociateIpamResourceDiscovery",
"DisassociateNatGatewayAddress",
"DisassociateRouteTable",
"DisassociateSubnetCidrBlock",
"DisassociateTransitGatewayMulticastDomain",
"DisassociateTransitGatewayPolicyTable",
"DisassociateTransitGatewayRouteTable",
"DisassociateTrunkInterface",
"DisassociateVpcCidrBlock",
"EnableAddressTransfer",
"EnableAwsNetworkPerformanceMetricSubscription",
"EnableEbsEncryptionByDefault",
"EnableFastLaunch",
"EnableFastSnapshotRestores",
"EnableImageDeprecation",
"EnableIpamOrganizationAdminAccount",
"EnableReachabilityAnalyzerOrganizationSharing",
"EnableSerialConsoleAccess",
"EnableTransitGatewayRouteTablePropagation",
"EnableVgwRoutePropagation",
"EnableVolumeIO",
"EnableVpcClassicLink",
"EnableVpcClassicLinkDnsSupport",
"ExportClientVpnClientCertificateRevocationList",
"ExportClientVpnClientConfiguration",
"ExportImage",
"ExportTransitGatewayRoutes",
"GetAssociatedEnclaveCertificateIamRoles",
"GetAssociatedIpv6PoolCidrs",
"GetAwsNetworkPerformanceData",
"GetCapacityReservationUsage",
"GetCoipPoolUsage",
"GetConsoleOutput",
"GetConsoleScreenshot",
"GetDefaultCreditSpecification",
"GetEbsDefaultKmsKeyId",
"GetEbsEncryptionByDefault",
"GetFlowLogsIntegrationTemplate",
"GetGroupsForCapacityReservation",
"GetHostReservationPurchasePreview",
"GetInstanceTypesFromInstanceRequirements",
"GetInstanceUefiData",
"GetIpamAddressHistory",
"GetIpamDiscoveredAccounts",
"GetIpamDiscoveredResourceCidrs",
"GetIpamPoolAllocations",
"GetIpamPoolCidrs",
"GetIpamResourceCidrs",
"GetLaunchTemplateData",
"GetManagedPrefixListAssociations",
"GetManagedPrefixListEntries",
"GetNetworkInsightsAccessScopeAnalysisFindings",
"GetNetworkInsightsAccessScopeContent",
"GetPasswordData",
"GetReservedInstancesExchangeQuote",
"GetResourcePolicy",
"GetSerialConsoleAccessStatus",
"GetSpotPlacementScores",
"GetSubnetCidrReservations",
"GetTransitGatewayAttachmentPropagations",
"GetTransitGatewayMulticastDomainAssociations",
"GetTransitGatewayPolicyTableAssociations",
"GetTransitGatewayPolicyTableEntries",
"GetTransitGatewayPrefixListReferences",
"GetTransitGatewayRouteTableAssociations",
"GetTransitGatewayRouteTablePropagations",
"GetVerifiedAccessEndpointPolicy",
"GetVerifiedAccessGroupPolicy",
"GetVpnConnectionDeviceSampleConfiguration",
"GetVpnConnectionDeviceTypes",
"ImportClientVpnClientCertificateRevocationList",
"ImportImage",
"ImportInstance",
"ImportKeyPair",
"ImportSnapshot",
"ImportVolume",
"ListImagesInRecycleBin",
"ListSnapshotsInRecycleBin",
"ModifyAddressAttribute",
"ModifyAvailabilityZoneGroup",
"ModifyCapacityReservation",
"ModifyCapacityReservationFleet",
"ModifyClientVpnEndpoint",
"ModifyDefaultCreditSpecification",
"ModifyEbsDefaultKmsKeyId",
"ModifyFleet",
"ModifyFpgaImageAttribute",
"ModifyHosts",
"ModifyIdFormat",
"ModifyIdentityIdFormat",
"ModifyImageAttribute",
"ModifyInstanceAttribute",
"ModifyInstanceCapacityReservationAttributes",
"ModifyInstanceCreditSpecification",
"ModifyInstanceEventStartTime",
"ModifyInstanceEventWindow",
"ModifyInstanceMaintenanceOptions",
"ModifyInstanceMetadataOptions",
"ModifyInstancePlacement",
"ModifyIpam",
"ModifyIpamPool",
"ModifyIpamResourceCidr",
"ModifyIpamResourceDiscovery",
"ModifyIpamScope",
"ModifyLaunchTemplate",
"ModifyLocalGatewayRoute",
"ModifyManagedPrefixList",
"ModifyNetworkInterfaceAttribute",
"ModifyPrivateDnsNameOptions",
"ModifyReservedInstances",
"ModifySecurityGroupRules",
"ModifySnapshotAttribute",
"ModifySnapshotTier",
"ModifySpotFleetRequest",
"ModifySubnetAttribute",
"ModifyTrafficMirrorFilterNetworkServices",
"ModifyTrafficMirrorFilterRule",
"ModifyTrafficMirrorSession",
"ModifyTransitGateway",
"ModifyTransitGatewayPrefixListReference",
"ModifyTransitGatewayVpcAttachment",
"ModifyVerifiedAccessEndpoint",
"ModifyVerifiedAccessEndpointPolicy",
"ModifyVerifiedAccessGroup",
"ModifyVerifiedAccessGroupPolicy",
"ModifyVerifiedAccessInstance",
"ModifyVerifiedAccessInstanceLoggingConfiguration",
"ModifyVerifiedAccessTrustProvider",
"ModifyVolume",
"ModifyVolumeAttribute",
"ModifyVpcAttribute",
"ModifyVpcEndpoint",
"ModifyVpcEndpointConnectionNotification",
"ModifyVpcEndpointServiceConfiguration",
"ModifyVpcEndpointServicePayerResponsibility",
"ModifyVpcEndpointServicePermissions",
"ModifyVpcPeeringConnectionOptions",
"ModifyVpcTenancy",
"ModifyVpnConnection",
"ModifyVpnConnectionOptions",
"ModifyVpnTunnelCertificate",
"ModifyVpnTunnelOptions",
"MonitorInstances",
"MoveAddressToVpc",
"MoveByoipCidrToIpam",
"PauseVolumeIO",
"ProvisionByoipCidr",
"ProvisionIpamPoolCidr",
"ProvisionPublicIpv4PoolCidr",
"PurchaseHostReservation",
"PurchaseReservedInstancesOffering",
"PurchaseScheduledInstances",
"PutResourcePolicy",
"RebootInstances",
"RegisterImage",
"RegisterInstanceEventNotificationAttributes",
"RegisterTransitGatewayMulticastGroupMembers",
"RegisterTransitGatewayMulticastGroupSources",
"RejectTransitGatewayMulticastDomainAssociations",
"RejectTransitGatewayPeeringAttachment",
"RejectTransitGatewayVpcAttachment",
"RejectVpcEndpointConnections",
"RejectVpcPeeringConnection",
"ReleaseAddress",
"ReleaseHosts",
"ReleaseIpamPoolAllocation",
"ReplaceIamInstanceProfileAssociation",
"ReplaceNetworkAclAssociation",
"ReplaceNetworkAclEntry",
"ReplaceRoute",
"ReplaceRouteTableAssociation",
"ReplaceTransitGatewayRoute",
"ReportInstanceStatus",
"RequestSpotFleet",
"RequestSpotInstances",
"ResetAddressAttribute",
"ResetEbsDefaultKmsKeyId",
"ResetFpgaImageAttribute",
"ResetImageAttribute",
"ResetInstanceAttribute",
"ResetNetworkInterfaceAttribute",
"ResetSnapshotAttribute",
"RestoreAddressToClassic",
"RestoreImageFromRecycleBin",
"RestoreManagedPrefixListVersion",
"RestoreSnapshotFromRecycleBin",
"RestoreSnapshotTier",
"RevokeClientVpnIngress",
"RevokeSecurityGroupEgress",
"RevokeSecurityGroupIngress",
"RunInstances",
"RunScheduledInstances",
"SearchLocalGatewayRoutes",
"SearchTransitGatewayMulticastGroups",
"SearchTransitGatewayRoutes",
"SendDiagnosticInterrupt",
"SendSpotInstanceInterruptions",
"StartInstances",
"StartNetworkInsightsAccessScopeAnalysis",
"StartNetworkInsightsAnalysis",
"StartVpcEndpointServicePrivateDnsVerification",
"StopInstances",
"TerminateClientVpnConnections",
"TerminateInstances",
"UnassignIpv6Addresses",
"UnassignPrivateIpAddresses",
"UnassignPrivateNatGatewayAddress",
"UnmonitorInstances",
"UpdateSecurityGroupRuleDescriptionsEgress",
"UpdateSecurityGroupRuleDescriptionsIngress",
"WithdrawByoipCidr"
],
"HasResource": true,
"StringPrefix": "ec2",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"ec2:AccepterVpc",
"ec2:Add/group",
"ec2:Add/userId",
"ec2:AllocationId",
"ec2:AssociatePublicIpAddress",
"ec2:Attribute",
"ec2:Attribute/${AttributeName}",
"ec2:AuthenticationType",
"ec2:AuthorizedService",
"ec2:AuthorizedUser",
"ec2:AutoPlacement",
"ec2:AvailabilityZone",
"ec2:CapacityReservationFleet",
"ec2:ClientRootCertificateChainArn",
"ec2:CloudwatchLogGroupArn",
"ec2:CloudwatchLogStreamArn",
"ec2:CreateAction",
"ec2:DPDTimeoutSeconds",
"ec2:DhcpOptionsID",
"ec2:DirectoryArn",
"ec2:Domain",
"ec2:DomainCertificateArn",
"ec2:EbsOptimized",
"ec2:ElasticGpuType",
"ec2:Encrypted",
"ec2:GatewayType",
"ec2:HostRecovery",
"ec2:IKEVersions",
"ec2:ImageID",
"ec2:ImageType",
"ec2:InsideTunnelCidr",
"ec2:InsideTunnelIpv6Cidr",
"ec2:InstanceAutoRecovery",
"ec2:InstanceID",
"ec2:InstanceMarketType",
"ec2:InstanceMetadataTags",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:InternetGatewayID",
"ec2:Ipv4IpamPoolId",
"ec2:Ipv6IpamPoolId",
"ec2:IsLaunchTemplateResource",
"ec2:KeyPairName",
"ec2:KeyPairType",
"ec2:KmsKeyId",
"ec2:LaunchTemplate",
"ec2:LoadBalancerArn",
"ec2:MetadataHttpEndpoint",
"ec2:MetadataHttpPutResponseHopLimit",
"ec2:MetadataHttpTokens",
"ec2:NetworkAclID",
"ec2:NetworkInterfaceID",
"ec2:NewInstanceProfile",
"ec2:OutpostArn",
"ec2:Owner",
"ec2:ParentSnapshot",
"ec2:ParentVolume",
"ec2:Permission",
"ec2:Phase1DHGroup",
"ec2:Phase1EncryptionAlgorithms",
"ec2:Phase1IntegrityAlgorithms",
"ec2:Phase1LifetimeSeconds",
"ec2:Phase2DHGroup",
"ec2:Phase2EncryptionAlgorithms",
"ec2:Phase2IntegrityAlgorithms",
"ec2:Phase2LifetimeSeconds",
"ec2:PlacementGroup",
"ec2:PlacementGroupName",
"ec2:PlacementGroupStrategy",
"ec2:PreSharedKeys",
"ec2:ProductCode",
"ec2:Public",
"ec2:PublicIpAddress",
"ec2:Quantity",
"ec2:Region",
"ec2:RekeyFuzzPercentage",
"ec2:RekeyMarginTimeSeconds",
"ec2:Remove/group",
"ec2:Remove/userId",
"ec2:ReplayWindowSizePackets",
"ec2:RequesterVpc",
"ec2:ReservedInstancesOfferingType",
"ec2:ResourceTag/${TagKey}",
"ec2:RoleDelivery",
"ec2:RootDeviceType",
"ec2:RouteTableID",
"ec2:RoutingType",
"ec2:SamlProviderArn",
"ec2:SecurityGroupID",
"ec2:ServerCertificateArn",
"ec2:SnapshotID",
"ec2:SnapshotTime",
"ec2:SourceInstanceARN",
"ec2:SourceOutpostArn",
"ec2:Subnet",
"ec2:SubnetID",
"ec2:Tenancy",
"ec2:VolumeID",
"ec2:VolumeIops",
"ec2:VolumeSize",
"ec2:VolumeThroughput",
"ec2:VolumeType",
"ec2:Vpc",
"ec2:VpcID",
"ec2:VpcPeeringConnectionID",
"ec2:VpceServiceName",
"ec2:VpceServiceOwner",
"ec2:VpceServicePrivateDnsName"
]
},
"Amazon EC2 Auto Scaling": {
"ARNFormat": "arn:aws:autoscaling:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:autoscaling:.+:.+:.+",
"Actions": [
"AttachInstances",
"AttachLoadBalancerTargetGroups",
"AttachLoadBalancers",
"AttachTrafficSources",
"BatchDeleteScheduledAction",
"BatchPutScheduledUpdateGroupAction",
"CancelInstanceRefresh",
"CompleteLifecycleAction",
"CreateAutoScalingGroup",
"CreateLaunchConfiguration",
"CreateOrUpdateTags",
"DeleteAutoScalingGroup",
"DeleteLaunchConfiguration",
"DeleteLifecycleHook",
"DeleteNotificationConfiguration",
"DeletePolicy",
"DeleteScheduledAction",
"DeleteTags",
"DeleteWarmPool",
"DescribeAccountLimits",
"DescribeAdjustmentTypes",
"DescribeAutoScalingGroups",
"DescribeAutoScalingInstances",
"DescribeAutoScalingNotificationTypes",
"DescribeInstanceRefreshes",
"DescribeLaunchConfigurations",
"DescribeLifecycleHookTypes",
"DescribeLifecycleHooks",
"DescribeLoadBalancerTargetGroups",
"DescribeLoadBalancers",
"DescribeMetricCollectionTypes",
"DescribeNotificationConfigurations",
"DescribePolicies",
"DescribeScalingActivities",
"DescribeScalingProcessTypes",
"DescribeScheduledActions",
"DescribeTags",
"DescribeTerminationPolicyTypes",
"DescribeTrafficSources",
"DescribeWarmPool",
"DetachInstances",
"DetachLoadBalancerTargetGroups",
"DetachLoadBalancers",
"DetachTrafficSources",
"DisableMetricsCollection",
"EnableMetricsCollection",
"EnterStandby",
"ExecutePolicy",
"ExitStandby",
"GetPredictiveScalingForecast",
"PutLifecycleHook",
"PutNotificationConfiguration",
"PutScalingPolicy",
"PutScheduledUpdateGroupAction",
"PutWarmPool",
"RecordLifecycleActionHeartbeat",
"ResumeProcesses",
"RollbackInstanceRefresh",
"SetDesiredCapacity",
"SetInstanceHealth",
"SetInstanceProtection",
"StartInstanceRefresh",
"SuspendProcesses",
"TerminateInstanceInAutoScalingGroup",
"UpdateAutoScalingGroup"
],
"HasResource": true,
"StringPrefix": "autoscaling",
"conditionKeys": [
"autoscaling:ImageId",
"autoscaling:InstanceType",
"autoscaling:InstanceTypes",
"autoscaling:LaunchConfigurationName",
"autoscaling:LaunchTemplateVersionSpecified",
"autoscaling:LoadBalancerNames",
"autoscaling:MaxSize",
"autoscaling:MetadataHttpEndpoint",
"autoscaling:MetadataHttpPutResponseHopLimit",
"autoscaling:MetadataHttpTokens",
"autoscaling:MinSize",
"autoscaling:ResourceTag/${TagKey}",
"autoscaling:SpotPrice",
"autoscaling:TargetGroupARNs",
"autoscaling:TrafficSourceIdentifiers",
"autoscaling:VPCZoneIdentifiers",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon EC2 Image Builder": {
"ARNFormat": "arn:aws:imagebuilder:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:imagebuilder:.+:.+:.+",
"Actions": [
"CancelImageCreation",
"CreateComponent",
"CreateContainerRecipe",
"CreateDistributionConfiguration",
"CreateImage",
"CreateImagePipeline",
"CreateImageRecipe",
"CreateInfrastructureConfiguration",
"DeleteComponent",
"DeleteContainerRecipe",
"DeleteDistributionConfiguration",
"DeleteImage",
"DeleteImagePipeline",
"DeleteImageRecipe",
"DeleteInfrastructureConfiguration",
"GetComponent",
"GetComponentPolicy",
"GetContainerRecipe",
"GetContainerRecipePolicy",
"GetDistributionConfiguration",
"GetImage",
"GetImagePipeline",
"GetImagePolicy",
"GetImageRecipe",
"GetImageRecipePolicy",
"GetInfrastructureConfiguration",
"GetWorkflowExecution",
"GetWorkflowStepExecution",
"ImportComponent",
"ImportVmImage",
"ListComponentBuildVersions",
"ListComponents",
"ListContainerRecipes",
"ListDistributionConfigurations",
"ListImageBuildVersions",
"ListImagePackages",
"ListImagePipelineImages",
"ListImagePipelines",
"ListImageRecipes",
"ListImageScanFindingAggregations",
"ListImageScanFindings",
"ListImages",
"ListInfrastructureConfigurations",
"ListTagsForResource",
"ListWorkflowExecutions",
"ListWorkflowStepExecutions",
"PutComponentPolicy",
"PutContainerRecipePolicy",
"PutImagePolicy",
"PutImageRecipePolicy",
"StartImagePipelineExecution",
"TagResource",
"UntagResource",
"UpdateDistributionConfiguration",
"UpdateImagePipeline",
"UpdateInfrastructureConfiguration"
],
"HasResource": true,
"StringPrefix": "imagebuilder",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"imagebuilder:CreatedResourceTag/<key>",
"imagebuilder:CreatedResourceTagKeys",
"imagebuilder:Ec2MetadataHttpTokens",
"imagebuilder:StatusTopicArn"
]
},
"Amazon EC2 Instance Connect": {
"ARNFormat": "arn:aws:ec2:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:ec2:.+",
"Actions": [
"SendSSHPublicKey",
"SendSerialConsoleSSHPublicKey"
],
"HasResource": true,
"StringPrefix": "ec2-instance-connect",
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"ec2:ResourceTag/${TagKey}",
"ec2:osuser"
]
},
"Amazon EMR Serverless": {
"ARNFormat": "arn:aws:emr-serverless:${Region}:${Account}:/${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:emr-serverless:.+",
"Actions": [
"CancelJobRun",
"CreateApplication",
"DeleteApplication",
"GetApplication",
"GetDashboardForJobRun",
"GetJobRun",
"ListApplications",
"ListJobRuns",
"ListTagsForResource",
"StartApplication",
"StartJobRun",
"StopApplication",
"TagResource",
"UntagResource",
"UpdateApplication"
],
"HasResource": true,
"StringPrefix": "emr-serverless",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon EMR on EKS (EMR Containers)": {
"ARNFormat": "arn:aws:emr-containers:${Region}:${Account}:/${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:emr-containers:.+",
"Actions": [
"CancelJobRun",
"CreateJobTemplate",
"CreateManagedEndpoint",
"CreateVirtualCluster",
"DeleteJobTemplate",
"DeleteManagedEndpoint",
"DeleteVirtualCluster",
"DescribeJobRun",
"DescribeJobTemplate",
"DescribeManagedEndpoint",
"DescribeVirtualCluster",
"ListJobRuns",
"ListJobTemplates",
"ListManagedEndpoints",
"ListTagsForResource",
"ListVirtualClusters",
"StartJobRun",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "emr-containers",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"emr-containers:ExecutionRoleArn",
"emr-containers:JobTemplateArn"
]
},
"Amazon ElastiCache": {
"ARNFormat": "arn:aws:elasticache:${Region}:${Account}:${ResourceType}:${ResourceName}",
"ARNRegex": "^arn:aws:elasticache:.+:.+:.+",
"Actions": [
"AddTagsToResource",
"AuthorizeCacheSecurityGroupIngress",
"BatchApplyUpdateAction",
"BatchStopUpdateAction",
"CompleteMigration",
"Connect",
"CopySnapshot",
"CreateCacheCluster",
"CreateCacheParameterGroup",
"CreateCacheSecurityGroup",
"CreateCacheSubnetGroup",
"CreateGlobalReplicationGroup",
"CreateReplicationGroup",
"CreateSnapshot",
"CreateUser",
"CreateUserGroup",
"DecreaseNodeGroupsInGlobalReplicationGroup",
"DecreaseReplicaCount",
"DeleteCacheCluster",
"DeleteCacheParameterGroup",
"DeleteCacheSecurityGroup",
"DeleteCacheSubnetGroup",
"DeleteGlobalReplicationGroup",
"DeleteReplicationGroup",
"DeleteSnapshot",
"DeleteUser",
"DeleteUserGroup",
"DescribeCacheClusters",
"DescribeCacheEngineVersions",
"DescribeCacheParameterGroups",
"DescribeCacheParameters",
"DescribeCacheSecurityGroups",
"DescribeCacheSubnetGroups",
"DescribeEngineDefaultParameters",
"DescribeEvents",
"DescribeGlobalReplicationGroups",
"DescribeReplicationGroups",
"DescribeReservedCacheNodes",
"DescribeReservedCacheNodesOfferings",
"DescribeServiceUpdates",
"DescribeSnapshots",
"DescribeUpdateActions",
"DescribeUserGroups",
"DescribeUsers",
"DisassociateGlobalReplicationGroup",
"FailoverGlobalReplicationGroup",
"IncreaseNodeGroupsInGlobalReplicationGroup",
"IncreaseReplicaCount",
"ListAllowedNodeTypeModifications",
"ListTagsForResource",
"ModifyCacheCluster",
"ModifyCacheParameterGroup",
"ModifyCacheSubnetGroup",
"ModifyGlobalReplicationGroup",
"ModifyReplicationGroup",
"ModifyReplicationGroupShardConfiguration",
"ModifyUser",
"ModifyUserGroup",
"PurchaseReservedCacheNodesOffering",
"RebalanceSlotsInGlobalReplicationGroup",
"RebootCacheCluster",
"RemoveTagsFromResource",
"ResetCacheParameterGroup",
"RevokeCacheSecurityGroupIngress",
"StartMigration",
"TestFailover"
],
"HasResource": true,
"StringPrefix": "elasticache",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"elasticache:AtRestEncryptionEnabled",
"elasticache:AuthTokenEnabled",
"elasticache:AutomaticFailoverEnabled",
"elasticache:CacheNodeType",
"elasticache:CacheParameterGroupName",
"elasticache:ClusterModeEnabled",
"elasticache:EngineType",
"elasticache:EngineVersion",
"elasticache:KmsKeyId",
"elasticache:MultiAZEnabled",
"elasticache:NumNodeGroups",
"elasticache:ReplicasPerNodeGroup",
"elasticache:SnapshotRetentionLimit",
"elasticache:TransitEncryptionEnabled",
"elasticache:UserAuthenticationMode"
]
},
"Amazon Elastic Block Store": {
"ARNFormat": "arn:aws:ebs:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:ebs:.+",
"Actions": [
"CompleteSnapshot",
"GetSnapshotBlock",
"ListChangedBlocks",
"ListSnapshotBlocks",
"PutSnapshotBlock",
"StartSnapshot"
],
"HasResource": true,
"StringPrefix": "ebs",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"ebs:Description",
"ebs:ParentSnapshot",
"ebs:VolumeSize"
]
},
"Amazon Elastic Container Registry": {
"ARNFormat": "arn:aws:ecr:${Region}:${Account}:repository/${RepositoryName}",
"ARNRegex": "^arn:aws:ecr:.+",
"Actions": [
"BatchCheckLayerAvailability",
"BatchDeleteImage",
"BatchGetImage",
"BatchGetRepositoryScanningConfiguration",
"BatchImportUpstreamImage",
"CompleteLayerUpload",
"CreatePullThroughCacheRule",
"CreateRepository",
"DeleteLifecyclePolicy",
"DeletePullThroughCacheRule",
"DeleteRegistryPolicy",
"DeleteRepository",
"DeleteRepositoryPolicy",
"DescribeImageReplicationStatus",
"DescribeImageScanFindings",
"DescribeImages",
"DescribePullThroughCacheRules",
"DescribeRegistry",
"DescribeRepositories",
"GetAuthorizationToken",
"GetDownloadUrlForLayer",
"GetLifecyclePolicy",
"GetLifecyclePolicyPreview",
"GetRegistryPolicy",
"GetRegistryScanningConfiguration",
"GetRepositoryPolicy",
"InitiateLayerUpload",
"ListImages",
"ListTagsForResource",
"PutImage",
"PutImageScanningConfiguration",
"PutImageTagMutability",
"PutLifecyclePolicy",
"PutRegistryPolicy",
"PutRegistryScanningConfiguration",
"PutReplicationConfiguration",
"ReplicateImage",
"SetRepositoryPolicy",
"StartImageScan",
"StartLifecyclePolicyPreview",
"TagResource",
"UntagResource",
"UploadLayerPart"
],
"HasResource": true,
"StringPrefix": "ecr",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"ecr:ResourceTag/${TagKey}"
]
},
"Amazon Elastic Container Registry Public": {
"ARNFormat": "arn:aws:ecr-public::${Account}:${RepositoryOrRegistry}/${RepositoryNameOrAccountId}",
"ARNRegex": "^arn:aws:ecr-public::.+",
"Actions": [
"BatchCheckLayerAvailability",
"BatchDeleteImage",
"CompleteLayerUpload",
"CreateRepository",
"DeleteRepository",
"DeleteRepositoryPolicy",
"DescribeImageTags",
"DescribeImages",
"DescribeRegistries",
"DescribeRepositories",
"GetAuthorizationToken",
"GetRegistryCatalogData",
"GetRepositoryCatalogData",
"GetRepositoryPolicy",
"InitiateLayerUpload",
"ListTagsForResource",
"PutImage",
"PutRegistryCatalogData",
"PutRepositoryCatalogData",
"SetRepositoryPolicy",
"TagResource",
"UntagResource",
"UploadLayerPart"
],
"HasResource": true,
"StringPrefix": "ecr-public",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"ecr-public:ResourceTag/${TagKey}"
]
},
"Amazon Elastic Container Service": {
"ARNFormat": "arn:aws:ecs:${Region}:${Account}:${ResourceType}/${RelativeId}",
"ARNRegex": "^arn:aws:ecs:.+",
"Actions": [
"CreateCapacityProvider",
"CreateCluster",
"CreateService",
"CreateTaskSet",
"DeleteAccountSetting",
"DeleteAttributes",
"DeleteCapacityProvider",
"DeleteCluster",
"DeleteService",
"DeleteTaskDefinitions",
"DeleteTaskSet",
"DeregisterContainerInstance",
"DeregisterTaskDefinition",
"DescribeCapacityProviders",
"DescribeClusters",
"DescribeContainerInstances",
"DescribeServices",
"DescribeTaskDefinition",
"DescribeTaskSets",
"DescribeTasks",
"DiscoverPollEndpoint",
"ExecuteCommand",
"GetTaskProtection",
"ListAccountSettings",
"ListAttributes",
"ListClusters",
"ListContainerInstances",
"ListServices",
"ListServicesByNamespace",
"ListTagsForResource",
"ListTaskDefinitionFamilies",
"ListTaskDefinitions",
"ListTasks",
"Poll",
"PutAccountSetting",
"PutAccountSettingDefault",
"PutAttributes",
"PutClusterCapacityProviders",
"RegisterContainerInstance",
"RegisterTaskDefinition",
"RunTask",
"StartTask",
"StartTelemetrySession",
"StopTask",
"SubmitAttachmentStateChanges",
"SubmitContainerStateChange",
"SubmitTaskStateChange",
"TagResource",
"UntagResource",
"UpdateCapacityProvider",
"UpdateCluster",
"UpdateClusterSettings",
"UpdateContainerAgent",
