diff --git a/CHANGELOG/v0.658.0.md b/CHANGELOG/v0.658.0.md new file mode 100644 index 000000000..0b7f4b599 --- /dev/null +++ b/CHANGELOG/v0.658.0.md @@ -0,0 +1,58 @@ +:warning: **Removed actions:** + +- ecr:DescribeRepositoryCreationTemplate +- sagemaker:DeleteOptimization + +:warning: **Removed resource types:** + +- ssm:resourcearn + +**New actions:** + +- arc-zonal-shift:GetAutoshiftObserverNotificationStatus +- arc-zonal-shift:UpdateAutoshiftObserverNotificationStatus +- bedrock:CreateModelCopyJob +- bedrock:GetModelCopyJob +- bedrock:ListModelCopyJobs +- cleanrooms:CreateConfiguredTableAssociationAnalysisRule +- cleanrooms:CreateIdMappingTable +- cleanrooms:CreateIdNamespaceAssociation +- cleanrooms:DeleteConfiguredTableAssociationAnalysisRule +- cleanrooms:DeleteIdMappingTable +- cleanrooms:DeleteIdNamespaceAssociation +- cleanrooms:GetCollaborationIdNamespaceAssociation +- cleanrooms:GetConfiguredTableAssociationAnalysisRule +- cleanrooms:GetIdMappingTable +- cleanrooms:GetIdNamespaceAssociation +- cleanrooms:ListCollaborationIdNamespaceAssociations +- cleanrooms:ListIdMappingTables +- cleanrooms:ListIdNamespaceAssociations +- cleanrooms:PopulateIdMappingTable +- cleanrooms:UpdateConfiguredTableAssociationAnalysisRule +- cleanrooms:UpdateIdMappingTable +- cleanrooms:UpdateIdNamespaceAssociation +- customer-verification:CreateUploadUrls +- ecr:DescribeRepositoryCreationTemplates +- ecr:UpdateRepositoryCreationTemplate +- elasticloadbalancing:DeleteSharedTrustStoreAssociation +- elasticloadbalancing:GetResourcePolicy +- entityresolution:UseWorkflow +- resiliencehub:AcceptResourceGroupingRecommendations +- resiliencehub:DescribeResourceGroupingRecommendationTask +- resiliencehub:ListResourceGroupingRecommendations +- resiliencehub:RejectResourceGroupingRecommendations +- resiliencehub:StartResourceGroupingRecommendationTask +- sagemaker:DeleteOptimizationJob +- workmail:DeliverToMailbox + +**New resource types:** + +- bedrock:model-copy-job +- cleanrooms:idmappingtable +- cleanrooms:idnamespaceassociation +- ssm:opsitemgroup + +**New condition keys:** + +- eks:authenticationMode +- eks:supportType diff --git a/README.md b/README.md index 500218295..a15f5b7e8 100644 --- a/README.md +++ b/README.md @@ -17,8 +17,8 @@ Support for: - 401 Services -- 17032 Actions -- 1822 Resource Types +- 17042 Actions +- 1823 Resource Types - 1782 Condition keys diff --git a/VERSION b/VERSION index 35c31ea1d..eac7c7016 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.657.0 +0.658.0 diff --git a/docs/source/conf.py b/docs/source/conf.py index 6b0dcad74..a9a2b3db1 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -24,7 +24,7 @@ author = 'Daniel Schroeder' # The full version, including alpha/beta/rc tags -release = '0.657.0' +release = '0.658.0' # -- General configuration --------------------------------------------------- diff --git a/docs/source/index.rst b/docs/source/index.rst index 2cb707445..5c5eeba4f 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -31,8 +31,8 @@ AWS IAM policy statement generator with fluent interface. Support for: - 401 Services -- 17032 Actions -- 1822 Resource Types +- 17042 Actions +- 1823 Resource Types - 1782 Condition keys .. diff --git a/lib/generated/policy-statements/bedrock.ts b/lib/generated/policy-statements/bedrock.ts index aed7ccff7..e7856e52e 100644 --- a/lib/generated/policy-statements/bedrock.ts +++ b/lib/generated/policy-statements/bedrock.ts @@ -229,6 +229,21 @@ export class Bedrock extends PolicyStatement { return