@cloud-copilot/iam-data
Version:
92 lines • 4.18 kB
JSON
{
"aws:requesttag/${tagkey}": {
"key": "aws:RequestTag/${TagKey}",
"description": "Filters access by 'Create' requests based on the allowed set of values for a specified tags",
"type": "String"
},
"aws:resourcetag/${tagkey}": {
"key": "aws:ResourceTag/${TagKey}",
"description": "Filters access by based on a tag key-value pair assigned to the AWS resource",
"type": "String"
},
"aws:tagkeys": {
"key": "aws:TagKeys",
"description": "Filters access by 'Create' requests based on whether mandatory tags are included in the request",
"type": "ArrayOfString"
},
"ec2:sourceinstancearn": {
"key": "ec2:SourceInstanceARN",
"description": "Filters access by the ARN of the instance from which the request originated",
"type": "ARN"
},
"ssm:accessrequestid": {
"key": "ssm:AccessRequestId",
"description": "Filters access by verifying that a user has access to the access request ID specified in the request",
"type": "String"
},
"ssm:autoapprove": {
"key": "ssm:AutoApprove",
"description": "Filters access by verifying that a user has permission to start Change Manager workflows without a review step (with the exception of change freeze events)",
"type": "Bool"
},
"ssm:documentcategories": {
"key": "ssm:DocumentCategories",
"description": "Filters access by verifying that a user has permission to access a document belonging to a specific category enum",
"type": "ArrayOfString"
},
"ssm:documenttype": {
"key": "ssm:DocumentType",
"description": "Filters access by verifying that a user has permission to access a document belonging to a specific document type. Only available in \"aws\", \"aws-cn\", and \"aws-us-gov\" partitions",
"type": "String"
},
"ssm:overwrite": {
"key": "ssm:Overwrite",
"description": "Filters access by controling whether Systems Manager parameters can be overwritten",
"type": "String"
},
"ssm:policies": {
"key": "ssm:Policies",
"description": "Filters access by controlling whether an IAM Entity (user or role) can create or update a parameter that includes a parameter policy",
"type": "String"
},
"ssm:recursive": {
"key": "ssm:Recursive",
"description": "Filters access by Systems Manager parameters created in a hierarchical structure",
"type": "String"
},
"ssm:sessiondocumentaccesscheck": {
"key": "ssm:SessionDocumentAccessCheck",
"description": "Filters access by verifying that a user has permission to access either the default Session Manager configuration document or the custom configuration document specified in a request",
"type": "Bool"
},
"ssm:sourceinstancearn": {
"key": "ssm:SourceInstanceARN",
"description": "Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile",
"type": "ARN"
},
"ssm:synctype": {
"key": "ssm:SyncType",
"description": "Filters access by verifying that a user also has access to the ResourceDataSync SyncType specified in the request",
"type": "String"
},
"ssm:resourcetag/${tagkey}": {
"key": "ssm:resourceTag/${TagKey}",
"description": "Filters access by a tag key-value pair assigned to the Systems Manager resource",
"type": "String"
},
"ssm:resourcetag/aws:ssmmessages:session-id": {
"key": "ssm:resourceTag/aws:ssmmessages:session-id",
"description": "Filters access by based on a tag key-value pair assigned to the Systems Manager session resource",
"type": "String"
},
"ssm:resourcetag/aws:ssmmessages:target-id": {
"key": "ssm:resourceTag/aws:ssmmessages:target-id",
"description": "Filters access by based on a tag key-value pair assigned to the Systems Manager session resource",
"type": "String"
},
"ssm:resourcetag/tag-key": {
"key": "ssm:resourceTag/tag-key",
"description": "Filters access by based on a tag key-value pair assigned to the Systems Manager resource",
"type": "String"
}
}