@cloud-copilot/iam-data
Version:
746 lines • 21.1 kB
JSON
{
"associateconnectorresource": {
"name": "AssociateConnectorResource",
"isPermissionOnly": true,
"description": "Grants permission to associate an AWS resource with an Amazon Q connector",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"associatelogindomain": {
"name": "AssociateLoginDomain",
"isPermissionOnly": true,
"description": "Grants permission to associate a login domain with an Amazon Q Developer Profile",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"batchdescribegroups": {
"name": "BatchDescribeGroups",
"isPermissionOnly": true,
"description": "Grants permission to describe multiple groups for an Amazon Q Developer Profile",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"batchdescribeusers": {
"name": "BatchDescribeUsers",
"isPermissionOnly": true,
"description": "Grants permission to describe multiple users for an Amazon Q Developer Profile",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"batchgetgroups": {
"name": "BatchGetGroups",
"isPermissionOnly": true,
"description": "Grants permission to get multiple groups for an Amazon Q Developer Profile",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"batchgetusers": {
"name": "BatchGetUsers",
"isPermissionOnly": true,
"description": "Grants permission to get multiple users for an Amazon Q Developer Profile",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createartifact": {
"name": "CreateArtifact",
"isPermissionOnly": true,
"description": "Grants permission to create an artifact with Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"createassignment": {
"name": "CreateAssignment",
"isPermissionOnly": true,
"description": "Grants permission to create a user or group assignment for an Amazon Q Developer Profile",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"identitystore:UserId",
"identitystore:GroupId"
],
"dependentActions": []
},
"createauthgrant": {
"name": "CreateAuthGrant",
"isPermissionOnly": true,
"description": "Grants permission to create OAuth user in Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"kms:Decrypt",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:ReEncryptFrom",
"kms:ReEncryptTo"
]
},
"createoauthappconnection": {
"name": "CreateOAuthAppConnection",
"isPermissionOnly": true,
"description": "Grants permission to register an OAuth application in Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"kms:Decrypt",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:ReEncryptFrom",
"kms:ReEncryptTo"
]
},
"createplugin": {
"name": "CreatePlugin",
"isPermissionOnly": true,
"description": "Grants permission to create and configure a third party plugin in Amazon Q",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "plugin",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": []
},
"createscimaccesstoken": {
"name": "CreateScimAccessToken",
"isPermissionOnly": true,
"description": "Grants permission to create a SCIM access token for an Amazon Q Developer Profile",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteassignment": {
"name": "DeleteAssignment",
"isPermissionOnly": true,
"description": "Grants permission to delete a user or group assignment for an Amazon Q Developer Profile",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"identitystore:UserId",
"identitystore:GroupId"
],
"dependentActions": []
},
"deleteconversation": {
"name": "DeleteConversation",
"isPermissionOnly": true,
"description": "Grants permission to delete a conversation with Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteoauthappconnection": {
"name": "DeleteOAuthAppConnection",
"isPermissionOnly": true,
"description": "Grants permission to delete an OAuth application in Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"kms:Decrypt",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:ReEncryptFrom",
"kms:ReEncryptTo"
]
},
"deleteplugin": {
"name": "DeletePlugin",
"isPermissionOnly": true,
"description": "Grants permission to delete a configured plugin in Amazon Q",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "plugin",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deletescimaccesstoken": {
"name": "DeleteScimAccessToken",
"isPermissionOnly": true,
"description": "Grants permission to delete a SCIM access token for an Amazon Q Developer Profile",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"disassociatelogindomain": {
"name": "DisassociateLoginDomain",
"isPermissionOnly": true,
"description": "Grants permission to disassociate a login domain from an Amazon Q Developer Profile",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"generatecodefromcommands": {
"name": "GenerateCodeFromCommands",
"isPermissionOnly": true,
"description": "Grants permission to generate code from CLI commands in Amazon Q",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"generatecoderecommendations": {
"name": "GenerateCodeRecommendations",
"isPermissionOnly": true,
"description": "Grants permission to generate code recommendations in Amazon Q",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getartifact": {
"name": "GetArtifact",
"isPermissionOnly": true,
"description": "Grants permission to view an Amazon Q artifact",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getartifactactionresult": {
"name": "GetArtifactActionResult",
"isPermissionOnly": true,
"description": "Grants permission to view results of an action in an Amazon Q artifact",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"cloudformation:GetResource",
"cloudformation:GetResourceRequestStatus",
"cloudformation:ListResourceRequests"
]
},
"getconnector": {
"name": "GetConnector",
"isPermissionOnly": true,
"description": "Grants permission to view information about a specific Amazon Q connector",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getconversation": {
"name": "GetConversation",
"isPermissionOnly": true,
"description": "Grants permission to get individual messages associated with a specific conversation with Amazon Q",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getidentitymetadata": {
"name": "GetIdentityMetadata",
"isPermissionOnly": true,
"description": "Grants permission to Amazon Q to get the identity metadata",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getplugin": {
"name": "GetPlugin",
"isPermissionOnly": true,
"description": "Grants permission to view information about a specific configured Amazon Q plugin",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "plugin",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"gettroubleshootingresults": {
"name": "GetTroubleshootingResults",
"isPermissionOnly": true,
"description": "Grants permission to get troubleshooting results with Amazon Q",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listconversations": {
"name": "ListConversations",
"isPermissionOnly": true,
"description": "Grants permission to list individual conversations associated with a specific Amazon Q user",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listdashboardmetrics": {
