@cloud-copilot/iam-data
Version:
1,075 lines • 28.6 kB
JSON
{
"associatewebacl": {
"name": "AssociateWebACL",
"description": "Grants permission to associate a WebACL with a resource",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": [
"amplify:AssociateWebACL",
"apigateway:SetWebACL",
"apprunner:AssociateWebAcl",
"appsync:SetWebACL",
"cognito-idp:AssociateWebACL",
"ec2:AssociateVerifiedAccessInstanceWebAcl",
"elasticloadbalancing:SetWebAcl",
"wafv2:GetPermissionPolicy",
"wafv2:PutPermissionPolicy"
]
},
{
"name": "amplify-app",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "apigateway",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "apprunner",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "appsync",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "loadbalancer/app/",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "userpool",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "verified-access-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"checkcapacity": {
"name": "CheckCapacity",
"description": "Grants permission to calculate web ACL capacity unit (WCU) requirements for a specified scope and set of rules",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"createapikey": {
"name": "CreateAPIKey",
"description": "Grants permission to create an API key for use in the integration of the CAPTCHA API in your JavaScript client applications",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"createipset": {
"name": "CreateIPSet",
"description": "Grants permission to create an IPSet",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "ipset",
"required": true,
"conditionKeys": [],
"dependentActions": [
"wafv2:TagResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createregexpatternset": {
"name": "CreateRegexPatternSet",
"description": "Grants permission to create a RegexPatternSet",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "regexpatternset",
"required": true,
"conditionKeys": [],
"dependentActions": [
"wafv2:TagResource"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createrulegroup": {
"name": "CreateRuleGroup",
"description": "Grants permission to create a RuleGroup",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "rulegroup",
"required": true,
"conditionKeys": [],
"dependentActions": [
"wafv2:TagResource"
]
},
{
"name": "ipset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "regexpatternset",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createwebacl": {
"name": "CreateWebACL",
"description": "Grants permission to create a WebACL",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": [
"wafv2:TagResource"
]
},
{
"name": "ipset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managedruleset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "regexpatternset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "rulegroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"deleteapikey": {
"name": "DeleteAPIKey",
"description": "Grants permission to delete an API key",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deletefirewallmanagerrulegroups": {
"name": "DeleteFirewallManagerRuleGroups",
"description": "Grants permission to delete FirewallManagedRulesGroups from a WebACL if not managed by Firewall Manager anymore",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteipset": {
"name": "DeleteIPSet",
"description": "Grants permission to delete an IPSet",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "ipset",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteloggingconfiguration": {
"name": "DeleteLoggingConfiguration",
"description": "Grants permission to delete the LoggingConfiguration from a WebACL",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"wafv2:LogScope"
],
"dependentActions": []
},
"deletepermissionpolicy": {
"name": "DeletePermissionPolicy",
"description": "Grants permission to delete the PermissionPolicy on a RuleGroup",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "rulegroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteregexpatternset": {
"name": "DeleteRegexPatternSet",
"description": "Grants permission to delete a RegexPatternSet",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "regexpatternset",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleterulegroup": {
"name": "DeleteRuleGroup",
"description": "Grants permission to delete a RuleGroup",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "rulegroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletewebacl": {
"name": "DeleteWebACL",
"description": "Grants permission to delete a WebACL",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeallmanagedproducts": {
"name": "DescribeAllManagedProducts",
"description": "Grants permission to retrieve product information for a managed rule group",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describemanagedproductsbyvendor": {
"name": "DescribeManagedProductsByVendor",
"description": "Grants permission to retrieve product information for a managed rule group by a given vendor",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describemanagedrulegroup": {
"name": "DescribeManagedRuleGroup",
"description": "Grants permission to retrieve high-level information for a managed rule group",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"disassociatefirewallmanager": {
"name": "DisassociateFirewallManager",
"isPermissionOnly": true,
"description": "Grants permission to disassociate Firewall Manager from a WebACL",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"disassociatewebacl": {
"name": "DisassociateWebACL",
"description": "Grants permission to disassociate a WebACL from an application resource",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "amplify-app",
"required": false,
