diff --git a/CHANGELOG/v0.635.0.md b/CHANGELOG/v0.635.0.md new file mode 100644 index 000000000..d5a70c77b --- /dev/null +++ b/CHANGELOG/v0.635.0.md @@ -0,0 +1,17 @@ +**New services:** + +- qapps + +**New actions:** + +- qbusiness:CancelSubscription +- qbusiness:CreateSubscription +- qbusiness:ListSubscriptions +- qbusiness:UpdateSubscription +- timestream:DescribeAccountSettings +- timestream:UpdateAccountSettings + +**New resource types:** + +- qbusiness:subscription +- sts:self-session diff --git a/README.md b/README.md index ad971214e..26cd3231b 100644 --- a/README.md +++ b/README.md @@ -16,9 +16,9 @@ Support for: -- 392 Services -- 16594 Actions -- 1780 Resource Types +- 393 Services +- 16621 Actions +- 1783 Resource Types - 1731 Condition keys diff --git a/VERSION b/VERSION index 000a658ec..def496c4f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.634.0 +0.635.0 diff --git a/docs/source/conf.py b/docs/source/conf.py index f5c39ff15..2f56eee08 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -24,7 +24,7 @@ author = 'Daniel Schroeder' # The full version, including alpha/beta/rc tags -release = '0.634.0' +release = '0.635.0' # -- General configuration --------------------------------------------------- diff --git a/docs/source/index.rst b/docs/source/index.rst index 3a619f3e5..0c2776ca4 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -30,9 +30,9 @@ AWS IAM policy statement generator with fluent interface. Support for: -- 392 Services -- 16594 Actions -- 1780 Resource Types +- 393 Services +- 16621 Actions +- 1783 Resource Types - 1731 Condition keys .. diff --git a/lib/generated/index.ts b/lib/generated/index.ts index c0260300c..d3708db86 100644 --- a/lib/generated/index.ts +++ b/lib/generated/index.ts @@ -126,6 +126,7 @@ export { SmsVoiceV2 } from './policy-statements/pinpointsmsvoicev2'; export { Polly } from './policy-statements/polly'; export { Q } from './policy-statements/q'; export { Qbusiness } from './policy-statements/qbusiness'; +export { Qapps } from './policy-statements/qbusinessqapps'; export { Wisdom } from './policy-statements/qinconnect'; export { Qldb } from './policy-statements/qldb'; export { Quicksight } from './policy-statements/quicksight'; diff --git a/lib/generated/policy-statements/qbusiness.ts b/lib/generated/policy-statements/qbusiness.ts index ba0a66c7c..42d45b00c 100644 --- a/lib/generated/policy-statements/qbusiness.ts +++ b/lib/generated/policy-statements/qbusiness.ts @@ -45,6 +45,15 @@ export class Qbusiness extends PolicyStatement { return this.to('BatchPutDocument'); } + /** + * Grants permission to cancel a subscription + * + * Access Level: Write + */ + public toCancelSubscription() { + return this.to('CancelSubscription'); + } + /** * Grants permission to chat using an application * @@ -137,6 +146,15 @@ export class Qbusiness extends PolicyStatement { return this.to('CreateRetriever'); } + /** + * Grants permission to create a subscription + * + * Access Level: Write + */ + public toCreateSubscription() { + return this.to('CreateSubscription'); + } + /** * Grants permission to create a user * @@ -429,6 +447,15 @@ export class Qbusiness extends PolicyStatement { return this.to('ListRetrievers'); } + /** + * Grants permission to list subscriptions + * + * Access Level: List + */ + public toListSubscriptions() { + return this.to('ListSubscriptions'); + } + /** * Grants permission to list tags for a resource * @@ -580,6 +607,15 @@ export class Qbusiness extends PolicyStatement { return this.to('UpdateRetriever'); } + /** + * Grants permission to update a subscription + * + * Access Level: Write + */ + public toUpdateSubscription() { + return this.to('UpdateSubscription'); + } + /** * Grants permission to update a user * @@ -603,12 +639,14 @@ export class Qbusiness extends PolicyStatement { 'AddUserLicenses', 'BatchDeleteDocument', 'BatchPutDocument', + 'CancelSubscription', 'CreateApplication', 'CreateDataSource', 'CreateIndex', 'CreateLicense', 'CreatePlugin', 'CreateRetriever', + 'CreateSubscription', 'CreateUser', 'CreateWebExperience', 'DeleteApplication', @@ -632,6 +670,7 @@ export class Qbusiness extends PolicyStatement { 'UpdateIndex', 'UpdatePlugin', 'UpdateRetriever', + 'UpdateSubscription', 'UpdateUser', 'UpdateWebExperience' ], @@ -661,6 +700,7 @@ export class Qbusiness extends PolicyStatement { 'ListMessages', 'ListPlugins', 'ListRetrievers', + 'ListSubscriptions', 'ListUserLicenses', 'ListWebExperiences' ], @@ -779,6 +819,19 @@ export class Qbusiness extends PolicyStatement { return