Merge pull request #1912 from udondan/iam-updates

Author: udondan

CHANGELOG/v0.754.0.md

@@ -0,0 +1,25 @@
+:warning: **Removed resource types:**
+
+- elemental-inference:FeedResource
+
+**New actions:**
+
+- cloudwatch:DeleteAlarmMuteRule
+- cloudwatch:GetAlarmMuteRule
+- cloudwatch:ListAlarmMuteRules
+- cloudwatch:PutAlarmMuteRule
+- lex:DeleteBotAnalyzerRecommendation
+- lex:DescribeBotAnalyzerRecommendation
+- lex:ListBotAnalyzerRecommendations
+- lex:StartBotAnalyzer
+- lex:StopBotAnalyzer
+- wafv2:GetTopPathStatisticsByTraffic
+
+**Updated action access level:**
+
+- elemental-inference:GetMetadata: Write -> Read
+
+**New resource types:**
+
+- cloudwatch:alarm-mute-rule
+- elemental-inference:feed

README.md

@@ -16,8 +16,8 @@
 Support for:
 
 - 443 Services
-- 20326 Actions
-- 2154 Resource Types
+- 20336 Actions
+- 2155 Resource Types
 - 2276 Condition keys
 <!-- /stats -->
 

VERSION

@@ -1 +1 @@
-0.753.0
+0.754.0

docs/source/conf.py

@@ -24,7 +24,7 @@
 author = 'Daniel Schroeder'
 
 # The full version, including alpha/beta/rc tags
-release = '0.753.0'
+release = '0.754.0'
 
 # -- General configuration ---------------------------------------------------
 

docs/source/index.rst

@@ -31,8 +31,8 @@ AWS IAM policy statement generator with fluent interface.
 Support for:
 
 - 443 Services
-- 20326 Actions
-- 2154 Resource Types
+- 20336 Actions
+- 2155 Resource Types
 - 2276 Condition keys
 
 ..

lib/generated/policy-statements/cloudwatch.ts

@@ -55,6 +55,17 @@ export class Cloudwatch extends PolicyStatement {
     return this.to('CreateServiceLevelObjective');
   }
 
+  /**
+   * Grants permission to delete an alarm mute rule
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DeleteAlarmMuteRule.html
+   */
+  public toDeleteAlarmMuteRule() {
+    return this.to('DeleteAlarmMuteRule');
+  }
+
   /**
    * Grants permission to delete a collection of alarms
    *
@@ -253,6 +264,17 @@ export class Cloudwatch extends PolicyStatement {
     return this.to('GenerateQueryResultsSummary');
   }
 
+  /**
+   * Grants permission to get an alarm mute rule
+   *
+   * Access Level: Read
+   *
+   * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetAlarmMuteRule.html
+   */
+  public toGetAlarmMuteRule() {
+    return this.to('GetAlarmMuteRule');
+  }
+
   /**
    * Grants permission to display the details of the CloudWatch dashboard you specify
    *
@@ -385,6 +407,17 @@ export class Cloudwatch extends PolicyStatement {
     return this.to('Link');
   }
 
+  /**
+   * Grants permission to retrieve a list of alarm mute rules owned by the user's account
+   *
+   * Access Level: List
+   *
+   * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListAlarmMuteRules.html
+   */
+  public toListAlarmMuteRules() {
+    return this.to('ListAlarmMuteRules');
+  }
+
   /**
    * Grants permission to return a list of all CloudWatch dashboards in your account
    *
@@ -478,6 +511,21 @@ export class Cloudwatch extends PolicyStatement {
     return this.to('ListTagsForResource');
   }
 
+  /**
+   * Grants permission to create or update an alarm mute rule
+   *
+   * Access Level: Write
+   *
+   * Possible conditions:
+   * - .ifAwsRequestTag()
+   * - .ifAwsTagKeys()
+   *
+   * https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutAlarmMuteRule.html
+   */
+  public toPutAlarmMuteRule() {
+    return this.to('PutAlarmMuteRule');
+  }
+
   /**
    * Grants permission to create or update an anomaly detection model for a CloudWatch metric
    *
@@ -677,6 +725,7 @@ export class Cloudwatch extends PolicyStatement {
       'DescribeInsightRules',
       'GenerateQuery',
       'GenerateQueryResultsSummary',
+      'GetAlarmMuteRule',
       'GetDashboard',
       'GetInsightRuleReport',
       'GetMetricData',
@@ -692,6 +741,7 @@ export class Cloudwatch extends PolicyStatement {
     ],
     Write: [
       'CreateServiceLevelObjective',
+      'DeleteAlarmMuteRule',
       'DeleteAlarms',
       'DeleteAnomalyDetector',
       'DeleteDashboards',
@@ -704,6 +754,7 @@ export class Cloudwatch extends PolicyStatement {
       'EnableInsightRules',
       'EnableTopologyDiscovery',
       'Link',
+      'PutAlarmMuteRule',
       'PutAnomalyDetector',
       'PutCompositeAlarm',
       'PutDashboard',
@@ -718,6 +769,7 @@ export class Cloudwatch extends PolicyStatement {
       'UpdateServiceLevelObjective'
     ],
     List: [
+      'ListAlarmMuteRules',
       'ListDashboards',
       'ListEntitiesForMetric',
       'ListMetricStreams',
@@ -749,6 +801,23 @@ export class Cloudwatch extends PolicyStatement {
     return this.on(`arn:${ partition ?? this.defaultPartition }:cloudwatch:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:alarm:${ alarmName }`);
   }
 
