commit 5febeb6fd9a0e595fd516ab1e0fc7aacffe9a31d Author: KF Date: Thu Oct 24 23:02:19 2024 +0800 HistoryPurge diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..f5f404b --- /dev/null +++ b/LICENSE @@ -0,0 +1,12 @@ +BSD Zero Clause License + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR +OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..78eb4bd --- /dev/null +++ b/README.md @@ -0,0 +1,8 @@ +Collection of Dockerfiles + +## docker on macvlan +On Linux, docker macvlan driver can be used to simplify routing. To create a macvlan network: + +```bash +docker network create -d macvlan --subnet=192.168.86.0/24 --ip-range=192.168.86.96/27 --gateway=192.168.86.1 -o parent=enp7s0f1 macvlan +``` diff --git a/alpine/adminer/Dockerfile b/alpine/adminer/Dockerfile new file mode 100644 index 0000000..2b47255 --- /dev/null +++ b/alpine/adminer/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine:latest +LABEL description="adminer on alpine" +LABEL maintainer="racken@one27.cf" +ENV container docker +RUN apk update; apk add bash tini php8-pdo_mysql php8-fpm nginx php8-session supervisor +RUN mkdir -p /var/www/html /etc/supervisor.d +COPY nginx-default.conf /etc/nginx/http.d/default.conf +RUN wget https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1-mysql-en.php -O /var/www/html/adminer.php +COPY run.ini /etc/supervisor.d/run.ini +CMD ["/usr/bin/supervisord", "-n"] diff --git a/alpine/adminer/nginx-default.conf b/alpine/adminer/nginx-default.conf new file mode 100644 index 0000000..9b97ff1 --- /dev/null +++ b/alpine/adminer/nginx-default.conf @@ -0,0 +1,19 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + root /var/www/html; + + # You may need this to prevent return 404 recursion. + location = /404.html { + internal; + } + + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_param HTTP_PROXY ""; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_index index.php; + include fastcgi_params; + } +} diff --git a/alpine/adminer/run.ini b/alpine/adminer/run.ini new file mode 100644 index 0000000..6dd7f83 --- /dev/null +++ b/alpine/adminer/run.ini @@ -0,0 +1,10 @@ +[program:nginx] +command=/usr/sbin/nginx -g 'daemon off;' +autostart=true +autorestart=true + +[program:phpfpm] +command=/usr/sbin/php-fpm8 -F +autostart=true +autorestart=true + diff --git a/alpine/aliyuncli/Dockerfile b/alpine/aliyuncli/Dockerfile new file mode 100644 index 0000000..2c06541 --- /dev/null +++ b/alpine/aliyuncli/Dockerfile @@ -0,0 +1,9 @@ +# aliyuncli requires python2 +FROM alpine:3.10 +ENV container docker +RUN apk update; apk upgrade; apk add py2-pip jq bash gcc libc-dev python2-dev libffi-dev rust cargo openssl-dev py2-cryptography sqlite +RUN pip install aliyuncli aliyun-python-sdk-ecs aliyun-python-sdk-nas aliyun-python-sdk-ram aliyun-python-sdk-slb aliyun-python-sdk-rds +COPY get-instances.sh /root/get-instances.sh +COPY ec2-matching.sh /root/ec2-matching.sh +RUN chmod 755 /root/*.sh +ENTRYPOINT ["/bin/bash"] diff --git a/alpine/aliyuncli/README.md b/alpine/aliyuncli/README.md new file mode 100644 index 0000000..74aed65 --- /dev/null +++ b/alpine/aliyuncli/README.md @@ -0,0 +1,17 @@ +# Authentication +``` +$ aliyuncli configure +Aliyun Access Key ID [None]: +Aliyun Access Key Secret [None]: +Default Region Id [None]: cn-hongkong +Default output format [None]: +``` + +# Sample usage +/root/get-instances.sh + +# More aliyuncli usage +``` +aliyuncli ecs DescribeInstances --MaxResults 100 | jq -cr '.Instances.Instance[] | [.InstanceName,.InstanceType,.CpuOptions.CoreCount,.Memory,.OSType,.InstanceId,.OSNameEn,.ZoneId] | @csv' +aliyuncli ecs DescribeDisks --MaxResults 200 | jq -cr '.Disks.Disk[] | [.InstanceId, .Size, .ZoneId] | @csv' +``` diff --git a/alpine/aliyuncli/ec2-matching.sh b/alpine/aliyuncli/ec2-matching.sh new file mode 100644 index 0000000..27f4a44 --- /dev/null +++ b/alpine/aliyuncli/ec2-matching.sh @@ -0,0 +1,33 @@ +#!/bin/bash +cat < /tmp/ec2-raw.txt +m5.large 2 8 +m5.xlarge 4 16 +m5.2xlarge 8 32 +m5.4xlarge 16 64 +m5.8xlarge 32 128 +c5.large 2 4 +c5.xlarge 4 8 +c5.2xlarge 8 16 +c5.4xlarge 16 32 +c5.9xlarge 36 72 +c5.12xlarge 48 96 +r5.large 2 16 +r5.xlarge 4 32 +r5.2xlarge 8 64 +r5.4xlarge 16 128 +r5.8xlarge 32 256 +EOF + +if [ ! -f ec2-size-match.db ]; then +echo "create table instances(instance varchar(30), cpu int, ram int)" | sqlite3 ec2-size-match.db +cat /tmp/ec2-raw.txt | while read a b c; do +echo "insert into instances values(\"$a\", \"$b\", \"$c\");" | sqlite3 ec2-size-match.db +done +fi + +RESULT=$(echo "select instance from instances where cpu = \"$1\" and ram = \"$2\";" | sqlite3 ec2-size-match.db) +if [ -z "$RESULT" ]; then +echo manual-match +else +echo $RESULT +fi diff --git a/alpine/aliyuncli/get-instances.sh b/alpine/aliyuncli/get-instances.sh new file mode 100644 index 0000000..d2a6dc6 --- /dev/null +++ b/alpine/aliyuncli/get-instances.sh @@ -0,0 +1,15 @@ +#!/bin/bash +echo "InstanceName","InstanceSize","vcpu","ram","OS","InstanceId","OSVersion","Location","TotalDiskSize","MatchingEC2" +aliyuncli ecs DescribeInstances --MaxResults 100 | \ +jq -cr '.Instances.Instance[] | [.InstanceName,.InstanceType,.Cpu,.Memory,.OSType,.InstanceId,.OSNameEn,.ZoneId] | @csv' \ +> /tmp/instances.csv +aliyuncli ecs DescribeDisks --MaxResults 200 | jq -cr '.Disks.Disk[] | [.Size,.InstanceId] | @csv' > /tmp/disks.csv +cat /tmp/instances.csv | while read l; do +i=$(echo $l | awk -F, '{print $6}') +DISK=$(grep $i /tmp/disks.csv | awk -F, '{SUM+=$1}; END {print SUM}') +CPU=$(echo $l | awk -F, '{print $3}') +RAM=$(echo $l | awk -F, '{print $4/1024}') +echo -n "$l,$DISK," +./ec2-matching.sh $CPU $RAM +done + diff --git a/alpine/azcli/Dockerfile b/alpine/azcli/Dockerfile new file mode 100644 index 0000000..0c6d6d0 --- /dev/null +++ b/alpine/azcli/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine:latest +ENV container docker +RUN apk update; apk add python3 py3-apipkg gcc python3-dev linux-headers libffi libffi-dev py3-cffi musl-dev openssl-dev jq make bash +RUN pip3 install azure-cli +ENV PS1 "azcli-2.0.80 $ " +ENTRYPOINT ["/bin/bash"] + diff --git a/alpine/azcli/build.sh b/alpine/azcli/build.sh new file mode 100755 index 0000000..e168bf8 --- /dev/null +++ b/alpine/azcli/build.sh @@ -0,0 +1 @@ +docker build --network macvlan -t alpine/azcli . diff --git a/alpine/dante/Dockerfile b/alpine/dante/Dockerfile new file mode 100644 index 0000000..7bf5900 --- /dev/null +++ b/alpine/dante/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine:latest +LABEL description="Dante socks5 server" +LABEL maintainer="xpk@headdesk.me" +ENV container docker +RUN apk update; apk add tini dante-server dante +#RUN addgroup -g 3000 ctnuser && adduser -u 3000 -G ctnuser -D ctnuser +#USER ctnuser +COPY sockd.conf /etc/sockd.conf +ENTRYPOINT ["/sbin/tini", "--"] +CMD ["/usr/sbin/sockd"] diff --git a/alpine/dante/build.sh b/alpine/dante/build.sh new file mode 100755 index 0000000..392f7af --- /dev/null +++ b/alpine/dante/build.sh @@ -0,0 +1,2 @@ +export DOCKER_BUILDKIT=1 +docker build --network host -t alpine/dante . diff --git a/alpine/dante/restart.sh b/alpine/dante/restart.sh new file mode 100755 index 0000000..9ee600a --- /dev/null +++ b/alpine/dante/restart.sh @@ -0,0 +1,2 @@ +docker rm -f sockd +./start.sh diff --git a/alpine/dante/sockd.conf b/alpine/dante/sockd.conf new file mode 100644 index 0000000..fb2ccf7 --- /dev/null +++ b/alpine/dante/sockd.conf @@ -0,0 +1,30 @@ +# logoutput: stdout +errorlog: stderr + +#user.privileged: root +user.unprivileged: nobody + +# The listening network interface or address. +internal: 0.0.0.0 port=11080 + +# The proxying network interface or address. +external: eth0 + +# socks-rules determine what is proxied through the external interface. +# The default of "none" permits anonymous access. +socksmethod: none + +# client-rules determine who can connect to the internal interface. +# The default of "none" permits anonymous access. +clientmethod: none + +client pass { + from: 192.168.86.0/24 to: 0.0.0.0/0 + log: connect disconnect error +} + +socks pass { + from: 192.168.86.0/24 to: 0.0.0.0/0 + log: connect disconnect error +} + diff --git a/alpine/dante/start.sh b/alpine/dante/start.sh new file mode 100755 index 0000000..0f2040d --- /dev/null +++ b/alpine/dante/start.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker run -d --name sockd --network macvlan --cpus 2 --memory 1g --restart always --ip 192.168.86.18 alpine/dante diff --git a/alpine/ebcli/Dockerfile b/alpine/ebcli/Dockerfile new file mode 100644 index 0000000..19eecfb --- /dev/null +++ b/alpine/ebcli/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine:latest +LABEL description="AWS ebcli on Alpine" +LABEL maintainer="racken@one27.cf" +ENV container docker +RUN apk add python openssl wget curl git bash gcc make musl-dev zlib-dev libffi-dev bzip2-dev openssl-dev readline-dev +RUN git clone https://github.com/aws/aws-elastic-beanstalk-cli-setup.git +RUN ./aws-elastic-beanstalk-cli-setup/scripts/bundled_installer +RUN /root/.pyenv/versions/3.7.2/bin/pip install awscli +ENV PATH="/root/.ebcli-virtual-env/executables:/root/.pyenv/versions/3.7.2/bin:$PATH" +CMD ["/bin/bash"] diff --git a/alpine/ebcli/Dockerfile-new b/alpine/ebcli/Dockerfile-new new file mode 100644 index 0000000..c9d5ede --- /dev/null +++ b/alpine/ebcli/Dockerfile-new @@ -0,0 +1,10 @@ +LABEL maintainer="racken@one27.cf" +LABEL description="AWS ebcli on Alpine" +FROM alpine:latest +ENV container docker +RUN apk add python openssl wget curl git bash gcc make musl-dev zlib-dev libffi-dev bzip2-dev openssl-dev readline-dev +RUN git clone https://github.com/aws/aws-elastic-beanstalk-cli-setup.git +RUN ./aws-elastic-beanstalk-cli-setup/scripts/bundled_installer +RUN /root/.pyenv/versions/3.7.2/bin/pip install awscli +ENV PATH="/root/.ebcli-virtual-env/executables:/root/.pyenv/versions/3.7.2/bin:$PATH" +CMD ["/bin/bash"] diff --git a/alpine/flarectl/Dockerfile b/alpine/flarectl/Dockerfile new file mode 100644 index 0000000..ac74e0e --- /dev/null +++ b/alpine/flarectl/Dockerfile @@ -0,0 +1,8 @@ +FROM alpine:latest + +# Set a working directory +RUN apk add go bash jq +RUN go install github.com/cloudflare/cloudflare-go/cmd/flarectl@latest +RUN echo "export PATH=/root/go/bin:$PATH" >> /root/.bashrc + +ENTRYPOINT [ "/bin/bash" ] diff --git a/alpine/flarectl/README.md b/alpine/flarectl/README.md new file mode 100644 index 0000000..286d8ce --- /dev/null +++ b/alpine/flarectl/README.md @@ -0,0 +1,9 @@ +# Usage: +``` +export CF_API_KEY=xxx +export CF_API_EMAIL=yyy +flarectl dns l --zone your-domain.com +``` + +# Reference: +https://pkg.go.dev/github.com/cloudflare/cloudflare-go/cmd/flarectl#section-readme diff --git a/alpine/flarectl/monitoring.sh b/alpine/flarectl/monitoring.sh new file mode 100644 index 0000000..e1ecdd0 --- /dev/null +++ b/alpine/flarectl/monitoring.sh @@ -0,0 +1,9 @@ +cfcli zones -f json | jq -cr '.[] | .name,.id' | paste - - | awk '{print $1,$2}' | while read d k; do +cfcli ls -d $d -f json | jq -cr '.[] | select(.type == "A") | .name' | while read s; do +echo curl -X POST \"https://api.cloudflare.com/client/v4/zones/$k/healthchecks\" \ + -H \"X-Auth-Email: ken.fong@rackspace.com\" \ + -H \"X-Auth-Key: xxx\" \ + -H \"Content-Type: application/json\" \ + --data \'\{\"name\":\"site-monitor\",\"description\":\"Health check\",\"check_regions\":[\"SEAS\"],\"type\":\"HTTPS\",\"consecutive_successes\":1,\"consecutive_fails\":2,\"http_config\":\{\"method\":\"GET\",\"port\":443,\"path\":\"/\",\"expected_codes\":[\"200\"],\"follow_redirects\":true,\"allow_insecure\":false,\"timeout\":5,\"retries\":2,\"interval\":60,\"address\":\"$s\"\}\' +done +done diff --git a/alpine/flarectl/setenv-cl.sh.asc b/alpine/flarectl/setenv-cl.sh.asc new file mode 100644 index 0000000..6fd8a5c --- /dev/null +++ b/alpine/flarectl/setenv-cl.sh.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP MESSAGE----- +Comment: To decrypt, save the entire message to a file and then run gpg -d + +hQGMA3pyazT9EturAQwA1qGGGxhOFYt5ibmXHxS6TzVO1ETRF3bzv8Zk2u3Yg1fn +FBa3Vsqnar4KFHxWhc1nNA3qqR4+RXLgSe9Uq9nUiJ2XYLqysqbD9LnMdSKLWTWW +XY8jkQMHlQ5esHxx4N7aiztaCr1Ga/yT4d2zPrWeUMm75iZhpXE4K/0IR97GssaP +neH5zMbTQq60M4Umcx9HJyIfI9t6vcP9dGw+OyB5aqCgyGZMmfGMdfGLGrhJu3Nz +LA+0rZ6iotM1YDX4WOFP0+IfGqSffceeDdVJUVsZUAp5eDQUbTsJyGtS43LGzZ1X +1ith1Sm2lDAX0yH0v06GGPQYptlF1g7JcwQMEc96wQbl78/mjqA6owU/N7zHjs6E +xdEVKg4CIkDHf4q7e961MXoKcDt9LBpzIm4osGF0PAVcQFJezyyCe3fUPBsHwJ0C +L6SugTZe6AjiVRG/vhXieYD01z9fPPX7m66w+0mqfYQ9rVWVXjImBJR37ApvIyfJ +ic0SA18Sbrj+i4CevLGo0p8B+hZe5A5hG9WzVa30Z+ubOWB7lJLm59vP6tzTFqUa +9vOQC/8jSs5z6NVEqlxBijdvWs5oIyzC8Ufc+62DchdPVq85bRDuma6/KagpI7Hy +4bzm9eNBz+pk7dJl0XybGnFvwpTISzN3ZtWazwtvhFzZSUt/zY0ZiZOLxjAUnwO4 +FrHaT/3Cs7gPuIDg/rIg9q3GLuh7RHd7ZhoBxdbammQ= +=bzPr +-----END PGP MESSAGE----- diff --git a/alpine/flarectl/setenv-rs.sh.asc b/alpine/flarectl/setenv-rs.sh.asc new file mode 100644 index 0000000..6afc971 --- /dev/null +++ b/alpine/flarectl/setenv-rs.sh.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP MESSAGE----- +Comment: To decrypt, save the entire message to a file and then run gpg -d + +hQGMA3pyazT9EturAQv+Jek+09cSCj1XccwH37c3deVa2UFHB1p1oI7B4iRLkaKH +CBzQCUR4f0W7DI9AwBbmd21OHzirgfs9S1UL/ygHQPukNI8D3esRKq6dCMLyctHQ +MG/q1MvRQVF4EtHmFkQoChnGEQBmpREv2xaEzOPNM7RyDZk6vktplUfGDKW78jB6 +oORrAyIMI+kKFG7QI5Zx8XlZWh1+IueXUybK040InVck9t5ge3cvMIgtvnSh4bng +9X7ZhLKopURGrniNNNjO2i9aD3+jDJu/LFkzo1pQfgcSRix2l1la2YYB6e11AV/Q +A8AWcorXofD6vo6n7PuCISmX9PWxxPjzggkFjRXyg85vLUDVWFk7lPgAT4PQ9T3Q +OKcY5KWHPQSIv77iqN72JbKoTKbFvYvZOXbnJRaapn+Mce6WpSuBprhhxsSW4y/T +8vum3w/yooDEB/ZV46IZcat9h1c9MOlJlpzzkULtYbwKZstkheM27ac2ht1wqwt0 +yY8nork7HE6OrxCDFRkz0p8B1IxalHAyMEuUnaZFxG590hY9lajKelUhXGfNusDk +FvEBvu6RcXU+wH11rnzHJeOr+QXkPCPM6bGGVGRpPsi0FYuquwOm9zv0YjWR/Ljv +07KrAwql3Lrd8GljqtY4viouJ58FPj44vLfpZxHI1EZHtTOVVheZ7IgGKRRY0Z01 +E6CuZIrAyCzD9HJ3kjBh/N3PjWfS1dRckarYAwm4mF8= +=y9Ol +-----END PGP MESSAGE----- diff --git a/alpine/flarectl/setenv.sh b/alpine/flarectl/setenv.sh new file mode 100644 index 0000000..e2d0925 --- /dev/null +++ b/alpine/flarectl/setenv.sh @@ -0,0 +1,4 @@ +export CF_API_KEY= +export CF_API_EMAIL= +#CF_API_DOMAIN + diff --git a/alpine/fpmredis/Dockerfile b/alpine/fpmredis/Dockerfile new file mode 100644 index 0000000..c424f6f --- /dev/null +++ b/alpine/fpmredis/Dockerfile @@ -0,0 +1,11 @@ +FROM alpine:latest +ENV container docker +RUN apk update; apk upgrade; apk add php83-gd php83-session php83-json php83-fpm php83-mysqlnd php83-mysqli php83-mbstring php83-xml php83-redis php83-curl php83-gmp bash php83-pdo_mysql php83-zip php83-dom php83-xmlwriter php83-xmlreader php83-ctype php83-simplexml php83-intl php83-iconv supervisor php83-opcache php83-posix php83-fileinfo php83-pecl-imagick php83-bcmath php83-pcntl php83-cli php83-sysvsem php83-exif php83-sodium php83-bz2 +COPY supervisord.conf /etc/supervisord.conf +COPY fpm-www.conf /etc/php83/php-fpm.d/www.conf +COPY nc-upgrade.sh /var/www/nc-upgrade.sh +COPY php.ini /etc/php83/php.ini +# RUN sed -i -e 's/^disable_functions.*/disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,eval,base64_decode/g' -e 's/^expose_php.*/expose_php=off/g' -e 's/^memory_limit.*/memory_limit=512M/g' -e 's/^session.save_handler.*/session.save_handler=redis/g' /etc/php83/php.ini +RUN echo 'session.save_path = "tcp://192.168.86.212:6379"' >> /etc/php83/php.ini +EXPOSE 9000 +CMD ["/usr/bin/supervisord", "-n"] diff --git a/alpine/fpmredis/Dockerfile-old b/alpine/fpmredis/Dockerfile-old new file mode 100644 index 0000000..acebe7c --- /dev/null +++ b/alpine/fpmredis/Dockerfile-old @@ -0,0 +1,7 @@ +FROM alpine +ENV container docker +RUN apk update; apk upgrade; apk add supervisor php7-gd php7-session php7-json php7-fpm php7-mysqlnd php7-mysqli php7-mbstring php7-xml php7-redis php7-curl php7-gmp bash apache2-webdav php7-pdo_mysql php7-zip php7-dom php7-xmlwriter php7-xmlreader php7-ctype php7-simplexml php7-intl php7-iconv +COPY supervisord.conf /etc/supervisord.conf +COPY fpm-www.conf /etc/php7/php-fpm.d/www.conf +EXPOSE 9000 +CMD ["/usr/bin/supervisord", "-n"] diff --git a/alpine/fpmredis/Dockerfile-php7 b/alpine/fpmredis/Dockerfile-php7 new file mode 100644 index 0000000..5a3e454 --- /dev/null +++ b/alpine/fpmredis/Dockerfile-php7 @@ -0,0 +1,10 @@ +FROM alpine +ENV container docker +RUN apk update; apk upgrade; apk add php7-gd php7-session php7-json php7-fpm php7-mysqlnd php7-mysqli php7-mbstring php7-xml php7-redis php7-curl php7-gmp bash php7-pdo_mysql php7-zip php7-dom php7-xmlwriter php7-xmlreader php7-ctype php7-simplexml php7-intl php7-iconv redis supervisor php7-opcache php7-posix php7-fileinfo php7-pecl-imagick php7-bcmath php7-pcntl php7-cli +COPY supervisord.conf /etc/supervisord.conf +COPY fpm-www.conf /etc/php7/php-fpm.d/www.conf +RUN sed -i -e 's/^disable_functions.*/disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,eval,base64_decode/g' /etc/php7/php.ini +RUN sed -i -e 's/^expose_php.*/expose_php=off/g' /etc/php7/php.ini +RUN sed -i -e 's/^memory_limit.*/memory_limit=512M/g' /etc/php7/php.ini +EXPOSE 9000 +CMD ["/usr/bin/supervisord", "-n"] diff --git a/alpine/fpmredis/Dockerfile-php81 b/alpine/fpmredis/Dockerfile-php81 new file mode 100644 index 0000000..19421c0 --- /dev/null +++ b/alpine/fpmredis/Dockerfile-php81 @@ -0,0 +1,9 @@ +FROM alpine:3.16 +ENV container docker +RUN apk update; apk upgrade; apk add php81-gd php81-session php81-json php81-fpm php81-mysqlnd php81-mysqli php81-mbstring php81-xml php81-redis php81-curl php81-gmp bash php81-pdo_mysql php81-zip php81-dom php81-xmlwriter php81-xmlreader php81-ctype php81-simplexml php81-intl php81-iconv redis supervisor php81-opcache php81-posix php81-fileinfo php81-pecl-imagick php81-bcmath php81-pcntl php81-cli +COPY supervisord.conf /etc/supervisord.conf +COPY fpm-www.conf /etc/php81/php-fpm.d/www.conf +RUN sed -i -e 's/^disable_functions.*/disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,eval,base64_decode/g' -e 's/^expose_php.*/expose_php=off/g' -e 's/^memory_limit.*/memory_limit=512M/g' -e 's/^session.save_handler.*/session.save_handler=redis/g' /etc/php81/php.ini +RUN echo 'session.save_path = "tcp://192.168.86.212:6379"' >> /etc/php81/php.ini +EXPOSE 9000 +CMD ["/usr/bin/supervisord", "-n"] diff --git a/alpine/fpmredis/README.md b/alpine/fpmredis/README.md new file mode 100644 index 0000000..72c3b42 --- /dev/null +++ b/alpine/fpmredis/README.md @@ -0,0 +1 @@ +nextcloud does not support php 7.4+. diff --git a/alpine/fpmredis/apache-vhosts.conf b/alpine/fpmredis/apache-vhosts.conf new file mode 100644 index 0000000..356747c --- /dev/null +++ b/alpine/fpmredis/apache-vhosts.conf @@ -0,0 +1,67 @@ +LoadModule dav_module /usr/lib/apache2/mod_dav.so + +# Enable php-fpm integration + + + + SetHandler "proxy:fcgi://127.0.0.1:9000" + +DirectoryIndex /index.php index.php + + + # this site is now behind nginx + # https://www.headdesk.me/Nginx_reverse_proxy_container + + # requires ondrej ppa + # Protocols h2c http/1.1 + + # vhost for music share + # access with user xpk.music / qwer-tyui-asdf-ghjk-zxcv + + ServerName xpk.headdesk.me + ServerAlias localhost + DocumentRoot /var/www/nextcloud + ErrorLog /var/log/apache2/xpk.headdesk.me.err + LogLevel error + CustomLog /var/log/apache2/xpk.headdesk.me.log combined + + Alias /music /nas/music + + Options Indexes + DAV on + #AuthType Digest + #AuthName "XPKMusic" + #AuthDigestProvider file + AuthType Basic + AuthName "XPK Music" + #AuthUserFile "/etc/apache2/webdav.passwd" + AuthUserFile "/etc/apache2/xpkmusic.paswd" + + require valid-user + + + + Alias /nextcloud /var/www/nextcloud + + Require all granted + + + + Options +FollowSymlinks + AllowOverride All + + + Dav off + + + SetEnv HOME /var/www/nextcloud + SetEnv HTTP_HOME /var/www/nextcloud + + + + + Require all denied + + + + diff --git a/alpine/fpmredis/backup.tar b/alpine/fpmredis/backup.tar new file mode 100644 index 0000000..eec0499 Binary files /dev/null and b/alpine/fpmredis/backup.tar differ diff --git a/alpine/fpmredis/build.sh b/alpine/fpmredis/build.sh new file mode 100755 index 0000000..992f11e --- /dev/null +++ b/alpine/fpmredis/build.sh @@ -0,0 +1,2 @@ +export DOCKER_BUILDKIT=1 +docker build --pull --network host -t alpine/fpmredis . diff --git a/alpine/fpmredis/c8-php8-backup.tar b/alpine/fpmredis/c8-php8-backup.tar new file mode 100644 index 0000000..2f1f72d Binary files /dev/null and b/alpine/fpmredis/c8-php8-backup.tar differ diff --git a/alpine/fpmredis/fpm-www.conf b/alpine/fpmredis/fpm-www.conf new file mode 100644 index 0000000..67e6967 --- /dev/null +++ b/alpine/fpmredis/fpm-www.conf @@ -0,0 +1,23 @@ +[www] +user = nobody +group = nobody +listen = 0.0.0.0:9000 +pm = dynamic +pm.max_children = 50 +pm.start_servers = 10 +pm.min_spare_servers = 10 +pm.max_spare_servers = 20 +pm.process_idle_timeout = 20s +pm.max_requests = 500 +php_admin_flag[log_errors] = on +php_admin_value[error_log] = /var/log/fpm-$pool.error.log +php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignal +php_admin_value[memory_limit] = 512M +php_admin_value[upload_max_filesize] = 800M +php_admin_value[post_max_size] = 850M +; needed by nextcloud +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp diff --git a/alpine/fpmredis/nc-upgrade.sh b/alpine/fpmredis/nc-upgrade.sh new file mode 100644 index 0000000..4312dba --- /dev/null +++ b/alpine/fpmredis/nc-upgrade.sh @@ -0,0 +1,17 @@ +#!/bin/bash +cp /etc/php81/php.ini /etc/php81/php.ini-orig +sed -i -e '/^disable_function/d' /etc/php81/php.ini +VERSION=$1 +cd /var/www/nextcloud +cp nextcloud/config/config.php . +cp -ap nextcloud/data/ data/ +apk add axel sudo +axel https://download.nextcloud.com/server/releases/nextcloud-$VERSION.zip +unzip -o -q nextcloud-$VERSION.zip +cp config.php nextcloud/config/ +cp -ap data nextcloud/ +chown -R xfs:xfs nextcloud +cd nextcloud +sudo -u xfs php81 occ upgrade +sudo -u xfs php81 occ maintenance:mode --off +cp /etc/php81/php.ini-orig /etc/php81/php.ini diff --git a/alpine/fpmredis/php.ini b/alpine/fpmredis/php.ini new file mode 100644 index 0000000..90a08bd --- /dev/null +++ b/alpine/fpmredis/php.ini @@ -0,0 +1,1964 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;; +; About php.ini ; +;;;;;;;;;;;;;;;;;;; +; PHP's initialization file, generally called php.ini, is responsible for +; configuring many of the aspects of PHP's behavior. + +; PHP attempts to find and load this configuration from a number of locations. +; The following is a summary of its search order: +; 1. SAPI module specific location. +; 2. The PHPRC environment variable. +; 3. A number of predefined registry keys on Windows +; 4. Current working directory (except CLI) +; 5. The web server's directory (for SAPI modules), or directory of PHP +; (otherwise in Windows) +; 6. The directory from the --with-config-file-path compile time option, or the +; Windows directory (usually C:\windows) +; See the PHP docs for more specific information. +; https://php.net/configuration.file + +; The syntax of the file is extremely simple. Whitespace and lines +; beginning with a semicolon are silently ignored (as you probably guessed). +; Section headers (e.g. [Foo]) are also silently ignored, even though +; they might mean something in the future. + +; Directives following the section heading [PATH=/www/mysite] only +; apply to PHP files in the /www/mysite directory. Directives +; following the section heading [HOST=www.example.com] only apply to +; PHP files served from www.example.com. Directives set in these +; special sections cannot be overridden by user-defined INI files or +; at runtime. Currently, [PATH=] and [HOST=] sections only work under +; CGI/FastCGI. +; https://php.net/ini.sections + +; Directives are specified using the following syntax: +; directive = value +; Directive names are *case sensitive* - foo=bar is different from FOO=bar. +; Directives are variables used to configure PHP or PHP extensions. +; There is no name validation. If PHP can't find an expected +; directive because it is not set or is mistyped, a default value will be used. + +; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one +; of the INI constants (On, Off, True, False, Yes, No and None) or an expression +; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a +; previously set variable or directive (e.g. ${foo}) + +; Expressions in the INI file are limited to bitwise operators and parentheses: +; | bitwise OR +; ^ bitwise XOR +; & bitwise AND +; ~ bitwise NOT +; ! boolean NOT + +; Boolean flags can be turned on using the values 1, On, True or Yes. +; They can be turned off using the values 0, Off, False or No. + +; An empty string can be denoted by simply not writing anything after the equal +; sign, or by using the None keyword: + +; foo = ; sets foo to an empty string +; foo = None ; sets foo to an empty string +; foo = "None" ; sets foo to the string 'None' + +; If you use constants in your value, and these constants belong to a +; dynamically loaded extension (either a PHP extension or a Zend extension), +; you may only use these constants *after* the line that loads the extension. + +;;;;;;;;;;;;;;;;;;; +; About this file ; +;;;;;;;;;;;;;;;;;;; +; PHP comes packaged with two INI files. One that is recommended to be used +; in production environments and one that is recommended to be used in +; development environments. + +; php.ini-production contains settings which hold security, performance and +; best practices at its core. But please be aware, these settings may break +; compatibility with older or less security-conscious applications. We +; recommending using the production ini in production and testing environments. + +; php.ini-development is very similar to its production variant, except it is +; much more verbose when it comes to errors. We recommend using the +; development version only in development environments, as errors shown to +; application users can inadvertently leak otherwise secure information. + +; This is the php.ini-production INI file. + +;;;;;;;;;;;;;;;;;;; +; Quick Reference ; +;;;;;;;;;;;;;;;;;;; + +; The following are all the settings which are different in either the production +; or development versions of the INIs with respect to PHP's default behavior. +; Please see the actual settings later in the document for more details as to why +; we recommend these changes in PHP's behavior. + +; display_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; display_startup_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; error_reporting +; Default Value: E_ALL +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT + +; log_errors +; Default Value: Off +; Development Value: On +; Production Value: On + +; max_input_time +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) + +; output_buffering +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 + +; register_argc_argv +; Default Value: On +; Development Value: Off +; Production Value: Off + +; request_order +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" + +; session.gc_divisor +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 + +; session.sid_bits_per_character +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 + +; session.sid_length +; Default Value: 32 +; Development Value: 26 +; Production Value: 26 + +; short_open_tag +; Default Value: On +; Development Value: Off +; Production Value: Off + +; variables_order +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS" + +; zend.assertions +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 + +; zend.exception_ignore_args +; Default Value: Off +; Development Value: Off +; Production Value: On + +; zend.exception_string_param_max_len +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 + +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +;user_ini.filename = ".user.ini" + +; To disable this feature set this option to an empty value +;user_ini.filename = + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +; Enable the PHP scripting language engine under Apache. +; https://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It is +; generally recommended that should be used and that this feature +; should be disabled, as enabling it may result in issues when generating XML +; documents, however this remains supported for backward compatibility reasons. +; Note that this directive does not control the would work. +; https://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; https://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; Note: