Merge pull request #1172 from udondan/iam-updates

Author: udondan

Diff for: CHANGELOG/v0.677.0.md

@@ -0,0 +1,19 @@
+**New actions:**
+
+- application-signals:Link
+- bedrock:CreateInvocation
+- bedrock:CreateSession
+- bedrock:DeleteSession
+- bedrock:EndSession
+- bedrock:GetInvocationStep
+- bedrock:GetSession
+- bedrock:ListInvocationSteps
+- bedrock:ListInvocations
+- bedrock:ListSessions
+- bedrock:PutInvocationStep
+- bedrock:UpdateSession
+- ses:PutConfigurationSetArchivingOptions
+
+**New resource types:**
+
+- bedrock:session

Diff for: README.md

@@ -17,8 +17,8 @@
 Support for:
 
 - 416 Services
-- 18285 Actions
-- 1963 Resource Types
+- 18298 Actions
+- 1964 Resource Types
 - 1919 Condition keys
 <!-- /stats -->
 

Diff for: VERSION

@@ -1 +1 @@
-0.676.0
+0.677.0

Diff for: docs/source/conf.py

@@ -24,7 +24,7 @@
 author = 'Daniel Schroeder'
 
 # The full version, including alpha/beta/rc tags
-release = '0.676.0'
+release = '0.677.0'
 
 # -- General configuration ---------------------------------------------------
 

Diff for: docs/source/index.rst

@@ -31,8 +31,8 @@ AWS IAM policy statement generator with fluent interface.
 Support for:
 
 - 416 Services
-- 18285 Actions
-- 1963 Resource Types
+- 18298 Actions
+- 1964 Resource Types
 - 1919 Condition keys
 
 ..

Diff for: lib/generated/policy-statements/bedrock.ts

@@ -284,6 +284,17 @@ export class Bedrock extends PolicyStatement {
     return this.to('CreateInferenceProfile');
   }
 
+  /**
+   * Grants permission to create a new invocation in an existing session
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_CreateInvocation.html
+   */
+  public toCreateInvocation() {
+    return this.to('CreateInvocation');
+  }
+
   /**
    * Grants permission to create a knowledge base
    *
@@ -428,6 +439,21 @@ export class Bedrock extends PolicyStatement {
     return this.to('CreateProvisionedModelThroughput');
   }
 
+  /**
+   * Grants permission to create a new session
+   *
+   * Access Level: Write
+   *
+   * Possible conditions:
+   * - .ifAwsRequestTag()
+   * - .ifAwsTagKeys()
+   *
+   * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_CreateSession.html
+   */
+  public toCreateSession() {
+    return this.to('CreateSession');
+  }
+
   /**
    * Grants permission to delete an Agent that you created earlier
    *
@@ -690,6 +716,17 @@ export class Bedrock extends PolicyStatement {
     return this.to('DeleteResourcePolicy');
   }
 
+  /**
+   * Grants permission to delete a Session that you created earlier
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_DeleteSession.html
+   */
+  public toDeleteSession() {
+    return this.to('DeleteSession');
+  }
+
   /**
    * Grants permission to deregister a marketplace model endpoint to make it unusable in Bedrock Marketplace
    *
@@ -732,6 +769,17 @@ export class Bedrock extends PolicyStatement {
     return this.to('DisassociateAgentKnowledgeBase');
   }
 
+  /**
+   * Grants permission to end a Session that you created earlier
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_EndSession.html
+   */
+  public toEndSession() {
+    return this.to('EndSession');
+  }
+
   /**
    * Grants permission to generate queries associated with user input
    *
@@ -1007,6 +1055,17 @@ export class Bedrock extends PolicyStatement {
     return this.to('GetIngestionJob');
   }
 
+  /**
+   * Grants permission to get an invocation step from a session
+   *
+   * Access Level: Read
+   *
+   * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_GetInvocationStep.html
+   */
+  public toGetInvocationStep() {
+    return this.to('GetInvocationStep');
+  }
+
   /**
    * Grants permission to retrieve an existing knowledge base
    *
@@ -1148,6 +1207,17 @@ export class Bedrock extends PolicyStatement {
     return this.to('GetResourcePolicy');
   }
 