+  /**
+   * Adds a resource of type alarm-mute-rule to the statement
+   *
+   * https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html
+   *
+   * @param alarmMuteRuleName - Identifier for the alarmMuteRuleName.
+   * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+   * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+   * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+   *
+   * Possible conditions:
+   * - .ifAwsResourceTag()
+   */
+  public onAlarmMuteRule(alarmMuteRuleName: string, account?: string, region?: string, partition?: string) {
+    return this.on(`arn:${ partition ?? this.defaultPartition }:cloudwatch:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:alarm-mute-rule:${ alarmMuteRuleName }`);
+  }
+
   /**
    * Adds a resource of type dashboard to the statement
    *
@@ -839,6 +908,7 @@ export class Cloudwatch extends PolicyStatement {
    * Applies to actions:
    * - .toCreateServiceLevelObjective()
    * - .toListManagedInsightRules()
+   * - .toPutAlarmMuteRule()
    * - .toPutCompositeAlarm()
    * - .toPutInsightRule()
    * - .toPutManagedInsightRules()
@@ -861,6 +931,7 @@ export class Cloudwatch extends PolicyStatement {
    *
    * Applies to resource types:
    * - alarm
+   * - alarm-mute-rule
    * - insight-rule
    * - metric-stream
    * - slo
@@ -882,6 +953,7 @@ export class Cloudwatch extends PolicyStatement {
    * Applies to actions:
    * - .toCreateServiceLevelObjective()
    * - .toListManagedInsightRules()
+   * - .toPutAlarmMuteRule()
    * - .toPutCompositeAlarm()
    * - .toPutInsightRule()
    * - .toPutManagedInsightRules()

lib/generated/policy-statements/elasticblockstore.ts

@@ -101,6 +101,9 @@ export class Ebs extends PolicyStatement {
    * - .ifParentSnapshot()
    * - .ifVolumeSize()
    *
+   * Dependent actions:
+   * - ec2:CreateTags
+   *
    * https://docs.aws.amazon.com/ebs/latest/APIReference/API_StartSnapshot.html
    */
   public toStartSnapshot() {