if open_basedir is set, the cache is disabled +; https://php.net/realpath-cache-size +;realpath_cache_size = 4096k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; https://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +; Enables or disables the circular reference collector. +; https://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +;zend.script_encoding = + +; Allows to include or exclude arguments from stack traces generated for exceptions. +; In production, it is recommended to turn this setting on to prohibit the output +; of sensitive information in stack traces +; Default Value: Off +; Development Value: Off +; Production Value: On +zend.exception_ignore_args = On + +; Allows setting the maximum string length in an argument of a stringified stack trace +; to a value between 0 and 1000000. +; This has no effect when zend.exception_ignore_args is enabled. +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 +; In production, it is recommended to set this to 0 to reduce the output +; of sensitive information in stack traces. +zend.exception_string_param_max_len = 0 + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; https://php.net/expose-php +expose_php = On + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +; Maximum execution time of each script, in seconds +; https://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 30 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; https://php.net/max-input-time +max_input_time = 60 + +; Maximum input variable nesting level +; https://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +;max_input_vars = 1000 + +; How many multipart body parts (combined input variable and file uploads) may +; be accepted. +; Default Value: -1 (Sum of max_input_vars and max_file_uploads) +;max_multipart_body_parts = 1500 + +; Maximum amount of memory a script may consume +; https://php.net/memory-limit +memory_limit = 128M + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE and E_STRICT, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it is automatically initialized to an +; empty string) +; E_STRICT - run-time notices, enable to have PHP suggest changes +; to your code which will ensure the best interoperability +; and forward compatibility of your code +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL (Show all errors, warnings and notices including coding standards.) +; E_ALL & ~E_NOTICE (Show all errors, except for notices) +; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; Default Value: E_ALL +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT +; https://php.net/error-reporting +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; For production environments, we recommend logging errors rather than +; sending them to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; https://php.net/display-errors +display_errors = Off + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. We strongly recommend you set this to 'off' +; for production servers to avoid leaking configuration details. +; Default Value: On +; Development Value: On +; Production Value: Off +; https://php.net/display-startup-errors +display_startup_errors = Off + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; https://php.net/log-errors +log_errors = On + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; https://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; https://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This is only effective in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +; https://php.net/report-memleaks +report_memleaks = On + +; This setting is off by default. +;report_zend_debug = 0 + +; Turn off normal error reporting and emit XML-RPC error XML +; https://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; https://php.net/html-errors +;html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from https://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; https://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; https://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; https://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; https://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; https://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on Windows). +;error_log = syslog + +; The syslog ident is a string which is prepended to every message logged +; to syslog. Only used when error_log is set to syslog. +;syslog.ident = php + +; The syslog facility is used to specify what type of program is logging +; the message. Only used when error_log is set to syslog. +;syslog.facility = user + +; Set this to disable filtering control characters (the default). +; Some loggers only accept NVT-ASCII, others accept anything that's not +; control characters. If your logger accepts everything, then no filtering +; is needed at all. +; Allowed values are: +; ascii (all printable ASCII characters and NL) +; no-ctrl (all characters except control characters) +; all (all characters) +; raw (like "all", but messages are not split at newlines) +; https://php.net/syslog.filter +;syslog.filter = ascii + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; https://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; https://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; https://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P & C) should be +; registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive +; are specified in the same manner as the variables_order directive, +; EXCEPT one. Leaving this value empty will cause PHP to use the value set +; in the variables_order directive. It does not mean it will leave the super +; globals array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; https://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For performance reasons, this feature should be disabled +; on production servers. +; Note: This directive is hardcoded to On for the CLI SAPI +; Default Value: On +; Development Value: Off +; Production Value: Off +; https://php.net/register-argc-argv +register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any effect. +; https://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; https://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; https://php.net/post-max-size +post_max_size = 8M + +; Automatically add files before PHP document. +; https://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; https://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a media type using the Content-Type header. To +; disable this, simply set it to be empty. +; +; PHP's built-in default media type is set to text/html. +; https://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to UTF-8. +; https://php.net/default-charset +default_charset = "UTF-8" + +; PHP internal character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/internal-encoding +;internal_encoding = + +; PHP input character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/input-encoding +;input_encoding = + +; PHP output character encoding is set to empty. +; If empty, default_charset is used. +; See also output_buffer. +; https://php.net/output-encoding +;output_encoding = + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +; UNIX: "/path1:/path2" +include_path = ".:/usr/share/php83" +; +; Windows: "\path1;\path2" +;include_path = ".;c:\php\includes" +; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; https://php.net/include-path + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; https://php.net/doc-root +doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; https://php.net/user-dir +user_dir = + +; Directory in which the loadable extensions (modules) reside. +; https://php.net/extension-dir +;extension_dir = "./" +; On windows: +;extension_dir = "ext" + +; Directory where the temporary files should be placed. +; Defaults to the system default (see sys_get_temp_dir) +;sys_temp_dir = "/tmp" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; https://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; https://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; https://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; https://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +;cgi.discard_path=1 + +; FastCGI under IIS supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; https://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send +; RFC2616 compliant header. +; Default is zero. +; https://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; https://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +; Whether to allow HTTP file uploads. +; https://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; https://php.net/upload-tmp-dir +;upload_tmp_dir = + +; Maximum allowed size for uploaded files. +; https://php.net/upload-max-filesize +upload_max_filesize = 2M + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; https://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like https:// or ftp://) as files. +; https://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; https://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; https://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; https://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; https://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +;;;;;;;;;;;;;;;;;;;;;; +; Dynamic Extensions ; +;;;;;;;;;;;;;;;;;;;;;; + +; If you wish to have an extension loaded automatically, use the following +; syntax: +; +; extension=modulename +; +; For example: +; +; extension=mysqli +; +; When the extension library to load is not located in the default extension +; directory, You may specify an absolute path to the library file: +; +; extension=/path/to/extension/mysqli.so +; +; Note : The syntax used in previous PHP versions ('extension=.so' and +; 'extension='php_.dll') is supported for legacy reasons and may be +; deprecated in a future PHP major version. So, when it is possible, please +; move to the new ('extension=) syntax. +; +; Notes for Windows environments : +; +; - Many DLL files are located in the ext/ +; extension folders as well as the separate PECL DLL download. +; Be sure to appropriately set the extension_dir directive. +; +;extension=bz2 + +; The ldap extension must be before curl if OpenSSL 1.0.2 and OpenLDAP is used +; otherwise it results in segfault when unloading after using SASL. +; See https://github.com/php/php-src/issues/8620 for more info. +;extension=ldap + +;extension=curl +;extension=ffi +;extension=ftp +;extension=fileinfo +;extension=gd +;extension=gettext +;extension=gmp +;extension=intl +;extension=imap +;extension=mbstring +;extension=exif ; Must be after mbstring as it depends on it +;extension=mysqli +;extension=oci8_12c ; Use with Oracle Database 12c Instant Client +;extension=oci8_19 ; Use with Oracle Database 19 Instant Client +;extension=odbc +;extension=openssl +;extension=pdo_firebird +;extension=pdo_mysql +;extension=pdo_oci +;extension=pdo_odbc +;extension=pdo_pgsql +;extension=pdo_sqlite +;extension=pgsql +;extension=shmop + +; The MIBS data available in the PHP distribution must be installed. +; See https://www.php.net/manual/en/snmp.installation.php +;extension=snmp + +;extension=soap +;extension=sockets +;extension=sodium +;extension=sqlite3 +;extension=tidy +;extension=xsl +;extension=zip + +;zend_extension=opcache + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[Date] +; Defines the default timezone used by the date functions +; https://php.net/date.timezone +;date.timezone = + +; https://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; https://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; https://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.833333 + +; https://php.net/date.sunset-zenith +;date.sunset_zenith = 90.833333 + +[filter] +; https://php.net/filter.default +;filter.default = unsafe_raw + +; https://php.net/filter.default-flags +;filter.default_flags = + +[iconv] +; Use of this INI entry is deprecated, use global input_encoding instead. +; If empty, default_charset or input_encoding or iconv.input_encoding is used. +; The precedence is: default_charset < input_encoding < iconv.input_encoding +;iconv.input_encoding = + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;iconv.internal_encoding = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; If empty, default_charset or output_encoding or iconv.output_encoding is used. +; The precedence is: default_charset < output_encoding < iconv.output_encoding +; To use an output encoding conversion, iconv's output handler must be set +; otherwise output encoding conversion cannot be performed. +;iconv.output_encoding = + +[imap] +; rsh/ssh logins are disabled by default. Use this INI entry if you want to +; enable them. Note that the IMAP library does not filter mailbox names before +; passing them to rsh/ssh command, thus passing untrusted data to this function +; with rsh/ssh enabled is insecure. +;imap.enable_insecure_rsh=0 + +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +;intl.error_level = E_WARNING +;intl.use_exceptions = 0 + +[sqlite3] +; Directory pointing to SQLite3 extensions +; https://php.net/sqlite3.extension-dir +;sqlite3.extension_dir = + +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +;sqlite3.defensive = 1 + +[Pcre] +; PCRE library backtracking limit. +; https://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +; PCRE library recursion limit. +; Please note that if you set this value to a high number you may consume all +; the available process stack and eventually crash PHP (due to reaching the +; stack size limit imposed by the Operating System). +; https://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +; Enables or disables JIT compilation of patterns. This requires the PCRE +; library to be compiled with JIT support. +;pcre.jit=1 + +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; https://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +[Pdo_mysql] +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +pdo_mysql.default_socket= + +[Phar] +; https://php.net/phar.readonly +;phar.readonly = On + +; https://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = + +[mail function] +; For Win32 only. +; https://php.net/smtp +SMTP = localhost +; https://php.net/smtp-port +smtp_port = 25 + +; For Win32 only. +; https://php.net/sendmail-from +;sendmail_from = me@example.com + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +; https://php.net/sendmail-path +;sendmail_path = + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(). +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = Off + +; Use mixed LF and CRLF line separators to keep compatibility with some +; RFC 2822 non conformant MTA. +mail.mixed_lf_and_crlf = Off + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on Windows). +;mail.log = syslog + +[ODBC] +; https://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; https://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; https://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; https://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; https://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; https://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; https://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; https://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 + +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; https://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; It allows the user to specify a folder where files that can be sent via LOAD DATA +; LOCAL can exist. It is ignored if mysqli.allow_local_infile is enabled. +;mysqli.local_infile_directory = + +; Allow or prevent persistent links. +; https://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; https://php.net/mysqli.max-links +mysqli.max_links = -1 + +; Default port number for mysqli_connect(). If unset, mysqli_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; https://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; https://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysqli_connect() (doesn't apply in safe mode). +; https://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysqli_connect() (doesn't apply in safe mode). +; https://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; https://php.net/mysqli.default-pw +mysqli.default_pw = + +; If this option is enabled, closing a persistent connection will rollback +; any pending transactions of this connection, before it is put back +; into the persistent connection pool. +;mysqli.rollback_on_cached_plink = Off + +[mysqlnd] +; Enable / Disable collection of general statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_memory_statistics = Off + +; Records communication from all extensions using mysqlnd to the specified log +; file. +; https://php.net/mysqlnd.debug +;mysqlnd.debug = + +; Defines which queries will be logged. +;mysqlnd.log_mask = 0 + +; Default size of the mysqlnd memory pool, which is used by result sets. +;mysqlnd.mempool_default_size = 16000 + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +;mysqlnd.net_read_buffer_size = 32768 + +; Timeout for network requests in seconds. +;mysqlnd.net_read_timeout = 31536000 + +; SHA-256 Authentication Plugin related. File with the MySQL server public RSA +; key. +;mysqlnd.sha256_server_public_key = + +[OCI8] + +; Connection: Enables privileged connections using external +; credentials (OCI_SYSOPER, OCI_SYSDBA) +; https://php.net/oci8.privileged-connect +;oci8.privileged_connect = Off + +; Connection: The maximum number of persistent OCI8 connections per +; process. Using -1 means no limit. +; https://php.net/oci8.max-persistent +;oci8.max_persistent = -1 + +; Connection: The maximum number of seconds a process is allowed to +; maintain an idle persistent connection. Using -1 means idle +; persistent connections will be maintained forever. +; https://php.net/oci8.persistent-timeout +;oci8.persistent_timeout = -1 + +; Connection: The number of seconds that must pass before issuing a +; ping during oci_pconnect() to check the connection validity. When +; set to 0, each oci_pconnect() will cause a ping. Using -1 disables +; pings completely. +; https://php.net/oci8.ping-interval +;oci8.ping_interval = 60 + +; Connection: Set this to a user chosen connection class to be used +; for all pooled server requests with Oracle Database Resident +; Connection Pooling (DRCP). To use DRCP, this value should be set to +; the same string for all web servers running the same application, +; the database pool must be configured, and the connection string must +; specify to use a pooled server. +;oci8.connection_class = + +; High Availability: Using On lets PHP receive Fast Application +; Notification (FAN) events generated when a database node fails. The +; database must also be configured to post FAN events. +;oci8.events = Off + +; Tuning: This option enables statement caching, and specifies how +; many statements to cache. Using 0 disables statement caching. +; https://php.net/oci8.statement-cache-size +;oci8.statement_cache_size = 20 + +; Tuning: Enables row prefetching and sets the default number of +; rows that will be fetched automatically after statement execution. +; https://php.net/oci8.default-prefetch +;oci8.default_prefetch = 100 + +; Tuning: Sets the amount of LOB data that is internally returned from +; Oracle Database when an Oracle LOB locator is initially retrieved as +; part of a query. Setting this can improve performance by reducing +; round-trips. +; https://php.net/oci8.prefetch-lob-size +; oci8.prefetch_lob_size = 0 + +; Compatibility. Using On means oci_close() will not close +; oci_connect() and oci_new_connect() connections. +; https://php.net/oci8.old-oci-close-semantics +;oci8.old_oci_close_semantics = Off + +[PostgreSQL] +; Allow or prevent persistent links. +; https://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; https://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; https://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; https://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; https://php.net/pgsql.log-notice +pgsql.log_notice = 0 + +[bcmath] +; Number of decimal digits for all bcmath functions. +; https://php.net/bcmath.scale +bcmath.scale = 0 + +[browscap] +; https://php.net/browscap +;browscap = extra/browscap.ini + +[Session] +; Handler used to store/retrieve data. +; https://php.net/session.save-handler +; session.save_handler = files +session.save_handler=redis +session.save_path = "tcp://192.168.86.212:6379 + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if +; your OS has problems with many files in one directory, and is +; a more efficient layout for servers that handle many sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; https://php.net/session.save-path +;session.save_path = "/tmp" + +; Whether to use strict session mode. +; Strict session mode does not accept an uninitialized session ID, and +; regenerates the session ID if the browser sends an uninitialized session ID. +; Strict mode protects applications from session fixation via a session adoption +; vulnerability. It is disabled by default for maximum compatibility, but +; enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + +; Whether to use cookies. +; https://php.net/session.use-cookies +session.use_cookies = 1 + +; https://php.net/session.cookie-secure +;session.cookie_secure = + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the be-all and end-all of session hijacking defense, but it's a good start. +; https://php.net/session.use-only-cookies +session.use_only_cookies = 1 + +; Name of the session (used as cookie name). +; https://php.net/session.name +session.name = PHPSESSID + +; Initialize session on request startup. +; https://php.net/session.auto-start +session.auto_start = 0 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; https://php.net/session.cookie-lifetime +session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; https://php.net/session.cookie-path +session.cookie_path = / + +; The domain for which the cookie is valid. +; https://php.net/session.cookie-domain +session.cookie_domain = "headdesk.me" + +; Whether or not to add the httpOnly flag to the cookie, which makes it +; inaccessible to browser scripting languages such as JavaScript. +; https://php.net/session.cookie-httponly +session.cookie_httponly = + +; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. +; https://tools.ietf.org/html/draft-west-first-party-cookies-07 +session.cookie_samesite = + +; Handler used to serialize data. php is the standard serializer of PHP. +; https://php.net/session.serialize-handler +session.serialize_handler = php + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; https://php.net/session.gc-probability +session.gc_probability = 1 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; https://php.net/session.gc-divisor +session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; https://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 1440 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; https://php.net/session.referer-check +session.referer_check = + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; https://php.net/session.cache-limiter +session.cache_limiter = nocache + +; Document expires after n minutes. +; https://php.net/session.cache-expire +session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users' security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; https://php.net/session.use-trans-sid +session.use_trans_sid = 0 + +; Set session ID character length. This value could be between 22 to 256. +; Shorter length than default is supported only for compatibility reason. +; Users should use 32 or more chars. +; https://php.net/session.sid-length +; Default Value: 32 +; Development Value: 26 +; Production Value: 26 +session.sid_length = 26 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +;
is special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. tag's action attribute URL will not be modified +; unless it is specified. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=" +; Development Value: "a=href,area=href,frame=src,form=" +; Production Value: "a=href,area=href,frame=src,form=" +; https://php.net/url-rewriter.tags +session.trans_sid_tags = "a=href,area=href,frame=src,form=" + +; URL rewriter does not rewrite absolute URLs by default. +; To enable rewrites for absolute paths, target hosts must be specified +; at RUNTIME. i.e. use ini_set() +; tags is special. PHP will check action attribute's URL regardless +; of session.trans_sid_tags setting. +; If no host is defined, HTTP_HOST will be used for allowed host. +; Example value: php.net,www.php.net,wiki.php.net +; Use "," for multiple hosts. No spaces are allowed. +; Default Value: "" +; Development Value: "" +; Production Value: "" +;session.trans_sid_hosts="" + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +; https://php.net/session.hash-bits-per-character +session.sid_bits_per_character = 5 + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; https://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; https://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = On + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; https://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; https://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; https://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; https://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +; Only write session data when session data is changed. Enabled by default. +; https://php.net/session.lazy-write +;session.lazy_write = On + +[Assertion] +; Switch whether to compile assertions at all (to have no overhead at run-time) +; -1: Do not compile at all +; 0: Jump over assertion at run-time +; 1: Execute assertions +; Changing from or to a negative value is only possible in php.ini! +; (For turning assertions on and off at run-time, toggle zend.assertions between the values 1 and 0) +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 +; https://php.net/zend.assertions +zend.assertions = -1 + +[COM] +; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs +; https://php.net/com.typelib-file +;com.typelib_file = + +; allow Distributed-COM calls +; https://php.net/com.allow-dcom +;com.allow_dcom = true + +; autoregister constants of a component's typelib on com_load() +; https://php.net/com.autoregister-typelib +;com.autoregister_typelib = true + +; register constants casesensitive +; https://php.net/com.autoregister-casesensitive +;com.autoregister_casesensitive = false + +; show warnings on duplicate constant registrations +; https://php.net/com.autoregister-verbose +;com.autoregister_verbose = true + +; The default character set code-page to use when passing strings to and from COM objects. +; Default: system ANSI code page +;com.code_page= + +; The version of the .NET framework to use. The value of the setting are the first three parts +; of the framework's version number, separated by dots, and prefixed with "v", e.g. "v4.0.30319". +;com.dotnet_version= + +[mbstring] +; language for internal character representation. +; This affects mb_send_mail() and mbstring.detect_order. +; https://php.net/mbstring.language +;mbstring.language = Japanese + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; internal/script encoding. +; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;mbstring.internal_encoding = + +; Use of this INI entry is deprecated, use global input_encoding instead. +; http input encoding. +; mbstring.encoding_translation = On is needed to use this setting. +; If empty, default_charset or input_encoding or mbstring.input is used. +; The precedence is: default_charset < input_encoding < mbstring.http_input +; https://php.net/mbstring.http-input +;mbstring.http_input = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; http output encoding. +; mb_output_handler must be registered as output buffer to function. +; If empty, default_charset or output_encoding or mbstring.http_output is used. +; The precedence is: default_charset < output_encoding < mbstring.http_output +; To use an output encoding conversion, mbstring's output handler must be set +; otherwise output encoding conversion cannot be performed. +; https://php.net/mbstring.http-output +;mbstring.http_output = + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; https://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; "auto" detect order is changed according to mbstring.language +; https://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; https://php.net/mbstring.substitute-character +;mbstring.substitute_character = none + +; Enable strict encoding detection. +;mbstring.strict_detection = Off + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetypes=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetypes= + +; This directive specifies maximum stack depth for mbstring regular expressions. It is similar +; to the pcre.recursion_limit for PCRE. +;mbstring.regex_stack_limit=100000 + +; This directive specifies maximum retry count for mbstring regular expressions. It is similar +; to the pcre.backtrack_limit for PCRE. +;mbstring.regex_retry_limit=1000000 + +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; https://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 1 + +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting cannot be empty. +; https://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; https://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; https://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; https://php.net/exif.encode-jis +;exif.encode_jis = + +; https://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; https://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS + +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; https://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; https://php.net/tidy.clean-output +tidy.clean_output = Off + +[soap] +; Enables or disables WSDL caching feature. +; https://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; https://php.net/soap.wsdl-cache-dir +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; https://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 + +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 + +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 + +[dba] +;dba.default_handler= + +[opcache] +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +;opcache.enable_cli=0 + +; The OPcache shared memory storage size. +opcache.memory_consumption=128 + +; The amount of memory for interned strings in Mbytes. +opcache.interned_strings_buffer=16 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +;opcache.max_accelerated_files=10000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +;opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +;opcache.save_comments=1 + +; If enabled, compilation warnings (including notices and deprecations) will +; be recorded and replayed each time a file is included. Otherwise, compilation +; warnings will only be emitted when the file is first cached. +;opcache.record_warnings=0 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0x7FFFBFFF + +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +;opcache.blacklist_filename= + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Mapping base of shared memory segments (for Windows only). All the PHP +; processes have to map shared memory into the same address space. This +; directive allows to manually fix the "Unable to reattach to base address" +; errors. +;opcache.mmap_base= + +; Facilitates multiple OPcache instances per user (for Windows only). All PHP +; processes with the same cache ID and user share an OPcache instance. +;opcache.cache_id= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +;opcache.file_cache= + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; Under certain circumstances (if only a single global PHP process is +; started from which all others fork), this can increase performance +; by a tiny amount because TLB misses are reduced. On the other hand, this +; delays PHP startup, increases memory usage and degrades performance +; under memory pressure - use with care. +; Requires appropriate OS configuration. +;opcache.huge_code_pages=0 + +; Validate cached file permissions. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + +; Specifies a PHP script that is going to be compiled and executed at server +; start-up. +; https://php.net/opcache.preload +;opcache.preload= + +; Preloading code as root is not allowed for security reasons. This directive +; facilitates to let the preloading to be run as another user. +; https://php.net/opcache.preload_user +;opcache.preload_user= + +; Prevents caching files that are less than this number of seconds old. It +; protects from caching of incompletely updated files. In case all file updates +; on your site are atomic, you may increase performance by setting it to "0". +;opcache.file_update_protection=2 + +; Absolute path used to store shared lockfiles (for *nix only). +;opcache.lockfile_path=/tmp + +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = + +[openssl] +; The location of a Certificate Authority (CA) file on the local filesystem +; to use when verifying the identity of SSL/TLS peers. Most users should +; not specify a value for this directive as PHP will attempt to use the +; OS-managed cert stores in its absence. If specified, this value may still +; be overridden on a per-stream basis via the "cafile" SSL stream context +; option. +;openssl.cafile= + +; If openssl.cafile is not specified or if the CA file is not found, the +; directory pointed to by openssl.capath is searched for a suitable +; certificate. This value must be a correctly hashed certificate directory. +; Most users should not specify a value for this directive as PHP will +; attempt to use the OS-managed cert stores in its absence. If specified, +; this value may still be overridden on a per-stream basis via the "capath" +; SSL stream context option. +;openssl.capath= + +[ffi] +; FFI API restriction. Possible values: +; "preload" - enabled in CLI scripts and preloaded files (default) +; "false" - always disabled +; "true" - always enabled +;ffi.enable=preload + +; List of headers files to preload, wildcard patterns allowed. +;ffi.preload= + diff --git a/alpine/fpmredis/restart.sh b/alpine/fpmredis/restart.sh new file mode 100755 index 0000000..322376e --- /dev/null +++ b/alpine/fpmredis/restart.sh @@ -0,0 +1,2 @@ +docker ps -a | grep nextcloud-fpm | awk '{print $1}' | xargs docker rm -f +./start.sh diff --git a/alpine/fpmredis/start.sh b/alpine/fpmredis/start.sh new file mode 100755 index 0000000..2e9d586 --- /dev/null +++ b/alpine/fpmredis/start.sh @@ -0,0 +1,3 @@ +docker run --cpus=4 --name nextcloud-fpm -v /var/www/nextcloud:/var/www/nextcloud:rw \ +-v /var/run/mysqld/mysqld.sock:/var/run/mysqld/mysqld.sock:rw \ +-it -d -m 4g --net macvlan --ip 192.168.86.210 --restart=always alpine/fpmredis diff --git a/alpine/fpmredis/supervisord.conf b/alpine/fpmredis/supervisord.conf new file mode 100644 index 0000000..06fabdc --- /dev/null +++ b/alpine/fpmredis/supervisord.conf @@ -0,0 +1,25 @@ +[unix_http_server] +file=/run/supervisord.sock ; (the path to the socket file) + +[supervisord] +logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log) +loglevel=error +logfile_maxbytes=10MB +logfile_backups=7 +user=root + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///run/supervisord.sock ; use a unix:// URL for a unix socket + +#[program:redis] +#command=redis-server +#stderr_logfile = /var/log/supervisord-redis.err +#stdout_logfile = /var/log/supervisord-redis.log + +[program:phpfpm] +command=/usr/sbin/php-fpm82 -c /etc/php82/php-fpm.conf -F +stderr_logfile = /var/log/supervisord-fpm.err +stdout_logfile = /var/log/supervisord-fpm.log diff --git a/alpine/gcloudcli/Dockerfile b/alpine/gcloudcli/Dockerfile new file mode 100644 index 0000000..c4eab4a --- /dev/null +++ b/alpine/gcloudcli/Dockerfile @@ -0,0 +1,9 @@ +FROM alpine:3.16 +ENV container docker +RUN apk update; apk upgrade; apk add jq bash wget curl python3 sqlite +RUN wget -q -O- https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-368.0.0-linux-x86_64.tar.gz | tar zxf - +COPY *.sh /root/ +RUN chmod 755 /root/*.sh +RUN /google-cloud-sdk/install.sh -q +RUN echo 'export PATH=/google-cloud-sdk/bin:$PATH' > /root/.bashrc +ENTRYPOINT ["/bin/bash"] diff --git a/alpine/gcloudcli/README.md b/alpine/gcloudcli/README.md new file mode 100644 index 0000000..72bae28 --- /dev/null +++ b/alpine/gcloudcli/README.md @@ -0,0 +1,96 @@ +# notes +There is no need to build your own image. Use the ones on docker hub. e.g. google/cloud-sdk:alpine +See https://hub.docker.com/r/google/cloud-sdk/ + +# usage +gcloud init + +You will then be prompted to sign in with a URL and enter a default region. For Hong Kong, it is asia-northeast1-c. + +asia-east1-a Changhua County, Taiwan +asia-east1-b Changhua County, Taiwan +asia-east1-c Changhua County, Taiwan +asia-east2-a Hong Kong, APAC +asia-east2-b Hong Kong, APAC +asia-east2-c Hong Kong, APAC +asia-northeast1-a Tokyo, Japan, APAC +asia-northeast1-b Tokyo, Japan, APAC +asia-northeast1-c Tokyo, Japan, APAC +asia-northeast2-a Osaka, Japan, APAC +asia-northeast2-b Osaka, Japan, APAC +asia-northeast2-c Osaka, Japan, APAC +asia-northeast3-a Seoul, South Korea, APAC +asia-northeast3-b Seoul, South Korea, APAC +asia-northeast3-c Seoul, South Korea, APAC +asia-south1-a Mumbai, India APAC +asia-south1-b Mumbai, India APAC +asia-south1-c Mumbai, India APAC +asia-south2-a Delhi, India APAC +asia-south2-b Delhi, India APAC +asia-south2-c Delhi, India APAC +asia-southeast1-a Jurong West, Singapore +asia-southeast1-b Jurong West, Singapore +asia-southeast1-c Jurong West, Singapore +asia-southeast2-a Jakarta, Indonesia, APAC +asia-southeast2-b Jakarta, Indonesia, APAC +asia-southeast2-c Jakarta, Indonesia, APAC +australia-southeast1-a Sydney, Australia +australia-southeast1-b Sydney, Australia +australia-southeast1-c Sydney, Australia +australia-southeast2-a Melbourne, Australia +australia-southeast2-b +australia-southeast2-c Melbourne, Australia +europe-central2-a +europe-central2-b +europe-central2-c Warsaw, Poland, Europe +europe-north1-a Hamina, Finland, Europe +europe-north1-b Hamina, Finland, Europe +europe-north1-c Hamina, Finland, Europe +europe-west1-b St. Ghislain, Belgium, Europe +europe-west1-c St. Ghislain, Belgium, Europe +europe-west1-d St. Ghislain, Belgium, Europe +europe-west2-a London, England, Europe +europe-west2-b London, England, Europe +europe-west2-c London, England, Europe +europe-west3-a Frankfurt, Germany Europe +europe-west3-b Frankfurt, Germany Europe +europe-west3-c Frankfurt, Germany Europe +europe-west4-a Eemshaven, Netherlands, Europe +europe-west4-b Eemshaven, Netherlands, Europe +europe-west4-c Eemshaven, Netherlands, Europe +europe-west6-a Zurich, Switzerland, Europe +europe-west6-b Zurich, Switzerland, Europe +europe-west6-c Zurich, Switzerland, Europe +northamerica-northeast1-a Montréal, Québec, North America +northamerica-northeast1-b Montréal, Québec, North America +northamerica-northeast1-c Montréal, Québec, North America +northamerica-northeast2-a Toronto, Ontario, North America +northamerica-northeast2-b Toronto, Ontario, North America +northamerica-northeast2-c Toronto, Ontario, North America +southamerica-east1-a Osasco, São Paulo, Brazil, South +southamerica-east1-b Osasco, São Paulo, Brazil, South +southamerica-east1-c Osasco, São Paulo, Brazil, South +southamerica-west1-a,b,c Santiago, Chile, South America +us-central1-a Council Bluffs, Iowa, North America +us-central1-b Council Bluffs, Iowa, North America +us-central1-c Council Bluffs, Iowa, North America +us-central1-f Council Bluffs, Iowa, North America +us-east1-b Moncks Corner, South Carolina, North +us-east1-c Moncks Corner, South Carolina, North +us-east1-d Moncks Corner, South Carolina, North +us-east4-a Ashburn, Virginia, North America +us-east4-b Ashburn, Virginia, North America +us-east4-c Ashburn, Virginia, North America +us-west1-a The Dalles, Oregon, North America +us-west1-b The Dalles, Oregon, North America +us-west1-c The Dalles, Oregon, North America +us-west2-a Los Angeles, California, North America +us-west2-b Los Angeles, California, North America +us-west2-c Los Angeles, California, North America +us-west3-a +us-west3-b +us-west3-c Salt Lake City, Utah, North +us-west4-a Las Vegas, Nevada, North America +us-west4-b Las Vegas, Nevada, North America +us-west4-c Las Vegas, Nevada, North America + diff --git a/alpine/gcloudcli/ec2-matching.sh b/alpine/gcloudcli/ec2-matching.sh new file mode 100644 index 0000000..16645cd --- /dev/null +++ b/alpine/gcloudcli/ec2-matching.sh @@ -0,0 +1,34 @@ +#!/bin/bash +cat < /tmp/ec2-raw.txt +m5.large 2 8 +m5.xlarge 4 16 +m5.2xlarge 8 32 +m5.4xlarge 16 64 +m5.8xlarge 32 128 +c5.large 2 4 +c5.xlarge 4 8 +c5.2xlarge 8 16 +c5.4xlarge 16 32 +c5.9xlarge 36 72 +c5.12xlarge 48 96 +r5.large 2 16 +r5.xlarge 4 32 +r5.2xlarge 8 64 +r5.4xlarge 16 128 +r5.8xlarge 32 256 +EOF + +if [ ! -f ec2-size-match.db ]; then +echo "create table instances(instance varchar(30), cpu int, ram int)" | sqlite3 ec2-size-match.db +cat /tmp/ec2-raw.txt | while read a b c; do +echo "insert into instances values(\"$a\", \"$b\", \"$c\");" | sqlite3 ec2-size-match.db +done +fi + +RESULT=$(echo "select instance from instances where cpu = \"$1\" and ram = \"$2\";" | sqlite3 ec2-size-match.db) +if [ -z "$RESULT" ]; then +echo manual-match +else +echo $RESULT +fi + diff --git a/alpine/gcloudcli/get-instances.sh b/alpine/gcloudcli/get-instances.sh new file mode 100644 index 0000000..203d5bb --- /dev/null +++ b/alpine/gcloudcli/get-instances.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +echo "id,name,size,disksize,os,cpu,ram,ec2" + +gcloud compute instances list --filter="status=running" --format=json | jq -cr '.[] | [.id, .name, (.machineType | split("/")[10]), (.disks[] | .diskSizeGb), (.disks[] | .licenses[0] | split("/")[9]),(.zone | split("/")[8])] | @csv' > /tmp/instances.csv + +cat /tmp/instances.csv | while read l; do +echo -n $l, +INSTSIZE=$(echo $l | awk -F, '{print $3}' | tr -d \") +gcloud compute machine-types describe $INSTSIZE --zone asia-northeast1-c --format json | jq -cr '[.guestCpus,.memoryMb] | @csv' +done > /tmp/instances2.csv + +cat /tmp/instances2.csv | while read l; do +echo -n $l, +CPU=$(echo $l | awk -F, '{print $(NF-1)}') +RAM1=$(echo $l | awk -F, '{print $NF}') +RAM2=$(echo $RAM1/1024 | bc) +/root/ec2-matching.sh $CPU $RAM2 +done + diff --git a/alpine/haproxy/Dockerfile b/alpine/haproxy/Dockerfile new file mode 100644 index 0000000..a1c11c0 --- /dev/null +++ b/alpine/haproxy/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine:latest +ENV container docker +RUN apk update; apk upgrade; apk add haproxy tzdata +COPY haproxy.cfg /etc/haproxy/haproxy.cfg +RUN ln -s /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime +EXPOSE 41080 +CMD [ "/usr/sbin/haproxy", "-f", "/etc/haproxy/haproxy.cfg", "-db" ] diff --git a/alpine/haproxy/README.md b/alpine/haproxy/README.md new file mode 100644 index 0000000..b2bc2cd --- /dev/null +++ b/alpine/haproxy/README.md @@ -0,0 +1,3 @@ +Access stats: + +http://192.168.86.208:44644/stats diff --git a/alpine/haproxy/build.sh b/alpine/haproxy/build.sh new file mode 100755 index 0000000..ecb686b --- /dev/null +++ b/alpine/haproxy/build.sh @@ -0,0 +1,2 @@ +export DOCKER_BUILDKIT=1 +docker build --network host -t alpine/haproxy . diff --git a/alpine/haproxy/haproxy.cfg b/alpine/haproxy/haproxy.cfg new file mode 100644 index 0000000..161aff4 --- /dev/null +++ b/alpine/haproxy/haproxy.cfg @@ -0,0 +1,31 @@ +global + log 192.168.86.10 local0 notice + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 600 + user haproxy + group haproxy + daemon + +defaults + log global + mode tcp + timeout client 10s + timeout connect 5s + timeout server 10s + +frontend stats + mode http + bind *:44644 + stats enable + stats uri /stats + stats refresh 10s + stats auth admin:qwerty-asdf-1234 + +frontend socks-front + bind *:41080 + default_backend socks-back + +backend socks-back + server appgate 192.168.86.22:9080 check + server ism 192.168.86.18:11080 check backup diff --git a/alpine/haproxy/restart-haproxy.sh b/alpine/haproxy/restart-haproxy.sh new file mode 100755 index 0000000..bfdb915 --- /dev/null +++ b/alpine/haproxy/restart-haproxy.sh @@ -0,0 +1,4 @@ +docker stop haproxy +docker rm haproxy +sleep 5 +/my/container-config/alpine/haproxy/start-haproxy.sh diff --git a/alpine/haproxy/start-haproxy.sh b/alpine/haproxy/start-haproxy.sh new file mode 100755 index 0000000..566a205 --- /dev/null +++ b/alpine/haproxy/start-haproxy.sh @@ -0,0 +1,3 @@ +# haproxy socks container +docker run --name haproxy \ +--net macvlan --ip 192.168.86.208 -d --restart=always alpine/haproxy diff --git a/alpine/iamctl/Dockerfile b/alpine/iamctl/Dockerfile new file mode 100644 index 0000000..b0d57ba --- /dev/null +++ b/alpine/iamctl/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine:3.16 +LABEL description="iamctl on alpine" +ENV container docker +RUN apk add bash git py3-pip vim aws-cli aws-cli-doc jq +RUN git clone https://github.com/aws-samples/aws-iamctl.git /tmp/aws-iamctl +RUN cd /tmp/aws-iamctl; python3 setup.py install +COPY equivalency_list.json /tmp/aws-iamctl/ +COPY iam.json /tmp/aws-iamctl/ +ENV PS1 "[iamctl] \w $ " +ENTRYPOINT ["/bin/bash"] diff --git a/alpine/iamctl/equivalency_list.json b/alpine/iamctl/equivalency_list.json new file mode 100644 index 0000000..3bf1d43 --- /dev/null +++ b/alpine/iamctl/equivalency_list.json @@ -0,0 +1 @@ +{"accountid": ["123456789012", "234567890123"], "accountprefix1": ["apples-production", "oranges-production", "apples-development", "oranges-development"]} \ No newline at end of file diff --git a/alpine/iamctl/iam.json b/alpine/iamctl/iam.json new file mode 100644 index 0000000..877c450 --- /dev/null +++ b/alpine/iamctl/iam.json @@ -0,0 +1 @@ +{"conditionOperators":["ArnEquals","ArnEqualsIfExists","ArnLike","ArnLikeIfExists","ArnNotEquals","ArnNotEqualsIfExists","ArnNotLike","ArnNotLikeIfExists","BinaryEquals","BinaryEqualsIfExists","BinaryNotEquals","BinaryNotEqualsIfExists","Bool","BoolIfExists","DateEquals","DateEqualsIfExists","DateGreaterThan","DateGreaterThanEquals","DateGreaterThanEqualsIfExists","DateGreaterThanIfExists","DateLessThan","DateLessThanEquals","DateLessThanEqualsIfExists","DateLessThanIfExists","DateNotEquals","DateNotEqualsIfExists","IpAddress","IpAddressIfExists","NotIpAddress","NotIpAddressIfExists","Null","NumericEquals","NumericEqualsIfExists","NumericGreaterThan","NumericGreaterThanEquals","NumericGreaterThanEqualsIfExists","NumericGreaterThanIfExists","NumericLessThan","NumericLessThanEquals","NumericLessThanEqualsIfExists","NumericLessThanIfExists","NumericNotEquals","NumericNotEqualsIfExists","StringEquals","StringEqualsIfExists","StringEqualsIgnoreCase","StringEqualsIgnoreCaseIfExists","StringLike","StringLikeIfExists","StringNotEquals","StringNotEqualsIfExists","StringNotEqualsIgnoreCase","StringNotEqualsIgnoreCaseIfExists","StringNotLike","StringNotLikeIfExists"],"conditionKeys":["aws:CurrentTime","aws:EpochTime","aws:MultiFactorAuthAge","aws:MultiFactorAuthPresent","aws:PrincipalArn","aws:PrincipalOrgID","aws:PrincipalTag/${TagKey}","aws:PrincipalType","aws:Referer","aws:RequestTag/${TagKey}","aws:RequestedRegion","aws:SecureTransport","aws:SourceAccount","aws:SourceArn","aws:SourceIp","aws:SourceVpc","aws:SourceVpce","aws:TagKeys","aws:TokenIssueTime","aws:UserAgent","aws:userid","aws:username"],"serviceMap":{"Amazon Comprehend":{"StringPrefix":"comprehend","Actions":["BatchDetectDominantLanguage","BatchDetectEntities","BatchDetectKeyPhrases","BatchDetectSentiment","BatchDetectSyntax","ClassifyDocument","ContainsPiiEntities","CreateDocumentClassifier","CreateEndpoint","CreateEntityRecognizer","DeleteDocumentClassifier","DeleteEndpoint","DeleteEntityRecognizer","DeleteResourcePolicy","DescribeDocumentClassificationJob","DescribeDocumentClassifier","DescribeDominantLanguageDetectionJob","DescribeEndpoint","DescribeEntitiesDetectionJob","DescribeEntityRecognizer","DescribeEventsDetectionJob","DescribeKeyPhrasesDetectionJob","DescribePiiEntitiesDetectionJob","DescribeResourcePolicy","DescribeSentimentDetectionJob","DescribeTargetedSentimentDetectionJob","DescribeTopicsDetectionJob","DetectDominantLanguage","DetectEntities","DetectKeyPhrases","DetectPiiEntities","DetectSentiment","DetectSyntax","ImportModel","ListDocumentClassificationJobs","ListDocumentClassifierSummaries","ListDocumentClassifiers","ListDominantLanguageDetectionJobs","ListEndpoints","ListEntitiesDetectionJobs","ListEntityRecognizerSummaries","ListEntityRecognizers","ListEventsDetectionJobs","ListKeyPhrasesDetectionJobs","ListPiiEntitiesDetectionJobs","ListSentimentDetectionJobs","ListTagsForResource","ListTargetedSentimentDetectionJobs","ListTopicsDetectionJobs","PutResourcePolicy","StartDocumentClassificationJob","StartDominantLanguageDetectionJob","StartEntitiesDetectionJob","StartEventsDetectionJob","StartKeyPhrasesDetectionJob","StartPiiEntitiesDetectionJob","StartSentimentDetectionJob","StartTargetedSentimentDetectionJob","StartTopicsDetectionJob","StopDominantLanguageDetectionJob","StopEntitiesDetectionJob","StopEventsDetectionJob","StopKeyPhrasesDetectionJob","StopPiiEntitiesDetectionJob","StopSentimentDetectionJob","StopTargetedSentimentDetectionJob","StopTrainingDocumentClassifier","StopTrainingEntityRecognizer","TagResource","UntagResource","UpdateEndpoint"],"ARNFormat":"arn:${Partition}:comprehend:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:comprehend:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","comprehend:ModelKmsKey","comprehend:OutputKmsKey","comprehend:VolumeKmsKey","comprehend:VpcSecurityGroupIds","comprehend:VpcSubnets"],"HasResource":true},"Amazon Elastic File System":{"StringPrefix":"elasticfilesystem","Actions":["Backup","ClientMount","ClientRootAccess","ClientWrite","CreateAccessPoint","CreateFileSystem","CreateMountTarget","CreateReplicationConfiguration","CreateTags","DeleteAccessPoint","DeleteFileSystem","DeleteFileSystemPolicy","DeleteMountTarget","DeleteReplicationConfiguration","DeleteTags","DescribeAccessPoints","DescribeAccountPreferences","DescribeBackupPolicy","DescribeFileSystemPolicy","DescribeFileSystems","DescribeLifecycleConfiguration","DescribeMountTargetSecurityGroups","DescribeMountTargets","DescribeReplicationConfigurations","DescribeTags","ListTagsForResource","ModifyMountTargetSecurityGroups","PutAccountPreferences","PutBackupPolicy","PutFileSystemPolicy","PutLifecycleConfiguration","Restore","TagResource","UntagResource","UpdateFileSystem"],"ARNFormat":"arn:${Partition}:elasticfilesystem:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:${Partition}:elasticfilesystem:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticfilesystem:AccessPointArn","elasticfilesystem:AccessedViaMountTarget","elasticfilesystem:Encrypted"],"HasResource":true},"AWS Glue":{"StringPrefix":"glue","Actions":["BatchCreatePartition","BatchDeleteConnection","BatchDeletePartition","BatchDeleteTable","BatchDeleteTableVersion","BatchGetBlueprints","BatchGetCrawlers","BatchGetCustomEntityTypes","BatchGetDevEndpoints","BatchGetJobs","BatchGetPartition","BatchGetTriggers","BatchGetWorkflows","BatchStopJobRun","BatchUpdatePartition","CancelMLTaskRun","CancelStatement","CheckSchemaVersionValidity","CreateBlueprint","CreateClassifier","CreateConnection","CreateCrawler","CreateCustomEntityType","CreateDatabase","CreateDevEndpoint","CreateJob","CreateMLTransform","CreatePartition","CreatePartitionIndex","CreateRegistry","CreateSchema","CreateScript","CreateSecurityConfiguration","CreateSession","CreateTable","CreateTrigger","CreateUserDefinedFunction","CreateWorkflow","DeleteBlueprint","DeleteClassifier","DeleteColumnStatisticsForPartition","DeleteColumnStatisticsForTable","DeleteConnection","DeleteCrawler","DeleteCustomEntityType","DeleteDatabase","DeleteDevEndpoint","DeleteJob","DeleteMLTransform","DeletePartition","DeletePartitionIndex","DeleteRegistry","DeleteResourcePolicy","DeleteSchema","DeleteSchemaVersions","DeleteSecurityConfiguration","DeleteSession","DeleteTable","DeleteTableVersion","DeleteTrigger","DeleteUserDefinedFunction","DeleteWorkflow","GetBlueprint","GetBlueprintRun","GetBlueprintRuns","GetCatalogImportStatus","GetClassifier","GetClassifiers","GetColumnStatisticsForPartition","GetColumnStatisticsForTable","GetConnection","GetConnections","GetCrawler","GetCrawlerMetrics","GetCrawlers","GetCustomEntityType","GetDataCatalogEncryptionSettings","GetDatabase","GetDatabases","GetDataflowGraph","GetDevEndpoint","GetDevEndpoints","GetJob","GetJobBookmark","GetJobRun","GetJobRuns","GetJobs","GetMLTaskRun","GetMLTaskRuns","GetMLTransform","GetMLTransforms","GetMapping","GetPartition","GetPartitionIndexes","GetPartitions","GetPlan","GetRegistry","GetResourcePolicies","GetResourcePolicy","GetSchema","GetSchemaByDefinition","GetSchemaVersion","GetSchemaVersionsDiff","GetSecurityConfiguration","GetSecurityConfigurations","GetSession","GetStatement","GetTable","GetTableVersion","GetTableVersions","GetTables","GetTags","GetTrigger","GetTriggers","GetUserDefinedFunction","GetUserDefinedFunctions","GetWorkflow","GetWorkflowRun","GetWorkflowRunProperties","GetWorkflowRuns","ImportCatalogToGlue","ListBlueprints","ListCrawlers","ListCustomEntityTypes","ListDevEndpoints","ListJobs","ListMLTransforms","ListRegistries","ListSchemaVersions","ListSchemas","ListSessions","ListStatements","ListTriggers","ListWorkflows","NotifyEvent","PutDataCatalogEncryptionSettings","PutResourcePolicy","PutSchemaVersionMetadata","PutWorkflowRunProperties","QuerySchemaVersionMetadata","RegisterSchemaVersion","RemoveSchemaVersionMetadata","ResetJobBookmark","ResumeWorkflowRun","RunStatement","SearchTables","StartBlueprintRun","StartCrawler","StartCrawlerSchedule","StartExportLabelsTaskRun","StartImportLabelsTaskRun","StartJobRun","StartMLEvaluationTaskRun","StartMLLabelingSetGenerationTaskRun","StartTrigger","StartWorkflowRun","StopCrawler","StopCrawlerSchedule","StopSession","StopTrigger","StopWorkflowRun","TagResource","UntagResource","UpdateBlueprint","UpdateClassifier","UpdateColumnStatisticsForPartition","UpdateColumnStatisticsForTable","UpdateConnection","UpdateCrawler","UpdateCrawlerSchedule","UpdateDatabase","UpdateDevEndpoint","UpdateJob","UpdateMLTransform","UpdatePartition","UpdateRegistry","UpdateSchema","UpdateTable","UpdateTrigger","UpdateUserDefinedFunction","UpdateWorkflow","UseMLTransforms"],"ARNFormat":"arn:aws:glue:${Region}:${AccountID}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:aws:glue:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","glue:CredentialIssuingService","glue:RoleAssumedBy","glue:SecurityGroupIds","glue:SubnetIds","glue:VpcIds"],"HasResource":true},"AWS IoT Things Graph":{"StringPrefix":"iotthingsgraph","Actions":["AssociateEntityToThing","CreateFlowTemplate","CreateSystemInstance","CreateSystemTemplate","DeleteFlowTemplate","DeleteNamespace","DeleteSystemInstance","DeleteSystemTemplate","DeploySystemInstance","DeprecateFlowTemplate","DeprecateSystemTemplate","DescribeNamespace","DissociateEntityFromThing","GetEntities","GetFlowTemplate","GetFlowTemplateRevisions","GetNamespaceDeletionStatus","GetSystemInstance","GetSystemTemplate","GetSystemTemplateRevisions","GetUploadStatus","ListFlowExecutionMessages","ListTagsForResource","SearchEntities","SearchFlowExecutions","SearchFlowTemplates","SearchSystemInstances","SearchSystemTemplates","SearchThings","TagResource","UndeploySystemInstance","UntagResource","UpdateFlowTemplate","UpdateSystemTemplate","UploadEntityDefinitions"],"ARNFormat":"arn:aws:iotthingsgraph:${Region}:${AccountId}:${Type}/${Name}","ARNRegex":"^arn:aws:iotthingsgraph:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon CloudWatch Evidently":{"StringPrefix":"evidently","Actions":["BatchEvaluateFeature","CreateExperiment","CreateFeature","CreateLaunch","CreateProject","DeleteExperiment","DeleteFeature","DeleteLaunch","DeleteProject","EvaluateFeature","GetExperiment","GetExperimentResults","GetFeature","GetLaunch","GetProject","ListExperiments","ListFeatures","ListLaunches","ListProjects","ListTagsForResource","PutProjectEvents","StartExperiment","StartLaunch","StopExperiment","StopLaunch","TagResource","UntagResource","UpdateExperiment","UpdateFeature","UpdateLaunch","UpdateProject","UpdateProjectDataDelivery"],"ARNFormat":"arn:${Partition}:evidently:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:evidently:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Savings