this.to('CreateKnowledgeBase'); } + /** + * Grants permission to create a job for copying a custom model across region or across account + * + * Access Level: Write + * + * Possible conditions: + * - .ifAwsRequestTag() + * - .ifAwsTagKeys() + * + * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_CreateModelCopyJob.html + */ + public toCreateModelCopyJob() { + return this.to('CreateModelCopyJob'); + } + /** * Grants permission to create a job for customizing the model with your custom training data * @@ -704,6 +719,17 @@ export class Bedrock extends PolicyStatement { return this.to('GetKnowledgeBase'); } + /** + * Grants permission to get the properties associated with a model-copy job. Use this operation to get the status of a model-copy job + * + * Access Level: Read + * + * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_GetModelCopyJob.html + */ + public toGetModelCopyJob() { + return this.to('GetModelCopyJob'); + } + /** * Grants permission to get the properties associated with a model-customization job. Use this operation to get the status of a model-customization job * @@ -796,6 +822,8 @@ export class Bedrock extends PolicyStatement { * Grants permission to invoke a prompt flow with user input * * Access Level: Read + * + * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_InvokeFlow.html */ public toInvokeFlow() { return this.to('InvokeFlow'); @@ -999,6 +1027,17 @@ export class Bedrock extends PolicyStatement { return this.to('ListKnowledgeBases'); } + /** + * Grants permission to get the list of model copy jobs that you have submitted + * + * Access Level: List + * + * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListModelCopyJobs.html + */ + public toListModelCopyJobs() { + return this.to('ListModelCopyJobs'); + } + /** * Grants permission to get the list of model customization jobs that you have submitted * @@ -1360,6 +1399,7 @@ export class Bedrock extends PolicyStatement { 'GetGuardrail', 'GetIngestionJob', 'GetKnowledgeBase', + 'GetModelCopyJob', 'GetModelCustomizationJob', 'GetModelEvaluationJob', 'GetModelInvocationJob', @@ -1389,6 +1429,7 @@ export class Bedrock extends PolicyStatement { 'CreateGuardrail', 'CreateGuardrailVersion', 'CreateKnowledgeBase', + 'CreateModelCopyJob', 'CreateModelCustomizationJob', 'CreateModelEvaluationJob', 'CreateModelInvocationJob', @@ -1451,6 +1492,7 @@ export class Bedrock extends PolicyStatement { 'ListGuardrails', 'ListIngestionJobs', 'ListKnowledgeBases', + 'ListModelCopyJobs', 'ListModelCustomizationJobs', 'ListModelEvaluationJobs', 'ListModelInvocationJobs', @@ -1682,6 +1724,23 @@ export class Bedrock extends PolicyStatement { return this.on(`arn:${ partition ?? this.defaultPartition }:bedrock:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:flow/${ flowId }/alias/${ flowAliasId }`); } + /** + * Adds a resource of type model-copy-job to the statement + * + * https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html + * + * @param resourceId - Identifier for the resourceId. + * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. + * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. + * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. + * + * Possible conditions: + * - .ifAwsResourceTag() + */ + public onModelCopyJob(resourceId: string, account?: string, region?: string, partition?: string) { + return this.on(`arn:${ partition ?? this.defaultPartition }:bedrock:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:model-copy-job/${ resourceId }`); + } + /** * Adds a resource of type prompt to the