@cloud-copilot/iam-data
Version:
434 lines • 11.4 kB
JSON
{
"associateresource": {
"name": "AssociateResource",
"isPermissionOnly": true,
"description": "Grants permission to associate a resource to an Application",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"canceltagsynctask": {
"name": "CancelTagSyncTask",
"description": "Grants permission to cancel a tag-sync task for an application group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"resource-groups:DeleteGroup"
]
},
"creategroup": {
"name": "CreateGroup",
"description": "Grants permission to create a resource group with a specified name, description, and resource query",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": [
"cloudformation:DescribeStacks"
]
},
"deletegroup": {
"name": "DeleteGroup",
"description": "Grants permission to delete a specified resource group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"tag:GetResources"
]
},
"deletegrouppolicy": {
"name": "DeleteGroupPolicy",
"isPermissionOnly": true,
"description": "Grants permission to delete a resource-based policy for the specified group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"disassociateresource": {
"name": "DisassociateResource",
"isPermissionOnly": true,
"description": "Grants permission to disassociate a resource from an Application",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getaccountsettings": {
"name": "GetAccountSettings",
"description": "Grants permission to get the current status of optional features in Resource Groups",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getgroup": {
"name": "GetGroup",
"description": "Grants permission to get information of a specified resource group",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getgroupconfiguration": {
"name": "GetGroupConfiguration",
"description": "Grants permission to get the service configuration associated with the specified resource group",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getgrouppolicy": {
"name": "GetGroupPolicy",
"isPermissionOnly": true,
"description": "Grants permission to get a resource-based policy for the specified group",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getgroupquery": {
"name": "GetGroupQuery",
"description": "Grants permission to get the query associated with a specified resource group",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"gettagsynctask": {
"name": "GetTagSyncTask",
"description": "Grants permission to get information of a specified tag-sync task",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"gettags": {
"name": "GetTags",
"description": "Grants permission to get the tags associated with a specified resource group",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"groupresources": {
"name": "GroupResources",
"description": "Grants permission to add the specified resources to the specified group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"resource-groups:Tag",
"tag:TagResources"
]
},
"listgroupresources": {
"name": "ListGroupResources",
"description": "Grants permission to list the resources that are members of a specified resource group",
"accessLevel": "List",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources",
"tag:GetResources"
]
},
"listgroupingstatuses": {
"name": "ListGroupingStatuses",
"description": "Grants permission to list grouping statuses for a specified application group",
"accessLevel": "List",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listgroups": {
"name": "ListGroups",
"description": "Grants permission to list all resource groups in your account",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listresourcetypes": {
"name": "ListResourceTypes",
"isPermissionOnly": true,
"description": "Grants permission to list supported resource types",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listtagsynctasks": {
"name": "ListTagSyncTasks",
"description": "Grants permission to list all tag-sync tasks in your account",
"accessLevel": "List",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putgroupconfiguration": {
"name": "PutGroupConfiguration",
"description": "Grants permission to put the service configuration associated with the specified resource group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putgrouppolicy": {
"name": "PutGroupPolicy",
"isPermissionOnly": true,
"description": "Grants permission to add a resource-based policy for the specified group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"searchresources": {
"name": "SearchResources",
"description": "Grants permission to search for AWS resources matching the given query",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": [
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources",
"tag:GetResources"
]
},
"starttagsynctask": {
"name": "StartTagSyncTask",
"description": "Grants permission to create a tag-sync task for an application group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"resource-groups:CreateGroup"
]
},
"tag": {
"name": "Tag",
"description": "Grants permission to tag a specified resource group",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"ungroupresources": {
"name": "UngroupResources",
"description": "Grants permission to remove the specified resources from the specified group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"resource-groups:Untag",
"tag:UntagResources"
]
},
"untag": {
"name": "Untag",
"description": "Grants permission to remove tags associated with a specified resource group",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys"
],
"dependentActions": []
},
"updateaccountsettings": {
"name": "UpdateAccountSettings",
"description": "Grants permission to update optional features in Resource Groups",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"updategroup": {
"name": "UpdateGroup",
"description": "Grants permission to update a specified resource group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"updategroupquery": {
"name": "UpdateGroupQuery",
"description": "Grants permission to update the query associated with a specified resource group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"cloudformation:DescribeStacks"
]
}
}