Plans":{"StringPrefix":"savingsplans","Actions":["CreateSavingsPlan","DeleteQueuedSavingsPlan","DescribeSavingsPlanRates","DescribeSavingsPlans","DescribeSavingsPlansOfferingRates","DescribeSavingsPlansOfferings","ListTagsForResource","TagResource","UntagResource"],"ARNFormat":"arn:aws:savingsplans::${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:aws:savingsplans:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Systems Manager":{"StringPrefix":"ssm","Actions":["AddTagsToResource","AssociateOpsItemRelatedItem","CancelCommand","CancelMaintenanceWindowExecution","CreateActivation","CreateAssociation","CreateAssociationBatch","CreateDocument","CreateMaintenanceWindow","CreateOpsItem","CreateOpsMetadata","CreatePatchBaseline","CreateResourceDataSync","DeleteActivation","DeleteAssociation","DeleteDocument","DeleteInventory","DeleteMaintenanceWindow","DeleteOpsMetadata","DeleteParameter","DeleteParameters","DeletePatchBaseline","DeleteResourceDataSync","DeregisterManagedInstance","DeregisterPatchBaselineForPatchGroup","DeregisterTargetFromMaintenanceWindow","DeregisterTaskFromMaintenanceWindow","DescribeActivations","DescribeAssociation","DescribeAssociationExecutionTargets","DescribeAssociationExecutions","DescribeAutomationExecutions","DescribeAutomationStepExecutions","DescribeAvailablePatches","DescribeDocument","DescribeDocumentParameters","DescribeDocumentPermission","DescribeEffectiveInstanceAssociations","DescribeEffectivePatchesForPatchBaseline","DescribeInstanceAssociationsStatus","DescribeInstanceInformation","DescribeInstancePatchStates","DescribeInstancePatchStatesForPatchGroup","DescribeInstancePatches","DescribeInstanceProperties","DescribeInventoryDeletions","DescribeMaintenanceWindowExecutionTaskInvocations","DescribeMaintenanceWindowExecutionTasks","DescribeMaintenanceWindowExecutions","DescribeMaintenanceWindowSchedule","DescribeMaintenanceWindowTargets","DescribeMaintenanceWindowTasks","DescribeMaintenanceWindows","DescribeMaintenanceWindowsForTarget","DescribeOpsItems","DescribeParameters","DescribePatchBaselines","DescribePatchGroupState","DescribePatchGroups","DescribePatchProperties","DescribeSessions","DisassociateOpsItemRelatedItem","GetAutomationExecution","GetCalendarState","GetCommandInvocation","GetConnectionStatus","GetDefaultPatchBaseline","GetDeployablePatchSnapshotForInstance","GetDocument","GetInventory","GetInventorySchema","GetMaintenanceWindow","GetMaintenanceWindowExecution","GetMaintenanceWindowExecutionTask","GetMaintenanceWindowExecutionTaskInvocation","GetMaintenanceWindowTask","GetManifest","GetOpsItem","GetOpsMetadata","GetOpsSummary","GetParameter","GetParameterHistory","GetParameters","GetParametersByPath","GetPatchBaseline","GetPatchBaselineForPatchGroup","GetServiceSetting","LabelParameterVersion","ListAssociationVersions","ListAssociations","ListCommandInvocations","ListCommands","ListComplianceItems","ListComplianceSummaries","ListDocumentMetadataHistory","ListDocumentVersions","ListDocuments","ListInstanceAssociations","ListInventoryEntries","ListOpsItemEvents","ListOpsItemRelatedItems","ListOpsMetadata","ListResourceComplianceSummaries","ListResourceDataSync","ListTagsForResource","ModifyDocumentPermission","PutComplianceItems","PutConfigurePackageResult","PutInventory","PutParameter","RegisterDefaultPatchBaseline","RegisterManagedInstance","RegisterPatchBaselineForPatchGroup","RegisterTargetWithMaintenanceWindow","RegisterTaskWithMaintenanceWindow","RemoveTagsFromResource","ResetServiceSetting","ResumeSession","SendAutomationSignal","SendCommand","StartAssociationsOnce","StartAutomationExecution","StartChangeRequestExecution","StartSession","StopAutomationExecution","TerminateSession","UnlabelParameterVersion","UpdateAssociation","UpdateAssociationStatus","UpdateDocument","UpdateDocumentDefaultVersion","UpdateDocumentMetadata","UpdateInstanceAssociationStatus","UpdateInstanceInformation","UpdateMaintenanceWindow","UpdateMaintenanceWindowTarget","UpdateMaintenanceWindowTask","UpdateManagedInstanceRole","UpdateOpsItem","UpdateOpsMetadata","UpdatePatchBaseline","UpdateResourceDataSync","UpdateServiceSetting"],"ARNFormat":"arn:${Partition}:ssm:${Region}:${Account}:${RelativeId}","ARNRegex":"^arn:${Partition}:(ssm|ec2):.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ssm:DocumentCategories","ssm:Overwrite","ssm:Recursive","ssm:SessionDocumentAccessCheck","ssm:SyncType","ssm:resourceTag/tag-key"],"HasResource":true},"AWS SSO":{"StringPrefix":"sso","Actions":["AssociateDirectory","AssociateProfile","AttachManagedPolicyToPermissionSet","CreateAccountAssignment","CreateApplicationInstance","CreateApplicationInstanceCertificate","CreateInstanceAccessControlAttributeConfiguration","CreateManagedApplicationInstance","CreatePermissionSet","CreateProfile","CreateTrust","DeleteAccountAssignment","DeleteApplicationInstance","DeleteApplicationInstanceCertificate","DeleteInlinePolicyFromPermissionSet","DeleteInstanceAccessControlAttributeConfiguration","DeleteManagedApplicationInstance","DeletePermissionSet","DeletePermissionsPolicy","DeleteProfile","DescribeAccountAssignmentCreationStatus","DescribeAccountAssignmentDeletionStatus","DescribeInstanceAccessControlAttributeConfiguration","DescribePermissionSet","DescribePermissionSetProvisioningStatus","DescribePermissionsPolicies","DescribeRegisteredRegions","DetachManagedPolicyFromPermissionSet","DisassociateDirectory","DisassociateProfile","GetApplicationInstance","GetApplicationTemplate","GetInlinePolicyForPermissionSet","GetManagedApplicationInstance","GetMfaDeviceManagementForDirectory","GetPermissionSet","GetPermissionsPolicy","GetProfile","GetSSOStatus","GetSharedSsoConfiguration","GetSsoConfiguration","GetTrust","ImportApplicationInstanceServiceProviderMetadata","ListAccountAssignmentCreationStatus","ListAccountAssignmentDeletionStatus","ListAccountAssignments","ListAccountsForProvisionedPermissionSet","ListApplicationInstanceCertificates","ListApplicationInstances","ListApplicationTemplates","ListApplications","ListDirectoryAssociations","ListInstances","ListManagedPoliciesInPermissionSet","ListPermissionSetProvisioningStatus","ListPermissionSets","ListPermissionSetsProvisionedToAccount","ListProfileAssociations","ListProfiles","ListTagsForResource","ProvisionPermissionSet","PutInlinePolicyToPermissionSet","PutMfaDeviceManagementForDirectory","PutPermissionsPolicy","SearchGroups","SearchUsers","StartSSO","TagResource","UntagResource","UpdateApplicationInstanceActiveCertificate","UpdateApplicationInstanceDisplayData","UpdateApplicationInstanceResponseConfiguration","UpdateApplicationInstanceResponseSchemaConfiguration","UpdateApplicationInstanceSecurityConfiguration","UpdateApplicationInstanceServiceProviderConfiguration","UpdateApplicationInstanceStatus","UpdateDirectoryAssociation","UpdateInstanceAccessControlAttributeConfiguration","UpdateManagedApplicationInstanceStatus","UpdatePermissionSet","UpdateProfile","UpdateSSOConfiguration","UpdateTrust"],"ARNFormat":"arn:${Partition}:sso:::${RelativeId}","ARNRegex":"^arn:${Partition}:sso:::.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS IoT":{"StringPrefix":"iot","Actions":["AcceptCertificateTransfer","AddThingToBillingGroup","AddThingToThingGroup","AssociateTargetsWithJob","AttachPolicy","AttachPrincipalPolicy","AttachSecurityProfile","AttachThingPrincipal","CancelAuditMitigationActionsTask","CancelAuditTask","CancelCertificateTransfer","CancelDetectMitigationActionsTask","CancelJob","CancelJobExecution","ClearDefaultAuthorizer","CloseTunnel","ConfirmTopicRuleDestination","Connect","CreateAuditSuppression","CreateAuthorizer","CreateBillingGroup","CreateCertificateFromCsr","CreateCustomMetric","CreateDimension","CreateDomainConfiguration","CreateDynamicThingGroup","CreateFleetMetric","CreateJob","CreateJobTemplate","CreateKeysAndCertificate","CreateMitigationAction","CreateOTAUpdate","CreatePolicy","CreatePolicyVersion","CreateProvisioningClaim","CreateProvisioningTemplate","CreateProvisioningTemplateVersion","CreateRoleAlias","CreateScheduledAudit","CreateSecurityProfile","CreateStream","CreateThing","CreateThingGroup","CreateThingType","CreateTopicRule","CreateTopicRuleDestination","DeleteAccountAuditConfiguration","DeleteAuditSuppression","DeleteAuthorizer","DeleteBillingGroup","DeleteCACertificate","DeleteCertificate","DeleteCustomMetric","DeleteDimension","DeleteDomainConfiguration","DeleteDynamicThingGroup","DeleteFleetMetric","DeleteJob","DeleteJobExecution","DeleteJobTemplate","DeleteMitigationAction","DeleteOTAUpdate","DeletePolicy","DeletePolicyVersion","DeleteProvisioningTemplate","DeleteProvisioningTemplateVersion","DeleteRegistrationCode","DeleteRoleAlias","DeleteScheduledAudit","DeleteSecurityProfile","DeleteStream","DeleteThing","DeleteThingGroup","DeleteThingShadow","DeleteThingType","DeleteTopicRule","DeleteTopicRuleDestination","DeleteV2LoggingLevel","DeprecateThingType","DescribeAccountAuditConfiguration","DescribeAuditFinding","DescribeAuditMitigationActionsTask","DescribeAuditSuppression","DescribeAuditTask","DescribeAuthorizer","DescribeBillingGroup","DescribeCACertificate","DescribeCertificate","DescribeCustomMetric","DescribeDefaultAuthorizer","DescribeDetectMitigationActionsTask","DescribeDimension","DescribeDomainConfiguration","DescribeEndpoint","DescribeEventConfigurations","DescribeFleetMetric","DescribeIndex","DescribeJob","DescribeJobExecution","DescribeJobTemplate","DescribeManagedJobTemplate","DescribeMitigationAction","DescribeProvisioningTemplate","DescribeProvisioningTemplateVersion","DescribeRoleAlias","DescribeScheduledAudit","DescribeSecurityProfile","DescribeStream","DescribeThing","DescribeThingGroup","DescribeThingRegistrationTask","DescribeThingType","DescribeTunnel","DetachPolicy","DetachPrincipalPolicy","DetachSecurityProfile","DetachThingPrincipal","DisableTopicRule","EnableTopicRule","GetBehaviorModelTrainingSummaries","GetBucketsAggregation","GetCardinality","GetEffectivePolicies","GetIndexingConfiguration","GetJobDocument","GetLoggingOptions","GetOTAUpdate","GetPercentiles","GetPolicy","GetPolicyVersion","GetRegistrationCode","GetRetainedMessage","GetStatistics","GetThingShadow","GetTopicRule","GetTopicRuleDestination","GetV2LoggingOptions","ListActiveViolations","ListAttachedPolicies","ListAuditFindings","ListAuditMitigationActionsExecutions","ListAuditMitigationActionsTasks","ListAuditSuppressions","ListAuditTasks","ListAuthorizers","ListBillingGroups","ListCACertificates","ListCertificates","ListCertificatesByCA","ListCustomMetrics","ListDetectMitigationActionsExecutions","ListDetectMitigationActionsTasks","ListDimensions","ListDomainConfigurations","ListFleetMetrics","ListIndices","ListJobExecutionsForJob","ListJobExecutionsForThing","ListJobTemplates","ListJobs","ListManagedJobTemplates","ListMetricValues","ListMitigationActions","ListNamedShadowsForThing","ListOTAUpdates","ListOutgoingCertificates","ListPolicies","ListPolicyPrincipals","ListPolicyVersions","ListPrincipalPolicies","ListPrincipalThings","ListProvisioningTemplateVersions","ListProvisioningTemplates","ListRetainedMessages","ListRoleAliases","ListScheduledAudits","ListSecurityProfiles","ListSecurityProfilesForTarget","ListStreams","ListTagsForResource","ListTargetsForPolicy","ListTargetsForSecurityProfile","ListThingGroups","ListThingGroupsForThing","ListThingPrincipals","ListThingRegistrationTaskReports","ListThingRegistrationTasks","ListThingTypes","ListThings","ListThingsInBillingGroup","ListThingsInThingGroup","ListTopicRuleDestinations","ListTopicRules","ListTunnels","ListV2LoggingLevels","ListViolationEvents","OpenTunnel","Publish","PutVerificationStateOnViolation","Receive","RegisterCACertificate","RegisterCertificate","RegisterCertificateWithoutCA","RegisterThing","RejectCertificateTransfer","RemoveThingFromBillingGroup","RemoveThingFromThingGroup","ReplaceTopicRule","RetainPublish","RotateTunnelAccessToken","SearchIndex","SetDefaultAuthorizer","SetDefaultPolicyVersion","SetLoggingOptions","SetV2LoggingLevel","SetV2LoggingOptions","StartAuditMitigationActionsTask","StartDetectMitigationActionsTask","StartOnDemandAuditTask","StartThingRegistrationTask","StopThingRegistrationTask","Subscribe","TagResource","TestAuthorization","TestInvokeAuthorizer","TransferCertificate","UntagResource","UpdateAccountAuditConfiguration","UpdateAuditSuppression","UpdateAuthorizer","UpdateBillingGroup","UpdateCACertificate","UpdateCertificate","UpdateCustomMetric","UpdateDimension","UpdateDomainConfiguration","UpdateDynamicThingGroup","UpdateEventConfigurations","UpdateFleetMetric","UpdateIndexingConfiguration","UpdateJob","UpdateMitigationAction","UpdateProvisioningTemplate","UpdateRoleAlias","UpdateScheduledAudit","UpdateSecurityProfile","UpdateStream","UpdateThing","UpdateThingGroup","UpdateThingGroupsForThing","UpdateThingShadow","UpdateTopicRuleDestination","ValidateSecurityProfileBehaviors"],"ARNFormat":"arn:aws:iot:${Region}:${Account}:${Type}/${Name}","ARNRegex":"^arn:aws:iot:.+:[0-9]+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","iot:ClientMode","iot:Delete","iot:DomainName","iot:ThingGroupArn","iot:TunnelDestinationService"],"HasResource":true},"AWS Migration Hub":{"StringPrefix":"mgh","Actions":["AssociateCreatedArtifact","AssociateDiscoveredResource","CreateHomeRegionControl","CreateProgressUpdateStream","DeleteProgressUpdateStream","DescribeApplicationState","DescribeHomeRegionControls","DescribeMigrationTask","DisassociateCreatedArtifact","DisassociateDiscoveredResource","GetHomeRegion","ImportMigrationTask","ListApplicationStates","ListCreatedArtifacts","ListDiscoveredResources","ListMigrationTasks","ListProgressUpdateStreams","NotifyApplicationState","NotifyMigrationTaskState","PutResourceAttributes"],"ARNFormat":"arn:aws:mgh:::","ARNRegex":"^arn:aws:mgh:[a-z0-9-]+:[0-9]{12}:.+","HasResource":true},"AWS Fault Injection Simulator":{"StringPrefix":"fis","Actions":["CreateExperimentTemplate","DeleteExperimentTemplate","GetAction","GetExperiment","GetExperimentTemplate","GetTargetResourceType","InjectApiInternalError","InjectApiThrottleError","InjectApiUnavailableError","ListActions","ListExperimentTemplates","ListExperiments","ListTagsForResource","ListTargetResourceTypes","StartExperiment","StopExperiment","TagResource","UntagResource","UpdateExperimentTemplate"],"ARNFormat":"arn:aws:fis:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:fis:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","fis:Operations","fis:Percentage","fis:Service","fis:Targets"],"HasResource":true},"AWS Lambda":{"StringPrefix":"lambda","Actions":["AddLayerVersionPermission","AddPermission","CreateAlias","CreateCodeSigningConfig","CreateEventSourceMapping","CreateFunction","CreateFunctionUrlConfig","DeleteAlias","DeleteCodeSigningConfig","DeleteEventSourceMapping","DeleteFunction","DeleteFunctionCodeSigningConfig","DeleteFunctionConcurrency","DeleteFunctionEventInvokeConfig","DeleteFunctionUrlConfig","DeleteLayerVersion","DeleteProvisionedConcurrencyConfig","DisableReplication","EnableReplication","GetAccountSettings","GetAlias","GetCodeSigningConfig","GetEventSourceMapping","GetFunction","GetFunctionCodeSigningConfig","GetFunctionConcurrency","GetFunctionConfiguration","GetFunctionEventInvokeConfig","GetFunctionUrlConfig","GetLayerVersion","GetLayerVersionPolicy","GetPolicy","GetProvisionedConcurrencyConfig","InvokeAsync","InvokeFunction","InvokeFunctionUrl","ListAliases","ListCodeSigningConfigs","ListEventSourceMappings","ListFunctionEventInvokeConfigs","ListFunctionUrlConfigs","ListFunctions","ListFunctionsByCodeSigningConfig","ListLayerVersions","ListLayers","ListProvisionedConcurrencyConfigs","ListTags","ListVersionsByFunction","PublishLayerVersion","PublishVersion","PutFunctionCodeSigningConfig","PutFunctionConcurrency","PutFunctionEventInvokeConfig","PutProvisionedConcurrencyConfig","RemoveLayerVersionPermission","RemovePermission","TagResource","UntagResource","UpdateAlias","UpdateCodeSigningConfig","UpdateEventSourceMapping","UpdateFunctionCode","UpdateFunctionCodeSigningConfig","UpdateFunctionConfiguration","UpdateFunctionEventInvokeConfig","UpdateFunctionUrlConfig"],"ARNFormat":"arn:${Partition}:lambda:${Region}:${Account}:${ResourceType}:${ResourceId}","ARNRegex":"^arn:${Partition}:lambda:.+","conditionKeys":["lambda:CodeSigningConfigArn","lambda:FunctionArn","lambda:FunctionUrlAuthType","lambda:Layer","lambda:Principal","lambda:SecurityGroupIds","lambda:SubnetIds","lambda:VpcIds"],"HasResource":true},"AWS Application Migration Service":{"StringPrefix":"mgn","Actions":["BatchCreateVolumeSnapshotGroupForMgn","BatchDeleteSnapshotRequestForMgn","ChangeServerLifeCycleState","CreateReplicationConfigurationTemplate","CreateVcenterClientForMgn","DeleteJob","DeleteReplicationConfigurationTemplate","DeleteSourceServer","DeleteVcenterClient","DescribeJobLogItems","DescribeJobs","DescribeReplicationConfigurationTemplates","DescribeReplicationServerAssociationsForMgn","DescribeSnapshotRequestsForMgn","DescribeSourceServers","DescribeVcenterClients","DisconnectFromService","FinalizeCutover","GetAgentCommandForMgn","GetAgentConfirmedResumeInfoForMgn","GetAgentInstallationAssetsForMgn","GetAgentReplicationInfoForMgn","GetAgentRuntimeConfigurationForMgn","GetAgentSnapshotCreditsForMgn","GetChannelCommandsForMgn","GetLaunchConfiguration","GetReplicationConfiguration","GetVcenterClientCommandsForMgn","InitializeService","ListTagsForResource","MarkAsArchived","NotifyAgentAuthenticationForMgn","NotifyAgentConnectedForMgn","NotifyAgentDisconnectedForMgn","NotifyAgentReplicationProgressForMgn","NotifyVcenterClientStartedForMgn","RegisterAgentForMgn","RetryDataReplication","SendAgentLogsForMgn","SendAgentMetricsForMgn","SendChannelCommandResultForMgn","SendClientLogsForMgn","SendClientMetricsForMgn","SendVcenterClientCommandResultForMgn","SendVcenterClientLogsForMgn","SendVcenterClientMetricsForMgn","StartCutover","StartReplication","StartTest","TagResource","TerminateTargetInstances","UntagResource","UpdateAgentBacklogForMgn","UpdateAgentConversionInfoForMgn","UpdateAgentReplicationInfoForMgn","UpdateAgentReplicationProcessStateForMgn","UpdateAgentSourcePropertiesForMgn","UpdateLaunchConfiguration","UpdateReplicationConfiguration","UpdateReplicationConfigurationTemplate","UpdateSourceServerReplicationType"],"ARNFormat":"arn:aws:mgn:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:mgn:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","mgn:CreateAction"],"HasResource":true},"AWS Data Exchange":{"StringPrefix":"dataexchange","Actions":["CancelJob","CreateAsset","CreateDataSet","CreateEventAction","CreateJob","CreateRevision","DeleteAsset","DeleteDataSet","DeleteEventAction","DeleteRevision","GetAsset","GetDataSet","GetEventAction","GetJob","GetRevision","ListDataSetRevisions","ListDataSets","ListEventActions","ListJobs","ListRevisionAssets","ListTagsForResource","PublishDataSet","RevokeRevision","SendApiAsset","StartJob","TagResource","UntagResource","UpdateAsset","UpdateDataSet","UpdateEventAction","UpdateRevision"],"ARNFormat":"arn:aws:dataexchange:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:dataexchange:.+:.*:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","dataexchange:JobType"],"HasResource":true},"Amazon Machine Learning":{"StringPrefix":"machinelearning","Actions":["AddTags","CreateBatchPrediction","CreateDataSourceFromRDS","CreateDataSourceFromRedshift","CreateDataSourceFromS3","CreateEvaluation","CreateMLModel","CreateRealtimeEndpoint","DeleteBatchPrediction","DeleteDataSource","DeleteEvaluation","DeleteMLModel","DeleteRealtimeEndpoint","DeleteTags","DescribeBatchPredictions","DescribeDataSources","DescribeEvaluations","DescribeMLModels","DescribeTags","GetBatchPrediction","GetDataSource","GetEvaluation","GetMLModel","Predict","UpdateBatchPrediction","UpdateDataSource","UpdateEvaluation","UpdateMLModel"],"ARNFormat":"arn:aws:machinelearning:::/","ARNRegex":"^arn:aws:machinelearning:.+","HasResource":true},"AWS Audit Manager":{"StringPrefix":"auditmanager","Actions":["AssociateAssessmentReportEvidenceFolder","BatchAssociateAssessmentReportEvidence","BatchCreateDelegationByAssessment","BatchDeleteDelegationByAssessment","BatchDisassociateAssessmentReportEvidence","BatchImportEvidenceToAssessmentControl","CreateAssessment","CreateAssessmentFramework","CreateAssessmentReport","CreateControl","DeleteAssessment","DeleteAssessmentFramework","DeleteAssessmentFrameworkShare","DeleteAssessmentReport","DeleteControl","DeregisterAccount","DeregisterOrganizationAdminAccount","DisassociateAssessmentReportEvidenceFolder","GetAccountStatus","GetAssessment","GetAssessmentFramework","GetAssessmentReportUrl","GetChangeLogs","GetControl","GetDelegations","GetEvidence","GetEvidenceByEvidenceFolder","GetEvidenceFolder","GetEvidenceFoldersByAssessment","GetEvidenceFoldersByAssessmentControl","GetInsights","GetInsightsByAssessment","GetOrganizationAdminAccount","GetServicesInScope","GetSettings","ListAssessmentControlInsightsByControlDomain","ListAssessmentFrameworkShareRequests","ListAssessmentFrameworks","ListAssessmentReports","ListAssessments","ListControlDomainInsights","ListControlDomainInsightsByAssessment","ListControlInsightsByControlDomain","ListControls","ListKeywordsForDataSource","ListNotifications","ListTagsForResource","RegisterAccount","RegisterOrganizationAdminAccount","StartAssessmentFrameworkShare","TagResource","UntagResource","UpdateAssessment","UpdateAssessmentControl","UpdateAssessmentControlSetStatus","UpdateAssessmentFramework","UpdateAssessmentFrameworkShare","UpdateAssessmentStatus","UpdateControl","UpdateSettings","ValidateAssessmentReportIntegrity"],"ARNFormat":"arn:aws:auditmanager::${ResourceType}:${ResourceName}","ARNRegex":"^arn:aws:auditmanager::.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon GuardDuty":{"StringPrefix":"guardduty","Actions":["AcceptInvitation","ArchiveFindings","CreateDetector","CreateFilter","CreateIPSet","CreateMembers","CreatePublishingDestination","CreateSampleFindings","CreateThreatIntelSet","DeclineInvitations","DeleteDetector","DeleteFilter","DeleteIPSet","DeleteInvitations","DeleteMembers","DeletePublishingDestination","DeleteThreatIntelSet","DescribeOrganizationConfiguration","DescribePublishingDestination","DisableOrganizationAdminAccount","DisassociateFromMasterAccount","DisassociateMembers","EnableOrganizationAdminAccount","GetDetector","GetFilter","GetFindings","GetFindingsStatistics","GetIPSet","GetInvitationsCount","GetMasterAccount","GetMemberDetectors","GetMembers","GetThreatIntelSet","GetUsageStatistics","InviteMembers","ListDetectors","ListFilters","ListFindings","ListIPSets","ListInvitations","ListMembers","ListOrganizationAdminAccounts","ListPublishingDestinations","ListTagsForResource","ListThreatIntelSets","StartMonitoringMembers","StopMonitoringMembers","TagResource","UnarchiveFindings","UntagResource","UpdateDetector","UpdateFilter","UpdateFindingsFeedback","UpdateIPSet","UpdateMemberDetectors","UpdateOrganizationConfiguration","UpdatePublishingDestination","UpdateThreatIntelSet"],"ARNFormat":"arn:${Partition}:guardduty:${Region}:${Account}:.+","ARNRegex":"^arn:${Partition}:guardduty:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon EventBridge":{"StringPrefix":"events","Actions":["ActivateEventSource","CancelReplay","CreateApiDestination","CreateArchive","CreateConnection","CreateEndpoint","CreateEventBus","CreatePartnerEventSource","DeactivateEventSource","DeauthorizeConnection","DeleteApiDestination","DeleteArchive","DeleteConnection","DeleteEndpoint","DeleteEventBus","DeletePartnerEventSource","DeleteRule","DescribeApiDestination","DescribeArchive","DescribeConnection","DescribeEndpoint","DescribeEventBus","DescribeEventSource","DescribePartnerEventSource","DescribeReplay","DescribeRule","DisableRule","EnableRule","InvokeApiDestination","ListApiDestinations","ListArchives","ListConnections","ListEndpoints","ListEventBuses","ListEventSources","ListPartnerEventSourceAccounts","ListPartnerEventSources","ListReplays","ListRuleNamesByTarget","ListRules","ListTagsForResource","ListTargetsByRule","PutEvents","PutPartnerEvents","PutPermission","PutRule","PutTargets","RemovePermission","RemoveTargets","StartReplay","TagResource","TestEventPattern","UntagResource","UpdateApiDestination","UpdateArchive","UpdateConnection","UpdateEndpoint"],"ARNFormat":"arn:aws:events:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:events:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:SourceAccount","aws:SourceArn","aws:TagKeys","events:EventBusArn","events:ManagedBy","events:TargetArn","events:creatorAccount","events:detail-type","events:detail.eventTypeCode","events:detail.service","events:detail.userIdentity.principalId","events:eventBusInvocation","events:source"],"HasResource":true},"Amazon Lex V2":{"StringPrefix":"lex","Actions":["BuildBotLocale","CreateBot","CreateBotAlias","CreateBotChannel","CreateBotLocale","CreateBotVersion","CreateCustomVocabulary","CreateExport","CreateIntent","CreateResourcePolicy","CreateSlot","CreateSlotType","CreateUploadUrl","DeleteBot","DeleteBotAlias","DeleteBotChannel","DeleteBotLocale","DeleteBotVersion","DeleteCustomVocabulary","DeleteExport","DeleteImport","DeleteIntent","DeleteResourcePolicy","DeleteSession","DeleteSlot","DeleteSlotType","DeleteUtterances","DescribeBot","DescribeBotAlias","DescribeBotChannel","DescribeBotLocale","DescribeBotRecommendation","DescribeBotVersion","DescribeCustomVocabulary","DescribeCustomVocabularyMetadata","DescribeExport","DescribeImport","DescribeIntent","DescribeResourcePolicy","DescribeSlot","DescribeSlotType","GetSession","ListAggregatedUtterances","ListBotAliases","ListBotChannels","ListBotLocales","ListBotRecommendations","ListBotVersions","ListBots","ListBuiltInIntents","ListBuiltInSlotTypes","ListExports","ListImports","ListIntents","ListRecommendedIntents","ListSlotTypes","ListSlots","ListTagsForResource","PutSession","RecognizeText","RecognizeUtterance","SearchAssociatedTranscripts","StartBotRecommendation","StartConversation","StartImport","TagResource","UntagResource","UpdateBot","UpdateBotAlias","UpdateBotLocale","UpdateBotRecommendation","UpdateCustomVocabulary","UpdateExport","UpdateIntent","UpdateResourcePolicy","UpdateSlot","UpdateSlotType"],"ARNFormat":"arn:aws:lex:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:lex:.+:[0-9]+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Lex":{"StringPrefix":"lex","Actions":["CreateBotVersion","CreateIntentVersion","CreateSlotTypeVersion","DeleteBot","DeleteBotAlias","DeleteBotChannelAssociation","DeleteBotVersion","DeleteIntent","DeleteIntentVersion","DeleteSession","DeleteSlotType","DeleteSlotTypeVersion","DeleteUtterances","GetBot","GetBotAlias","GetBotAliases","GetBotChannelAssociation","GetBotChannelAssociations","GetBotVersions","GetBots","GetBuiltinIntent","GetBuiltinIntents","GetBuiltinSlotTypes","GetExport","GetImport","GetIntent","GetIntentVersions","GetIntents","GetMigration","GetMigrations","GetSession","GetSlotType","GetSlotTypeVersions","GetSlotTypes","GetUtterancesView","ListTagsForResource","PostContent","PostText","PutBot","PutBotAlias","PutIntent","PutSession","PutSlotType","StartImport","StartMigration","TagResource","UntagResource"],"ARNFormat":"arn:aws:lex:${Region}:${Account}:${Type}:${Name}","ARNRegex":"^arn:aws:lex:.