@cloud-copilot/iam-data
Version:
839 lines • 22.8 kB
JSON
{
"addkeyreplicationregions": {
"name": "AddKeyReplicationRegions",
"description": "Grants permission to add replication regions to an existing AWS Payment Cryptography key",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"associatempateam": {
"name": "AssociateMpaTeam",
"description": "Grants permission to associate an MPA approval team with a payment cryptography action",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "approval-team",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"mpa:CancelSession",
"mpa:GetApprovalTeam",
"mpa:StartSession"
]
},
"createalias": {
"name": "CreateAlias",
"description": "Grants permission to create a user-friendly name for a Key",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createkey": {
"name": "CreateKey",
"description": "Grants permission to create a unique customer managed key in the caller's AWS account and region",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"payment-cryptography:KeyClass",
"payment-cryptography:KeyUsage",
"payment-cryptography:KeyAlgorithm"
],
"dependentActions": [
"payment-cryptography:TagResource"
]
},
"decryptdata": {
"name": "DecryptData",
"description": "Grants permission to decrypt ciphertext data to plaintext using symmetric, asymmetric or DUKPT data encryption key",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"deletealias": {
"name": "DeleteAlias",
"description": "Grants permission to delete the specified alias",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"deletekey": {
"name": "DeleteKey",
"description": "Grants permission to schedule the deletion of a Key",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": [
"mpa:CancelSession"
]
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"deleteresourcepolicy": {
"name": "DeleteResourcePolicy",
"description": "Grants permission to delete the resource-based policy attached to a key",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"disabledefaultkeyreplicationregions": {
"name": "DisableDefaultKeyReplicationRegions",
"description": "Grants permission to disable default key replication regions for account-level replication",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"disassociatempateam": {
"name": "DisassociateMpaTeam",
"description": "Grants permission to disassociate an MPA approval team from a payment cryptography action",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "approval-team",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"mpa:CancelSession",
"mpa:StartSession"
]
},
"enabledefaultkeyreplicationregions": {
"name": "EnableDefaultKeyReplicationRegions",
"description": "Grants permission to enable default key replication regions for account-level replication",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"encryptdata": {
"name": "EncryptData",
"description": "Grants permission to encrypt plaintext data to ciphertext using symmetric, asymmetric or DUKPT data encryption key",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"exportkey": {
"name": "ExportKey",
"description": "Grants permission to export a key from the service",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias",
"payment-cryptography:CertificateAuthorityPublicKeyIdentifier",
"payment-cryptography:WrappingKeyIdentifier"
],
"dependentActions": []
},
"generateas2805kekvalidation": {
"name": "GenerateAs2805KekValidation",
"description": "Grants permission to generate a KekValidationRequest or a KekValidationResponse for node-to-node initialization between payment processing nodes using Australian Standard 2805 (AS2805)",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"generatecardvalidationdata": {
"name": "GenerateCardValidationData",
"description": "Grants permission to generate card-related data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) or Card Security Codes (CSC) that check the validity of a magnetic stripe card",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"generatemac": {
"name": "GenerateMac",
"description": "Grants permission to generate a MAC (Message Authentication Code) cryptogram",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"generatemacemvpinchange": {
"name": "GenerateMacEmvPinChange",
"description": "Grants permission to generate a MAC (Message Authentication Code) cryptogram",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"generatepindata": {
"name": "GeneratePinData",
"description": "Grants permission to generate pin-related data such as PIN, PIN Verification Value (PVV), PIN Block and PIN Offset during new card issuance or card re-issuance",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"getalias": {
"name": "GetAlias",
"description": "Grants permission to return the keyArn associated with an aliasName",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"getcertificatesigningrequest": {
"name": "GetCertificateSigningRequest",
"description": "Grants permission to return the Certificate Signing Request for a public key from a key of class PUBLIC_KEY",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"getdefaultkeyreplicationregions": {
"name": "GetDefaultKeyReplicationRegions",
"description": "Grants permission to retrieve the default key replication regions configured at the account level",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getkey": {
"name": "GetKey",
"description": "Grants permission to return the detailed information about the specified key",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"getmpateamassociation": {
"name": "GetMpaTeamAssociation",