this.on(`arn:${ partition ?? this.defaultPartition }:qbusiness:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:application/${ applicationId }/user-license/${ userLicenseId }`); } + /** + * Adds a resource of type subscription to the statement + * + * @param applicationId - Identifier for the applicationId. + * @param subscriptionId - Identifier for the subscriptionId. + * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. + * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. + * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. + */ + public onSubscription(applicationId: string, subscriptionId: string, account?: string, region?: string, partition?: string) { + return this.on(`arn:${ partition ?? this.defaultPartition }:qbusiness:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:application/${ applicationId }/subscription/${ subscriptionId }`); + } + /** * Filters access by the tags that are passed in the request * diff --git a/lib/generated/policy-statements/qbusinessqapps.ts b/lib/generated/policy-statements/qbusinessqapps.ts new file mode 100644 index 000000000..6e354e3a3 --- /dev/null +++ b/lib/generated/policy-statements/qbusinessqapps.ts @@ -0,0 +1,253 @@ +import { AccessLevelList } from '../../shared/access-level'; +import { PolicyStatement } from '../../shared'; + +/** + * Statement provider for service [qapps](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonqbusinessqapps.html). + * + * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement + */ +export class Qapps extends PolicyStatement { + public servicePrefix = 'qapps'; + + /** + * Statement provider for service [qapps](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonqbusinessqapps.html). + * + * @param sid [SID](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html) of the statement + */ + constructor(sid?: string) { + super(sid); + } + + /** + * Grants permission to associate Q App with a user in Q Business application + * + * Access Level: Write + */ + public toAssociateQAppWithUser() { + return this.to('AssociateQAppWithUser'); + } + + /** + * Grants permission to copy Q App in Q Business application + * + * Access Level: Write + */ + public toCopyQApp() { + return this.to('CopyQApp'); + } + + /** + * Grants permission to create a library item in Q Business application + * + * Access Level: Write + */ + public toCreateLibraryItem() { + return this.to('CreateLibraryItem'); + } + + /** + * Grants permission to create a library item review in Q Business application + * + * Access Level: Write + */ + public toCreateLibraryItemReview() { + return this.to('CreateLibraryItemReview'); + } + + /** + * Grants permission to create Q App in Q Business application + * + * Access Level: Write + */ + public toCreateQApp() { + return this.to('CreateQApp'); + } + + /** + * Grants permission to subscribe to a Q App event bus topic in Q Business application + * + * Access Level: Write + */ + public toCreateSubscriptionToken() { + return this.to('CreateSubscriptionToken'); + } + + /** + * Grants permission to delete a library item in Q Business application + * + * Access Level: Write + */ + public toDeleteLibraryItem() { + return this.to('DeleteLibraryItem'); + } + + /** + * Grants permission to delete Q App in Q Business application + * + * Access Level: Write + */ + public toDeleteQApp() { + return this.to('DeleteQApp'); + } + + /** + * Grants permission to disassociate Q App with a user in Q Business application + * + * Access Level: Write + */ + public toDisassociateQAppFromUser() { + return this.to('DisassociateQAppFromUser'); + } + + /** + * Grants permission to get a library item in Q Business application + * + * Access Level: Read + */ + public toGetLibraryItem() { + return this.to('GetLibraryItem'); + } + + /** + * Grants permission to get Q App in Q Business application + * + * Access Level: Read + */ + public toGetQApp() { + return this.to('GetQApp'); + } + + /** + * Grants permission to import a document to Q App in Q Business application + * + * Access Level: Write + */ + public toImportDocumentToQApp() { + return this.to('ImportDocumentToQApp'); + } + + /** + * Grants permission to import a document to Q App session in Q Business application + * + * Access Level: Write + */ + public toImportDocumentToQAppSession() { + return this.to('ImportDocumentToQAppSession'); + } + + /** + * Grants permission to list library items in Q Business application + * + * Access Level: List + */ + public toListLibraryItems() { + return