+:[0-9]+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","lex:associatedIntents","lex:associatedSlotTypes","lex:channelType"],"HasResource":true},"AWS Proton":{"StringPrefix":"proton","Actions":["AcceptEnvironmentAccountConnection","CancelEnvironmentDeployment","CancelServiceInstanceDeployment","CancelServicePipelineDeployment","CreateEnvironment","CreateEnvironmentAccountConnection","CreateEnvironmentTemplate","CreateEnvironmentTemplateMajorVersion","CreateEnvironmentTemplateMinorVersion","CreateEnvironmentTemplateVersion","CreateRepository","CreateService","CreateServiceTemplate","CreateServiceTemplateMajorVersion","CreateServiceTemplateMinorVersion","CreateServiceTemplateVersion","CreateTemplateSyncConfig","DeleteAccountRoles","DeleteEnvironment","DeleteEnvironmentAccountConnection","DeleteEnvironmentTemplate","DeleteEnvironmentTemplateMajorVersion","DeleteEnvironmentTemplateMinorVersion","DeleteEnvironmentTemplateVersion","DeleteRepository","DeleteService","DeleteServiceTemplate","DeleteServiceTemplateMajorVersion","DeleteServiceTemplateMinorVersion","DeleteServiceTemplateVersion","DeleteTemplateSyncConfig","GetAccountRoles","GetAccountSettings","GetEnvironment","GetEnvironmentAccountConnection","GetEnvironmentTemplate","GetEnvironmentTemplateMajorVersion","GetEnvironmentTemplateMinorVersion","GetEnvironmentTemplateVersion","GetRepository","GetRepositorySyncStatus","GetService","GetServiceInstance","GetServiceTemplate","GetServiceTemplateMajorVersion","GetServiceTemplateMinorVersion","GetServiceTemplateVersion","GetTemplateSyncConfig","GetTemplateSyncStatus","ListEnvironmentAccountConnections","ListEnvironmentOutputs","ListEnvironmentProvisionedResources","ListEnvironmentTemplateMajorVersions","ListEnvironmentTemplateMinorVersions","ListEnvironmentTemplateVersions","ListEnvironmentTemplates","ListEnvironments","ListRepositories","ListRepositorySyncDefinitions","ListServiceInstanceOutputs","ListServiceInstanceProvisionedResources","ListServiceInstances","ListServicePipelineOutputs","ListServicePipelineProvisionedResources","ListServiceTemplateMajorVersions","ListServiceTemplateMinorVersions","ListServiceTemplateVersions","ListServiceTemplates","ListServices","ListTagsForResource","NotifyResourceDeploymentStatusChange","RejectEnvironmentAccountConnection","TagResource","UntagResource","UpdateAccountRoles","UpdateAccountSettings","UpdateEnvironment","UpdateEnvironmentAccountConnection","UpdateEnvironmentTemplate","UpdateEnvironmentTemplateMajorVersion","UpdateEnvironmentTemplateMinorVersion","UpdateEnvironmentTemplateVersion","UpdateService","UpdateServiceInstance","UpdateServicePipeline","UpdateServiceTemplate","UpdateServiceTemplateMajorVersion","UpdateServiceTemplateMinorVersion","UpdateServiceTemplateVersion","UpdateTemplateSyncConfig"],"ARNFormat":"arn:${Partition}:proton:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:proton:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","proton:EnvironmentTemplate","proton:ServiceTemplate"],"HasResource":true},"AWS Resource Access Manager":{"StringPrefix":"ram","Actions":["AcceptResourceShareInvitation","AssociateResourceShare","AssociateResourceSharePermission","CreateResourceShare","DeleteResourceShare","DisassociateResourceShare","DisassociateResourceSharePermission","EnableSharingWithAwsOrganization","GetPermission","GetResourcePolicies","GetResourceShareAssociations","GetResourceShareInvitations","GetResourceShares","ListPendingInvitationResources","ListPermissionVersions","ListPermissions","ListPrincipals","ListResourceSharePermissions","ListResourceTypes","ListResources","PromoteResourceShareCreatedFromPolicy","RejectResourceShareInvitation","TagResource","UntagResource","UpdateResourceShare"],"ARNFormat":"arn:${Partition}:ram:${Region}:${AccountId}:resource-share/${ResourceUUID}","ARNRegex":"^arn:${Partition}:ram:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ram:AllowsExternalPrincipals","ram:PermissionArn","ram:PermissionResourceType","ram:Principal","ram:RequestedAllowsExternalPrincipals","ram:RequestedResourceType","ram:ResourceArn","ram:ResourceShareName","ram:ShareOwnerAccountId"],"HasResource":true},"AWS Elemental MediaConnect":{"StringPrefix":"mediaconnect","Actions":["AddFlowMediaStreams","AddFlowOutputs","AddFlowSources","AddFlowVpcInterfaces","CreateFlow","DeleteFlow","DescribeFlow","DescribeOffering","DescribeReservation","GrantFlowEntitlements","ListEntitlements","ListFlows","ListOfferings","ListReservations","ListTagsForResource","PurchaseOffering","RemoveFlowMediaStream","RemoveFlowOutput","RemoveFlowSource","RemoveFlowVpcInterface","RevokeFlowEntitlement","StartFlow","StopFlow","TagResource","UntagResource","UpdateFlow","UpdateFlowEntitlement","UpdateFlowMediaStream","UpdateFlowOutput","UpdateFlowSource"],"ARNFormat":"arn:${Partition}:mediaconnect:${Region}:${Account}:::","ARNRegex":"^arn:${Partition}:mediaconnect:.+","HasResource":true},"Amazon S3":{"StringPrefix":"s3","Actions":["AbortMultipartUpload","BypassGovernanceRetention","CreateAccessPoint","CreateAccessPointForObjectLambda","CreateBucket","CreateJob","CreateMultiRegionAccessPoint","DeleteAccessPoint","DeleteAccessPointForObjectLambda","DeleteAccessPointPolicy","DeleteAccessPointPolicyForObjectLambda","DeleteBucket","DeleteBucketPolicy","DeleteBucketWebsite","DeleteJobTagging","DeleteMultiRegionAccessPoint","DeleteObject","DeleteObjectTagging","DeleteObjectVersion","DeleteObjectVersionTagging","DeleteStorageLensConfiguration","DeleteStorageLensConfigurationTagging","DescribeJob","DescribeMultiRegionAccessPointOperation","GetAccelerateConfiguration","GetAccessPoint","GetAccessPointConfigurationForObjectLambda","GetAccessPointForObjectLambda","GetAccessPointPolicy","GetAccessPointPolicyForObjectLambda","GetAccessPointPolicyStatus","GetAccessPointPolicyStatusForObjectLambda","GetAccountPublicAccessBlock","GetAnalyticsConfiguration","GetBucketAcl","GetBucketCORS","GetBucketLocation","GetBucketLogging","GetBucketNotification","GetBucketObjectLockConfiguration","GetBucketOwnershipControls","GetBucketPolicy","GetBucketPolicyStatus","GetBucketPublicAccessBlock","GetBucketRequestPayment","GetBucketTagging","GetBucketVersioning","GetBucketWebsite","GetEncryptionConfiguration","GetIntelligentTieringConfiguration","GetInventoryConfiguration","GetJobTagging","GetLifecycleConfiguration","GetMetricsConfiguration","GetMultiRegionAccessPoint","GetMultiRegionAccessPointPolicy","GetMultiRegionAccessPointPolicyStatus","GetObject","GetObjectAcl","GetObjectAttributes","GetObjectLegalHold","GetObjectRetention","GetObjectTagging","GetObjectTorrent","GetObjectVersion","GetObjectVersionAcl","GetObjectVersionAttributes","GetObjectVersionForReplication","GetObjectVersionTagging","GetObjectVersionTorrent","GetReplicationConfiguration","GetStorageLensConfiguration","GetStorageLensConfigurationTagging","GetStorageLensDashboard","InitiateReplication","ListAccessPoints","ListAccessPointsForObjectLambda","ListAllMyBuckets","ListBucket","ListBucketMultipartUploads","ListBucketVersions","ListJobs","ListMultiRegionAccessPoints","ListMultipartUploadParts","ListStorageLensConfigurations","ObjectOwnerOverrideToBucketOwner","PutAccelerateConfiguration","PutAccessPointConfigurationForObjectLambda","PutAccessPointPolicy","PutAccessPointPolicyForObjectLambda","PutAccessPointPublicAccessBlock","PutAccountPublicAccessBlock","PutAnalyticsConfiguration","PutBucketAcl","PutBucketCORS","PutBucketLogging","PutBucketNotification","PutBucketObjectLockConfiguration","PutBucketOwnershipControls","PutBucketPolicy","PutBucketPublicAccessBlock","PutBucketRequestPayment","PutBucketTagging","PutBucketVersioning","PutBucketWebsite","PutEncryptionConfiguration","PutIntelligentTieringConfiguration","PutInventoryConfiguration","PutJobTagging","PutLifecycleConfiguration","PutMetricsConfiguration","PutMultiRegionAccessPointPolicy","PutObject","PutObjectAcl","PutObjectLegalHold","PutObjectRetention","PutObjectTagging","PutObjectVersionAcl","PutObjectVersionTagging","PutReplicationConfiguration","PutStorageLensConfiguration","PutStorageLensConfigurationTagging","ReplicateDelete","ReplicateObject","ReplicateTags","RestoreObject","UpdateJobPriority","UpdateJobStatus"],"ARNFormat":"arn:aws:s3:::${BucketName}/${KeyName}","ARNRegex":"^arn:aws:s3:::.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:RequestedRegion","aws:ResourceTag/${TagKey}","aws:TagKeys","s3:AccessPointNetworkOrigin","s3:DataAccessPointAccount","s3:DataAccessPointArn","s3:ExistingJobOperation","s3:ExistingJobPriority","s3:ExistingObjectTag/","s3:JobSuspendedCause","s3:LocationConstraint","s3:RequestJobOperation","s3:RequestJobPriority","s3:RequestObjectTag/","s3:RequestObjectTagKeys","s3:ResourceAccount","s3:TlsVersion","s3:VersionId","s3:authType","s3:delimiter","s3:locationconstraint","s3:max-keys","s3:object-lock-legal-hold","s3:object-lock-mode","s3:object-lock-remaining-retention-days","s3:object-lock-retain-until-date","s3:prefix","s3:signatureAge","s3:signatureversion","s3:versionid","s3:x-amz-acl","s3:x-amz-content-sha256","s3:x-amz-copy-source","s3:x-amz-grant-full-control","s3:x-amz-grant-read","s3:x-amz-grant-read-acp","s3:x-amz-grant-write","s3:x-amz-grant-write-acp","s3:x-amz-metadata-directive","s3:x-amz-object-ownership","s3:x-amz-server-side-encryption","s3:x-amz-server-side-encryption-aws-kms-key-id","s3:x-amz-storage-class","s3:x-amz-website-redirect-location"],"HasResource":true},"Amazon SageMaker":{"StringPrefix":"sagemaker","Actions":["AddAssociation","AddTags","AssociateTrialComponent","BatchDescribeModelPackage","BatchGetMetrics","BatchGetRecord","BatchPutMetrics","CreateAction","CreateAlgorithm","CreateApp","CreateAppImageConfig","CreateArtifact","CreateAutoMLJob","CreateCodeRepository","CreateCompilationJob","CreateContext","CreateDataQualityJobDefinition","CreateDeviceFleet","CreateDomain","CreateEdgePackagingJob","CreateEndpoint","CreateEndpointConfig","CreateExperiment","CreateFeatureGroup","CreateFlowDefinition","CreateHumanTaskUi","CreateHyperParameterTuningJob","CreateImage","CreateImageVersion","CreateInferenceRecommendationsJob","CreateLabelingJob","CreateLineageGroupPolicy","CreateModel","CreateModelBiasJobDefinition","CreateModelExplainabilityJobDefinition","CreateModelPackage","CreateModelPackageGroup","CreateModelQualityJobDefinition","CreateMonitoringSchedule","CreateNotebookInstance","CreateNotebookInstanceLifecycleConfig","CreatePipeline","CreatePresignedDomainUrl","CreatePresignedNotebookInstanceUrl","CreateProcessingJob","CreateProject","CreateStudioLifecycleConfig","CreateTrainingJob","CreateTransformJob","CreateTrial","CreateTrialComponent","CreateUserProfile","CreateWorkforce","CreateWorkteam","DeleteAction","DeleteAlgorithm","DeleteApp","DeleteAppImageConfig","DeleteArtifact","DeleteAssociation","DeleteCodeRepository","DeleteContext","DeleteDataQualityJobDefinition","DeleteDeviceFleet","DeleteDomain","DeleteEndpoint","DeleteEndpointConfig","DeleteExperiment","DeleteFeatureGroup","DeleteFlowDefinition","DeleteHumanLoop","DeleteHumanTaskUi","DeleteImage","DeleteImageVersion","DeleteLineageGroupPolicy","DeleteModel","DeleteModelBiasJobDefinition","DeleteModelExplainabilityJobDefinition","DeleteModelPackage","DeleteModelPackageGroup","DeleteModelPackageGroupPolicy","DeleteModelQualityJobDefinition","DeleteMonitoringSchedule","DeleteNotebookInstance","DeleteNotebookInstanceLifecycleConfig","DeletePipeline","DeleteProject","DeleteRecord","DeleteStudioLifecycleConfig","DeleteTags","DeleteTrial","DeleteTrialComponent","DeleteUserProfile","DeleteWorkforce","DeleteWorkteam","DeregisterDevices","DescribeAction","DescribeAlgorithm","DescribeApp","DescribeAppImageConfig","DescribeArtifact","DescribeAutoMLJob","DescribeCodeRepository","DescribeCompilationJob","DescribeContext","DescribeDataQualityJobDefinition","DescribeDevice","DescribeDeviceFleet","DescribeDomain","DescribeEdgePackagingJob","DescribeEndpoint","DescribeEndpointConfig","DescribeExperiment","DescribeFeatureGroup","DescribeFlowDefinition","DescribeHumanLoop","DescribeHumanTaskUi","DescribeHyperParameterTuningJob","DescribeImage","DescribeImageVersion","DescribeInferenceRecommendationsJob","DescribeLabelingJob","DescribeLineageGroup","DescribeModel","DescribeModelBiasJobDefinition","DescribeModelExplainabilityJobDefinition","DescribeModelPackage","DescribeModelPackageGroup","DescribeModelQualityJobDefinition","DescribeMonitoringSchedule","DescribeNotebookInstance","DescribeNotebookInstanceLifecycleConfig","DescribePipeline","DescribePipelineDefinitionForExecution","DescribePipelineExecution","DescribeProcessingJob","DescribeProject","DescribeStudioLifecycleConfig","DescribeSubscribedWorkteam","DescribeTrainingJob","DescribeTransformJob","DescribeTrial","DescribeTrialComponent","DescribeUserProfile","DescribeWorkforce","DescribeWorkteam","DisableSagemakerServicecatalogPortfolio","DisassociateTrialComponent","EnableSagemakerServicecatalogPortfolio","GetDeviceFleetReport","GetDeviceRegistration","GetLineageGroupPolicy","GetModelPackageGroupPolicy","GetRecord","GetSagemakerServicecatalogPortfolioStatus","GetSearchSuggestions","InvokeEndpoint","InvokeEndpointAsync","ListActions","ListAlgorithms","ListAppImageConfigs","ListApps","ListArtifacts","ListAssociations","ListAutoMLJobs","ListCandidatesForAutoMLJob","ListCodeRepositories","ListCompilationJobs","ListContexts","ListDataQualityJobDefinitions","ListDeviceFleets","ListDevices","ListDomains","ListEdgePackagingJobs","ListEndpointConfigs","ListEndpoints","ListExperiments","ListFeatureGroups","ListFlowDefinitions","ListHumanLoops","ListHumanTaskUis","ListHyperParameterTuningJobs","ListImageVersions","ListImages","ListInferenceRecommendationsJobs","ListLabelingJobs","ListLabelingJobsForWorkteam","ListLineageGroups","ListModelBiasJobDefinitions","ListModelExplainabilityJobDefinitions","ListModelMetadata","ListModelPackageGroups","ListModelPackages","ListModelQualityJobDefinitions","ListModels","ListMonitoringExecutions","ListMonitoringSchedules","ListNotebookInstanceLifecycleConfigs","ListNotebookInstances","ListPipelineExecutionSteps","ListPipelineExecutions","ListPipelineParametersForExecution","ListPipelines","ListProcessingJobs","ListProjects","ListStudioLifecycleConfigs","ListSubscribedWorkteams","ListTags","ListTrainingJobs","ListTrainingJobsForHyperParameterTuningJob","ListTransformJobs","ListTrialComponents","ListTrials","ListUserProfiles","ListWorkforces","ListWorkteams","PutLineageGroupPolicy","PutModelPackageGroupPolicy","PutRecord","QueryLineage","RegisterDevices","RenderUiTemplate","RetryPipelineExecution","Search","SendHeartbeat","SendPipelineExecutionStepFailure","SendPipelineExecutionStepSuccess","StartHumanLoop","StartMonitoringSchedule","StartNotebookInstance","StartPipelineExecution","StopAutoMLJob","StopCompilationJob","StopEdgePackagingJob","StopHumanLoop","StopHyperParameterTuningJob","StopInferenceRecommendationsJob","StopLabelingJob","StopMonitoringSchedule","StopNotebookInstance","StopPipelineExecution","StopProcessingJob","StopTrainingJob","StopTransformJob","UpdateAction","UpdateAppImageConfig","UpdateArtifact","UpdateCodeRepository","UpdateContext","UpdateDeviceFleet","UpdateDevices","UpdateDomain","UpdateEndpoint","UpdateEndpointWeightsAndCapacities","UpdateExperiment","UpdateImage","UpdateModelPackage","UpdateMonitoringSchedule","UpdateNotebookInstance","UpdateNotebookInstanceLifecycleConfig","UpdatePipeline","UpdatePipelineExecution","UpdateProject","UpdateTrainingJob","UpdateTrial","UpdateTrialComponent","UpdateUserProfile","UpdateWorkforce","UpdateWorkteam"],"ARNFormat":"arn:${Partition}:sagemaker:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:sagemaker:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","sagemaker:AcceleratorTypes","sagemaker:AppNetworkAccessType","sagemaker:DirectInternetAccess","sagemaker:DomainSharingOutputKmsKey","sagemaker:FeatureGroupOfflineStoreKmsKey","sagemaker:FeatureGroupOfflineStoreS3Uri","sagemaker:FeatureGroupOnlineStoreKmsKey","sagemaker:FileSystemAccessMode","sagemaker:FileSystemDirectoryPath","sagemaker:FileSystemId","sagemaker:FileSystemType","sagemaker:HomeEfsFileSystemKmsKey","sagemaker:ImageArns","sagemaker:ImageVersionArns","sagemaker:InstanceTypes","sagemaker:InterContainerTrafficEncryption","sagemaker:MaxRuntimeInSeconds","sagemaker:ModelApprovalStatus","sagemaker:ModelArn","sagemaker:NetworkIsolation","sagemaker:OutputKmsKey","sagemaker:ResourceTag/","sagemaker:ResourceTag/${TagKey}","sagemaker:RootAccess","sagemaker:ServerlessMaxConcurrency","sagemaker:ServerlessMemorySize","sagemaker:TargetModel","sagemaker:VolumeKmsKey","sagemaker:VpcSecurityGroupIds","sagemaker:VpcSubnets","sagemaker:WorkteamArn","sagemaker:WorkteamType"],"HasResource":true},"AWS Lake Formation":{"StringPrefix":"lakeformation","Actions":["AddLFTagsToResource","BatchGrantPermissions","BatchRevokePermissions","CancelTransaction","CommitTransaction","CreateDataCellsFilter","CreateLFTag","DeleteDataCellsFilter","DeleteLFTag","DeleteObjectsOnCancel","DeregisterResource","DescribeResource","DescribeTransaction","ExtendTransaction","GetDataAccess","GetDataLakeSettings","GetEffectivePermissionsForPath","GetLFTag","GetQueryState","GetQueryStatistics","GetResourceLFTags","GetTableObjects","GetWorkUnitResults","GetWorkUnits","GrantPermissions","ListDataCellsFilter","ListLFTags","ListPermissions","ListResources","ListTableStorageOptimizers","ListTransactions","PutDataLakeSettings","RegisterResource","RemoveLFTagsFromResource","RevokePermissions","SearchDatabasesByLFTags","SearchTablesByLFTags","StartQueryPlanning","StartTransaction","UpdateLFTag","UpdateResource","UpdateTableObjects","UpdateTableStorageOptimizer"],"ARNFormat":"arn:${Partition}:lakeformation:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:aws:lakeformation:.+:.+","HasResource":false},"Amazon Redshift Data API":{"StringPrefix":"redshift-data","Actions":["BatchExecuteStatement","CancelStatement","DescribeStatement","DescribeTable","ExecuteStatement","GetStatementResult","ListDatabases","ListSchemas","ListStatements","ListTables"],"ARNFormat":"arn:aws:redshift:::","ARNRegex":"^arn:aws:redshift:.+:.+:.+","conditionKeys":["aws:ResourceTag/${TagKey}","redshift-data:statement-owner-iam-userid"],"HasResource":true},"Amazon Managed Service for Prometheus":{"StringPrefix":"aps","Actions":["CreateAlertManagerAlerts","CreateAlertManagerDefinition","CreateRuleGroupsNamespace","CreateWorkspace","DeleteAlertManagerDefinition","DeleteAlertManagerSilence","DeleteRuleGroupsNamespace","DeleteWorkspace","DescribeAlertManagerDefinition","DescribeRuleGroupsNamespace","DescribeWorkspace","GetAlertManagerSilence","GetAlertManagerStatus","GetLabels","GetMetricMetadata","GetSeries","ListAlertManagerAlertGroups","ListAlertManagerAlerts","ListAlertManagerReceivers","ListAlertManagerSilences","ListAlerts","ListRuleGroupsNamespaces","ListRules","ListTagsForResource","ListWorkspaces","PutAlertManagerDefinition","PutAlertManagerSilences","PutRuleGroupsNamespace","QueryMetrics","RemoteWrite","TagResource","UntagResource","UpdateWorkspaceAlias"],"ARNFormat":"arn:aws:aps:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:aps:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Mobile Hub":{"StringPrefix":"mobilehub","Actions":["CreateProject","CreateServiceRole","DeleteProject","DeleteProjectSnapshot","DeployToStage","DescribeBundle","ExportBundle","ExportProject","GenerateProjectParameters","GetProject","GetProjectSnapshot","ImportProject","InstallBundle","ListAvailableConnectors","ListAvailableFeatures","ListAvailableRegions","ListBundles","ListProjectSnapshots","ListProjects","SynchronizeProject","UpdateProject","ValidateProject","VerifyServiceRole"],"ARNFormat":"arn:aws:mobilehub:::project/","ARNRegex":"^arn:aws:mobilehub:.+:[0-9]+:.+","HasResource":true},"AWS Global Accelerator":{"StringPrefix":"globalaccelerator","Actions":["AddCustomRoutingEndpoints","AdvertiseByoipCidr","AllowCustomRoutingTraffic","CreateAccelerator","CreateCustomRoutingAccelerator","CreateCustomRoutingEndpointGroup","CreateCustomRoutingListener","CreateEndpointGroup","CreateListener","DeleteAccelerator","DeleteCustomRoutingAccelerator","DeleteCustomRoutingEndpointGroup","DeleteCustomRoutingListener","DeleteEndpointGroup","DeleteListener","DenyCustomRoutingTraffic","DeprovisionByoipCidr","DescribeAccelerator","DescribeAcceleratorAttributes","DescribeCustomRoutingAccelerator","DescribeCustomRoutingAcceleratorAttributes","DescribeCustomRoutingEndpointGroup","DescribeCustomRoutingListener","DescribeEndpointGroup","DescribeListener","ListAccelerators","ListByoipCidrs","ListCustomRoutingAccelerators","ListCustomRoutingEndpointGroups","ListCustomRoutingListeners","ListCustomRoutingPortMappings","ListCustomRoutingPortMappingsByDestination","ListEndpointGroups","ListListeners","ListTagsForResource","ProvisionByoipCidr","RemoveCustomRoutingEndpoints","TagResource","UntagResource","UpdateAccelerator","UpdateAcceleratorAttributes","UpdateCustomRoutingAccelerator","UpdateCustomRoutingAcceleratorAttributes","UpdateCustomRoutingListener","UpdateEndpointGroup","UpdateListener","WithdrawByoipCidr"],"ARNFormat":"arn:aws:globalaccelerator::${Account}:accelerator/${AcceleratorId}","ARNRegex":"^arn:aws:globalaccelerator::.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Connect Customer Profiles":{"StringPrefix":"profile","Actions":["AddProfileKey","CreateDomain","CreateIntegrationWorkflow","CreateProfile","DeleteDomain","DeleteIntegration","DeleteProfile","DeleteProfileKey","DeleteProfileObject","DeleteProfileObjectType","DeleteWorkflow","GetAutoMergingPreview","GetDomain","GetIdentityResolutionJob","GetIntegration","GetMatches","GetProfileObjectType","GetProfileObjectTypeTemplate","GetWorkflow","GetWorkflowSteps","ListAccountIntegrations","ListDomains","ListIdentityResolutionJobs","ListIntegrations","ListProfileObjectTypeTemplates","ListProfileObjectTypes","ListProfileObjects","ListTagsForResource","ListWorkflows","MergeProfiles","PutIntegration","PutProfileObject","PutProfileObjectType","SearchProfiles","TagResource","UntagResource","UpdateDomain","UpdateProfile"],"ARNFormat":"arn:aws:profile:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:profile:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Serverless Application Repository":{"StringPrefix":"serverlessrepo","Actions":["CreateApplication","CreateApplicationVersion","CreateCloudFormationChangeSet","CreateCloudFormationTemplate","DeleteApplication","GetApplication","GetApplicationPolicy","GetCloudFormationTemplate","ListApplicationDependencies","ListApplicationVersions","ListApplications","PutApplicationPolicy","SearchApplications","UnshareApplication","UpdateApplication"],"ARNFormat":"arn:aws:serverlessrepo:::/","ARNRegex":"^arn:aws:serverlessrepo:.+:.+:.+","conditionKeys":["serverlessrepo:applicationType"],"HasResource":true},"Amazon Forecast":{"StringPrefix":"forecast","Actions":["CreateAutoPredictor","CreateDataset","CreateDatasetGroup","CreateDatasetImportJob","CreateExplainability","CreateExplainabilityExport","CreateForecast","CreateForecastExportJob","CreatePredictor","CreatePredictorBacktestExportJob","DeleteDataset","DeleteDatasetGroup","DeleteDatasetImportJob","DeleteExplainability","DeleteExplainabilityExport","DeleteForecast","DeleteForecastExportJob","DeletePredictor","DeletePredictorBacktestExportJob","DeleteResourceTree","DescribeAutoPredictor","DescribeDataset","DescribeDatasetGroup","DescribeDatasetImportJob","DescribeExplainability","DescribeExplainabilityExport","DescribeForecast","DescribeForecastExportJob","DescribePredictor","DescribePredictorBacktestExportJob","GetAccuracyMetrics","ListDatasetGroups","ListDatasetImportJobs","ListDatasets","ListExplainabilities","ListExplainabilityExports","ListForecastExportJobs","ListForecasts","ListPredictorBacktestExportJobs","ListPredictors","ListTagsForResource","QueryForecast","StopResource","TagResource","UntagResource","UpdateDatasetGroup"],"ARNFormat":"arn:aws:forecast:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:forecast:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Cloud Directory":{"StringPrefix":"clouddirectory","Actions":["AddFacetToObject","ApplySchema","AttachObject","AttachPolicy","AttachToIndex","AttachTypedLink","BatchRead","BatchWrite","CreateDirectory","CreateFacet","CreateIndex","CreateObject","CreateSchema","CreateTypedLinkFacet","DeleteDirectory","DeleteFacet","DeleteObject","DeleteSchema","DeleteTypedLinkFacet","DetachFromIndex","DetachObject","DetachPolicy","DetachTypedLink","DisableDirectory","EnableDirectory","GetAppliedSchemaVersion","GetDirectory","GetFacet","GetLinkAttributes","GetObjectAttributes","GetObjectInformation","GetSchemaAsJson","GetTypedLinkFacetInformation","ListAppliedSchemaArns","ListAttachedIndices","ListDevelopmentSchemaArns","ListDirectories","ListFacetAttributes","ListFacetNames","ListIncomingTypedLinks","ListIndex","ListManagedSchemaArns","ListObjectAttributes","ListObjectChildren","ListObjectParentPaths","ListObjectParents","ListObjectPolicies","ListOutgoingTypedLinks","ListPolicyAttachments","ListPublishedSchemaArns","ListTagsForResource","ListTypedLinkFacetAttributes","ListTypedLinkFacetNames","LookupPolicy","PublishSchema","PutSchemaFromJson","RemoveFacetFromObject","TagResource","UntagResource","UpdateFacet","UpdateLinkAttributes","UpdateObjectAttributes","UpdateSchema","UpdateTypedLinkFacet","UpgradeAppliedSchema","UpgradePublishedSchema"],"ARNFormat":"arn:aws:clouddirectory::${Region}:${Account}:${RelativeId}","ARNRegex":"^arn:${Partition}:clouddirectory:.+:[0-9]+:(directory|schema)/.+","HasResource":true},"AWS Elemental MediaTailor":{"StringPrefix":"mediatailor","Actions":["ConfigureLogsForPlaybackConfiguration","CreateChannel","CreateLiveSource","CreatePrefetchSchedule","CreateProgram","CreateSourceLocation","CreateVodSource","DeleteChannel","DeleteChannelPolicy","DeleteLiveSource","DeletePlaybackConfiguration","DeletePrefetchSchedule","DeleteProgram","DeleteSourceLocation","DeleteVodSource","DescribeChannel","DescribeLiveSource","DescribeProgram","DescribeSourceLocation","DescribeVodSource","GetChannelPolicy","GetChannelSchedule","GetPlaybackConfiguration","GetPrefetchSchedule","ListAlerts","ListChannels","ListLiveSources","ListPlaybackConfigurations","ListPrefetchSchedules","ListSourceLocations","ListTagsForResource","ListVodSources","PutChannelPolicy","PutPlaybackConfiguration","StartChannel","StopChannel","TagResource","UntagResource","UpdateChannel","UpdateLiveSource","UpdateSourceLocation","UpdateVodSource"],"ARNFormat":"arn:aws:mediatailor:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:mediatailor:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Route 53":{"StringPrefix":"route53","Actions":["ActivateKeySigningKey","AssociateVPCWithHostedZone","ChangeResourceRecordSets","ChangeTagsForResource","CreateHealthCheck","CreateHostedZone","CreateKeySigningKey","CreateQueryLoggingConfig","CreateReusableDelegationSet","CreateTrafficPolicy","CreateTrafficPolicyInstance","CreateTrafficPolicyVersion","CreateVPCAssociationAuthorization","DeactivateKeySigningKey","DeleteHealthCheck","DeleteHostedZone","DeleteKeySigningKey","DeleteQueryLoggingConfig","DeleteReusableDelegationSet","DeleteTrafficPolicy","DeleteTrafficPolicyInstance","DeleteVPCAssociationAuthorization","DisableHostedZoneDNSSEC","DisassociateVPCFromHostedZone","EnableHostedZoneDNSSEC","GetAccountLimit","GetChange","GetCheckerIpRanges","GetDNSSEC","GetGeoLocation","GetHealthCheck","GetHealthCheckCount","GetHealthCheckLastFailureReason","GetHealthCheckStatus","GetHostedZone","GetHostedZoneCount","GetHostedZoneLimit","GetQueryLoggingConfig","GetReusableDelegationSet","GetReusableDelegationSetLimit","GetTrafficPolicy","GetTrafficPolicyInstance","GetTrafficPolicyInstanceCount","ListGeoLocations","ListHealthChecks","ListHostedZones","ListHostedZonesByName","ListHostedZonesByVPC","ListQueryLoggingConfigs","ListResourceRecordSets","ListReusableDelegationSets","ListTagsForResource","ListTagsForResources","ListTrafficPolicies","ListTrafficPolicyInstances","ListTrafficPolicyInstancesByHostedZone","ListTrafficPolicyInstancesByPolicy","ListTrafficPolicyVersions","ListVPCAssociationAuthorizations","TestDNSAnswer","UpdateHealthCheck","UpdateHostedZoneComment","UpdateTrafficPolicyComment","UpdateTrafficPolicyInstance"],"ARNFormat":"arn:${Partition}:route53:::${Resource}/{$Id}","ARNRegex":"^arn:${Partition}:route53:::.+","HasResource":true},"Amazon SimpleDB":{"StringPrefix":"sdb","Actions":["BatchDeleteAttributes","BatchPutAttributes","CreateDomain","DeleteAttributes","DeleteDomain","DomainMetadata","GetAttributes","ListDomains","PutAttributes","Select"],"ARNFormat":"arn:${Partition}:sdb:${Region}:${Account}:domain/${DomainName}","ARNRegex":"^arn:${Partition}:sdb:.+","HasResource":true},"AWS Security Token Service":{"StringPrefix":"sts","Actions":["AssumeRole","AssumeRoleWithSAML","AssumeRoleWithWebIdentity","DecodeAuthorizationMessage","GetAccessKeyInfo","GetCallerIdentity","GetFederationToken","GetServiceBearerToken","GetSessionToken","SetSourceIdentity","TagSession"],"ARNFormat":"arn:aws:iam::${Namespace}:${RelativeId}","ARNRegex":"^arn:aws:iam::.