"description": "Grants permission to retrieve information about an MPA approval team association for a payment cryptography action",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "approval-team",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getparametersforexport": {
"name": "GetParametersForExport",
"description": "Grants permission to get the export token and the signing key certificate to initiate a TR-34 key export",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getparametersforimport": {
"name": "GetParametersForImport",
"description": "Grants permission to get the import token and the wrapping key certificate to initiate a TR-34 key import",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getpublickeycertificate": {
"name": "GetPublicKeyCertificate",
"description": "Grants permission to return the public key from a key of class PUBLIC_KEY",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"getresourcepolicy": {
"name": "GetResourcePolicy",
"description": "Grants permission to retrieve the resource-based policy attached to a key",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"importkey": {
"name": "ImportKey",
"description": "Grants permission to imports keys and public key certificates",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"payment-cryptography:ImportKeyMaterial",
"payment-cryptography:CertificateAuthorityPublicKeyIdentifier",
"payment-cryptography:WrappingKeyIdentifier"
],
"dependentActions": [
"mpa:StartSession",
"payment-cryptography:TagResource"
]
},
"listaliases": {
"name": "ListAliases",
"description": "Grants permission to return a list of aliases created for all keys in the caller's AWS account and Region",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listkeys": {
"name": "ListKeys",
"description": "Grants permission to return a list of keys created in the caller's AWS account and Region",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listtagsforresource": {
"name": "ListTagsForResource",
"description": "Grants permission to return a list of tags created in the caller's AWS account and Region",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "key",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putresourcepolicy": {
"name": "PutResourcePolicy",
"description": "Grants permission to attach or replace a resource-based policy on a key",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"reencryptdata": {
"name": "ReEncryptData",
"description": "Grants permission to re-encrypt ciphertext using DUKPT, Symmetric and Asymmetric Data Encryption Keys",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"removekeyreplicationregions": {
"name": "RemoveKeyReplicationRegions",
"description": "Grants permission to remove replication regions from an existing AWS Payment Cryptography key",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"restorekey": {
"name": "RestoreKey",
"description": "Grants permission to cancel a scheduled key deletion if at any point during the waiting period a Key needs to be revived",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"startkeyusage": {
"name": "StartKeyUsage",
"description": "Grants permission to enable a disabled Key",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"stopkeyusage": {
"name": "StopKeyUsage",
"description": "Grants permission to disable an enabled Key",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"tagresource": {
"name": "TagResource",
"description": "Grants permission to add or overwrites one or more tags for the specified resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": []
},
"translatekeymaterial": {
"name": "TranslateKeyMaterial",
"description": "Grants permission to translate wrapping key type for a wrapped key",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"translatepindata": {
"name": "TranslatePinData",
"description": "Grants permission to translate encrypted PIN block from and to ISO 9564 formats 0,1,3,4",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"untagresource": {
"name": "UntagResource",
"description": "Grants permission to remove the specified tag or tags from the specified resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys"
],
"dependentActions": []
},
"updatealias": {
"name": "UpdateAlias",
"description": "Grants permission to change the key to which an alias is assigned, or unassign it from its current key",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"verifyauthrequestcryptogram": {
"name": "VerifyAuthRequestCryptogram",
"description": "Grants permission to verify Authorization Request Cryptogram (ARQC) for a EMV chip payment card authorization",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"verifycardvalidationdata": {
"name": "VerifyCardValidationData",
"description": "Grants permission to verify card-related validation data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) and Card Security Codes (CSC)",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"verifymac": {
"name": "VerifyMac",
"description": "Grants permission to verify MAC (Message Authentication Code) of input data against a provided MAC",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
},
"verifypindata": {
"name": "VerifyPinData",
"description": "Grants permission to verify pin-related data such as PIN and PIN Offset using algorithms including VISA PVV and IBM3624",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "alias",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "key",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"payment-cryptography:RequestAlias"
],
"dependentActions": []
}
}