Skip to content

Commit

Permalink
Merge pull request #788 from udondan/iam-updates
Browse files Browse the repository at this point in the history
  • Loading branch information
udondan authored Jun 22, 2024
2 parents 7d88d38 + 37d70bf commit 3624f38
Show file tree
Hide file tree
Showing 10 changed files with 161 additions and 6 deletions.
13 changes: 13 additions & 0 deletions CHANGELOG/v0.647.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
**New actions:**

- compute-optimizer:ExportRDSDatabaseRecommendations
- compute-optimizer:GetRDSDatabaseRecommendationProjectedMetrics
- compute-optimizer:GetRDSDatabaseRecommendations
- connect:CreateAuthenticationProfile
- connect:DescribeAuthenticationProfile
- connect:ListAuthenticationProfiles
- connect:UpdateAuthenticationProfile

**New resource types:**

- connect:authentication-profile
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@
Support for:

- 399 Services
- 16890 Actions
- 1807 Resource Types
- 16897 Actions
- 1808 Resource Types
- 1767 Condition keys
<!-- /stats -->

Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.646.0
0.647.0
2 changes: 1 addition & 1 deletion docs/source/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
author = 'Daniel Schroeder'

# The full version, including alpha/beta/rc tags
release = '0.646.0'
release = '0.647.0'

# -- General configuration ---------------------------------------------------

Expand Down
4 changes: 2 additions & 2 deletions docs/source/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@ AWS IAM policy statement generator with fluent interface.
Support for:

- 399 Services
- 16890 Actions
- 1807 Resource Types
- 16897 Actions
- 1808 Resource Types
- 1767 Condition keys

..
Expand Down
55 changes: 55 additions & 0 deletions lib/generated/policy-statements/computeoptimizer.ts
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ export class ComputeOptimizer extends PolicyStatement {
* Dependent actions:
* - autoscaling:DescribeAutoScalingGroups
* - ec2:DescribeInstances
* - rds:DescribeDBClusters
* - rds:DescribeDBInstances
*
* https://docs.aws.amazon.com/compute-optimizer/latest/APIReference/API_DeleteRecommendationPreferences.html
*/
Expand Down Expand Up @@ -139,6 +141,22 @@ export class ComputeOptimizer extends PolicyStatement {
return this.to('ExportLicenseRecommendations');
}

/**
* Grants permission to export rds recommendations to S3 for the provided accounts
*
* Access Level: Write
*
* Dependent actions:
* - compute-optimizer:GetRDSDatabaseRecommendations
* - rds:DescribeDBClusters
* - rds:DescribeDBInstances
*
* https://docs.aws.amazon.com/compute-optimizer/latest/APIReference/API_ExportRDSDatabaseRecommendations.html
*/
public toExportRDSDatabaseRecommendations() {
return this.to('ExportRDSDatabaseRecommendations');
}

/**
* Grants permission to get recommendations for the provided AutoScaling groups
*
Expand Down Expand Up @@ -233,6 +251,8 @@ export class ComputeOptimizer extends PolicyStatement {
* - autoscaling:DescribeAutoScalingGroups
* - autoscaling:DescribeAutoScalingInstances
* - ec2:DescribeInstances
* - rds:DescribeDBClusters
* - rds:DescribeDBInstances
*
* https://docs.aws.amazon.com/compute-optimizer/latest/APIReference/API_GetEffectiveRecommendationPreferences.html
*/
Expand Down Expand Up @@ -291,6 +311,36 @@ export class ComputeOptimizer extends PolicyStatement {
return this.to('GetLicenseRecommendations');
}

/**
* Grants permission to get the recommendation projected metrics of the specified instance
*
* Access Level: List
*
* Dependent actions:
* - rds:DescribeDBClusters
* - rds:DescribeDBInstances
*
* https://docs.aws.amazon.com/compute-optimizer/latest/APIReference/API_GetRDSDatabaseRecommendationProjectedMetrics.html
*/
public toGetRDSDatabaseRecommendationProjectedMetrics() {
return this.to('GetRDSDatabaseRecommendationProjectedMetrics');
}

/**
* Grants permission to get rds recommendations for the specified account(s)
*
* Access Level: List
*
* Dependent actions:
* - rds:DescribeDBClusters
* - rds:DescribeDBInstances
*
* https://docs.aws.amazon.com/compute-optimizer/latest/APIReference/API_GetRDSDatabaseRecommendations.html
*/
public toGetRDSDatabaseRecommendations() {
return this.to('GetRDSDatabaseRecommendations');
}

