diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 27e4de56157a..b7721b70dc6d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,6 +1,12 @@ name: TestNDeploy -on: [push, pull_request] +on: + push: + paths-ignore: + - 'README.md' + branches: + - localstack + pull_request: jobs: cache: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000000..730491a89fd7 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,195 @@ +# LocalStack specific workflow to implement a fully-integrated continuous integration pipeline for our fork +# - Rebase this fork based on the latest commit on `main` of upstream +# - Build a Python source and wheel distribution of moto-ext with deterministic versioning +# - Publish the distributions to PyPi +# - Tag the commit in this fork with the new version +# - Create a GitHub release for the new version + +name: Sync / Release moto-ext + +on: + schedule: + - cron: 0 5 * * MON + workflow_dispatch: + inputs: + dry_run: + description: 'Dry Run?' + default: true + required: true + type: boolean + +# limit concurrency to 1 +concurrency: + group: ${{ github.workflow }} + +jobs: + sync-build-release-moto-ext: + runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/project/moto-ext/ + permissions: + contents: write + id-token: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: localstack + persist-credentials: false + + - name: Setup Python + uses: actions/setup-python@v6 + with: + python-version: '3.13' + + - name: Configure Git + run: | + # Configure git + git config --global user.name 'LocalStack Bot' + git config --global user.email 'localstack-bot@users.noreply.github.com' + git remote set-url origin https://git:${{ secrets.PRO_ACCESS_TOKEN }}@github.com/${{ github.repository }} + + # make sure to switch to the `localstack` branch (default / main branch of this fork) + git switch localstack + # add moto upstream as remote + git remote add upstream https://github.com/getmoto/moto.git + # rebase with latest changes + git pull + + # Create a custom merge driver which prefers everything from upstream _BUT_ the name and the URL + mkdir -p $HOME/.local/bin + cat > $HOME/.local/bin/git-prefer-theirs-name-url << EOF + #!/bin/bash + set -e + + base="\$1" + local="\$2" + remote="\$3" + + echo "Executing custom merge driver for base \$base, local \$local, remote \$remote." + + # Define keys to keep + KEYS=("name" "url") + + # Read files into arrays + mapfile -t REMOTE_LINES < "\$remote" + mapfile -t LOCAL_LINES < "\$local" + + echo "merging \$local + \$local + \$remote ..." + + # Function to check if a line should be kept (matches any key) + keep_line() { + local line="\$1" + for key in "\${KEYS[@]}"; do + [[ "\$line" == *"\$key"* ]] && return 0 + done + return 1 + } + + # keep key-matched lines from local, others from remote + for i in "\${!LOCAL_LINES[@]}"; do + if keep_line "\${REMOTE_LINES[i]}"; then + echo "\${REMOTE_LINES[i]}" + else + echo "\${LOCAL_LINES[i]}" + fi + done > "\$local" + + exit 0 + EOF + + # make the script executable and add it to the PATH + chmod +x $HOME/.local/bin/git-prefer-theirs-name-url + echo "$HOME/.local/bin" >> "$GITHUB_PATH" + + # add the merge driver to the git config + cat >> .git/config << EOF + + [merge "git-prefer-theirs-name-url"] + name = A driver which resolves merge conflicts on a setup.cfg such that it always takes the local name and url, and everything else from upstream + driver = git-prefer-theirs-name-url %O %A %B + EOF + + # define to use the custom merge driver for the setup.cfg + cat > .gitattributes << EOF + setup.cfg merge=git-prefer-theirs-name-url + EOF + + - name: Rebase localstack branch with latest master from upstream + run: | + git fetch upstream + git rebase -f upstream/master + + - name: Determine new version + run: | + echo "Determining new version..." + cat > setuptools.cfg << EOF + [tool.setuptools_scm] + local_scheme = "no-local-version" + version_scheme = "post-release" + EOF + python3 -m venv .venv + source .venv/bin/activate + python3 -m pip install setuptools_scm + NEW_VERSION=$(python3 -m setuptools_scm -c setuptools.cfg) + NEW_VERSION="${NEW_VERSION//dev/post}" + echo "New version is: $NEW_VERSION" + echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV + + - name: Build Python distributions + # FYI: Checks in this script only work because the -e flag is enabled by default in GitHub actions + run: | + python3 -m pip install build + + echo "Setting new version in setup.cfg": + # make sure setup.cfg is not dirty yet + git diff --exit-code setup.cfg + sed -i -E 's/^(version\s*=\s*)("?)[^"]+("?)/\1\2'"$NEW_VERSION"'\3/' setup.cfg + # make sure setup.cfg is dirty now + ! git diff --exit-code setup.cfg + + echo "Building new version and tagging commit..." + python3 -m build + + - name: Tag successful build + run: | + git tag -a $NEW_VERSION -m $NEW_VERSION + + - name: Clean up + run: | + git reset --hard + git clean -df + + - name: Store built distributions + uses: actions/upload-artifact@v4 + with: + name: moto-ext-dists + path: dist/*.* + + # publish the package before pushing the tag (this might fail if the version already exists on PyPI) + - name: Publish package distributions to PyPI + if: ${{ github.event.inputs.dry_run != 'true' }} + uses: pypa/gh-action-pypi-publish@release/v1 + + - name: Push + if: ${{ github.event.inputs.dry_run != 'true' }} + run: | + git push --force-with-lease + git push --atomic origin localstack $NEW_VERSION + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Add a retry to avoid issues where the GH CLI fails + # because it does not yet detect the pushed tag. + - name: Create Release + uses: nick-fields/retry@v3 + if: ${{ github.event.inputs.dry_run != 'true' }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + max_attempts: 5 + retry_wait_seconds: 120 + timeout_minutes: 5 + command: gh release create $NEW_VERSION --repo localstack/moto --notes "automatic rebase sync and release" \ No newline at end of file diff --git a/.github/workflows/data-update_config-managed-rules.yml b/.github/workflows/data-update_config-managed-rules.yml index 9d6d115d56fe..55338d18d507 100644 --- a/.github/workflows/data-update_config-managed-rules.yml +++ b/.github/workflows/data-update_config-managed-rules.yml @@ -16,7 +16,7 @@ jobs: update: name: Update Config Managed Rules runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write diff --git a/.github/workflows/data-update_ec2-instance-offerings.yml b/.github/workflows/data-update_ec2-instance-offerings.yml index c3922c3ff00f..db11141a95ff 100644 --- a/.github/workflows/data-update_ec2-instance-offerings.yml +++ b/.github/workflows/data-update_ec2-instance-offerings.yml @@ -16,7 +16,7 @@ jobs: update: name: Update EC2 Instance Offerings runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull EC2 instance types from AWS run: | diff --git a/.github/workflows/data-update_ec2-instance-types.yml b/.github/workflows/data-update_ec2-instance-types.yml index 27a47f7f179f..b519b615cd9f 100644 --- a/.github/workflows/data-update_ec2-instance-types.yml +++ b/.github/workflows/data-update_ec2-instance-types.yml @@ -16,7 +16,7 @@ jobs: update: name: Update EC2 Instance Types runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull EC2 instance types from AWS run: | diff --git a/.github/workflows/data-update_emr_instance_types.yml b/.github/workflows/data-update_emr_instance_types.yml index 099f39cf727b..f48ddab06ab6 100644 --- a/.github/workflows/data-update_emr_instance_types.yml +++ b/.github/workflows/data-update_emr_instance_types.yml @@ -16,7 +16,7 @@ jobs: update: name: Update EMR Instance Types runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull EMR instance types from AWS run: | diff --git a/.github/workflows/data-update_iam-managed-policies.yml b/.github/workflows/data-update_iam-managed-policies.yml index 10d2dab62850..3f699d69d41f 100644 --- a/.github/workflows/data-update_iam-managed-policies.yml +++ b/.github/workflows/data-update_iam-managed-policies.yml @@ -16,7 +16,7 @@ jobs: update: name: Update IAM Managed Policies runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull IAM managed policies from AWS run: | diff --git a/.github/workflows/data-update_ssm-default-amis.yml b/.github/workflows/data-update_ssm-default-amis.yml index 5e10c4f99f20..a34cd19077ef 100644 --- a/.github/workflows/data-update_ssm-default-amis.yml +++ b/.github/workflows/data-update_ssm-default-amis.yml @@ -16,7 +16,7 @@ jobs: update: name: Update SSM default AMIs runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull SSM default AMIs from AWS run: | diff --git a/.github/workflows/data-update_ssm-default-parameters.yml b/.github/workflows/data-update_ssm-default-parameters.yml index ca8a375662e2..c68f886c5068 100644 --- a/.github/workflows/data-update_ssm-default-parameters.yml +++ b/.github/workflows/data-update_ssm-default-parameters.yml @@ -16,7 +16,7 @@ jobs: update: name: Update SSM default parameters runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull SSM default Parameters from AWS run: | diff --git a/.github/workflows/data-update_ssm-optimized-amis.yml b/.github/workflows/data-update_ssm-optimized-amis.yml index e04fc12412ee..c759b49c026a 100644 --- a/.github/workflows/data-update_ssm-optimized-amis.yml +++ b/.github/workflows/data-update_ssm-optimized-amis.yml @@ -16,7 +16,7 @@ jobs: update: name: Update SSM Optimized AMIs runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull SSM Optimized AMIs from AWS run: | diff --git a/.github/workflows/dockertests.yml b/.github/workflows/dockertests.yml index 94ffb9ea0982..af70bcdc9613 100644 --- a/.github/workflows/dockertests.yml +++ b/.github/workflows/dockertests.yml @@ -1,6 +1,12 @@ name: DockerTests -on: [push, pull_request] +on: + push: + paths-ignore: + - 'README.md' + branches: + - localstack + pull_request: jobs: cache: diff --git a/Makefile b/Makefile index 299fac705636..41868ba87850 100644 --- a/Makefile +++ b/Makefile @@ -41,6 +41,16 @@ test-only: test: lint