@cloud-copilot/iam-data
Version:
1,832 lines • 105 kB
JSON
{
"abortmultipartupload": {
"name": "AbortMultipartUpload",
"description": "Grants permission to abort a multipart upload",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "object",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointArn",
"s3:AccessGrantsInstanceArn",
"s3:DataAccessPointAccount",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"associateaccessgrantsidentitycenter": {
"name": "AssociateAccessGrantsIdentityCenter",
"description": "Grants permission to associate Access Grants identity center",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "accessgrantsinstance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"bypassgovernanceretention": {
"name": "BypassGovernanceRetention",
"description": "Grants permission to allow circumvention of governance-mode object retention settings",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "object",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:RequestObjectTag/<key>",
"s3:RequestObjectTagKeys",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-acl",
"s3:x-amz-content-sha256",
"s3:x-amz-copy-source",
"s3:x-amz-grant-full-control",
"s3:x-amz-grant-read",
"s3:x-amz-grant-read-acp",
"s3:x-amz-grant-write",
"s3:x-amz-grant-write-acp",
"s3:x-amz-metadata-directive",
"s3:x-amz-server-side-encryption",
"s3:x-amz-server-side-encryption-aws-kms-key-id",
"s3:x-amz-server-side-encryption-customer-algorithm",
"s3:x-amz-storage-class",
"s3:x-amz-website-redirect-location"
],
"dependentActions": []
},
"createaccessgrant": {
"name": "CreateAccessGrant",
"description": "Grants permission to create Access Grant",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "accessgrantslocation",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}",
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createaccessgrantsinstance": {
"name": "CreateAccessGrantsInstance",
"description": "Grants permission to Create Access Grants Instance",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "accessgrantsinstance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createaccessgrantslocation": {
"name": "CreateAccessGrantsLocation",
"description": "Grants permission to create Access Grants location",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "accessgrantsinstance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}",
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createaccesspoint": {
"name": "CreateAccessPoint",
"description": "Grants permission to create a new access point",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "accesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:locationconstraint",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-acl",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"createaccesspointforobjectlambda": {
"name": "CreateAccessPointForObjectLambda",
"description": "Grants permission to create an object lambda enabled accesspoint",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "objectlambdaaccesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"createbucket": {
"name": "CreateBucket",
"description": "Grants permission to create a new bucket",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:locationconstraint",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-acl",
"s3:x-amz-content-sha256",
"s3:x-amz-grant-full-control",
"s3:x-amz-grant-read",
"s3:x-amz-grant-read-acp",
"s3:x-amz-grant-write",
"s3:x-amz-grant-write-acp",
"s3:x-amz-object-ownership"
],
"dependentActions": []
},
"createbucketmetadatatableconfiguration": {
"name": "CreateBucketMetadataTableConfiguration",
"description": "Grants permission to create a new S3 Metadata configuration for a specified bucket",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": [
"s3tables:CreateNamespace",
"s3tables:CreateTable",
"s3tables:GetTable",
"s3tables:PutTablePolicy"
]
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"createjob": {
"name": "CreateJob",
"description": "Grants permission to create a new Amazon S3 Batch Operations job",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"s3:RequestJobPriority",
"s3:RequestJobOperation",
"aws:TagKeys",
"aws:RequestTag/${TagKey}"
],
"dependentActions": [
"iam:PassRole"
]
},
"createmultiregionaccesspoint": {
"name": "CreateMultiRegionAccessPoint",
"description": "Grants permission to create a new Multi-Region Access Point",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "multiregionaccesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureversion",
"s3:signatureAge",
"s3:TlsVersion"
],
"dependentActions": []
},
"createstoragelensgroup": {
"name": "CreateStorageLensGroup",
"description": "Grants permission to create an Amazon S3 Storage Lens group",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"deleteaccessgrant": {
"name": "DeleteAccessGrant",
"description": "Grants permission to delete Access Grant",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "accessgrant",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deleteaccessgrantsinstance": {
"name": "DeleteAccessGrantsInstance",
"description": "Grants permission to Delete Access Grants Instance",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "accessgrantsinstance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deleteaccessgrantsinstanceresourcepolicy": {
"name": "DeleteAccessGrantsInstanceResourcePolicy",
"description": "Grants permission to read Access grants instance resource policy",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "accessgrantsinstance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deleteaccessgrantslocation": {
"name": "DeleteAccessGrantsLocation",
"description": "Grants permission to delete Access Grants location",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "accessgrantslocation",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"deleteaccesspoint": {
