Skip to content

Commit

Permalink
Merge pull request #835 from udondan/iam-updates
Browse files Browse the repository at this point in the history
  • Loading branch information
udondan authored Jul 13, 2024
2 parents 9ae8d6a + fd33bb0 commit 7d38150
Show file tree
Hide file tree
Showing 9 changed files with 178 additions and 10 deletions.
81 changes: 81 additions & 0 deletions CHANGELOG/v0.654.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
:warning: **Removed condition keys:**

- rds:MultiTenant

**New services:**

- appstudio

**New actions:**

- appstudio:GetAccountStatus
- appstudio:GetEnablementJobStatus
- appstudio:StartEnablementJob
- appstudio:StartRollbackEnablementJob
- appstudio:StartTeamDeployment
- bedrock:CreateFlow
- bedrock:CreateFlowAlias
- bedrock:CreateFlowVersion
- bedrock:CreatePrompt
- bedrock:CreatePromptVersion
- bedrock:DeleteAgentMemory
- bedrock:DeleteFlow
- bedrock:DeleteFlowAlias
- bedrock:DeleteFlowVersion
- bedrock:DeletePrompt
- bedrock:GetAgentMemory
- bedrock:GetFlow
- bedrock:GetFlowAlias
- bedrock:GetFlowVersion
- bedrock:GetPrompt
- bedrock:InvokeFlow
- bedrock:ListFlowAliases
- bedrock:ListFlowVersions
- bedrock:ListFlows
- bedrock:ListPrompts
- bedrock:PrepareFlow
- bedrock:UpdateFlow
- bedrock:UpdateFlowAlias
- bedrock:UpdatePrompt
- cloudfront:UpdateDistributionWithStagingConfig
- ivs:DeletePublicKey
- ivs:GetPublicKey
- ivs:ImportPublicKey
- ivs:ListPublicKeys
- license-manager-linux-subscriptions:DeregisterSubscriptionProvider
- license-manager-linux-subscriptions:GetRegisteredSubscriptionProvider
- license-manager-linux-subscriptions:ListRegisteredSubscriptionProviders
- license-manager-linux-subscriptions:ListTagsForResource
- license-manager-linux-subscriptions:RegisterSubscriptionProvider
- license-manager-linux-subscriptions:TagResource
- license-manager-linux-subscriptions:UntagResource
- mediaconvert:SearchJobs
- medical-imaging:GetDICOMInstanceFrames
- medical-imaging:GetDICOMInstanceMetadata
- qapps:ListTagsForResource
- qapps:UntagResource
- sagemaker:CreateOptimizationJob
- sagemaker:DeleteOptimization
- sagemaker:DescribeOptimizationJob
- sagemaker:ListOptimizationJobs
- sagemaker:StopOptimizationJob

**New resource types:**

- bedrock:flow
- bedrock:flow-alias
- bedrock:prompt
- bedrock:prompt-version
- ivs:Public-Key
- license-manager-linux-subscriptions:subscription-provider
- sagemaker:optimization-job

**New condition keys:**

- license-manager-linux-subscriptions:RequestTag/${TagKey}
- license-manager-linux-subscriptions:ResourceTag/${TagKey}
- license-manager-linux-subscriptions:TagKeys
- qapps:AppIsPublished
- qapps:SessionIsShared
- qapps:UserIsAppOwner
- qapps:UserIsSessionModerator
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@
Support for:

- 401 Services
- 16997 Actions
- 1819 Resource Types
- 17001 Actions
- 1820 Resource Types
- 1780 Condition keys
<!-- /stats -->

Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.653.0
0.654.0
2 changes: 1 addition & 1 deletion docs/source/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
author = 'Daniel Schroeder'

# The full version, including alpha/beta/rc tags
release = '0.653.0'
release = '0.654.0'

# -- General configuration ---------------------------------------------------

Expand Down
4 changes: 2 additions & 2 deletions docs/source/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@ AWS IAM policy statement generator with fluent interface.
Support for:

- 401 Services
- 16997 Actions
- 1819 Resource Types
- 17001 Actions
- 1820 Resource Types
- 1780 Condition keys

..
Expand Down
80 changes: 76 additions & 4 deletions lib/generated/policy-statements/interactivevideoservice.ts
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,17 @@ export class Ivs extends PolicyStatement {
return this.to('DeletePlaybackRestrictionPolicy');
}

/**
* Grants permission to delete the public key for the specified ARN
*
* Access Level: Write
*
* https://docs.aws.amazon.com/ivs/latest/RealTimeAPIReference/API_DeletePublicKey.html
*/
public toDeletePublicKey() {
return this.to('DeletePublicKey');
}