test-only +terraformtests: + @echo "Make sure that the MotoServer is already running on port 4566 (moto_server -p 4566)" + @echo "USAGE: make terraformtests SERVICE_NAME=acm TEST_NAMES=TestAccACMCertificate" + @echo "" + cd tests/terraformtests && bin/run_go_test $(SERVICE_NAME) "$(TEST_NAMES)" + +publish: + python -m build + twine upload dist/* + test_server: @TEST_SERVER_MODE=true pytest -sv --cov=moto --cov-report xml ./tests/ diff --git a/README.md b/README.md index d28e681600a3..13db57a7863a 100644 --- a/README.md +++ b/README.md @@ -1,86 +1,3 @@ -# Moto - Mock AWS Services +# moto-ext -[![Join the chat at https://gitter.im/awsmoto/Lobby](https://badges.gitter.im/awsmoto/Lobby.svg)](https://gitter.im/awsmoto/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) - -[![Build Status](https://github.com/getmoto/moto/workflows/TestNDeploy/badge.svg)](https://github.com/getmoto/moto/actions) -[![Coverage Status](https://codecov.io/gh/getmoto/moto/branch/master/graph/badge.svg)](https://codecov.io/gh/getmoto/moto) -[![Docs](https://readthedocs.org/projects/pip/badge/?version=stable)](http://docs.getmoto.org) -[![PyPI](https://img.shields.io/pypi/v/moto.svg)](https://pypi.org/project/moto/) -[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/moto.svg)](#) -[![PyPI - Downloads](https://img.shields.io/pypi/dw/moto.svg)](https://pypistats.org/packages/moto) -[![Code style: Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff) -[![Financial Contributors](https://opencollective.com/moto/tiers/badge.svg)](https://opencollective.com/moto) - - -## Install - -```console -$ pip install 'moto[ec2,s3,all]' -``` - -## In a nutshell - - -Moto is a library that allows your tests to easily mock out AWS Services. - -Imagine you have the following python code that you want to test: - -```python -import boto3 - - -class MyModel: - def __init__(self, name, value): - self.name = name - self.value = value - - def save(self): - s3 = boto3.client("s3", region_name="us-east-1") - s3.put_object(Bucket="mybucket", Key=self.name, Body=self.value) -``` - -Take a minute to think how you would have tested that in the past. - -Now see how you could test it with Moto: - -```python -import boto3 -from moto import mock_aws -from mymodule import MyModel - - -@mock_aws -def test_my_model_save(): - conn = boto3.resource("s3", region_name="us-east-1") - # We need to create the bucket since this is all in Moto's 'virtual' AWS account - conn.create_bucket(Bucket="mybucket") - model_instance = MyModel("steve", "is awesome") - model_instance.save() - body = conn.Object("mybucket", "steve").get()["Body"].read().decode("utf-8") - assert body == "is awesome" -``` - -With the decorator wrapping the test, all the calls to s3 are automatically mocked out. The mock keeps track of the state of the buckets and keys. - -For a full list of which services and features are covered, please see our [implementation coverage](https://github.com/getmoto/moto/blob/master/IMPLEMENTATION_COVERAGE.md). - - -### Documentation -The full documentation can be found here: - -[http://docs.getmoto.org/en/latest/](http://docs.getmoto.org/en/latest/) - - -### Financial Contributions -Support this project and its continued development, by sponsoring us! - -Click the `Sponsor`-button at the top of the page for more information. - -Our finances are managed by OpenCollective, which means you have full visibility into all our contributions and expenses: -https://opencollective.com/moto - -### Security contact information - -To report a security vulnerability, please use the -[Tidelift security contact](https://tidelift.com/security). -Tidelift will coordinate the fix and disclosure. +Fork of [Moto](https://github.com/getmoto/moto) with patches and fixes for [LocalStack](https://github.com/localstack/localstack). diff --git a/moto/iam/aws_managed_policies.py b/moto/iam/aws_managed_policies.py index 7a6caaab00dc..8e0a2c0aefdf 100644 --- a/moto/iam/aws_managed_policies.py +++ b/moto/iam/aws_managed_policies.py @@ -2275,7 +2275,7 @@ }, "AWSAccountSettingsManagementRole":{ "CreateDate":"2025-12-11T17:49:09+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -2365,7 +2365,9 @@ { "Action":[ "sso:ListInstances", - "sso:ListApplications" + "sso:ListApplications", + "sso:DescribeApplication", + "sso:DescribeInstance" ], "Effect":"Allow", "Resource":"*" @@ -2375,7 +2377,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-12-11T17:49:09+00:00" + "UpdateDate":"2026-01-30T21:19:07+00:00" }, "AWSAccountUsageReportAccess":{ "CreateDate":"2015-02-06T18:41:19+00:00", @@ -13039,7 +13041,7 @@ }, "AWSCodeBuildAdminAccess":{ "CreateDate":"2016-12-01T19:04:44+00:00", - "DefaultVersionId":"v15", + "DefaultVersionId":"v16", "Document":{ "Statement":[ { @@ -13098,6 +13100,14 @@ "Resource":"arn:aws:ecs:*:*:task/*/*", "Sid":"SSMStartSessionAccess" }, + { + "Action":[ + "ssmmessages:OpenDataChannel" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:session/*", + "Sid":"SSMOpenDataChannelAccess" + }, { "Action":[ "codestar-connections:CreateConnection", @@ -13183,11 +13193,11 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2024-12-16T20:07:07+00:00" + "UpdateDate":"2026-01-16T10:34:13+00:00" }, "AWSCodeBuildDeveloperAccess":{ "CreateDate":"2016-12-01T19:02:32+00:00", - "DefaultVersionId":"v16", + "DefaultVersionId":"v17", "Document":{ "Statement":[ { @@ -13235,6 +13245,14 @@ "Resource":"arn:aws:ecs:*:*:task/*/*", "Sid":"SSMStartSessionAccess" }, + { + "Action":[ + "ssmmessages:OpenDataChannel" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:session/*", + "Sid":"SSMOpenDataChannelAccess" + }, { "Action":[ "codestar-connections:ListConnections", @@ -13298,7 +13316,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2024-12-16T20:07:06+00:00" + "UpdateDate":"2026-01-15T15:04:08+00:00" }, "AWSCodeBuildReadOnlyAccess":{ "CreateDate":"2016-12-01T19:03:41+00:00", @@ -15374,7 +15392,7 @@ }, "AWSConfigServiceRolePolicy":{ "CreateDate":"2018-05-30T23:31:46+00:00", - "DefaultVersionId":"v63", + "DefaultVersionId":"v64", "Document":{ "Statement":[ { @@ -16295,7 +16313,14 @@ "iot:ListPolicies", "iot:ListProvisioningTemplates", "iot:ListRoleAliases", - "iot:ListScheduledAudits", + "iot:ListScheduledAudits" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSConfigServiceRolePolicyStatementID1" + }, + { + "Action":[ "iot:ListSecurityProfiles", "iot:ListSecurityProfilesForTarget", "iot:ListTagsForResource", @@ -16975,8 +17000,11 @@ "s3tables:GetTableBucket", "s3tables:GetTableBucketEncryption", "s3tables:GetTableBucketMaintenanceConfiguration", + "s3tables:GetTableBucketMetricsConfiguration", "s3tables:GetTableBucketPolicy", + "s3tables:GetTableBucketStorageClass", "s3tables:ListTableBuckets", + "s3tables:ListTagsForResource", "sagemaker:DescribeApp", "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeCluster", @@ -17244,7 +17272,7 @@ ], "Effect":"Allow", "Resource":"*", - "Sid":"AWSConfigServiceRolePolicyStatementID" + "Sid":"AWSConfigServiceRolePolicyStatementID2" }, { "Action":[ @@ -17302,7 +17330,7 @@ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-11-21T17:04:12+00:00" + "UpdateDate":"2026-01-14T01:34:14+00:00" }, "AWSConfigUserAccess":{ "CreateDate":"2015-02-18T19:38:41+00:00", @@ -22392,7 +22420,7 @@ }, "AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy":{ "CreateDate":"2021-03-03T22:18:00+00:00", - "DefaultVersionId":"v7", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -22682,7 +22710,8 @@ "StringEquals":{ "ec2:CreateAction":[ "CreateLaunchTemplate", - "RunInstances" + "RunInstances", + "AllocateAddress" ] } }, @@ -22695,7 +22724,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-02-27T16:07:07+00:00" + "UpdateDate":"2026-01-27T21:19:11+00:00" }, "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy":{ "CreateDate":"2019-11-21T22:35:06+00:00", @@ -29256,6 +29285,30 @@ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-01T15:18:49+00:00" }, + "AWSHealthImagingServiceRolePolicy":{ + "CreateDate":"2026-01-30T18:34:13+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/HealthImaging" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-01-30T18:34:13+00:00" + }, "AWSHealth_EventProcessorServiceRolePolicy":{ "CreateDate":"2023-01-13T19:24:56+00:00", "DefaultVersionId":"v1", @@ -36737,7 +36790,7 @@ }, "AWSNetworkFirewallReadOnlyAccess":{ "CreateDate":"2025-06-10T21:52:05+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -36746,17 +36799,27 @@ "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "network-firewall:ListFlowOperations", + "network-firewall:ListProxies", + "network-firewall:ListProxyConfigurations", + "network-firewall:ListProxyRuleGroups", "network-firewall:ListRuleGroups", "network-firewall:ListTagsForResource", "network-firewall:ListTLSInspectionConfigurations", + "network-firewall:ListVpcEndpointAssociations", "network-firewall:DescribeFirewall", + "network-firewall:DescribeFirewallMetadata", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeFlowOperation", "network-firewall:DescribeLoggingConfiguration", + "network-firewall:DescribeProxy", + "network-firewall:DescribeProxyConfiguration", + "network-firewall:DescribeProxyRule", + "network-firewall:DescribeProxyRuleGroup", "network-firewall:DescribeResourcePolicy", "network-firewall:DescribeRuleGroup", "network-firewall:DescribeRuleGroupMetadata", "network-firewall:DescribeTLSInspectionConfiguration", + "network-firewall:DescribeVpcEndpointAssociation", "network-firewall:GetAnalysisReportResults", "network-firewall:ListFlowOperationResults" ], @@ -36776,7 +36839,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-06-10T21:52:05+00:00" + "UpdateDate":"2026-01-16T17:19:14+00:00" }, "AWSNetworkFirewallServiceRolePolicy":{ "CreateDate":"2020-11-17T17:17:26+00:00", @@ -51960,7 +52023,7 @@ }, "AWSServiceRoleForMonitronPolicy":{ "CreateDate":"2020-12-02T19:06:08+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -51978,13 +52041,45 @@ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "kms:Decrypt" + ], + "Condition":{ + "ArnLike":{ + "kms:EncryptionContext:aws:sso:instance-arn":"arn:*:sso:::instance/*" + }, + "StringLike":{ + "kms:ViaService":"sso.