"name": "DeleteAccessPoint",
"description": "Grants permission to delete the access point named in the URI",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "accesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointArn",
"s3:DataAccessPointAccount",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deleteaccesspointforobjectlambda": {
"name": "DeleteAccessPointForObjectLambda",
"description": "Grants permission to delete the object lambda enabled access point named in the URI",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "objectlambdaaccesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointArn",
"s3:DataAccessPointAccount",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deleteaccesspointpolicy": {
"name": "DeleteAccessPointPolicy",
"description": "Grants permission to delete the policy on a specified access point",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "accesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointArn",
"s3:DataAccessPointAccount",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deleteaccesspointpolicyforobjectlambda": {
"name": "DeleteAccessPointPolicyForObjectLambda",
"description": "Grants permission to delete the policy on a specified object lambda enabled access point",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "objectlambdaaccesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointArn",
"s3:DataAccessPointAccount",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deletebucket": {
"name": "DeleteBucket",
"description": "Grants permission to delete the bucket named in the URI",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deletebucketmetadatatableconfiguration": {
"name": "DeleteBucketMetadataTableConfiguration",
"description": "Grants permission to delete the S3 Metadata configuration for a specified bucket",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deletebucketpolicy": {
"name": "DeleteBucketPolicy",
"description": "Grants permission to delete the policy on a specified bucket",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deletebucketwebsite": {
"name": "DeleteBucketWebsite",
"description": "Grants permission to remove the website configuration for a bucket",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deletejobtagging": {
"name": "DeleteJobTagging",
"description": "Grants permission to remove tags from an existing Amazon S3 Batch Operations job",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "job",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"s3:ExistingJobPriority",
"s3:ExistingJobOperation"
],
"dependentActions": []
},
"deletemultiregionaccesspoint": {
"name": "DeleteMultiRegionAccessPoint",
"description": "Grants permission to delete the Multi-Region Access Point named in the URI",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "multiregionaccesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureversion",
"s3:signatureAge",
"s3:TlsVersion"
],
"dependentActions": []
},
"deleteobject": {
"name": "DeleteObject",
"description": "Grants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the object",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "object",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:AccessGrantsInstanceArn",
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deleteobjecttagging": {
"name": "DeleteObjectTagging",
"description": "Grants permission to use the tagging subresource to remove the entire tag set from the specified object",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "object",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:ExistingObjectTag/<key>",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deleteobjectversion": {
"name": "DeleteObjectVersion",
"description": "Grants permission to remove a specific version of an object",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "object",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:AccessGrantsInstanceArn",
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:versionid",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deleteobjectversiontagging": {
"name": "DeleteObjectVersionTagging",
"description": "Grants permission to remove the entire tag set for a specific version of the object",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "object",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:ExistingObjectTag/<key>",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:versionid",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deletestoragelensconfiguration": {
"name": "DeleteStorageLensConfiguration",
"description": "Grants permission to delete an existing Amazon S3 Storage Lens configuration",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "storagelensconfiguration",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deletestoragelensconfigurationtagging": {
"name": "DeleteStorageLensConfigurationTagging",
"description": "Grants permission to remove tags from an existing Amazon S3 Storage Lens configuration",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "storagelensconfiguration",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"deletestoragelensgroup": {
"name": "DeleteStorageLensGroup",
"description": "Grants permission to delete an existing S3 Storage Lens group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "storagelensgroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"describejob": {
"name": "DescribeJob",
"description": "Grants permission to retrieve the configuration parameters and status for a batch operations job",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "job",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"describemultiregionaccesspointoperation": {
"name": "DescribeMultiRegionAccessPointOperation",