statement * @@ -1731,6 +1790,7 @@ export class Bedrock extends PolicyStatement { * - .toCreateFlowAlias() * - .toCreateGuardrail() * - .toCreateKnowledgeBase() + * - .toCreateModelCopyJob() * - .toCreateModelCustomizationJob() * - .toCreateModelEvaluationJob() * - .toCreateModelInvocationJob() @@ -1765,6 +1825,7 @@ export class Bedrock extends PolicyStatement { * - guardrail * - flow * - flow-alias + * - model-copy-job * - prompt * - prompt-version * @@ -1790,6 +1851,7 @@ export class Bedrock extends PolicyStatement { * - .toCreateFlowAlias() * - .toCreateGuardrail() * - .toCreateKnowledgeBase() + * - .toCreateModelCopyJob() * - .toCreateModelCustomizationJob() * - .toCreateModelEvaluationJob() * - .toCreateModelInvocationJob() diff --git a/lib/generated/policy-statements/resiliencehub.ts b/lib/generated/policy-statements/resiliencehub.ts index 51cfc077e..26ac98279 100644 --- a/lib/generated/policy-statements/resiliencehub.ts +++ b/lib/generated/policy-statements/resiliencehub.ts @@ -18,6 +18,17 @@ export class Resiliencehub extends PolicyStatement { super(sid); } + /** + * Grants permission to accept resource grouping recommendations + * + * Access Level: Write + * + * https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_AcceptResourceGroupingRecommendations.html + */ + public toAcceptResourceGroupingRecommendations() { + return this.to('AcceptResourceGroupingRecommendations'); + } + /** * Grants permission to add draft application version resource mappings * @@ -299,6 +310,17 @@ export class Resiliencehub extends PolicyStatement { return this.to('DescribeResiliencyPolicy'); } + /** + * Grants permission to describe the latest status of the grouping recommendation process + * + * Access Level: Read + * + * https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_DescribeResourceGroupingRecommendationTask.html + */ + public toDescribeResourceGroupingRecommendationTask() { + return this.to('DescribeResourceGroupingRecommendationTask'); + } + /** * Grants permission to import resources to draft application version * @@ -472,6 +494,17 @@ export class Resiliencehub extends PolicyStatement { return this.to('ListResiliencyPolicies'); } + /** + * Grants permission to list resource grouping recommendations + * + * Access Level: List + * + * https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_ListResourceGroupingRecommendations.html + */ + public toListResourceGroupingRecommendations() { + return this.to('ListResourceGroupingRecommendations'); + } + /** * Grants permission to list SOP recommendations * @@ -549,6 +582,17 @@ export class Resiliencehub extends PolicyStatement { return this.to('PutDraftAppVersionTemplate'); } + /** + * Grants permission to reject resource grouping recommendations + * + * Access Level: Write + * + * https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_RejectResourceGroupingRecommendations.html + */ + public toRejectResourceGroupingRecommendations() { + return this.to('RejectResourceGroupingRecommendations'); + } + /** * Grants permission to remove draft application version mappings * @@ -611,6 +655,17 @@ export class Resiliencehub extends PolicyStatement { return this.to('StartAppAssessment'); } + /** + * Grants permission to start the grouping recommendation generation process + * + * Access Level: Write + * + * https://docs.aws.amazon.com/resilience-hub/latest/APIReference/API_StartResourceGroupingRecommendationTask.html + */ + public toStartResourceGroupingRecommendationTask() { + return this.to('StartResourceGroupingRecommendationTask'); + } + /** * Grants