Merge pull request #1876 from udondan/iam-updates

Author: udondan

CHANGELOG/v0.749.0.md

@@ -0,0 +1,4 @@
+**New resource types:**
+
+- signin:oauth2-public-client-localhost
+- signin:oauth2-public-client-remote

README.md

@@ -17,7 +17,7 @@ Support for:
 
 - 441 Services
 - 20280 Actions
-- 2146 Resource Types
+- 2148 Resource Types
 - 2270 Condition keys
 <!-- /stats -->
 

VERSION

@@ -1 +1 @@
-0.748.0
+0.749.0

docs/source/conf.py

@@ -24,7 +24,7 @@
 author = 'Daniel Schroeder'
 
 # The full version, including alpha/beta/rc tags
-release = '0.748.0'
+release = '0.749.0'
 
 # -- General configuration ---------------------------------------------------
 

docs/source/index.rst

@@ -32,7 +32,7 @@ Support for:
 
 - 441 Services
 - 20280 Actions
-- 2146 Resource Types
+- 2148 Resource Types
 - 2270 Condition keys
 
 ..

lib/generated/policy-statements/billingandcostmanagementpricingcalculator.ts

@@ -34,6 +34,10 @@ export class BcmPricingCalculator extends PolicyStatement {
    *
    * Access Level: Write
    *
+   * Possible conditions:
+   * - .ifAwsRequestTag()
+   * - .ifAwsTagKeys()
+   *
    * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_AWSBCMPricingCalculator_CreateBillScenario.html
    */
   public toCreateBillScenario() {
@@ -67,6 +71,10 @@ export class BcmPricingCalculator extends PolicyStatement {
    *
    * Access Level: Write
    *
+   * Possible conditions:
+   * - .ifAwsRequestTag()
+   * - .ifAwsTagKeys()
+   *
    * https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_AWSBCMPricingCalculator_CreateWorkloadEstimate.html
    */
   public toCreateWorkloadEstimate() {
@@ -475,11 +483,10 @@ export class BcmPricingCalculator extends PolicyStatement {
    *
    * @param billEstimateId - Identifier for the billEstimateId.
    * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
-   * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
    * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
    */
-  public onBillEstimate(billEstimateId: string, account?: string, region?: string, partition?: string) {
-    return this.on(`arn:${ partition ?? this.defaultPartition }:bcm-pricing-calculator:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:bill-estimate/${ billEstimateId }`);
+  public onBillEstimate(billEstimateId: string, account?: string, partition?: string) {
+    return this.on(`arn:${ partition ?? this.defaultPartition }:bcm-pricing-calculator::${ account ?? this.defaultAccount }:bill-estimate/${ billEstimateId }`);
   }
 
   /**
@@ -489,11 +496,13 @@ export class BcmPricingCalculator extends PolicyStatement {
    *
    * @param billScenarioId - Identifier for the billScenarioId.
    * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
-   * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
    * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+   *
+   * Possible conditions:
+   * - .ifAwsResourceTag()
    */
-  public onBillScenario(billScenarioId: string, account?: string, region?: string, partition?: string) {
-    return this.on(`arn:${ partition ?? this.defaultPartition }:bcm-pricing-calculator:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:bill-scenario/${ billScenarioId }`);
+  public onBillScenario(billScenarioId: string, account?: string, partition?: string) {
+    return this.on(`arn:${ partition ?? this.defaultPartition }:bcm-pricing-calculator::${ account ?? this.defaultAccount }:bill-scenario/${ billScenarioId }`);
   }
 
   /**
@@ -503,11 +512,13 @@ export class BcmPricingCalculator extends PolicyStatement {
    *
    * @param workloadEstimateId - Identifier for the workloadEstimateId.
    * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
-   * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
    * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+   *
+   * Possible conditions:
+   * - .ifAwsResourceTag()
    */
-  public onWorkloadEstimate(workloadEstimateId: string, account?: string, region?: string, partition?: string) {
-    return this.on(`arn:${ partition ?? this.defaultPartition }:bcm-pricing-calculator:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:workload-estimate/${ workloadEstimateId }`);
+  public onWorkloadEstimate(workloadEstimateId: string, account?: string, partition?: string) {
+    return this.on(`arn:${ partition ?? this.defaultPartition }:bcm-pricing-calculator::${ account ?? this.defaultAccount }:workload-estimate/${ workloadEstimateId }`);
   }
 
   /**
@@ -516,6 +527,8 @@ export class BcmPricingCalculator extends PolicyStatement {
    * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag
    *
    * Applies to actions:
+   * - .toCreateBillScenario()
+   * - .toCreateWorkloadEstimate()
    * - .toTagResource()
    *
    * @param tagKey The tag key to check
@@ -531,6 +544,14 @@ export class BcmPricingCalculator extends PolicyStatement {
    *
    * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag
    *
+   * Applies to actions:
+   * - .toTagResource()
+   * - .toUntagResource()
+   *
+   * Applies to resource types:
+   * - bill-scenario
+   * - workload-estimate
+   *
    * @param tagKey The tag key to check
    * @param value The value(s) to check
    * @param operator Works with [string operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). **Default:** `StringLike`
@@ -545,6 +566,8 @@ export class BcmPricingCalculator extends PolicyStatement {
    * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys
    *
    * Applies to actions:
+   * - .toCreateBillScenario()
+   * - .toCreateWorkloadEstimate()
    * - .toTagResource()
    * - .toUntagResource()
    *

lib/generated/policy-statements/signin.ts

@@ -87,4 +87,30 @@ export class Signin extends PolicyStatement {
       'ListTrustedIdentityPropagationApplicationsForConsole'
     ]
   };
+
+  /**
+   * Adds a resource of type oauth2-public-client-localhost to the statement
+   *
+   * https://docs.aws.amazon.com/signin/latest/APIReference
+   *
+   * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+   * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+   * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+   */
+  public onOauth2PublicClientLocalhost(account?: string, region?: string, partition?: string) {
+    return this.on(`arn:${ partition ?? this.defaultPartition }:signin:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:oauth2/public-client/localhost`);
+  }
+
+  /**
+   * Adds a resource of type oauth2-public-client-remote to the statement
+   *
+   * https://docs.aws.amazon.com/signin/latest/APIReference
+   *
+   * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+   * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+   * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+   */
+  public onOauth2PublicClientRemote(account?: string, region?: string, partition?: string) {
+    return this.on(`arn:${ partition ?? this.defaultPartition }:signin:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:oauth2/public-client/remote`);
+  }
 }

lib/generated/policy-statements/workspaces.ts

@@ -1483,6 +1483,7 @@ export class Workspaces extends PolicyStatement {
    *
    * Applies to actions:
    * - .toAssociateWorkspaceApplication()
+   * - .toCreateWorkspaces()
    * - .toDeployWorkspaceApplications()
    * - .toDescribeApplicationAssociations()
    * - .toDescribeBundleAssociations()

stats/resources/signin

@@ -1 +1,2 @@
-
+signin:oauth2-public-client-localhost
+signin:oauth2-public-client-remote