+","conditionKeys":["accounts.google.com:aud","accounts.google.com:oaud","accounts.google.com:sub","aws:FederatedProvider","aws:PrincipalTag/${TagKey}","aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:SourceIdentity","aws:TagKeys","cognito-identity.amazonaws.com:amr","cognito-identity.amazonaws.com:aud","cognito-identity.amazonaws.com:sub","graph.facebook.com:app_id","graph.facebook.com:id","iam:ResourceTag/${TagKey}","saml:aud","saml:cn","saml:commonName","saml:doc","saml:eduorghomepageuri","saml:eduorgidentityauthnpolicyuri","saml:eduorglegalname","saml:eduorgsuperioruri","saml:eduorgwhitepagesuri","saml:edupersonaffiliation","saml:edupersonassurance","saml:edupersonentitlement","saml:edupersonnickname","saml:edupersonorgdn","saml:edupersonorgunitdn","saml:edupersonprimaryaffiliation","saml:edupersonprimaryorgunitdn","saml:edupersonprincipalname","saml:edupersonscopedaffiliation","saml:edupersontargetedid","saml:givenName","saml:iss","saml:mail","saml:name","saml:namequalifier","saml:organizationStatus","saml:primaryGroupSID","saml:sub","saml:sub_type","saml:surname","saml:uid","saml:x500UniqueIdentifier","sts:AWSServiceName","sts:ExternalId","sts:RoleSessionName","sts:SourceIdentity","sts:TransitiveTagKeys","www.amazon.com:app_id","www.amazon.com:user_id"],"HasResource":true},"AWS Elemental MediaPackage":{"StringPrefix":"mediapackage","Actions":["ConfigureLogs","CreateChannel","CreateHarvestJob","CreateOriginEndpoint","DeleteChannel","DeleteOriginEndpoint","DescribeChannel","DescribeHarvestJob","DescribeOriginEndpoint","ListChannels","ListHarvestJobs","ListOriginEndpoints","ListTagsForResource","RotateChannelCredentials","RotateIngestEndpointCredentials","TagResource","UntagResource","UpdateChannel","UpdateOriginEndpoint"],"ARNFormat":"arn:aws:mediapackage:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}","ARNRegex":"^arn:aws:mediapackage:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Keyspaces (for Apache Cassandra)":{"StringPrefix":"cassandra","Actions":["Alter","Create","Drop","Modify","Restore","Select","TagResource","UntagResource","UpdatePartitioner"],"ARNFormat":"arn:${Partition}:cassandra:${Region}:${Account}:/${ResourceType}/${ResourcePath}/","ARNRegex":"^arn:${Partition}:cassandra:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Resilience Hub Service":{"StringPrefix":"resiliencehub","Actions":["AddDraftAppVersionResourceMappings","CreateApp","CreateRecommendationTemplate","CreateResiliencyPolicy","DeleteApp","DeleteAppAssessment","DeleteRecommendationTemplate","DeleteResiliencyPolicy","DescribeApp","DescribeAppAssessment","DescribeAppVersionResourcesResolutionStatus","DescribeAppVersionTemplate","DescribeDraftAppVersionResourcesImportStatus","DescribeResiliencyPolicy","ImportResourcesToDraftAppVersion","ListAlarmRecommendations","ListAppAssessments","ListAppComponentCompliances","ListAppComponentRecommendations","ListAppVersionResourceMappings","ListAppVersionResources","ListAppVersions","ListApps","ListRecommendationTemplates","ListResiliencyPolicies","ListSopRecommendations","ListSuggestedResiliencyPolicies","ListTagsForResource","ListTestRecommendations","ListUnsupportedAppVersionResources","PublishAppVersion","PutDraftAppVersionTemplate","RemoveDraftAppVersionResourceMappings","ResolveAppVersionResources","StartAppAssessment","TagResource","UntagResource","UpdateApp","UpdateResiliencyPolicy"],"ARNFormat":"arn:aws:resiliencehub:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:resiliencehub:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Systems Manager GUI Connect":{"StringPrefix":"ssm-guiconnect","Actions":["CancelConnection","GetConnection","StartConnection"],"HasResource":false},"Amazon Athena":{"StringPrefix":"athena","Actions":["BatchGetNamedQuery","BatchGetQueryExecution","CreateDataCatalog","CreateNamedQuery","CreatePreparedStatement","CreateWorkGroup","DeleteDataCatalog","DeleteNamedQuery","DeletePreparedStatement","DeleteWorkGroup","GetDataCatalog","GetDatabase","GetNamedQuery","GetPreparedStatement","GetQueryExecution","GetQueryResults","GetQueryResultsStream","GetTableMetadata","GetWorkGroup","ListDataCatalogs","ListDatabases","ListEngineVersions","ListNamedQueries","ListPreparedStatements","ListQueryExecutions","ListTableMetadata","ListTagsForResource","ListWorkGroups","StartQueryExecution","StopQueryExecution","TagResource","UntagResource","UpdateDataCatalog","UpdateNamedQuery","UpdatePreparedStatement","UpdateWorkGroup"],"ARNFormat":"arn:${Partition}:athena:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:${Partition}:athena:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Marketplace Metering Service":{"StringPrefix":"aws-marketplace","Actions":["BatchMeterUsage","MeterUsage","RegisterUsage","ResolveCustomer"],"HasResource":false},"AWS Marketplace Procurement Systems Integration":{"StringPrefix":"aws-marketplace","Actions":["DescribeProcurementSystemConfiguration","PutProcurementSystemConfiguration"],"HasResource":false},"AWS Marketplace Private Marketplace":{"StringPrefix":"aws-marketplace","Actions":["AssociateProductsWithPrivateMarketplace","CreatePrivateMarketplaceRequests","DescribePrivateMarketplaceRequests","DisassociateProductsFromPrivateMarketplace","ListPrivateMarketplaceRequests"],"HasResource":false},"AWS Marketplace Catalog":{"StringPrefix":"aws-marketplace","Actions":["CancelChangeSet","CompleteTask","DescribeChangeSet","DescribeEntity","DescribeTask","ListChangeSets","ListEntities","ListTasks","StartChangeSet","UpdateTask"],"ARNFormat":"arn:${Partition}:aws-marketplace:${Region}:${Account}:${Catalog}/${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:aws-marketplace:.+","conditionKeys":["catalog:ChangeType"],"HasResource":true},"AWS Marketplace Image Building Service":{"StringPrefix":"aws-marketplace","Actions":["DescribeBuilds","ListBuilds","StartBuild"],"HasResource":false},"AWS Marketplace Entitlement Service":{"StringPrefix":"aws-marketplace","Actions":["GetEntitlements"],"HasResource":false},"AWS Marketplace":{"StringPrefix":"aws-marketplace","Actions":["AcceptAgreementApprovalRequest","CancelAgreementRequest","DescribeAgreement","GetAgreementApprovalRequest","GetAgreementRequest","GetAgreementTerms","ListAgreementApprovalRequests","ListAgreementRequests","RejectAgreementApprovalRequest","SearchAgreements","Subscribe","Unsubscribe","UpdateAgreementApprovalRequest","ViewSubscriptions"],"conditionKeys":["aws-marketplace:AgreementType","aws-marketplace:PartyType","aws-marketplace:ProductId"],"HasResource":false},"Amazon Pinpoint":{"StringPrefix":"mobiletargeting","Actions":["CreateApp","CreateCampaign","CreateEmailTemplate","CreateExportJob","CreateImportJob","CreateInAppTemplate","CreateJourney","CreatePushTemplate","CreateRecommenderConfiguration","CreateSegment","CreateSmsTemplate","CreateVoiceTemplate","DeleteAdmChannel","DeleteApnsChannel","DeleteApnsSandboxChannel","DeleteApnsVoipChannel","DeleteApnsVoipSandboxChannel","DeleteApp","DeleteBaiduChannel","DeleteCampaign","DeleteEmailChannel","DeleteEmailTemplate","DeleteEndpoint","DeleteEventStream","DeleteGcmChannel","DeleteInAppTemplate","DeleteJourney","DeletePushTemplate","DeleteRecommenderConfiguration","DeleteSegment","DeleteSmsChannel","DeleteSmsTemplate","DeleteUserEndpoints","DeleteVoiceChannel","DeleteVoiceTemplate","GetAdmChannel","GetApnsChannel","GetApnsSandboxChannel","GetApnsVoipChannel","GetApnsVoipSandboxChannel","GetApp","GetApplicationDateRangeKpi","GetApplicationSettings","GetApps","GetBaiduChannel","GetCampaign","GetCampaignActivities","GetCampaignDateRangeKpi","GetCampaignVersion","GetCampaignVersions","GetCampaigns","GetChannels","GetEmailChannel","GetEmailTemplate","GetEndpoint","GetEventStream","GetExportJob","GetExportJobs","GetGcmChannel","GetImportJob","GetImportJobs","GetInAppMessages","GetInAppTemplate","GetJourney","GetJourneyDateRangeKpi","GetJourneyExecutionActivityMetrics","GetJourneyExecutionMetrics","GetPushTemplate","GetRecommenderConfiguration","GetRecommenderConfigurations","GetReports","GetSegment","GetSegmentExportJobs","GetSegmentImportJobs","GetSegmentVersion","GetSegmentVersions","GetSegments","GetSmsChannel","GetSmsTemplate","GetUserEndpoints","GetVoiceChannel","GetVoiceTemplate","ListJourneys","ListTagsForResource","ListTemplateVersions","ListTemplates","PhoneNumberValidate","PutEventStream","PutEvents","RemoveAttributes","SendMessages","SendOTPMessage","SendUsersMessages","TagResource","UntagResource","UpdateAdmChannel","UpdateApnsChannel","UpdateApnsSandboxChannel","UpdateApnsVoipChannel","UpdateApnsVoipSandboxChannel","UpdateApplicationSettings","UpdateBaiduChannel","UpdateCampaign","UpdateEmailChannel","UpdateEmailTemplate","UpdateEndpoint","UpdateEndpointsBatch","UpdateGcmChannel","UpdateInAppTemplate","UpdateJourney","UpdateJourneyState","UpdatePushTemplate","UpdateRecommenderConfiguration","UpdateSegment","UpdateSmsChannel","UpdateSmsTemplate","UpdateTemplateActiveVersion","UpdateVoiceChannel","UpdateVoiceTemplate","VerifyOTPMessage"],"ARNFormat":"arn:aws:mobiletargeting:${Region}:${Account}:.+","ARNRegex":"^arn:aws:mobiletargeting:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Sumerian":{"StringPrefix":"sumerian","Actions":["Login","ViewRelease"],"ARNFormat":"arn:aws:sumerian:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:aws:sumerian:.+:.+:.+","HasResource":true},"AWS Auto Scaling":{"StringPrefix":"autoscaling-plans","Actions":["CreateScalingPlan","DeleteScalingPlan","DescribeScalingPlanResources","DescribeScalingPlans","GetScalingPlanResourceForecastData","UpdateScalingPlan"],"HasResource":false},"AWS Cost and Usage Report":{"StringPrefix":"cur","Actions":["DeleteReportDefinition","DescribeReportDefinitions","ModifyReportDefinition","PutReportDefinition"],"ARNFormat":"arn:aws:cur:::definition/","ARNRegex":"^arn:aws:cur:.+:.+:.+","HasResource":true},"AWS Identity Store":{"StringPrefix":"identitystore","Actions":["DescribeGroup","DescribeUser","ListGroups","ListUsers"],"ARNFormat":"arn:${Partition}:identitystore:${Region}:${Account}:","ARNRegex":"^arn:${Partition}:identitystore:${Region}:.+","HasResource":false},"Elemental Support Cases":{"StringPrefix":"elemental-support-cases","Actions":["CheckCasePermission","CreateCase","GetCase","GetCases","UpdateCase"],"ARNFormat":"arn:aws:elemental-support-cases:::/","ARNRegex":"^arn:aws:elemental-support-cases:.+:.+:.+","HasResource":false},"Amazon Route 53 Domains":{"StringPrefix":"route53domains","Actions":["AcceptDomainTransferFromAnotherAwsAccount","CancelDomainTransferToAnotherAwsAccount","CheckDomainAvailability","CheckDomainTransferability","DeleteDomain","DeleteTagsForDomain","DisableDomainAutoRenew","DisableDomainTransferLock","EnableDomainAutoRenew","EnableDomainTransferLock","GetContactReachabilityStatus","GetDomainDetail","GetDomainSuggestions","GetOperationDetail","ListDomains","ListOperations","ListPrices","ListTagsForDomain","RegisterDomain","RejectDomainTransferFromAnotherAwsAccount","RenewDomain","ResendContactReachabilityEmail","RetrieveDomainAuthCode","TransferDomain","TransferDomainToAnotherAwsAccount","UpdateDomainContact","UpdateDomainContactPrivacy","UpdateDomainNameservers","UpdateTagsForDomain","ViewBilling"],"HasResource":false},"AWS OpsWorks":{"StringPrefix":"opsworks","Actions":["AssignInstance","AssignVolume","AssociateElasticIp","AttachElasticLoadBalancer","CloneStack","CreateApp","CreateDeployment","CreateInstance","CreateLayer","CreateStack","CreateUserProfile","DeleteApp","DeleteInstance","DeleteLayer","DeleteStack","DeleteUserProfile","DeregisterEcsCluster","DeregisterElasticIp","DeregisterInstance","DeregisterRdsDbInstance","DeregisterVolume","DescribeAgentVersions","DescribeApps","DescribeCommands","DescribeDeployments","DescribeEcsClusters","DescribeElasticIps","DescribeElasticLoadBalancers","DescribeInstances","DescribeLayers","DescribeLoadBasedAutoScaling","DescribeMyUserProfile","DescribeOperatingSystems","DescribePermissions","DescribeRaidArrays","DescribeRdsDbInstances","DescribeServiceErrors","DescribeStackProvisioningParameters","DescribeStackSummary","DescribeStacks","DescribeTimeBasedAutoScaling","DescribeUserProfiles","DescribeVolumes","DetachElasticLoadBalancer","DisassociateElasticIp","GetHostnameSuggestion","GrantAccess","ListTags","RebootInstance","RegisterEcsCluster","RegisterElasticIp","RegisterInstance","RegisterRdsDbInstance","RegisterVolume","SetLoadBasedAutoScaling","SetPermission","SetTimeBasedAutoScaling","StartInstance","StartStack","StopInstance","StopStack","TagResource","UnassignInstance","UnassignVolume","UntagResource","UpdateApp","UpdateElasticIp","UpdateInstance","UpdateLayer","UpdateMyUserProfile","UpdateRdsDbInstance","UpdateStack","UpdateUserProfile","UpdateVolume"],"ARNFormat":"arn:aws:${ServiceName}:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:opsworks:.+","HasResource":true},"Amazon FreeRTOS":{"StringPrefix":"freertos","Actions":["CreateSoftwareConfiguration","DeleteSoftwareConfiguration","DescribeHardwarePlatform","DescribeSoftwareConfiguration","GetSoftwareURL","GetSoftwareURLForConfiguration","ListFreeRTOSVersions","ListHardwarePlatforms","ListHardwareVendors","ListSoftwareConfigurations","UpdateSoftwareConfiguration"],"ARNFormat":"arn:${Partition}:freertos:${Region}:${Account}:${Type}/${Name}","ARNRegex":"^arn:${Partition}:freertos:.+:[0-9]+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS CodeDeploy":{"StringPrefix":"codedeploy","Actions":["AddTagsToOnPremisesInstances","BatchGetApplicationRevisions","BatchGetApplications","BatchGetDeploymentGroups","BatchGetDeploymentInstances","BatchGetDeploymentTargets","BatchGetDeployments","BatchGetOnPremisesInstances","ContinueDeployment","CreateApplication","CreateCloudFormationDeployment","CreateDeployment","CreateDeploymentConfig","CreateDeploymentGroup","DeleteApplication","DeleteDeploymentConfig","DeleteDeploymentGroup","DeleteGitHubAccountToken","DeleteResourcesByExternalId","DeregisterOnPremisesInstance","GetApplication","GetApplicationRevision","GetDeployment","GetDeploymentConfig","GetDeploymentGroup","GetDeploymentInstance","GetDeploymentTarget","GetOnPremisesInstance","ListApplicationRevisions","ListApplications","ListDeploymentConfigs","ListDeploymentGroups","ListDeploymentInstances","ListDeploymentTargets","ListDeployments","ListGitHubAccountTokenNames","ListOnPremisesInstances","ListTagsForResource","PutLifecycleEventHookExecutionStatus","RegisterApplicationRevision","RegisterOnPremisesInstance","RemoveTagsFromOnPremisesInstances","SkipWaitTimeForInstanceTermination","StopDeployment","TagResource","UntagResource","UpdateApplication","UpdateDeploymentGroup"],"ARNFormat":"arn:${Partition}:codedeploy:${Region}:${Account}:${ResourceType}:${ResourceSpecifier}","ARNRegex":"^arn:${Partition}:codedeploy:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Identity And Access Management":{"StringPrefix":"iam","Actions":["AddClientIDToOpenIDConnectProvider","AddRoleToInstanceProfile","AddUserToGroup","AttachGroupPolicy","AttachRolePolicy","AttachUserPolicy","ChangePassword","CreateAccessKey","CreateAccountAlias","CreateGroup","CreateInstanceProfile","CreateLoginProfile","CreateOpenIDConnectProvider","CreatePolicy","CreatePolicyVersion","CreateRole","CreateSAMLProvider","CreateServiceLinkedRole","CreateServiceSpecificCredential","CreateUser","CreateVirtualMFADevice","DeactivateMFADevice","DeleteAccessKey","DeleteAccountAlias","DeleteAccountPasswordPolicy","DeleteGroup","DeleteGroupPolicy","DeleteInstanceProfile","DeleteLoginProfile","DeleteOpenIDConnectProvider","DeletePolicy","DeletePolicyVersion","DeleteRole","DeleteRolePermissionsBoundary","DeleteRolePolicy","DeleteSAMLProvider","DeleteSSHPublicKey","DeleteServerCertificate","DeleteServiceLinkedRole","DeleteServiceSpecificCredential","DeleteSigningCertificate","DeleteUser","DeleteUserPermissionsBoundary","DeleteUserPolicy","DeleteVirtualMFADevice","DetachGroupPolicy","DetachRolePolicy","DetachUserPolicy","EnableMFADevice","GenerateCredentialReport","GenerateOrganizationsAccessReport","GenerateServiceLastAccessedDetails","GetAccessKeyLastUsed","GetAccountAuthorizationDetails","GetAccountPasswordPolicy","GetAccountSummary","GetContextKeysForCustomPolicy","GetContextKeysForPrincipalPolicy","GetCredentialReport","GetGroup","GetGroupPolicy","GetInstanceProfile","GetLoginProfile","GetOpenIDConnectProvider","GetOrganizationsAccessReport","GetPolicy","GetPolicyVersion","GetRole","GetRolePolicy","GetSAMLProvider","GetSSHPublicKey","GetServerCertificate","GetServiceLastAccessedDetails","GetServiceLastAccessedDetailsWithEntities","GetServiceLinkedRoleDeletionStatus","GetUser","GetUserPolicy","ListAccessKeys","ListAccountAliases","ListAttachedGroupPolicies","ListAttachedRolePolicies","ListAttachedUserPolicies","ListEntitiesForPolicy","ListGroupPolicies","ListGroups","ListGroupsForUser","ListInstanceProfileTags","ListInstanceProfiles","ListInstanceProfilesForRole","ListMFADeviceTags","ListMFADevices","ListOpenIDConnectProviderTags","ListOpenIDConnectProviders","ListPolicies","ListPoliciesGrantingServiceAccess","ListPolicyTags","ListPolicyVersions","ListRolePolicies","ListRoleTags","ListRoles","ListSAMLProviderTags","ListSAMLProviders","ListSSHPublicKeys","ListServerCertificateTags","ListServerCertificates","ListServiceSpecificCredentials","ListSigningCertificates","ListUserPolicies","ListUserTags","ListUsers","ListVirtualMFADevices","PassRole","PutGroupPolicy","PutRolePermissionsBoundary","PutRolePolicy","PutUserPermissionsBoundary","PutUserPolicy","RemoveClientIDFromOpenIDConnectProvider","RemoveRoleFromInstanceProfile","RemoveUserFromGroup","ResetServiceSpecificCredential","ResyncMFADevice","SetDefaultPolicyVersion","SetSecurityTokenServicePreferences","SimulateCustomPolicy","SimulatePrincipalPolicy","TagInstanceProfile","TagMFADevice","TagOpenIDConnectProvider","TagPolicy","TagRole","TagSAMLProvider","TagServerCertificate","TagUser","UntagInstanceProfile","UntagMFADevice","UntagOpenIDConnectProvider","UntagPolicy","UntagRole","UntagSAMLProvider","UntagServerCertificate","UntagUser","UpdateAccessKey","UpdateAccountPasswordPolicy","UpdateAssumeRolePolicy","UpdateGroup","UpdateLoginProfile","UpdateOpenIDConnectProviderThumbprint","UpdateRole","UpdateRoleDescription","UpdateSAMLProvider","UpdateSSHPublicKey","UpdateServerCertificate","UpdateServiceSpecificCredential","UpdateSigningCertificate","UpdateUser","UploadSSHPublicKey","UploadServerCertificate","UploadSigningCertificate"],"ARNFormat":"arn:aws:iam::${Namespace}:${RelativeId}","ARNRegex":"^arn:aws:iam::.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","iam:AWSServiceName","iam:AssociatedResourceArn","iam:OrganizationsPolicyId","iam:PassedToService","iam:PermissionsBoundary","iam:PolicyARN","iam:ResourceTag/${TagKey}"],"HasResource":true},"Amazon Route 53 Resolver":{"StringPrefix":"route53resolver","Actions":["AssociateFirewallRuleGroup","AssociateResolverEndpointIpAddress","AssociateResolverQueryLogConfig","AssociateResolverRule","CreateFirewallDomainList","CreateFirewallRule","CreateFirewallRuleGroup","CreateResolverEndpoint","CreateResolverQueryLogConfig","CreateResolverRule","DeleteFirewallDomainList","DeleteFirewallRule","DeleteFirewallRuleGroup","DeleteResolverEndpoint","DeleteResolverQueryLogConfig","DeleteResolverRule","DisassociateFirewallRuleGroup","DisassociateResolverEndpointIpAddress","DisassociateResolverQueryLogConfig","DisassociateResolverRule","GetFirewallConfig","GetFirewallDomainList","GetFirewallRuleGroup","GetFirewallRuleGroupAssociation","GetFirewallRuleGroupPolicy","GetResolverConfig","GetResolverDnssecConfig","GetResolverEndpoint","GetResolverQueryLogConfig","GetResolverQueryLogConfigAssociation","GetResolverQueryLogConfigPolicy","GetResolverRule","GetResolverRuleAssociation","GetResolverRulePolicy","ImportFirewallDomains","ListFirewallConfigs","ListFirewallDomainLists","ListFirewallDomains","ListFirewallRuleGroupAssociations","ListFirewallRuleGroups","ListFirewallRules","ListResolverConfigs","ListResolverDnssecConfigs","ListResolverEndpointIpAddresses","ListResolverEndpoints","ListResolverQueryLogConfigAssociations","ListResolverQueryLogConfigs","ListResolverRuleAssociations","ListResolverRules","ListTagsForResource","PutFirewallRuleGroupPolicy","PutResolverQueryLogConfigPolicy","PutResolverRulePolicy","TagResource","UntagResource","UpdateFirewallConfig","UpdateFirewallDomains","UpdateFirewallRule","UpdateFirewallRuleGroupAssociation","UpdateResolverConfig","UpdateResolverDnssecConfig","UpdateResolverEndpoint","UpdateResolverRule"],"ARNFormat":"arn:${Partition}:route53resolver:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:route53resolver:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon WorkMail":{"StringPrefix":"workmail","Actions":["AddMembersToGroup","AssociateDelegateToResource","AssociateMemberToGroup","CancelMailboxExportJob","CreateAlias","CreateGroup","CreateInboundMailFlowRule","CreateMailDomain","CreateMailUser","CreateMobileDeviceAccessRule","CreateOrganization","CreateOutboundMailFlowRule","CreateResource","CreateSmtpGateway","CreateUser","DeleteAccessControlRule","DeleteAlias","DeleteEmailMonitoringConfiguration","DeleteGroup","DeleteInboundMailFlowRule","DeleteMailDomain","DeleteMailboxPermissions","DeleteMobileDevice","DeleteMobileDeviceAccessOverride","DeleteMobileDeviceAccessRule","DeleteOrganization","DeleteOutboundMailFlowRule","DeleteResource","DeleteRetentionPolicy","DeleteSmtpGateway","DeleteUser","DeregisterFromWorkMail","DeregisterMailDomain","DescribeDirectories","DescribeEmailMonitoringConfiguration","DescribeGroup","DescribeInboundDmarcSettings","DescribeInboundMailFlowRule","DescribeKmsKeys","DescribeMailDomains","DescribeMailGroups","DescribeMailUsers","DescribeMailboxExportJob","DescribeOrganization","DescribeOrganizations","DescribeOutboundMailFlowRule","DescribeResource","DescribeSmtpGateway","DescribeUser","DisableMailGroups","DisableMailUsers","DisassociateDelegateFromResource","DisassociateMemberFromGroup","EnableMailDomain","EnableMailGroups","EnableMailUsers","GetAccessControlEffect","GetDefaultRetentionPolicy","GetJournalingRules","GetMailDomain","GetMailDomainDetails","GetMailGroupDetails","GetMailUserDetails","GetMailboxDetails","GetMobileDeviceAccessEffect","GetMobileDeviceAccessOverride","GetMobileDeviceDetails","GetMobileDevicesForUser","GetMobilePolicyDetails","ListAccessControlRules","ListAliases","ListGroupMembers","ListGroups","ListInboundMailFlowRules","ListMailDomains","ListMailboxExportJobs","ListMailboxPermissions","ListMembersInMailGroup","ListMobileDeviceAccessOverrides","ListMobileDeviceAccessRules","ListOrganizations","ListOutboundMailFlowRules","ListResourceDelegates","ListResources","ListSmtpGateways","ListTagsForResource","ListUsers","PutAccessControlRule","PutEmailMonitoringConfiguration","PutInboundDmarcSettings","PutMailboxPermissions","PutMobileDeviceAccessOverride","PutRetentionPolicy","RegisterMailDomain","RegisterToWorkMail","RemoveMembersFromGroup","ResetPassword","ResetUserPassword","SearchMembers","SetAdmin","SetDefaultMailDomain","SetJournalingRules","SetMailGroupDetails","SetMailUserDetails","SetMobilePolicyDetails","StartMailboxExportJob","TagResource","TestInboundMailFlowRules","TestOutboundMailFlowRules","UntagResource","UpdateDefaultMailDomain","UpdateInboundMailFlowRule","UpdateMailboxQuota","UpdateMobileDeviceAccessRule","UpdateOutboundMailFlowRule","UpdatePrimaryEmailAddress","UpdateResource","UpdateSmtpGateway","WipeMobileDevice"],"ARNFormat":"arn:${Partition}:workmail:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:workmail:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Route 53 Recovery Readiness":{"StringPrefix":"route53-recovery-readiness","Actions":["CreateCell","CreateCrossAccountAuthorization","CreateReadinessCheck","CreateRecoveryGroup","CreateResourceSet","DeleteCell","DeleteCrossAccountAuthorization","DeleteReadinessCheck","DeleteRecoveryGroup","DeleteResourceSet","GetArchitectureRecommendations","GetCell","GetCellReadinessSummary","GetReadinessCheck","GetReadinessCheckResourceStatus","GetReadinessCheckStatus","GetRecoveryGroup","GetRecoveryGroupReadinessSummary","GetResourceSet","ListCells","ListCrossAccountAuthorizations","ListReadinessChecks","ListRecoveryGroups","ListResourceSets","ListRules","ListTagsForResources","TagResource","UntagResource","UpdateCell","UpdateReadinessCheck","UpdateRecoveryGroup","UpdateResourceSet"],"ARNFormat":"arn:${Partition}:route53-recovery-readiness::${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:route53-recovery-readiness::.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS CodeBuild":{"StringPrefix":"codebuild","Actions":["BatchDeleteBuilds","BatchGetBuildBatches","BatchGetBuilds","BatchGetProjects","BatchGetReportGroups","BatchGetReports","BatchPutCodeCoverages","BatchPutTestCases","CreateProject","CreateReport","CreateReportGroup","CreateWebhook","DeleteBuildBatch","DeleteOAuthToken","DeleteProject","DeleteReport","DeleteReportGroup","DeleteResourcePolicy","DeleteSourceCredentials","DeleteWebhook","DescribeCodeCoverages","DescribeTestCases","GetReportGroupTrend","GetResourcePolicy","ImportSourceCredentials","InvalidateProjectCache","ListBuildBatches","ListBuildBatchesForProject","ListBuilds","ListBuildsForProject","ListConnectedOAuthAccounts","ListCuratedEnvironmentImages","ListProjects","ListReportGroups","ListReports","ListReportsForReportGroup","ListRepositories","ListSharedProjects","ListSharedReportGroups","ListSourceCredentials","PersistOAuthToken","PutResourcePolicy","RetryBuild","RetryBuildBatch","StartBuild","StartBuildBatch","StopBuild","StopBuildBatch","UpdateProject","UpdateProjectVisibility","UpdateReport","UpdateReportGroup","UpdateWebhook"],"ARNFormat":"arn:${Partition}:codebuild:${Region}:${Account}:build/${BuildId}","ARNRegex":"^arn:${Partition}:codebuild:.+:[0-9]+:.+/.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS IoT Analytics":{"StringPrefix":"iotanalytics","Actions":["BatchPutMessage","CancelPipelineReprocessing","CreateChannel","CreateDataset","CreateDatasetContent","CreateDatastore","CreatePipeline","DeleteChannel","DeleteDataset","DeleteDatasetContent","DeleteDatastore","DeletePipeline","DescribeChannel","DescribeDataset","DescribeDatastore","DescribeLoggingOptions","DescribePipeline","GetDatasetContent","ListChannels","ListDatasetContents","ListDatasets","ListDatastores","ListPipelines","ListTagsForResource","PutLoggingOptions","RunPipelineActivity","SampleChannelData","StartPipelineReprocessing","TagResource","UntagResource","UpdateChannel","UpdateDataset","UpdateDatastore","UpdatePipeline"],"ARNFormat":"arn:${Partition}:iotanalytics:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:iotanalytics:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","iotanalytics:ResourceTag/${TagKey}"],"HasResource":true},"Amazon Connect":{"StringPrefix":"connect","Actions":["AssociateApprovedOrigin","AssociateBot","AssociateCustomerProfilesDomain","AssociateDefaultVocabulary","AssociateInstanceStorageConfig","AssociateLambdaFunction","AssociateLexBot","AssociatePhoneNumberContactFlow","AssociateQueueQuickConnects","AssociateRoutingProfileQueues","AssociateSecurityKey","BatchAssociateAnalyticsDataSet","BatchDisassociateAnalyticsDataSet","ClaimPhoneNumber","CreateAgentStatus","CreateContactFlow","CreateContactFlowModule","CreateHoursOfOperation","CreateInstance","CreateIntegrationAssociation","CreateQueue","CreateQuickConnect","CreateRoutingProfile","CreateSecurityProfile","CreateUseCase","CreateUser","CreateUserHierarchyGroup","CreateVocabulary","DeleteContactFlow","DeleteContactFlowModule","DeleteHoursOfOperation","DeleteInstance","DeleteIntegrationAssociation","DeleteQuickConnect","DeleteSecurityProfile","DeleteUseCase","DeleteUser","DeleteUserHierarchyGroup","DeleteVocabulary","DescribeAgentStatus","DescribeContact","DescribeContactFlow","DescribeContactFlowModule","DescribeHoursOfOperation","DescribeInstance","DescribeInstanceAttribute","DescribeInstanceStorageConfig","DescribePhoneNumber","DescribeQueue","DescribeQuickConnect","DescribeRoutingProfile","DescribeSecurityProfile","DescribeUser","DescribeUserHierarchyGroup","DescribeUserHierarchyStructure","DescribeVocabulary","DisassociateApprovedOrigin","DisassociateBot","DisassociateCustomerProfilesDomain","DisassociateInstanceStorageConfig","DisassociateLambdaFunction","DisassociateLexBot","DisassociatePhoneNumberContactFlow","DisassociateQueueQuickConnects","DisassociateRoutingProfileQueues","DisassociateSecurityKey","GetContactAttributes","GetCurrentMetricData","GetFederationToken","GetFederationTokens","GetMetricData","ListAgentStatuses","ListApprovedOrigins","ListBots","ListContactFlowModules","ListContactFlows","ListContactReferences","ListDefaultVocabularies","ListHoursOfOperations","ListInstanceAttributes","ListInstanceStorageConfigs","ListInstances","ListIntegrationAssociations","ListLambdaFunctions","ListLexBots","ListPhoneNumbers","ListPhoneNumbersV2","ListPrompts","ListQueueQuickConnects","ListQueues","ListQuickConnects","ListRealtimeContactAnalysisSegments","ListRoutingProfileQueues","ListRoutingProfiles","ListSecurityKeys","ListSecurityProfilePermissions","ListSecurityProfiles","ListTagsForResource","ListUseCases","ListUserHierarchyGroups","ListUsers","PutUserStatus","ReleasePhoneNumber","ResumeContactRecording","SearchAvailablePhoneNumbers","SearchUsers","SearchVocabularies","StartChatContact","StartContactRecording","StartContactStreaming","StartOutboundVoiceContact","StartTaskContact","StopContact","StopContactRecording","StopContactStreaming","SuspendContactRecording","TagResource","UntagResource","UpdateAgentStatus","UpdateContact","UpdateContactAttributes","UpdateContactFlowContent","UpdateContactFlowMetadata","UpdateContactFlowModuleContent","UpdateContactFlowModuleMetadata","UpdateContactFlowName","UpdateContactSchedule","UpdateHoursOfOperation","UpdateInstanceAttribute","UpdateInstanceStorageConfig","UpdatePhoneNumber","UpdateQueueHoursOfOperation","UpdateQueueMaxContacts","UpdateQueueName","UpdateQueueOutboundCallerConfig","UpdateQueueStatus","UpdateQuickConnectConfig","UpdateQuickConnectName","UpdateRoutingProfileConcurrency","UpdateRoutingProfileDefaultOutboundQueue","UpdateRoutingProfileName","UpdateRoutingProfileQueues","UpdateSecurityProfile","UpdateUserHierarchy","UpdateUserHierarchyGroupName","UpdateUserHierarchyStructure","UpdateUserIdentityInfo","UpdateUserPhoneConfig","UpdateUserRoutingProfile","UpdateUserSecurityProfiles","UpdatedescribeContent"],"ARNFormat":"arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}","ARNRegex":"^arn:${Partition}:connect:.