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowKmsAccessViaIdentityCenter" + }, + { + "Action":[ + "kms:Decrypt" + ], + "Condition":{ + "ArnLike":{ + "kms:EncryptionContext:aws:identitystore:identitystore-arn":"arn:*:identitystore::*:identitystore/*" + }, + "StringLike":{ + "kms:ViaService":"identitystore.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowKmsAccessViaIdentityStore" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2024-10-02T10:06:59+00:00" + "UpdateDate":"2026-01-07T09:34:09+00:00" }, "AWSServiceRoleForNeptuneGraphPolicy":{ "CreateDate":"2023-11-29T14:03:36+00:00", @@ -53365,7 +53460,7 @@ }, "AWSSupportServiceRolePolicy":{ "CreateDate":"2018-04-19T18:04:44+00:00", - "DefaultVersionId":"v43", + "DefaultVersionId":"v44", "Document":{ "Statement":[ { @@ -53759,6 +53854,13 @@ "bedrock:getAgentAlias", "bedrock:getAgentKnowledgeBase", "bedrock:getAgentVersion", + "bedrock:getAutomatedReasoningPolicy", + "bedrock:getAutomatedReasoningPolicyAnnotations", + "bedrock:getAutomatedReasoningPolicyBuildWorkflow", + "bedrock:getAutomatedReasoningPolicyBuildWorkflowResultAssets", + "bedrock:getAutomatedReasoningPolicyNextScenario", + "bedrock:getAutomatedReasoningPolicyTestCase", + "bedrock:getAutomatedReasoningPolicyTestResult", "bedrock:getCustomModel", "bedrock:getDataSource", "bedrock:getEvaluationJob", @@ -53785,9 +53887,14 @@ "bedrock:listAgentKnowledgeBases", "bedrock:listAgents", "bedrock:listAgentVersions", + "bedrock:listAutomatedReasoningPolicies", + "bedrock:listAutomatedReasoningPolicyBuildWorkflows", + "bedrock:listAutomatedReasoningPolicyTestCases", + "bedrock:listAutomatedReasoningPolicyTestResults", "bedrock:listCustomModels", "bedrock:listDataSources", "bedrock:listEvaluationJobs", + "bedrock:exportAutomatedReasoningPolicyVersion", "bedrock:listFlowAliases", "bedrock:listFlows", "bedrock:listFlowVersions", @@ -53806,9 +53913,14 @@ "bedrock:listPrompts", "bedrock:listProvisionedModelThroughputs", "braket:getDevice", + "braket:getJob", "braket:getQuantumTask", + "braket:getServiceLinkedRoleStatus", + "braket:getUserAgreementStatus", "braket:searchDevices", + "braket:searchJobs", "braket:searchQuantumTasks", + "braket:searchSpendingLimits", "budgets:viewBudget", "ce:getCostAndUsage", "ce:getCostAndUsageWithResources", @@ -54209,6 +54321,7 @@ "config:selectResourceConfig", "connect:batchGetFlowAssociation", "connect:describeContact", + "connect:describeContactFlow", "connect:describeInstance", "connect:describeInstanceAttribute", "connect:describePhoneNumber", @@ -54223,6 +54336,7 @@ "connect:listContactEvaluations", "connect:listEvaluationForms", "connect:listEvaluationFormVersions", + "connect:listInstanceAttributes", "connect:listPhoneNumbersV2", "connect:listQueueQuickConnects", "connect:listQueues", @@ -54469,6 +54583,9 @@ "ds:listIpRoutes", "ds:listSchemaExtensions", "ds:listTagsForResource", + "dsql:getCluster", + "dsql:getVpcEndpointServiceName", + "dsql:listClusters", "dynamodb:describeBackup", "dynamodb:describeContinuousBackups", "dynamodb:describeContributorInsights", @@ -54491,6 +54608,8 @@ "dynamodb:listStreams", "dynamodb:listTables", "dynamodb:listTagsOfResource", + "ebs:listChangedBlocks", + "ebs:listSnapshotBlocks", "ec2:describeAccountAttributes", "ec2:describeAddresses", "ec2:describeAddressesAttribute", @@ -54500,6 +54619,7 @@ "ec2:describeBundleTasks", "ec2:describeByoipCidrs", "ec2:describeCapacityBlockOfferings", + "ec2:describeCapacityManagerDataExports", "ec2:describeCapacityReservationFleets", "ec2:describeCapacityReservations", "ec2:describeCarrierGateways", @@ -54571,6 +54691,7 @@ "ec2:describeNetworkInsightsPaths", "ec2:describeNetworkInterfaceAttribute", "ec2:describeNetworkInterfaces", + "ec2:describeOutpostLags", "ec2:describePlacementGroups", "ec2:describePrefixLists", "ec2:describePrincipalIdFormat", @@ -54644,6 +54765,9 @@ "ec2:describeVpnGateways", "ec2:getAssociatedEnclaveCertificateIamRoles", "ec2:getAssociatedIpv6PoolCidrs", + "ec2:getCapacityManagerAttributes", + "ec2:getCapacityManagerMetricData", + "ec2:getCapacityManagerMetricDimensions", "ec2:getCapacityReservationUsage", "ec2:getCoipPoolUsage", "ec2:getConsoleOutput", @@ -54740,6 +54864,7 @@ "eks:describeAddonConfiguration", "eks:describeAddonVersions", "eks:describeCluster", + "eks:describeClusterVersions", "eks:describeEksAnywhereSubscription", "eks:describeFargateProfile", "eks:describeIdentityProviderConfig", @@ -54796,6 +54921,7 @@ "elasticbeanstalk:listAvailableSolutionStacks", "elasticbeanstalk:listPlatformBranches", "elasticbeanstalk:listPlatformVersions", + "elasticbeanstalk:describeConfigurationSettings", "elasticbeanstalk:validateConfigurationSettings", "elasticfilesystem:describeAccessPoints", "elasticfilesystem:describeBackupPolicy", @@ -55098,13 +55224,16 @@ "glue:getBlueprint", "glue:getBlueprintRun", "glue:getBlueprintRuns", + "glue:getCatalog", "glue:getCatalogImportStatus", + "glue:getCatalogs", "glue:getClassifier", "glue:getClassifiers", "glue:getColumnStatisticsForPartition", "glue:getColumnStatisticsForTable", "glue:getColumnStatisticsTaskRun", "glue:getColumnStatisticsTaskRuns", + "glue:getCompletion", "glue:getCrawler", "glue:getCrawlerMetrics", "glue:getCrawlers", @@ -55145,6 +55274,7 @@ "glue:getStatement", "glue:getTable", "glue:getTableOptimizer", + "glue:getTableVersion", "glue:getTables", "glue:getTableVersions", "glue:getTrigger", @@ -55171,15 +55301,19 @@ "glue:listTableOptimizerRuns", "glue:listTriggers", "glue:querySchemaVersionMetadata", - "glue:getTableVersion", + "glue:startCompletion", "grafana:describeWorkspace", "grafana:describeWorkspaceAuthentication", "grafana:listPermissions", "grafana:listVersions", "grafana:listWorkspaces", + "greengrass:describeComponent", + "greengrass:getComponent", "greengrass:getConnectivityInfo", "greengrass:getCoreDefinition", "greengrass:getCoreDefinitionVersion", + "greengrass:getCoreDevice", + "greengrass:getDeployment", "greengrass:getDeploymentStatus", "greengrass:getDeviceDefinition", "greengrass:getDeviceDefinitionVersion", @@ -55194,9 +55328,15 @@ "greengrass:getServiceRoleForAccount", "greengrass:getSubscriptionDefinition", "greengrass:getSubscriptionDefinitionVersion", + "greengrass:listClientDevicesAssociatedWithCoreDevice", + "greengrass:listComponents", + "greengrass:listComponentVersions", "greengrass:listCoreDefinitions", "greengrass:listCoreDefinitionVersions", + "greengrass:listCoreDevices", "greengrass:listDeployments", + "greengrass:listEffectiveDeployments", + "greengrass:listInstalledComponents", "greengrass:listDeviceDefinitions", "greengrass:listDeviceDefinitionVersions", "greengrass:listFunctionDefinitions", @@ -55377,7 +55517,9 @@ "internetmonitor:getMonitor", "internetmonitor:listHealthEvents", "internetmonitor:listMonitors", + "invoicing:batchGetInvoiceProfile", "invoicing:listInvoiceSummaries", + "invoicing:listInvoiceUnits", "iot:describeAuthorizer", "iot:describeCACertificate", "iot:describeCertificate", @@ -55570,6 +55712,9 @@ "kinesisanalytics:listApplicationSnapshots", "kinesisanalytics:listApplicationVersions", "kinesisvideo:describeImageGenerationConfiguration", + "kinesisvideo:describeEdgeConfiguration", + "kinesisvideo:describeMappedResourceConfiguration", + "kinesisvideo:describeMediaStorageConfiguration", "kinesisvideo:describeNotificationConfiguration", "kinesisvideo:describeSignalingChannel", "kinesisvideo:describeStream", @@ -55577,6 +55722,7 @@ "kinesisvideo:getIceServerConfig", "kinesisvideo:getSignalingChannelEndpoint", "kinesisvideo:listSignalingChannels", + "kinesisvideo:listEdgeAgentConfigurations", "kinesisvideo:listStreams", "kms:describeKey", "kms:getKeyPolicy", @@ -55677,14 +55823,39 @@ "lex:listRecommendedIntents", "lex:listSlots", "lex:listSlotTypes", + "license-manager:getGrant", + "license-manager:getLicense", "license-manager:getLicenseConfiguration", + "license-manager:getLicenseConversionTask", + "license-manager:getLicenseManagerReportGenerator", + "license-manager:getLicenseUsage", "license-manager:getServiceSettings", "license-manager:listAssociationsForLicenseConfiguration", + "license-manager:listDistributedGrants", "license-manager:listFailuresForLicenseConfigurationOperations", "license-manager:listLicenseConfigurations", + "license-manager:listLicenseConversionTasks", + "license-manager:listLicenseManagerReportGenerators", + "license-manager:listLicenses", "license-manager:listLicenseSpecificationsForResource", + "license-manager:listLicenseVersions", + "license-manager:listReceivedGrants", + "license-manager:listReceivedGrantsForOrganization", + "license-manager:listReceivedLicenses", + "license-manager:listReceivedLicensesForOrganization", "license-manager:listResourceInventory", + "license-manager:listTokens", "license-manager:listUsageForLicenseConfiguration", + "license-manager-linux-subscriptions:getRegisteredSubscriptionProvider", + "license-manager-linux-subscriptions:getServiceSettings", + "license-manager-linux-subscriptions:listLinuxSubscriptionInstances", + "license-manager-linux-subscriptions:listLinuxSubscriptions", + "license-manager-linux-subscriptions:listRegisteredSubscriptionProviders", + "license-manager-user-subscriptions:listIdentityProviders", + "license-manager-user-subscriptions:listInstances", + "license-manager-user-subscriptions:listLicenseServerEndpoints", + "license-manager-user-subscriptions:listProductSubscriptions", + "license-manager-user-subscriptions:listUserAssociations", "lightsail:getActiveNames", "lightsail:getAlarms", "lightsail:getAutoSnapshots", @@ -55872,6 +56043,8 @@ "mediatailor:listPlaybackConfigurations", "medical-imaging:getDatastore", "medical-imaging:listDatastores", + "memorydb:describeReservedNodesOfferings", + "memorydb:listAllowedNodeTypeUpdates", "mgn:describeJobLogItems", "mgn:describeJobs", "mgn:describeLaunchConfigurationTemplates", @@ -55920,6 +56093,10 @@ "mobiletargeting:getSmsChannel", "mobiletargeting:listJourneys", "mobiletargeting:phoneNumberValidate", + "mpa:getApprovalTeam", + "mpa:getSession", + "mpa:listApprovalTeams", + "mq:describeBrokerInstanceOptions", "mq:describeBroker", "mq:describeConfiguration", "mq:describeConfigurationRevision", @@ -56016,9 +56193,13 @@ "observabilityadmin:getTelemetryEvaluationStatusForOrganization", "observabilityadmin:listResourceTelemetry", "observabilityadmin:listResourceTelemetryForOrganization", + "odb:getCloudAutonomousVmCluster", + "odb:getCloudVmCluster", "odb:getOciOnboardingStatus", "odb:getOdbNetwork", "odb:getOdbPeeringConnection", + "odb:listCloudAutonomousVmClusters", + "odb:listCloudVmClusters", "odb:listOdbNetworks", "odb:listOdbPeeringConnections", "omics:getAnnotationImportJob", @@ -56137,6 +56318,10 @@ "outposts:listOrders", "outposts:listOutposts", "outposts:listSites", + "payment-cryptography:getAlias", + "payment-cryptography:getKey", + "payment-cryptography:listAliases", + "payment-cryptography:listKeys", "pcs:getCluster", "pcs:getComputeNodeGroup", "pcs:getQueue", @@ -56279,20 +56464,31 @@ "rds:describeAccountAttributes", "rds:describeBlueGreenDeployments", "rds:describeCertificates", + "rds:describeDBClusterAutomatedBackups", + "rds:describeDBClusterBacktracks", "rds:describeDBClusterEndpoints", "rds:describeDBClusterParameterGroups", "rds:describeDBClusterParameters", "rds:describeDBClusters", "rds:describeDBClusterSnapshots", + "rds:describeDBClusterSnapshotAttributes", "rds:describeDBEngineVersions", "rds:describeDBInstanceAutomatedBackups", "rds:describeDBInstances", "rds:describeDBLogFiles", + "rds:describeDBMajorEngineVersions", "rds:describeDBParameterGroups", "rds:describeDBParameters", + "rds:describeDBProxies", + "rds:describeDBProxyEndpoints", + "rds:describeDBProxyTargetGroups", + "rds:describeDBProxyTargets", + "rds:describeDBRecommendations", "rds:describeDBSecurityGroups", + "rds:describeDBShardGroups", "rds:describeDBSnapshotAttributes", "rds:describeDBSnapshots", + "rds:describeDBSnapshotTenantDatabases", "rds:describeDBSubnetGroups", "rds:describeEngineDefaultClusterParameters", "rds:describeEngineDefaultParameters", @@ -56309,6 +56505,7 @@ "rds:describeReservedDBInstances", "rds:describeReservedDBInstancesOfferings", "rds:describeSourceRegions", + "rds:describeTenantDatabases", "rds:describeValidDBInstanceModifications", "rds:listTagsForResource", "redshift-data:describeStatement", @@ -56773,6 +56970,7 @@ "secretsmanager:listSecretVersionIds", "securityhub:batchGetAutomationRules", "securityhub:batchGetConfigurationPolicyAssociations", + "securityhub:describeHub", "securityhub:describeOrganizationConfiguration", "securityhub:getConfigurationPolicy", "securityhub:getConfigurationPolicyAssociation", @@ -57165,6 +57363,8 @@ "synthetics:listAssociatedGroups", "synthetics:listGroupResources", "synthetics:listGroups", + "tax:getTaxInheritance", + "tax:getTaxRegistration", "thinclient:getDevice", "thinclient:getEnvironment", "thinclient:getSoftwareSet", @@ -57415,7 +57615,7 @@ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-12-08T23:04:07+00:00" + "UpdateDate":"2026-01-29T19:19:11+00:00" }, "AWSSystemsManagerAccountDiscoveryServicePolicy":{ "CreateDate":"2019-10-24T17:21:05+00:00", @@ -58629,7 +58829,7 @@ }, "AWSThinkboxAWSPortalAdminPolicy":{ "CreateDate":"2020-05-27T19:41:02+00:00", - "DefaultVersionId":"v9", + "DefaultVersionId":"v10", "Document":{ "Statement":[ { @@ -58803,7 +59003,8 @@ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:natgateway/*", - "arn:aws:ec2:*:*:elastic-ip/*" + "arn:aws:ec2:*:*:elastic-ip/*", + "arn:aws:ec2:*:*:vpc-endpoint/*" ], "Sid":"AWSThinkboxAWSPortal9" }, @@ -59057,7 +59258,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2024-11-12T19:22:36+00:00" + "UpdateDate":"2026-01-14T20:04:13+00:00" }, "AWSThinkboxAWSPortalGatewayPolicy":{ "CreateDate":"2020-05-27T19:05:00+00:00", @@ -62931,7 +63132,7 @@ }, "AWS_ConfigRole":{ "CreateDate":"2020-09-15T20:30:30+00:00", - "DefaultVersionId":"v42", + "DefaultVersionId":"v43", "Document":{ "Statement":[ { @@ -63852,7 +64053,14 @@ "iot:ListPackages", "iot:ListPolicies", "iot:ListProvisioningTemplates", - "iot:ListRoleAliases", + "iot:ListRoleAliases" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSConfigRoleStatementID1" + }, + { + "Action":[ "iot:ListScheduledAudits", "iot:ListSecurityProfiles", "iot:ListSecurityProfilesForTarget", @@ -64532,8 +64740,11 @@ "s3tables:GetTableBucket", "s3tables:GetTableBucketEncryption", "s3tables:GetTableBucketMaintenanceConfiguration", + "s3tables:GetTableBucketMetricsConfiguration", "s3tables:GetTableBucketPolicy", + "s3tables:GetTableBucketStorageClass", "s3tables:ListTableBuckets", + "s3tables:ListTagsForResource", "sagemaker:DescribeApp", "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeCluster", @@ -64801,7 +65012,7 @@ ], "Effect":"Allow", "Resource":"*", - "Sid":"AWSConfigRoleStatementID" + "Sid":"AWSConfigRoleStatementID2" }, { "Action":[ @@ -64823,7 +65034,7 @@ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-11-21T17:04:12+00:00" + "UpdateDate":"2026-01-14T01:34:14+00:00" }, "AWSrePostPrivateCloudWatchAccess":{ "CreateDate":"2023-11-15T16:37:33+00:00", @@ -76609,7 +76820,7 @@ }, "AmazonEBSCSIDriverPolicy":{ "CreateDate":"2022-04-04T17:24:29+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { @@ -76778,7 +76989,8 @@ }, { "Action":[ - "ec2:DeleteSnapshot" + "ec2:DeleteSnapshot", + "ec2:LockSnapshot" ], "Condition":{ "StringLike":{ @@ -76790,7 +77002,8 @@ }, { "Action":[ - "ec2:DeleteSnapshot" + "ec2:DeleteSnapshot", + "ec2:LockSnapshot" ], "Condition":{ "StringLike":{ @@ -76805,7 +77018,7 @@ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-11-17T17:04:07+00:00" + "UpdateDate":"2026-01-15T18:19:06+00:00" }, "AmazonEC2ContainerRegistryFullAccess":{ "CreateDate":"2015-12-21T17:06:48+00:00", @@ -78581,7 +78794,7 @@ }, "AmazonECSServiceRolePolicy":{ "CreateDate":"2017-10-14T01:18:58+00:00", - "DefaultVersionId":"v14", + "DefaultVersionId":"v15", "Document":{ "Statement":[ { @@ -78735,6 +78948,21 @@ ], "Sid":"ExecuteCommand" }, + { + "Action":[ + "ssmmessages:OpenDataChannel" + ], + "Condition":{ + "StringEquals":{ + "aws:PrincipalAccount":"${aws:ResourceAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:session/*" + ], + "Sid":"OpenDataChannel" + }, { "Action":[ "servicediscovery:CreateHttpNamespace", @@ -78810,7 +79038,7 @@ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-11-20T23:49:10+00:00" + "UpdateDate":"2026-01-21T18:04:08+00:00" }, "AmazonECSTaskExecutionRolePolicy":{ "CreateDate":"2017-11-16T18:48:22+00:00", @@ -100356,6 +100584,361 @@ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-04-29T20:49:54+00:00" }, + "AmazonSageMakerHyperPodGatedModelAccess":{ + "CreateDate":"2026-01-17T01:04:07+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:CreateHubContentPresignedUrls" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:hub/SageMakerPublicHub", + "arn:aws:sagemaker:*:*:hub-content/SageMakerPublicHub/*/*" + ], + "Sid":"CreatePresignedUrlAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-01-17T01:04:07+00:00" + }, + "AmazonSageMakerHyperPodInferenceAccess":{ + "CreateDate":"2026-01-27T20:34:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:DeleteObject" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::hyperpod-tls*/*" + ], + "Sid":"DeleteObjectsPermission" + }, + { + "Action":[ + "s3:GetObject" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "s3:ExistingObjectTag/CreatedBy":"HyperPodInference" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::hyperpod-tls*/*" + ], + "Sid":"S3GetObjectAccess" + }, + { + "Action":[ + "s3:PutObject", + "s3:PutObjectTagging" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "s3:RequestObjectTag/CreatedBy":"HyperPodInference" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::hyperpod-tls*/*" + ], + "Sid":"S3PutObjectAccess" + }, + { + "Action":[ + "ecr:GetAuthorizationToken" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ECRAuthorization" + }, + { + "Action":[ + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage" + ], + "Effect":"Allow", + "Resource":"arn:aws:ecr:*:*:repository/*", + "Sid":"ECRRepositoryAccess" + }, + { + "Action":[ + "ec2:DescribeVpcs", + "ec2:DescribeInstanceTypes", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeDhcpOptions", + "ec2:DescribeSecurityGroups" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EC2DescribeAccess" + }, + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"EC2NetworkInterfaceActions" + }, + { + "Action":[ + "eks:DescribeCluster", + "eks-auth:AssumeRoleForPodIdentity" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:eks:*:*:cluster/*", + "Sid":"EKSClusterAccess" + }, + { + "Action":[ + "eks:AssociateAccessPolicy", + "eks:DisassociateAccessPolicy" + ], + "Condition":{ + "StringEquals":{ + "eks:policyarn":"arn:aws:eks::aws:cluster-access-policy/AmazonSagemakerHyperpodInferenceMonitoringPolicy" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:eks:*:*:access-entry/*", + "Sid":"EKSAccessEntryPolicyAssociation" + }, + { + "Action":[ + "elasticloadbalancing:DescribeLoadBalancers" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ELBListAndDescribeAccess" + }, + { + "Action":[ + "fsx:DescribeFileSystems" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"FSxAccess" + }, + { + "Action":[ + "acm:AddTagsToCertificate", + "acm:ImportCertificate" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"CreatedBy" + }, + "StringEquals":{ + "aws:RequestTag/CreatedBy":"HyperPodInference", + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "aws:ResourceTag/CreatedBy":"HyperPodInference" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:acm:*:*:certificate/*", + "Sid":"CertificateImportPermission" + }, + { + "Action":"acm:DeleteCertificate", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "aws:ResourceTag/CreatedBy":"HyperPodInference" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:acm:*:*:certificate/*", + "Sid":"CertificateDeletePermission" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"sagemaker.