Merge pull request #1875 from udondan/update-aws-managed-policies

udondan · web-flow · commit eafcb883eb28 · 2026-02-12T02:41:18.000+01:00
diff --git a/docs/source/_static/managed-policies/AWSResourceExplorerServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSResourceExplorerServiceRolePolicy.json
@@ -779,6 +779,7 @@
         "iam:ListAttachedRolePolicies",
         "iam:ListRolePolicies",
         "kinesis:DescribeStreamSummary",
+        "kinesis:ListTagsForResource",
         "kinesis:ListTagsForStream",
         "lambda:GetEventSourceMapping",
         "lambda:GetFunction",
diff --git a/docs/source/_static/managed-policies/PartnerCentralIncentiveBenefitManagement.json b/docs/source/_static/managed-policies/PartnerCentralIncentiveBenefitManagement.json
@@ -0,0 +1,138 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "BenefitsManagement",
+      "Effect": "Allow",
+      "Action": [
+        "partnercentral:ListBenefits",
+        "partnercentral:GetBenefit",
+        "partnercentral:CreateBenefitApplication",
+        "partnercentral:AmendBenefitApplication",
+        "partnercentral:UpdateBenefitApplication",
+        "partnercentral:SubmitBenefitApplication",
+        "partnercentral:GetBenefitApplication",
+        "partnercentral:CancelBenefitApplication",
+        "partnercentral:RecallBenefitApplication",
+        "partnercentral:ListBenefitApplications",
+        "partnercentral:AssociateBenefitApplicationResource",
+        "partnercentral:DisassociateBenefitApplicationResource",
+        "partnercentral:ListBenefitAllocations",
+        "partnercentral:GetBenefitAllocation"
+      ],
+      "Resource": [
+        "arn:aws:partnercentral:*:*:catalog/*/benefit-application/*",
+        "arn:aws:partnercentral:*:*:catalog/*/benefit-allocation/*",
+        "arn:aws:partnercentral:*:*:catalog/*/benefit/*"
+      ],
+      "Condition": {
+        "StringEquals": {
+          "partnercentral:Catalog": [
+            "AWS",
+            "Sandbox"
+          ]
+        }
+      }
+    },
+    {
+      "Sid": "PartnerCentralBenefitsTaggingAccess",
+      "Effect": "Allow",
+      "Action": [
+        "partnercentral:TagResource",
+        "partnercentral:UntagResource",
+        "partnercentral:ListTagsForResource"
+      ],
+      "Resource": [
+        "arn:aws:partnercentral:*:*:catalog/*/benefit-application/*",
+        "arn:aws:partnercentral:*:*:catalog/*/benefit-allocation/*"
+      ],
+      "Condition": {
+        "StringEquals": {
+          "partnercentral:Catalog": [
+            "AWS",
+            "Sandbox"
+          ]
+        }
+      }
+    },
+    {
+      "Sid": "PartnerResourceAccess",
+      "Effect": "Allow",
+      "Action": [
+        "partnercentral:ListPartners",
+        "partnercentral:GetPartner"
+      ],
+      "Resource": "arn:aws:partnercentral:*:*:catalog/*/partner/*",
+      "Condition": {
+        "StringEquals": {
+          "partnercentral:Catalog": [
+            "AWS",
+            "Sandbox"
+          ]
+        }
+      }
+    },
+    {
+      "Sid": "AWSPartnerOpportunityAccess",
+      "Effect": "Allow",
+      "Action": [
+        "partnercentral:GetAwsOpportunitySummary",
+        "partnercentral:GetOpportunity",
+        "partnercentral:ListOpportunities"
+      ],
+      "Resource": "arn:aws:partnercentral:*:*:catalog/*/opportunity/*",
+      "Condition": {
+        "StringEquals": {
+          "partnercentral:Catalog": [
+            "AWS",
+            "Sandbox"
+          ]
+        }
+      }
+    },
+    {
+      "Sid": "ListingAWSMarketplaceEntities",
+      "Effect": "Allow",
+      "Action": [
+        "aws-marketplace:ListEntities"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "AWSMarketplaceOffersAccess",
+      "Effect": "Allow",
+      "Action": [
+        "aws-marketplace:DescribeEntity"
+      ],
+      "Resource": [
+        "arn:aws:aws-marketplace:*:*:AWSMarketplace*/Solution/*",
+        "arn:aws:aws-marketplace:*:*:AWSMarketplace*/OfferSet/*",
+        "arn:aws:aws-marketplace:*:*:AWSMarketplace*/Offer/*"
+      ]
+    },
+    {
+      "Sid": "AWSMarketplaceAgreementsReadAccess",
+      "Effect": "Allow",
+      "Action": [
+        "aws-marketplace:SearchAgreements",
+        "aws-marketplace:DescribeAgreement"
+      ],
+      "Resource": "*",
+      "Condition": {
+        "ForAllValues:StringEquals": {
+          "aws-marketplace:AgreementType": [
+            "PurchaseAgreement"
+          ]
+        }
+      }
+    },
+    {
+      "Sid": "PartnerCentralEphemeralWriteS3Access",
+      "Effect": "Allow",
+      "Action": [
+        "s3:PutObject"
+      ],
+      "Resource": "arn:aws:s3:::aws-partner-central-marketplace-ephemeral-writeonly-files/${aws:PrincipalAccount}/*"
+    }
+  ]
+}
diff --git a/docs/source/_static/managed-policies/index.json b/docs/source/_static/managed-policies/index.json
diff --git a/lib/generated/aws-managed-policies/cdk-iam-floyd.ts b/lib/generated/aws-managed-policies/cdk-iam-floyd.ts
@@ -6784,6 +6784,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic {
         return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.PartnerCentralAccountManagementUserRoleAssociation);
     }
 
+    /** Policy provides access to manage all the incentive benefits in AWS Partner Central. */
+    public PartnerCentralIncentiveBenefitManagement(): aws_iam.IManagedPolicy {
+        return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.PartnerCentralIncentiveBenefitManagement);
+    }
+
     /** Provides full access to AWS services and resources, but does not allow management of Users and groups. */
     public PowerUserAccess(): aws_iam.IManagedPolicy {
         return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.PowerUserAccess);
diff --git a/lib/generated/aws-managed-policies/iam-floyd.ts b/lib/generated/aws-managed-policies/iam-floyd.ts
@@ -2710,6 +2710,8 @@ export class AwsManagedPolicy {
     public static OpensearchIngestionSelfManagedVpcePolicy = 'aws-service-role/OpensearchIngestionSelfManagedVpcePolicy';
     /** Provides access to associate and dissociate partner central users with IAM roles */
     public static PartnerCentralAccountManagementUserRoleAssociation = 'PartnerCentralAccountManagementUserRoleAssociation';
+    /** Policy provides access to manage all the incentive benefits in AWS Partner Central. */
+    public static PartnerCentralIncentiveBenefitManagement = 'PartnerCentralIncentiveBenefitManagement';
     /** Provides full access to AWS services and resources, but does not allow management of Users and groups. */
     public static PowerUserAccess = 'PowerUserAccess';
     /** Grants permissions to AWS Services and Resources used or managed by Amazon Q Apps. */