+:.+:instance/.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","connect:AttributeType","connect:InstanceId","connect:SearchTag/${TagKey}","connect:StorageResourceType"],"HasResource":true},"Amazon Pinpoint Email Service":{"StringPrefix":"ses","Actions":["CreateConfigurationSet","CreateConfigurationSetEventDestination","CreateDedicatedIpPool","CreateDeliverabilityTestReport","CreateEmailIdentity","DeleteConfigurationSet","DeleteConfigurationSetEventDestination","DeleteDedicatedIpPool","DeleteEmailIdentity","GetAccount","GetBlacklistReports","GetConfigurationSet","GetConfigurationSetEventDestinations","GetDedicatedIp","GetDedicatedIps","GetDeliverabilityDashboardOptions","GetDeliverabilityTestReport","GetDomainDeliverabilityCampaign","GetDomainStatisticsReport","GetEmailIdentity","ListConfigurationSets","ListDedicatedIpPools","ListDeliverabilityTestReports","ListDomainDeliverabilityCampaigns","ListEmailIdentities","ListTagsForResource","PutAccountDedicatedIpWarmupAttributes","PutAccountSendingAttributes","PutConfigurationSetDeliveryOptions","PutConfigurationSetReputationOptions","PutConfigurationSetSendingOptions","PutConfigurationSetTrackingOptions","PutDedicatedIpInPool","PutDedicatedIpWarmupAttributes","PutDeliverabilityDashboardOption","PutEmailIdentityDkimAttributes","PutEmailIdentityFeedbackAttributes","PutEmailIdentityMailFromAttributes","SendEmail","TagResource","UntagResource","UpdateConfigurationSetEventDestination"],"ARNFormat":"arn:${Partition}:ses:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:ses:.+:[0-9]+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ses:ApiVersion","ses:FeedbackAddress","ses:FromAddress","ses:FromDisplayName","ses:Recipients"],"HasResource":true},"Amazon Simple Email Service v2":{"StringPrefix":"ses","Actions":["CreateConfigurationSet","CreateConfigurationSetEventDestination","CreateContact","CreateContactList","CreateCustomVerificationEmailTemplate","CreateDedicatedIpPool","CreateDeliverabilityTestReport","CreateEmailIdentity","CreateEmailIdentityPolicy","CreateEmailTemplate","CreateImportJob","DeleteConfigurationSet","DeleteConfigurationSetEventDestination","DeleteContact","DeleteContactList","DeleteCustomVerificationEmailTemplate","DeleteDedicatedIpPool","DeleteEmailIdentity","DeleteEmailIdentityPolicy","DeleteEmailTemplate","DeleteSuppressedDestination","GetAccount","GetBlacklistReports","GetConfigurationSet","GetConfigurationSetEventDestinations","GetContact","GetContactList","GetCustomVerificationEmailTemplate","GetDedicatedIp","GetDedicatedIps","GetDeliverabilityDashboardOptions","GetDeliverabilityTestReport","GetDomainDeliverabilityCampaign","GetDomainStatisticsReport","GetEmailIdentity","GetEmailIdentityPolicies","GetEmailTemplate","GetImportJob","GetSuppressedDestination","ListConfigurationSets","ListContactLists","ListContacts","ListCustomVerificationEmailTemplates","ListDedicatedIpPools","ListDeliverabilityTestReports","ListDomainDeliverabilityCampaigns","ListEmailIdentities","ListEmailTemplates","ListImportJobs","ListSuppressedDestinations","ListTagsForResource","PutAccountDedicatedIpWarmupAttributes","PutAccountDetails","PutAccountSendingAttributes","PutAccountSuppressionAttributes","PutConfigurationSetDeliveryOptions","PutConfigurationSetReputationOptions","PutConfigurationSetSendingOptions","PutConfigurationSetSuppressionOptions","PutConfigurationSetTrackingOptions","PutDedicatedIpInPool","PutDedicatedIpWarmupAttributes","PutDeliverabilityDashboardOption","PutEmailIdentityConfigurationSetAttributes","PutEmailIdentityDkimAttributes","PutEmailIdentityDkimSigningAttributes","PutEmailIdentityFeedbackAttributes","PutEmailIdentityMailFromAttributes","PutSuppressedDestination","SendBulkEmail","SendCustomVerificationEmail","SendEmail","TagResource","TestRenderEmailTemplate","UntagResource","UpdateConfigurationSetEventDestination","UpdateContact","UpdateContactList","UpdateCustomVerificationEmailTemplate","UpdateEmailIdentityPolicy","UpdateEmailTemplate"],"ARNFormat":"arn:${Partition}:ses:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:ses:.+:[0-9]+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ses:ApiVersion","ses:FeedbackAddress","ses:FromAddress","ses:FromDisplayName","ses:Recipients"],"HasResource":true},"Amazon SES":{"StringPrefix":"ses","Actions":["CloneReceiptRuleSet","CreateConfigurationSet","CreateConfigurationSetEventDestination","CreateConfigurationSetTrackingOptions","CreateCustomVerificationEmailTemplate","CreateReceiptFilter","CreateReceiptRule","CreateReceiptRuleSet","CreateTemplate","DeleteConfigurationSet","DeleteConfigurationSetEventDestination","DeleteConfigurationSetTrackingOptions","DeleteCustomVerificationEmailTemplate","DeleteIdentity","DeleteIdentityPolicy","DeleteReceiptFilter","DeleteReceiptRule","DeleteReceiptRuleSet","DeleteTemplate","DeleteVerifiedEmailAddress","DescribeActiveReceiptRuleSet","DescribeConfigurationSet","DescribeReceiptRule","DescribeReceiptRuleSet","GetAccountSendingEnabled","GetCustomVerificationEmailTemplate","GetIdentityDkimAttributes","GetIdentityMailFromDomainAttributes","GetIdentityNotificationAttributes","GetIdentityPolicies","GetIdentityVerificationAttributes","GetSendQuota","GetSendStatistics","GetTemplate","ListConfigurationSets","ListCustomVerificationEmailTemplates","ListIdentities","ListIdentityPolicies","ListReceiptFilters","ListReceiptRuleSets","ListTemplates","ListVerifiedEmailAddresses","PutConfigurationSetDeliveryOptions","PutIdentityPolicy","ReorderReceiptRuleSet","SendBounce","SendBulkTemplatedEmail","SendCustomVerificationEmail","SendEmail","SendRawEmail","SendTemplatedEmail","SetActiveReceiptRuleSet","SetIdentityDkimEnabled","SetIdentityFeedbackForwardingEnabled","SetIdentityHeadersInNotificationsEnabled","SetIdentityMailFromDomain","SetIdentityNotificationTopic","SetReceiptRulePosition","TestRenderTemplate","UpdateAccountSendingEnabled","UpdateConfigurationSetEventDestination","UpdateConfigurationSetReputationMetricsEnabled","UpdateConfigurationSetSendingEnabled","UpdateConfigurationSetTrackingOptions","UpdateCustomVerificationEmailTemplate","UpdateReceiptRule","UpdateTemplate","VerifyDomainDkim","VerifyDomainIdentity","VerifyEmailAddress","VerifyEmailIdentity"],"ARNFormat":"arn:${Partition}:ses:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:ses:.+:[0-9]+:.+","conditionKeys":["ses:ApiVersion","ses:FeedbackAddress","ses:FromAddress","ses:FromDisplayName","ses:Recipients"],"HasResource":true},"AWS Cost Explorer Service":{"StringPrefix":"ce","Actions":["CreateAnomalyMonitor","CreateAnomalySubscription","CreateCostCategoryDefinition","CreateNotificationSubscription","CreateReport","DeleteAnomalyMonitor","DeleteAnomalySubscription","DeleteCostCategoryDefinition","DeleteNotificationSubscription","DeleteReport","DescribeCostCategoryDefinition","DescribeNotificationSubscription","DescribeReport","GetAnomalies","GetAnomalyMonitors","GetAnomalySubscriptions","GetCostAndUsage","GetCostAndUsageWithResources","GetCostCategories","GetCostForecast","GetDimensionValues","GetPreferences","GetReservationCoverage","GetReservationPurchaseRecommendation","GetReservationUtilization","GetRightsizingRecommendation","GetSavingsPlansCoverage","GetSavingsPlansPurchaseRecommendation","GetSavingsPlansUtilization","GetSavingsPlansUtilizationDetails","GetTags","GetUsageForecast","ListCostCategoryDefinitions","ListTagsForResource","ProvideAnomalyFeedback","TagResource","UntagResource","UpdateAnomalyMonitor","UpdateAnomalySubscription","UpdateCostCategoryDefinition","UpdateNotificationSubscription","UpdatePreferences","UpdateReport"],"ARNFormat":"arn:${Partition}:ce::${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:ce::.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Amplify Admin":{"StringPrefix":"amplifybackend","Actions":["CloneBackend","CreateBackend","CreateBackendAPI","CreateBackendAuth","CreateBackendConfig","CreateBackendStorage","CreateToken","DeleteBackend","DeleteBackendAPI","DeleteBackendAuth","DeleteBackendStorage","DeleteToken","GenerateBackendAPIModels","GetBackend","GetBackendAPI","GetBackendAPIModels","GetBackendAuth","GetBackendJob","GetBackendStorage","GetToken","ImportBackendAuth","ImportBackendStorage","ListBackendJobs","ListS3Buckets","RemoveAllBackends","RemoveBackendConfig","UpdateBackendAPI","UpdateBackendAuth","UpdateBackendConfig","UpdateBackendJob","UpdateBackendStorage"],"ARNFormat":"arn:aws:amplifybackend:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:amplifybackend:.+:.+:.+","HasResource":true},"Amazon CloudWatch Synthetics":{"StringPrefix":"synthetics","Actions":["CreateCanary","DeleteCanary","DescribeCanaries","DescribeCanariesLastRun","DescribeRuntimeVersions","GetCanary","GetCanaryRuns","ListTagsForResource","StartCanary","StopCanary","TagResource","UntagResource","UpdateCanary"],"ARNFormat":"arn:aws:synthetics:${Region}:${Account}:${ResourceType}:${ResourceName}","ARNRegex":"^arn:aws:synthetics:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","synthetics:Names"],"HasResource":true},"Amazon Elastic Inference":{"StringPrefix":"elastic-inference","Actions":["Connect","DescribeAcceleratorOfferings","DescribeAcceleratorTypes","DescribeAccelerators","ListTagsForResource","TagResource","UntagResource"],"ARNFormat":"arn:aws:elastic-inference:::elastic-inference-accelerator/","ARNRegex":"^arn:${Partition}:elastic-inference:.+","HasResource":true},"AWS Application Cost Profiler Service":{"StringPrefix":"application-cost-profiler","Actions":["DeleteReportDefinition","GetReportDefinition","ImportApplicationUsage","ListReportDefinitions","PutReportDefinition","UpdateReportDefinition"],"HasResource":false},"AWS Migration Hub Refactor Spaces":{"StringPrefix":"refactor-spaces","Actions":["CreateApplication","CreateEnvironment","CreateRoute","CreateService","DeleteApplication","DeleteEnvironment","DeleteResourcePolicy","DeleteRoute","DeleteService","GetApplication","GetEnvironment","GetResourcePolicy","GetRoute","GetService","ListApplications","ListEnvironmentVpcs","ListEnvironments","ListRoutes","ListServices","ListTagsForResource","PutResourcePolicy","TagResource","UntagResource"],"ARNFormat":"arn:aws:refactor-spaces:${Region}:${Account}:${ResourceType}/${RelativeId}","ARNRegex":"^arn:aws:refactor-spaces:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","refactor-spaces:ApplicationCreatedByAccount","refactor-spaces:CreatedByAccountIds","refactor-spaces:RouteCreatedByAccount","refactor-spaces:ServiceCreatedByAccount","refactor-spaces:SourcePath"],"HasResource":true},"AWS DeepLens":{"StringPrefix":"deeplens","Actions":["AssociateServiceRoleToAccount","BatchGetDevice","BatchGetModel","BatchGetProject","CreateDeviceCertificates","CreateModel","CreateProject","DeleteModel","DeleteProject","DeployProject","DeregisterDevice","GetAssociatedResources","GetDeploymentStatus","GetDevice","GetModel","GetProject","ImportProjectFromTemplate","ListDeployments","ListDevices","ListModels","ListProjects","RegisterDevice","RemoveProject","UpdateProject"],"ARNFormat":"arn:aws:deeplens:::/","ARNRegex":"^arn:aws:deeplens:.+:.+:.+","HasResource":true},"Amazon GameSparks":{"StringPrefix":"gamesparks","Actions":["CreateGame","CreateSnapshot","CreateStage","DeleteGame","DeleteStage","DisconnectPlayer","ExportSnapshot","GetExtension","GetExtensionVersion","GetGame","GetGameConfiguration","GetGeneratedCodeJob","GetPlayerConnectionStatus","GetSnapshot","GetStage","GetStageDeployment","ImportGameConfiguration","InvokeBackend","ListExtensionVersions","ListExtensions","ListGames","ListGeneratedCodeJobs","ListSnapshots","ListStageDeployments","ListStages","ListTagsForResource","StartGeneratedCodeJob","StartStageDeployment","TagResource","UntagResource","UpdateGame","UpdateGameConfiguration","UpdateSnapshot","UpdateStage"],"ARNFormat":"arn:aws:gamesparks:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:gamesparks:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon RDS Data API":{"StringPrefix":"rds-data","Actions":["BatchExecuteStatement","BeginTransaction","CommitTransaction","ExecuteSql","ExecuteStatement","RollbackTransaction"],"ARNFormat":"arn:aws:rds:${Region}:${Account}:${RelativeId}","ARNRegex":"^arn:aws:rds:.+","conditionKeys":["aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS SQL Workbench":{"StringPrefix":"sqlworkbench","Actions":["AssociateConnectionWithChart","AssociateConnectionWithTab","AssociateQueryWithTab","BatchDeleteFolder","CreateAccount","CreateChart","CreateConnection","CreateFolder","CreateSavedQuery","DeleteChart","DeleteConnection","DeleteSavedQuery","DeleteTab","DriverExecute","GenerateSession","GetAccountInfo","GetChart","GetConnection","GetSavedQuery","GetUserInfo","GetUserWorkspaceSettings","ListConnections","ListDatabases","ListFiles","ListRedshiftClusters","ListSampleDatabases","ListSavedQueryVersions","ListTabs","ListTaggedResources","ListTagsForResource","PutTab","PutUserWorkspaceSettings","TagResource","UntagResource","UpdateAccountExportSettings","UpdateChart","UpdateConnection","UpdateFileFolder","UpdateFolder","UpdateSavedQuery"],"ARNFormat":"arn:aws:sqlworkbench:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:sqlworkbench:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Inspector2":{"StringPrefix":"inspector2","Actions":["AssociateMember","BatchGetAccountStatus","BatchGetFreeTrialInfo","CancelFindingsReport","CreateFilter","CreateFindingsReport","DeleteFilter","DescribeOrganizationConfiguration","Disable","DisableDelegatedAdminAccount","DisassociateMember","Enable","EnableDelegatedAdminAccount","GetDelegatedAdminAccount","GetFindingsReportStatus","GetMember","ListAccountPermissions","ListCoverage","ListCoverageStatistics","ListDelegatedAdminAccounts","ListFilters","ListFindingAggregations","ListFindings","ListMembers","ListTagsForResource","ListUsageTotals","TagResource","UntagResource","UpdateFilter","UpdateOrganizationConfiguration"],"ARNFormat":"arn:aws:inspector2:${Region}:${Account}:.+","ARNRegex":"^arn:aws:inspector2:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS SSO Directory":{"StringPrefix":"sso-directory","Actions":["AddMemberToGroup","CompleteVirtualMfaDeviceRegistration","CompleteWebAuthnDeviceRegistration","CreateAlias","CreateBearerToken","CreateExternalIdPConfigurationForDirectory","CreateGroup","CreateProvisioningTenant","CreateUser","DeleteBearerToken","DeleteExternalIdPCertificate","DeleteExternalIdPConfigurationForDirectory","DeleteGroup","DeleteMfaDeviceForUser","DeleteProvisioningTenant","DeleteUser","DescribeDirectory","DescribeGroup","DescribeGroups","DescribeProvisioningTenant","DescribeUser","DescribeUserByUniqueAttribute","DescribeUsers","DisableExternalIdPConfigurationForDirectory","DisableUser","EnableExternalIdPConfigurationForDirectory","EnableUser","GetAWSSPConfigurationForDirectory","GetUserPoolInfo","ImportExternalIdPCertificate","IsMemberInGroup","ListBearerTokens","ListExternalIdPCertificates","ListExternalIdPConfigurationsForDirectory","ListGroupsForMember","ListGroupsForUser","ListMembersInGroup","ListMfaDevicesForUser","ListProvisioningTenants","RemoveMemberFromGroup","SearchGroups","SearchUsers","StartVirtualMfaDeviceRegistration","StartWebAuthnDeviceRegistration","UpdateExternalIdPConfigurationForDirectory","UpdateGroup","UpdateGroupDisplayName","UpdateMfaDeviceForUser","UpdatePassword","UpdateUser","UpdateUserName","VerifyEmail"],"ARNFormat":"arn:${Partition}:sso-directory:${Region}:${Account}:","ARNRegex":"^arn:${Partition}:sso-directory:${Region}:.+","HasResource":false},"AWS IoT Jobs DataPlane":{"StringPrefix":"iotjobsdata","Actions":["DescribeJobExecution","GetPendingJobExecutions","StartNextPendingJobExecution","UpdateJobExecution"],"ARNFormat":"arn:aws:iot:${Region}:${Account}:${Type}/${Name}","ARNRegex":"^arn:aws:iot:.+:[0-9]+:.+","conditionKeys":["iot:JobId"],"HasResource":true},"Amazon AppFlow":{"StringPrefix":"appflow","Actions":["CreateConnectorProfile","CreateFlow","DeleteConnectorProfile","DeleteFlow","DescribeConnector","DescribeConnectorEntity","DescribeConnectorFields","DescribeConnectorProfiles","DescribeConnectors","DescribeFlow","DescribeFlowExecution","DescribeFlowExecutionRecords","DescribeFlows","ListConnectorEntities","ListConnectorFields","ListConnectors","ListFlows","ListTagsForResource","RegisterConnector","RunFlow","StartFlow","StopFlow","TagResource","UnRegisterConnector","UntagResource","UpdateConnectorProfile","UpdateFlow","UseConnectorProfile"],"ARNFormat":"arn:aws:appflow:{Region}:{AccountId}:{ResourceType}/{ResourceName}","ARNRegex":"^arn:aws:appflow:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Trusted Advisor":{"StringPrefix":"trustedadvisor","Actions":["DescribeAccount","DescribeAccountAccess","DescribeCheckItems","DescribeCheckRefreshStatuses","DescribeCheckSummaries","DescribeChecks","DescribeNotificationPreferences","DescribeOrganization","DescribeOrganizationAccounts","DescribeReports","DescribeRisk","DescribeRiskResources","DescribeRisks","DescribeServiceMetadata","DownloadRisk","ExcludeCheckItems","GenerateReport","IncludeCheckItems","ListAccountsForParent","ListOrganizationalUnitsForParent","ListRoots","RefreshCheck","SetAccountAccess","SetOrganizationAccess","UpdateNotificationPreferences","UpdateRiskStatus"],"ARNFormat":"arn:${Partition}:trustedadvisor:*:${Account}:checks/${Category}/${CheckId}","ARNRegex":"^arn:${Partition}:trustedadvisor:*","HasResource":true},"AWS Config":{"StringPrefix":"config","Actions":["BatchGetAggregateResourceConfig","BatchGetResourceConfig","DeleteAggregationAuthorization","DeleteConfigRule","DeleteConfigurationAggregator","DeleteConfigurationRecorder","DeleteConformancePack","DeleteDeliveryChannel","DeleteEvaluationResults","DeleteOrganizationConfigRule","DeleteOrganizationConformancePack","DeletePendingAggregationRequest","DeleteRemediationConfiguration","DeleteRemediationExceptions","DeleteResourceConfig","DeleteRetentionConfiguration","DeleteStoredQuery","DeliverConfigSnapshot","DescribeAggregateComplianceByConfigRules","DescribeAggregateComplianceByConformancePacks","DescribeAggregationAuthorizations","DescribeComplianceByConfigRule","DescribeComplianceByResource","DescribeConfigRuleEvaluationStatus","DescribeConfigRules","DescribeConfigurationAggregatorSourcesStatus","DescribeConfigurationAggregators","DescribeConfigurationRecorderStatus","DescribeConfigurationRecorders","DescribeConformancePackCompliance","DescribeConformancePackStatus","DescribeConformancePacks","DescribeDeliveryChannelStatus","DescribeDeliveryChannels","DescribeOrganizationConfigRuleStatuses","DescribeOrganizationConfigRules","DescribeOrganizationConformancePackStatuses","DescribeOrganizationConformancePacks","DescribePendingAggregationRequests","DescribeRemediationConfigurations","DescribeRemediationExceptions","DescribeRemediationExecutionStatus","DescribeRetentionConfigurations","GetAggregateComplianceDetailsByConfigRule","GetAggregateConfigRuleComplianceSummary","GetAggregateConformancePackComplianceSummary","GetAggregateDiscoveredResourceCounts","GetAggregateResourceConfig","GetComplianceDetailsByConfigRule","GetComplianceDetailsByResource","GetComplianceSummaryByConfigRule","GetComplianceSummaryByResourceType","GetConformancePackComplianceDetails","GetConformancePackComplianceSummary","GetDiscoveredResourceCounts","GetOrganizationConfigRuleDetailedStatus","GetOrganizationConformancePackDetailedStatus","GetResourceConfigHistory","GetStoredQuery","ListAggregateDiscoveredResources","ListDiscoveredResources","ListStoredQueries","ListTagsForResource","PutAggregationAuthorization","PutConfigRule","PutConfigurationAggregator","PutConfigurationRecorder","PutConformancePack","PutDeliveryChannel","PutEvaluations","PutExternalEvaluation","PutOrganizationConfigRule","PutOrganizationConformancePack","PutRemediationConfigurations","PutRemediationExceptions","PutResourceConfig","PutRetentionConfiguration","PutStoredQuery","SelectAggregateResourceConfig","SelectResourceConfig","StartConfigRulesEvaluation","StartConfigurationRecorder","StartRemediationExecution","StopConfigurationRecorder","TagResource","UntagResource"],"ARNFormat":"arn:${Partition}:config:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:config:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon RDS":{"StringPrefix":"rds","Actions":["AddRoleToDBCluster","AddRoleToDBInstance","AddSourceIdentifierToSubscription","AddTagsToResource","ApplyPendingMaintenanceAction","AuthorizeDBSecurityGroupIngress","BacktrackDBCluster","CancelExportTask","CopyDBClusterParameterGroup","CopyDBClusterSnapshot","CopyDBParameterGroup","CopyDBSnapshot","CopyOptionGroup","CreateCustomDBEngineVersion","CreateDBCluster","CreateDBClusterEndpoint","CreateDBClusterParameterGroup","CreateDBClusterSnapshot","CreateDBInstance","CreateDBInstanceReadReplica","CreateDBParameterGroup","CreateDBProxy","CreateDBProxyEndpoint","CreateDBSecurityGroup","CreateDBSnapshot","CreateDBSubnetGroup","CreateEventSubscription","CreateGlobalCluster","CreateOptionGroup","CrossRegionCommunication","DeleteCustomDBEngineVersion","DeleteDBCluster","DeleteDBClusterEndpoint","DeleteDBClusterParameterGroup","DeleteDBClusterSnapshot","DeleteDBInstance","DeleteDBInstanceAutomatedBackup","DeleteDBParameterGroup","DeleteDBProxy","DeleteDBProxyEndpoint","DeleteDBSecurityGroup","DeleteDBSnapshot","DeleteDBSubnetGroup","DeleteEventSubscription","DeleteGlobalCluster","DeleteOptionGroup","DeregisterDBProxyTargets","DescribeAccountAttributes","DescribeCertificates","DescribeDBClusterBacktracks","DescribeDBClusterEndpoints","DescribeDBClusterParameterGroups","DescribeDBClusterParameters","DescribeDBClusterSnapshotAttributes","DescribeDBClusterSnapshots","DescribeDBClusters","DescribeDBEngineVersions","DescribeDBInstanceAutomatedBackups","DescribeDBInstances","DescribeDBLogFiles","DescribeDBParameterGroups","DescribeDBParameters","DescribeDBProxies","DescribeDBProxyEndpoints","DescribeDBProxyTargetGroups","DescribeDBProxyTargets","DescribeDBSecurityGroups","DescribeDBSnapshotAttributes","DescribeDBSnapshots","DescribeDBSubnetGroups","DescribeEngineDefaultClusterParameters","DescribeEngineDefaultParameters","DescribeEventCategories","DescribeEventSubscriptions","DescribeEvents","DescribeExportTasks","DescribeGlobalClusters","DescribeOptionGroupOptions","DescribeOptionGroups","DescribeOrderableDBInstanceOptions","DescribePendingMaintenanceActions","DescribeRecommendationGroups","DescribeRecommendations","DescribeReservedDBInstances","DescribeReservedDBInstancesOfferings","DescribeSourceRegions","DescribeValidDBInstanceModifications","DownloadCompleteDBLogFile","DownloadDBLogFilePortion","FailoverDBCluster","FailoverGlobalCluster","ListTagsForResource","ModifyCertificates","ModifyCurrentDBClusterCapacity","ModifyCustomDBEngineVersion","ModifyDBCluster","ModifyDBClusterEndpoint","ModifyDBClusterParameterGroup","ModifyDBClusterSnapshotAttribute","ModifyDBInstance","ModifyDBParameterGroup","ModifyDBProxy","ModifyDBProxyEndpoint","ModifyDBProxyTargetGroup","ModifyDBSnapshot","ModifyDBSnapshotAttribute","ModifyDBSubnetGroup","ModifyEventSubscription","ModifyGlobalCluster","ModifyOptionGroup","ModifyRecommendation","PromoteReadReplica","PromoteReadReplicaDBCluster","PurchaseReservedDBInstancesOffering","RebootDBCluster","RebootDBInstance","RegisterDBProxyTargets","RemoveFromGlobalCluster","RemoveRoleFromDBCluster","RemoveRoleFromDBInstance","RemoveSourceIdentifierFromSubscription","RemoveTagsFromResource","ResetDBClusterParameterGroup","ResetDBParameterGroup","RestoreDBClusterFromS3","RestoreDBClusterFromSnapshot","RestoreDBClusterToPointInTime","RestoreDBInstanceFromDBSnapshot","RestoreDBInstanceFromS3","RestoreDBInstanceToPointInTime","RevokeDBSecurityGroupIngress","StartActivityStream","StartDBCluster","StartDBInstance","StartDBInstanceAutomatedBackupsReplication","StartExportTask","StopActivityStream","StopDBCluster","StopDBInstance","StopDBInstanceAutomatedBackupsReplication"],"ARNFormat":"arn:aws:rds:${Region}:${Account}:${RelativeId}","ARNRegex":"^arn:aws:rds:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","rds:BackupTarget","rds:DatabaseClass","rds:DatabaseEngine","rds:DatabaseName","rds:EndpointType","rds:MultiAz","rds:Piops","rds:StorageEncrypted","rds:StorageSize","rds:Vpc","rds:cluster-pg-tag/${TagKey}","rds:cluster-snapshot-tag/${TagKey}","rds:cluster-tag/${TagKey}","rds:db-tag/${TagKey}","rds:es-tag/${TagKey}","rds:og-tag/${TagKey}","rds:pg-tag/${TagKey}","rds:req-tag/${TagKey}","rds:ri-tag/${TagKey}","rds:secgrp-tag/${TagKey}","rds:snapshot-tag/${TagKey}","rds:subgrp-tag/${TagKey}"],"HasResource":true},"Amazon Simple Workflow Service":{"StringPrefix":"swf","Actions":["CancelTimer","CancelWorkflowExecution","CompleteWorkflowExecution","ContinueAsNewWorkflowExecution","CountClosedWorkflowExecutions","CountOpenWorkflowExecutions","CountPendingActivityTasks","CountPendingDecisionTasks","DeprecateActivityType","DeprecateDomain","DeprecateWorkflowType","DescribeActivityType","DescribeDomain","DescribeWorkflowExecution","DescribeWorkflowType","FailWorkflowExecution","GetWorkflowExecutionHistory","ListActivityTypes","ListClosedWorkflowExecutions","ListDomains","ListOpenWorkflowExecutions","ListTagsForResource","ListWorkflowTypes","PollForActivityTask","PollForDecisionTask","RecordActivityTaskHeartbeat","RecordMarker","RegisterActivityType","RegisterDomain","RegisterWorkflowType","RequestCancelActivityTask","RequestCancelExternalWorkflowExecution","RequestCancelWorkflowExecution","RespondActivityTaskCanceled","RespondActivityTaskCompleted","RespondActivityTaskFailed","RespondDecisionTaskCompleted","ScheduleActivityTask","SignalExternalWorkflowExecution","SignalWorkflowExecution","StartChildWorkflowExecution","StartTimer","StartWorkflowExecution","TagResource","TerminateWorkflowExecution","UndeprecateActivityType","UndeprecateDomain","UndeprecateWorkflowType","UntagResource"],"ARNFormat":"arn:aws:swf:${Region}:${Account}:/domain/${DomainName}","ARNRegex":"^arn:aws:swf:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","swf:activityType.name","swf:activityType.version","swf:defaultTaskList.name","swf:name","swf:tagFilter.tag","swf:tagList.member.0","swf:tagList.member.1","swf:tagList.member.2","swf:tagList.member.3","swf:tagList.member.4","swf:taskList.name","swf:typeFilter.name","swf:typeFilter.version","swf:version","swf:workflowType.name","swf:workflowType.version"],"HasResource":true},"Amazon Macie Classic":{"StringPrefix":"macie","Actions":["AssociateMemberAccount","AssociateS3Resources","DisassociateMemberAccount","DisassociateS3Resources","ListMemberAccounts","ListS3Resources","UpdateS3Resources"],"conditionKeys":["aws:SourceArn"],"HasResource":false},"AWS AppSync":{"StringPrefix":"appsync","Actions":["AssociateApi","CreateApiCache","CreateApiKey","CreateDataSource","CreateDomainName","CreateFunction","CreateGraphqlApi","CreateResolver","CreateType","DeleteApiCache","DeleteApiKey","DeleteDataSource","DeleteDomainName","DeleteFunction","DeleteGraphqlApi","DeleteResolver","DeleteType","DisassociateApi","FlushApiCache","GetApiAssociation","GetApiCache","GetDataSource","GetDomainName","GetFunction","GetGraphqlApi","GetIntrospectionSchema","GetResolver","GetSchemaCreationStatus","GetType","GraphQL","ListApiKeys","ListDataSources","ListDomainNames","ListFunctions","ListGraphqlApis","ListResolvers","ListResolversByFunction","ListTagsForResource","ListTypes","SetWebACL","StartSchemaCreation","TagResource","UntagResource","UpdateApiCache","UpdateApiKey","UpdateDataSource","UpdateDomainName","UpdateFunction","UpdateGraphqlApi","UpdateResolver","UpdateType"],"ARNFormat":"arn:aws:appsync:${Region}:${AccountId}>:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:aws:appsync:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Certificate Manager":{"StringPrefix":"acm","Actions":["AddTagsToCertificate","DeleteCertificate","DescribeCertificate","ExportCertificate","GetAccountConfiguration","GetCertificate","ImportCertificate","ListCertificates","ListTagsForCertificate","PutAccountConfiguration","RemoveTagsFromCertificate","RenewCertificate","RequestCertificate","ResendValidationEmail","UpdateCertificateOptions"],"ARNFormat":"arn:aws:acm:${Region}:${AccountId}:${ArnType}/${ResourceId}","ARNRegex":"^arn:aws:acm:.