"description": "Grants permission to retrieve the configurations for a Multi-Region Access Point",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "multiregionaccesspointrequestarn",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureversion",
"s3:signatureAge",
"s3:TlsVersion"
],
"dependentActions": []
},
"dissociateaccessgrantsidentitycenter": {
"name": "DissociateAccessGrantsIdentityCenter",
"description": "Grants permission to disassociate Access Grants identity center",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "accessgrantsinstance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getaccelerateconfiguration": {
"name": "GetAccelerateConfiguration",
"description": "Grants permission to uses the accelerate subresource to return the Transfer Acceleration state of a bucket, which is either Enabled or Suspended",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getaccessgrant": {
"name": "GetAccessGrant",
"description": "Grants permission to read Access Grant",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "accessgrant",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getaccessgrantsinstance": {
"name": "GetAccessGrantsInstance",
"description": "Grants permission to Read Access Grants Instance",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "accessgrantsinstance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getaccessgrantsinstanceforprefix": {
"name": "GetAccessGrantsInstanceForPrefix",
"description": "Grants permission to Read Access Grants Instance by prefix",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "accessgrantsinstance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getaccessgrantsinstanceresourcepolicy": {
"name": "GetAccessGrantsInstanceResourcePolicy",
"description": "Grants permission to read Access grants instance resource policy",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "accessgrantsinstance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getaccessgrantslocation": {
"name": "GetAccessGrantsLocation",
"description": "Grants permission to read Access Grants location",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "accessgrantslocation",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getaccesspoint": {
"name": "GetAccessPoint",
"description": "Grants permission to return configuration information about the specified access point",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getaccesspointconfigurationforobjectlambda": {
"name": "GetAccessPointConfigurationForObjectLambda",
"description": "Grants permission to retrieve the configuration of the object lambda enabled access point",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "objectlambdaaccesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointArn",
"s3:DataAccessPointAccount",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getaccesspointforobjectlambda": {
"name": "GetAccessPointForObjectLambda",
"description": "Grants permission to create an object lambda enabled accesspoint",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "objectlambdaaccesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getaccesspointpolicy": {
"name": "GetAccessPointPolicy",
"description": "Grants permission to return the access point policy associated with the specified access point",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "accesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getaccesspointpolicyforobjectlambda": {
"name": "GetAccessPointPolicyForObjectLambda",
"description": "Grants permission to return the access point policy associated with the specified object lambda enabled access point",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "objectlambdaaccesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getaccesspointpolicystatus": {
"name": "GetAccessPointPolicyStatus",
"description": "Grants permission to return the policy status for a specific access point policy",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "accesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getaccesspointpolicystatusforobjectlambda": {
"name": "GetAccessPointPolicyStatusForObjectLambda",
"description": "Grants permission to return the policy status for a specific object lambda access point policy",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "objectlambdaaccesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getaccountpublicaccessblock": {
"name": "GetAccountPublicAccessBlock",
"description": "Grants permission to retrieve the PublicAccessBlock configuration for an AWS account",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getanalyticsconfiguration": {
"name": "GetAnalyticsConfiguration",
"description": "Grants permission to get an analytics configuration from an Amazon S3 bucket, identified by the analytics configuration ID",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbucketacl": {
"name": "GetBucketAcl",
"description": "Grants permission to use the acl subresource to return the access control list (ACL) of an Amazon S3 bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbucketcors": {
"name": "GetBucketCORS",
"description": "Grants permission to return the CORS configuration information set for an Amazon S3 bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbucketlocation": {
"name": "GetBucketLocation",
"description": "Grants permission to return the Region that an Amazon S3 bucket resides in",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbucketlogging": {
"name": "GetBucketLogging",
"description": "Grants permission to return the logging status of an Amazon S3 bucket and the permissions users have to view or modify that status",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbucketmetadatatableconfiguration": {
"name": "GetBucketMetadataTableConfiguration",
"description": "Grants permission to return the S3 Metadata configuration for a specified bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbucketnotification": {