"UpdateContainerInstancesState",
"UpdateService",
"UpdateServicePrimaryTaskSet",
"UpdateTaskProtection",
"UpdateTaskSet"
],
"HasResource": true,
"StringPrefix": "ecs",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"ecs:CreateAction",
"ecs:ResourceTag/${TagKey}",
"ecs:capacity-provider",
"ecs:cluster",
"ecs:container-instances",
"ecs:container-name",
"ecs:enable-execute-command",
"ecs:enable-service-connect",
"ecs:namespace",
"ecs:service",
"ecs:task",
"ecs:task-definition"
]
},
"Amazon Elastic File System": {
"ARNFormat": "arn:aws:elasticfilesystem:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:elasticfilesystem:.+",
"Actions": [
"Backup",
"ClientMount",
"ClientRootAccess",
"ClientWrite",
"CreateAccessPoint",
"CreateFileSystem",
"CreateMountTarget",
"CreateReplicationConfiguration",
"CreateTags",
"DeleteAccessPoint",
"DeleteFileSystem",
"DeleteFileSystemPolicy",
"DeleteMountTarget",
"DeleteReplicationConfiguration",
"DeleteTags",
"DescribeAccessPoints",
"DescribeAccountPreferences",
"DescribeBackupPolicy",
"DescribeFileSystemPolicy",
"DescribeFileSystems",
"DescribeLifecycleConfiguration",
"DescribeMountTargetSecurityGroups",
"DescribeMountTargets",
"DescribeReplicationConfigurations",
"DescribeTags",
"ListTagsForResource",
"ModifyMountTargetSecurityGroups",
"PutAccountPreferences",
"PutBackupPolicy",
"PutFileSystemPolicy",
"PutLifecycleConfiguration",
"Restore",
"TagResource",
"UntagResource",
"UpdateFileSystem"
],
"HasResource": true,
"StringPrefix": "elasticfilesystem",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"elasticfilesystem:AccessPointArn",
"elasticfilesystem:AccessedViaMountTarget",
"elasticfilesystem:CreateAction",
"elasticfilesystem:Encrypted"
]
},
"Amazon Elastic Inference": {
"ARNFormat": "arn:aws:elastic-inference:<region>:<account-id>:elastic-inference-accelerator/<identifier>",
"ARNRegex": "^arn:aws:elastic-inference:.+",
"Actions": [
"Connect",
"DescribeAcceleratorOfferings",
"DescribeAcceleratorTypes",
"DescribeAccelerators",
"ListTagsForResource",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "elastic-inference"
},
"Amazon Elastic Kubernetes Service": {
"ARNFormat": "arn:aws:eks:${Region}:${Account}:${ResourceType}/${RelativeId}",
"ARNRegex": "^arn:aws:eks:.+",
"Actions": [
"AccessKubernetesApi",
"AssociateEncryptionConfig",
"AssociateIdentityProviderConfig",
"CreateAddon",
"CreateCluster",
"CreateFargateProfile",
"CreateNodegroup",
"DeleteAddon",
"DeleteCluster",
"DeleteFargateProfile",
"DeleteNodegroup",
"DeregisterCluster",
"DescribeAddon",
"DescribeAddonConfiguration",
"DescribeAddonVersions",
"DescribeCluster",
"DescribeFargateProfile",
"DescribeIdentityProviderConfig",
"DescribeNodegroup",
"DescribeUpdate",
"DisassociateIdentityProviderConfig",
"ListAddons",
"ListClusters",
"ListFargateProfiles",
"ListIdentityProviderConfigs",
"ListNodegroups",
"ListTagsForResource",
"ListUpdates",
"RegisterCluster",
"TagResource",
"UntagResource",
"UpdateAddon",
"UpdateClusterConfig",
"UpdateClusterVersion",
"UpdateNodegroupConfig",
"UpdateNodegroupVersion"
],
"HasResource": true,
"StringPrefix": "eks",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"eks:clientId",
"eks:issuerUrl"
]
},
"Amazon Elastic MapReduce": {
"ARNFormat": "arn:aws:elasticmapreduce:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:elasticmapreduce:.+",
"Actions": [
"AddInstanceFleet",
"AddInstanceGroups",
"AddJobFlowSteps",
"AddTags",
"AttachEditor",
"CancelSteps",
"CreateEditor",
"CreatePersistentAppUI",
"CreateRepository",
"CreateSecurityConfiguration",
"CreateStudio",
"CreateStudioPresignedUrl",
"CreateStudioSessionMapping",
"DeleteEditor",
"DeleteRepository",
"DeleteSecurityConfiguration",
"DeleteStudio",
"DeleteStudioSessionMapping",
"DeleteWorkspaceAccess",
"DescribeCluster",
"DescribeEditor",
"DescribeJobFlows",
"DescribeNotebookExecution",
"DescribePersistentAppUI",
"DescribeReleaseLabel",
"DescribeRepository",
"DescribeSecurityConfiguration",
"DescribeStep",
"DescribeStudio",
"DetachEditor",
"GetAutoTerminationPolicy",
"GetBlockPublicAccessConfiguration",
"GetClusterSessionCredentials",
"GetManagedScalingPolicy",
"GetOnClusterAppUIPresignedURL",
"GetPersistentAppUIPresignedURL",
"GetStudioSessionMapping",
"LinkRepository",
"ListBootstrapActions",
"ListClusters",
"ListEditors",
"ListInstanceFleets",
"ListInstanceGroups",
"ListInstances",
"ListNotebookExecutions",
"ListReleaseLabels",
"ListRepositories",
"ListSecurityConfigurations",
"ListSteps",
"ListStudioSessionMappings",
"ListStudios",
"ListWorkspaceAccessIdentities",
"ModifyCluster",
"ModifyInstanceFleet",
"ModifyInstanceGroups",
"OpenEditorInConsole",
"PutAutoScalingPolicy",
"PutAutoTerminationPolicy",
"PutBlockPublicAccessConfiguration",
"PutManagedScalingPolicy",
"PutWorkspaceAccess",
"RemoveAutoScalingPolicy",
"RemoveAutoTerminationPolicy",
"RemoveManagedScalingPolicy",
"RemoveTags",
"RunJobFlow",
"SetTerminationProtection",
"SetVisibleToAllUsers",
"StartEditor",
"StartNotebookExecution",
"StopEditor",
"StopNotebookExecution",
"TerminateJobFlows",
"UnlinkRepository",
"UpdateEditor",
"UpdateRepository",
"UpdateStudio",
"UpdateStudioSessionMapping",
"ViewEventsFromAllClustersInConsole"
],
"HasResource": true,
"StringPrefix": "elasticmapreduce",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"elasticmapreduce:ExecutionRoleArn",
"elasticmapreduce:RequestTag/${TagKey}",
"elasticmapreduce:ResourceTag/${TagKey}"
]
},
"Amazon Elastic Transcoder": {
"ARNFormat": "arn:aws:elastictranscoder:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:elastictranscoder:.+",
"Actions": [
"CancelJob",
"CreateJob",
"CreatePipeline",
"CreatePreset",
"DeletePipeline",
"DeletePreset",
"ListJobsByPipeline",
"ListJobsByStatus",
"ListPipelines",
"ListPresets",
"ReadJob",
"ReadPipeline",
"ReadPreset",
"TestRole",
"UpdatePipeline",
"UpdatePipelineNotifications",
"UpdatePipelineStatus"
],
"HasResource": true,
"StringPrefix": "elastictranscoder"
},
"Amazon EventBridge": {
"ARNFormat": "arn:aws:events:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:events:.+",
"Actions": [
"ActivateEventSource",
"CancelReplay",
"CreateApiDestination",
"CreateArchive",
"CreateConnection",
"CreateEndpoint",
"CreateEventBus",
"CreatePartnerEventSource",
"DeactivateEventSource",
"DeauthorizeConnection",
"DeleteApiDestination",
"DeleteArchive",
"DeleteConnection",
"DeleteEndpoint",
"DeleteEventBus",
"DeletePartnerEventSource",
"DeleteRule",
"DescribeApiDestination",
"DescribeArchive",
"DescribeConnection",
"DescribeEndpoint",
"DescribeEventBus",
"DescribeEventSource",
"DescribePartnerEventSource",
"DescribeReplay",
"DescribeRule",
"DisableRule",
"EnableRule",
"InvokeApiDestination",
"ListApiDestinations",
"ListArchives",
"ListConnections",
"ListEndpoints",
"ListEventBuses",
"ListEventSources",
"ListPartnerEventSourceAccounts",
"ListPartnerEventSources",
"ListReplays",
"ListRuleNamesByTarget",
"ListRules",
"ListTagsForResource",
"ListTargetsByRule",
"PutEvents",
"PutPartnerEvents",
"PutPermission",
"PutRule",
"PutTargets",
"RemovePermission",
"RemoveTargets",
"StartReplay",
"TagResource",
"TestEventPattern",
"UntagResource",
"UpdateApiDestination",
"UpdateArchive",
"UpdateConnection",
"UpdateEndpoint"
],
"HasResource": true,
"StringPrefix": "events",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"events:EventBusArn",
"events:ManagedBy",
"events:TargetArn",
"events:creatorAccount",
"events:detail-type",
"events:detail.eventTypeCode",
"events:detail.service",
"events:detail.userIdentity.principalId",
"events:eventBusInvocation",
"events:source"
]
},
"Amazon EventBridge Pipes": {
"ARNFormat": "arn:aws:pipes:${Region}:${Account}:pipe/${PipeName}",
"ARNRegex": "^arn:aws:pipes:.+:.+:.+",
"Actions": [
"CreatePipe",
"DeletePipe",
"DescribePipe",
"ListPipes",
"ListTagsForResource",
"StartPipe",
"StopPipe",
"TagResource",
"UntagResource",
"UpdatePipe"
],
"HasResource": true,
"StringPrefix": "pipes",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon EventBridge Scheduler": {
"ARNFormat": "arn:aws:scheduler:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:scheduler:.+:.+:.+",
"Actions": [
"CreateSchedule",
"CreateScheduleGroup",
"DeleteSchedule",
"DeleteScheduleGroup",
"GetSchedule",
"GetScheduleGroup",
"ListScheduleGroups",
"ListSchedules",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateSchedule"
],
"HasResource": true,
"StringPrefix": "scheduler",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon EventBridge Schemas": {
"ARNFormat": "arn:aws:schemas:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:schemas:.+:.+:.+",
"Actions": [
"CreateDiscoverer",
"CreateRegistry",
"CreateSchema",
"DeleteDiscoverer",
"DeleteRegistry",
"DeleteResourcePolicy",
"DeleteSchema",
"DeleteSchemaVersion",
"DescribeCodeBinding",
"DescribeDiscoverer",
"DescribeRegistry",
"DescribeSchema",
"ExportSchema",
"GetCodeBindingSource",
"GetDiscoveredSchema",
"GetResourcePolicy",
"ListDiscoverers",
"ListRegistries",
"ListSchemaVersions",
"ListSchemas",
"ListTagsForResource",
"PutCodeBinding",
"PutResourcePolicy",
"SearchSchemas",
"StartDiscoverer",
"StopDiscoverer",
"TagResource",
"UntagResource",
"UpdateDiscoverer",
"UpdateRegistry",
"UpdateSchema"
],
"HasResource": true,
"StringPrefix": "schemas",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon FSx": {
"ARNFormat": "arn:aws:fsx:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:fsx:.+",
"Actions": [
"AssociateFileGateway",
"AssociateFileSystemAliases",
"CancelDataRepositoryTask",
"CopyBackup",
"CreateBackup",
"CreateDataRepositoryAssociation",
"CreateDataRepositoryTask",
"CreateFileCache",
"CreateFileSystem",
"CreateFileSystemFromBackup",
"CreateSnapshot",
"CreateStorageVirtualMachine",
"CreateVolume",
"CreateVolumeFromBackup",
"DeleteBackup",
"DeleteDataRepositoryAssociation",
"DeleteFileCache",
"DeleteFileSystem",
"DeleteSnapshot",
"DeleteStorageVirtualMachine",
"DeleteVolume",
"DescribeAssociatedFileGateways",
"DescribeBackups",
"DescribeDataRepositoryAssociations",
"DescribeDataRepositoryTasks",
"DescribeFileCaches",
"DescribeFileSystemAliases",
"DescribeFileSystems",
"DescribeSnapshots",
"DescribeStorageVirtualMachines",
"DescribeVolumes",
"DisassociateFileGateway",
"DisassociateFileSystemAliases",
"ListTagsForResource",
"ManageBackupPrincipalAssociations",
"ReleaseFileSystemNfsV3Locks",
"RestoreVolumeFromSnapshot",
"TagResource",
"UntagResource",
"UpdateDataRepositoryAssociation",
"UpdateFileCache",
"UpdateFileSystem",
"UpdateSnapshot",
"UpdateStorageVirtualMachine",
"UpdateVolume"
],
"HasResource": true,
"StringPrefix": "fsx",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"fsx:IsBackupCopyDestination",
"fsx:IsBackupCopySource",
"fsx:NfsDataRepositoryAuthenticationEnabled",
"fsx:NfsDataRepositoryEncryptionInTransitEnabled",
"fsx:ParentVolumeId",
"fsx:StorageVirtualMachineId"
]
},
"Amazon FinSpace": {
"ARNFormat": "arn:aws:finspace:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:finspace:.+",
"Actions": [
"CreateEnvironment",
"CreateUser",
"DeleteEnvironment",
"GetEnvironment",
"GetLoadSampleDataSetGroupIntoEnvironmentStatus",
"GetUser",
"ListEnvironments",
"ListTagsForResource",
"ListUsers",
"LoadSampleDataSetGroupIntoEnvironment",
"ResetUserPassword",
"TagResource",
"UntagResource",
"UpdateEnvironment",
"UpdateUser"
],
"HasResource": true,
"StringPrefix": "finspace",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon FinSpace API": {
"ARNFormat": "arn:aws:finspace-api:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:finspace-api:.+",
"Actions": [
"GetProgrammaticAccessCredentials"
],
"HasResource": true,
"StringPrefix": "finspace-api"
},
"Amazon Forecast": {
"ARNFormat": "arn:aws:forecast:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:forecast:.+:.+:.+",
"Actions": [
"CreateAutoPredictor",
"CreateDataset",
"CreateDatasetGroup",
"CreateDatasetImportJob",
"CreateExplainability",
"CreateExplainabilityExport",
"CreateForecast",
"CreateForecastEndpoint",
"CreateForecastExportJob",
"CreateMonitor",
"CreatePredictor",
"CreatePredictorBacktestExportJob",
"CreateWhatIfAnalysis",
"CreateWhatIfForecast",
"CreateWhatIfForecastExport",
"DeleteDataset",
"DeleteDatasetGroup",
"DeleteDatasetImportJob",
"DeleteExplainability",
"DeleteExplainabilityExport",
"DeleteForecast",
"DeleteForecastEndpoint",
"DeleteForecastExportJob",
"DeleteMonitor",
"DeletePredictor",
"DeletePredictorBacktestExportJob",
"DeleteResourceTree",
"DeleteWhatIfAnalysis",
"DeleteWhatIfForecast",
"DeleteWhatIfForecastExport",
"DescribeAutoPredictor",
"DescribeDataset",
"DescribeDatasetGroup",
"DescribeDatasetImportJob",
"DescribeExplainability",
"DescribeExplainabilityExport",
"DescribeForecast",
"DescribeForecastEndpoint",
"DescribeForecastExportJob",
"DescribeMonitor",
"DescribePredictor",
"DescribePredictorBacktestExportJob",
"DescribeWhatIfAnalysis",
"DescribeWhatIfForecast",
"DescribeWhatIfForecastExport",
"GetAccuracyMetrics",
"GetRecentForecastContext",
"InvokeForecastEndpoint",
"ListDatasetGroups",
"ListDatasetImportJobs",
"ListDatasets",
"ListExplainabilities",
"ListExplainabilityExports",
"ListForecastExportJobs",
"ListForecasts",
"ListMonitorEvaluations",
"ListMonitors",
"ListPredictorBacktestExportJobs",
"ListPredictors",
"ListTagsForResource",
"ListWhatIfAnalyses",
"ListWhatIfForecastExports",
"ListWhatIfForecasts",
"QueryForecast",
"QueryWhatIfForecast",
"ResumeResource",
"StopResource",
"TagResource",
"UntagResource",
"UpdateDatasetGroup"
],
"HasResource": true,
"StringPrefix": "forecast",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Fraud Detector": {
"ARNFormat": "arn:aws:frauddetector:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:frauddetector:.+:.+:.+",
"Actions": [
"BatchCreateVariable",
"BatchGetVariable",
"CancelBatchImportJob",
"CancelBatchPredictionJob",
"CreateBatchImportJob",
"CreateBatchPredictionJob",
"CreateDetectorVersion",
"CreateList",
"CreateModel",
"CreateModelVersion",
"CreateRule",
"CreateVariable",
"DeleteBatchImportJob",
"DeleteBatchPredictionJob",
"DeleteDetector",
"DeleteDetectorVersion",
"DeleteEntityType",
"DeleteEvent",
"DeleteEventType",
"DeleteEventsByEventType",
"DeleteExternalModel",
"DeleteLabel",
"DeleteList",
"DeleteModel",
"DeleteModelVersion",
"DeleteOutcome",
"DeleteRule",
"DeleteVariable",
"DescribeDetector",
"DescribeModelVersions",
"GetBatchImportJobValidationReport",
"GetBatchImportJobs",
"GetBatchPredictionJobs",
"GetDeleteEventsByEventTypeStatus",
"GetDetectorVersion",
"GetDetectors",
"GetEntityTypes",
"GetEvent",
"GetEventPrediction",
"GetEventPredictionMetadata",
"GetEventTypes",
"GetExternalModels",
"GetKMSEncryptionKey",
"GetLabels",
"GetListElements",
"GetListsMetadata",
"GetModelVersion",
"GetModels",
"GetOutcomes",
"GetRules",
"GetVariables",
"ListEventPredictions",
"ListTagsForResource",
"PutDetector",
"PutEntityType",
"PutEventType",
"PutExternalModel",
"PutKMSEncryptionKey",
"PutLabel",
"PutOutcome",
"SendEvent",
"TagResource",
"UntagResource",
"UpdateDetectorVersion",
"UpdateDetectorVersionMetadata",
"UpdateDetectorVersionStatus",
"UpdateEventLabel",
"UpdateList",
"UpdateModel",
"UpdateModelVersion",
"UpdateModelVersionStatus",
"UpdateRuleMetadata",
"UpdateRuleVersion",
"UpdateVariable"
],
"HasResource": true,
"StringPrefix": "frauddetector",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon FreeRTOS": {
"ARNFormat": "arn:aws:freertos:${Region}:${Account}:${Type}/${Name}",
"ARNRegex": "^arn:aws:freertos:.+:[0-9]+:.+",
"Actions": [
"CreateSoftwareConfiguration",
"CreateSubscription",
"DeleteSoftwareConfiguration",
"DescribeHardwarePlatform",
"DescribeSoftwareConfiguration",
"DescribeSubscription",
"GetEmpPatchUrl",
"GetSoftwareURL",
"GetSoftwareURLForConfiguration",
"GetSubscriptionBillingAmount",
"ListFreeRTOSVersions",
"ListHardwarePlatforms",
"ListHardwareVendors",
"ListSoftwareConfigurations",
"ListSoftwarePatches",
"ListSubscriptionEmails",
"ListSubscriptions",
"UpdateEmailRecipients",
"UpdateSoftwareConfiguration",
"VerifyEmail"
],
"HasResource": true,
"StringPrefix": "freertos",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon GameLift": {
"ARNFormat": "arn:aws:gamelift:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:gamelift:.+",
"Actions": [
"AcceptMatch",
"ClaimGameServer",
"CreateAlias",
"CreateBuild",
"CreateFleet",
"CreateFleetLocations",
"CreateGameServerGroup",
"CreateGameSession",
"CreateGameSessionQueue",
"CreateLocation",
"CreateMatchmakingConfiguration",
"CreateMatchmakingRuleSet",
"CreatePlayerSession",
"CreatePlayerSessions",
"CreateScript",
"CreateVpcPeeringAuthorization",
"CreateVpcPeeringConnection",
"DeleteAlias",
"DeleteBuild",
"DeleteFleet",
"DeleteFleetLocations",
"DeleteGameServerGroup",
"DeleteGameSessionQueue",
"DeleteLocation",
"DeleteMatchmakingConfiguration",
"DeleteMatchmakingRuleSet",
"DeleteScalingPolicy",
"DeleteScript",
"DeleteVpcPeeringAuthorization",
"DeleteVpcPeeringConnection",
"DeregisterCompute",
"DeregisterGameServer",
"DescribeAlias",
"DescribeBuild",
"DescribeCompute",
"DescribeEC2InstanceLimits",
"DescribeFleetAttributes",
"DescribeFleetCapacity",
"DescribeFleetEvents",
"DescribeFleetLocationAttributes",
"DescribeFleetLocationCapacity",
"DescribeFleetLocationUtilization",
"DescribeFleetPortSettings",
"DescribeFleetUtilization",
"DescribeGameServer",
"DescribeGameServerGroup",
"DescribeGameServerInstances",
"DescribeGameSessionDetails",
"DescribeGameSessionPlacement",
"DescribeGameSessionQueues",
"DescribeGameSessions",
"DescribeInstances",
"DescribeMatchmaking",
"DescribeMatchmakingConfigurations",
"DescribeMatchmakingRuleSets",
"DescribePlayerSessions",
"DescribeRuntimeConfiguration",
"DescribeScalingPolicies",
"DescribeScript",
"DescribeVpcPeeringAuthorizations",
"DescribeVpcPeeringConnections",
"GetComputeAccess",
"GetComputeAuthToken",
"GetGameSessionLogUrl",
"GetInstanceAccess",
"ListAliases",
"ListBuilds",
"ListCompute",
"ListFleets",
"ListGameServerGroups",
"ListGameServers",
"ListLocations",
"ListScripts",
"ListTagsForResource",
"PutScalingPolicy",
"RegisterCompute",
"RegisterGameServer",
"RequestUploadCredentials",
"ResolveAlias",
"ResumeGameServerGroup",
"SearchGameSessions",
"StartFleetActions",
"StartGameSessionPlacement",
"StartMatchBackfill",
"StartMatchmaking",
"StopFleetActions",
"StopGameSessionPlacement",
"StopMatchmaking",
"SuspendGameServerGroup",
"TagResource",
"UntagResource",
"UpdateAlias",
"UpdateBuild",
"UpdateFleetAttributes",
"UpdateFleetCapacity",
"UpdateFleetPortSettings",
"UpdateGameServer",
"UpdateGameServerGroup",
"UpdateGameSession",
"UpdateGameSessionQueue",
"UpdateMatchmakingConfiguration",
"UpdateRuntimeConfiguration",
"UpdateScript",
"ValidateMatchmakingRuleSet"
],
"HasResource": true,
"StringPrefix": "gamelift",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon GameSparks": {
"ARNFormat": "arn:aws:gamesparks:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:gamesparks:.+:.+:.+",
"Actions": [
"CreateGame",
"CreateSnapshot",
"CreateStage",
"DeleteGame",
"DeleteStage",
"DisconnectPlayer",
"ExportSnapshot",
"GetExtension",
"GetExtensionVersion",
"GetGame",
"GetGameConfiguration",
"GetGeneratedCodeJob",
"GetPlayerConnectionStatus",
"GetSnapshot",
"GetStage",
"GetStageDeployment",
"ImportGameConfiguration",
"InvokeBackend",
"ListExtensionVersions",
"ListExtensions",
"ListGames",
"ListGeneratedCodeJobs",
"ListSnapshots",
"ListStageDeployments",
"ListStages",
"ListTagsForResource",
"StartGeneratedCodeJob",
"StartStageDeployment",
"TagResource",
"UntagResource",
"UpdateGame",
"UpdateGameConfiguration",
"UpdateSnapshot",
"UpdateStage"
],
"HasResource": true,
"StringPrefix": "gamesparks",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon GroundTruth Labeling": {
"ARNFormat": "arn:${Partition}:groundtruthlabeling:${region}:${account}:${resourceType}/${resourcePath}",
"ARNRegex": "^arn:${Partition}:groundtruthlabeling:.+",
"Actions": [
"AssociatePatchToManifestJob",
"DescribeConsoleJob",
"ListDatasetObjects",
"RunFilterOrSampleDatasetJob",
"RunGenerateManifestByCrawlingJob"
],
"HasResource": false,
"StringPrefix": "groundtruthlabeling"
},
"Amazon GuardDuty": {
"ARNFormat": "arn:aws:guardduty:${Region}:${Account}:.+",
"ARNRegex": "^arn:aws:guardduty:.+",
"Actions": [
"AcceptAdministratorInvitation",
"AcceptInvitation",
"ArchiveFindings",
"CreateDetector",
"CreateFilter",
"CreateIPSet",
"CreateMembers",
"CreatePublishingDestination",
"CreateSampleFindings",
"CreateThreatIntelSet",
"DeclineInvitations",
"DeleteDetector",
"DeleteFilter",
"DeleteIPSet",
"DeleteInvitations",
"DeleteMembers",
"DeletePublishingDestination",
"DeleteThreatIntelSet",
"DescribeMalwareScans",
"DescribeOrganizationConfiguration",
"DescribePublishingDestination",
"DisableOrganizationAdminAccount",
"DisassociateFromAdministratorAccount",
"DisassociateFromMasterAccount",
"DisassociateMembers",
"EnableOrganizationAdminAccount",
"GetAdministratorAccount",
"GetCoverageStatistics",
"GetDetector",
"GetFilter",
"GetFindings",
"GetFindingsStatistics",
"GetIPSet",
"GetInvitationsCount",
"GetMalwareScanSettings",
"GetMasterAccount",
"GetMemberDetectors",
"GetMembers",
"GetRemainingFreeTrialDays",
"GetThreatIntelSet",
"GetUsageStatistics",
"InviteMembers",
"ListCoverage",
"ListDetectors",
"ListFilters",
"ListFindings",
"ListIPSets",
"ListInvitations",
"ListMembers",
"ListOrganizationAdminAccounts",
"ListPublishingDestinations",
"ListTagsForResource",
"ListThreatIntelSets",
"SendSecurityTelemetry",
"StartMalwareScan",
"StartMonitoringMembers",