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/SageMakerHyperPodInference*", + "Sid":"AllowPassRoleToSageMaker" + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"HyperPodInference" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchMetricsAccess" + }, + { + "Action":[ + "logs:PutLogEvents", + "logs:CreateLogStream", + "logs:CreateLogGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:*" + ], + "Sid":"CloudWatchLogsAccess" + }, + { + "Action":[ + "sagemaker:DescribeModel", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeEndpoint", + "sagemaker:DescribeCluster", + "sagemaker:DescribeClusterInference", + "sagemaker:UpdateClusterInference", + "sagemaker:DescribeHubContent" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:model/*", + "arn:aws:sagemaker:*:*:endpoint/*", + "arn:aws:sagemaker:*:*:endpointconfig/*", + "arn:aws:sagemaker:*:*:cluster/*", + "arn:aws:sagemaker:*:*:hub-content/*", + "arn:aws:sagemaker:*:*:hub/*" + ], + "Sid":"SageMakerAccess" + }, + { + "Action":[ + "sagemaker:CreateModel", + "sagemaker:CreateEndpointConfig", + "sagemaker:CreateEndpoint" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/CreatedBy":"HyperPodInference" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:model/*", + "arn:aws:sagemaker:*:*:endpoint/*", + "arn:aws:sagemaker:*:*:endpoint-config/*" + ], + "Sid":"SageMakerCreateAccess" + }, + { + "Action":[ + "sagemaker:AddTags" + ], + "Condition":{ + "StringEquals":{ + "sagemaker:TaggingAction":[ + "CreateModel", + "CreateEndpointConfig", + "CreateEndpoint" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:model/*", + "arn:aws:sagemaker:*:*:endpoint/*", + "arn:aws:sagemaker:*:*:endpoint-config/*" + ], + "Sid":"SageMakerTagging" + }, + { + "Action":[ + "sagemaker:DeleteModel", + "sagemaker:DeleteEndpointConfig", + "sagemaker:DeleteEndpoint", + "sagemaker:UpdateEndpoint" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/CreatedBy":"HyperPodInference" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:model/*", + "arn:aws:sagemaker:*:*:endpoint/*", + "arn:aws:sagemaker:*:*:endpoint-config/*" + ], + "Sid":"SageMakerDeleteAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2026-01-27T20:34:09+00:00" + }, "AmazonSageMakerHyperPodObservabilityAdminAccess":{ "CreateDate":"2025-07-10T14:37:07+00:00", "DefaultVersionId":"v2", @@ -121026,7 +121609,7 @@ }, "ReadOnlyAccess":{ "CreateDate":"2015-02-06T18:39:48+00:00", - "DefaultVersionId":"v137", + "DefaultVersionId":"v139", "Document":{ "Statement":[ { @@ -121053,6 +121636,7 @@ "account:GetAccountInformation", "account:GetAlternateContact", "account:GetContactInformation", + "account:GetGovCloudAccountInformation", "account:GetPrimaryEmail", "account:GetRegionOptStatus", "account:ListRegions", @@ -121064,18 +121648,18 @@ "acm:List*", "action-recommendations:ListRecommendedActions", "aiops:GetEphemeralInvestigationResults", + "aiops:GetFact", + "aiops:GetFactVersions", "aiops:GetInvestigation", "aiops:GetInvestigationEvent", "aiops:GetInvestigationGroup", "aiops:GetInvestigationResource", + "aiops:GetReport", + "aiops:ListFacts", "aiops:ListInvestigationEvents", "aiops:ListInvestigationGroups", "aiops:ListInvestigations", "aiops:ValidateInvestigationGroup", - "aiops:GetFact", - "aiops:GetFactVersions", - "aiops:GetReport", - "aiops:ListFacts", "airflow:ListEnvironments", "airflow:ListTagsForResource", "amplify:GetApp", @@ -121108,6 +121692,16 @@ "aoss:ListTagsForResource", "aoss:ListVpcEndpoints", "apigateway:GET", + "apigateway:GetPortal", + "apigateway:GetPortalProduct", + "apigateway:GetProductPage", + "apigateway:GetProductRestEndpointPage", + "apigateway:GetRoutingRule", + "apigateway:ListPortalProducts", + "apigateway:ListPortals", + "apigateway:ListProductPages", + "apigateway:ListProductRestEndpointPages", + "apigateway:ListRoutingRules", "appconfig:GetApplication", "appconfig:GetConfiguration", "appconfig:GetConfigurationProfile", @@ -121118,8 +121712,8 @@ "appconfig:GetHostedConfigurationVersion", "appconfig:ListApplications", "appconfig:ListConfigurationProfiles", - "appconfig:ListDeploymentStrategies", "appconfig:ListDeployments", + "appconfig:ListDeploymentStrategies", "appconfig:ListEnvironments", "appconfig:ListExtensions", "appconfig:ListHostedConfigurationVersions", @@ -121153,18 +121747,18 @@ "application-signals:BatchGetServiceLevelObjectiveBudgetReport", "application-signals:GetService", "application-signals:GetServiceLevelObjective", + "application-signals:ListAuditFindings", + "application-signals:ListEntityEvents", + "application-signals:ListGroupingAttributeDefinitions", "application-signals:ListObservedEntities", "application-signals:ListServiceDependencies", "application-signals:ListServiceDependents", + "application-signals:ListServiceLevelObjectiveExclusionWindows", "application-signals:ListServiceLevelObjectives", "application-signals:ListServiceOperations", "application-signals:ListServices", - "application-signals:ListTagsForResource", "application-signals:ListServiceStates", - "application-signals:ListAuditFindings", - "application-signals:ListGroupingAttributeDefinitions", - "application-signals:ListServiceLevelObjectiveExclusionWindows", - "application-signals:ListEntityEvents", + "application-signals:ListTagsForResource", "applicationinsights:Describe*", "applicationinsights:List*", "appmesh:Describe*", @@ -121199,9 +121793,9 @@ "apptest:ListTagsForResource", "apptest:ListTestCases", "apptest:ListTestConfigurations", + "apptest:ListTestRuns", "apptest:ListTestRunSteps", "apptest:ListTestRunTestCases", - "apptest:ListTestRuns", "apptest:ListTestSuites", "aps:DescribeAlertManagerDefinition", "aps:DescribeLoggingConfiguration", @@ -121234,6 +121828,7 @@ "arc-region-switch:ListPlans", "arc-region-switch:ListPlansInRegion", "arc-region-switch:ListRoute53HealthChecks", + "arc-region-switch:ListRoute53HealthChecksInRegion", "arc-region-switch:ListTagsForResource", "arc-zonal-shift:GetAutoshiftObserverNotificationStatus", "arc-zonal-shift:GetManagedResource", @@ -121346,19 +121941,21 @@ "bedrock:GetModelInvocationLoggingConfiguration", "bedrock:GetPrompt", "bedrock:GetProvisionedModelThroughput", + "bedrock:GetResourcePolicy", "bedrock:GetUseCaseForModelAccess", "bedrock:ListAgentActionGroups", "bedrock:ListAgentAliases", "bedrock:ListAgentCollaborators", "bedrock:ListAgentKnowledgeBases", - "bedrock:ListAgentVersions", "bedrock:ListAgents", + "bedrock:ListAgentVersions", "bedrock:ListCustomModels", "bedrock:ListDataSources", + "bedrock:ListEnforcedGuardrailsConfiguration", "bedrock:ListEvaluationJobs", "bedrock:ListFlowAliases", - "bedrock:ListFlowVersions", "bedrock:ListFlows", + "bedrock:ListFlowVersions", "bedrock:ListFoundationModelAgreementOffers", "bedrock:ListFoundationModels", "bedrock:ListGuardrails", @@ -121386,8 +121983,8 @@ "billingconductor:ListAccountAssociations", "billingconductor:ListBillingGroupCostReports", "billingconductor:ListBillingGroups", - "billingconductor:ListCustomLineItemVersions", "billingconductor:ListCustomLineItems", + "billingconductor:ListCustomLineItemVersions", "billingconductor:ListPricingPlans", "billingconductor:ListPricingPlansAssociatedWithPricingRule", "billingconductor:ListPricingRules", @@ -121435,6 +122032,7 @@ "ce:ListCostAllocationTagBackfillHistory", "ce:ListCostAllocationTags", "ce:ListCostCategoryDefinitions", + "ce:ListCostCategoryResourceAssociations", "ce:ListSavingsPlansPurchaseRecommendationGeneration", "ce:ListTagsForResource", "chatbot:Describe*", @@ -121462,6 +122060,7 @@ "cleanrooms:GetAnalysisTemplate", "cleanrooms:GetCollaboration", "cleanrooms:GetCollaborationAnalysisTemplate", + "cleanrooms:GetCollaborationChangeRequest", "cleanrooms:GetCollaborationConfiguredAudienceModelAssociation", "cleanrooms:GetCollaborationIdNamespaceAssociation", "cleanrooms:GetCollaborationPrivacyBudgetTemplate", @@ -121474,15 +122073,17 @@ "cleanrooms:GetIdNamespaceAssociation", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", + "cleanrooms:GetProtectedJob", "cleanrooms:GetProtectedQuery", "cleanrooms:GetSchema", "cleanrooms:GetSchemaAnalysisRule", "cleanrooms:ListAnalysisTemplates", "cleanrooms:ListCollaborationAnalysisTemplates", + "cleanrooms:ListCollaborationChangeRequests", "cleanrooms:ListCollaborationConfiguredAudienceModelAssociations", "cleanrooms:ListCollaborationIdNamespaceAssociations", - "cleanrooms:ListCollaborationPrivacyBudgetTemplates", "cleanrooms:ListCollaborationPrivacyBudgets", + "cleanrooms:ListCollaborationPrivacyBudgetTemplates", "cleanrooms:ListCollaborations", "cleanrooms:ListConfiguredAudienceModelAssociations", "cleanrooms:ListConfiguredTableAssociations", @@ -121491,16 +122092,13 @@ "cleanrooms:ListIdNamespaceAssociations", "cleanrooms:ListMembers", "cleanrooms:ListMemberships", - "cleanrooms:ListPrivacyBudgetTemplates", "cleanrooms:ListPrivacyBudgets", + "cleanrooms:ListPrivacyBudgetTemplates", + "cleanrooms:ListProtectedJobs", "cleanrooms:ListProtectedQueries", "cleanrooms:ListSchemas", "cleanrooms:ListTagsForResource", "cleanrooms:PreviewPrivacyImpact", - "cleanrooms:GetCollaborationChangeRequest", - "cleanrooms:GetProtectedJob", - "cleanrooms:ListCollaborationChangeRequests", - "cleanrooms:ListProtectedJobs", "cloud9:Describe*", "cloud9:List*", "clouddirectory:BatchRead", @@ -121544,10 +122142,10 @@ "codeartifact:GetRepositoryEndpoint", "codeartifact:GetRepositoryPermissionsPolicy", "codeartifact:ListDomains", + "codeartifact:ListPackages", "codeartifact:ListPackageVersionAssets", "codeartifact:ListPackageVersionDependencies", "codeartifact:ListPackageVersions", - "codeartifact:ListPackages", "codeartifact:ListRepositories", "codeartifact:ListRepositoriesInDomain", "codeartifact:ListTagsForResource", @@ -121590,11 +122188,11 @@ "codestar-connections:ListRepositorySyncDefinitions", "codestar-connections:ListSyncConfigurations", "codestar-connections:ListTagsForResource", - "codestar-notifications:ListTargets", "codestar-notifications:describeNotificationRule", "codestar-notifications:listEventTypes", "codestar-notifications:listNotificationRules", "codestar-notifications:listTagsForResource", + "codestar-notifications:ListTargets", "codestar:Describe*", "codestar:Get*", "codestar:List*", @@ -121672,10 +122270,10 @@ "controlcatalog:ListObjectives", "cost-optimization-hub:GetPreferences", "cost-optimization-hub:GetRecommendation", + "cost-optimization-hub:ListEfficiencyMetrics", "cost-optimization-hub:ListEnrollmentStatuses", - "cost-optimization-hub:ListRecommendationSummaries", "cost-optimization-hub:ListRecommendations", - "cost-optimization-hub:ListEfficiencyMetrics", + "cost-optimization-hub:ListRecommendationSummaries", "cur:GetClassicReport", "cur:GetClassicReportPreferences", "cur:GetUsageReport", @@ -121692,8 +122290,8 @@ "databrew:ListJobRuns", "databrew:ListJobs", "databrew:ListProjects", - "databrew:ListRecipeVersions", "databrew:ListRecipes", + "databrew:ListRecipeVersions", "databrew:ListRulesets", "databrew:ListSchedules", "databrew:ListTagsForResource", @@ -121742,12 +122340,12 @@ "datazone:ListDataSourceRunActivities", "datazone:ListDataSourceRuns", "datazone:ListDataSources", - "datazone:ListDomainUnitsForParent", "datazone:ListDomains", + "datazone:ListDomainUnitsForParent", "datazone:ListEntityOwners", "datazone:ListEnvironmentActions", - "datazone:ListEnvironmentBlueprintConfigurationSummaries", "datazone:ListEnvironmentBlueprintConfigurations", + "datazone:ListEnvironmentBlueprintConfigurationSummaries", "datazone:ListEnvironmentBlueprints", "datazone:ListEnvironmentProfiles", "datazone:ListEnvironments", @@ -121760,8 +122358,8 @@ "datazone:ListProjects", "datazone:ListSubscriptionGrants", "datazone:ListSubscriptionRequests", - "datazone:ListSubscriptionTargets", "datazone:ListSubscriptions", + "datazone:ListSubscriptionTargets", "datazone:ListTagsForResource", "datazone:ListTimeSeriesDataPoints", "datazone:Search", @@ -121895,6 +122493,7 @@ "ds:List*", "ds:Verify*", "dsql:GetCluster", + "dsql:GetClusterPolicy", "dsql:GetVpcEndpointServiceName", "dsql:ListClusters", "dsql:ListTagsForResource", @@ -121914,8 +122513,8 @@ "ec2:SearchTransitGatewayRoutes", "ec2messages:Get*", "ecr-public:BatchCheckLayerAvailability", - "ecr-public:DescribeImageTags", "ecr-public:DescribeImages", + "ecr-public:DescribeImageTags", "ecr-public:DescribeRegistries", "ecr-public:DescribeRepositories", "ecr-public:GetAuthorizationToken", @@ -121996,9 +122595,9 @@ "fis:GetTargetResourceType", "fis:ListActions", "fis:ListExperimentResolvedTargets", + "fis:ListExperiments", "fis:ListExperimentTargetAccountConfigurations", "fis:ListExperimentTemplates", - "fis:ListExperiments", "fis:ListTagsForResource", "fis:ListTargetAccountConfigurations", "fis:ListTargetResourceTypes", @@ -122054,8 +122653,8 @@ "frauddetector:GetBatchImportJobs", "frauddetector:GetBatchPredictionJobs", "frauddetector:GetDeleteEventsByEventTypeStatus", - "frauddetector:GetDetectorVersion", "frauddetector:GetDetectors", + "frauddetector:GetDetectorVersion", "frauddetector:GetEntityTypes", "frauddetector:GetEvent", "frauddetector:GetEventPredictionMetadata", @@ -122065,8 +122664,8 @@ "frauddetector:GetLabels", "frauddetector:GetListElements", "frauddetector:GetListsMetadata", - "frauddetector:GetModelVersion", "frauddetector:GetModels", + "frauddetector:GetModelVersion", "frauddetector:GetOutcomes", "frauddetector:GetRules", "frauddetector:GetVariables", @@ -122074,10 +122673,10 @@ "frauddetector:ListTagsForResource", "freertos:Describe*", "freertos:List*", - "freetier:GetFreeTierAlertPreference", - "freetier:GetFreeTierUsage", "freetier:GetAccountActivity", "freetier:GetAccountPlanState", + "freetier:GetFreeTierAlertPreference", + "freetier:GetFreeTierUsage", "freetier:ListAccountActivities", "fsx:Describe*", "fsx:List*", @@ -122105,9 +122704,9 @@ "glue:GetCrawler", "glue:GetCrawlerMetrics", "glue:GetCrawlers", - "glue:GetDataCatalogEncryptionSettings", "glue:GetDatabase", "glue:GetDatabases", + "glue:GetDataCatalogEncryptionSettings", "glue:GetDataflowGraph", "glue:GetDevEndpoint", "glue:GetDevEndpoints", @@ -122116,11 +122715,11 @@ "glue:GetJobRun", "glue:GetJobRuns", "glue:GetJobs", + "glue:GetMapping", "glue:GetMLTaskRun", "glue:GetMLTaskRuns", "glue:GetMLTransform", "glue:GetMLTransforms", - "glue:GetMapping", "glue:GetPartition", "glue:GetPartitions", "glue:GetPlan", @@ -122136,9 +122735,9 @@ "glue:GetStatement", "glue:GetTable", "glue:GetTableOptimizer", + "glue:GetTables", "glue:GetTableVersion", "glue:GetTableVersions", - "glue:GetTables", "glue:GetTags", "glue:GetTrigger", "glue:GetTriggers", @@ -122154,8 +122753,8 @@ "glue:ListJobs", "glue:ListMLTransforms", "glue:ListRegistries", - "glue:ListSchemaVersions", "glue:ListSchemas", + "glue:ListSchemaVersions", "glue:ListSessions", "glue:ListStatements", "glue:ListTableOptimizerRuns", @@ -122225,6 +122824,10 @@ "imagebuilder:List*", "importexport:Get*", "importexport:List*", + "inspector:Describe*", + "inspector:Get*", + "inspector:List*", + "inspector:Preview*", "inspector2:BatchGetAccountStatus", "inspector2:BatchGetCodeSnippet", "inspector2:BatchGetFreeTrialInfo", @@ -122251,10 +122854,6 @@ "inspector2:ListTagsForResource", "inspector2:ListUsageTotals", "inspector2:SearchVulnerabilities", - "inspector:Describe*", - "inspector:Get*", - "inspector:List*", - "inspector:Preview*", "internetmonitor:GetHealthEvent", "internetmonitor:GetInternetEvent", "internetmonitor:GetMonitor", @@ -122265,6 +122864,9 @@ "invoicing:GetInvoiceEmailDeliveryPreferences", "invoicing:GetInvoicePDF", "invoicing:ListInvoiceSummaries", + "iot:Describe*", + "iot:Get*", + "iot:List*", "iot1click:DescribeDevice", "iot1click:DescribePlacement", "iot1click:DescribeProject", @@ -122275,9 +122877,6 @@ "iot1click:ListPlacements", "iot1click:ListProjects", "iot1click:ListTagsForResource", - "iot:Describe*", - "iot:Get*", - "iot:List*", "iotanalytics:Describe*", "iotanalytics:Get*", "iotanalytics:List*", @@ -122288,11 +122887,11 @@ "iotevents:DescribeDetectorModel", "iotevents:DescribeInput", "iotevents:DescribeLoggingOptions", - "iotevents:ListAlarmModelVersions", "iotevents:ListAlarmModels", + "iotevents:ListAlarmModelVersions", "iotevents:ListAlarms", - "iotevents:ListDetectorModelVersions", "iotevents:ListDetectorModels", + "iotevents:ListDetectorModelVersions", "iotevents:ListDetectors", "iotevents:ListInputs", "iotevents:ListTagsForResource", @@ -122309,8 +122908,8 @@ "iotfleetwise:GetVehicleStatus", "iotfleetwise:ListCampaigns", "iotfleetwise:ListDecoderManifestNetworkInterfaces", - "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListDecoderManifests", + "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListFleetsForVehicle", "iotfleetwise:ListModelManifestNodes", @@ -122366,8 +122965,8 @@ "iotwireless:ListTagsForResource", "iotwireless:ListWirelessDeviceImportTasks", "iotwireless:ListWirelessDevices", - "iotwireless:ListWirelessGatewayTaskDefinitions", "iotwireless:ListWirelessGateways", + "iotwireless:ListWirelessGatewayTaskDefinitions", "ivs:BatchGetChannel", "ivs:GetChannel", "ivs:GetComposition", @@ -122393,12 +122992,12 @@ "ivs:ListPlaybackRestrictionPolicies", "ivs:ListPublicKeys", "ivs:ListRecordingConfigurations", - "ivs:ListStageSessions", "ivs:ListStages", + "ivs:ListStageSessions", "ivs:ListStorageConfigurations", "ivs:ListStreamKeys", - "ivs:ListStreamSessions", "ivs:ListStreams", + "ivs:ListStreamSessions", "ivs:ListTagsForResource", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom", @@ -122725,12 +123324,26 @@ "managedblockchain:ListProposals", "managedblockchain:ListTagsForResource", "mediaconnect:DescribeFlow", + "mediaconnect:DescribeFlowSourceMetadata", + "mediaconnect:DescribeFlowSourceThumbnail", + "mediaconnect:DescribeGateway", + "mediaconnect:DescribeGatewayInstance", "mediaconnect:DescribeOffering", "mediaconnect:DescribeReservation", + "mediaconnect:DiscoverGatewayPollEndpoint", + "mediaconnect:GetRouterInput", + "mediaconnect:GetRouterNetworkInterface", + "mediaconnect:GetRouterOutput", + "mediaconnect:ListBridges", "mediaconnect:ListEntitlements", "mediaconnect:ListFlows", + "mediaconnect:ListGatewayInstances", + "mediaconnect:ListGateways", "mediaconnect:ListOfferings", "mediaconnect:ListReservations", + "mediaconnect:ListRouterInputs", + "mediaconnect:ListRouterNetworkInterfaces", + "mediaconnect:ListRouterOutputs", "mediaconnect:ListTagsForResource", "mediaconvert:DescribeEndpoints", "mediaconvert:Get*", @@ -122851,15 +123464,22 @@ "network-firewall:DescribeFirewall", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeLoggingConfiguration", + "network-firewall:DescribeProxy", + "network-firewall:DescribeProxyConfiguration", + "network-firewall:DescribeProxyRule", + "network-firewall:DescribeProxyRuleGroup", "network-firewall:DescribeResourcePolicy", "network-firewall:DescribeRuleGroup", "network-firewall:DescribeRuleGroupMetadata", "network-firewall:DescribeTLSInspectionConfiguration", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", + "network-firewall:ListProxies", + "network-firewall:ListProxyConfigurations", + "network-firewall:ListProxyRuleGroups", "network-firewall:ListRuleGroups", - "network-firewall:ListTLSInspectionConfigurations", "network-firewall:ListTagsForResource", + "network-firewall:ListTLSInspectionConfigurations", "networkflowmonitor:GetMonitor", "networkflowmonitor:GetScope", "networkflowmonitor:ListMonitors", @@ -123367,8 +123987,8 @@ "servicediscovery:DiscoverInstancesRevision", "servicediscovery:Get*", "servicediscovery:List*", - "servicequotas:GetAWSDefaultServiceQuota", "servicequotas:GetAssociationForServiceQuotaTemplate", + "servicequotas:GetAWSDefaultServiceQuota", "servicequotas:GetRequestedServiceQuotaChange", "servicequotas:GetServiceQuota", "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", @@ -123550,6 +124170,11 @@ "transfer:Describe*", "transfer:List*", "transfer:TestIdentityProvider", + "transform-custom:GetCampaign", + "transform-custom:GetKnowledgeItem", + "transform-custom:ListKnowledgeItems", + "transform-custom:ListTagsForResource", + "transform-custom:ListTransformationPackageMetadata", "translate:DescribeTextTranslationJob", "translate:GetParallelData", "translate:GetTerminology", @@ -123667,7 +124292,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-12-16T13:04:14+00:00" + "UpdateDate":"2026-01-15T18:49:14+00:00" }, "ResourceGroupsServiceRolePolicy":{ "CreateDate":"2023-01-05T16:57:08+00:00", @@ -125029,7 +125654,7 @@ }, "SageMakerStudioAdminIAMDefaultExecutionPolicy":{ "CreateDate":"2025-08-18T17:19:07+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { @@ -125235,6 +125860,7 @@ "sagemaker:QueryLineage", "sagemaker:*InferenceComponent*", "sagemaker:*Job*", + "sagemaker:*MlflowApp*", "sagemaker:StartMlflowTrackingServer", "sagemaker:StopMlflowTrackingServer", "sagemaker:CreatePresignedMlflowTrackingServerUrl", @@ -125937,7 +126563,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-11-18T23:34:07+00:00" + "UpdateDate":"2026-01-27T21:04:11+00:00" }, "SageMakerStudioAdminIAMPermissiveExecutionPolicy":{ "CreateDate":"2025-08-18T17:19:07+00:00", @@ -128841,7 +129467,7 @@ }, "SageMakerStudioProjectProvisioningRolePolicy":{ "CreateDate":"2024-11-20T21:58:39+00:00", - "DefaultVersionId":"v24", + "DefaultVersionId":"v25", "Document":{ "Statement":[ { @@ -130784,7 +131410,8 @@ "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:domain/*", - "arn:aws:sagemaker:*:*:mlflow-tracking-server/*" + "arn:aws:sagemaker:*:*:mlflow-tracking-server/*", + "arn:aws:sagemaker:*:*:mlflow-app/*" ], "Sid":"TagSMD" }, @@ -130804,7 +131431,8 @@ "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:domain/*", - "arn:aws:sagemaker:*:*:mlflow-tracking-server/*" + "arn:aws:sagemaker:*:*:mlflow-tracking-server/*", + "arn:aws:sagemaker:*:*:mlflow-app/*" ], "Sid":"TagSMDForUpdate" }, @@ -131011,6 +131639,33 @@ "Resource":"arn:aws:sagemaker:*:*:mlflow-tracking-server/*", "Sid":"MLFlowDelete" }, + { + "Action":[ + "sagemaker:CreateMlflowApp" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AmazonDataZoneProject":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:mlflow-app/*", + "Sid":"MLFlowServerlessCreate" + }, + { + "Action":[ + "sagemaker:DeleteMlflowApp", + "sagemaker:DescribeMlflowApp" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AmazonDataZoneProject":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:mlflow-app/*", + "Sid":"MLFlowServerlessDescribeDelete" + }, { "Action":[ "aoss:GetAccessPolicy", @@ -131911,11 +132566,11 @@ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-11-21T00:04:06+00:00" + "UpdateDate":"2026-01-27T21:04:10+00:00" }, "SageMakerStudioProjectRoleMachineLearningPolicy":{ "CreateDate":"2024-11-20T21:55:27+00:00", - "DefaultVersionId":"v12", + "DefaultVersionId":"v13", "Document":{ "Statement":[ { @@ -132057,6 +132712,24 @@ "Resource":"arn:aws:sagemaker:*:*:mlflow-tracking-server/*", "Sid":"SageMakerMlflowPermission" }, + { + "Action":[ + "sagemaker:CreateMlflowApp", + "sagemaker:CreatePresignedMlflowAppUrl", + "sagemaker:DeleteMlflowApp", + "sagemaker:DescribeMlflowApp", + "sagemaker:UpdateMlflowApp", + "sagemaker:CallMlflowAppApi" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:mlflow-app/*", + "Sid":"SageMakerMlflowServerlessPermission" + }, { "Action":[ "elasticfilesystem:DescribeMountTargets" @@ -132266,7 +132939,8 @@ "sagemaker:ListArtifacts", "sagemaker:ListHubs", "sagemaker:ListPipelines", - "sagemaker:ListContexts" + "sagemaker:ListContexts", + "sagemaker:ListMlflowApps" ], "Condition":{ "StringEquals":{ @@ -133015,7 +133689,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-11-21T17:19:10+00:00" + "UpdateDate":"2026-01-27T21:19:09+00:00" }, "SageMakerStudioProjectUserRolePermissionsBoundary":{ "CreateDate":"2024-11-20T21:57:42+00:00", @@ -138377,7 +139051,7 @@ }, "SageMakerStudioUserIAMDefaultExecutionPolicy":{ "CreateDate":"2025-08-18T17:19:07+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -138616,6 +139290,7 @@ "sagemaker:QueryLineage", "sagemaker:*InferenceComponent*", "sagemaker:*Job*", + "sagemaker:*MlflowApp*", "sagemaker:StartMlflowTrackingServer", "sagemaker:StopMlflowTrackingServer", "sagemaker:CreatePresignedMlflowTrackingServerUrl", @@ -139311,7 +139986,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-11-18T23:34:11+00:00" + "UpdateDate":"2026-01-27T21:04:13+00:00" }, "SageMakerStudioUserIAMPermissiveExecutionPolicy":{ "CreateDate":"2025-08-18T17:19:08+00:00", @@ -140003,7 +140678,7 @@ }, "SecurityAgentWebAppAPIPolicy":{ "CreateDate":"2025-12-02T15:04:06+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -140049,6 +140724,7 @@ "securityagent:ListPentestJobsForPentest", "securityagent:ListPentests", "securityagent:ListTasks", + "securityagent:StartCodeRemediation", "securityagent:StartPentestExecution", "securityagent:StopPentestExecution", "securityagent:UpdateFinding", @@ -140068,11 +140744,11 @@ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-12-10T01:04:12+00:00" + "UpdateDate":"2026-01-21T18:34:08+00:00" }, "SecurityAudit":{ "CreateDate":"2015-02-06T18:41:01+00:00", - "DefaultVersionId":"v56", + "DefaultVersionId":"v58", "Document":{ "Statement":[ { @@ -140357,6 +141033,7 @@ "dynamodb:DescribeKinesisStreamingDestination", "dynamodb:DescribeTable", "dynamodb:DescribeTimeToLive", + "dynamodb:GetResourcePolicy", "dynamodb:ListBackups", "dynamodb:ListExports", "dynamodb:ListGlobalTables", @@ -140407,6 +141084,8 @@ "eks:DescribeCluster", "eks:DescribeFargateProfile", "eks:DescribeNodeGroup", + "eks:ListAccessEntries", + "eks:ListAssociatedAccessPolicies", "eks:ListClusters", "eks:ListFargateProfiles", "eks:ListNodeGroups", @@ -141031,7 +141710,7 @@ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-10-13T18:19:07+00:00" + "UpdateDate":"2026-01-30T20:19:13+00:00" }, "SecurityLakeResourceManagementServiceRolePolicy":{ "CreateDate":"2024-11-14T22:10:14+00:00", @@ -142640,7 +143319,7 @@ }, "ViewOnlyAccess":{ "CreateDate":"2016-11-10T17:20:15+00:00", - "DefaultVersionId":"v27", + "DefaultVersionId":"v29", "Document":{ "Statement":[ { @@ -142890,6 +143569,9 @@ "mediaconnect:ListFlows", "mediaconnect:ListOfferings", "mediaconnect:ListReservations", + "mediaconnect:ListRouterInputs", + "mediaconnect:ListRouterOutputs", + "mediaconnect:ListRouterNetworkInterfaces", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetCampaigns", "mobiletargeting:GetImportJobs", @@ -142976,7 +143658,14 @@ "workdocs:DescribeAvailableDirectories", "workdocs:DescribeInstances", "workmail:Describe*", - "workspaces:Describe*" + "workspaces:Describe*", + "xray:GetEncryptionConfig", + "xray:GetGroups", + "xray:GetSamplingRules", + "xray:GetSamplingStatisticSummaries", + "xray:GetSamplingTargets", + "xray:GetTraceSegmentDestination", + "xray:ListResourcePolicies" ], "Effect":"Allow", "Resource":"*", @@ -143036,7 +143725,7 @@ }, "Path":"/job-function/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2025-10-13T21:34:08+00:00" + "UpdateDate":"2026-01-15T18:34:12+00:00" }, "WAFLoggingServiceRolePolicy":{ "CreateDate":"2018-08-24T21:05:47+00:00", diff --git a/moto/ssm/resources/ami-amazon-linux-latest/us-gov-east-1.json b/moto/ssm/resources/ami-amazon-linux-latest/us-gov-east-1.json new file mode 100644 index 000000000000..abf14dfcb2a8 --- /dev/null +++ b/moto/ssm/resources/ami-amazon-linux-latest/us-gov-east-1.json @@ -0,0 +1,191 @@ +[ + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64", + "DataType": "text", + "LastModifiedDate": 1721692759.417, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64", + "Type": "String", + "Value": "ami-0388cfad0bfbabb99", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64", + "DataType": "text", + "LastModifiedDate": 1721692760.492, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64", + "Type": "String", + "Value": "ami-045a9bf9ced62bc2f", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692760.222, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64", + "Type": "String", + "Value": "ami-0dbef5e1adb6e1abf", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64", + "DataType": "text", + "LastModifiedDate": 1721692760.983, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64", + "Type": "String", + "Value": "ami-06cfed33cc8526f2d", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012167.998, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3", + "Type": "String", + "Value": "ami-0a4c808d4c1a4bd8b", + "Version": 67 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697389.518, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2", + "Type": "String", + "Value": "ami-0ad9a80ec3dceacee", + "Version": 85 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697389.822, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0aeefe7aca43006af", + "Version": 114 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697390.713, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0dbbc1ffd92e9dc3a", + "Version": 73 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697391.321, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs", + "Type": "String", + "Value": "ami-0f679fed2d6731f5e", + "Version": 85 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697391.614, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-00cedd6af9996d4d7", + "Version": 114 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692759.694, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64", + "Type": "String", + "Value": "ami-0a5db8fbece0eb74b", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692760.743, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64", + "Type": "String", + "Value": "ami-0de91fdcfc8d9f74e", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64", + "DataType": "text", + "LastModifiedDate": 