+  /**
+   * Grants permission to retrieve an existing session
+   *
+   * Access Level: Read
+   *
+   * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_GetSession.html
+   */
+  public toGetSession() {
+    return this.to('GetSession');
+  }
+
   /**
    * Grants permission to retrieve a use case for model access
    *
@@ -1499,6 +1569,28 @@ export class Bedrock extends PolicyStatement {
     return this.to('ListIngestionJobs');
   }
 
+  /**
+   * Grants permission to get list of invocation step from a session
+   *
+   * Access Level: List
+   *
+   * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_ListInvocationSteps.html
+   */
+  public toListInvocationSteps() {
+    return this.to('ListInvocationSteps');
+  }
+
+  /**
+   * Grants permission to list invocations in a session
+   *
+   * Access Level: List
+   *
+   * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_ListInvocations.html
+   */
+  public toListInvocations() {
+    return this.to('ListInvocations');
+  }
+
   /**
    * Grants permission to list documents in a knowledge base
    *
@@ -1618,6 +1710,17 @@ export class Bedrock extends PolicyStatement {
     return this.to('ListProvisionedModelThroughputs');
   }
 
+  /**
+   * Grants permission to list existing sessions
+   *
+   * Access Level: List
+   *
+   * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_ListSessions.html
+   */
+  public toListSessions() {
+    return this.to('ListSessions');
+  }
+
   /**
    * Grants permission to list tags for a Bedrock resource
    *
@@ -1673,6 +1776,17 @@ export class Bedrock extends PolicyStatement {
     return this.to('PutFoundationModelEntitlement');
   }
 
+  /**
+   * Grants permission to put an invocation step into an invocation in session
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_PutInvocationStep.html
+   */
+  public toPutInvocationStep() {
+    return this.to('PutInvocationStep');
+  }
+
   /**
    * Grants permission to create an existing Invocation logging configuration
    *
@@ -2010,6 +2124,17 @@ export class Bedrock extends PolicyStatement {
     return this.to('UpdateProvisionedModelThroughput');
   }
 