"StopMonitoringMembers",
"TagResource",
"UnarchiveFindings",
"UntagResource",
"UpdateDetector",
"UpdateFilter",
"UpdateFindingsFeedback",
"UpdateIPSet",
"UpdateMalwareScanSettings",
"UpdateMemberDetectors",
"UpdateOrganizationConfiguration",
"UpdatePublishingDestination",
"UpdateThreatIntelSet"
],
"HasResource": true,
"StringPrefix": "guardduty",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon HealthLake": {
"ARNFormat": "arn:aws:healthlake:${Region}:${AccountId}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:healthlake:.+:.+:.+",
"Actions": [
"CreateFHIRDatastore",
"CreateResource",
"DeleteFHIRDatastore",
"DeleteResource",
"DescribeFHIRDatastore",
"DescribeFHIRExportJob",
"DescribeFHIRImportJob",
"GetCapabilities",
"ListFHIRDatastores",
"ListFHIRExportJobs",
"ListFHIRImportJobs",
"ListTagsForResource",
"ReadResource",
"SearchWithGet",
"SearchWithPost",
"StartFHIRExportJob",
"StartFHIRImportJob",
"TagResource",
"UntagResource",
"UpdateResource"
],
"HasResource": true,
"StringPrefix": "healthlake",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Honeycode": {
"ARNFormat": "arn:aws:honeycode:${Region}:${Account}:${ResourceType}:${ResourcePath}",
"ARNRegex": "^arn:aws:honeycode:.+:.+:.+",
"Actions": [
"ApproveTeamAssociation",
"BatchCreateTableRows",
"BatchDeleteTableRows",
"BatchUpdateTableRows",
"BatchUpsertTableRows",
"CreateTeam",
"CreateTenant",
"DeleteDomains",
"DeregisterGroups",
"DescribeTableDataImportJob",
"DescribeTeam",
"GetScreenData",
"InvokeScreenAutomation",
"ListDomains",
"ListGroups",
"ListTableColumns",
"ListTableRows",
"ListTables",
"ListTagsForResource",
"ListTeamAssociations",
"ListTenants",
"QueryTableRows",
"RegisterDomainForVerification",
"RegisterGroups",
"RejectTeamAssociation",
"RestartDomainVerification",
"StartTableDataImportJob",
"TagResource",
"UntagResource",
"UpdateTeam"
],
"HasResource": true,
"StringPrefix": "honeycode"
},
"Amazon Inspector": {
"Actions": [
"AddAttributesToFindings",
"CreateAssessmentTarget",
"CreateAssessmentTemplate",
"CreateExclusionsPreview",
"CreateResourceGroup",
"DeleteAssessmentRun",
"DeleteAssessmentTarget",
"DeleteAssessmentTemplate",
"DescribeAssessmentRuns",
"DescribeAssessmentTargets",
"DescribeAssessmentTemplates",
"DescribeCrossAccountAccessRole",
"DescribeExclusions",
"DescribeFindings",
"DescribeResourceGroups",
"DescribeRulesPackages",
"GetAssessmentReport",
"GetExclusionsPreview",
"GetTelemetryMetadata",
"ListAssessmentRunAgents",
"ListAssessmentRuns",
"ListAssessmentTargets",
"ListAssessmentTemplates",
"ListEventSubscriptions",
"ListExclusions",
"ListFindings",
"ListRulesPackages",
"ListTagsForResource",
"PreviewAgents",
"RegisterCrossAccountAccessRole",
"RemoveAttributesFromFindings",
"SetTagsForResource",
"StartAssessmentRun",
"StopAssessmentRun",
"SubscribeToEvent",
"UnsubscribeFromEvent",
"UpdateAssessmentTarget"
],
"HasResource": false,
"StringPrefix": "inspector"
},
"Amazon Inspector2": {
"ARNFormat": "arn:aws:inspector2:${Region}:${Account}:.+",
"ARNRegex": "^arn:aws:inspector2:.+:.+:.+",
"Actions": [
"AssociateMember",
"BatchGetAccountStatus",
"BatchGetCodeSnippet",
"BatchGetFreeTrialInfo",
"BatchGetMemberEc2DeepInspectionStatus",
"BatchUpdateMemberEc2DeepInspectionStatus",
"CancelFindingsReport",
"CreateFilter",
"CreateFindingsReport",
"DeleteFilter",
"DescribeOrganizationConfiguration",
"Disable",
"DisableDelegatedAdminAccount",
"DisassociateMember",
"Enable",
"EnableDelegatedAdminAccount",
"GetConfiguration",
"GetDelegatedAdminAccount",
"GetEc2DeepInspectionConfiguration",
"GetFindingsReportStatus",
"GetMember",
"ListAccountPermissions",
"ListCoverage",
"ListCoverageStatistics",
"ListDelegatedAdminAccounts",
"ListFilters",
"ListFindingAggregations",
"ListFindings",
"ListMembers",
"ListTagsForResource",
"ListUsageTotals",
"TagResource",
"UntagResource",
"UpdateConfiguration",
"UpdateEc2DeepInspectionConfiguration",
"UpdateFilter",
"UpdateOrgEc2DeepInspectionConfiguration",
"UpdateOrganizationConfiguration"
],
"HasResource": true,
"StringPrefix": "inspector2",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Interactive Video Service": {
"ARNFormat": "arn:aws:ivs:${Region}:${Account}:${ArnType}/${ResourceId}",
"ARNRegex": "^arn:aws:ivs:.+:.+:.+",
"Actions": [
"BatchGetChannel",
"BatchGetStreamKey",
"CreateChannel",
"CreateParticipantToken",
"CreateRecordingConfiguration",
"CreateStage",
"CreateStreamKey",
"DeleteChannel",
"DeletePlaybackKeyPair",
"DeleteRecordingConfiguration",
"DeleteStage",
"DeleteStreamKey",
"DisconnectParticipant",
"GetChannel",
"GetPlaybackKeyPair",
"GetRecordingConfiguration",
"GetStage",
"GetStream",
"GetStreamKey",
"GetStreamSession",
"ImportPlaybackKeyPair",
"ListChannels",
"ListPlaybackKeyPairs",
"ListRecordingConfigurations",
"ListStages",
"ListStreamKeys",
"ListStreamSessions",
"ListStreams",
"ListTagsForResource",
"PutMetadata",
"StopStream",
"TagResource",
"UntagResource",
"UpdateChannel",
"UpdateStage"
],
"HasResource": true,
"StringPrefix": "ivs",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Interactive Video Service Chat": {
"ARNFormat": "arn:aws:ivschat:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:ivschat:.+:.+:.+",
"Actions": [
"CreateChatToken",
"CreateLoggingConfiguration",
"CreateRoom",
"DeleteLoggingConfiguration",
"DeleteMessage",
"DeleteRoom",
"DisconnectUser",
"GetLoggingConfiguration",
"GetRoom",
"ListLoggingConfigurations",
"ListRooms",
"ListTagsForResource",
"SendEvent",
"TagResource",
"UntagResource",
"UpdateLoggingConfiguration",
"UpdateRoom"
],
"HasResource": true,
"StringPrefix": "ivschat",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Kendra": {
"ARNFormat": "arn:aws:kendra:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:kendra:.+:.+:.+",
"Actions": [
"AssociateEntitiesToExperience",
"AssociatePersonasToEntities",
"BatchDeleteDocument",
"BatchDeleteFeaturedResultsSet",
"BatchGetDocumentStatus",
"BatchPutDocument",
"ClearQuerySuggestions",
"CreateAccessControlConfiguration",
"CreateDataSource",
"CreateExperience",
"CreateFaq",
"CreateFeaturedResultsSet",
"CreateIndex",
"CreateQuerySuggestionsBlockList",
"CreateThesaurus",
"DeleteAccessControlConfiguration",
"DeleteDataSource",
"DeleteExperience",
"DeleteFaq",
"DeleteIndex",
"DeletePrincipalMapping",
"DeleteQuerySuggestionsBlockList",
"DeleteThesaurus",
"DescribeAccessControlConfiguration",
"DescribeDataSource",
"DescribeExperience",
"DescribeFaq",
"DescribeFeaturedResultsSet",
"DescribeIndex",
"DescribePrincipalMapping",
"DescribeQuerySuggestionsBlockList",
"DescribeQuerySuggestionsConfig",
"DescribeThesaurus",
"DisassociateEntitiesFromExperience",
"DisassociatePersonasFromEntities",
"GetQuerySuggestions",
"GetSnapshots",
"ListAccessControlConfigurations",
"ListDataSourceSyncJobs",
"ListDataSources",
"ListEntityPersonas",
"ListExperienceEntities",
"ListExperiences",
"ListFaqs",
"ListFeaturedResultsSets",
"ListGroupsOlderThanOrderingId",
"ListIndices",
"ListQuerySuggestionsBlockLists",
"ListTagsForResource",
"ListThesauri",
"PutPrincipalMapping",
"Query",
"StartDataSourceSyncJob",
"StopDataSourceSyncJob",
"SubmitFeedback",
"TagResource",
"UntagResource",
"UpdateAccessControlConfiguration",
"UpdateDataSource",
"UpdateExperience",
"UpdateFeaturedResultsSet",
"UpdateIndex",
"UpdateQuerySuggestionsBlockList",
"UpdateQuerySuggestionsConfig",
"UpdateThesaurus"
],
"HasResource": true,
"StringPrefix": "kendra",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Kendra Intelligent Ranking": {
"ARNFormat": "arn:aws:kendra-ranking:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:kendra-ranking:.+:.+:.+",
"Actions": [
"CreateRescoreExecutionPlan",
"DeleteRescoreExecutionPlan",
"DescribeRescoreExecutionPlan",
"ListRescoreExecutionPlans",
"ListTagsForResource",
"Rescore",
"TagResource",
"UntagResource",
"UpdateRescoreExecutionPlan"
],
"HasResource": true,
"StringPrefix": "kendra-ranking",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Keyspaces (for Apache Cassandra)": {
"ARNFormat": "arn:aws:cassandra:${Region}:${Account}:/${ResourceType}/${ResourcePath}/",
"ARNRegex": "^arn:aws:cassandra:.+",
"Actions": [
"Alter",
"AlterMultiRegionResource",
"Create",
"CreateMultiRegionResource",
"Drop",
"DropMultiRegionResource",
"Modify",
"ModifyMultiRegionResource",
"Restore",
"RestoreMultiRegionTable",
"Select",
"SelectMultiRegionResource",
"TagMultiRegionResource",
"TagResource",
"UnTagMultiRegionResource",
"UntagResource",
"UpdatePartitioner"
],
"HasResource": true,
"StringPrefix": "cassandra",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Kinesis Analytics": {
"ARNFormat": "arn:aws:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}",
"ARNRegex": "^arn:aws:kinesisanalytics:.+:[0-9]+:application/[a-zA-Z0-9_.-]+",
"Actions": [
"AddApplicationInput",
"AddApplicationOutput",
"AddApplicationReferenceDataSource",
"CreateApplication",
"DeleteApplication",
"DeleteApplicationOutput",
"DeleteApplicationReferenceDataSource",
"DescribeApplication",
"DiscoverInputSchema",
"GetApplicationState",
"ListApplications",
"ListTagsForResource",
"StartApplication",
"StopApplication",
"TagResource",
"UntagResource",
"UpdateApplication"
],
"HasResource": true,
"StringPrefix": "kinesisanalytics",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Kinesis Analytics V2": {
"ARNFormat": "arn:aws:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}",
"ARNRegex": "^arn:aws:kinesisanalytics:.+:[0-9]+:application/[a-zA-Z0-9_.-]+",
"Actions": [
"AddApplicationCloudWatchLoggingOption",
"AddApplicationInput",
"AddApplicationInputProcessingConfiguration",
"AddApplicationOutput",
"AddApplicationReferenceDataSource",
"AddApplicationVpcConfiguration",
"CreateApplication",
"CreateApplicationPresignedUrl",
"CreateApplicationSnapshot",
"DeleteApplication",
"DeleteApplicationCloudWatchLoggingOption",
"DeleteApplicationInputProcessingConfiguration",
"DeleteApplicationOutput",
"DeleteApplicationReferenceDataSource",
"DeleteApplicationSnapshot",
"DeleteApplicationVpcConfiguration",
"DescribeApplication",
"DescribeApplicationSnapshot",
"DescribeApplicationVersion",
"DiscoverInputSchema",
"ListApplicationSnapshots",
"ListApplicationVersions",
"ListApplications",
"ListTagsForResource",
"RollbackApplication",
"StartApplication",
"StopApplication",
"TagResource",
"UntagResource",
"UpdateApplication",
"UpdateApplicationMaintenanceConfiguration"
],
"HasResource": true,
"StringPrefix": "kinesisanalytics",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Kinesis Data Streams": {
"ARNFormat": "arn:aws:kinesis:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:kinesis:.+",
"Actions": [
"AddTagsToStream",
"CreateStream",
"DecreaseStreamRetentionPeriod",
"DeleteStream",
"DeregisterStreamConsumer",
"DescribeLimits",
"DescribeStream",
"DescribeStreamConsumer",
"DescribeStreamSummary",
"DisableEnhancedMonitoring",
"EnableEnhancedMonitoring",
"GetRecords",
"GetShardIterator",
"IncreaseStreamRetentionPeriod",
"ListShards",
"ListStreamConsumers",
"ListStreams",
"ListTagsForStream",
"MergeShards",
"PutRecord",
"PutRecords",
"RegisterStreamConsumer",
"RemoveTagsFromStream",
"SplitShard",
"StartStreamEncryption",
"StopStreamEncryption",
"SubscribeToShard",
"UpdateShardCount",
"UpdateStreamMode"
],
"HasResource": true,
"StringPrefix": "kinesis"
},
"Amazon Kinesis Firehose": {
"ARNFormat": "arn:aws:firehose:{Region}:{Account}:deliverystream/${DeliveryStreamName}",
"ARNRegex": "^arn:aws:firehose:.+:[0-9]+:deliverystream/.+",
"Actions": [
"CreateDeliveryStream",
"DeleteDeliveryStream",
"DescribeDeliveryStream",
"ListDeliveryStreams",
"ListTagsForDeliveryStream",
"PutRecord",
"PutRecordBatch",
"StartDeliveryStreamEncryption",
"StopDeliveryStreamEncryption",
"TagDeliveryStream",
"UntagDeliveryStream",
"UpdateDestination"
],
"HasResource": true,
"StringPrefix": "firehose",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Kinesis Video Streams": {
"ARNFormat": "arn:aws:kinesisvideo:${Region}:${Account}:${ResourceType}/${ResourceName}/${CreationTime}",
"ARNRegex": "^arn:aws:kinesisvideo:.+",
"Actions": [
"ConnectAsMaster",
"ConnectAsViewer",
"CreateSignalingChannel",
"CreateStream",
"DeleteSignalingChannel",
"DeleteStream",
"DescribeEdgeConfiguration",
"DescribeImageGenerationConfiguration",
"DescribeMappedResourceConfiguration",
"DescribeMediaStorageConfiguration",
"DescribeNotificationConfiguration",
"DescribeSignalingChannel",
"DescribeStream",
"GetClip",
"GetDASHStreamingSessionURL",
"GetDataEndpoint",
"GetHLSStreamingSessionURL",
"GetIceServerConfig",
"GetImages",
"GetMedia",
"GetMediaForFragmentList",
"GetSignalingChannelEndpoint",
"JoinStorageSession",
"ListFragments",
"ListSignalingChannels",
"ListStreams",
"ListTagsForResource",
"ListTagsForStream",
"PutMedia",
"SendAlexaOfferToMaster",
"StartEdgeConfigurationUpdate",
"TagResource",
"TagStream",
"UntagResource",
"UntagStream",
"UpdateDataRetention",
"UpdateImageGenerationConfiguration",
"UpdateMediaStorageConfiguration",
"UpdateNotificationConfiguration",
"UpdateSignalingChannel",
"UpdateStream",
"StartStreamEncryption"
],
"HasResource": true,
"StringPrefix": "kinesisvideo",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Lex": {
"ARNFormat": "arn:aws:lex:${Region}:${Account}:${Type}:${Name}",
"ARNRegex": "^arn:aws:lex:.+:[0-9]+:.+",
"Actions": [
"CreateBotVersion",
"CreateIntentVersion",
"CreateSlotTypeVersion",
"DeleteBot",
"DeleteBotAlias",
"DeleteBotChannelAssociation",
"DeleteBotVersion",
"DeleteIntent",
"DeleteIntentVersion",
"DeleteSession",
"DeleteSlotType",
"DeleteSlotTypeVersion",
"DeleteUtterances",
"GetBot",
"GetBotAlias",
"GetBotAliases",
"GetBotChannelAssociation",
"GetBotChannelAssociations",
"GetBotVersions",
"GetBots",
"GetBuiltinIntent",
"GetBuiltinIntents",
"GetBuiltinSlotTypes",
"GetExport",
"GetImport",
"GetIntent",
"GetIntentVersions",
"GetIntents",
"GetMigration",
"GetMigrations",
"GetSession",
"GetSlotType",
"GetSlotTypeVersions",
"GetSlotTypes",
"GetUtterancesView",
"ListTagsForResource",
"PostContent",
"PostText",
"PutBot",
"PutBotAlias",
"PutIntent",
"PutSession",
"PutSlotType",
"StartImport",
"StartMigration",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "lex",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"lex:associatedIntents",
"lex:associatedSlotTypes",
"lex:channelType"
]
},
"Amazon Lex V2": {
"ARNFormat": "arn:aws:lex:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:lex:.+:[0-9]+:.+",
"Actions": [
"BatchCreateCustomVocabularyItem",
"BatchDeleteCustomVocabularyItem",
"BatchUpdateCustomVocabularyItem",
"BuildBotLocale",
"CreateBot",
"CreateBotAlias",
"CreateBotChannel",
"CreateBotLocale",
"CreateBotVersion",
"CreateCustomVocabulary",
"CreateExport",
"CreateIntent",
"CreateResourcePolicy",
"CreateSlot",
"CreateSlotType",
"CreateUploadUrl",
"DeleteBot",
"DeleteBotAlias",
"DeleteBotChannel",
"DeleteBotLocale",
"DeleteBotVersion",
"DeleteCustomVocabulary",
"DeleteExport",
"DeleteImport",
"DeleteIntent",
"DeleteResourcePolicy",
"DeleteSession",
"DeleteSlot",
"DeleteSlotType",
"DeleteUtterances",
"DescribeBot",
"DescribeBotAlias",
"DescribeBotChannel",
"DescribeBotLocale",
"DescribeBotRecommendation",
"DescribeBotVersion",
"DescribeCustomVocabulary",
"DescribeCustomVocabularyMetadata",
"DescribeExport",
"DescribeImport",
"DescribeIntent",
"DescribeResourcePolicy",
"DescribeSlot",
"DescribeSlotType",
"GetSession",
"ListAggregatedUtterances",
"ListBotAliases",
"ListBotChannels",
"ListBotLocales",
"ListBotRecommendations",
"ListBotVersions",
"ListBots",
"ListBuiltInIntents",
"ListBuiltInSlotTypes",
"ListCustomVocabularyItems",
"ListExports",
"ListImports",
"ListIntents",
"ListRecommendedIntents",
"ListSlotTypes",
"ListSlots",
"ListTagsForResource",
"PutSession",
"RecognizeText",
"RecognizeUtterance",
"SearchAssociatedTranscripts",
"StartBotRecommendation",
"StartConversation",
"StartImport",
"StopBotRecommendation",
"TagResource",
"UntagResource",
"UpdateBot",
"UpdateBotAlias",
"UpdateBotLocale",
"UpdateBotRecommendation",
"UpdateCustomVocabulary",
"UpdateExport",
"UpdateIntent",
"UpdateResourcePolicy",
"UpdateSlot",
"UpdateSlotType"
],
"HasResource": true,
"StringPrefix": "lex",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Lightsail": {
"ARNFormat": "arn:aws:lightsail:${Region}:${Account}:${ResourceType}/${Id}",
"ARNRegex": "^arn:aws:lightsail:.+",
"Actions": [
"AllocateStaticIp",
"AttachCertificateToDistribution",
"AttachDisk",
"AttachInstancesToLoadBalancer",
"AttachLoadBalancerTlsCertificate",
"AttachStaticIp",
"CloseInstancePublicPorts",
"CopySnapshot",
"CreateBucket",
"CreateBucketAccessKey",
"CreateCertificate",
"CreateCloudFormationStack",
"CreateContactMethod",
"CreateContainerService",
"CreateContainerServiceDeployment",
"CreateContainerServiceRegistryLogin",
"CreateDisk",
"CreateDiskFromSnapshot",
"CreateDiskSnapshot",
"CreateDistribution",
"CreateDomain",
"CreateDomainEntry",
"CreateGUISessionAccessDetails",
"CreateInstanceSnapshot",
"CreateInstances",
"CreateInstancesFromSnapshot",
"CreateKeyPair",
"CreateLoadBalancer",
"CreateLoadBalancerTlsCertificate",
"CreateRelationalDatabase",
"CreateRelationalDatabaseFromSnapshot",
"CreateRelationalDatabaseSnapshot",
"DeleteAlarm",
"DeleteAutoSnapshot",
"DeleteBucket",
"DeleteBucketAccessKey",
"DeleteCertificate",
"DeleteContactMethod",
"DeleteContainerImage",
"DeleteContainerService",
"DeleteDisk",
"DeleteDiskSnapshot",
"DeleteDistribution",
"DeleteDomain",
"DeleteDomainEntry",
"DeleteInstance",
"DeleteInstanceSnapshot",
"DeleteKeyPair",
"DeleteKnownHostKeys",
"DeleteLoadBalancer",
"DeleteLoadBalancerTlsCertificate",
"DeleteRelationalDatabase",
"DeleteRelationalDatabaseSnapshot",
"DetachCertificateFromDistribution",
"DetachDisk",
"DetachInstancesFromLoadBalancer",
"DetachStaticIp",
"DisableAddOn",
"DownloadDefaultKeyPair",
"EnableAddOn",
"ExportSnapshot",
"GetActiveNames",
"GetAlarms",
"GetAutoSnapshots",
"GetBlueprints",
"GetBucketAccessKeys",
"GetBucketBundles",
"GetBucketMetricData",
"GetBuckets",
"GetBundles",
"GetCertificates",
"GetCloudFormationStackRecords",
"GetContactMethods",
"GetContainerAPIMetadata",
"GetContainerImages",
"GetContainerLog",
"GetContainerServiceDeployments",
"GetContainerServiceMetricData",
"GetContainerServicePowers",
"GetContainerServices",
"GetCostEstimate",
"GetDisk",
"GetDiskSnapshot",
"GetDiskSnapshots",
"GetDisks",
"GetDistributionBundles",
"GetDistributionLatestCacheReset",
"GetDistributionMetricData",
"GetDistributions",
"GetDomain",
"GetDomains",
"GetExportSnapshotRecords",
"GetInstance",
"GetInstanceAccessDetails",
"GetInstanceMetricData",
"GetInstancePortStates",
"GetInstanceSnapshot",
"GetInstanceSnapshots",
"GetInstanceState",
"GetInstances",
"GetKeyPair",
"GetKeyPairs",
"GetLoadBalancer",
"GetLoadBalancerMetricData",
"GetLoadBalancerTlsCertificates",
"GetLoadBalancerTlsPolicies",
"GetLoadBalancers",
"GetOperation",
"GetOperations",
"GetOperationsForResource",
"GetRegions",
"GetRelationalDatabase",
"GetRelationalDatabaseBlueprints",
"GetRelationalDatabaseBundles",
"GetRelationalDatabaseEvents",
"GetRelationalDatabaseLogEvents",
"GetRelationalDatabaseLogStreams",
"GetRelationalDatabaseMasterUserPassword",
"GetRelationalDatabaseMetricData",
"GetRelationalDatabaseParameters",
"GetRelationalDatabaseSnapshot",
"GetRelationalDatabaseSnapshots",
"GetRelationalDatabases",
"GetStaticIp",
"GetStaticIps",
"ImportKeyPair",
"IsVpcPeered",
"OpenInstancePublicPorts",
"PeerVpc",
"PutAlarm",
"PutInstancePublicPorts",
"RebootInstance",
"RebootRelationalDatabase",
"RegisterContainerImage",
"ReleaseStaticIp",
"ResetDistributionCache",
"SendContactMethodVerification",
"SetIpAddressType",
"SetResourceAccessForBucket",
"StartGUISession",
"StartInstance",
"StartRelationalDatabase",
"StopGUISession",
"StopInstance",
"StopRelationalDatabase",
"TagResource",
"TestAlarm",
"UnpeerVpc",
"UntagResource",
"UpdateBucket",
"UpdateBucketBundle",
"UpdateContainerService",
"UpdateDistribution",
"UpdateDistributionBundle",
"UpdateDomainEntry",
"UpdateInstanceMetadataOptions",
"UpdateLoadBalancerAttribute",
"UpdateRelationalDatabase",
"UpdateRelationalDatabaseParameters"
],
"HasResource": true,
"StringPrefix": "lightsail",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Location": {
"ARNFormat": "arn:aws:geo:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:geo:.+",
"Actions": [
"AssociateTrackerConsumer",
"BatchDeleteDevicePositionHistory",
"BatchDeleteGeofence",
"BatchEvaluateGeofences",
"BatchGetDevicePosition",
"BatchPutGeofence",
"BatchUpdateDevicePosition",
"CalculateRoute",
"CalculateRouteMatrix",
"CreateGeofenceCollection",
"CreateKey",
"CreateMap",
"CreatePlaceIndex",
"CreateRouteCalculator",
"CreateTracker",
"DeleteGeofenceCollection",
"DeleteKey",
"DeleteMap",
"DeletePlaceIndex",
"DeleteRouteCalculator",
"DeleteTracker",
"DescribeGeofenceCollection",
"DescribeKey",
"DescribeMap",
"DescribePlaceIndex",
"DescribeRouteCalculator",
"DescribeTracker",
"DisassociateTrackerConsumer",
"GetDevicePosition",
"GetDevicePositionHistory",
"GetGeofence",
"GetMapGlyphs",
"GetMapSprites",
"GetMapStyleDescriptor",
"GetMapTile",
"GetPlace",
"ListDevicePositions",
"ListGeofenceCollections",
"ListGeofences",
"ListKeys",
"ListMaps",
"ListPlaceIndexes",
"ListRouteCalculators",
"ListTagsForResource",
"ListTrackerConsumers",
"ListTrackers",
"PutGeofence",
"SearchPlaceIndexForPosition",
"SearchPlaceIndexForSuggestions",
"SearchPlaceIndexForText",
"TagResource",
"UntagResource",
"UpdateGeofenceCollection",
"UpdateKey",
"UpdateMap",
"UpdatePlaceIndex",
"UpdateRouteCalculator",