/**
* Grants permission to delete a recording configuration for the specified ARN
*
Expand Down Expand Up @@ -336,6 +347,17 @@ export class Ivs extends PolicyStatement {
return this.to('GetPlaybackRestrictionPolicy');
}

/**
* Grants permission to get the public key for the specified ARN
*
* Access Level: Read
*
* https://docs.aws.amazon.com/ivs/latest/RealTimeAPIReference/API_GetPublicKey.html
*/
public toGetPublicKey() {
return this.to('GetPublicKey');
}

/**
* Grants permission to get the recording configuration for the specified ARN
*
Expand Down Expand Up @@ -428,6 +450,21 @@ export class Ivs extends PolicyStatement {
return this.to('ImportPlaybackKeyPair');
}

/**
* Grants permission to import a public key
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/ivs/latest/RealTimeAPIReference/API_ImportPublicKey.html
*/
public toImportPublicKey() {
return this.to('ImportPublicKey');
}

/**
* Grants permission to get summary information about channels
*
Expand All @@ -444,7 +481,7 @@ export class Ivs extends PolicyStatement {
*
* Access Level: List
*
* https://docs.aws.amazon.com/ivs/latest/APIReference/API_ListCompositions.html
* https://docs.aws.amazon.com/ivs/latest/RealTimeAPIReference/API_ListCompositions.html
*/
public toListCompositions() {
return this.to('ListCompositions');
Expand All @@ -455,7 +492,7 @@ export class Ivs extends PolicyStatement {
*
* Access Level: List
*
* https://docs.aws.amazon.com/ivs/latest/APIReference/API_ListEncoderConfigurations.html
* https://docs.aws.amazon.com/ivs/latest/RealTimeAPIReference/API_ListEncoderConfigurations.html
*/
public toListEncoderConfigurations() {
return this.to('ListEncoderConfigurations');
Expand Down Expand Up @@ -499,12 +536,23 @@ export class Ivs extends PolicyStatement {
*
* Access Level: List
*
* https://docs.aws.amazon.com/ivs/latest/APIReference/API_ListPlaybackRestrictionPolicies.html
* https://docs.aws.amazon.com/ivs/latest/LowLatencyAPIReference/API_ListPlaybackRestrictionPolicies.html
*/
public toListPlaybackRestrictionPolicies() {
return this.to('ListPlaybackRestrictionPolicies');
}

/**
* Grants permission to get summary information about public keys
*
* Access Level: List
*
* https://docs.aws.amazon.com/ivs/latest/RealTimeAPIReference/API_ListPublicKeys.html
*/
public toListPublicKeys() {
return this.to('ListPublicKeys');
}

/**
* Grants permission to get summary information about recording configurations
*
Expand Down Expand Up @@ -543,7 +591,7 @@ export class Ivs extends PolicyStatement {
*
* Access Level: List
*
* https://docs.aws.amazon.com/ivs/latest/APIReference/API_ListStorageConfigurations.html
* https://docs.aws.amazon.com/ivs/latest/RealTimeAPIReference/API_ListStorageConfigurations.html
*/
public toListStorageConfigurations() {
return this.to('ListStorageConfigurations');
Expand Down Expand Up @@ -728,6 +776,7 @@ export class Ivs extends PolicyStatement {
'GetParticipant',
'GetPlaybackKeyPair',
'GetPlaybackRestrictionPolicy',
'GetPublicKey',
'GetRecordingConfiguration',
'GetStage',
'GetStageSession',
Expand All @@ -751,12 +800,14 @@ export class Ivs extends PolicyStatement {
'DeleteEncoderConfiguration',
'DeletePlaybackKeyPair',
'DeletePlaybackRestrictionPolicy',
'DeletePublicKey',
'DeleteRecordingConfiguration',
'DeleteStage',
'DeleteStorageConfiguration',
'DeleteStreamKey',
'DisconnectParticipant',
'ImportPlaybackKeyPair',
'ImportPublicKey',
'PutMetadata',
'StartComposition',
'StartViewerSessionRevocation',
Expand All @@ -774,6 +825,7 @@ export class Ivs extends PolicyStatement {
'ListParticipants',
'ListPlaybackKeyPairs',
'ListPlaybackRestrictionPolicies',
'ListPublicKeys',
'ListRecordingConfigurations',
'ListStageSessions',
'ListStages',
Expand Down Expand Up @@ -941,6 +993,23 @@ export class Ivs extends PolicyStatement {
return this.on(`arn:${ partition ?? this.defaultPartition }:ivs:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:storage-configuration/${ resourceId }`);
}

/**
* Adds a resource of type Public-Key to the statement
*
* https://docs.aws.amazon.com/ivs/latest/RealTimeAPIReference/API_PublicKey.html
*
* @param resourceId - Identifier for the resourceId.
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
public onPublicKey(resourceId: string, account?: string, region?: string, partition?: string) {
return this.on(`arn:${ partition ?? this.defaultPartition }:ivs:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:public-key/${ resourceId }`);
}

