@cloud-copilot/iam-data
Version:
342 lines • 9.22 kB
JSON
{
"associateprojectadminuser": {
"name": "AssociateProjectAdminUser",
"isPermissionOnly": true,
"description": "Grants permission to associate a user with the project as an administrator",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "project",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"sso-directory:DescribeUsers",
"sso:AssociateProfile",
"sso:GetManagedApplicationInstance",
"sso:GetProfile",
"sso:ListDirectoryAssociations",
"sso:ListProfileAssociations",
"sso:ListProfiles"
]
},
"createproject": {
"name": "CreateProject",
"isPermissionOnly": true,
"description": "Grants permission to create a project",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": [
"iam:CreateServiceLinkedRole",
"kms:CreateGrant",
"sso:CreateManagedApplicationInstance",
"sso:DeleteManagedApplicationInstance",
"sso:DescribeRegisteredRegions"
]
},
"createprojectuserassociation": {
"name": "CreateProjectUserAssociation",
"isPermissionOnly": true,
"description": "Grants permission to associate a user with the project",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "project",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"sso-directory:DescribeUsers",
"sso:AssociateProfile",
"sso:GetManagedApplicationInstance",
"sso:GetProfile",
"sso:ListDirectoryAssociations",
"sso:ListProfileAssociations",
"sso:ListProfiles"
]
},
"createuseraccessroleassociation": {
"name": "CreateUserAccessRoleAssociation",
"isPermissionOnly": true,
"description": "Grants permission to associate an access role with the user",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "project",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"sso-directory:DescribeUsers",
"sso:GetManagedApplicationInstance",
"sso:GetProfile",
"sso:ListDirectoryAssociations",
"sso:ListProfileAssociations",
"sso:ListProfiles"
]
},
"deleteproject": {
"name": "DeleteProject",
"isPermissionOnly": true,
"description": "Grants permission to delete a project",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "project",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"sso:DeleteManagedApplicationInstance"
]
},
"deleteprojectuserassociation": {
"name": "DeleteProjectUserAssociation",
"isPermissionOnly": true,
"description": "Grants permission to disassociate a user from the project",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "project",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"sso-directory:DescribeUsers",
"sso:DisassociateProfile",
"sso:GetManagedApplicationInstance",
"sso:GetProfile",
"sso:ListDirectoryAssociations",
"sso:ListProfiles"
]
},
"deleteuseraccessroleassociation": {
"name": "DeleteUserAccessRoleAssociation",
"isPermissionOnly": true,
"description": "Grants permission to disassociate an access role from the user",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "project",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"disassociateprojectadminuser": {
"name": "DisassociateProjectAdminUser",
"isPermissionOnly": true,
"description": "Grants permission to disassociate an administrator from the project",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "project",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"sso-directory:DescribeUsers",
"sso:DisassociateProfile",
"sso:GetManagedApplicationInstance",
"sso:GetProfile",
"sso:ListDirectoryAssociations",
"sso:ListProfiles"
]
},
"getproject": {
"name": "GetProject",
"isPermissionOnly": true,
"description": "Grants permission to get information about a project",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "project",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getprojectadminuser": {
"name": "GetProjectAdminUser",
"isPermissionOnly": true,
"description": "Grants permission to describe an administrator who is associated with the project",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "project",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"sso-directory:DescribeUsers",
"sso:GetManagedApplicationInstance",
"sso:ListProfileAssociations"
]
},
"listprojectadminusers": {
"name": "ListProjectAdminUsers",
"isPermissionOnly": true,
"description": "Grants permission to list all administrators associated with the project",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "project",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"sso-directory:DescribeUsers",
"sso:GetManagedApplicationInstance"
]
},
"listprojectuserassociations": {
"name": "ListProjectUserAssociations",
"isPermissionOnly": true,
"description": "Grants permission to list all users associated with the project",
"accessLevel": "List",
"resourceTypes": [
{
"name": "project",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"sso:GetManagedApplicationInstance",
"sso:GetProfile",
"sso:ListDirectoryAssociations",
"sso:ListProfileAssociations",
"sso:ListProfiles"
]
},
"listprojects": {
"name": "ListProjects",
"isPermissionOnly": true,
"description": "Grants permission to list all projects",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listtagsforresource": {
"name": "ListTagsForResource",
"isPermissionOnly": true,
"description": "Grants permission to list all tags for a resource",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "project",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listuseraccessroleassociations": {
"name": "ListUserAccessRoleAssociations",
"isPermissionOnly": true,
"description": "Grants permission to list all access roles associated with the user",
"accessLevel": "List",
"resourceTypes": [
{
"name": "project",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"tagresource": {
"name": "TagResource",
"isPermissionOnly": true,
"description": "Grants permission to tag a resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "project",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": []
},
"untagresource": {
"name": "UntagResource",
"isPermissionOnly": true,
"description": "Grants permission to untag a resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "project",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys"
],
"dependentActions": []
},
"updateproject": {
"name": "UpdateProject",
"isPermissionOnly": true,
"description": "Grants permission to update a project",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "project",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
}
}