"UpdateTracker"
],
"HasResource": true,
"StringPrefix": "geo",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"geo:DeviceIds",
"geo:GeofenceIds"
]
},
"Amazon Lookout for Equipment": {
"ARNFormat": "arn:aws:lookoutequipment:${Region}:${Account}:${ResourceType}/${ResourceName}/${ResourceId}",
"ARNRegex": "^arn:aws:lookoutequipment:.+:.+:.+",
"Actions": [
"CreateDataset",
"CreateInferenceScheduler",
"CreateLabel",
"CreateLabelGroup",
"CreateModel",
"DeleteDataset",
"DeleteInferenceScheduler",
"DeleteLabel",
"DeleteLabelGroup",
"DeleteModel",
"DescribeDataIngestionJob",
"DescribeDataset",
"DescribeInferenceScheduler",
"DescribeLabelGroup",
"DescribeModel",
"Describelabel",
"ListDataIngestionJobs",
"ListDatasets",
"ListInferenceEvents",
"ListInferenceExecutions",
"ListInferenceSchedulers",
"ListLabelGroups",
"ListLabels",
"ListModels",
"ListSensorStatistics",
"ListTagsForResource",
"StartDataIngestionJob",
"StartInferenceScheduler",
"StopInferenceScheduler",
"TagResource",
"UntagResource",
"UpdateInferenceScheduler",
"UpdateLabelGroup"
],
"HasResource": true,
"StringPrefix": "lookoutequipment",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Lookout for Metrics": {
"ARNFormat": "arn:aws:lookoutmetrics:${Region}:${AccountId}:${ResourceType}:${ResourceName}",
"ARNRegex": "^arn:aws:lookoutmetrics:.+:.+:.+",
"Actions": [
"ActivateAnomalyDetector",
"BackTestAnomalyDetector",
"CreateAlert",
"CreateAnomalyDetector",
"CreateMetricSet",
"DeactivateAnomalyDetector",
"DeleteAlert",
"DeleteAnomalyDetector",
"DescribeAlert",
"DescribeAnomalyDetectionExecutions",
"DescribeAnomalyDetector",
"DescribeMetricSet",
"DetectMetricSetConfig",
"GetAnomalyGroup",
"GetDataQualityMetrics",
"GetFeedback",
"GetSampleData",
"ListAlerts",
"ListAnomalyDetectors",
"ListAnomalyGroupRelatedMetrics",
"ListAnomalyGroupSummaries",
"ListAnomalyGroupTimeSeries",
"ListMetricSets",
"ListTagsForResource",
"PutFeedback",
"TagResource",
"UntagResource",
"UpdateAlert",
"UpdateAnomalyDetector",
"UpdateMetricSet"
],
"HasResource": true,
"StringPrefix": "lookoutmetrics",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Lookout for Vision": {
"ARNFormat": "arn:aws:lookoutvision:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:lookoutvision:.+:.+:.+",
"Actions": [
"CreateDataset",
"CreateModel",
"CreateProject",
"DeleteDataset",
"DeleteModel",
"DeleteProject",
"DescribeDataset",
"DescribeModel",
"DescribeModelPackagingJob",
"DescribeProject",
"DescribeTrialDetection",
"DetectAnomalies",
"ListDatasetEntries",
"ListModelPackagingJobs",
"ListModels",
"ListProjects",
"ListTagsForResource",
"ListTrialDetections",
"StartModel",
"StartModelPackagingJob",
"StartTrialDetection",
"StopModel",
"TagResource",
"UntagResource",
"UpdateDatasetEntries"
],
"HasResource": true,
"StringPrefix": "lookoutvision",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon MQ": {
"ARNFormat": "arn:aws:mq:${Region}:${Account}:.+",
"ARNRegex": "^arn:aws:mq:.+",
"Actions": [
"CreateBroker",
"CreateConfiguration",
"CreateTags",
"CreateUser",
"DeleteBroker",
"DeleteTags",
"DeleteUser",
"DescribeBroker",
"DescribeBrokerEngineTypes",
"DescribeBrokerInstanceOptions",
"DescribeConfiguration",
"DescribeConfigurationRevision",
"DescribeUser",
"ListBrokers",
"ListConfigurationRevisions",
"ListConfigurations",
"ListTags",
"ListUsers",
"RebootBroker",
"UpdateBroker",
"UpdateConfiguration",
"UpdateUser"
],
"HasResource": true,
"StringPrefix": "mq",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Machine Learning": {
"ARNFormat": "arn:aws:machinelearning:${Region}:${Account}:${ResourceType}/${RelativeID}",
"ARNRegex": "^arn:aws:machinelearning:.+",
"Actions": [
"AddTags",
"CreateBatchPrediction",
"CreateDataSourceFromRDS",
"CreateDataSourceFromRedshift",
"CreateDataSourceFromS3",
"CreateEvaluation",
"CreateMLModel",
"CreateRealtimeEndpoint",
"DeleteBatchPrediction",
"DeleteDataSource",
"DeleteEvaluation",
"DeleteMLModel",
"DeleteRealtimeEndpoint",
"DeleteTags",
"DescribeBatchPredictions",
"DescribeDataSources",
"DescribeEvaluations",
"DescribeMLModels",
"DescribeTags",
"GetBatchPrediction",
"GetDataSource",
"GetEvaluation",
"GetMLModel",
"Predict",
"UpdateBatchPrediction",
"UpdateDataSource",
"UpdateEvaluation",
"UpdateMLModel"
],
"HasResource": true,
"StringPrefix": "machinelearning"
},
"Amazon Macie": {
"ARNFormat": "arn:aws:macie2:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:macie2:.+:.+:.+",
"Actions": [
"AcceptInvitation",
"BatchGetCustomDataIdentifiers",
"CreateAllowList",
"CreateClassificationJob",
"CreateCustomDataIdentifier",
"CreateFindingsFilter",
"CreateInvitations",
"CreateMember",
"CreateSampleFindings",
"DeclineInvitations",
"DeleteAllowList",
"DeleteCustomDataIdentifier",
"DeleteFindingsFilter",
"DeleteInvitations",
"DeleteMember",
"DescribeBuckets",
"DescribeClassificationJob",
"DescribeOrganizationConfiguration",
"DisableMacie",
"DisableOrganizationAdminAccount",
"DisassociateFromAdministratorAccount",
"DisassociateFromMasterAccount",
"DisassociateMember",
"EnableMacie",
"EnableOrganizationAdminAccount",
"GetAdministratorAccount",
"GetAllowList",
"GetAutomatedDiscoveryConfiguration",
"GetBucketStatistics",
"GetClassificationExportConfiguration",
"GetClassificationScope",
"GetCustomDataIdentifier",
"GetFindingStatistics",
"GetFindings",
"GetFindingsFilter",
"GetFindingsPublicationConfiguration",
"GetInvitationsCount",
"GetMacieSession",
"GetMasterAccount",
"GetMember",
"GetResourceProfile",
"GetRevealConfiguration",
"GetSensitiveDataOccurrences",
"GetSensitiveDataOccurrencesAvailability",
"GetSensitivityInspectionTemplate",
"GetUsageStatistics",
"GetUsageTotals",
"ListAllowLists",
"ListClassificationJobs",
"ListClassificationScopes",
"ListCustomDataIdentifiers",
"ListFindings",
"ListFindingsFilters",
"ListInvitations",
"ListManagedDataIdentifiers",
"ListMembers",
"ListOrganizationAdminAccounts",
"ListResourceProfileArtifacts",
"ListResourceProfileDetections",
"ListSensitivityInspectionTemplates",
"ListTagsForResource",
"PutClassificationExportConfiguration",
"PutFindingsPublicationConfiguration",
"SearchResources",
"TagResource",
"TestCustomDataIdentifier",
"UntagResource",
"UpdateAllowList",
"UpdateAutomatedDiscoveryConfiguration",
"UpdateClassificationJob",
"UpdateClassificationScope",
"UpdateFindingsFilter",
"UpdateMacieSession",
"UpdateMemberSession",
"UpdateOrganizationConfiguration",
"UpdateResourceProfile",
"UpdateResourceProfileDetections",
"UpdateRevealConfiguration",
"UpdateSensitivityInspectionTemplate"
],
"HasResource": true,
"StringPrefix": "macie2",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Managed Blockchain": {
"ARNFormat": "arn:aws:managedblockchain:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:managedblockchain:.*:[0-9]*:.+",
"Actions": [
"CreateAccessor",
"CreateMember",
"CreateNetwork",
"CreateNode",
"CreateProposal",
"DeleteAccessor",
"DeleteMember",
"DeleteNode",
"GET",
"GetAccessor",
"GetMember",
"GetNetwork",
"GetNode",
"GetProposal",
"Invoke",
"ListAccessors",
"ListInvitations",
"ListMembers",
"ListNetworks",
"ListNodes",
"ListProposalVotes",
"ListProposals",
"ListTagsForResource",
"POST",
"RejectInvitation",
"TagResource",
"UntagResource",
"UpdateMember",
"UpdateNode",
"VoteOnProposal"
],
"HasResource": true,
"StringPrefix": "managedblockchain",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Managed Grafana": {
"ARNFormat": "arn:aws:grafana:${Region}:${Account}:/${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:grafana:.+:.+:.+",
"Actions": [
"AssociateLicense",
"CreateWorkspace",
"CreateWorkspaceApiKey",
"DeleteWorkspace",
"DeleteWorkspaceApiKey",
"DescribeWorkspace",
"DescribeWorkspaceAuthentication",
"DescribeWorkspaceConfiguration",
"DisassociateLicense",
"ListPermissions",
"ListTagsForResource",
"ListWorkspaces",
"TagResource",
"UntagResource",
"UpdatePermissions",
"UpdateWorkspace",
"UpdateWorkspaceAuthentication",
"UpdateWorkspaceConfiguration"
],
"HasResource": true,
"StringPrefix": "grafana",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Managed Service for Prometheus": {
"ARNFormat": "arn:aws:aps:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:aps:.+:.+:.+",
"Actions": [
"CreateAlertManagerAlerts",
"CreateAlertManagerDefinition",
"CreateLoggingConfiguration",
"CreateRuleGroupsNamespace",
"CreateWorkspace",
"DeleteAlertManagerDefinition",
"DeleteAlertManagerSilence",
"DeleteLoggingConfiguration",
"DeleteRuleGroupsNamespace",
"DeleteWorkspace",
"DescribeAlertManagerDefinition",
"DescribeLoggingConfiguration",
"DescribeRuleGroupsNamespace",
"DescribeWorkspace",
"GetAlertManagerSilence",
"GetAlertManagerStatus",
"GetLabels",
"GetMetricMetadata",
"GetSeries",
"ListAlertManagerAlertGroups",
"ListAlertManagerAlerts",
"ListAlertManagerReceivers",
"ListAlertManagerSilences",
"ListAlerts",
"ListRuleGroupsNamespaces",
"ListRules",
"ListTagsForResource",
"ListWorkspaces",
"PutAlertManagerDefinition",
"PutAlertManagerSilences",
"PutRuleGroupsNamespace",
"QueryMetrics",
"RemoteWrite",
"TagResource",
"UntagResource",
"UpdateLoggingConfiguration",
"UpdateWorkspaceAlias"
],
"HasResource": true,
"StringPrefix": "aps",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Managed Streaming for Apache Kafka": {
"ARNFormat": "arn:aws:kafka:${Region}:${Account}:${ResourceType}/${ResourceName}/${Uuid}",
"ARNRegex": "^arn:aws:kafka:.+",
"Actions": [
"BatchAssociateScramSecret",
"BatchDisassociateScramSecret",
"CreateCluster",
"CreateClusterV2",
"CreateConfiguration",
"CreateVpcConnection",
"DeleteCluster",
"DeleteClusterPolicy",
"DeleteConfiguration",
"DeleteVpcConnection",
"DescribeCluster",
"DescribeClusterOperation",
"DescribeClusterV2",
"DescribeConfiguration",
"DescribeConfigurationRevision",
"DescribeVpcConnection",
"GetBootstrapBrokers",
"GetClusterPolicy",
"GetCompatibleKafkaVersions",
"ListClientVpcConnections",
"ListClusterOperations",
"ListClusters",
"ListClustersV2",
"ListConfigurationRevisions",
"ListConfigurations",
"ListKafkaVersions",
"ListNodes",
"ListScramSecrets",
"ListTagsForResource",
"ListVpcConnections",
"PutClusterPolicy",
"RebootBroker",
"RejectClientVpcConnection",
"TagResource",
"UntagResource",
"UpdateBrokerCount",
"UpdateBrokerStorage",
"UpdateBrokerType",
"UpdateClusterConfiguration",
"UpdateClusterKafkaVersion",
"UpdateConfiguration",
"UpdateConnectivity",
"UpdateMonitoring",
"UpdateSecurity",
"UpdateStorage"
],
"HasResource": true,
"StringPrefix": "kafka",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"kafka:publicAccessEnabled"
]
},
"Amazon Managed Streaming for Kafka Connect": {
"ARNFormat": "arn:aws:kafkaconnect:${Region}:${Account}:${ResourceType}/${ResourceName}/${UUID}",
"ARNRegex": "^arn:aws:kafkaconnect:.+",
"Actions": [
"CreateConnector",
"CreateCustomPlugin",
"CreateWorkerConfiguration",
"DeleteConnector",
"DeleteCustomPlugin",
"DescribeConnector",
"DescribeCustomPlugin",
"DescribeWorkerConfiguration",
"ListConnectors",
"ListCustomPlugins",
"ListWorkerConfigurations",
"UpdateConnector"
],
"HasResource": true,
"StringPrefix": "kafkaconnect"
},
"Amazon Managed Workflows for Apache Airflow": {
"ARNFormat": "arn:aws:airflow:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:airflow:.+:.+:.+",
"Actions": [
"CreateCliToken",
"CreateEnvironment",
"CreateWebLoginToken",
"DeleteEnvironment",
"GetEnvironment",
"ListEnvironments",
"ListTagsForResource",
"PublishMetrics",
"TagResource",
"UntagResource",
"UpdateEnvironment"
],
"HasResource": true,
"StringPrefix": "airflow",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Mechanical Turk": {
"Actions": [
"AcceptQualificationRequest",
"ApproveAssignment",
"AssociateQualificationWithWorker",
"CreateAdditionalAssignmentsForHIT",
"CreateHIT",
"CreateHITType",
"CreateHITWithHITType",
"CreateQualificationType",
"CreateWorkerBlock",
"DeleteHIT",
"DeleteQualificationType",
"DeleteWorkerBlock",
"DisassociateQualificationFromWorker",
"GetAccountBalance",
"GetAssignment",
"GetFileUploadURL",
"GetHIT",
"GetQualificationScore",
"GetQualificationType",
"ListAssignmentsForHIT",
"ListBonusPayments",
"ListHITs",
"ListHITsForQualificationType",
"ListQualificationRequests",
"ListQualificationTypes",
"ListReviewPolicyResultsForHIT",
"ListReviewableHITs",
"ListWorkerBlocks",
"ListWorkersWithQualificationType",
"NotifyWorkers",
"RejectAssignment",
"RejectQualificationRequest",
"SendBonus",
"SendTestEventNotification",
"UpdateExpirationForHIT",
"UpdateHITReviewStatus",
"UpdateHITTypeOfHIT",
"UpdateNotificationSettings",
"UpdateQualificationType"
],
"HasResource": false,
"StringPrefix": "mechanicalturk"
},
"Amazon MemoryDB": {
"ARNFormat": "arn:aws:memorydb:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:memorydb:.+:.+:.+",
"Actions": [
"BatchUpdateCluster",
"CopySnapshot",
"CreateAcl",
"CreateCluster",
"CreateParameterGroup",
"CreateSnapshot",
"CreateSubnetGroup",
"CreateUser",
"DeleteAcl",
"DeleteCluster",
"DeleteParameterGroup",
"DeleteSnapshot",
"DeleteSubnetGroup",
"DeleteUser",
"DescribeAcls",
"DescribeClusters",
"DescribeEngineVersions",
"DescribeEvents",
"DescribeParameterGroups",
"DescribeParameters",
"DescribeReservedNodes",
"DescribeReservedNodesOfferings",
"DescribeServiceUpdates",
"DescribeSnapshots",
"DescribeSubnetGroups",
"DescribeUsers",
"FailoverShard",
"ListAllowedNodeTypeUpdates",
"ListTags",
"PurchaseReservedNodesOffering",
"ResetParameterGroup",
"TagResource",
"UntagResource",
"UpdateAcl",
"UpdateCluster",
"UpdateParameterGroup",
"UpdateSubnetGroup",
"UpdateUser"
],
"HasResource": true,
"StringPrefix": "memorydb",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Message Delivery Service": {
"Actions": [
"AcknowledgeMessage",
"DeleteMessage",
"FailMessage",
"GetEndpoint",
"GetMessages",
"SendReply"
],
"HasResource": false,
"StringPrefix": "ec2messages",
"conditionKeys": [
"ssm:SourceInstanceARN"
]
},
"Amazon Mobile Analytics": {
"Actions": [
"GetFinancialReports",
"GetReports",
"PutEvents"
],
"HasResource": false,
"StringPrefix": "mobileanalytics"
},
"Amazon Monitron": {
"ARNFormat": "arn:aws:monitron:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:monitron:.+:.+:.+",
"Actions": [
"AssociateProjectAdminUser",
"CreateProject",
"DeleteProject",
"DisassociateProjectAdminUser",
"GetProject",
"GetProjectAdminUser",
"ListProjectAdminUsers",
"ListProjects",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateProject"
],
"HasResource": true,
"StringPrefix": "monitron",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Neptune": {
"ARNFormat": "arn:aws:neptune-db:${Region}:${Account}:${Id}/*",
"ARNRegex": "^arn:aws:neptune-db:.+",
"Actions": [
"CancelLoaderJob",
"CancelMLDataProcessingJob",
"CancelMLModelTrainingJob",
"CancelMLModelTransformJob",
"CancelQuery",
"CreateMLEndpoint",
"DeleteDataViaQuery",
"DeleteMLEndpoint",
"DeleteStatistics",
"GetEngineStatus",
"GetGraphSummary",
"GetLoaderJobStatus",
"GetMLDataProcessingJobStatus",
"GetMLEndpointStatus",
"GetMLModelTrainingJobStatus",
"GetMLModelTransformJobStatus",
"GetQueryStatus",
"GetStatisticsStatus",
"GetStreamRecords",
"ListLoaderJobs",
"ListMLDataProcessingJobs",
"ListMLEndpoints",
"ListMLModelTrainingJobs",
"ListMLModelTransformJobs",
"ManageStatistics",
"ReadDataViaQuery",
"ResetDatabase",
"StartLoaderJob",
"StartMLDataProcessingJob",
"StartMLModelTrainingJob",
"StartMLModelTransformJob",
"WriteDataViaQuery",
"connect"
],
"HasResource": true,
"StringPrefix": "neptune-db",
"conditionKeys": [
"neptune-db:QueryLanguage"
]
},
"Amazon Nimble Studio": {
"ARNFormat": "arn:aws:nimble:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:nimble:.+:.+:.+",
"Actions": [
"AcceptEulas",
"CreateLaunchProfile",
"CreateStreamingImage",
"CreateStreamingSession",
"CreateStreamingSessionStream",
"CreateStudio",
"CreateStudioComponent",
"DeleteLaunchProfile",
"DeleteLaunchProfileMember",
"DeleteStreamingImage",
"DeleteStreamingSession",
"DeleteStudio",
"DeleteStudioComponent",
"DeleteStudioMember",
"GetEula",
"GetFeatureMap",
"GetLaunchProfile",
"GetLaunchProfileDetails",
"GetLaunchProfileInitialization",
"GetLaunchProfileMember",
"GetStreamingImage",
"GetStreamingSession",
"GetStreamingSessionBackup",
"GetStreamingSessionStream",
"GetStudio",
"GetStudioComponent",
"GetStudioMember",
"ListEulaAcceptances",
"ListEulas",
"ListLaunchProfileMembers",
"ListLaunchProfiles",
"ListStreamingImages",
"ListStreamingSessionBackups",
"ListStreamingSessions",
"ListStudioComponents",
"ListStudioMembers",
"ListStudios",
"ListTagsForResource",
"PutLaunchProfileMembers",
"PutStudioLogEvents",
"PutStudioMembers",
"StartStreamingSession",
"StartStudioSSOConfigurationRepair",
"StopStreamingSession",
"TagResource",
"UntagResource",
"UpdateLaunchProfile",
"UpdateLaunchProfileMember",
"UpdateStreamingImage",
"UpdateStudio",
"UpdateStudioComponent"
],
"HasResource": true,
"StringPrefix": "nimble",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"nimble:createdBy",
"nimble:ownedBy",
"nimble:principalId",
"nimble:requesterPrincipalId",
"nimble:studioId"
]
},
"Amazon Omics": {
"ARNFormat": "arn:aws:omics:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:omics:${Region}:${Account}:${ResourceType}/.+?",
"Actions": [
"BatchDeleteReadSet",
"CancelAnnotationImportJob",
"CancelRun",
"CancelVariantImportJob",
"CreateAnnotationStore",
"CreateReferenceStore",
"CreateRunGroup",
"CreateSequenceStore",
"CreateVariantStore",
"CreateWorkflow",
"DeleteAnnotationStore",
"DeleteReference",
"DeleteReferenceStore",
"DeleteRun",
"DeleteRunGroup",
"DeleteSequenceStore",
"DeleteVariantStore",
"DeleteWorkflow",
"GetAnnotationImportJob",
"GetAnnotationStore",
"GetReadSet",
"GetReadSetActivationJob",
"GetReadSetExportJob",
"GetReadSetImportJob",
"GetReadSetMetadata",
"GetReference",
"GetReferenceImportJob",
"GetReferenceMetadata",
"GetReferenceStore",
"GetRun",
"GetRunGroup",
"GetRunTask",
"GetSequenceStore",
"GetVariantImportJob",
"GetVariantStore",
"GetWorkflow",
"ListAnnotationImportJobs",
"ListAnnotationStores",
"ListReadSetActivationJobs",
"ListReadSetExportJobs",
"ListReadSetImportJobs",
"ListReadSets",
"ListReferenceImportJobs",
"ListReferenceStores",
"ListReferences",
"ListRunGroups",
"ListRunTasks",
"ListRuns",
"ListSequenceStores",
"ListTagsForResource",
"ListVariantImportJobs",
"ListVariantStores",
"ListWorkflows",
"StartAnnotationImportJob",
"StartReadSetActivationJob",
"StartReadSetExportJob",
"StartReadSetImportJob",
"StartReferenceImportJob",
"StartRun",
"StartVariantImportJob",
"TagResource",
"UntagResource",
"UpdateAnnotationStore",
"UpdateRunGroup",
"UpdateVariantStore",
"UpdateWorkflow"
],
"HasResource": true,
"StringPrefix": "omics",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"omics:AnnotationImportJobJobId",
"omics:AnnotationStoreName",
"omics:VariantImportJobJobId",
"omics:VariantStoreName"
]
},
"Amazon OpenSearch Ingestion": {
"ARNFormat": "arn:aws:osis:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:osis:.+:.+:.+",
"Actions": [
"CreatePipeline",
"DeletePipeline",
"GetPipeline",
"GetPipelineBlueprint",
"GetPipelineChangeProgress",
"Ingest",
"ListPipelineBlueprints",
"ListPipelines",
"ListTagsForResource",
"StartPipeline",
"StopPipeline",
"TagResource",
"UntagResource",
"UpdatePipeline",
"ValidatePipeline"
],
"HasResource": true,
"StringPrefix": "osis",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon OpenSearch Serverless": {
"ARNFormat": "arn:aws:aoss:${Region}:${Account}:${Resource}",
"ARNRegex": "^arn:aws:aoss:.+",
"Actions": [
"APIAccessAll",
"BatchGetCollection",
"BatchGetVpcEndpoint",
"CreateAccessPolicy",
"CreateCollection",
"CreateSecurityConfig",
"CreateSecurityPolicy",
"CreateVpcEndpoint",
"DashboardsAccessAll",
"DeleteAccessPolicy",
"DeleteCollection",
"DeleteSecurityConfig",
"DeleteSecurityPolicy",
"DeleteVpcEndpoint",
"GetAccessPolicy",
"GetAccountSettings",
"GetPoliciesStats",
"GetSecurityConfig",
"GetSecurityPolicy",
"ListAccessPolicies",
"ListCollections",
"ListSecurityConfigs",
"ListSecurityPolicies",
"ListTagsForResource",
"ListVpcEndpoints",
"TagResource",
"UntagResource",
"UpdateAccessPolicy",
"UpdateAccountSettings",
"UpdateCollection",
"UpdateSecurityConfig",
"UpdateSecurityPolicy",
"UpdateVpcEndpoint"
],
"HasResource": true,
"StringPrefix": "aoss",
"conditionKeys": [
"aoss:CollectionId",
"aoss:collection",
"aoss:index",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon OpenSearch Service": {
"ARNFormat": "arn:aws:es:${Region}:${Account}:${Resource}",
"ARNRegex": "^arn:aws:es:.+",
"Actions": [
"AcceptInboundConnection",
"AcceptInboundCrossClusterSearchConnection",
"AddTags",
"AssociatePackage",
"AuthorizeVpcEndpointAccess",
"CancelElasticsearchServiceSoftwareUpdate",
"CancelServiceSoftwareUpdate",
"CreateDomain",
"CreateElasticsearchDomain",
"CreateElasticsearchServiceRole",
"CreateOutboundConnection",
"CreateOutboundCrossClusterSearchConnection",
"CreatePackage",
"CreateServiceRole",
"CreateVpcEndpoint",
"DeleteDomain",
"DeleteElasticsearchDomain",
"DeleteElasticsearchServiceRole",
"DeleteInboundConnection",
"DeleteInboundCrossClusterSearchConnection",
"DeleteOutboundConnection",
"DeleteOutboundCrossClusterSearchConnection",
"DeletePackage",
"DeleteVpcEndpoint",
"DescribeDomain",
"DescribeDomainAutoTunes",
"DescribeDomainChangeProgress",
"DescribeDomainConfig",
"DescribeDomainHealth",
"DescribeDomainNodes",
"DescribeDomains",
"DescribeDryRunProgress",
"DescribeElasticsearchDomain",
"DescribeElasticsearchDomainConfig",
"DescribeElasticsearchDomains",
"DescribeElasticsearchInstanceTypeLimits",
"DescribeInboundConnections",