"conditionKeys": [],
"dependentActions": [
"amplify:DisassociateWebACL",
"apigateway:SetWebACL",
"apprunner:DisassociateWebAcl",
"appsync:SetWebACL",
"cognito-idp:DisassociateWebACL",
"ec2:DisassociateVerifiedAccessInstanceWebAcl",
"elasticloadbalancing:SetWebAcl",
"wafv2:PutPermissionPolicy"
]
},
{
"name": "apigateway",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "apprunner",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "appsync",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "loadbalancer/app/",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "userpool",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "verified-access-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"generatemobilesdkreleaseurl": {
"name": "GenerateMobileSdkReleaseUrl",
"description": "Grants permission to generate a presigned download URL for the specified release of the mobile SDK",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getdecryptedapikey": {
"name": "GetDecryptedAPIKey",
"description": "Grants permission to return your API key in decrypted form. Use this to check the token domains that you have defined for the key",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getipset": {
"name": "GetIPSet",
"description": "Grants permission to retrieve details about an IPSet",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "ipset",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getloggingconfiguration": {
"name": "GetLoggingConfiguration",
"description": "Grants permission to retrieve LoggingConfiguration for a WebACL",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}",
"wafv2:LogScope"
],
"dependentActions": []
},
"getmanagedruleset": {
"name": "GetManagedRuleSet",
"description": "Grants permission to retrieve details about a ManagedRuleSet",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "managedruleset",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getmobilesdkrelease": {
"name": "GetMobileSdkRelease",
"description": "Grants permission to retrieve information for the specified mobile SDK release, including release notes and tags",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getpermissionpolicy": {
"name": "GetPermissionPolicy",
"description": "Grants permission to retrieve a PermissionPolicy for a RuleGroup",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "rulegroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getratebasedstatementmanagedkeys": {
"name": "GetRateBasedStatementManagedKeys",
"description": "Grants permission to retrieve the keys that are currently blocked by a rate-based rule",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getregexpatternset": {
"name": "GetRegexPatternSet",
"description": "Grants permission to retrieve details about a RegexPatternSet",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "regexpatternset",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getrulegroup": {
"name": "GetRuleGroup",
"description": "Grants permission to retrieve details about a RuleGroup",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "rulegroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getsampledrequests": {
"name": "GetSampledRequests",
"description": "Grants permission to retrieve detailed information about a sampling of web requests",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getwebacl": {
"name": "GetWebACL",
"description": "Grants permission to retrieve details about a WebACL",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"getwebaclforresource": {
"name": "GetWebACLForResource",
"description": "Grants permission to retrieve the WebACL that's associated with a resource",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": [
"amplify:GetWebACLForResource",
"apprunner:DescribeWebAclForService",
"cognito-idp:GetWebACLForResource",
"ec2:GetVerifiedAccessInstanceWebAcl",
"wafv2:GetWebACL"
]
},
{
"name": "amplify-app",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "apigateway",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "apprunner",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "appsync",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "loadbalancer/app/",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "userpool",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "verified-access-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listapikeys": {
"name": "ListAPIKeys",
"description": "Grants permission to retrieve a list of the API keys that you've defined for the specified scope",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listavailablemanagedrulegroupversions": {
"name": "ListAvailableManagedRuleGroupVersions",
"description": "Grants permission to retrieve an array of managed rule group versions that are available for you to use",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listavailablemanagedrulegroups": {
"name": "ListAvailableManagedRuleGroups",
"description": "Grants permission to retrieve an array of managed rule groups that are available for you to use",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listipsets": {
"name": "ListIPSets",
"description": "Grants permission to retrieve an array of IPSetSummary objects for the IP sets that you manage",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listloggingconfigurations": {
"name": "ListLoggingConfigurations",
"description": "Grants permission to retrieve an array of your LoggingConfiguration objects",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [
"wafv2:LogScope"
],
"dependentActions": []
},
"listmanagedrulesets": {
"name": "ListManagedRuleSets",
"description": "Grants permission to retrieve an array of your ManagedRuleSet objects",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listmobilesdkreleases": {