+  /**
+   * Grants permission to update an existing session
+   *
+   * Access Level: Write
+   *
+   * https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent-runtime_UpdateSession.html
+   */
+  public toUpdateSession() {
+    return this.to('UpdateSession');
+  }
+
   /**
    * Grants permission to validate prompt flow definitions
    *
@@ -2053,6 +2178,7 @@ export class Bedrock extends PolicyStatement {
       'GetImportedModel',
       'GetInferenceProfile',
       'GetIngestionJob',
+      'GetInvocationStep',
       'GetKnowledgeBase',
       'GetKnowledgeBaseDocuments',
       'GetMarketplaceModelEndpoint',
@@ -2066,6 +2192,7 @@ export class Bedrock extends PolicyStatement {
       'GetPromptRouter',
       'GetProvisionedModelThroughput',
       'GetResourcePolicy',
+      'GetSession',
       'GetUseCaseForModelAccess',
       'InvokeAgent',
       'InvokeFlow',
@@ -2099,6 +2226,7 @@ export class Bedrock extends PolicyStatement {
       'CreateGuardrail',
       'CreateGuardrailVersion',
       'CreateInferenceProfile',
+      'CreateInvocation',
       'CreateKnowledgeBase',
       'CreateMarketplaceModelEndpoint',
       'CreateModelCopyJob',
@@ -2109,6 +2237,7 @@ export class Bedrock extends PolicyStatement {
       'CreatePrompt',
       'CreatePromptVersion',
       'CreateProvisionedModelThroughput',
+      'CreateSession',
       'DeleteAgent',
       'DeleteAgentActionGroup',
       'DeleteAgentAlias',
@@ -2133,16 +2262,19 @@ export class Bedrock extends PolicyStatement {
       'DeletePrompt',
       'DeleteProvisionedModelThroughput',
       'DeleteResourcePolicy',
+      'DeleteSession',
       'DeregisterMarketplaceModelEndpoint',
       'DisassociateAgentCollaborator',
       'DisassociateAgentKnowledgeBase',
+      'EndSession',
       'IngestKnowledgeBaseDocuments',
       'InvokeBlueprintRecommendationAsync',
       'InvokeBuilder',
       'InvokeDataAutomationAsync',
       'PrepareAgent',
       'PrepareFlow',
       'PutFoundationModelEntitlement',
+      'PutInvocationStep',
       'PutModelInvocationLoggingConfiguration',
       'PutResourcePolicy',
       'PutUseCaseForModelAccess',
@@ -2168,7 +2300,8 @@ export class Bedrock extends PolicyStatement {
       'UpdateKnowledgeBase',
       'UpdateMarketplaceModelEndpoint',
       'UpdatePrompt',
-      'UpdateProvisionedModelThroughput'
+      'UpdateProvisionedModelThroughput',
+      'UpdateSession'
     ],
     List: [
       'ListAgentActionGroups',
@@ -2192,6 +2325,8 @@ export class Bedrock extends PolicyStatement {
       'ListImportedModels',
       'ListInferenceProfiles',
       'ListIngestionJobs',
+      'ListInvocationSteps',
+      'ListInvocations',
       'ListKnowledgeBaseDocuments',
       'ListKnowledgeBases',
       'ListModelCopyJobs',
@@ -2201,7 +2336,8 @@ export class Bedrock extends PolicyStatement {
       'ListModelInvocationJobs',
       'ListPromptRouters',
       'ListPrompts',
-      'ListProvisionedModelThroughputs'
+      'ListProvisionedModelThroughputs',
+      'ListSessions'
     ],
     Tagging: [
       'TagResource',
@@ -2631,6 +2767,23 @@ export class Bedrock extends PolicyStatement {
     return this.on(`arn:${ partition ?? this.defaultPartition }:bedrock:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:data-automation-invocation/${ jobId }`);
   }
 
+  /**
+   * Adds a resource of type session to the statement
+   *
+   * https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html
+   *
+   * @param sessionId - Identifier for the sessionId.
+   * @param account - Account of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's account.
+   * @param region - Region of the resource; defaults to `*`, unless using the CDK, where the default is the current Stack's region.
+   * @param partition - Partition of the AWS account [aws, aws-cn, aws-us-gov]; defaults to `aws`, unless using the CDK, where the default is the current Stack's partition.
+   *
+   * Possible conditions:
+   * - .ifAwsResourceTag()
+   */
+  public onSession(sessionId: string, account?: string, region?: string, partition?: string) {
+    return this.on(`arn:${ partition ?? this.defaultPartition }:bedrock:${ region ?? this.defaultRegion }:${ account ?? this.defaultAccount }:session/${ sessionId }`);
+  }
+
   /**
    * Filters access by creating requests based on the allowed set of values for each of the mandatory tags
    *
@@ -2654,6 +2807,7 @@ export class Bedrock extends PolicyStatement {
    * - .toCreatePrompt()
    * - .toCreatePromptVersion()
    * - .toCreateProvisionedModelThroughput()
+   * - .toCreateSession()
    * - .toInvokeModel()
    * - .toPutResourcePolicy()
    * - .toTagResource()
@@ -2691,6 +2845,7 @@ export class Bedrock extends PolicyStatement {
    * - prompt-version
    * - model-import-job
    * - imported-model
+   * - session
    *
    * @param tagKey The tag key to check
    * @param value The value(s) to check
@@ -2723,6 +2878,7 @@ export class Bedrock extends PolicyStatement {
    * - .toCreatePrompt()
    * - .toCreatePromptVersion()
    * - .toCreateProvisionedModelThroughput()
+   * - .toCreateSession()
    * - .toInvokeModel()
    * - .toPutResourcePolicy()
    * - .toTagResource()