"DescribeInboundCrossClusterSearchConnections",
"DescribeInstanceTypeLimits",
"DescribeOutboundConnections",
"DescribeOutboundCrossClusterSearchConnections",
"DescribePackages",
"DescribeReservedElasticsearchInstanceOfferings",
"DescribeReservedElasticsearchInstances",
"DescribeReservedInstanceOfferings",
"DescribeReservedInstances",
"DescribeVpcEndpoints",
"DissociatePackage",
"ESCrossClusterGet",
"ESHttpDelete",
"ESHttpGet",
"ESHttpHead",
"ESHttpPatch",
"ESHttpPost",
"ESHttpPut",
"GetCompatibleElasticsearchVersions",
"GetCompatibleVersions",
"GetPackageVersionHistory",
"GetUpgradeHistory",
"GetUpgradeStatus",
"ListDomainNames",
"ListDomainsForPackage",
"ListElasticsearchInstanceTypeDetails",
"ListElasticsearchInstanceTypes",
"ListElasticsearchVersions",
"ListInstanceTypeDetails",
"ListPackagesForDomain",
"ListScheduledActions",
"ListTags",
"ListVersions",
"ListVpcEndpointAccess",
"ListVpcEndpoints",
"ListVpcEndpointsForDomain",
"PurchaseReservedElasticsearchInstanceOffering",
"PurchaseReservedInstanceOffering",
"RejectInboundConnection",
"RejectInboundCrossClusterSearchConnection",
"RemoveTags",
"RevokeVpcEndpointAccess",
"StartElasticsearchServiceSoftwareUpdate",
"StartServiceSoftwareUpdate",
"UpdateDomainConfig",
"UpdateElasticsearchDomainConfig",
"UpdatePackage",
"UpdateScheduledAction",
"UpdateVpcEndpoint",
"UpgradeDomain",
"UpgradeElasticsearchDomain"
],
"HasResource": true,
"StringPrefix": "es",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Personalize": {
"ARNFormat": "arn:aws:personalize:${Region}:${Account}:${Resourcename}/${ResourceId}",
"ARNRegex": "^arn:aws:personalize:.+:.+:.+",
"Actions": [
"CreateBatchInferenceJob",
"CreateBatchSegmentJob",
"CreateCampaign",
"CreateDataset",
"CreateDatasetExportJob",
"CreateDatasetGroup",
"CreateDatasetImportJob",
"CreateEventTracker",
"CreateFilter",
"CreateMetricAttribution",
"CreateRecommender",
"CreateSchema",
"CreateSolution",
"CreateSolutionVersion",
"DeleteCampaign",
"DeleteDataset",
"DeleteDatasetGroup",
"DeleteEventTracker",
"DeleteFilter",
"DeleteMetricAttribution",
"DeleteRecommender",
"DeleteSchema",
"DeleteSolution",
"DescribeAlgorithm",
"DescribeBatchInferenceJob",
"DescribeBatchSegmentJob",
"DescribeCampaign",
"DescribeDataset",
"DescribeDatasetExportJob",
"DescribeDatasetGroup",
"DescribeDatasetImportJob",
"DescribeEventTracker",
"DescribeFeatureTransformation",
"DescribeFilter",
"DescribeMetricAttribution",
"DescribeRecipe",
"DescribeRecommender",
"DescribeSchema",
"DescribeSolution",
"DescribeSolutionVersion",
"GetPersonalizedRanking",
"GetRecommendations",
"GetSolutionMetrics",
"ListBatchInferenceJobs",
"ListBatchSegmentJobs",
"ListCampaigns",
"ListDatasetExportJobs",
"ListDatasetGroups",
"ListDatasetImportJobs",
"ListDatasets",
"ListEventTrackers",
"ListFilters",
"ListMetricAttributionMetrics",
"ListMetricAttributions",
"ListRecipes",
"ListRecommenders",
"ListSchemas",
"ListSolutionVersions",
"ListSolutions",
"ListTagsForResource",
"PutEvents",
"PutItems",
"PutUsers",
"StartRecommender",
"StopRecommender",
"StopSolutionVersionCreation",
"TagResource",
"UntagResource",
"UpdateCampaign",
"UpdateMetricAttribution",
"UpdateRecommender"
],
"HasResource": true,
"StringPrefix": "personalize"
},
"Amazon Pinpoint": {
"ARNFormat": "arn:aws:mobiletargeting:${Region}:${Account}:.+",
"ARNRegex": "^arn:aws:mobiletargeting:.+",
"Actions": [
"CreateApp",
"CreateCampaign",
"CreateEmailTemplate",
"CreateExportJob",
"CreateImportJob",
"CreateInAppTemplate",
"CreateJourney",
"CreatePushTemplate",
"CreateRecommenderConfiguration",
"CreateSegment",
"CreateSmsTemplate",
"CreateVoiceTemplate",
"DeleteAdmChannel",
"DeleteApnsChannel",
"DeleteApnsSandboxChannel",
"DeleteApnsVoipChannel",
"DeleteApnsVoipSandboxChannel",
"DeleteApp",
"DeleteBaiduChannel",
"DeleteCampaign",
"DeleteEmailChannel",
"DeleteEmailTemplate",
"DeleteEndpoint",
"DeleteEventStream",
"DeleteGcmChannel",
"DeleteInAppTemplate",
"DeleteJourney",
"DeletePushTemplate",
"DeleteRecommenderConfiguration",
"DeleteSegment",
"DeleteSmsChannel",
"DeleteSmsTemplate",
"DeleteUserEndpoints",
"DeleteVoiceChannel",
"DeleteVoiceTemplate",
"GetAdmChannel",
"GetApnsChannel",
"GetApnsSandboxChannel",
"GetApnsVoipChannel",
"GetApnsVoipSandboxChannel",
"GetApp",
"GetApplicationDateRangeKpi",
"GetApplicationSettings",
"GetApps",
"GetBaiduChannel",
"GetCampaign",
"GetCampaignActivities",
"GetCampaignDateRangeKpi",
"GetCampaignVersion",
"GetCampaignVersions",
"GetCampaigns",
"GetChannels",
"GetEmailChannel",
"GetEmailTemplate",
"GetEndpoint",
"GetEventStream",
"GetExportJob",
"GetExportJobs",
"GetGcmChannel",
"GetImportJob",
"GetImportJobs",
"GetInAppMessages",
"GetInAppTemplate",
"GetJourney",
"GetJourneyDateRangeKpi",
"GetJourneyExecutionActivityMetrics",
"GetJourneyExecutionMetrics",
"GetJourneyRunExecutionActivityMetrics",
"GetJourneyRunExecutionMetrics",
"GetJourneyRuns",
"GetPushTemplate",
"GetRecommenderConfiguration",
"GetRecommenderConfigurations",
"GetReports",
"GetSegment",
"GetSegmentExportJobs",
"GetSegmentImportJobs",
"GetSegmentVersion",
"GetSegmentVersions",
"GetSegments",
"GetSmsChannel",
"GetSmsTemplate",
"GetUserEndpoints",
"GetVoiceChannel",
"GetVoiceTemplate",
"ListJourneys",
"ListTagsForResource",
"ListTemplateVersions",
"ListTemplates",
"PhoneNumberValidate",
"PutEventStream",
"PutEvents",
"RemoveAttributes",
"SendMessages",
"SendOTPMessage",
"SendUsersMessages",
"TagResource",
"UntagResource",
"UpdateAdmChannel",
"UpdateApnsChannel",
"UpdateApnsSandboxChannel",
"UpdateApnsVoipChannel",
"UpdateApnsVoipSandboxChannel",
"UpdateApplicationSettings",
"UpdateBaiduChannel",
"UpdateCampaign",
"UpdateEmailChannel",
"UpdateEmailTemplate",
"UpdateEndpoint",
"UpdateEndpointsBatch",
"UpdateGcmChannel",
"UpdateInAppTemplate",
"UpdateJourney",
"UpdateJourneyState",
"UpdatePushTemplate",
"UpdateRecommenderConfiguration",
"UpdateSegment",
"UpdateSmsChannel",
"UpdateSmsTemplate",
"UpdateTemplateActiveVersion",
"UpdateVoiceChannel",
"UpdateVoiceTemplate",
"VerifyOTPMessage"
],
"HasResource": true,
"StringPrefix": "mobiletargeting",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Pinpoint Email Service": {
"ARNFormat": "arn:aws:ses:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:ses:.+:[0-9]+:.+",
"Actions": [
"CreateConfigurationSet",
"CreateConfigurationSetEventDestination",
"CreateDedicatedIpPool",
"CreateDeliverabilityTestReport",
"CreateEmailIdentity",
"DeleteConfigurationSet",
"DeleteConfigurationSetEventDestination",
"DeleteDedicatedIpPool",
"DeleteEmailIdentity",
"GetAccount",
"GetBlacklistReports",
"GetConfigurationSet",
"GetConfigurationSetEventDestinations",
"GetDedicatedIp",
"GetDedicatedIps",
"GetDeliverabilityDashboardOptions",
"GetDeliverabilityTestReport",
"GetDomainDeliverabilityCampaign",
"GetDomainStatisticsReport",
"GetEmailIdentity",
"ListConfigurationSets",
"ListDedicatedIpPools",
"ListDeliverabilityTestReports",
"ListDomainDeliverabilityCampaigns",
"ListEmailIdentities",
"ListTagsForResource",
"PutAccountDedicatedIpWarmupAttributes",
"PutAccountSendingAttributes",
"PutConfigurationSetDeliveryOptions",
"PutConfigurationSetReputationOptions",
"PutConfigurationSetSendingOptions",
"PutConfigurationSetTrackingOptions",
"PutDedicatedIpInPool",
"PutDedicatedIpWarmupAttributes",
"PutDeliverabilityDashboardOption",
"PutEmailIdentityDkimAttributes",
"PutEmailIdentityFeedbackAttributes",
"PutEmailIdentityMailFromAttributes",
"SendEmail",
"TagResource",
"UntagResource",
"UpdateConfigurationSetEventDestination"
],
"HasResource": true,
"StringPrefix": "ses",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"ses:ApiVersion",
"ses:FeedbackAddress",
"ses:FromAddress",
"ses:FromDisplayName",
"ses:Recipients"
]
},
"Amazon Pinpoint SMS Voice V2": {
"ARNFormat": "arn:aws:sms-voice:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:sms-voice:.+",
"Actions": [
"AssociateOriginationIdentity",
"CreateConfigurationSet",
"CreateEventDestination",
"CreateOptOutList",
"CreatePool",
"DeleteConfigurationSet",
"DeleteDefaultMessageType",
"DeleteDefaultSenderId",
"DeleteEventDestination",
"DeleteKeyword",
"DeleteOptOutList",
"DeleteOptedOutNumber",
"DeletePool",
"DeleteTextMessageSpendLimitOverride",
"DeleteVoiceMessageSpendLimitOverride",
"DescribeAccountAttributes",
"DescribeAccountLimits",
"DescribeConfigurationSets",
"DescribeKeywords",
"DescribeOptOutLists",
"DescribeOptedOutNumbers",
"DescribePhoneNumbers",
"DescribePools",
"DescribeSenderIds",
"DescribeSpendLimits",
"DisassociateOriginationIdentity",
"ListPoolOriginationIdentities",
"ListTagsForResource",
"PutKeyword",
"PutOptedOutNumber",
"ReleasePhoneNumber",
"RequestPhoneNumber",
"SendTextMessage",
"SendVoiceMessage",
"SetDefaultMessageType",
"SetDefaultSenderId",
"SetTextMessageSpendLimitOverride",
"SetVoiceMessageSpendLimitOverride",
"TagResource",
"UntagResource",
"UpdateEventDestination",
"UpdatePhoneNumber",
"UpdatePool"
],
"HasResource": true,
"StringPrefix": "sms-voice",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Pinpoint SMS and Voice Service": {
"ARNFormat": "arn:aws:sms-voice:<region>:<account-id>:<resource-type>/<resource_name>",
"ARNRegex": "^arn:aws:sms-voice:.+:.+:.+",
"Actions": [
"CreateConfigurationSet",
"CreateConfigurationSetEventDestination",
"DeleteConfigurationSet",
"DeleteConfigurationSetEventDestination",
"GetConfigurationSetEventDestinations",
"ListConfigurationSets",
"SendVoiceMessage",
"UpdateConfigurationSetEventDestination"
],
"HasResource": false,
"StringPrefix": "sms-voice"
},
"Amazon Polly": {
"ARNFormat": "arn:aws:polly:${Region}:${Account}:lexicon/${RelativeId}",
"ARNRegex": "^arn:aws:polly:${Region}:.+",
"Actions": [
"DeleteLexicon",
"DescribeVoices",
"GetLexicon",
"GetSpeechSynthesisTask",
"ListLexicons",
"ListSpeechSynthesisTasks",
"PutLexicon",
"StartSpeechSynthesisTask",
"SynthesizeSpeech"
],
"HasResource": true,
"StringPrefix": "polly"
},
"Amazon QLDB": {
"ARNFormat": "arn:aws:qldb:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:qldb:.+",
"Actions": [
"CancelJournalKinesisStream",
"CreateLedger",
"DeleteLedger",
"DescribeJournalKinesisStream",
"DescribeJournalS3Export",
"DescribeLedger",
"ExecuteStatement",
"ExportJournalToS3",
"GetBlock",
"GetDigest",
"GetRevision",
"InsertSampleData",
"ListJournalKinesisStreamsForLedger",
"ListJournalS3Exports",
"ListJournalS3ExportsForLedger",
"ListLedgers",
"ListTagsForResource",
"PartiQLCreateIndex",
"PartiQLCreateTable",
"PartiQLDelete",
"PartiQLDropIndex",
"PartiQLDropTable",
"PartiQLHistoryFunction",
"PartiQLInsert",
"PartiQLRedact",
"PartiQLSelect",
"PartiQLUndropTable",
"PartiQLUpdate",
"SendCommand",
"ShowCatalog",
"StreamJournalToKinesis",
"TagResource",
"UntagResource",
"UpdateLedger",
"UpdateLedgerPermissionsMode"
],
"HasResource": true,
"StringPrefix": "qldb",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"qldb:Purge"
]
},
"Amazon QuickSight": {
"ARNFormat": "arn:aws:quicksight:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:quicksight:.+",
"Actions": [
"AccountConfigurations",
"CancelIngestion",
"CreateAccountCustomization",
"CreateAccountSubscription",
"CreateAdmin",
"CreateAnalysis",
"CreateCustomPermissions",
"CreateDashboard",
"CreateDataSet",
"CreateDataSource",
"CreateEmailCustomizationTemplate",
"CreateFolder",
"CreateFolderMembership",
"CreateGroup",
"CreateGroupMembership",
"CreateIAMPolicyAssignment",
"CreateIngestion",
"CreateNamespace",
"CreateReader",
"CreateRefreshSchedule",
"CreateTemplate",
"CreateTemplateAlias",
"CreateTheme",
"CreateThemeAlias",
"CreateUser",
"CreateVPCConnection",
"DeleteAccountCustomization",
"DeleteAccountSubscription",
"DeleteAnalysis",
"DeleteCustomPermissions",
"DeleteDashboard",
"DeleteDataSet",
"DeleteDataSetRefreshProperties",
"DeleteDataSource",
"DeleteEmailCustomizationTemplate",
"DeleteFolder",
"DeleteFolderMembership",
"DeleteGroup",
"DeleteGroupMembership",
"DeleteIAMPolicyAssignment",
"DeleteNamespace",
"DeleteRefreshSchedule",
"DeleteTemplate",
"DeleteTemplateAlias",
"DeleteTheme",
"DeleteThemeAlias",
"DeleteUser",
"DeleteUserByPrincipalId",
"DeleteVPCConnection",
"DescribeAccountCustomization",
"DescribeAccountSettings",
"DescribeAccountSubscription",
"DescribeAnalysis",
"DescribeAnalysisPermissions",
"DescribeCustomPermissions",
"DescribeDashboard",
"DescribeDashboardPermissions",
"DescribeDataSet",
"DescribeDataSetPermissions",
"DescribeDataSetRefreshProperties",
"DescribeDataSource",
"DescribeDataSourcePermissions",
"DescribeEmailCustomizationTemplate",
"DescribeFolder",
"DescribeFolderPermissions",
"DescribeFolderResolvedPermissions",
"DescribeGroup",
"DescribeGroupMembership",
"DescribeIAMPolicyAssignment",
"DescribeIngestion",
"DescribeIpRestriction",
"DescribeNamespace",
"DescribeRefreshSchedule",
"DescribeTemplate",
"DescribeTemplateAlias",
"DescribeTemplatePermissions",
"DescribeTheme",
"DescribeThemeAlias",
"DescribeThemePermissions",
"DescribeUser",
"DescribeVPCConnection",
"GenerateEmbedUrlForAnonymousUser",
"GenerateEmbedUrlForRegisteredUser",
"GetAnonymousUserEmbedUrl",
"GetAuthCode",
"GetDashboardEmbedUrl",
"GetGroupMapping",
"GetSessionEmbedUrl",
"ListAnalyses",
"ListCustomPermissions",
"ListDashboardVersions",
"ListDashboards",
"ListDataSets",
"ListDataSources",
"ListFolderMembers",
"ListFolders",
"ListGroupMemberships",
"ListGroups",
"ListIAMPolicyAssignments",
"ListIAMPolicyAssignmentsForUser",
"ListIngestions",
"ListNamespaces",
"ListRefreshSchedules",
"ListTagsForResource",
"ListTemplateAliases",
"ListTemplateVersions",
"ListTemplates",
"ListThemeAliases",
"ListThemeVersions",
"ListThemes",
"ListUserGroups",
"ListUsers",
"ListVPCConnections",
"PassDataSet",
"PassDataSource",
"PutDataSetRefreshProperties",
"RegisterUser",
"RestoreAnalysis",
"ScopeDownPolicy",
"SearchAnalyses",
"SearchDashboards",
"SearchDataSets",
"SearchDataSources",
"SearchDirectoryGroups",
"SearchFolders",
"SearchGroups",
"SetGroupMapping",
"Subscribe",
"TagResource",
"Unsubscribe",
"UntagResource",
"UpdateAccountCustomization",
"UpdateAccountSettings",
"UpdateAnalysis",
"UpdateAnalysisPermissions",
"UpdateCustomPermissions",
"UpdateDashboard",
"UpdateDashboardPermissions",
"UpdateDashboardPublishedVersion",
"UpdateDataSet",
"UpdateDataSetPermissions",
"UpdateDataSource",
"UpdateDataSourcePermissions",
"UpdateEmailCustomizationTemplate",
"UpdateFolder",
"UpdateFolderPermissions",
"UpdateGroup",
"UpdateIAMPolicyAssignment",
"UpdateIpRestriction",
"UpdatePublicSharingSettings",
"UpdateRefreshSchedule",
"UpdateResourcePermissions",
"UpdateTemplate",
"UpdateTemplateAlias",
"UpdateTemplatePermissions",
"UpdateTheme",
"UpdateThemeAlias",
"UpdateThemePermissions",
"UpdateUser",
"UpdateVPCConnection"
],
"HasResource": true,
"StringPrefix": "quicksight",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"quicksight:AllowedEmbeddingDomains",
"quicksight:DirectoryType",
"quicksight:Edition",
"quicksight:IamArn",
"quicksight:SessionName",
"quicksight:UserName"
]
},
"Amazon RDS": {
"ARNFormat": "arn:aws:rds:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:rds:.+",
"Actions": [
"AddRoleToDBCluster",
"AddRoleToDBInstance",
"AddSourceIdentifierToSubscription",
"AddTagsToResource",
"ApplyPendingMaintenanceAction",
"AuthorizeDBSecurityGroupIngress",
"BacktrackDBCluster",
"CancelExportTask",
"CopyDBClusterParameterGroup",
"CopyDBClusterSnapshot",
"CopyDBParameterGroup",
"CopyDBSnapshot",
"CopyOptionGroup",
"CreateBlueGreenDeployment",
"CreateCustomDBEngineVersion",
"CreateDBCluster",
"CreateDBClusterEndpoint",
"CreateDBClusterParameterGroup",
"CreateDBClusterSnapshot",
"CreateDBInstance",
"CreateDBInstanceReadReplica",
"CreateDBParameterGroup",
"CreateDBProxy",
"CreateDBProxyEndpoint",
"CreateDBSecurityGroup",
"CreateDBSnapshot",
"CreateDBSubnetGroup",
"CreateEventSubscription",
"CreateGlobalCluster",
"CreateOptionGroup",
"CrossRegionCommunication",
"DeleteBlueGreenDeployment",
"DeleteCustomDBEngineVersion",
"DeleteDBCluster",
"DeleteDBClusterEndpoint",
"DeleteDBClusterParameterGroup",
"DeleteDBClusterSnapshot",
"DeleteDBInstance",
"DeleteDBInstanceAutomatedBackup",
"DeleteDBParameterGroup",
"DeleteDBProxy",
"DeleteDBProxyEndpoint",
"DeleteDBSecurityGroup",
"DeleteDBSnapshot",
"DeleteDBSubnetGroup",
"DeleteEventSubscription",
"DeleteGlobalCluster",
"DeleteOptionGroup",
"DeregisterDBProxyTargets",
"DescribeAccountAttributes",
"DescribeBlueGreenDeployments",
"DescribeCertificates",
"DescribeDBClusterBacktracks",
"DescribeDBClusterEndpoints",
"DescribeDBClusterParameterGroups",
"DescribeDBClusterParameters",
"DescribeDBClusterSnapshotAttributes",
"DescribeDBClusterSnapshots",
"DescribeDBClusters",
"DescribeDBEngineVersions",
"DescribeDBInstanceAutomatedBackups",
"DescribeDBInstances",
"DescribeDBLogFiles",
"DescribeDBParameterGroups",
"DescribeDBParameters",
"DescribeDBProxies",
"DescribeDBProxyEndpoints",
"DescribeDBProxyTargetGroups",
"DescribeDBProxyTargets",
"DescribeDBSecurityGroups",
"DescribeDBSnapshotAttributes",
"DescribeDBSnapshots",
"DescribeDBSubnetGroups",
"DescribeEngineDefaultClusterParameters",
"DescribeEngineDefaultParameters",
"DescribeEventCategories",
"DescribeEventSubscriptions",
"DescribeEvents",
"DescribeExportTasks",
"DescribeGlobalClusters",
"DescribeOptionGroupOptions",
"DescribeOptionGroups",
"DescribeOrderableDBInstanceOptions",
"DescribePendingMaintenanceActions",
"DescribeRecommendationGroups",
"DescribeRecommendations",
"DescribeReservedDBInstances",
"DescribeReservedDBInstancesOfferings",
"DescribeSourceRegions",
"DescribeValidDBInstanceModifications",
"DownloadCompleteDBLogFile",
"DownloadDBLogFilePortion",
"FailoverDBCluster",
"FailoverGlobalCluster",
"ListTagsForResource",
"ModifyActivityStream",
"ModifyCertificates",
"ModifyCurrentDBClusterCapacity",
"ModifyCustomDBEngineVersion",
"ModifyDBCluster",
"ModifyDBClusterEndpoint",
"ModifyDBClusterParameterGroup",
"ModifyDBClusterSnapshotAttribute",
"ModifyDBInstance",
"ModifyDBParameterGroup",
"ModifyDBProxy",
"ModifyDBProxyEndpoint",
"ModifyDBProxyTargetGroup",
"ModifyDBSnapshot",
"ModifyDBSnapshotAttribute",
"ModifyDBSubnetGroup",
"ModifyEventSubscription",
"ModifyGlobalCluster",
"ModifyOptionGroup",
"ModifyRecommendation",
"PromoteReadReplica",
"PromoteReadReplicaDBCluster",
"PurchaseReservedDBInstancesOffering",
"RebootDBCluster",
"RebootDBInstance",
"RegisterDBProxyTargets",
"RemoveFromGlobalCluster",
"RemoveRoleFromDBCluster",
"RemoveRoleFromDBInstance",
"RemoveSourceIdentifierFromSubscription",
"RemoveTagsFromResource",
"ResetDBClusterParameterGroup",
"ResetDBParameterGroup",
"RestoreDBClusterFromS3",
"RestoreDBClusterFromSnapshot",
"RestoreDBClusterToPointInTime",
"RestoreDBInstanceFromDBSnapshot",
"RestoreDBInstanceFromS3",
"RestoreDBInstanceToPointInTime",
"RevokeDBSecurityGroupIngress",
"StartActivityStream",
"StartDBCluster",
"StartDBInstance",
"StartDBInstanceAutomatedBackupsReplication",
"StartExportTask",
"StopActivityStream",
"StopDBCluster",
"StopDBInstance",
"StopDBInstanceAutomatedBackupsReplication",
"SwitchoverBlueGreenDeployment",
"SwitchoverReadReplica"
],
"HasResource": true,
"StringPrefix": "rds",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"rds:BackupTarget",
"rds:CopyOptionGroup",
"rds:DatabaseClass",
"rds:DatabaseEngine",
"rds:DatabaseName",
"rds:EndpointType",
"rds:ManageMasterUserPassword",
"rds:MultiAz",
"rds:Piops",
"rds:StorageEncrypted",
"rds:StorageSize",
"rds:Vpc",
"rds:cluster-pg-tag/${TagKey}",
"rds:cluster-snapshot-tag/${TagKey}",
"rds:cluster-tag/${TagKey}",
"rds:db-tag/${TagKey}",
"rds:es-tag/${TagKey}",
"rds:og-tag/${TagKey}",
"rds:pg-tag/${TagKey}",
"rds:req-tag/${TagKey}",
"rds:ri-tag/${TagKey}",
"rds:secgrp-tag/${TagKey}",
"rds:snapshot-tag/${TagKey}",
"rds:subgrp-tag/${TagKey}"
]
},
"Amazon RDS Data API": {
"ARNFormat": "arn:aws:rds:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:rds:.+",
"Actions": [
"BatchExecuteStatement",
"BeginTransaction",
"CommitTransaction",
"ExecuteSql",
"ExecuteStatement",
"RollbackTransaction"
],
"HasResource": true,
"StringPrefix": "rds-data",
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon RDS IAM Authentication": {
"ARNFormat": "arn:aws:rds-db:<region>:<account-id>:dbuser:<dbi-resource-id>/<db-user-name>",
"ARNRegex": "^arn:aws:rds-db:.+",
"Actions": [
"connect"
],
"HasResource": true,
"StringPrefix": "rds-db"
},
"Amazon RHEL Knowledgebase Portal": {
"ARNFormat": "arn:${Partition}:rhelkb:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:${Partition}:rhelkb:.+",
"Actions": [
"GetRhelURL"
],
"HasResource": false,
"StringPrefix": "rhelkb"
},
"Amazon Redshift": {
"ARNFormat": "arn:aws:redshift:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:redshift:.+:.+:.+",
"Actions": [
"AcceptReservedNodeExchange",
"AddPartner",
"AssociateDataShareConsumer",
"AuthorizeClusterSecurityGroupIngress",
"AuthorizeDataShare",
"AuthorizeEndpointAccess",
"AuthorizeSnapshotAccess",
"BatchDeleteClusterSnapshots",
"BatchModifyClusterSnapshots",
"CancelQuery",
"CancelQuerySession",
"CancelResize",
"CopyClusterSnapshot",
"CreateAuthenticationProfile",
"CreateCluster",
"CreateClusterParameterGroup",
"CreateClusterSecurityGroup",
"CreateClusterSnapshot",
"CreateClusterSubnetGroup",
"CreateClusterUser",
"CreateEndpointAccess",
"CreateEventSubscription",
"CreateHsmClientCertificate",
"CreateHsmConfiguration",
"CreateSavedQuery",
"CreateScheduledAction",
"CreateSnapshotCopyGrant",
"CreateSnapshotSchedule",
"CreateTags",
"CreateUsageLimit",
"DeauthorizeDataShare",
"DeleteAuthenticationProfile",
"DeleteCluster",