/**
* Grants permission to get recommendation preferences
*
Expand Down Expand Up @@ -328,6 +378,8 @@ export class ComputeOptimizer extends PolicyStatement {
* - autoscaling:DescribeAutoScalingGroups
* - autoscaling:DescribeAutoScalingInstances
* - ec2:DescribeInstances
* - rds:DescribeDBClusters
* - rds:DescribeDBInstances
*
* https://docs.aws.amazon.com/compute-optimizer/latest/APIReference/API_PutRecommendationPreferences.html
*/
Expand Down Expand Up @@ -355,6 +407,7 @@ export class ComputeOptimizer extends PolicyStatement {
'ExportECSServiceRecommendations',
'ExportLambdaFunctionRecommendations',
'ExportLicenseRecommendations',
'ExportRDSDatabaseRecommendations',
'PutRecommendationPreferences',
'UpdateEnrollmentStatus'
],
Expand All @@ -370,6 +423,8 @@ export class ComputeOptimizer extends PolicyStatement {
'GetEnrollmentStatusesForOrganization',
'GetLambdaFunctionRecommendations',
'GetLicenseRecommendations',
'GetRDSDatabaseRecommendationProjectedMetrics',
'GetRDSDatabaseRecommendations',
'GetRecommendationSummaries'
],
Read: [
Expand Down
79 changes: 79 additions & 0 deletions lib/generated/policy-statements/connect.ts
Original file line number Diff line number Diff line change
Expand Up @@ -407,6 +407,20 @@ export class Connect extends PolicyStatement {
return this.to('CreateAgentStatus');
}

/**
* Grants permission to create authentication profile resources in an Amazon Connect instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifInstanceId()
*
* https://docs.aws.amazon.com/connect/latest/APIReference/API_CreateAuthenticationProfile.html
*/
public toCreateAuthenticationProfile() {
return this.to('CreateAuthenticationProfile');
}

/**
* Grants permission to create a contact flow in an Amazon Connect instance
*
Expand Down Expand Up @@ -1189,6 +1203,20 @@ export class Connect extends PolicyStatement {
return this.to('DescribeAgentStatus');
}

/**
* Grants permission to describe authentication profile resources in an Amazon Connect instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifInstanceId()
*
* https://docs.aws.amazon.com/connect/latest/APIReference/API_DescribeAuthenticationProfile.html
*/
public toDescribeAuthenticationProfile() {
return this.to('DescribeAuthenticationProfile');
}

/**
* Grants permission to describe a contact in an Amazon Connect instance
*
Expand Down Expand Up @@ -1974,6 +2002,20 @@ export class Connect extends PolicyStatement {
return this.to('ListApprovedOrigins');
}

/**
* Grants permission to list authentication profile resources in an Amazon Connect instance
*
* Access Level: Read
*
* Possible conditions:
* - .ifInstanceId()
*
* https://docs.aws.amazon.com/connect/latest/APIReference/API_ListAuthenticationProfiles.html
*/
public toListAuthenticationProfiles() {
return this.to('ListAuthenticationProfiles');
}

/**
* Grants permission to view the Lex bots of an existing Amazon Connect instance
*
Expand Down Expand Up @@ -3193,6 +3235,20 @@ export class Connect extends PolicyStatement {
return this.to('UpdateAgentStatus');
}

/**
* Grants permission to update authentication profile resources in an Amazon Connect instance
*
* Access Level: Write
*
* Possible conditions:
* - .ifInstanceId()
*
* https://docs.aws.amazon.com/connect/latest/APIReference/API_UpdateAuthenticationProfile.html
*/
public toUpdateAuthenticationProfile() {
return this.to('UpdateAuthenticationProfile');
}

/**
* Grants permission to update a contact in an Amazon Connect instance
*
Expand Down Expand Up @@ -3902,6 +3958,7 @@ export class Connect extends PolicyStatement {
'ClaimPhoneNumber',
'CompleteAttachedFileUpload',
'CreateAgentStatus',
'CreateAuthenticationProfile',
'CreateContactFlow',
'CreateContactFlowModule',
'CreateEvaluationForm',
Expand Down Expand Up @@ -3991,6 +4048,7 @@ export class Connect extends PolicyStatement {
'TransferContact',
'UntagContact',
'UpdateAgentStatus',
'UpdateAuthenticationProfile',
'UpdateContact',
'UpdateContactAttributes',
'UpdateContactEvaluation',
Expand Down Expand Up @@ -4040,6 +4098,7 @@ export class Connect extends PolicyStatement {
Read: [
'BatchGetAttachedFileMetadata',
'DescribeAgentStatus',
'DescribeAuthenticationProfile',
'DescribeContact',
'DescribeContactEvaluation',
'DescribeContactFlow',
Expand Down Expand Up @@ -4074,6 +4133,7 @@ export class Connect extends PolicyStatement {
'GetMetricDataV2',
'GetPromptFile',
'GetTaskTemplate',
'ListAuthenticationProfiles',
'ListRealtimeContactAnalysisSegments',
'ListTagsForResource',
'SearchContactFlowModules',
Expand Down Expand Up @@ -4229,6 +4289,21 @@ export class Connect extends PolicyStatement {
return this.on(`arn:${ partition ?? this.defaultPartition }:connect:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:instance/${ instanceId }/security-profile/${ securityProfileId }`);
}