permission to assign a resource tag * @@ -700,6 +755,7 @@ export class Resiliencehub extends PolicyStatement { protected accessLevelList: AccessLevelList = { Write: [ + 'AcceptResourceGroupingRecommendations', 'AddDraftAppVersionResourceMappings', 'BatchUpdateRecommendationStatus', 'CreateApp', @@ -717,9 +773,11 @@ export class Resiliencehub extends PolicyStatement { 'ImportResourcesToDraftAppVersion', 'PublishAppVersion', 'PutDraftAppVersionTemplate', + 'RejectResourceGroupingRecommendations', 'RemoveDraftAppVersionResourceMappings', 'ResolveAppVersionResources', 'StartAppAssessment', + 'StartResourceGroupingRecommendationTask', 'UpdateApp', 'UpdateAppVersion', 'UpdateAppVersionAppComponent', @@ -736,6 +794,7 @@ export class Resiliencehub extends PolicyStatement { 'DescribeAppVersionTemplate', 'DescribeDraftAppVersionResourcesImportStatus', 'DescribeResiliencyPolicy', + 'DescribeResourceGroupingRecommendationTask', 'ListTagsForResource' ], List: [ @@ -753,6 +812,7 @@ export class Resiliencehub extends PolicyStatement { 'ListApps', 'ListRecommendationTemplates', 'ListResiliencyPolicies', + 'ListResourceGroupingRecommendations', 'ListSopRecommendations', 'ListSuggestedResiliencyPolicies', 'ListTestRecommendations', diff --git a/lib/generated/policy-statements/route53applicationrecoverycontroller-zonalshift.ts b/lib/generated/policy-statements/route53applicationrecoverycontroller-zonalshift.ts index 72117806b..ae39bdc0c 100644 --- a/lib/generated/policy-statements/route53applicationrecoverycontroller-zonalshift.ts +++ b/lib/generated/policy-statements/route53applicationrecoverycontroller-zonalshift.ts @@ -67,6 +67,17 @@ export class ArcZonalShift extends PolicyStatement { return this.to('DeletePracticeRunConfiguration'); } + /** + * Grants permission to get autoshift observer notification status + * + * Access Level: Read + * + * https://docs.aws.amazon.com/arc-zonal-shift/latest/api/API_GetAutoshiftObserverNotificationStatus.html + */ + public toGetAutoshiftObserverNotificationStatus() { + return this.to('GetAutoshiftObserverNotificationStatus'); + } + /** * Grants permission to get information about a managed resource * @@ -130,6 +141,17 @@ export class ArcZonalShift extends PolicyStatement { return this.to('StartZonalShift'); } + /** + * Grants permission to update autoshift observer notification status + * + * Access Level: Write + * + * https://docs.aws.amazon.com/arc-zonal-shift/latest/api/API_UpdateAutoshiftObserverNotificationStatus.html + */ + public toUpdateAutoshiftObserverNotificationStatus() { + return this.to('UpdateAutoshiftObserverNotificationStatus'); + } + /** * Grants permission to update a practice run configuration * @@ -185,11 +207,13 @@ export class ArcZonalShift extends PolicyStatement { 'CreatePracticeRunConfiguration', 'DeletePracticeRunConfiguration', 'StartZonalShift', + 'UpdateAutoshiftObserverNotificationStatus', 'UpdatePracticeRunConfiguration', 'UpdateZonalAutoshiftConfiguration', 'UpdateZonalShift' ], Read: [ + 'GetAutoshiftObserverNotificationStatus', 'GetManagedResource' ], List: [ diff --git a/stats/actions/arc-zonal-shift b/stats/actions/arc-zonal-shift index 690766c65..2ff64070f 100644 --- a/stats/actions/arc-zonal-shift +++ b/stats/actions/arc-zonal-shift @@ -1,11 +1,13 @@ arc-zonal-shift:CancelZonalShift;Write arc-zonal-shift:CreatePracticeRunConfiguration;Write arc-zonal-shift:DeletePracticeRunConfiguration;Write +arc-zonal-shift:GetAutoshiftObserverNotificationStatus;Read arc-zonal-shift:GetManagedResource;Read