"DeleteClusterParameterGroup",
"DeleteClusterSecurityGroup",
"DeleteClusterSnapshot",
"DeleteClusterSubnetGroup",
"DeleteEndpointAccess",
"DeleteEventSubscription",
"DeleteHsmClientCertificate",
"DeleteHsmConfiguration",
"DeletePartner",
"DeleteSavedQueries",
"DeleteScheduledAction",
"DeleteSnapshotCopyGrant",
"DeleteSnapshotSchedule",
"DeleteTags",
"DeleteUsageLimit",
"DescribeAccountAttributes",
"DescribeAuthenticationProfiles",
"DescribeClusterDbRevisions",
"DescribeClusterParameterGroups",
"DescribeClusterParameters",
"DescribeClusterSecurityGroups",
"DescribeClusterSnapshots",
"DescribeClusterSubnetGroups",
"DescribeClusterTracks",
"DescribeClusterVersions",
"DescribeClusters",
"DescribeDataShares",
"DescribeDataSharesForConsumer",
"DescribeDataSharesForProducer",
"DescribeDefaultClusterParameters",
"DescribeEndpointAccess",
"DescribeEndpointAuthorization",
"DescribeEventCategories",
"DescribeEventSubscriptions",
"DescribeEvents",
"DescribeHsmClientCertificates",
"DescribeHsmConfigurations",
"DescribeLoggingStatus",
"DescribeNodeConfigurationOptions",
"DescribeOrderableClusterOptions",
"DescribePartners",
"DescribeQuery",
"DescribeReservedNodeExchangeStatus",
"DescribeReservedNodeOfferings",
"DescribeReservedNodes",
"DescribeResize",
"DescribeSavedQueries",
"DescribeScheduledActions",
"DescribeSnapshotCopyGrants",
"DescribeSnapshotSchedules",
"DescribeStorage",
"DescribeTable",
"DescribeTableRestoreStatus",
"DescribeTags",
"DescribeUsageLimits",
"DisableLogging",
"DisableSnapshotCopy",
"DisassociateDataShareConsumer",
"EnableLogging",
"EnableSnapshotCopy",
"ExecuteQuery",
"FetchResults",
"GetClusterCredentials",
"GetClusterCredentialsWithIAM",
"GetReservedNodeExchangeConfigurationOptions",
"GetReservedNodeExchangeOfferings",
"JoinGroup",
"ListDatabases",
"ListSavedQueries",
"ListSchemas",
"ListTables",
"ModifyAquaConfiguration",
"ModifyAuthenticationProfile",
"ModifyCluster",
"ModifyClusterDbRevision",
"ModifyClusterIamRoles",
"ModifyClusterMaintenance",
"ModifyClusterParameterGroup",
"ModifyClusterSnapshot",
"ModifyClusterSnapshotSchedule",
"ModifyClusterSubnetGroup",
"ModifyEndpointAccess",
"ModifyEventSubscription",
"ModifySavedQuery",
"ModifyScheduledAction",
"ModifySnapshotCopyRetentionPeriod",
"ModifySnapshotSchedule",
"ModifyUsageLimit",
"PauseCluster",
"PurchaseReservedNodeOffering",
"RebootCluster",
"RejectDataShare",
"ResetClusterParameterGroup",
"ResizeCluster",
"RestoreFromClusterSnapshot",
"RestoreTableFromClusterSnapshot",
"ResumeCluster",
"RevokeClusterSecurityGroupIngress",
"RevokeEndpointAccess",
"RevokeSnapshotAccess",
"RotateEncryptionKey",
"UpdatePartnerStatus",
"ViewQueriesFromConsole",
"ViewQueriesInConsole"
],
"HasResource": true,
"StringPrefix": "redshift",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"redshift:ConsumerArn",
"redshift:ConsumerIdentifier",
"redshift:DbName",
"redshift:DbUser",
"redshift:DurationSeconds"
]
},
"Amazon Redshift Data API": {
"ARNFormat": "arn:aws:redshift-serverless:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:(redshift|redshift-serverless):.+:.+:.+",
"Actions": [
"BatchExecuteStatement",
"CancelStatement",
"DescribeStatement",
"DescribeTable",
"ExecuteStatement",
"GetStatementResult",
"ListDatabases",
"ListSchemas",
"ListStatements",
"ListTables"
],
"HasResource": true,
"StringPrefix": "redshift-data",
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"redshift-data:statement-owner-iam-userid"
]
},
"Amazon Redshift Serverless": {
"ARNFormat": "arn:aws:redshift-serverless:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:redshift-serverless:.+:.+:.+",
"Actions": [
"ConvertRecoveryPointToSnapshot",
"CreateEndpointAccess",
"CreateNamespace",
"CreateSnapshot",
"CreateUsageLimit",
"CreateWorkgroup",
"DeleteEndpointAccess",
"DeleteNamespace",
"DeleteResourcePolicy",
"DeleteSnapshot",
"DeleteUsageLimit",
"DeleteWorkgroup",
"GetCredentials",
"GetEndpointAccess",
"GetNamespace",
"GetRecoveryPoint",
"GetResourcePolicy",
"GetSnapshot",
"GetTableRestoreStatus",
"GetUsageLimit",
"GetWorkgroup",
"ListEndpointAccess",
"ListNamespaces",
"ListRecoveryPoints",
"ListSnapshots",
"ListTableRestoreStatus",
"ListTagsForResource",
"ListUsageLimits",
"ListWorkgroups",
"PutResourcePolicy",
"RestoreFromRecoveryPoint",
"RestoreFromSnapshot",
"RestoreTableFromSnapshot",
"TagResource",
"UntagResource",
"UpdateEndpointAccess",
"UpdateNamespace",
"UpdateSnapshot",
"UpdateUsageLimit",
"UpdateWorkgroup"
],
"HasResource": true,
"StringPrefix": "redshift-serverless",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"redshift-serverless:endpointAccessId",
"redshift-serverless:namespaceId",
"redshift-serverless:recoveryPointId",
"redshift-serverless:snapshotId",
"redshift-serverless:tableRestoreRequestId",
"redshift-serverless:workgroupId"
]
},
"Amazon Rekognition": {
"ARNFormat": "arn:aws:rekognition:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:aws:rekognition:.+",
"Actions": [
"CompareFaces",
"CopyProjectVersion",
"CreateCollection",
"CreateDataset",
"CreateFaceLivenessSession",
"CreateProject",
"CreateProjectVersion",
"CreateStreamProcessor",
"DeleteCollection",
"DeleteDataset",
"DeleteFaces",
"DeleteProject",
"DeleteProjectPolicy",
"DeleteProjectVersion",
"DeleteStreamProcessor",
"DescribeCollection",
"DescribeDataset",
"DescribeProjectVersions",
"DescribeProjects",
"DescribeStreamProcessor",
"DetectCustomLabels",
"DetectFaces",
"DetectLabels",
"DetectModerationLabels",
"DetectProtectiveEquipment",
"DetectText",
"DistributeDatasetEntries",
"GetCelebrityInfo",
"GetCelebrityRecognition",
"GetContentModeration",
"GetFaceDetection",
"GetFaceLivenessSessionResults",
"GetFaceSearch",
"GetLabelDetection",
"GetPersonTracking",
"GetSegmentDetection",
"GetTextDetection",
"IndexFaces",
"ListCollections",
"ListDatasetEntries",
"ListDatasetLabels",
"ListFaces",
"ListProjectPolicies",
"ListStreamProcessors",
"ListTagsForResource",
"PutProjectPolicy",
"RecognizeCelebrities",
"SearchFaces",
"SearchFacesByImage",
"StartCelebrityRecognition",
"StartContentModeration",
"StartFaceDetection",
"StartFaceLivenessSession",
"StartFaceSearch",
"StartLabelDetection",
"StartPersonTracking",
"StartProjectVersion",
"StartSegmentDetection",
"StartStreamProcessor",
"StartTextDetection",
"StopProjectVersion",
"StopStreamProcessor",
"TagResource",
"UntagResource",
"UpdateDatasetEntries",
"UpdateStreamProcessor"
],
"HasResource": true,
"StringPrefix": "rekognition",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Resource Group Tagging API": {
"Actions": [
"DescribeReportCreation",
"GetComplianceSummary",
"GetResources",
"GetTagKeys",
"GetTagValues",
"StartReportCreation",
"TagResources",
"UntagResources"
],
"HasResource": false,
"StringPrefix": "tag"
},
"Amazon Route 53": {
"ARNFormat": "arn:aws:route53:::${Resource}/{$Id}",
"ARNRegex": "^arn:aws:route53:::.+",
"Actions": [
"ActivateKeySigningKey",
"AssociateVPCWithHostedZone",
"ChangeCidrCollection",
"ChangeResourceRecordSets",
"ChangeTagsForResource",
"CreateCidrCollection",
"CreateHealthCheck",
"CreateHostedZone",
"CreateKeySigningKey",
"CreateQueryLoggingConfig",
"CreateReusableDelegationSet",
"CreateTrafficPolicy",
"CreateTrafficPolicyInstance",
"CreateTrafficPolicyVersion",
"CreateVPCAssociationAuthorization",
"DeactivateKeySigningKey",
"DeleteCidrCollection",
"DeleteHealthCheck",
"DeleteHostedZone",
"DeleteKeySigningKey",
"DeleteQueryLoggingConfig",
"DeleteReusableDelegationSet",
"DeleteTrafficPolicy",
"DeleteTrafficPolicyInstance",
"DeleteVPCAssociationAuthorization",
"DisableHostedZoneDNSSEC",
"DisassociateVPCFromHostedZone",
"EnableHostedZoneDNSSEC",
"GetAccountLimit",
"GetChange",
"GetCheckerIpRanges",
"GetDNSSEC",
"GetGeoLocation",
"GetHealthCheck",
"GetHealthCheckCount",
"GetHealthCheckLastFailureReason",
"GetHealthCheckStatus",
"GetHostedZone",
"GetHostedZoneCount",
"GetHostedZoneLimit",
"GetQueryLoggingConfig",
"GetReusableDelegationSet",
"GetReusableDelegationSetLimit",
"GetTrafficPolicy",
"GetTrafficPolicyInstance",
"GetTrafficPolicyInstanceCount",
"ListCidrBlocks",
"ListCidrCollections",
"ListCidrLocations",
"ListGeoLocations",
"ListHealthChecks",
"ListHostedZones",
"ListHostedZonesByName",
"ListHostedZonesByVPC",
"ListQueryLoggingConfigs",
"ListResourceRecordSets",
"ListReusableDelegationSets",
"ListTagsForResource",
"ListTagsForResources",
"ListTrafficPolicies",
"ListTrafficPolicyInstances",
"ListTrafficPolicyInstancesByHostedZone",
"ListTrafficPolicyInstancesByPolicy",
"ListTrafficPolicyVersions",
"ListVPCAssociationAuthorizations",
"TestDNSAnswer",
"UpdateHealthCheck",
"UpdateHostedZoneComment",
"UpdateTrafficPolicyComment",
"UpdateTrafficPolicyInstance"
],
"HasResource": true,
"StringPrefix": "route53",
"conditionKeys": [
"route53:ChangeResourceRecordSetsActions",
"route53:ChangeResourceRecordSetsNormalizedRecordNames",
"route53:ChangeResourceRecordSetsRecordTypes"
]
},
"Amazon Route 53 Application Recovery Controller - Zonal Shift": {
"ARNFormat": "arn:aws:arc-zonal-shift:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:arc-zonal-shift:.+:.+:.+",
"Actions": [
"CancelZonalShift",
"GetManagedResource",
"ListManagedResources",
"ListZonalShifts",
"StartZonalShift",
"UpdateZonalShift"
],
"HasResource": true,
"StringPrefix": "arc-zonal-shift",
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"elasticloadbalancing:ResourceTag/${TagKey}"
]
},
"Amazon Route 53 Domains": {
"Actions": [
"AcceptDomainTransferFromAnotherAwsAccount",
"AssociateDelegationSignerToDomain",
"CancelDomainTransferToAnotherAwsAccount",
"CheckDomainAvailability",
"CheckDomainTransferability",
"DeleteDomain",
"DeleteTagsForDomain",
"DisableDomainAutoRenew",
"DisableDomainTransferLock",
"DisassociateDelegationSignerFromDomain",
"EnableDomainAutoRenew",
"EnableDomainTransferLock",
"GetContactReachabilityStatus",
"GetDomainDetail",
"GetDomainSuggestions",
"GetOperationDetail",
"ListDomains",
"ListOperations",
"ListPrices",
"ListTagsForDomain",
"PushDomain",
"RegisterDomain",
"RejectDomainTransferFromAnotherAwsAccount",
"RenewDomain",
"ResendContactReachabilityEmail",
"ResendOperationAuthorization",
"RetrieveDomainAuthCode",
"TransferDomain",
"TransferDomainToAnotherAwsAccount",
"UpdateDomainContact",
"UpdateDomainContactPrivacy",
"UpdateDomainNameservers",
"UpdateTagsForDomain",
"ViewBilling"
],
"HasResource": false,
"StringPrefix": "route53domains"
},
"Amazon Route 53 Recovery Cluster": {
"ARNFormat": "arn:aws:route53-recovery-control::${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:route53-recovery-control::.+:.+",
"Actions": [
"GetRoutingControlState",
"ListRoutingControls",
"UpdateRoutingControlState",
"UpdateRoutingControlStates"
],
"HasResource": true,
"StringPrefix": "route53-recovery-cluster",
"conditionKeys": [
"route53-recovery-cluster:AllowSafetyRulesOverrides"
]
},
"Amazon Route 53 Recovery Controls": {
"ARNFormat": "arn:aws:route53-recovery-control::${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:route53-recovery-control::.+:.+",
"Actions": [
"CreateCluster",
"CreateControlPanel",
"CreateRoutingControl",
"CreateSafetyRule",
"DeleteCluster",
"DeleteControlPanel",
"DeleteRoutingControl",
"DeleteSafetyRule",
"DescribeCluster",
"DescribeControlPanel",
"DescribeRoutingControl",
"DescribeRoutingControlByName",
"DescribeSafetyRule",
"ListAssociatedRoute53HealthChecks",
"ListClusters",
"ListControlPanels",
"ListRoutingControls",
"ListSafetyRules",
"ListTagsForResource",
"TagResource",
"UntagResource",
"UpdateControlPanel",
"UpdateRoutingControl",
"UpdateSafetyRule"
],
"HasResource": true,
"StringPrefix": "route53-recovery-control-config",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Route 53 Recovery Readiness": {
"ARNFormat": "arn:aws:route53-recovery-readiness::${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:route53-recovery-readiness::.+:.+",
"Actions": [
"CreateCell",
"CreateCrossAccountAuthorization",
"CreateReadinessCheck",
"CreateRecoveryGroup",
"CreateResourceSet",
"DeleteCell",
"DeleteCrossAccountAuthorization",
"DeleteReadinessCheck",
"DeleteRecoveryGroup",
"DeleteResourceSet",
"GetArchitectureRecommendations",
"GetCell",
"GetCellReadinessSummary",
"GetReadinessCheck",
"GetReadinessCheckResourceStatus",
"GetReadinessCheckStatus",
"GetRecoveryGroup",
"GetRecoveryGroupReadinessSummary",
"GetResourceSet",
"ListCells",
"ListCrossAccountAuthorizations",
"ListReadinessChecks",
"ListRecoveryGroups",
"ListResourceSets",
"ListRules",
"ListTagsForResources",
"TagResource",
"UntagResource",
"UpdateCell",
"UpdateReadinessCheck",
"UpdateRecoveryGroup",
"UpdateResourceSet"
],
"HasResource": true,
"StringPrefix": "route53-recovery-readiness",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Route 53 Resolver": {
"ARNFormat": "arn:aws:route53resolver:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:route53resolver:.+:.+:.+",
"Actions": [
"AssociateFirewallRuleGroup",
"AssociateResolverEndpointIpAddress",
"AssociateResolverQueryLogConfig",
"AssociateResolverRule",
"CreateFirewallDomainList",
"CreateFirewallRule",
"CreateFirewallRuleGroup",
"CreateResolverEndpoint",
"CreateResolverQueryLogConfig",
"CreateResolverRule",
"DeleteFirewallDomainList",
"DeleteFirewallRule",
"DeleteFirewallRuleGroup",
"DeleteResolverEndpoint",
"DeleteResolverQueryLogConfig",
"DeleteResolverRule",
"DisassociateFirewallRuleGroup",
"DisassociateResolverEndpointIpAddress",
"DisassociateResolverQueryLogConfig",
"DisassociateResolverRule",
"GetFirewallConfig",
"GetFirewallDomainList",
"GetFirewallRuleGroup",
"GetFirewallRuleGroupAssociation",
"GetFirewallRuleGroupPolicy",
"GetResolverConfig",
"GetResolverDnssecConfig",
"GetResolverEndpoint",
"GetResolverQueryLogConfig",
"GetResolverQueryLogConfigAssociation",
"GetResolverQueryLogConfigPolicy",
"GetResolverRule",
"GetResolverRuleAssociation",
"GetResolverRulePolicy",
"ImportFirewallDomains",
"ListFirewallConfigs",
"ListFirewallDomainLists",
"ListFirewallDomains",
"ListFirewallRuleGroupAssociations",
"ListFirewallRuleGroups",
"ListFirewallRules",
"ListResolverConfigs",
"ListResolverDnssecConfigs",
"ListResolverEndpointIpAddresses",
"ListResolverEndpoints",
"ListResolverQueryLogConfigAssociations",
"ListResolverQueryLogConfigs",
"ListResolverRuleAssociations",
"ListResolverRules",
"ListTagsForResource",
"PutFirewallRuleGroupPolicy",
"PutResolverQueryLogConfigPolicy",
"PutResolverRulePolicy",
"TagResource",
"UntagResource",
"UpdateFirewallConfig",
"UpdateFirewallDomains",
"UpdateFirewallRule",
"UpdateFirewallRuleGroupAssociation",
"UpdateResolverConfig",
"UpdateResolverDnssecConfig",
"UpdateResolverEndpoint",
"UpdateResolverRule"
],
"HasResource": true,
"StringPrefix": "route53resolver",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon S3": {
"ARNFormat": "arn:aws:s3:::${BucketName}/${KeyName}",
"ARNRegex": "^arn:aws:s3:::.+",
"Actions": [
"AbortMultipartUpload",
"BypassGovernanceRetention",
"CreateAccessPoint",
"CreateAccessPointForObjectLambda",
"CreateBucket",
"CreateJob",
"CreateMultiRegionAccessPoint",
"DeleteAccessPoint",
"DeleteAccessPointForObjectLambda",
"DeleteAccessPointPolicy",
"DeleteAccessPointPolicyForObjectLambda",
"DeleteBucket",
"DeleteBucketPolicy",
"DeleteBucketWebsite",
"DeleteJobTagging",
"DeleteMultiRegionAccessPoint",
"DeleteObject",
"DeleteObjectTagging",
"DeleteObjectVersion",
"DeleteObjectVersionTagging",
"DeleteStorageLensConfiguration",
"DeleteStorageLensConfigurationTagging",
"DescribeJob",
"DescribeMultiRegionAccessPointOperation",
"GetAccelerateConfiguration",
"GetAccessPoint",
"GetAccessPointConfigurationForObjectLambda",
"GetAccessPointForObjectLambda",
"GetAccessPointPolicy",
"GetAccessPointPolicyForObjectLambda",
"GetAccessPointPolicyStatus",
"GetAccessPointPolicyStatusForObjectLambda",
"GetAccountPublicAccessBlock",
"GetAnalyticsConfiguration",
"GetBucketAcl",
"GetBucketCORS",
"GetBucketLocation",
"GetBucketLogging",
"GetBucketNotification",
"GetBucketObjectLockConfiguration",
"GetBucketOwnershipControls",
"GetBucketPolicy",
"GetBucketPolicyStatus",
"GetBucketPublicAccessBlock",
"GetBucketRequestPayment",
"GetBucketTagging",
"GetBucketVersioning",
"GetBucketWebsite",
"GetEncryptionConfiguration",
"GetIntelligentTieringConfiguration",
"GetInventoryConfiguration",
"GetJobTagging",
"GetLifecycleConfiguration",
"GetMetricsConfiguration",
"GetMultiRegionAccessPoint",
"GetMultiRegionAccessPointPolicy",
"GetMultiRegionAccessPointPolicyStatus",
"GetMultiRegionAccessPointRoutes",
"GetObject",
"GetObjectAcl",
"GetObjectAttributes",
"GetObjectLegalHold",
"GetObjectRetention",
"GetObjectTagging",
"GetObjectTorrent",
"GetObjectVersion",
"GetObjectVersionAcl",
"GetObjectVersionAttributes",
"GetObjectVersionForReplication",
"GetObjectVersionTagging",
"GetObjectVersionTorrent",
"GetReplicationConfiguration",
"GetStorageLensConfiguration",
"GetStorageLensConfigurationTagging",
"GetStorageLensDashboard",
"InitiateReplication",
"ListAccessPoints",
"ListAccessPointsForObjectLambda",
"ListAllMyBuckets",
"ListBucket",
"ListBucketMultipartUploads",
"ListBucketVersions",
"ListJobs",
"ListMultiRegionAccessPoints",
"ListMultipartUploadParts",
"ListStorageLensConfigurations",
"ObjectOwnerOverrideToBucketOwner",
"PutAccelerateConfiguration",
"PutAccessPointConfigurationForObjectLambda",
"PutAccessPointPolicy",
"PutAccessPointPolicyForObjectLambda",
"PutAccessPointPublicAccessBlock",
"PutAccountPublicAccessBlock",
"PutAnalyticsConfiguration",
"PutBucketAcl",
"PutBucketCORS",
"PutBucketLogging",
"PutBucketNotification",
"PutBucketObjectLockConfiguration",
"PutBucketOwnershipControls",
"PutBucketPolicy",
"PutBucketPublicAccessBlock",
"PutBucketRequestPayment",
"PutBucketTagging",
"PutBucketVersioning",
"PutBucketWebsite",
"PutEncryptionConfiguration",
"PutIntelligentTieringConfiguration",
"PutInventoryConfiguration",
"PutJobTagging",
"PutLifecycleConfiguration",
"PutMetricsConfiguration",
"PutMultiRegionAccessPointPolicy",
"PutObject",
"PutObjectAcl",
"PutObjectLegalHold",
"PutObjectRetention",
"PutObjectTagging",
"PutObjectVersionAcl",
"PutObjectVersionTagging",
"PutReplicationConfiguration",
"PutStorageLensConfiguration",
"PutStorageLensConfigurationTagging",
"ReplicateDelete",
"ReplicateObject",
"ReplicateTags",
"RestoreObject",
"SubmitMultiRegionAccessPointRoutes",
"UpdateJobPriority",
"UpdateJobStatus"
],
"HasResource": true,
"StringPrefix": "s3",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"s3:AccessPointNetworkOrigin",
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:ExistingJobOperation",
"s3:ExistingJobPriority",
"s3:ExistingObjectTag/<key>",
"s3:JobSuspendedCause",
"s3:RequestJobOperation",
"s3:RequestJobPriority",
"s3:RequestObjectTag/<key>",
"s3:RequestObjectTagKeys",
"s3:ResourceAccount",
"s3:TlsVersion",
"s3:authType",
"s3:delimiter",
"s3:locationconstraint",
"s3:max-keys",
"s3:object-lock-legal-hold",
"s3:object-lock-mode",
"s3:object-lock-remaining-retention-days",
"s3:object-lock-retain-until-date",
"s3:prefix",
"s3:signatureAge",
"s3:signatureversion",
"s3:versionid",
"s3:x-amz-acl",
"s3:x-amz-content-sha256",
"s3:x-amz-copy-source",
"s3:x-amz-grant-full-control",
"s3:x-amz-grant-read",
"s3:x-amz-grant-read-acp",
"s3:x-amz-grant-write",
"s3:x-amz-grant-write-acp",
"s3:x-amz-metadata-directive",
"s3:x-amz-object-ownership",
"s3:x-amz-server-side-encryption",
"s3:x-amz-server-side-encryption-aws-kms-key-id",
"s3:x-amz-server-side-encryption-customer-algorithm",
"s3:x-amz-storage-class",
"s3:x-amz-website-redirect-location"
]
},
"Amazon S3 Glacier": {
"ARNFormat": "arn:aws:glacier:${Region}:${Account}:vault/${VaultName}",
"ARNRegex": "^arn:aws:glacier:.+:.+:.+",
"Actions": [
"AbortMultipartUpload",
"AbortVaultLock",
"AddTagsToVault",
"CompleteMultipartUpload",
"CompleteVaultLock",
"CreateVault",
"DeleteArchive",
"DeleteVault",
"DeleteVaultAccessPolicy",
"DeleteVaultNotifications",
"DescribeJob",
"DescribeVault",
"GetDataRetrievalPolicy",
"GetJobOutput",
"GetVaultAccessPolicy",
"GetVaultLock",
"GetVaultNotifications",
"InitiateJob",
"InitiateMultipartUpload",
"InitiateVaultLock",
"ListJobs",
"ListMultipartUploads",
"ListParts",
"ListProvisionedCapacity",
"ListTagsForVault",
"ListVaults",
"PurchaseProvisionedCapacity",
"RemoveTagsFromVault",
"SetDataRetrievalPolicy",
"SetVaultAccessPolicy",
"SetVaultNotifications",
"UploadArchive",
"UploadMultipartPart"
],
"HasResource": true,
"StringPrefix": "glacier",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"glacier:ArchiveAgeInDays",
"glacier:ResourceTag/"
]
},
"Amazon S3 Object Lambda": {
"ARNFormat": "arn:aws:s3-object-lambda:::accesspoint/<access point name>",
"ARNRegex": "^arn:aws:s3-object-lambda:::.+",
"Actions": [
"AbortMultipartUpload",
"DeleteObject",
"DeleteObjectTagging",
"DeleteObjectVersion",
"DeleteObjectVersionTagging",
"GetObject",
"GetObjectAcl",
"GetObjectLegalHold",
"GetObjectRetention",
"GetObjectTagging",
"GetObjectVersion",
"GetObjectVersionAcl",
"GetObjectVersionTagging",
"ListBucket",
"ListBucketMultipartUploads",
"ListBucketVersions",
"ListMultipartUploadParts",
"PutObject",
"PutObjectAcl",
"PutObjectLegalHold",
"PutObjectRetention",
"PutObjectTagging",
"PutObjectVersionAcl",
"PutObjectVersionTagging",
"RestoreObject",
"WriteGetObjectResponse"
],
"HasResource": true,
"StringPrefix": "s3-object-lambda",
"conditionKeys": [
"s3-object-lambda:TlsVersion",
"s3-object-lambda:authType",
"s3-object-lambda:signatureAge",
"s3-object-lambda:versionid"
]
},
"Amazon S3 on Outposts": {
"ARNFormat": "arn:aws:s3-outposts:${Region}:${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:s3-outposts:.+",