"name": "ListMobileSdkReleases",
"description": "Grants permission to retrieve a list of the available releases for the mobile SDK and the specified device platform",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listregexpatternsets": {
"name": "ListRegexPatternSets",
"description": "Grants permission to retrieve an array of RegexPatternSetSummary objects for the regex pattern sets that you manage",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listresourcesforwebacl": {
"name": "ListResourcesForWebACL",
"description": "Grants permission to retrieve an array of the Amazon Resource Names (ARNs) for the resources that are associated with a web ACL",
"accessLevel": "List",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": [
"amplify:ListResourcesForWebACL",
"apprunner:ListAssociatedServicesForWebAcl",
"cognito-idp:ListResourcesForWebACL",
"ec2:DescribeVerifiedAccessInstanceWebAclAssociations"
]
},
{
"name": "amplify-app",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "apprunner",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "userpool",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "verified-access-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listrulegroups": {
"name": "ListRuleGroups",
"description": "Grants permission to retrieve an array of RuleGroupSummary objects for the rule groups that you manage",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listtagsforresource": {
"name": "ListTagsForResource",
"description": "Grants permission to list tags for a resource",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "ipset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "regexpatternset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "rulegroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "webacl",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"listwebacls": {
"name": "ListWebACLs",
"description": "Grants permission to retrieve an array of WebACLSummary objects for the web ACLs that you manage",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"putfirewallmanagerrulegroups": {
"name": "PutFirewallManagerRuleGroups",
"isPermissionOnly": true,
"description": "Grants permission to create FirewallManagedRulesGroups in a WebACL",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putloggingconfiguration": {
"name": "PutLoggingConfiguration",
"description": "Grants permission to enable a LoggingConfiguration, to start logging for a web ACL",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:CreateServiceLinkedRole"
]
}
],
"conditionKeys": [
"wafv2:LogScope",
"wafv2:LogDestinationResource"
],
"dependentActions": []
},
"putmanagedrulesetversions": {
"name": "PutManagedRuleSetVersions",
"description": "Grants permission to enable create a new or update an existing version of a ManagedRuleSet",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "managedruleset",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "rulegroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"putpermissionpolicy": {
"name": "PutPermissionPolicy",
"description": "Grants permission to attach an IAM policy to a resource, used to share rule groups between accounts",
"accessLevel": "Permissions management",
"resourceTypes": [
{
"name": "rulegroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"tagresource": {
"name": "TagResource",
"description": "Grants permission to associate tags with a AWS resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "ipset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "regexpatternset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "rulegroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "webacl",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys",
"aws:RequestTag/${TagKey}",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"untagresource": {
"name": "UntagResource",
"description": "Grants permission to disassociate tags from an AWS resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "ipset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "regexpatternset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "rulegroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "webacl",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys"
],
"dependentActions": []
},
"updateipset": {
"name": "UpdateIPSet",
"description": "Grants permission to update an IPSet",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "ipset",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"updatemanagedrulesetversionexpirydate": {
"name": "UpdateManagedRuleSetVersionExpiryDate",
"description": "Grants permission to update the expiry date of a version in ManagedRuleSet",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "managedruleset",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"updateregexpatternset": {
"name": "UpdateRegexPatternSet",
"description": "Grants permission to update a RegexPatternSet",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "regexpatternset",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"updaterulegroup": {
"name": "UpdateRuleGroup",
"description": "Grants permission to update a RuleGroup",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "rulegroup",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "ipset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "regexpatternset",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"updatewebacl": {
"name": "UpdateWebACL",
"description": "Grants permission to update a WebACL",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "ipset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "managedruleset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "regexpatternset",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "rulegroup",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
}
}