1721692759.96, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64", + "Type": "String", + "Value": "ami-0cbbefdbb400bc3fa", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692761.237, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64", + "Type": "String", + "Value": "ami-02225bbcc9e4f69ec", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012167.223, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0eabcdae6cabf6e70", + "Version": 67 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012167.616, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3", + "Type": "String", + "Value": "ami-0654bf9da906daf8b", + "Version": 67 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012167.808, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0aea210be1a75b94e", + "Version": 67 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697390.123, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-01abf14eabdf9aade", + "Version": 114 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697390.421, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2", + "Type": "String", + "Value": "ami-0cf49cd7abf721d78", + "Version": 73 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697391.015, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-0db1e2b6da3a4ef84", + "Version": 73 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1703012167.428, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-0a80c906edacd0e8b", + "Version": 67 + } +] \ No newline at end of file diff --git a/moto/ssm/resources/ami-amazon-linux-latest/us-gov-west-1.json b/moto/ssm/resources/ami-amazon-linux-latest/us-gov-west-1.json new file mode 100644 index 000000000000..9508646e0ba7 --- /dev/null +++ b/moto/ssm/resources/ami-amazon-linux-latest/us-gov-west-1.json @@ -0,0 +1,227 @@ +[ + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64", + "DataType": "text", + "LastModifiedDate": 1721692762.09, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64", + "Type": "String", + "Value": "ami-011efb3cb2db23315", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64", + "DataType": "text", + "LastModifiedDate": 1721692762.569, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64", + "Type": "String", + "Value": "ami-019ee724f2be51720", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692762.461, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64", + "Type": "String", + "Value": "ami-0c74a4baed89bc2c8", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64", + "DataType": "text", + "LastModifiedDate": 1721692762.795, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64", + "Type": "String", + "Value": "ami-01bdd33fcf8c3faaf", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012169.012, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3", + "Type": "String", + "Value": "ami-0bb609de40cb15fb0", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012169.337, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-s3", + "Type": "String", + "Value": "ami-0cdbe7f8dcc75fb7c", + "Version": 68 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697392.494, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2", + "Type": "String", + "Value": "ami-0fccef3543f16dd9b", + "Version": 85 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697392.632, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0eea2ae1689e53bef", + "Version": 119 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697392.995, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-06ba9aacc2eed0ff5", + "Version": 74 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697393.216, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs", + "Type": "String", + "Value": "ami-0549b0e03a35cad47", + "Version": 85 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692762.894, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64", + "Type": "String", + "Value": "ami-03e7ac6ecae00de4c", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012168.667, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-034c73ffbb74bb99c", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012168.841, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3", + "Type": "String", + "Value": "ami-08cdd8d24cc1709c7", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012168.934, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-00eea1719b6aae09e", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012169.106, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-ebs", + "Type": "String", + "Value": "ami-0e3c8ed0bf77adcff", + "Version": 68 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012169.187, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-s3", + "Type": "String", + "Value": "ami-07aeb19a8d919da02", + "Version": 68 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012169.262, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-ebs", + "Type": "String", + "Value": "ami-0eb0af607aabfafff", + "Version": 68 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697392.88, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2", + "Type": "String", + "Value": "ami-0c2ed33fcbcc83ebe", + "Version": 74 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697393.114, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-0e7f6bd7808f3f95f", + "Version": 74 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697393.321, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-05eb4d4349faed35c", + "Version": 119 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692762.216, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64", + "Type": "String", + "Value": "ami-0813aacedccabaaad", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692762.685, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64", + "Type": "String", + "Value": "ami-0f8c631fccd898fcc", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64", + "DataType": "text", + "LastModifiedDate": 1721692762.348, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64", + "Type": "String", + "Value": "ami-0b2a6da8cb6b500ff", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1703012168.758, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-0cfb8ee4baf66e51e", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697392.767, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-03ebdb8bd059274a1", + "Version": 119 + } +] \ No newline at end of file diff --git a/setup.cfg b/setup.cfg index c64bf51805f9..9cb919c6fce6 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,12 +1,12 @@ [metadata] -name = moto +name = moto-ext version = 5.1.21.dev description = A library that allows you to easily mock out tests based on AWS infrastructure long_description = file:README.md long_description_content_type = text/markdown author = Steve Pulec author_email = spulec@gmail.com -url = https://github.com/getmoto/moto +url = https://github.com/localstack/moto license = Apache-2.0 test_suite = tests classifiers = @@ -19,10 +19,6 @@ classifiers = Programming Language :: Python :: 3.14 Topic :: Software Development :: Testing keywords = aws ec2 s3 boto3 mock -project_urls = - Documentation = http://docs.getmoto.org/en/latest/ - Issue tracker = https://github.com/getmoto/moto/issues - Changelog = https://github.com/getmoto/moto/blob/master/CHANGELOG.md [options] python_requires = >=3.9 @@ -46,7 +42,8 @@ moto = py.typed [options.extras_require] all = antlr4-python3-runtime - aws-sam-translator<=1.103.0 + aws-sam-translator<=1.103.0; python_version >= "3.14" + aws-sam-translator>=1.105.0; python_version < "3.14" joserfc>=0.9.0 jsonpath_ng docker>=3.0.0 @@ -63,7 +60,8 @@ all = multipart proxy = antlr4-python3-runtime - aws-sam-translator<=1.103.0 + aws-sam-translator<=1.103.0; python_version >= "3.14" + aws-sam-translator>=1.105.0; python_version < "3.14" joserfc>=0.9.0 jsonpath_ng docker>=2.5.1 @@ -79,7 +77,8 @@ proxy = multipart server = antlr4-python3-runtime - aws-sam-translator<=1.103.0 + aws-sam-translator<=1.103.0; python_version >= "3.14" + aws-sam-translator>=1.105.0; python_version < "3.14" joserfc>=0.9.0 jsonpath_ng docker>=3.0.0 diff --git a/tests/test_ssm/test_ssm_default_amis.py b/tests/test_ssm/test_ssm_default_amis.py index a3c286590dcc..419a49c42c6a 100644 --- a/tests/test_ssm/test_ssm_default_amis.py +++ b/tests/test_ssm/test_ssm_default_amis.py @@ -1,4 +1,5 @@ import boto3 +import pytest from moto import mock_aws @@ -6,8 +7,16 @@ @mock_aws -def test_ssm_get_latest_ami_by_path(): - client = boto3.client("ssm", region_name="us-west-1") +@pytest.mark.parametrize( + "partition,region", + [ + ("aws", "us-west-1"), + ("aws-us-gov", "us-gov-east-1"), + ("aws-us-gov", "us-gov-west-1"), + ], +) +def test_ssm_get_latest_ami_by_path(partition, region): + client = boto3.client("ssm", region_name=region) path = "/aws/service/ami-amazon-linux-latest" params = client.get_parameters_by_path(Path=path)["Parameters"] assert len(params) == 10 @@ -17,7 +26,7 @@ def test_ssm_get_latest_ami_by_path(): ) assert all(p["Type"] == "String" for p in params) assert all(p["DataType"] == "text" for p in params) - assert all(p["ARN"].startswith("arn:aws:ssm:us-west-1") for p in params) + assert all(p["ARN"].startswith(f"arn:{partition}:ssm:{region}") for p in params) @mock_aws diff --git a/tests/test_ssm/test_ssm_parameterstore.py b/tests/test_ssm/test_ssm_parameterstore.py index 1d0ebf01cd3f..77ff65a4e905 100644 --- a/tests/test_ssm/test_ssm_parameterstore.py +++ b/tests/test_ssm/test_ssm_parameterstore.py @@ -1,3 +1,5 @@ +import pytest + from moto.ssm.models import ParameterDict @@ -83,3 +85,17 @@ def test_ssm_parameter_from_unknown_region(): "/aws/service/ami-amazon-linux-latest", recursive=False ) ) + + +@pytest.mark.parametrize("region", ["us-gov-east-1", "us-gov-west-1"]) +def test_ssm_parameter_from_gov_cloud_east_region(region): + store = ParameterDict("000000000000", region) + keys = list( + store.get_keys_beginning_with( + "/aws/service/ami-amazon-linux-latest", recursive=False + ) + ) + for key in keys: + ssm_parameter = store.get(key)[0] + ami = ssm_parameter.value + assert ami.startswith("ami-")