"name": "ListDashboardMetrics",
"isPermissionOnly": true,
"description": "Grants permission to read metrics to populate Amazon Q dashboard",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listgroups": {
"name": "ListGroups",
"isPermissionOnly": true,
"description": "Grants permission to list groups for an Amazon Q Developer Profile",
"accessLevel": "List",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listlogindomains": {
"name": "ListLoginDomains",
"isPermissionOnly": true,
"description": "Grants permission to list login domains for an Amazon Q Developer Profile",
"accessLevel": "List",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listpluginproviders": {
"name": "ListPluginProviders",
"isPermissionOnly": true,
"description": "Grants permission to list available plugins in Amazon Q",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listplugins": {
"name": "ListPlugins",
"isPermissionOnly": true,
"description": "Grants permission to list configured plugins in Amazon Q",
"accessLevel": "List",
"resourceTypes": [
{
"name": "plugin",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listscimaccesstokens": {
"name": "ListScimAccessTokens",
"isPermissionOnly": true,
"description": "Grants permission to list SCIM access tokens for an Amazon Q Developer Profile",
"accessLevel": "List",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listtagsforresource": {
"name": "ListTagsForResource",
"isPermissionOnly": true,
"description": "Grants permission to list all tags associated with an Amazon Q resource",
"accessLevel": "List",
"resourceTypes": [
{
"name": "plugin",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"listusers": {
"name": "ListUsers",
"isPermissionOnly": true,
"description": "Grants permission to list users for an Amazon Q Developer Profile",
"accessLevel": "List",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"passrequest": {
"name": "PassRequest",
"isPermissionOnly": true,
"description": "Grants permission to allow Amazon Q to perform actions on your behalf",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"performartifactaction": {
"name": "PerformArtifactAction",
"isPermissionOnly": true,
"description": "Grants permission to perform an action in an Amazon Q artifact",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"cloudformation:CancelResourceRequest",
"cloudformation:CreateResource",
"cloudformation:GetResource",
"cloudformation:GetResourceRequestStatus",
"cloudformation:ListResourceRequests",
"cloudformation:UpdateResource",
"iam:AttachRolePolicy",
"iam:CreatePolicy",
"iam:CreateRole",
"iam:PutRolePolicy"
]
},
"rejectconnector": {
"name": "RejectConnector",
"isPermissionOnly": true,
"description": "Grants permission to reject a connection request for an Amazon Q connector",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"sendevent": {
"name": "SendEvent",
"isPermissionOnly": true,
"description": "Grants permission to trigger asynchronous Amazon Q actions",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"kms:Decrypt",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:ReEncryptFrom",
"kms:ReEncryptTo"
]
},
"sendmessage": {
"name": "SendMessage",
"isPermissionOnly": true,
"description": "Grants permission to send a message to Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"startconversation": {
"name": "StartConversation",
"isPermissionOnly": true,
"description": "Grants permission to start a conversation with Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"starttroubleshootinganalysis": {
"name": "StartTroubleshootingAnalysis",
"isPermissionOnly": true,
"description": "Grants permission to start a troubleshooting analysis with Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"starttroubleshootingresolutionexplanation": {
"name": "StartTroubleshootingResolutionExplanation",
"isPermissionOnly": true,
"description": "Grants permission to start a troubleshooting resolution explanation with Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"tagresource": {
"name": "TagResource",
"isPermissionOnly": true,
"description": "Grants permission to associate tags with an Amazon Q resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "plugin",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "profile",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": []
},
"untagresource": {
"name": "UntagResource",
"isPermissionOnly": true,
"description": "Grants permission to remove tags associated with an Amazon Q resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "plugin",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "profile",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"updateassignment": {
"name": "UpdateAssignment",
"isPermissionOnly": true,
"description": "Grants permission to update a user or group assignment for an Amazon Q Developer Profile",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "profile",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"identitystore:UserId",
"identitystore:GroupId"
],
"dependentActions": []
},
"updateauthgrant": {
"name": "UpdateAuthGrant",
"isPermissionOnly": true,
"description": "Grants permission to update OAuth user in Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"kms:Decrypt",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:ReEncryptFrom",
"kms:ReEncryptTo"
]
},
"updateconversation": {
"name": "UpdateConversation",
"isPermissionOnly": true,
"description": "Grants permission to update a conversation with Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"updateoauthappconnection": {
"name": "UpdateOAuthAppConnection",
"isPermissionOnly": true,
"description": "Grants permission to update an OAuth application in Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"kms:Decrypt",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:ReEncryptFrom",
"kms:ReEncryptTo"
]
},
"updateplugin": {
"name": "UpdatePlugin",
"isPermissionOnly": true,
"description": "Grants permission to update a third party plugin in Amazon Q",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "plugin",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": []
},
"updatetroubleshootingcommandresult": {
"name": "UpdateTroubleshootingCommandResult",
"isPermissionOnly": true,
"description": "Grants permission to update a troubleshooting command result with Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"useplugin": {
"name": "UsePlugin",
"isPermissionOnly": true,
"description": "Grants permission to use Amazon Q plugins",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "plugin",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"verifyoauthappconnection": {
"name": "VerifyOAuthAppConnection",
"isPermissionOnly": true,
"description": "Grants permission to verify an OAuth application in Amazon Q",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"kms:Decrypt",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:ReEncryptFrom",
"kms:ReEncryptTo"
]
}
}