lib/generated/policy-statements/elementalinference.ts

@@ -23,7 +23,7 @@ export class ElementalInference extends PolicyStatement {
    *
    * Access Level: Write
    *
-   * https://docs.aws.amazon.com/elemental-inference/latest/api/API_AssociateFeed.html
+   * https://docs.aws.amazon.com/elemental-inference/latest/APIReference/API_AssociateFeed.html
    */
   public toAssociateFeed() {
     return this.to('AssociateFeed');
@@ -38,7 +38,7 @@ export class ElementalInference extends PolicyStatement {
    * - .ifAwsRequestTag()
    * - .ifAwsTagKeys()
    *
-   * https://docs.aws.amazon.com/elemental-inference/latest/api/API_CreateFeed.html
+   * https://docs.aws.amazon.com/elemental-inference/latest/APIReference/API_CreateFeed.html
    */
   public toCreateFeed() {
     return this.to('CreateFeed');
@@ -49,7 +49,7 @@ export class ElementalInference extends PolicyStatement {
    *
    * Access Level: Write
    *
-   * https://docs.aws.amazon.com/elemental-inference/latest/api/API_DeleteFeed.html
+   * https://docs.aws.amazon.com/elemental-inference/latest/APIReference/API_DeleteFeed.html
    */
   public toDeleteFeed() {
     return this.to('DeleteFeed');
@@ -60,7 +60,7 @@ export class ElementalInference extends PolicyStatement {
    *
    * Access Level: Write
    *
-   * https://docs.aws.amazon.com/elemental-inference/latest/api/API_DisassociateFeed.html
+   * https://docs.aws.amazon.com/elemental-inference/latest/APIReference/API_DisassociateFeed.html
    */
   public toDisassociateFeed() {
     return this.to('DisassociateFeed');
@@ -71,7 +71,7 @@ export class ElementalInference extends PolicyStatement {
    *
    * Access Level: Read
    *
-   * https://docs.aws.amazon.com/elemental-inference/latest/api/API_GetFeed.html
+   * https://docs.aws.amazon.com/elemental-inference/latest/APIReference/API_GetFeed.html
    */
   public toGetFeed() {
     return this.to('GetFeed');
@@ -80,9 +80,9 @@ export class ElementalInference extends PolicyStatement {
   /**
    * Grants permission to retrieve metadata for a specific feed output
    *
-   * Access Level: Write
+   * Access Level: Read
    *
-   * https://docs.aws.amazon.com/elemental-inference/latest/api/API_GetMetadata.html
+   * https://docs.aws.amazon.com/elemental-inference/latest/APIReference/API_GetMetadata.html
    */
   public toGetMetadata() {
     return this.to('GetMetadata');
@@ -93,7 +93,7 @@ export class ElementalInference extends PolicyStatement {
    *
    * Access Level: List
    *
-   * https://docs.aws.amazon.com/elemental-inference/latest/api/API_ListFeeds.html
+   * https://docs.aws.amazon.com/elemental-inference/latest/APIReference/API_ListFeeds.html
    */
   public toListFeeds() {
     return this.to('ListFeeds');
@@ -104,7 +104,7 @@ export class ElementalInference extends PolicyStatement {
    *
    * Access Level: Read
    *
-   * https://docs.aws.amazon.com/elemental-inference/latest/api/API_ListTagsForResource.html
+   * https://docs.aws.amazon.com/elemental-inference/latest/APIReference/API_ListTagsForResource.html
    */
   public toListTagsForResource() {
     return this.to('ListTagsForResource');
@@ -115,7 +115,7 @@ export class ElementalInference extends PolicyStatement {
    *
    * Access Level: Write
    *
-   * https://docs.aws.amazon.com/elemental-inference/latest/api/API_PutMedia.html
+   * https://docs.aws.amazon.com/elemental-inference/latest/APIReference/API_PutMedia.html
    */
   public toPutMedia() {
     return this.to('PutMedia');
@@ -130,7 +130,7 @@ export class ElementalInference extends PolicyStatement {
    * - .ifAwsRequestTag()
    * - .ifAwsTagKeys()
    *
-   * https://docs.aws.amazon.com/elemental-inference/latest/api/API_TagResource.html
+   * https://docs.aws.amazon.com/elemental-inference/latest/APIReference/API_TagResource.html
    */
   public toTagResource() {
     return this.to('TagResource');
@@ -144,7 +144,7 @@ export class ElementalInference extends PolicyStatement {
    * Possible conditions:
    * - .ifAwsTagKeys()
    *
-   * https://docs.aws.amazon.com/elemental-inference/latest/api/API_UntagResource.html
+   * https://docs.aws.amazon.com/elemental-inference/latest/APIReference/API_UntagResource.html
    */
   public toUntagResource() {
     return this.to('UntagResource');
@@ -155,7 +155,7 @@ export class ElementalInference extends PolicyStatement {
    *
    * Access Level: Write
    *
-   * https://docs.aws.amazon.com/elemental-inference/latest/api/API_UpdateFeed.html
+   * https://docs.aws.amazon.com/elemental-inference/latest/APIReference/API_UpdateFeed.html
    */
   public toUpdateFeed() {
     return this.to('UpdateFeed');
@@ -167,12 +167,12 @@ export class ElementalInference extends PolicyStatement {
       'CreateFeed',
       'DeleteFeed',
       'DisassociateFeed',
-      'GetMetadata',
       'PutMedia',
       'UpdateFeed'
     ],
     Read: [
       'GetFeed',
+      'GetMetadata',
       'ListTagsForResource'
     ],
     List: [
@@ -185,9 +185,9 @@ export class ElementalInference extends PolicyStatement {
   };
 
   /**
-   * Adds a resource of type FeedResource to the statement
+   * Adds a resource of type feed to the statement
    *
-   * https://docs.aws.amazon.com/elemental-inference/latest/APIReference/API_Feed.html
+   * https://docs.aws.amazon.com/elemental-inference/latest/userguide/elemental-inference-configuration.html
    *
    * @param id - Identifier for the id.
    * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
@@ -197,7 +197,7 @@ export class ElementalInference extends PolicyStatement {
    * Possible conditions:
    * - .ifAwsResourceTag()
    */
-  public onFeedResource(id: string, account?: string, region?: string, partition?: string) {
+  public onFeed(id: string, account?: string, region?: string, partition?: string) {
     return this.on(`arn:${ partition ?? this.defaultPartition }:elemental-inference:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:feed/${ id }`);
   }
 
@@ -224,7 +224,7 @@ export class ElementalInference extends PolicyStatement {
    * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
    *
    * Applies to resource types:
-   * - FeedResource
+   * - feed
    *
    * @param tagKey The tag key to check
    * @param value The value(s) to check