@cloud-copilot/iam-data
Version:
619 lines • 17.2 kB
JSON
{
"backup": {
"name": "Backup",
"isPermissionOnly": true,
"description": "Grants permission to start a backup job for an existing file system",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"clientmount": {
"name": "ClientMount",
"isPermissionOnly": true,
"description": "Grants permission to allow an NFS client read-access to a file system",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"elasticfilesystem:AccessPointArn",
"elasticfilesystem:AccessedViaMountTarget"
],
"dependentActions": []
},
"clientrootaccess": {
"name": "ClientRootAccess",
"isPermissionOnly": true,
"description": "Grants permission to allow an NFS client root-access to a file system",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"elasticfilesystem:AccessPointArn",
"elasticfilesystem:AccessedViaMountTarget"
],
"dependentActions": []
},
"clientwrite": {
"name": "ClientWrite",
"isPermissionOnly": true,
"description": "Grants permission to allow an NFS client write-access to a file system",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"elasticfilesystem:AccessPointArn",
"elasticfilesystem:AccessedViaMountTarget"
],
"dependentActions": []
},
"createaccesspoint": {
"name": "CreateAccessPoint",
"description": "Grants permission to create an access point for the specified file system",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": [
"elasticfilesystem:TagResource"
]
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": []
},
"createfilesystem": {
"name": "CreateFileSystem",
"description": "Grants permission to create a new, empty file system",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"elasticfilesystem:Encrypted"
],
"dependentActions": [
"elasticfilesystem:TagResource"
]
},
"createmounttarget": {
"name": "CreateMountTarget",
"description": "Grants permission to create a mount target for a file system",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createreplicationconfiguration": {
"name": "CreateReplicationConfiguration",
"description": "Grants permission to create a new replication configuration",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createtags": {
"name": "CreateTags",
"description": "Grants permission to create or overwrite tags associated with a file system; deprecated, see TagResource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"deleteaccesspoint": {
"name": "DeleteAccessPoint",
"description": "Grants permission to delete the specified access point",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "access-point",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletefilesystem": {
"name": "DeleteFileSystem",
"description": "Grants permission to delete a file system, permanently severing access to its contents",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletefilesystempolicy": {
"name": "DeleteFileSystemPolicy",
"description": "Grants permission to delete the resource-level policy for a file system",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletemounttarget": {
"name": "DeleteMountTarget",
"description": "Grants permission to delete the specified mount target",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletereplicationconfiguration": {
"name": "DeleteReplicationConfiguration",
"description": "Grants permission to delete a replication configuration",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletetags": {
"name": "DeleteTags",
"description": "Grants permission to delete the specified tags from a file system; deprecated, see UntagResource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys"
],
"dependentActions": []
},
"describeaccesspoints": {
"name": "DescribeAccessPoints",
"description": "Grants permission to view the descriptions of Amazon EFS access points",
"accessLevel": "List",
"resourceTypes": [
{
"name": "access-point",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "file-system",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeaccountpreferences": {
"name": "DescribeAccountPreferences",
"description": "Grants permission to view the account preferences in effect for an account",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describebackuppolicy": {
"name": "DescribeBackupPolicy",
"description": "Grants permission to view the BackupPolicy object for an Amazon EFS file system",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describefilesystempolicy": {
"name": "DescribeFileSystemPolicy",
"description": "Grants permission to view the resource-level policy for an Amazon EFS file system",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "file-system",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describefilesystems": {
"name": "DescribeFileSystems",
"description": "Grants permission to view the description of an Amazon EFS file system specified by file system CreationToken or FileSystemId; or to view the description of all file systems owned by the caller's AWS account in the AWS region of the endpoint that is being called",
"accessLevel": "List",
"resourceTypes": [
{
"name": "file-system",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describelifecycleconfiguration": {
"name": "DescribeLifecycleConfiguration",
"description": "Grants permission to view the LifecycleConfiguration object for an Amazon EFS file system",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describemounttargetsecuritygroups": {
"name": "DescribeMountTargetSecurityGroups",
"description": "Grants permission to view the security groups in effect for a mount target",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describemounttargets": {
"name": "DescribeMountTargets",
"description": "Grants permission to view the descriptions of all mount targets, or a specific mount target, for a file system",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "access-point",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describereplicationconfigurations": {
"name": "DescribeReplicationConfigurations",
"description": "Grants permission to view the description of an Amazon EFS replication configuration specified by FileSystemId; or to view the description of all replication configurations owned by the caller's AWS account in the AWS region of the endpoint that is being called",
"accessLevel": "List",
"resourceTypes": [
{
"name": "file-system",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describetags": {
"name": "DescribeTags",
"description": "Grants permission to view the tags associated with a file system",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listtagsforresource": {
"name": "ListTagsForResource",
"description": "Grants permission to view the tags associated with the specified Amazon EFS resource",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "access-point",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "file-system",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"modifymounttargetsecuritygroups": {
"name": "ModifyMountTargetSecurityGroups",
"description": "Grants permission to modify the set of security groups in effect for a mount target",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putaccountpreferences": {
"name": "PutAccountPreferences",
"description": "Grants permission to set the account preferences of an account",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"putbackuppolicy": {
"name": "PutBackupPolicy",
"description": "Grants permission to enable or disable automatic backups with AWS Backup by creating a new BackupPolicy object",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putfilesystempolicy": {
"name": "PutFileSystemPolicy",
"description": "Grants permission to apply a resource-level policy that defines the actions allowed or denied from given actors for the specified file system",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putlifecycleconfiguration": {
"name": "PutLifecycleConfiguration",
"description": "Grants permission to enable lifecycle management by creating a new LifecycleConfiguration object",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"replicationread": {
"name": "ReplicationRead",
"isPermissionOnly": true,
"description": "Grants permission to read file system data for replication",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"replicationwrite": {
"name": "ReplicationWrite",
"isPermissionOnly": true,
"description": "Grants permission to replicate data to a file system",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"restore": {
"name": "Restore",
"isPermissionOnly": true,
"description": "Grants permission to start a restore job for a backup of a file system",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"tagresource": {
"name": "TagResource",
"description": "Grants permission to create or overwrite tags associated with the specified Amazon EFS resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "access-point",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "file-system",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"elasticfilesystem:CreateAction"
],
"dependentActions": []
},
"untagresource": {
"name": "UntagResource",
"description": "Grants permission to delete the specified tags from an Amazon EFS resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "access-point",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "file-system",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys"
],
"dependentActions": []
},
"updatefilesystem": {
"name": "UpdateFileSystem",
"description": "Grants permission to update the throughput mode or the amount of provisioned throughput of an existing file system",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"updatefilesystemprotection": {
"name": "UpdateFileSystemProtection",
"description": "Grants permission to update the file system protection of an existing file system",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "file-system",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
}
}