arc-zonal-shift:ListAutoshifts;List arc-zonal-shift:ListManagedResources;List arc-zonal-shift:ListZonalShifts;List arc-zonal-shift:StartZonalShift;Write +arc-zonal-shift:UpdateAutoshiftObserverNotificationStatus;Write arc-zonal-shift:UpdatePracticeRunConfiguration;Write arc-zonal-shift:UpdateZonalAutoshiftConfiguration;Write arc-zonal-shift:UpdateZonalShift;Write diff --git a/stats/actions/bedrock b/stats/actions/bedrock index 0b9a1e198..b1eedc0fa 100644 --- a/stats/actions/bedrock +++ b/stats/actions/bedrock @@ -14,6 +14,7 @@ bedrock:CreateFoundationModelAgreement;Write bedrock:CreateGuardrail;Write bedrock:CreateGuardrailVersion;Write bedrock:CreateKnowledgeBase;Write +bedrock:CreateModelCopyJob;Write bedrock:CreateModelCustomizationJob;Write bedrock:CreateModelEvaluationJob;Write bedrock:CreateModelInvocationJob;Write @@ -55,6 +56,7 @@ bedrock:GetFoundationModelAvailability;Read bedrock:GetGuardrail;Read bedrock:GetIngestionJob;Read bedrock:GetKnowledgeBase;Read +bedrock:GetModelCopyJob;Read bedrock:GetModelCustomizationJob;Read bedrock:GetModelEvaluationJob;Read bedrock:GetModelInvocationJob;Read @@ -82,6 +84,7 @@ bedrock:ListFoundationModels;List bedrock:ListGuardrails;List bedrock:ListIngestionJobs;List bedrock:ListKnowledgeBases;List +bedrock:ListModelCopyJobs;List bedrock:ListModelCustomizationJobs;List bedrock:ListModelEvaluationJobs;List bedrock:ListModelInvocationJobs;List diff --git a/stats/actions/resiliencehub b/stats/actions/resiliencehub index 707f1345b..a16d1e7b9 100644 --- a/stats/actions/resiliencehub +++ b/stats/actions/resiliencehub @@ -1,3 +1,4 @@ +resiliencehub:AcceptResourceGroupingRecommendations;Write resiliencehub:AddDraftAppVersionResourceMappings;Write resiliencehub:BatchUpdateRecommendationStatus;Write resiliencehub:CreateApp;Write @@ -21,6 +22,7 @@ resiliencehub:DescribeAppVersionResourcesResolutionStatus;Read resiliencehub:DescribeAppVersionTemplate;Read resiliencehub:DescribeDraftAppVersionResourcesImportStatus;Read resiliencehub:DescribeResiliencyPolicy;Read +resiliencehub:DescribeResourceGroupingRecommendationTask;Read resiliencehub:ImportResourcesToDraftAppVersion;Write resiliencehub:ListAlarmRecommendations;List resiliencehub:ListAppAssessmentComplianceDrifts;List @@ -36,6 +38,7 @@ resiliencehub:ListAppVersions;List resiliencehub:ListApps;List resiliencehub:ListRecommendationTemplates;List resiliencehub:ListResiliencyPolicies;List +resiliencehub:ListResourceGroupingRecommendations;List resiliencehub:ListSopRecommendations;List resiliencehub:ListSuggestedResiliencyPolicies;List resiliencehub:ListTagsForResource;Read @@ -43,9 +46,11 @@ resiliencehub:ListTestRecommendations;List resiliencehub:ListUnsupportedAppVersionResources;List resiliencehub:PublishAppVersion;Write resiliencehub:PutDraftAppVersionTemplate;Write +resiliencehub:RejectResourceGroupingRecommendations;Write resiliencehub:RemoveDraftAppVersionResourceMappings;Write resiliencehub:ResolveAppVersionResources;Write resiliencehub:StartAppAssessment;Write +resiliencehub:StartResourceGroupingRecommendationTask;Write resiliencehub:TagResource;Tagging resiliencehub:UntagResource;Tagging resiliencehub:UpdateApp;Write diff --git a/stats/resources/bedrock b/stats/resources/bedrock index 30d4ad4d0..19fa3b75a 100644 --- a/stats/resources/bedrock +++ b/stats/resources/bedrock @@ -7,6 +7,7 @@ bedrock:flow-alias bedrock:foundation-model bedrock:guardrail bedrock:knowledge-base +bedrock:model-copy-job bedrock:model-customization-job bedrock:model-evaluation-job bedrock:model-invocation-job