/**
* Filters access by the tags associated with the request
*
Expand All @@ -956,6 +1025,7 @@ export class Ivs extends PolicyStatement {
* - .toCreateStorageConfiguration()
* - .toCreateStreamKey()
* - .toImportPlaybackKeyPair()
* - .toImportPublicKey()
* - .toListTagsForResource()
* - .toStartComposition()
* - .toTagResource()
Expand Down Expand Up @@ -983,6 +1053,7 @@ export class Ivs extends PolicyStatement {
* - Composition
* - Encoder-Configuration
* - Storage-Configuration
* - Public-Key
*
* @param tagKey The tag key to check
* @param value The value(s) to check
Expand All @@ -1007,6 +1078,7 @@ export class Ivs extends PolicyStatement {
* - .toCreateStorageConfiguration()
* - .toCreateStreamKey()
* - .toImportPlaybackKeyPair()
* - .toImportPublicKey()
* - .toListTagsForResource()
* - .toStartComposition()
* - .toTagResource()
Expand Down
10 changes: 10 additions & 0 deletions lib/generated/policy-statements/workspacesthinclient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,10 @@ export class Thinclient extends PolicyStatement {
*
* Access Level: Write
*
* Possible conditions:
* - .ifAwsTagKeys()
* - .ifAwsRequestTag()
*
* https://docs.aws.amazon.com/workspaces-thin-client/latest/api/API_CreateEnvironment.html
*/
public toCreateEnvironment() {
Expand Down Expand Up @@ -281,6 +285,9 @@ export class Thinclient extends PolicyStatement {
* @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
* @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
* @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
*
* Possible conditions:
* - .ifAwsResourceTag()
*/
public onSoftwareset(softwareSetId: string, account?: string, region?: string, partition?: string) {
return this.on(`arn:${ partition ?? this.defaultPartition }:thinclient:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:softwareset/${ softwareSetId }`);
Expand All @@ -292,6 +299,7 @@ export class Thinclient extends PolicyStatement {
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
*
* Applies to actions:
* - .toCreateEnvironment()
* - .toTagResource()
*
* @param tagKey The tag key to check
Expand All @@ -310,6 +318,7 @@ export class Thinclient extends PolicyStatement {
* Applies to resource types:
* - environment
* - device
* - softwareset
*
* @param tagKey The tag key to check
* @param value The value(s) to check
Expand All @@ -325,6 +334,7 @@ export class Thinclient extends PolicyStatement {
* https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
*
* Applies to actions:
* - .toCreateEnvironment()
* - .toTagResource()
* - .toUntagResource()
*
Expand Down
4 changes: 4 additions & 0 deletions stats/actions/ivs
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ ivs:DeleteChannel;Write
ivs:DeleteEncoderConfiguration;Write
ivs:DeletePlaybackKeyPair;Write
ivs:DeletePlaybackRestrictionPolicy;Write
ivs:DeletePublicKey;Write
ivs:DeleteRecordingConfiguration;Write
ivs:DeleteStage;Write
ivs:DeleteStorageConfiguration;Write
Expand All @@ -24,6 +25,7 @@ ivs:GetEncoderConfiguration;Read
ivs:GetParticipant;Read
ivs:GetPlaybackKeyPair;Read
ivs:GetPlaybackRestrictionPolicy;Read
ivs:GetPublicKey;Read
ivs:GetRecordingConfiguration;Read
ivs:GetStage;Read
ivs:GetStageSession;Read
Expand All @@ -32,13 +34,15 @@ ivs:GetStream;Read
ivs:GetStreamKey;Read
ivs:GetStreamSession;Read
ivs:ImportPlaybackKeyPair;Write
ivs:ImportPublicKey;Write
ivs:ListChannels;List
ivs:ListCompositions;List
ivs:ListEncoderConfigurations;List
ivs:ListParticipantEvents;List
ivs:ListParticipants;List
ivs:ListPlaybackKeyPairs;List
ivs:ListPlaybackRestrictionPolicies;List
ivs:ListPublicKeys;List
ivs:ListRecordingConfigurations;List
ivs:ListStageSessions;List
ivs:ListStages;List
Expand Down
1 change: 1 addition & 0 deletions stats/resources/ivs
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ ivs:Composition
ivs:Encoder-Configuration
ivs:Playback-Key-Pair
ivs:Playback-Restriction-Policy
ivs:Public-Key
ivs:Recording-Configuration
ivs:Stage
ivs:Storage-Configuration
Expand Down

0 comments on commit 7d38150

Please sign in to comment.