this.to('ListLibraryItems'); + } + + /** + * Grants permission to list Q Apps in Q Business application + * + * Access Level: List + */ + public toListQApps() { + return this.to('ListQApps'); + } + + /** + * Grants permission to predict problem statement from conversation log in Q Business application + * + * Access Level: Write + */ + public toPredictProblemStatementFromConversation() { + return this.to('PredictProblemStatementFromConversation'); + } + + /** + * Grants permission to predict Q App metadata from problem statement in Q Business application + * + * Access Level: Write + */ + public toPredictQAppFromProblemStatement() { + return this.to('PredictQAppFromProblemStatement'); + } + + /** + * Grants permission to start Q App session in Q Business application + * + * Access Level: Write + */ + public toStartQAppSession() { + return this.to('StartQAppSession'); + } + + /** + * Grants permission to stop Q App session in Q Business application + * + * Access Level: Write + */ + public toStopQAppSession() { + return this.to('StopQAppSession'); + } + + /** + * Grants permission to update a library item in Q Business application + * + * Access Level: Write + */ + public toUpdateLibraryItem() { + return this.to('UpdateLibraryItem'); + } + + /** + * Grants permission to update Q App in Q Business application + * + * Access Level: Write + */ + public toUpdateQApp() { + return this.to('UpdateQApp'); + } + + protected accessLevelList: AccessLevelList = { + Write: [ + 'AssociateQAppWithUser', + 'CopyQApp', + 'CreateLibraryItem', + 'CreateLibraryItemReview', + 'CreateQApp', + 'CreateSubscriptionToken', + 'DeleteLibraryItem', + 'DeleteQApp', + 'DisassociateQAppFromUser', + 'ImportDocumentToQApp', + 'ImportDocumentToQAppSession', + 'PredictProblemStatementFromConversation', + 'PredictQAppFromProblemStatement', + 'StartQAppSession', + 'StopQAppSession', + 'UpdateLibraryItem', + 'UpdateQApp' + ], + Read: [ + 'GetLibraryItem', + 'GetQApp' + ], + List: [ + 'ListLibraryItems', + 'ListQApps' + ] + }; + + /** + * Adds a resource of type application to the statement + * + * https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/create-app.html + * + * @param applicationId - Identifier for the applicationId. + * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. + * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region. + * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. + */ + public onApplication(applicationId: string, account?: string, region?: string, partition?: string) { + return this.on(`arn:${ partition ?? this.defaultPartition }:qbusiness:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:application/${ applicationId }`); + } +} diff --git a/lib/generated/policy-statements/securitytokenservice.ts b/lib/generated/policy-statements/securitytokenservice.ts index 3f15c93ae..268c18610 100644 --- a/lib/generated/policy-statements/securitytokenservice.ts +++ b/lib/generated/policy-statements/securitytokenservice.ts @@ -299,6 +299,18 @@ export class Sts extends PolicyStatement { return this.on(`arn:${ partition ?? this.defaultPartition }:iam::${ account ?? this.defaultAccount }:user/${ userNameWithPath }`); } + /** + * Adds a resource of type self-session to the statement + * + * https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns + * + * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account. + * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition. + */ + public onSelfSession(account?: string, partition?: string) { + return this.on(`arn:${ partition ?? this.defaultPartition }:sts::${ account ?? this.defaultAccount }:self`); + } + /** * Filters access by the Google application ID * diff --git a/lib/generated/policy-statements/timestream.ts b/lib/generated/policy-statements/timestream.ts index 6f9b937f9..9f66b8adb 100644 --- a/lib/generated/policy-statements/timestream.ts +++ b/lib/generated/policy-statements/timestream.ts @@ -144,6 +144,20 @@ export class Timestream extends PolicyStatement { return this.to('DeleteTable'); } + /** + * Grants permission to describe your account settings + * + * Access Level: Read + * + * Dependent actions: + * - timestream:DescribeEndpoints + * + * https://docs.aws.amazon.com/timestream/latest/developerguide/API_query_DescribeAccountSettings.html + */ + public toDescribeAccountSettings() { + return this.to('DescribeAccountSettings'); + } + /** * Grants permission to describe a batch load task in your account * @@ -476,6 +490,20 @@ export class Timestream extends PolicyStatement { return this.to('UntagResource'); } + /** + * Grants