Skip to content

Commit

Permalink
Merge pull request #871 from udondan/iam-updates
Browse files Browse the repository at this point in the history
  • Loading branch information
udondan authored Aug 2, 2024
2 parents 4008949 + a20cfaa commit 04de0eb
Show file tree
Hide file tree
Showing 12 changed files with 221 additions and 6 deletions.
58 changes: 58 additions & 0 deletions CHANGELOG/v0.658.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
:warning: **Removed actions:**

- ecr:DescribeRepositoryCreationTemplate
- sagemaker:DeleteOptimization

:warning: **Removed resource types:**

- ssm:resourcearn

**New actions:**

- arc-zonal-shift:GetAutoshiftObserverNotificationStatus
- arc-zonal-shift:UpdateAutoshiftObserverNotificationStatus
- bedrock:CreateModelCopyJob
- bedrock:GetModelCopyJob
- bedrock:ListModelCopyJobs
- cleanrooms:CreateConfiguredTableAssociationAnalysisRule
- cleanrooms:CreateIdMappingTable
- cleanrooms:CreateIdNamespaceAssociation
- cleanrooms:DeleteConfiguredTableAssociationAnalysisRule
- cleanrooms:DeleteIdMappingTable
- cleanrooms:DeleteIdNamespaceAssociation
- cleanrooms:GetCollaborationIdNamespaceAssociation
- cleanrooms:GetConfiguredTableAssociationAnalysisRule
- cleanrooms:GetIdMappingTable
- cleanrooms:GetIdNamespaceAssociation
- cleanrooms:ListCollaborationIdNamespaceAssociations
- cleanrooms:ListIdMappingTables
- cleanrooms:ListIdNamespaceAssociations
- cleanrooms:PopulateIdMappingTable
- cleanrooms:UpdateConfiguredTableAssociationAnalysisRule
- cleanrooms:UpdateIdMappingTable
- cleanrooms:UpdateIdNamespaceAssociation
- customer-verification:CreateUploadUrls
- ecr:DescribeRepositoryCreationTemplates
- ecr:UpdateRepositoryCreationTemplate
- elasticloadbalancing:DeleteSharedTrustStoreAssociation
- elasticloadbalancing:GetResourcePolicy
- entityresolution:UseWorkflow
- resiliencehub:AcceptResourceGroupingRecommendations
- resiliencehub:DescribeResourceGroupingRecommendationTask
- resiliencehub:ListResourceGroupingRecommendations
- resiliencehub:RejectResourceGroupingRecommendations
- resiliencehub:StartResourceGroupingRecommendationTask
- sagemaker:DeleteOptimizationJob
- workmail:DeliverToMailbox

**New resource types:**

- bedrock:model-copy-job
- cleanrooms:idmappingtable
- cleanrooms:idnamespaceassociation
- ssm:opsitemgroup

**New condition keys:**

- eks:authenticationMode
- eks:supportType
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@
Support for:

- 401 Services
- 17032 Actions
- 1822 Resource Types
- 17042 Actions
- 1823 Resource Types
- 1782 Condition keys
<!-- /stats -->

Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.657.0
0.658.0
2 changes: 1 addition & 1 deletion docs/source/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
author = 'Daniel Schroeder'

# The full version, including alpha/beta/rc tags
release = '0.657.0'
release = '0.658.0'

# -- General configuration ---------------------------------------------------

Expand Down
4 changes: 2 additions & 2 deletions docs/source/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@ AWS IAM policy statement generator with fluent interface.
Support for:

- 401 Services
- 17032 Actions
- 1822 Resource Types
- 17042 Actions
- 1823 Resource Types
- 1782 Condition keys

..
Expand Down
62 changes: 62 additions & 0 deletions lib/generated/policy-statements/bedrock.ts
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,21 @@ export class Bedrock extends PolicyStatement {
return this.to('CreateKnowledgeBase');
}

/**
* Grants permission to create a job for copying a custom model across region or across account
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsRequestTag()
* - .ifAwsTagKeys()
*
* https://docs.aws.amazon.com/bedrock/latest/APIReference/API_CreateModelCopyJob.html
*/
public toCreateModelCopyJob() {
return this.to('CreateModelCopyJob');
}