"Actions": [
"AbortMultipartUpload",
"CreateAccessPoint",
"CreateBucket",
"CreateEndpoint",
"DeleteAccessPoint",
"DeleteAccessPointPolicy",
"DeleteBucket",
"DeleteBucketPolicy",
"DeleteEndpoint",
"DeleteObject",
"DeleteObjectTagging",
"DeleteObjectVersion",
"DeleteObjectVersionTagging",
"GetAccessPoint",
"GetAccessPointPolicy",
"GetBucket",
"GetBucketPolicy",
"GetBucketTagging",
"GetBucketVersioning",
"GetLifecycleConfiguration",
"GetObject",
"GetObjectTagging",
"GetObjectVersion",
"GetObjectVersionForReplication",
"GetObjectVersionTagging",
"GetReplicationConfiguration",
"ListAccessPoints",
"ListBucket",
"ListBucketMultipartUploads",
"ListBucketVersions",
"ListEndpoints",
"ListMultipartUploadParts",
"ListOutpostsWithS3",
"ListRegionalBuckets",
"ListSharedEndpoints",
"PutAccessPointPolicy",
"PutBucketPolicy",
"PutBucketTagging",
"PutBucketVersioning",
"PutLifecycleConfiguration",
"PutObject",
"PutObjectAcl",
"PutObjectTagging",
"PutObjectVersionTagging",
"PutReplicationConfiguration",
"ReplicateDelete",
"ReplicateObject",
"ReplicateTags"
],
"HasResource": true,
"StringPrefix": "s3-outposts",
"conditionKeys": [
"s3-outposts:AccessPointNetworkOrigin",
"s3-outposts:DataAccessPointAccount",
"s3-outposts:DataAccessPointArn",
"s3-outposts:ExistingObjectTag/<key>",
"s3-outposts:RequestObjectTag/<key>",
"s3-outposts:RequestObjectTagKeys",
"s3-outposts:authType",
"s3-outposts:delimiter",
"s3-outposts:max-keys",
"s3-outposts:prefix",
"s3-outposts:signatureAge",
"s3-outposts:signatureversion",
"s3-outposts:versionid",
"s3-outposts:x-amz-acl",
"s3-outposts:x-amz-content-sha256",
"s3-outposts:x-amz-copy-source",
"s3-outposts:x-amz-metadata-directive",
"s3-outposts:x-amz-server-side-encryption",
"s3-outposts:x-amz-storage-class"
]
},
"Amazon SES": {
"ARNFormat": "arn:aws:ses:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:ses:.+:[0-9]+:.+",
"Actions": [
"CloneReceiptRuleSet",
"CreateConfigurationSet",
"CreateConfigurationSetEventDestination",
"CreateConfigurationSetTrackingOptions",
"CreateCustomVerificationEmailTemplate",
"CreateReceiptFilter",
"CreateReceiptRule",
"CreateReceiptRuleSet",
"CreateTemplate",
"DeleteConfigurationSet",
"DeleteConfigurationSetEventDestination",
"DeleteConfigurationSetTrackingOptions",
"DeleteCustomVerificationEmailTemplate",
"DeleteIdentity",
"DeleteIdentityPolicy",
"DeleteReceiptFilter",
"DeleteReceiptRule",
"DeleteReceiptRuleSet",
"DeleteTemplate",
"DeleteVerifiedEmailAddress",
"DescribeActiveReceiptRuleSet",
"DescribeConfigurationSet",
"DescribeReceiptRule",
"DescribeReceiptRuleSet",
"GetAccountSendingEnabled",
"GetCustomVerificationEmailTemplate",
"GetIdentityDkimAttributes",
"GetIdentityMailFromDomainAttributes",
"GetIdentityNotificationAttributes",
"GetIdentityPolicies",
"GetIdentityVerificationAttributes",
"GetSendQuota",
"GetSendStatistics",
"GetTemplate",
"ListConfigurationSets",
"ListCustomVerificationEmailTemplates",
"ListIdentities",
"ListIdentityPolicies",
"ListReceiptFilters",
"ListReceiptRuleSets",
"ListTemplates",
"ListVerifiedEmailAddresses",
"PutConfigurationSetDeliveryOptions",
"PutIdentityPolicy",
"ReorderReceiptRuleSet",
"SendBounce",
"SendBulkTemplatedEmail",
"SendCustomVerificationEmail",
"SendEmail",
"SendRawEmail",
"SendTemplatedEmail",
"SetActiveReceiptRuleSet",
"SetIdentityDkimEnabled",
"SetIdentityFeedbackForwardingEnabled",
"SetIdentityHeadersInNotificationsEnabled",
"SetIdentityMailFromDomain",
"SetIdentityNotificationTopic",
"SetReceiptRulePosition",
"TestRenderTemplate",
"UpdateAccountSendingEnabled",
"UpdateConfigurationSetEventDestination",
"UpdateConfigurationSetReputationMetricsEnabled",
"UpdateConfigurationSetSendingEnabled",
"UpdateConfigurationSetTrackingOptions",
"UpdateCustomVerificationEmailTemplate",
"UpdateReceiptRule",
"UpdateTemplate",
"VerifyDomainDkim",
"VerifyDomainIdentity",
"VerifyEmailAddress",
"VerifyEmailIdentity"
],
"HasResource": true,
"StringPrefix": "ses",
"conditionKeys": [
"ses:ApiVersion",
"ses:FeedbackAddress",
"ses:FromAddress",
"ses:FromDisplayName",
"ses:Recipients"
]
},
"Amazon SNS": {
"ARNFormat": "arn:aws:sns:${Region}:${Account}:${TopicName}",
"ARNRegex": "^arn:aws:sns:.+",
"Actions": [
"AddPermission",
"CheckIfPhoneNumberIsOptedOut",
"ConfirmSubscription",
"CreatePlatformApplication",
"CreatePlatformEndpoint",
"CreateSMSSandboxPhoneNumber",
"CreateTopic",
"DeleteEndpoint",
"DeletePlatformApplication",
"DeleteSMSSandboxPhoneNumber",
"DeleteTopic",
"GetDataProtectionPolicy",
"GetEndpointAttributes",
"GetPlatformApplicationAttributes",
"GetSMSAttributes",
"GetSMSSandboxAccountStatus",
"GetSubscriptionAttributes",
"GetTopicAttributes",
"ListEndpointsByPlatformApplication",
"ListOriginationNumbers",
"ListPhoneNumbersOptedOut",
"ListPlatformApplications",
"ListSMSSandboxPhoneNumbers",
"ListSubscriptions",
"ListSubscriptionsByTopic",
"ListTagsForResource",
"ListTopics",
"OptInPhoneNumber",
"Publish",
"PutDataProtectionPolicy",
"RemovePermission",
"SetEndpointAttributes",
"SetPlatformApplicationAttributes",
"SetSMSAttributes",
"SetSubscriptionAttributes",
"SetTopicAttributes",
"Subscribe",
"TagResource",
"Unsubscribe",
"UntagResource",
"VerifySMSSandboxPhoneNumber"
],
"HasResource": true,
"StringPrefix": "sns",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"sns:Endpoint",
"sns:Protocol"
]
},
"Amazon SQS": {
"ARNFormat": "arn:aws:sqs:${Region}:${Account}:${QueueName}",
"ARNRegex": "^arn:aws:sqs:.+",
"Actions": [
"AddPermission",
"ChangeMessageVisibility",
"CreateQueue",
"DeleteMessage",
"DeleteQueue",
"GetQueueAttributes",
"GetQueueUrl",
"ListDeadLetterSourceQueues",
"ListQueueTags",
"ListQueues",
"PurgeQueue",
"ReceiveMessage",
"RemovePermission",
"SendMessage",
"SetQueueAttributes",
"TagQueue",
"UntagQueue"
],
"HasResource": true,
"StringPrefix": "sqs",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon SageMaker": {
"ARNFormat": "arn:aws:sagemaker:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:sagemaker:.+",
"Actions": [
"AddAssociation",
"AddTags",
"AssociateTrialComponent",
"BatchDescribeModelPackage",
"BatchGetMetrics",
"BatchGetRecord",
"BatchPutMetrics",
"CreateAction",
"CreateAlgorithm",
"CreateApp",
"CreateAppImageConfig",
"CreateArtifact",
"CreateAutoMLJob",
"CreateAutoMLJobV2",
"CreateCodeRepository",
"CreateCompilationJob",
"CreateContext",
"CreateDataQualityJobDefinition",
"CreateDeviceFleet",
"CreateDomain",
"CreateEdgeDeploymentPlan",
"CreateEdgeDeploymentStage",
"CreateEdgePackagingJob",
"CreateEndpoint",
"CreateEndpointConfig",
"CreateExperiment",
"CreateFeatureGroup",
"CreateFlowDefinition",
"CreateHub",
"CreateHumanTaskUi",
"CreateHyperParameterTuningJob",
"CreateImage",
"CreateImageVersion",
"CreateInferenceExperiment",
"CreateInferenceRecommendationsJob",
"CreateLabelingJob",
"CreateLineageGroupPolicy",
"CreateModel",
"CreateModelBiasJobDefinition",
"CreateModelCard",
"CreateModelCardExportJob",
"CreateModelExplainabilityJobDefinition",
"CreateModelPackage",
"CreateModelPackageGroup",
"CreateModelQualityJobDefinition",
"CreateMonitoringSchedule",
"CreateNotebookInstance",
"CreateNotebookInstanceLifecycleConfig",
"CreatePipeline",
"CreatePresignedDomainUrl",
"CreatePresignedNotebookInstanceUrl",
"CreateProcessingJob",
"CreateProject",
"CreateSharedModel",
"CreateSpace",
"CreateStudioLifecycleConfig",
"CreateTrainingJob",
"CreateTransformJob",
"CreateTrial",
"CreateTrialComponent",
"CreateUserProfile",
"CreateWorkforce",
"CreateWorkteam",
"DeleteAction",
"DeleteAlgorithm",
"DeleteApp",
"DeleteAppImageConfig",
"DeleteArtifact",
"DeleteAssociation",
"DeleteCodeRepository",
"DeleteContext",
"DeleteDataQualityJobDefinition",
"DeleteDeviceFleet",
"DeleteDomain",
"DeleteEdgeDeploymentPlan",
"DeleteEdgeDeploymentStage",
"DeleteEndpoint",
"DeleteEndpointConfig",
"DeleteExperiment",
"DeleteFeatureGroup",
"DeleteFlowDefinition",
"DeleteHub",
"DeleteHubContent",
"DeleteHumanLoop",
"DeleteHumanTaskUi",
"DeleteImage",
"DeleteImageVersion",
"DeleteInferenceExperiment",
"DeleteLineageGroupPolicy",
"DeleteModel",
"DeleteModelBiasJobDefinition",
"DeleteModelCard",
"DeleteModelExplainabilityJobDefinition",
"DeleteModelPackage",
"DeleteModelPackageGroup",
"DeleteModelPackageGroupPolicy",
"DeleteModelQualityJobDefinition",
"DeleteMonitoringSchedule",
"DeleteNotebookInstance",
"DeleteNotebookInstanceLifecycleConfig",
"DeletePipeline",
"DeleteProject",
"DeleteRecord",
"DeleteSpace",
"DeleteStudioLifecycleConfig",
"DeleteTags",
"DeleteTrial",
"DeleteTrialComponent",
"DeleteUserProfile",
"DeleteWorkforce",
"DeleteWorkteam",
"DeregisterDevices",
"DescribeAction",
"DescribeAlgorithm",
"DescribeApp",
"DescribeAppImageConfig",
"DescribeArtifact",
"DescribeAutoMLJob",
"DescribeAutoMLJobV2",
"DescribeCodeRepository",
"DescribeCompilationJob",
"DescribeContext",
"DescribeDataQualityJobDefinition",
"DescribeDevice",
"DescribeDeviceFleet",
"DescribeDomain",
"DescribeEdgeDeploymentPlan",
"DescribeEdgePackagingJob",
"DescribeEndpoint",
"DescribeEndpointConfig",
"DescribeExperiment",
"DescribeFeatureGroup",
"DescribeFeatureMetadata",
"DescribeFlowDefinition",
"DescribeHub",
"DescribeHubContent",
"DescribeHumanLoop",
"DescribeHumanTaskUi",
"DescribeHyperParameterTuningJob",
"DescribeImage",
"DescribeImageVersion",
"DescribeInferenceExperiment",
"DescribeInferenceRecommendationsJob",
"DescribeLabelingJob",
"DescribeLineageGroup",
"DescribeModel",
"DescribeModelBiasJobDefinition",
"DescribeModelCard",
"DescribeModelCardExportJob",
"DescribeModelExplainabilityJobDefinition",
"DescribeModelPackage",
"DescribeModelPackageGroup",
"DescribeModelQualityJobDefinition",
"DescribeMonitoringSchedule",
"DescribeNotebookInstance",
"DescribeNotebookInstanceLifecycleConfig",
"DescribePipeline",
"DescribePipelineDefinitionForExecution",
"DescribePipelineExecution",
"DescribeProcessingJob",
"DescribeProject",
"DescribeSharedModel",
"DescribeSpace",
"DescribeStudioLifecycleConfig",
"DescribeSubscribedWorkteam",
"DescribeTrainingJob",
"DescribeTransformJob",
"DescribeTrial",
"DescribeTrialComponent",
"DescribeUserProfile",
"DescribeWorkforce",
"DescribeWorkteam",
"DisableSagemakerServicecatalogPortfolio",
"DisassociateTrialComponent",
"EnableSagemakerServicecatalogPortfolio",
"GetDeployments",
"GetDeviceFleetReport",
"GetDeviceRegistration",
"GetLineageGroupPolicy",
"GetModelPackageGroupPolicy",
"GetRecord",
"GetSagemakerServicecatalogPortfolioStatus",
"GetSearchSuggestions",
"ImportHubContent",
"InvokeEndpoint",
"InvokeEndpointAsync",
"ListActions",
"ListAlgorithms",
"ListAliases",
"ListAppImageConfigs",
"ListApps",
"ListArtifacts",
"ListAssociations",
"ListAutoMLJobs",
"ListCandidatesForAutoMLJob",
"ListCodeRepositories",
"ListCompilationJobs",
"ListContexts",
"ListDataQualityJobDefinitions",
"ListDeviceFleets",
"ListDevices",
"ListDomains",
"ListEdgeDeploymentPlans",
"ListEdgePackagingJobs",
"ListEndpointConfigs",
"ListEndpoints",
"ListExperiments",
"ListFeatureGroups",
"ListFlowDefinitions",
"ListHubContentVersions",
"ListHubContents",
"ListHubs",
"ListHumanLoops",
"ListHumanTaskUis",
"ListHyperParameterTuningJobs",
"ListImageVersions",
"ListImages",
"ListInferenceExperiments",
"ListInferenceRecommendationsJobSteps",
"ListInferenceRecommendationsJobs",
"ListLabelingJobs",
"ListLabelingJobsForWorkteam",
"ListLineageGroups",
"ListModelBiasJobDefinitions",
"ListModelCardExportJobs",
"ListModelCardVersions",
"ListModelCards",
"ListModelExplainabilityJobDefinitions",
"ListModelMetadata",
"ListModelPackageGroups",
"ListModelPackages",
"ListModelQualityJobDefinitions",
"ListModels",
"ListMonitoringAlertHistory",
"ListMonitoringAlerts",
"ListMonitoringExecutions",
"ListMonitoringSchedules",
"ListNotebookInstanceLifecycleConfigs",
"ListNotebookInstances",
"ListPipelineExecutionSteps",
"ListPipelineExecutions",
"ListPipelineParametersForExecution",
"ListPipelines",
"ListProcessingJobs",
"ListProjects",
"ListSharedModelEvents",
"ListSharedModelVersions",
"ListSharedModels",
"ListSpaces",
"ListStageDevices",
"ListStudioLifecycleConfigs",
"ListSubscribedWorkteams",
"ListTags",
"ListTrainingJobs",
"ListTrainingJobsForHyperParameterTuningJob",
"ListTransformJobs",
"ListTrialComponents",
"ListTrials",
"ListUserProfiles",
"ListWorkforces",
"ListWorkteams",
"PutLineageGroupPolicy",
"PutModelPackageGroupPolicy",
"PutRecord",
"QueryLineage",
"RegisterDevices",
"RenderUiTemplate",
"RetryPipelineExecution",
"Search",
"SendHeartbeat",
"SendPipelineExecutionStepFailure",
"SendPipelineExecutionStepSuccess",
"SendSharedModelEvent",
"StartEdgeDeploymentStage",
"StartHumanLoop",
"StartInferenceExperiment",
"StartMonitoringSchedule",
"StartNotebookInstance",
"StartPipelineExecution",
"StopAutoMLJob",
"StopCompilationJob",
"StopEdgeDeploymentStage",
"StopEdgePackagingJob",
"StopHumanLoop",
"StopHyperParameterTuningJob",
"StopInferenceExperiment",
"StopInferenceRecommendationsJob",
"StopLabelingJob",
"StopMonitoringSchedule",
"StopNotebookInstance",
"StopPipelineExecution",
"StopProcessingJob",
"StopTrainingJob",
"StopTransformJob",
"UpdateAction",
"UpdateAppImageConfig",
"UpdateArtifact",
"UpdateCodeRepository",
"UpdateContext",
"UpdateDeviceFleet",
"UpdateDevices",
"UpdateDomain",
"UpdateEndpoint",
"UpdateEndpointWeightsAndCapacities",
"UpdateExperiment",
"UpdateFeatureGroup",
"UpdateFeatureMetadata",
"UpdateHub",
"UpdateImage",
"UpdateImageVersion",
"UpdateInferenceExperiment",
"UpdateModelCard",
"UpdateModelPackage",
"UpdateMonitoringAlert",
"UpdateMonitoringSchedule",
"UpdateNotebookInstance",
"UpdateNotebookInstanceLifecycleConfig",
"UpdatePipeline",
"UpdatePipelineExecution",
"UpdateProject",
"UpdateSharedModel",
"UpdateSpace",
"UpdateTrainingJob",
"UpdateTrial",
"UpdateTrialComponent",
"UpdateUserProfile",
"UpdateWorkforce",
"UpdateWorkteam"
],
"HasResource": true,
"StringPrefix": "sagemaker",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"sagemaker:AcceleratorTypes",
"sagemaker:AppNetworkAccessType",
"sagemaker:CustomerMetadataProperties/${MetadataKey}",
"sagemaker:CustomerMetadataPropertiesToRemove",
"sagemaker:DirectInternetAccess",
"sagemaker:DomainSharingOutputKmsKey",
"sagemaker:FeatureGroupDisableGlueTableCreation",
"sagemaker:FeatureGroupEnableOnlineStore",
"sagemaker:FeatureGroupOfflineStoreConfig",
"sagemaker:FeatureGroupOfflineStoreKmsKey",
"sagemaker:FeatureGroupOfflineStoreS3Uri",
"sagemaker:FeatureGroupOnlineStoreKmsKey",
"sagemaker:FileSystemAccessMode",
"sagemaker:FileSystemDirectoryPath",
"sagemaker:FileSystemId",
"sagemaker:FileSystemType",
"sagemaker:HomeEfsFileSystemKmsKey",
"sagemaker:ImageArns",
"sagemaker:ImageVersionArns",
"sagemaker:InstanceTypes",
"sagemaker:InterContainerTrafficEncryption",
"sagemaker:KeepAlivePeriod",
"sagemaker:MaxRuntimeInSeconds",
"sagemaker:MinimumInstanceMetadataServiceVersion",
"sagemaker:ModelApprovalStatus",
"sagemaker:ModelArn",
"sagemaker:NetworkIsolation",
"sagemaker:OutputKmsKey",
"sagemaker:ResourceTag/",
"sagemaker:ResourceTag/${TagKey}",
"sagemaker:RootAccess",
"sagemaker:ServerlessMaxConcurrency",
"sagemaker:ServerlessMemorySize",
"sagemaker:TargetModel",
"sagemaker:VolumeKmsKey",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets",
"sagemaker:WorkteamArn",
"sagemaker:WorkteamType"
]
},
"Amazon SageMaker Ground Truth Synthetic": {
"ARNFormat": "arn:${Partition}:sagemaker-groundtruth-synthetic:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:${Partition}:sagemaker-groundtruth-synthetic:.+",
"Actions": [
"CreateProject",
"DeleteProject",
"GetAccountDetails",
"GetBatch",
"GetProject",
"ListBatchDataTransfers",
"ListBatchSummaries",
"ListProjectDataTransfers",
"ListProjectSummaries",
"StartBatchDataTransfer",
"StartProjectDataTransfer",
"UpdateBatch"
],
"HasResource": false,
"StringPrefix": "sagemaker-groundtruth-synthetic"
},
"Amazon SageMaker geospatial capabilities": {
"ARNFormat": "arn:aws:sagemaker-geospatial:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:sagemaker-geospatial:.+:.+",
"Actions": [
"DeleteEarthObservationJob",
"DeleteVectorEnrichmentJob",
"ExportEarthObservationJob",
"ExportVectorEnrichmentJob",
"GetEarthObservationJob",
"GetRasterDataCollection",
"GetTile",
"GetVectorEnrichmentJob",
"ListEarthObservationJobs",
"ListRasterDataCollections",
"ListTagsForResource",
"ListVectorEnrichmentJobs",
"SearchRasterDataCollection",
"StartEarthObservationJob",
"StartVectorEnrichmentJob",
"StopEarthObservationJob",
"StopVectorEnrichmentJob",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "sagemaker-geospatial",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Security Lake": {
"Actions": [
"CreateAwsLogSource",
"CreateCustomLogSource",
"CreateDatalake",
"CreateDatalakeAutoEnable",
"CreateDatalakeDelegatedAdmin",
"CreateDatalakeExceptionsSubscription",
"CreateSubscriber",
"CreateSubscriptionNotificationConfiguration",
"DeleteAwsLogSource",
"DeleteCustomLogSource",
"DeleteDatalake",
"DeleteDatalakeAutoEnable",
"DeleteDatalakeDelegatedAdmin",
"DeleteDatalakeExceptionsSubscription",
"DeleteSubscriber",
"DeleteSubscriptionNotificationConfiguration",
"GetDatalake",
"GetDatalakeAutoEnable",
"GetDatalakeExceptionsExpiry",
"GetDatalakeExceptionsSubscription",
"GetDatalakeStatus",
"GetSubscriber",
"GetSubscriptionNotificationConfiguration",
"ListDatalakeExceptions",
"ListLogSources",
"ListSubscribers",
"UpdateDatalake",
"UpdateDatalakeExceptionsExpiry",
"UpdateDatalakeExceptionsSubscription",
"UpdateSubscriber",
"UpdateSubscriptionNotificationConfiguration"
],
"HasResource": false,
"StringPrefix": "securitylake"
},
"Amazon Session Manager Message Gateway Service": {
"Actions": [
"CreateControlChannel",
"CreateDataChannel",
"OpenControlChannel",
"OpenDataChannel"
],
"HasResource": false,
"StringPrefix": "ssmmessages",
"conditionKeys": [
"ssm:SourceInstanceARN"
]
},
"Amazon Simple Email Service v2": {
"ARNFormat": "arn:aws:ses:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:ses:.+:[0-9]+:.+",
"Actions": [
"BatchGetMetricData",
"CreateConfigurationSet",
"CreateConfigurationSetEventDestination",
"CreateContact",
"CreateContactList",
"CreateCustomVerificationEmailTemplate",
"CreateDedicatedIpPool",
"CreateDeliverabilityTestReport",
"CreateEmailIdentity",
"CreateEmailIdentityPolicy",
"CreateEmailTemplate",
"CreateImportJob",
"DeleteConfigurationSet",
"DeleteConfigurationSetEventDestination",
"DeleteContact",
"DeleteContactList",
"DeleteCustomVerificationEmailTemplate",
"DeleteDedicatedIpPool",
"DeleteEmailIdentity",
"DeleteEmailIdentityPolicy",
"DeleteEmailTemplate",
"DeleteSuppressedDestination",
"GetAccount",
"GetBlacklistReports",
"GetConfigurationSet",
"GetConfigurationSetEventDestinations",
"GetContact",
"GetContactList",
"GetCustomVerificationEmailTemplate",
"GetDedicatedIp",
"GetDedicatedIpPool",
"GetDedicatedIps",
"GetDeliverabilityDashboardOptions",
"GetDeliverabilityTestReport",
"GetDomainDeliverabilityCampaign",
"GetDomainStatisticsReport",
"GetEmailIdentity",
"GetEmailIdentityPolicies",
"GetEmailTemplate",
"GetImportJob",
"GetSuppressedDestination",
"ListConfigurationSets",
"ListContactLists",
"ListContacts",
"ListCustomVerificationEmailTemplates",
"ListDedicatedIpPools",
"ListDeliverabilityTestReports",
"ListDomainDeliverabilityCampaigns",
"ListEmailIdentities",
"ListEmailTemplates",
"ListImportJobs",
"ListRecommendations",
"ListSuppressedDestinations",
"ListTagsForResource",
"PutAccountDedicatedIpWarmupAttributes",
"PutAccountDetails",
"PutAccountSendingAttributes",
"PutAccountSuppressionAttributes",
"PutAccountVdmAttributes",
"PutConfigurationSetDeliveryOptions",
"PutConfigurationSetReputationOptions",
"PutConfigurationSetSendingOptions",
"PutConfigurationSetSuppressionOptions",
"PutConfigurationSetTrackingOptions",
"PutConfigurationSetVdmOptions",
"PutDedicatedIpInPool",
"PutDedicatedIpWarmupAttributes",
"PutDeliverabilityDashboardOption",
"PutEmailIdentityConfigurationSetAttributes",
"PutEmailIdentityDkimAttributes",
"PutEmailIdentityDkimSigningAttributes",
"PutEmailIdentityFeedbackAttributes",
"PutEmailIdentityMailFromAttributes",
"PutSuppressedDestination",
"SendBulkEmail",
"SendCustomVerificationEmail",
"SendEmail",
"TagResource",
"TestRenderEmailTemplate",
"UntagResource",
"UpdateConfigurationSetEventDestination",
"UpdateContact",
"UpdateContactList",
"UpdateCustomVerificationEmailTemplate",
"UpdateEmailIdentityPolicy",
"UpdateEmailTemplate"
],
"HasResource": true,
"StringPrefix": "ses",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"ses:ApiVersion",
"ses:FeedbackAddress",
"ses:FromAddress",
"ses:FromDisplayName",
"ses:Recipients"
]
},
"Amazon Simple Workflow Service": {
"ARNFormat": "arn:aws:swf:${Region}:${Account}:/domain/${DomainName}",
"ARNRegex": "^arn:aws:swf:.+",
"Actions": [
"CancelTimer",
"CancelWorkflowExecution",
"CompleteWorkflowExecution",
"ContinueAsNewWorkflowExecution",
"CountClosedWorkflowExecutions",
"CountOpenWorkflowExecutions",
"CountPendingActivityTasks",
"CountPendingDecisionTasks",
"DeprecateActivityType",
"DeprecateDomain",
"DeprecateWorkflowType",
"DescribeActivityType",
"DescribeDomain",
"DescribeWorkflowExecution",
"DescribeWorkflowType",
"FailWorkflowExecution",
"GetWorkflowExecutionHistory",
"ListActivityTypes",
"ListClosedWorkflowExecutions",
"ListDomains",
"ListOpenWorkflowExecutions",
"ListTagsForResource",
"ListWorkflowTypes",
"PollForActivityTask",
"PollForDecisionTask",
"RecordActivityTaskHeartbeat",
"RecordMarker",
"RegisterActivityType",
"RegisterDomain",
"RegisterWorkflowType",
"RequestCancelActivityTask",
"RequestCancelExternalWorkflowExecution",
"RequestCancelWorkflowExecution",