"name": "GetBucketNotification",
"description": "Grants permission to get the notification configuration of an Amazon S3 bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbucketobjectlockconfiguration": {
"name": "GetBucketObjectLockConfiguration",
"description": "Grants permission to get the Object Lock configuration of an Amazon S3 bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:signatureversion"
],
"dependentActions": []
},
"getbucketownershipcontrols": {
"name": "GetBucketOwnershipControls",
"description": "Grants permission to retrieve ownership controls on a bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbucketpolicy": {
"name": "GetBucketPolicy",
"description": "Grants permission to return the policy of the specified bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbucketpolicystatus": {
"name": "GetBucketPolicyStatus",
"description": "Grants permission to retrieve the policy status for a specific Amazon S3 bucket, which indicates whether the bucket is public",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbucketpublicaccessblock": {
"name": "GetBucketPublicAccessBlock",
"description": "Grants permission to retrieve the PublicAccessBlock configuration for an Amazon S3 bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbucketrequestpayment": {
"name": "GetBucketRequestPayment",
"description": "Grants permission to return the request payment configuration for an Amazon S3 bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbuckettagging": {
"name": "GetBucketTagging",
"description": "Grants permission to return the tag set associated with an Amazon S3 bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbucketversioning": {
"name": "GetBucketVersioning",
"description": "Grants permission to return the versioning state of an Amazon S3 bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getbucketwebsite": {
"name": "GetBucketWebsite",
"description": "Grants permission to return the website configuration for an Amazon S3 bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getdataaccess": {
"name": "GetDataAccess",
"description": "Grants permission to get Access",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "accessgrantsinstance",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getencryptionconfiguration": {
"name": "GetEncryptionConfiguration",
"description": "Grants permission to return the default encryption configuration an Amazon S3 bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getintelligenttieringconfiguration": {
"name": "GetIntelligentTieringConfiguration",
"description": "Grants permission to get an or list all Amazon S3 Intelligent Tiering configuration in a S3 Bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getinventoryconfiguration": {
"name": "GetInventoryConfiguration",
"description": "Grants permission to return an inventory configuration from an Amazon S3 bucket, identified by the inventory configuration ID",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getjobtagging": {
"name": "GetJobTagging",
"description": "Grants permission to return the tag set of an existing Amazon S3 Batch Operations job",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "job",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getlifecycleconfiguration": {
"name": "GetLifecycleConfiguration",
"description": "Grants permission to return the lifecycle configuration information set on an Amazon S3 bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getmetricsconfiguration": {
"name": "GetMetricsConfiguration",
"description": "Grants permission to get a metrics configuration from an Amazon S3 bucket",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "bucket",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:authType",
"s3:ResourceAccount",
"s3:signatureAge",
"s3:signatureversion",
"s3:TlsVersion",
"s3:x-amz-content-sha256"
],
"dependentActions": []
},
"getmultiregionaccesspoint": {
"name": "GetMultiRegionAccessPoint",
"description": "Grants permission to return configuration information about the specified Multi-Region Access Point",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "multiregionaccesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureversion",
"s3:signatureAge",
"s3:TlsVersion"
],
"dependentActions": []
},
"getmultiregionaccesspointpolicy": {
"name": "GetMultiRegionAccessPointPolicy",
"description": "Grants permission to return the access point policy associated with the specified Multi-Region Access Point",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "multiregionaccesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureversion",
"s3:signatureAge",
"s3:TlsVersion"
],
"dependentActions": []
},
"getmultiregionaccesspointpolicystatus": {
"name": "GetMultiRegionAccessPointPolicyStatus",
"description": "Grants permission to return the policy status for a specific Multi-Region Access Point policy",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "multiregionaccesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureversion",
"s3:signatureAge",
"s3:TlsVersion"
],
"dependentActions": []
},
"getmultiregionaccesspointroutes": {
"name": "GetMultiRegionAccessPointRoutes",
"description": "Grants permission to return the route configuration for a Multi-Region Access Point",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "multiregionaccesspoint",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"s3:DataAccessPointAccount",
"s3:DataAccessPointArn",
"s3:AccessPointNetworkOrigin",
"s3:authType",
"s3:ResourceAccount",
"s3:signatureversion",
"s3:signatureAge",
"s3:TlsVersion"
],
"dependentActions": []
},
"getobject": {
"name": "GetObject",
"description": "Grants permission to retrieve objects from Amazon S3",
"accessLevel": "Read",
"resourceTypes": [
{
"