/**
* Grants permission to create a job for customizing the model with your custom training data
*
Expand Down Expand Up @@ -704,6 +719,17 @@ export class Bedrock extends PolicyStatement {
return this.to('GetKnowledgeBase');
}

/**
* Grants permission to get the properties associated with a model-copy job. Use this operation to get the status of a model-copy job
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock/latest/APIReference/API_GetModelCopyJob.html
*/
public toGetModelCopyJob() {
return this.to('GetModelCopyJob');
}

/**
* Grants permission to get the properties associated with a model-customization job. Use this operation to get the status of a model-customization job
*
Expand Down Expand Up @@ -796,6 +822,8 @@ export class Bedrock extends PolicyStatement {
* Grants permission to invoke a prompt flow with user input
*
* Access Level: Read
*
* https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_InvokeFlow.html
*/
public toInvokeFlow() {
return this.to('InvokeFlow');
Expand Down Expand Up @@ -999,6 +1027,17 @@ export class Bedrock extends PolicyStatement {
return this.to('ListKnowledgeBases');
}

/**
* Grants permission to get the list of model copy jobs that you have submitted
*
* Access Level: List
*
* https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListModelCopyJobs.html
*/
public toListModelCopyJobs() {
return this.to('ListModelCopyJobs');
}

/**
* Grants permission to get the list of model customization jobs that you have submitted
*
Expand Down Expand Up @@ -1360,6 +1399,7 @@ export class Bedrock extends PolicyStatement {
'GetGuardrail',
'GetIngestionJob',
'GetKnowledgeBase',
'GetModelCopyJob',
'GetModelCustomizationJob',
'GetModelEvaluationJob',
'GetModelInvocationJob',
Expand Down Expand Up @@ -1389,6 +1429,7 @@ export class Bedrock extends PolicyStatement {
'CreateGuardrail',
'CreateGuardrailVersion',
'CreateKnowledgeBase',
'CreateModelCopyJob',
'CreateModelCustomizationJob',
'CreateModelEvaluationJob',
'CreateModelInvocationJob',
Expand Down Expand Up @@ -1451,6 +1492,7 @@ export class Bedrock extends PolicyStatement {
'ListGuardrails',
'ListIngestionJobs',
'ListKnowledgeBases',
'ListModelCopyJobs',
'ListModelCustomizationJobs',
'ListModelEvaluationJobs',
'ListModelInvocationJobs',
Expand Down Expand Up @@ -1682,6 +1724,23 @@ export class Bedrock extends PolicyStatement {
return this.on(`arn:${ partition ?? this.defaultPartition }:bedrock:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:flow/${ flowId }/alias/${ flowAliasId }`);
}

/**
* Adds a resource of type model-copy-job to the statement
*
* https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html
*
* @param resourceId - Identifier for the resourceId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
public onModelCopyJob(resourceId: string, account?: string, region?: string, partition?: string) {
return this.on(`arn:${ partition ?? this.defaultPartition }:bedrock:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:model-copy-job/${ resourceId }`);
}

/**
* Adds a resource of type prompt to the statement
*
Expand Down Expand Up @@ -1731,6 +1790,7 @@ export class Bedrock extends PolicyStatement {
* - .toCreateFlowAlias()
* - .toCreateGuardrail()
* - .toCreateKnowledgeBase()
* - .toCreateModelCopyJob()
* - .toCreateModelCustomizationJob()
* - .toCreateModelEvaluationJob()
* - .toCreateModelInvocationJob()
Expand Down Expand Up @@ -1765,6 +1825,7 @@ export class Bedrock extends PolicyStatement {
* - guardrail
* - flow
* - flow-alias
* - model-copy-job
* - prompt
* - prompt-version
*
Expand All @@ -1790,6 +1851,7 @@ export class Bedrock extends PolicyStatement {
* - .toCreateFlowAlias()
* - .toCreateGuardrail()
* - .toCreateKnowledgeBase()
* - .toCreateModelCopyJob()
* - .toCreateModelCustomizationJob()
* - .toCreateModelEvaluationJob()
* - .toCreateModelInvocationJob()
Expand Down
60 changes: 60 additions & 0 deletions lib/generated/policy-statements/resiliencehub.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,17 @@ export class Resiliencehub extends PolicyStatement {
super(sid);
}