permission to update your account settings + * + * Access Level: Write + * + * Dependent actions: + * - timestream:DescribeEndpoints + * + * https://docs.aws.amazon.com/timestream/latest/developerguide/API_query_UpdateAccountSettings.html + */ + public toUpdateAccountSettings() { + return this.to('UpdateAccountSettings'); + } + /** * Grants permission to update a database in your account * @@ -547,12 +575,14 @@ export class Timestream extends PolicyStatement { 'StartAwsBackupJob', 'StartAwsRestoreJob', 'Unload', + 'UpdateAccountSettings', 'UpdateDatabase', 'UpdateScheduledQuery', 'UpdateTable', 'WriteRecords' ], Read: [ + 'DescribeAccountSettings', 'DescribeBatchLoadTask', 'DescribeDatabase', 'DescribeScheduledQuery', diff --git a/stats/actions/qapps b/stats/actions/qapps new file mode 100644 index 000000000..2a6694f4d --- /dev/null +++ b/stats/actions/qapps @@ -0,0 +1,21 @@ +qapps:AssociateQAppWithUser;Write +qapps:CopyQApp;Write +qapps:CreateLibraryItem;Write +qapps:CreateLibraryItemReview;Write +qapps:CreateQApp;Write +qapps:CreateSubscriptionToken;Write +qapps:DeleteLibraryItem;Write +qapps:DeleteQApp;Write +qapps:DisassociateQAppFromUser;Write +qapps:GetLibraryItem;Read +qapps:GetQApp;Read +qapps:ImportDocumentToQApp;Write +qapps:ImportDocumentToQAppSession;Write +qapps:ListLibraryItems;List +qapps:ListQApps;List +qapps:PredictProblemStatementFromConversation;Write +qapps:PredictQAppFromProblemStatement;Write +qapps:StartQAppSession;Write +qapps:StopQAppSession;Write +qapps:UpdateLibraryItem;Write +qapps:UpdateQApp;Write diff --git a/stats/actions/qbusiness b/stats/actions/qbusiness index 514159f5e..2b40294eb 100644 --- a/stats/actions/qbusiness +++ b/stats/actions/qbusiness @@ -1,6 +1,7 @@ qbusiness:AddUserLicenses;Write qbusiness:BatchDeleteDocument;Write qbusiness:BatchPutDocument;Write +qbusiness:CancelSubscription;Write qbusiness:Chat;Read qbusiness:ChatSync;Read qbusiness:CreateApplication;Write @@ -9,6 +10,7 @@ qbusiness:CreateIndex;Write qbusiness:CreateLicense;Write qbusiness:CreatePlugin;Write qbusiness:CreateRetriever;Write +qbusiness:CreateSubscription;Write qbusiness:CreateUser;Write qbusiness:CreateWebExperience;Write qbusiness:DeleteApplication;Write @@ -41,6 +43,7 @@ qbusiness:ListIndices;List qbusiness:ListMessages;List qbusiness:ListPlugins;List qbusiness:ListRetrievers;List +qbusiness:ListSubscriptions;List qbusiness:ListTagsForResource;Read qbusiness:ListUserLicenses;List qbusiness:ListWebExperiences;List @@ -57,5 +60,6 @@ qbusiness:UpdateDataSource;Write qbusiness:UpdateIndex;Write qbusiness:UpdatePlugin;Write qbusiness:UpdateRetriever;Write +qbusiness:UpdateSubscription;Write qbusiness:UpdateUser;Write qbusiness:UpdateWebExperience;Write diff --git a/stats/actions/timestream b/stats/actions/timestream index 30f16cb44..a8d26eb9e 100644 --- a/stats/actions/timestream +++ b/stats/actions/timestream @@ -6,6 +6,7 @@ timestream:CreateTable;Write timestream:DeleteDatabase;Write timestream:DeleteScheduledQuery;Write timestream:DeleteTable;Write +timestream:DescribeAccountSettings;Read timestream:DescribeBatchLoadTask;Read timestream:DescribeDatabase;Read timestream:DescribeEndpoints;List @@ -29,6 +30,7 @@ timestream:StartAwsRestoreJob;Write timestream:TagResource;Tagging timestream:Unload;Write timestream:UntagResource;Tagging +timestream:UpdateAccountSettings;Write timestream:UpdateDatabase;Write timestream:UpdateScheduledQuery;Write timestream:UpdateTable;Write diff --git a/stats/conditions/qapps b/stats/conditions/qapps new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/stats/conditions/qapps @@ -0,0 +1 @@ + diff --git a/stats/resources/qapps b/stats/resources/qapps new file mode 100644 index 000000000..b7b049d0a --- /dev/null +++ b/stats/resources/qapps @@ -0,0 +1 @@ +qapps:application diff --git a/stats/resources/qbusiness b/stats/resources/qbusiness index 96f7d0e99..f65e120cf 100644 --- a/stats/resources/qbusiness +++ b/stats/resources/qbusiness @@ -3,5 +3,6 @@ qbusiness:data-source qbusiness:index qbusiness:plugin qbusiness:retriever +qbusiness:subscription qbusiness:user-license qbusiness:web-experience diff --git a/stats/resources/sts b/stats/resources/sts index bc19244e7..12dea3ea1 100644 --- a/stats/resources/sts +++ b/stats/resources/sts @@ -1,2 +1,3 @@ sts:role +sts:self-session sts:user diff --git a/stats/services b/stats/services index 9a1661e38..2d84adfc5 100644 --- a/stats/services +++ b/stats/services @@ -278,6 +278,7 @@ profile proton purchase-orders q +qapps qbusiness qldb quicksight