/**
* Adds a resource of type authentication-profile to the statement
*
* https://docs.aws.amazon.com/connect/latest/adminguide/connect-authentication-profiles.html
*
* @param instanceId - Identifier for the instanceId.
* @param authenticationProfileId - Identifier for the authenticationProfileId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*/
public onAuthenticationProfile(instanceId: string, authenticationProfileId: string, account?: string, region?: string, partition?: string) {
return this.on(`arn:${ partition ?? this.defaultPartition }:connect:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:instance/${ instanceId }/authentication-profile/${ authenticationProfileId }`);
}

/**
* Adds a resource of type hierarchy-group to the statement
*
Expand Down Expand Up @@ -5013,6 +5088,7 @@ export class Connect extends PolicyStatement {
* - .toClaimPhoneNumber()
* - .toCompleteAttachedFileUpload()
* - .toCreateAgentStatus()
* - .toCreateAuthenticationProfile()
* - .toCreateContactFlow()
* - .toCreateContactFlowModule()
* - .toCreateEvaluationForm()
Expand Down Expand Up @@ -5058,6 +5134,7 @@ export class Connect extends PolicyStatement {
* - .toDeleteViewVersion()
* - .toDeleteVocabulary()
* - .toDescribeAgentStatus()
* - .toDescribeAuthenticationProfile()
* - .toDescribeContact()
* - .toDescribeContactEvaluation()
* - .toDescribeContactFlow()
Expand Down Expand Up @@ -5104,6 +5181,7 @@ export class Connect extends PolicyStatement {
* - .toGetPromptFile()
* - .toGetTaskTemplate()
* - .toListApprovedOrigins()
* - .toListAuthenticationProfiles()
* - .toListBots()
* - .toListContactEvaluations()
* - .toListContactReferences()
Expand Down Expand Up @@ -5164,6 +5242,7 @@ export class Connect extends PolicyStatement {
* - .toTransferContact()
* - .toUntagContact()
* - .toUpdateAgentStatus()
* - .toUpdateAuthenticationProfile()
* - .toUpdateContact()
* - .toUpdateContactAttributes()
* - .toUpdateContactEvaluation()
Expand Down
3 changes: 3 additions & 0 deletions stats/actions/compute-optimizer
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ compute-optimizer:ExportEC2InstanceRecommendations;Write
compute-optimizer:ExportECSServiceRecommendations;Write
compute-optimizer:ExportLambdaFunctionRecommendations;Write
compute-optimizer:ExportLicenseRecommendations;Write
compute-optimizer:ExportRDSDatabaseRecommendations;Write
compute-optimizer:GetAutoScalingGroupRecommendations;List
compute-optimizer:GetEBSVolumeRecommendations;List
compute-optimizer:GetEC2InstanceRecommendations;List
Expand All @@ -17,6 +18,8 @@ compute-optimizer:GetEnrollmentStatus;List
compute-optimizer:GetEnrollmentStatusesForOrganization;List
compute-optimizer:GetLambdaFunctionRecommendations;List
compute-optimizer:GetLicenseRecommendations;List
compute-optimizer:GetRDSDatabaseRecommendationProjectedMetrics;List
compute-optimizer:GetRDSDatabaseRecommendations;List
compute-optimizer:GetRecommendationPreferences;Read
compute-optimizer:GetRecommendationSummaries;List
compute-optimizer:PutRecommendationPreferences;Write
Expand Down
4 changes: 4 additions & 0 deletions stats/actions/connect
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ connect:BatchPutContact;Write
connect:ClaimPhoneNumber;Write
connect:CompleteAttachedFileUpload;Write
connect:CreateAgentStatus;Write
connect:CreateAuthenticationProfile;Write
connect:CreateContactFlow;Write
connect:CreateContactFlowModule;Write
connect:CreateEvaluationForm;Write
Expand Down Expand Up @@ -70,6 +71,7 @@ connect:DeleteView;Write
connect:DeleteViewVersion;Write
connect:DeleteVocabulary;Write
connect:DescribeAgentStatus;Read
connect:DescribeAuthenticationProfile;Read
connect:DescribeContact;Read
connect:DescribeContactEvaluation;Read
connect:DescribeContactFlow;Read
Expand Down Expand Up @@ -122,6 +124,7 @@ connect:GetTrafficDistribution;List
connect:ImportPhoneNumber;Write
connect:ListAgentStatuses;List
connect:ListApprovedOrigins;List
connect:ListAuthenticationProfiles;Read
connect:ListBots;List
connect:ListContactEvaluations;List
connect:ListContactFlowModules;List
Expand Down Expand Up @@ -207,6 +210,7 @@ connect:TransferContact;Write
connect:UntagContact;Write
connect:UntagResource;Tagging
connect:UpdateAgentStatus;Write
connect:UpdateAuthenticationProfile;Write
connect:UpdateContact;Write
connect:UpdateContactAttributes;Write
connect:UpdateContactEvaluation;Write
Expand Down
1 change: 1 addition & 0 deletions stats/resources/connect
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
connect:agent-status
connect:attached-file
connect:authentication-profile
connect:aws-managed-view
connect:contact
connect:contact-evaluation
Expand Down

0 comments on commit 3624f38

Please sign in to comment.