/**
* Grants permission to accept resource grouping recommendations
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_AcceptResourceGroupingRecommendations.html
*/
public toAcceptResourceGroupingRecommendations() {
return this.to('AcceptResourceGroupingRecommendations');
}

/**
* Grants permission to add draft application version resource mappings
*
Expand Down Expand Up @@ -299,6 +310,17 @@ export class Resiliencehub extends PolicyStatement {
return this.to('DescribeResiliencyPolicy');
}

/**
* Grants permission to describe the latest status of the grouping recommendation process
*
* Access Level: Read
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DescribeResourceGroupingRecommendationTask.html
*/
public toDescribeResourceGroupingRecommendationTask() {
return this.to('DescribeResourceGroupingRecommendationTask');
}

/**
* Grants permission to import resources to draft application version
*
Expand Down Expand Up @@ -472,6 +494,17 @@ export class Resiliencehub extends PolicyStatement {
return this.to('ListResiliencyPolicies');
}

/**
* Grants permission to list resource grouping recommendations
*
* Access Level: List
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListResourceGroupingRecommendations.html
*/
public toListResourceGroupingRecommendations() {
return this.to('ListResourceGroupingRecommendations');
}

/**
* Grants permission to list SOP recommendations
*
Expand Down Expand Up @@ -549,6 +582,17 @@ export class Resiliencehub extends PolicyStatement {
return this.to('PutDraftAppVersionTemplate');
}

/**
* Grants permission to reject resource grouping recommendations
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_RejectResourceGroupingRecommendations.html
*/
public toRejectResourceGroupingRecommendations() {
return this.to('RejectResourceGroupingRecommendations');
}

/**
* Grants permission to remove draft application version mappings
*
Expand Down Expand Up @@ -611,6 +655,17 @@ export class Resiliencehub extends PolicyStatement {
return this.to('StartAppAssessment');
}

/**
* Grants permission to start the grouping recommendation generation process
*
* Access Level: Write
*
* https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_StartResourceGroupingRecommendationTask.html
*/
public toStartResourceGroupingRecommendationTask() {
return this.to('StartResourceGroupingRecommendationTask');
}

/**
* Grants permission to assign a resource tag
*
Expand Down Expand Up @@ -700,6 +755,7 @@ export class Resiliencehub extends PolicyStatement {

protected accessLevelList: AccessLevelList = {
Write: [
'AcceptResourceGroupingRecommendations',
'AddDraftAppVersionResourceMappings',
'BatchUpdateRecommendationStatus',
'CreateApp',
Expand All @@ -717,9 +773,11 @@ export class Resiliencehub extends PolicyStatement {
'ImportResourcesToDraftAppVersion',
'PublishAppVersion',
'PutDraftAppVersionTemplate',
'RejectResourceGroupingRecommendations',
'RemoveDraftAppVersionResourceMappings',
'ResolveAppVersionResources',
'StartAppAssessment',
'StartResourceGroupingRecommendationTask',
'UpdateApp',
'UpdateAppVersion',
'UpdateAppVersionAppComponent',
Expand All @@ -736,6 +794,7 @@ export class Resiliencehub extends PolicyStatement {
'DescribeAppVersionTemplate',
'DescribeDraftAppVersionResourcesImportStatus',
'DescribeResiliencyPolicy',
'DescribeResourceGroupingRecommendationTask',
'ListTagsForResource'
],
List: [
Expand All @@ -753,6 +812,7 @@ export class Resiliencehub extends PolicyStatement {
'ListApps',
'ListRecommendationTemplates',
'ListResiliencyPolicies',
'ListResourceGroupingRecommendations',
'ListSopRecommendations',
'ListSuggestedResiliencyPolicies',
'ListTestRecommendations',
Expand Down
Loading

0 comments on commit 04de0eb

Please sign in to comment.