"RespondActivityTaskCanceled",
"RespondActivityTaskCompleted",
"RespondActivityTaskFailed",
"RespondDecisionTaskCompleted",
"ScheduleActivityTask",
"SignalExternalWorkflowExecution",
"SignalWorkflowExecution",
"StartChildWorkflowExecution",
"StartTimer",
"StartWorkflowExecution",
"TagResource",
"TerminateWorkflowExecution",
"UndeprecateActivityType",
"UndeprecateDomain",
"UndeprecateWorkflowType",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "swf",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"swf:activityType.name",
"swf:activityType.version",
"swf:defaultTaskList.name",
"swf:name",
"swf:tagFilter.tag",
"swf:tagList.member.0",
"swf:tagList.member.1",
"swf:tagList.member.2",
"swf:tagList.member.3",
"swf:tagList.member.4",
"swf:taskList.name",
"swf:typeFilter.name",
"swf:typeFilter.version",
"swf:version",
"swf:workflowType.name",
"swf:workflowType.version"
]
},
"Amazon SimpleDB": {
"ARNFormat": "arn:aws:sdb:${Region}:${Account}:domain/${DomainName}",
"ARNRegex": "^arn:aws:sdb:.+",
"Actions": [
"BatchDeleteAttributes",
"BatchPutAttributes",
"CreateDomain",
"DeleteAttributes",
"DeleteDomain",
"DomainMetadata",
"GetAttributes",
"ListDomains",
"PutAttributes",
"Select"
],
"HasResource": true,
"StringPrefix": "sdb"
},
"Amazon Textract": {
"ARNFormat": "arn:${Partition}:textract:${Region}:${Account}:${RelativeId}",
"ARNRegex": "^arn:${Partition}:textract:.+",
"Actions": [
"AnalyzeDocument",
"AnalyzeExpense",
"AnalyzeID",
"DetectDocumentText",
"GetDocumentAnalysis",
"GetDocumentTextDetection",
"GetExpenseAnalysis",
"GetLendingAnalysis",
"GetLendingAnalysisSummary",
"StartDocumentAnalysis",
"StartDocumentTextDetection",
"StartExpenseAnalysis",
"StartLendingAnalysis"
],
"HasResource": false,
"StringPrefix": "textract"
},
"Amazon Timestream": {
"ARNFormat": "arn:aws:timestream:${Region}:${Account}:database/${DatabaseName}/table/${TableName}",
"ARNRegex": "^arn:aws:timestream:.+",
"Actions": [
"CancelQuery",
"CreateBatchLoadTask",
"CreateDatabase",
"CreateScheduledQuery",
"CreateTable",
"DeleteDatabase",
"DeleteScheduledQuery",
"DeleteTable",
"DescribeBatchLoadTask",
"DescribeDatabase",
"DescribeEndpoints",
"DescribeScheduledQuery",
"DescribeTable",
"ExecuteScheduledQuery",
"GetAwsBackupStatus",
"GetAwsRestoreStatus",
"ListBatchLoadTasks",
"ListDatabases",
"ListMeasures",
"ListScheduledQueries",
"ListTables",
"ListTagsForResource",
"PrepareQuery",
"ResumeBatchLoadTask",
"Select",
"SelectValues",
"StartAwsBackupJob",
"StartAwsRestoreJob",
"TagResource",
"UntagResource",
"UpdateDatabase",
"UpdateScheduledQuery",
"UpdateTable",
"WriteRecords"
],
"HasResource": true,
"StringPrefix": "timestream",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon Transcribe": {
"ARNFormat": "arn:aws:transcribe:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:transcribe:.+:.+:.+",
"Actions": [
"CreateCallAnalyticsCategory",
"CreateLanguageModel",
"CreateMedicalVocabulary",
"CreateVocabulary",
"CreateVocabularyFilter",
"DeleteCallAnalyticsCategory",
"DeleteCallAnalyticsJob",
"DeleteLanguageModel",
"DeleteMedicalTranscriptionJob",
"DeleteMedicalVocabulary",
"DeleteTranscriptionJob",
"DeleteVocabulary",
"DeleteVocabularyFilter",
"DescribeLanguageModel",
"GetCallAnalyticsCategory",
"GetCallAnalyticsJob",
"GetMedicalTranscriptionJob",
"GetMedicalVocabulary",
"GetTranscriptionJob",
"GetVocabulary",
"GetVocabularyFilter",
"ListCallAnalyticsCategories",
"ListCallAnalyticsJobs",
"ListLanguageModels",
"ListMedicalTranscriptionJobs",
"ListMedicalVocabularies",
"ListTagsForResource",
"ListTranscriptionJobs",
"ListVocabularies",
"ListVocabularyFilters",
"StartCallAnalyticsJob",
"StartCallAnalyticsStreamTranscription",
"StartCallAnalyticsStreamTranscriptionWebSocket",
"StartMedicalStreamTranscription",
"StartMedicalStreamTranscriptionWebSocket",
"StartMedicalTranscriptionJob",
"StartStreamTranscription",
"StartStreamTranscriptionWebSocket",
"StartTranscriptionJob",
"TagResource",
"UntagResource",
"UpdateCallAnalyticsCategory",
"UpdateMedicalVocabulary",
"UpdateVocabulary",
"UpdateVocabularyFilter"
],
"HasResource": true,
"StringPrefix": "transcribe",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"transcribe:OutputBucketName",
"transcribe:OutputEncryptionKMSKeyId",
"transcribe:OutputKey",
"transcribe:OutputLocation"
]
},
"Amazon Translate": {
"ARNFormat": "arn:aws:translate:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:translate:.+:.+:.+",
"Actions": [
"CreateParallelData",
"DeleteParallelData",
"DeleteTerminology",
"DescribeTextTranslationJob",
"GetParallelData",
"GetTerminology",
"ImportTerminology",
"ListLanguages",
"ListParallelData",
"ListTagsForResource",
"ListTerminologies",
"ListTextTranslationJobs",
"StartTextTranslationJob",
"StopTextTranslationJob",
"TagResource",
"TranslateText",
"UntagResource",
"UpdateParallelData"
],
"HasResource": true,
"StringPrefix": "translate",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon VPC Lattice": {
"ARNFormat": "arn:aws:vpc-lattice:${Region}:${Account}:${ResourceType}/${RelativeId}",
"ARNRegex": "^arn:aws:vpc-lattice:.+",
"Actions": [
"CreateAccessLogSubscription",
"CreateListener",
"CreateRule",
"CreateService",
"CreateServiceNetwork",
"CreateServiceNetworkServiceAssociation",
"CreateServiceNetworkVpcAssociation",
"CreateTargetGroup",
"DeleteAccessLogSubscription",
"DeleteAuthPolicy",
"DeleteListener",
"DeleteResourcePolicy",
"DeleteRule",
"DeleteService",
"DeleteServiceNetwork",
"DeleteServiceNetworkServiceAssociation",
"DeleteServiceNetworkVpcAssociation",
"DeleteTargetGroup",
"DeregisterTargets",
"GetAccessLogSubscription",
"GetAuthPolicy",
"GetListener",
"GetResourcePolicy",
"GetRule",
"GetService",
"GetServiceNetwork",
"GetServiceNetworkServiceAssociation",
"GetServiceNetworkVpcAssociation",
"GetTargetGroup",
"ListAccessLogSubscriptions",
"ListListeners",
"ListRules",
"ListServiceNetworkServiceAssociations",
"ListServiceNetworkVpcAssociations",
"ListServiceNetworks",
"ListServices",
"ListTagsForResource",
"ListTargetGroups",
"ListTargets",
"PutAuthPolicy",
"PutResourcePolicy",
"RegisterTargets",
"TagResource",
"UntagResource",
"UpdateAccessLogSubscription",
"UpdateListener",
"UpdateRule",
"UpdateService",
"UpdateServiceNetwork",
"UpdateServiceNetworkVpcAssociation",
"UpdateTargetGroup"
],
"HasResource": true,
"StringPrefix": "vpc-lattice",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"vpc-lattice:AuthType",
"vpc-lattice:Protocol",
"vpc-lattice:SecurityGroupIds",
"vpc-lattice:ServiceArn",
"vpc-lattice:ServiceNetworkArn",
"vpc-lattice:TargetGroupArns",
"vpc-lattice:VpcId"
]
},
"Amazon VPC Lattice Services": {
"ARNFormat": "arn:aws:vpc-lattice:${Region}:${Account}:${ResourceType}/${RelativeId}",
"ARNRegex": "^arn:aws:vpc-lattice:.+",
"Actions": [
"Invoke"
],
"HasResource": true,
"StringPrefix": "vpc-lattice-svcs",
"conditionKeys": [
"vpc-lattice-svcs:Port",
"vpc-lattice-svcs:RequestHeader/${HeaderName}",
"vpc-lattice-svcs:RequestMethod",
"vpc-lattice-svcs:RequestQueryString/${QueryStringKey}",
"vpc-lattice-svcs:ServiceArn",
"vpc-lattice-svcs:ServiceNetworkArn",
"vpc-lattice-svcs:SourceVpc",
"vpc-lattice-svcs:SourceVpcOwnerAccount"
]
},
"Amazon WorkDocs": {
"Actions": [
"AbortDocumentVersionUpload",
"ActivateUser",
"AddNotificationPermissions",
"AddResourcePermissions",
"AddUserToGroup",
"CheckAlias",
"CreateComment",
"CreateCustomMetadata",
"CreateFolder",
"CreateInstance",
"CreateLabels",
"CreateNotificationSubscription",
"CreateUser",
"DeactivateUser",
"DeleteComment",
"DeleteCustomMetadata",
"DeleteDocument",
"DeleteDocumentVersion",
"DeleteFolder",
"DeleteFolderContents",
"DeleteInstance",
"DeleteLabels",
"DeleteNotificationPermissions",
"DeleteNotificationSubscription",
"DeleteUser",
"DeregisterDirectory",
"DescribeActivities",
"DescribeAvailableDirectories",
"DescribeComments",
"DescribeDocumentVersions",
"DescribeFolderContents",
"DescribeGroups",
"DescribeInstances",
"DescribeNotificationPermissions",
"DescribeNotificationSubscriptions",
"DescribeResourcePermissions",
"DescribeRootFolders",
"DescribeUsers",
"DownloadDocumentVersion",
"GetCurrentUser",
"GetDocument",
"GetDocumentPath",
"GetDocumentVersion",
"GetFolder",
"GetFolderPath",
"GetGroup",
"GetResources",
"InitiateDocumentVersionUpload",
"RegisterDirectory",
"RemoveAllResourcePermissions",
"RemoveResourcePermission",
"RestoreDocumentVersions",
"SearchResources",
"UpdateDocument",
"UpdateDocumentVersion",
"UpdateFolder",
"UpdateInstanceAlias",
"UpdateUser"
],
"HasResource": false,
"StringPrefix": "workdocs"
},
"Amazon WorkLink": {
"ARNFormat": "arn:aws:worklink::${Account}:${ResourceType}/${ResourcePath}",
"ARNRegex": "^arn:aws:worklink:.+",
"Actions": [
"AssociateDomain",
"AssociateWebsiteAuthorizationProvider",
"AssociateWebsiteCertificateAuthority",
"CreateFleet",
"DeleteFleet",
"DescribeAuditStreamConfiguration",
"DescribeCompanyNetworkConfiguration",
"DescribeDevice",
"DescribeDevicePolicyConfiguration",
"DescribeDomain",
"DescribeFleetMetadata",
"DescribeIdentityProviderConfiguration",
"DescribeWebsiteCertificateAuthority",
"DisassociateDomain",
"DisassociateWebsiteAuthorizationProvider",
"DisassociateWebsiteCertificateAuthority",
"ListDevices",
"ListDomains",
"ListFleets",
"ListTagsForResource",
"ListWebsiteAuthorizationProviders",
"ListWebsiteCertificateAuthorities",
"RestoreDomainAccess",
"RevokeDomainAccess",
"SearchEntity",
"SignOutUser",
"TagResource",
"UntagResource",
"UpdateAuditStreamConfiguration",
"UpdateCompanyNetworkConfiguration",
"UpdateDevicePolicyConfiguration",
"UpdateDomainMetadata",
"UpdateFleetMetadata",
"UpdateIdentityProviderConfiguration"
],
"HasResource": true,
"StringPrefix": "worklink",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon WorkMail": {
"ARNFormat": "arn:aws:workmail:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:workmail:.+:.+:.+",
"Actions": [
"AddMembersToGroup",
"AssociateDelegateToResource",
"AssociateMemberToGroup",
"AssumeImpersonationRole",
"CancelMailboxExportJob",
"CreateAlias",
"CreateAvailabilityConfiguration",
"CreateGroup",
"CreateImpersonationRole",
"CreateInboundMailFlowRule",
"CreateMailDomain",
"CreateMailUser",
"CreateMobileDeviceAccessRule",
"CreateOrganization",
"CreateOutboundMailFlowRule",
"CreateResource",
"CreateSmtpGateway",
"CreateUser",
"DeleteAccessControlRule",
"DeleteAlias",
"DeleteAvailabilityConfiguration",
"DeleteEmailMonitoringConfiguration",
"DeleteGroup",
"DeleteImpersonationRole",
"DeleteInboundMailFlowRule",
"DeleteMailDomain",
"DeleteMailboxPermissions",
"DeleteMobileDevice",
"DeleteMobileDeviceAccessOverride",
"DeleteMobileDeviceAccessRule",
"DeleteOrganization",
"DeleteOutboundMailFlowRule",
"DeleteResource",
"DeleteRetentionPolicy",
"DeleteSmtpGateway",
"DeleteUser",
"DeregisterFromWorkMail",
"DeregisterMailDomain",
"DescribeDirectories",
"DescribeEmailMonitoringConfiguration",
"DescribeGroup",
"DescribeInboundDmarcSettings",
"DescribeInboundMailFlowRule",
"DescribeKmsKeys",
"DescribeMailDomains",
"DescribeMailGroups",
"DescribeMailUsers",
"DescribeMailboxExportJob",
"DescribeOrganization",
"DescribeOrganizations",
"DescribeOutboundMailFlowRule",
"DescribeResource",
"DescribeSmtpGateway",
"DescribeUser",
"DisableMailGroups",
"DisableMailUsers",
"DisassociateDelegateFromResource",
"DisassociateMemberFromGroup",
"EnableMailDomain",
"EnableMailGroups",
"EnableMailUsers",
"GetAccessControlEffect",
"GetDefaultRetentionPolicy",
"GetImpersonationRole",
"GetImpersonationRoleEffect",
"GetJournalingRules",
"GetMailDomain",
"GetMailDomainDetails",
"GetMailGroupDetails",
"GetMailUserDetails",
"GetMailboxDetails",
"GetMobileDeviceAccessEffect",
"GetMobileDeviceAccessOverride",
"GetMobileDeviceDetails",
"GetMobileDevicesForUser",
"GetMobilePolicyDetails",
"ListAccessControlRules",
"ListAliases",
"ListAvailabilityConfigurations",
"ListGroupMembers",
"ListGroups",
"ListImpersonationRoles",
"ListInboundMailFlowRules",
"ListMailDomains",
"ListMailboxExportJobs",
"ListMailboxPermissions",
"ListMembersInMailGroup",
"ListMobileDeviceAccessOverrides",
"ListMobileDeviceAccessRules",
"ListOrganizations",
"ListOutboundMailFlowRules",
"ListResourceDelegates",
"ListResources",
"ListSmtpGateways",
"ListTagsForResource",
"ListUsers",
"PutAccessControlRule",
"PutEmailMonitoringConfiguration",
"PutInboundDmarcSettings",
"PutMailboxPermissions",
"PutMobileDeviceAccessOverride",
"PutRetentionPolicy",
"RegisterMailDomain",
"RegisterToWorkMail",
"RemoveMembersFromGroup",
"ResetPassword",
"ResetUserPassword",
"SearchMembers",
"SetAdmin",
"SetDefaultMailDomain",
"SetJournalingRules",
"SetMailGroupDetails",
"SetMailUserDetails",
"SetMobilePolicyDetails",
"StartMailboxExportJob",
"TagResource",
"TestAvailabilityConfiguration",
"TestInboundMailFlowRules",
"TestOutboundMailFlowRules",
"UntagResource",
"UpdateAvailabilityConfiguration",
"UpdateDefaultMailDomain",
"UpdateImpersonationRole",
"UpdateInboundMailFlowRule",
"UpdateMailboxQuota",
"UpdateMobileDeviceAccessRule",
"UpdateOutboundMailFlowRule",
"UpdatePrimaryEmailAddress",
"UpdateResource",
"UpdateSmtpGateway",
"WipeMobileDevice"
],
"HasResource": true,
"StringPrefix": "workmail",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Amazon WorkMail Message Flow": {
"ARNFormat": "arn:aws:workmailmessageflow:${Region}:${Account}:message/${OrganizationId}/${Context}/${MessageId}",
"ARNRegex": "^arn:aws:workmailmessageflow:.+:.+:.+",
"Actions": [
"GetRawMessageContent",
"PutRawMessageContent"
],
"HasResource": true,
"StringPrefix": "workmailmessageflow"
},
"Amazon WorkSpaces": {
"ARNFormat": "arn:aws:workspaces:${Region}:${Account}:*",
"ARNRegex": "^arn:aws:workspaces:.*:.*:.*",
"Actions": [
"AssociateConnectionAlias",
"AssociateIpGroups",
"AuthorizeIpRules",
"CopyWorkspaceImage",
"CreateConnectClientAddIn",
"CreateConnectionAlias",
"CreateIpGroup",
"CreateStandbyWorkspaces",
"CreateTags",
"CreateUpdatedWorkspaceImage",
"CreateWorkspaceBundle",
"CreateWorkspaceImage",
"CreateWorkspaces",
"DeleteClientBranding",
"DeleteConnectClientAddIn",
"DeleteConnectionAlias",
"DeleteIpGroup",
"DeleteTags",
"DeleteWorkspaceBundle",
"DeleteWorkspaceImage",
"DeregisterWorkspaceDirectory",
"DescribeAccount",
"DescribeAccountModifications",
"DescribeClientBranding",
"DescribeClientProperties",
"DescribeConnectClientAddIns",
"DescribeConnectionAliasPermissions",
"DescribeConnectionAliases",
"DescribeIpGroups",
"DescribeTags",
"DescribeWorkspaceBundles",
"DescribeWorkspaceDirectories",
"DescribeWorkspaceImagePermissions",
"DescribeWorkspaceImages",
"DescribeWorkspaceSnapshots",
"DescribeWorkspaces",
"DescribeWorkspacesConnectionStatus",
"DisassociateConnectionAlias",
"DisassociateIpGroups",
"ImportClientBranding",
"ImportWorkspaceImage",
"ListAvailableManagementCidrRanges",
"MigrateWorkspace",
"ModifyAccount",
"ModifyCertificateBasedAuthProperties",
"ModifyClientProperties",
"ModifySamlProperties",
"ModifySelfservicePermissions",
"ModifyWorkspaceAccessProperties",
"ModifyWorkspaceCreationProperties",
"ModifyWorkspaceProperties",
"ModifyWorkspaceState",
"RebootWorkspaces",
"RebuildWorkspaces",
"RegisterWorkspaceDirectory",
"RestoreWorkspace",
"RevokeIpRules",
"StartWorkspaces",
"StopWorkspaces",
"Stream",
"TerminateWorkspaces",
"UpdateConnectClientAddIn",
"UpdateConnectionAliasPermission",
"UpdateRulesOfIpGroup",
"UpdateWorkspaceBundle",
"UpdateWorkspaceImagePermission"
],
"HasResource": true,
"StringPrefix": "workspaces",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"workspaces:userId"
]
},
"Amazon WorkSpaces Application Manager": {
"Actions": [
"AuthenticatePackager"
],
"HasResource": false,
"StringPrefix": "wam"
},
"Amazon WorkSpaces Web": {
"ARNFormat": "arn:aws:workspaces-web:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}",
"ARNRegex": "^arn:aws:workspaces-web:.+",
"Actions": [
"AssociateBrowserSettings",
"AssociateNetworkSettings",
"AssociateTrustStore",
"AssociateUserAccessLoggingSettings",
"AssociateUserSettings",
"CreateBrowserSettings",
"CreateIdentityProvider",
"CreateNetworkSettings",
"CreatePortal",
"CreateTrustStore",
"CreateUserAccessLoggingSettings",
"CreateUserSettings",
"DeleteBrowserSettings",
"DeleteIdentityProvider",
"DeleteNetworkSettings",
"DeletePortal",
"DeleteTrustStore",
"DeleteUserAccessLoggingSettings",
"DeleteUserSettings",
"DisassociateBrowserSettings",
"DisassociateNetworkSettings",
"DisassociateTrustStore",
"DisassociateUserAccessLoggingSettings",
"DisassociateUserSettings",
"GetBrowserSettings",
"GetIdentityProvider",
"GetNetworkSettings",
"GetPortal",
"GetPortalServiceProviderMetadata",
"GetTrustStore",
"GetTrustStoreCertificate",
"GetUserAccessLoggingSettings",
"GetUserSettings",
"ListBrowserSettings",
"ListIdentityProviders",
"ListNetworkSettings",
"ListPortals",
"ListTagsForResource",
"ListTrustStoreCertificates",
"ListTrustStores",
"ListUserAccessLoggingSettings",
"ListUserSettings",
"TagResource",
"UntagResource",
"UpdateBrowserSettings",
"UpdateIdentityProvider",
"UpdateNetworkSettings",
"UpdatePortal",
"UpdateTrustStore",
"UpdateUserAccessLoggingSettings",
"UpdateUserSettings"
],
"HasResource": true,
"StringPrefix": "workspaces-web",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"AmazonMediaImport": {
"ARNFormat": "arn:aws:mediaimport:${Region}:${Account}/*",
"Actions": [
"CreateDatabaseBinarySnapshot"
],
"HasResource": false,
"StringPrefix": "mediaimport"
},
"Apache Kafka APIs for Amazon MSK clusters": {
"ARNFormat": "arn:aws:kafka:${Region}:${Account}:${ResourceType}/${ResourceDescriptor}",
"ARNRegex": "^arn:aws:kafka:.+",
"Actions": [
"AlterCluster",
"AlterClusterDynamicConfiguration",
"AlterGroup",
"AlterTopic",
"AlterTopicDynamicConfiguration",
"AlterTransactionalId",
"Connect",
"CreateTopic",
"DeleteGroup",
"DeleteTopic",
"DescribeCluster",
"DescribeClusterDynamicConfiguration",
"DescribeGroup",
"DescribeTopic",
"DescribeTopicDynamicConfiguration",
"DescribeTransactionalId",
"ReadData",
"WriteData",
"WriteDataIdempotently"
],
"HasResource": true,
"StringPrefix": "kafka-cluster",
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
]
},
"Application Discovery Arsenal": {
"Actions": [
"RegisterOnPremisesAgent"
],
"HasResource": false,
"StringPrefix": "arsenal"
},
"Database Query Metadata Service": {
"ARNFormat": "arn:${Partition}:dbqms::",
"ARNRegex": "^arn:${Partition}:dbqms::.+",
"Actions": [
"CreateFavoriteQuery",
"CreateQueryHistory",
"CreateTab",
"DeleteFavoriteQueries",
"DeleteQueryHistory",
"DeleteTab",
"DescribeFavoriteQueries",
"DescribeQueryHistory",
"DescribeTabs",
"GetQueryString",
"UpdateFavoriteQuery",
"UpdateQueryHistory",
"UpdateTab"
],
"HasResource": false,
"StringPrefix": "dbqms"
},
"Elastic Load Balancing V2": {
"ARNFormat": "arn:aws:elasticloadbalancing:${Region}:${Account}:${ResourceType}/${ResourceId}",
"ARNRegex": "^arn:aws:elasticloadbalancing:.+",
"Actions": [
"AddListenerCertificates",
"AddTags",
"CreateListener",
"CreateLoadBalancer",
"CreateRule",
"CreateTargetGroup",
"DeleteListener",
"DeleteLoadBalancer",
"DeleteRule",
"DeleteTargetGroup",
"DeregisterTargets",
"DescribeAccountLimits",
"DescribeListenerCertificates",
"DescribeListeners",
"DescribeLoadBalancerAttributes",
"DescribeLoadBalancers",
"DescribeRules",
"DescribeSSLPolicies",
"DescribeTags",
"DescribeTargetGroupAttributes",
"DescribeTargetGroups",
"DescribeTargetHealth",
"ModifyListener",
"ModifyLoadBalancerAttributes",
"ModifyRule",
"ModifyTargetGroup",
"ModifyTargetGroupAttributes",
"RegisterTargets",
"RemoveListenerCertificates",
"RemoveTags",
"SetIpAddressType",
"SetRulePriorities",
"SetSecurityGroups",
"SetSubnets",
"SetWebAcl"
],
"HasResource": true,
"StringPrefix": "elasticloadbalancing",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"elasticloadbalancing:ResourceTag/${TagKey}"
]
},
"High-volume outbound communications": {
"ARNFormat": "arn:aws:connect-campaigns:${Region}:${Account}:campaign/${CampaignId}",
"ARNRegex": "^arn:aws:connect-campaigns:.+:.*:campaign/.*",
"Actions": [
"CreateCampaign",
"DeleteCampaign",
"DeleteConnectInstanceConfig",
"DeleteInstanceOnboardingJob",
"DescribeCampaign",
"GetCampaignState",
"GetCampaignStateBatch",
"GetConnectInstanceConfig",
"GetInstanceOnboardingJobStatus",
"ListCampaigns",
"ListTagsForResource",
"PauseCampaign",
"PutDialRequestBatch",
"ResumeCampaign",
"StartCampaign",
"StartInstanceOnboardingJob",
"StopCampaign",
"TagResource",
"UntagResource",
"UpdateCampaignDialerConfig",
"UpdateCampaignName",
"UpdateCampaignOutboundCallConfig"
],
"HasResource": true,
"StringPrefix": "connect-campaigns",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
]
},
"Service Quotas": {
"ARNFormat": "arn:aws:servicequotas:${Region}:${Account}:${ResourceType}/${ResourceName}",
"ARNRegex": "^arn:aws:servicequotas:.+",
"Actions": [
"AssociateServiceQuotaTemplate",
"DeleteServiceQuotaIncreaseRequestFromTemplate",
"DisassociateServiceQuotaTemplate",
"GetAWSDefaultServiceQuota",
"GetAssociationForServiceQuotaTemplate",
"GetRequestedServiceQuotaChange",
"GetServiceQuota",
"GetServiceQuotaIncreaseRequestFromTemplate",
"ListAWSDefaultServiceQuotas",
"ListRequestedServiceQuotaChangeHistory",
"ListRequestedServiceQuotaChangeHistoryByQuota",
"ListServiceQuotaIncreaseRequestsInTemplate",
"ListServiceQuotas",
"ListServices",
"ListTagsForResource",
"PutServiceQuotaIncreaseRequestIntoTemplate",
"RequestServiceQuotaIncrease",
"TagResource",
"UntagResource"
],
"HasResource": true,
"StringPrefix": "servicequotas",
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"servicequotas:service"
]
}
}
}