+:[0-9]+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Systems Manager Incident Manager":{"StringPrefix":"ssm-incidents","Actions":["CreateReplicationSet","CreateResponsePlan","CreateTimelineEvent","DeleteIncidentRecord","DeleteReplicationSet","DeleteResourcePolicy","DeleteResponsePlan","DeleteTimelineEvent","GetIncidentRecord","GetReplicationSet","GetResourcePolicies","GetResponsePlan","GetTimelineEvent","ListIncidentRecords","ListRelatedItems","ListReplicationSets","ListResponsePlans","ListTagsForResource","ListTimelineEvents","PutResourcePolicy","StartIncident","TagResource","UntagResource","UpdateDeletionProtection","UpdateIncidentRecord","UpdateRelatedItems","UpdateReplicationSet","UpdateResponsePlan","UpdateTimelineEvent"],"ARNFormat":"arn:${Partition}:ssm-incidents::${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:ssm-incidents::.+:.+","HasResource":true},"AWS X-Ray":{"StringPrefix":"xray","Actions":["BatchGetTraces","CreateGroup","CreateSamplingRule","DeleteGroup","DeleteSamplingRule","GetEncryptionConfig","GetGroup","GetGroups","GetInsight","GetInsightEvents","GetInsightImpactGraph","GetInsightSummaries","GetSamplingRules","GetSamplingStatisticSummaries","GetSamplingTargets","GetServiceGraph","GetTimeSeriesServiceStatistics","GetTraceGraph","GetTraceSummaries","ListTagsForResource","PutEncryptionConfig","PutTelemetryRecords","PutTraceSegments","TagResource","UntagResource","UpdateGroup","UpdateSamplingRule"],"ARNFormat":"arn:${Partition}:xray:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:xray:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS CloudWatch RUM":{"StringPrefix":"rum","Actions":["CreateAppMonitor","DeleteAppMonitor","GetAppMonitor","GetAppMonitorData","ListAppMonitors","ListTagsForResource","PutRumEvents","TagResource","UntagResource","UpdateAppMonitor"],"ARNFormat":"arn:${Partition}:rum:${Region}:${Account}:appmonitor/${Name}","ARNRegex":"^arn:${Partition}:rum:${Region}:${Account}:appmonitor/.+?","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon CloudFront":{"StringPrefix":"cloudfront","Actions":["AssociateAlias","CreateCachePolicy","CreateCloudFrontOriginAccessIdentity","CreateDistribution","CreateFieldLevelEncryptionConfig","CreateFieldLevelEncryptionProfile","CreateFunction","CreateInvalidation","CreateKeyGroup","CreateMonitoringSubscription","CreateOriginRequestPolicy","CreatePublicKey","CreateRealtimeLogConfig","CreateResponseHeadersPolicy","CreateStreamingDistribution","CreateStreamingDistributionWithTags","DeleteCachePolicy","DeleteCloudFrontOriginAccessIdentity","DeleteDistribution","DeleteFieldLevelEncryptionConfig","DeleteFieldLevelEncryptionProfile","DeleteFunction","DeleteKeyGroup","DeleteMonitoringSubscription","DeleteOriginRequestPolicy","DeletePublicKey","DeleteRealtimeLogConfig","DeleteResponseHeadersPolicy","DeleteStreamingDistribution","DescribeFunction","GetCachePolicy","GetCachePolicyConfig","GetCloudFrontOriginAccessIdentity","GetCloudFrontOriginAccessIdentityConfig","GetDistribution","GetDistributionConfig","GetFieldLevelEncryption","GetFieldLevelEncryptionConfig","GetFieldLevelEncryptionProfile","GetFieldLevelEncryptionProfileConfig","GetFunction","GetInvalidation","GetKeyGroup","GetKeyGroupConfig","GetMonitoringSubscription","GetOriginRequestPolicy","GetOriginRequestPolicyConfig","GetPublicKey","GetPublicKeyConfig","GetRealtimeLogConfig","GetResponseHeadersPolicy","GetResponseHeadersPolicyConfig","GetStreamingDistribution","GetStreamingDistributionConfig","ListCachePolicies","ListCloudFrontOriginAccessIdentities","ListConflictingAliases","ListDistributions","ListDistributionsByCachePolicyId","ListDistributionsByKeyGroup","ListDistributionsByLambdaFunction","ListDistributionsByOriginRequestPolicyId","ListDistributionsByRealtimeLogConfig","ListDistributionsByResponseHeadersPolicyId","ListDistributionsByWebACLId","ListFieldLevelEncryptionConfigs","ListFieldLevelEncryptionProfiles","ListFunctions","ListInvalidations","ListKeyGroups","ListOriginRequestPolicies","ListPublicKeys","ListRealtimeLogConfigs","ListResponseHeadersPolicies","ListStreamingDistributions","ListTagsForResource","PublishFunction","TagResource","TestFunction","UntagResource","UpdateCachePolicy","UpdateCloudFrontOriginAccessIdentity","UpdateDistribution","UpdateFieldLevelEncryptionConfig","UpdateFieldLevelEncryptionProfile","UpdateFunction","UpdateKeyGroup","UpdateOriginRequestPolicy","UpdatePublicKey","UpdateRealtimeLogConfig","UpdateResponseHeadersPolicy","UpdateStreamingDistribution"],"ARNFormat":"arn:${Partition}:cloudfront::${AccountId}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:cloudfront::[0-9]+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Elastic Kubernetes Service":{"StringPrefix":"eks","Actions":["AccessKubernetesApi","AssociateEncryptionConfig","AssociateIdentityProviderConfig","CreateAddon","CreateCluster","CreateFargateProfile","CreateNodegroup","DeleteAddon","DeleteCluster","DeleteFargateProfile","DeleteNodegroup","DeregisterCluster","DescribeAddon","DescribeAddonVersions","DescribeCluster","DescribeFargateProfile","DescribeIdentityProviderConfig","DescribeNodegroup","DescribeUpdate","DisassociateIdentityProviderConfig","ListAddons","ListClusters","ListFargateProfiles","ListIdentityProviderConfigs","ListNodegroups","ListTagsForResource","ListUpdates","RegisterCluster","TagResource","UntagResource","UpdateAddon","UpdateClusterConfig","UpdateClusterVersion","UpdateNodegroupConfig","UpdateNodegroupVersion"],"ARNFormat":"arn:aws:eks:${Region}:${Account}:${ResourceType}/${RelativeId}","ARNRegex":"^arn:aws:eks:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","eks:clientId","eks:issuerUrl"],"HasResource":true},"AWS Identity Synchronization Service":{"StringPrefix":"identity-sync","Actions":["CreateSyncFilter","CreateSyncProfile","CreateSyncTarget","DeleteSyncFilter","DeleteSyncProfile","DeleteSyncTarget","GetSyncProfile","GetSyncTarget","ListSyncFilters","StartSync","StopSync","UpdateSyncTarget"],"ARNFormat":"^arn:${Partition}:identity-sync:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:${Partition}:identity-sync:.+:.+:.+","HasResource":true},"AWS Firewall Manager":{"StringPrefix":"fms","Actions":["AssociateAdminAccount","AssociateThirdPartyFirewall","DeleteAppsList","DeleteNotificationChannel","DeletePolicy","DeleteProtocolsList","DisassociateAdminAccount","DisassociateThirdPartyFirewall","GetAdminAccount","GetAppsList","GetComplianceDetail","GetNotificationChannel","GetPolicy","GetProtectionStatus","GetProtocolsList","GetThirdPartyFirewallAssociationStatus","GetViolationDetails","ListAppsLists","ListComplianceStatus","ListMemberAccounts","ListPolicies","ListProtocolsLists","ListTagsForResource","ListThirdPartyFirewallFirewallPolicies","PutAppsList","PutNotificationChannel","PutPolicy","PutProtocolsList","TagResource","UntagResource"],"ARNFormat":"arn:${Partition}:fms:${Region}:${Account}:${Resource}/${Id}","ARNRegex":"^arn:${Partition}:fms:.+:[0-9]+:.+/.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Kinesis":{"StringPrefix":"kinesis","Actions":["AddTagsToStream","CreateStream","DecreaseStreamRetentionPeriod","DeleteStream","DeregisterStreamConsumer","DescribeLimits","DescribeStream","DescribeStreamConsumer","DescribeStreamSummary","DisableEnhancedMonitoring","EnableEnhancedMonitoring","GetRecords","GetShardIterator","IncreaseStreamRetentionPeriod","ListShards","ListStreamConsumers","ListStreams","ListTagsForStream","MergeShards","PutRecord","PutRecords","RegisterStreamConsumer","RemoveTagsFromStream","SplitShard","StartStreamEncryption","StopStreamEncryption","SubscribeToShard","UpdateShardCount","UpdateStreamMode"],"ARNFormat":"arn:${Partition}:kinesis:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:kinesis:.+","HasResource":true},"AWS Billing":{"StringPrefix":"aws-portal","Actions":["ModifyAccount","ModifyBilling","ModifyPaymentMethods","ViewAccount","ViewBilling","ViewPaymentMethods","ViewUsage"],"HasResource":false},"AWS Directory Service":{"StringPrefix":"ds","Actions":["AcceptSharedDirectory","AddIpRoutes","AddRegion","AddTagsToResource","AuthorizeApplication","CancelSchemaExtension","CheckAlias","ConnectDirectory","CreateAlias","CreateComputer","CreateConditionalForwarder","CreateDirectory","CreateIdentityPoolDirectory","CreateLogSubscription","CreateMicrosoftAD","CreateSnapshot","CreateTrust","DeleteConditionalForwarder","DeleteDirectory","DeleteLogSubscription","DeleteSnapshot","DeleteTrust","DeregisterCertificate","DeregisterEventTopic","DescribeCertificate","DescribeClientAuthenticationSettings","DescribeConditionalForwarders","DescribeDirectories","DescribeDomainControllers","DescribeEventTopics","DescribeLDAPSSettings","DescribeRegions","DescribeSharedDirectories","DescribeSnapshots","DescribeTrusts","DisableClientAuthentication","DisableLDAPS","DisableRadius","DisableSso","EnableClientAuthentication","EnableLDAPS","EnableRadius","EnableSso","GetAuthorizedApplicationDetails","GetDirectoryLimits","GetSnapshotLimits","ListAuthorizedApplications","ListCertificates","ListIpRoutes","ListLogSubscriptions","ListSchemaExtensions","ListTagsForResource","RegisterCertificate","RegisterEventTopic","RejectSharedDirectory","RemoveIpRoutes","RemoveRegion","RemoveTagsFromResource","ResetUserPassword","RestoreFromSnapshot","ShareDirectory","StartSchemaExtension","UnauthorizeApplication","UnshareDirectory","UpdateConditionalForwarder","UpdateNumberOfDomainControllers","UpdateRadius","UpdateTrust","VerifyTrust"],"ARNFormat":"arn:${Partition}:ds:${Region}:${Account}:${RelativeId}","ARNRegex":"^arn:${Partition}:ds:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS IoT SiteWise":{"StringPrefix":"iotsitewise","Actions":["AssociateAssets","AssociateTimeSeriesToAssetProperty","BatchAssociateProjectAssets","BatchDisassociateProjectAssets","BatchGetAssetPropertyAggregates","BatchGetAssetPropertyValue","BatchGetAssetPropertyValueHistory","BatchPutAssetPropertyValue","CreateAccessPolicy","CreateAsset","CreateAssetModel","CreateDashboard","CreateGateway","CreatePortal","CreateProject","DeleteAccessPolicy","DeleteAsset","DeleteAssetModel","DeleteDashboard","DeleteGateway","DeletePortal","DeleteProject","DeleteTimeSeries","DescribeAccessPolicy","DescribeAsset","DescribeAssetModel","DescribeAssetProperty","DescribeDashboard","DescribeDefaultEncryptionConfiguration","DescribeGateway","DescribeGatewayCapabilityConfiguration","DescribeLoggingOptions","DescribePortal","DescribeProject","DescribeStorageConfiguration","DescribeTimeSeries","DisassociateAssets","DisassociateTimeSeriesFromAssetProperty","GetAssetPropertyAggregates","GetAssetPropertyValue","GetAssetPropertyValueHistory","GetInterpolatedAssetPropertyValues","ListAccessPolicies","ListAssetModels","ListAssetRelationships","ListAssets","ListAssociatedAssets","ListDashboards","ListGateways","ListPortals","ListProjectAssets","ListProjects","ListTagsForResource","ListTimeSeries","PutDefaultEncryptionConfiguration","PutLoggingOptions","PutStorageConfiguration","TagResource","UntagResource","UpdateAccessPolicy","UpdateAsset","UpdateAssetModel","UpdateAssetModelPropertyRouting","UpdateAssetProperty","UpdateDashboard","UpdateGateway","UpdateGatewayCapabilityConfiguration","UpdatePortal","UpdateProject"],"ARNFormat":"arn:${Partition}:iotsitewise:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:iotsitewise:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","iotsitewise:assetHierarchyPath","iotsitewise:childAssetId","iotsitewise:group","iotsitewise:iam","iotsitewise:isAssociatedWithAssetProperty","iotsitewise:portal","iotsitewise:project","iotsitewise:propertyAlias","iotsitewise:propertyId","iotsitewise:user"],"HasResource":true},"AWS CodeStar Notifications":{"StringPrefix":"codestar-notifications","Actions":["CreateNotificationRule","DeleteNotificationRule","DeleteTarget","DescribeNotificationRule","ListEventTypes","ListNotificationRules","ListTagsForResource","ListTargets","Subscribe","TagResource","Unsubscribe","UntagResource","UpdateNotificationRule"],"ARNFormat":"arn:aws:codestar-notifications:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:codestar-notifications:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","codestar-notifications:NotificationsForResource"],"HasResource":true},"Amazon Fraud Detector":{"StringPrefix":"frauddetector","Actions":["BatchCreateVariable","BatchGetVariable","CancelBatchImportJob","CancelBatchPredictionJob","CreateBatchImportJob","CreateBatchPredictionJob","CreateDetectorVersion","CreateModel","CreateModelVersion","CreateRule","CreateVariable","DeleteBatchImportJob","DeleteBatchPredictionJob","DeleteDetector","DeleteDetectorVersion","DeleteEntityType","DeleteEvent","DeleteEventType","DeleteEventsByEventType","DeleteExternalModel","DeleteLabel","DeleteModel","DeleteModelVersion","DeleteOutcome","DeleteRule","DeleteVariable","DescribeDetector","DescribeModelVersions","GetBatchImportJobs","GetBatchPredictionJobs","GetDeleteEventsByEventTypeStatus","GetDetectorVersion","GetDetectors","GetEntityTypes","GetEvent","GetEventPrediction","GetEventPredictionMetadata","GetEventTypes","GetExternalModels","GetKMSEncryptionKey","GetLabels","GetModelVersion","GetModels","GetOutcomes","GetRules","GetVariables","ListEventPredictions","ListTagsForResource","PutDetector","PutEntityType","PutEventType","PutExternalModel","PutKMSEncryptionKey","PutLabel","PutOutcome","SendEvent","TagResource","UntagResource","UpdateDetectorVersion","UpdateDetectorVersionMetadata","UpdateDetectorVersionStatus","UpdateEventLabel","UpdateModel","UpdateModelVersion","UpdateModelVersionStatus","UpdateRuleMetadata","UpdateRuleVersion","UpdateVariable"],"ARNFormat":"arn:aws:frauddetector:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:.+:frauddetector:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS CodeStar Connections":{"StringPrefix":"codestar-connections","Actions":["CreateConnection","CreateHost","DeleteConnection","DeleteHost","GetConnection","GetHost","GetIndividualAccessToken","GetInstallationUrl","ListConnections","ListHosts","ListInstallationTargets","ListTagsForResource","PassConnection","RegisterAppCode","StartAppRegistrationHandshake","StartOAuthHandshake","TagResource","UntagResource","UpdateConnectionInstallation","UpdateHost","UseConnection"],"ARNFormat":"arn:aws:codestar-connections:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:codestar-connections:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","codestar-connections:BranchName","codestar-connections:FullRepositoryId","codestar-connections:HostArn","codestar-connections:InstallationId","codestar-connections:OwnerId","codestar-connections:PassedToService","codestar-connections:ProviderAction","codestar-connections:ProviderPermissionsRequired","codestar-connections:ProviderType","codestar-connections:ProviderTypeFilter","codestar-connections:RepositoryName"],"HasResource":true},"Amazon WorkSpaces":{"StringPrefix":"workspaces","Actions":["AssociateConnectionAlias","AssociateIpGroups","AuthorizeIpRules","CopyWorkspaceImage","CreateConnectClientAddIn","CreateConnectionAlias","CreateIpGroup","CreateTags","CreateUpdatedWorkspaceImage","CreateWorkspaceBundle","CreateWorkspaces","DeleteClientBranding","DeleteConnectClientAddIn","DeleteConnectionAlias","DeleteIpGroup","DeleteTags","DeleteWorkspaceBundle","DeleteWorkspaceImage","DeregisterWorkspaceDirectory","DescribeAccount","DescribeAccountModifications","DescribeClientBranding","DescribeClientProperties","DescribeConnectClientAddIns","DescribeConnectionAliasPermissions","DescribeConnectionAliases","DescribeIpGroups","DescribeTags","DescribeWorkspaceBundles","DescribeWorkspaceDirectories","DescribeWorkspaceImagePermissions","DescribeWorkspaceImages","DescribeWorkspaceSnapshots","DescribeWorkspaces","DescribeWorkspacesConnectionStatus","DisassociateConnectionAlias","DisassociateIpGroups","ImportClientBranding","ImportWorkspaceImage","ListAvailableManagementCidrRanges","MigrateWorkspace","ModifyAccount","ModifyClientProperties","ModifySelfservicePermissions","ModifyWorkspaceAccessProperties","ModifyWorkspaceCreationProperties","ModifyWorkspaceProperties","ModifyWorkspaceState","RebootWorkspaces","RebuildWorkspaces","RegisterWorkspaceDirectory","RestoreWorkspace","RevokeIpRules","StartWorkspaces","StopWorkspaces","TerminateWorkspaces","UpdateConnectClientAddIn","UpdateConnectionAliasPermission","UpdateRulesOfIpGroup","UpdateWorkspaceBundle","UpdateWorkspaceImagePermission"],"ARNFormat":"arn:aws:workspaces:*:*","ARNRegex":"^arn:aws:workspaces:(.*)","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Lookout for Vision":{"StringPrefix":"lookoutvision","Actions":["CreateDataset","CreateModel","CreateProject","DeleteDataset","DeleteModel","DeleteProject","DescribeDataset","DescribeModel","DescribeModelPackagingJob","DescribeProject","DescribeTrialDetection","DetectAnomalies","ListDatasetEntries","ListModelPackagingJobs","ListModels","ListProjects","ListTagsForResource","ListTrialDetections","StartModel","StartModelPackagingJob","StartTrialDetection","StopModel","TagResource","UntagResource","UpdateDatasetEntries"],"ARNFormat":"arn:aws:lookoutvision:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:lookoutvision:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Chime":{"StringPrefix":"chime","Actions":["AcceptDelegate","ActivateUsers","AddDomain","AddOrUpdateGroups","AssociateChannelFlow","AssociatePhoneNumberWithUser","AssociatePhoneNumbersWithVoiceConnector","AssociatePhoneNumbersWithVoiceConnectorGroup","AssociateSigninDelegateGroupsWithAccount","AuthorizeDirectory","BatchCreateAttendee","BatchCreateChannelMembership","BatchCreateRoomMembership","BatchDeletePhoneNumber","BatchSuspendUser","BatchUnsuspendUser","BatchUpdatePhoneNumber","BatchUpdateUser","ChannelFlowCallback","Connect","ConnectDirectory","CreateAccount","CreateApiKey","CreateAppInstance","CreateAppInstanceAdmin","CreateAppInstanceUser","CreateAttendee","CreateBot","CreateBotMembership","CreateCDRBucket","CreateChannel","CreateChannelBan","CreateChannelFlow","CreateChannelMembership","CreateChannelModerator","CreateMediaCapturePipeline","CreateMeeting","CreateMeetingDialOut","CreateMeetingWithAttendees","CreatePhoneNumberOrder","CreateProxySession","CreateRoom","CreateRoomMembership","CreateSipMediaApplication","CreateSipMediaApplicationCall","CreateSipRule","CreateUser","CreateVoiceConnector","CreateVoiceConnectorGroup","DeleteAccount","DeleteAccountOpenIdConfig","DeleteApiKey","DeleteAppInstance","DeleteAppInstanceAdmin","DeleteAppInstanceStreamingConfigurations","DeleteAppInstanceUser","DeleteAttendee","DeleteCDRBucket","DeleteChannel","DeleteChannelBan","DeleteChannelFlow","DeleteChannelMembership","DeleteChannelMessage","DeleteChannelModerator","DeleteDelegate","DeleteDomain","DeleteEventsConfiguration","DeleteGroups","DeleteMediaCapturePipeline","DeleteMeeting","DeletePhoneNumber","DeleteProxySession","DeleteRoom","DeleteRoomMembership","DeleteSipMediaApplication","DeleteSipRule","DeleteVoiceConnector","DeleteVoiceConnectorEmergencyCallingConfiguration","DeleteVoiceConnectorGroup","DeleteVoiceConnectorOrigination","DeleteVoiceConnectorProxy","DeleteVoiceConnectorStreamingConfiguration","DeleteVoiceConnectorTermination","DeleteVoiceConnectorTerminationCredentials","DeregisterAppInstanceUserEndpoint","DescribeAppInstance","DescribeAppInstanceAdmin","DescribeAppInstanceUser","DescribeAppInstanceUserEndpoint","DescribeChannel","DescribeChannelBan","DescribeChannelFlow","DescribeChannelMembership","DescribeChannelMembershipForAppInstanceUser","DescribeChannelModeratedByAppInstanceUser","DescribeChannelModerator","DisassociateChannelFlow","DisassociatePhoneNumberFromUser","DisassociatePhoneNumbersFromVoiceConnector","DisassociatePhoneNumbersFromVoiceConnectorGroup","DisassociateSigninDelegateGroupsFromAccount","DisconnectDirectory","GetAccount","GetAccountResource","GetAccountSettings","GetAccountWithOpenIdConfig","GetAppInstanceRetentionSettings","GetAppInstanceStreamingConfigurations","GetAttendee","GetBot","GetCDRBucket","GetChannelMembershipPreferences","GetChannelMessage","GetChannelMessageStatus","GetDomain","GetEventsConfiguration","GetGlobalSettings","GetMediaCapturePipeline","GetMeeting","GetMeetingDetail","GetMessagingSessionEndpoint","GetPhoneNumber","GetPhoneNumberOrder","GetPhoneNumberSettings","GetProxySession","GetRetentionSettings","GetRoom","GetSipMediaApplication","GetSipMediaApplicationLoggingConfiguration","GetSipRule","GetTelephonyLimits","GetUser","GetUserActivityReportData","GetUserByEmail","GetUserSettings","GetVoiceConnector","GetVoiceConnectorEmergencyCallingConfiguration","GetVoiceConnectorGroup","GetVoiceConnectorLoggingConfiguration","GetVoiceConnectorOrigination","GetVoiceConnectorProxy","GetVoiceConnectorStreamingConfiguration","GetVoiceConnectorTermination","GetVoiceConnectorTerminationHealth","InviteDelegate","InviteUsers","InviteUsersFromProvider","ListAccountUsageReportData","ListAccounts","ListApiKeys","ListAppInstanceAdmins","ListAppInstanceUserEndpoints","ListAppInstanceUsers","ListAppInstances","ListAttendeeTags","ListAttendees","ListBots","ListCDRBucket","ListCallingRegions","ListChannelBans","ListChannelFlows","ListChannelMemberships","ListChannelMembershipsForAppInstanceUser","ListChannelMessages","ListChannelModerators","ListChannels","ListChannelsAssociatedWithChannelFlow","ListChannelsModeratedByAppInstanceUser","ListDelegates","ListDirectories","ListDomains","ListGroups","ListMediaCapturePipelines","ListMeetingEvents","ListMeetingTags","ListMeetings","ListMeetingsReportData","ListPhoneNumberOrders","ListPhoneNumbers","ListProxySessions","ListRoomMemberships","ListRooms","ListSipMediaApplications","ListSipRules","ListSupportedPhoneNumberCountries","ListTagsForResource","ListUsers","ListVoiceConnectorGroups","ListVoiceConnectorTerminationCredentials","ListVoiceConnectors","LogoutUser","PutAppInstanceRetentionSettings","PutAppInstanceStreamingConfigurations","PutChannelMembershipPreferences","PutEventsConfiguration","PutRetentionSettings","PutSipMediaApplicationLoggingConfiguration","PutVoiceConnectorEmergencyCallingConfiguration","PutVoiceConnectorLoggingConfiguration","PutVoiceConnectorOrigination","PutVoiceConnectorProxy","PutVoiceConnectorStreamingConfiguration","PutVoiceConnectorTermination","PutVoiceConnectorTerminationCredentials","RedactChannelMessage","RedactConversationMessage","RedactRoomMessage","RegenerateSecurityToken","RegisterAppInstanceUserEndpoint","RenameAccount","RenewDelegate","ResetAccountResource","ResetPersonalPIN","RestorePhoneNumber","RetrieveDataExports","SearchAvailablePhoneNumbers","SendChannelMessage","StartDataExport","StartMeetingTranscription","StopMeetingTranscription","SubmitSupportRequest","SuspendUsers","TagAttendee","TagMeeting","TagResource","UnauthorizeDirectory","UntagAttendee","UntagMeeting","UntagResource","UpdateAccount","UpdateAccountOpenIdConfig","UpdateAccountResource","UpdateAccountSettings","UpdateAppInstance","UpdateAppInstanceUser","UpdateAppInstanceUserEndpoint","UpdateBot","UpdateCDRSettings","UpdateChannel","UpdateChannelFlow","UpdateChannelMessage","UpdateChannelReadMarker","UpdateGlobalSettings","UpdatePhoneNumber","UpdatePhoneNumberSettings","UpdateProxySession","UpdateRoom","UpdateRoomMembership","UpdateSipMediaApplication","UpdateSipMediaApplicationCall","UpdateSipRule","UpdateSupportedLicenses","UpdateUser","UpdateUserLicenses","UpdateUserSettings","UpdateVoiceConnector","UpdateVoiceConnectorGroup","ValidateAccountResource"],"ARNFormat":"arn:aws:chime::${AccountId}:${ResourceType}/${ResourceID}","ARNRegex":"^arn:aws:chime:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon ElastiCache":{"StringPrefix":"elasticache","Actions":["AddTagsToResource","AuthorizeCacheSecurityGroupIngress","BatchApplyUpdateAction","BatchStopUpdateAction","CompleteMigration","CopySnapshot","CreateCacheCluster","CreateCacheParameterGroup","CreateCacheSecurityGroup","CreateCacheSubnetGroup","CreateGlobalReplicationGroup","CreateReplicationGroup","CreateSnapshot","CreateUser","CreateUserGroup","DecreaseNodeGroupsInGlobalReplicationGroup","DecreaseReplicaCount","DeleteCacheCluster","DeleteCacheParameterGroup","DeleteCacheSecurityGroup","DeleteCacheSubnetGroup","DeleteGlobalReplicationGroup","DeleteReplicationGroup","DeleteSnapshot","DeleteUser","DeleteUserGroup","DescribeCacheClusters","DescribeCacheEngineVersions","DescribeCacheParameterGroups","DescribeCacheParameters","DescribeCacheSecurityGroups","DescribeCacheSubnetGroups","DescribeEngineDefaultParameters","DescribeEvents","DescribeGlobalReplicationGroups","DescribeReplicationGroups","DescribeReservedCacheNodes","DescribeReservedCacheNodesOfferings","DescribeServiceUpdates","DescribeSnapshots","DescribeUpdateActions","DescribeUserGroups","DescribeUsers","DisassociateGlobalReplicationGroup","FailoverGlobalReplicationGroup","IncreaseNodeGroupsInGlobalReplicationGroup","IncreaseReplicaCount","ListAllowedNodeTypeModifications","ListTagsForResource","ModifyCacheCluster","ModifyCacheParameterGroup","ModifyCacheSubnetGroup","ModifyGlobalReplicationGroup","ModifyReplicationGroup","ModifyReplicationGroupShardConfiguration","ModifyUser","ModifyUserGroup","PurchaseReservedCacheNodesOffering","RebalanceSlotsInGlobalReplicationGroup","RebootCacheCluster","RemoveTagsFromResource","ResetCacheParameterGroup","RevokeCacheSecurityGroupIngress","StartMigration","TestFailover"],"ARNFormat":"arn:${Partition}:elasticache:${Region}:${AccountId}:${ResourceType}:${ResourceName}","ARNRegex":"^arn:.+:elasticache:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticache:AtRestEncryptionEnabled","elasticache:AuthTokenEnabled","elasticache:AutomaticFailoverEnabled","elasticache:CacheNodeType","elasticache:CacheParameterGroupName","elasticache:ClusterModeEnabled","elasticache:EngineType","elasticache:EngineVersion","elasticache:KmsKeyId","elasticache:MultiAZEnabled","elasticache:NumNodeGroups","elasticache:ReplicasPerNodeGroup","elasticache:SnapshotRetentionLimit","elasticache:TransitEncryptionEnabled"],"HasResource":true},"AWS IoT Core for LoRaWAN":{"StringPrefix":"iotwireless","Actions":["AssociateAwsAccountWithPartnerAccount","AssociateMulticastGroupWithFuotaTask","AssociateWirelessDeviceWithFuotaTask","AssociateWirelessDeviceWithMulticastGroup","AssociateWirelessDeviceWithThing","AssociateWirelessGatewayWithCertificate","AssociateWirelessGatewayWithThing","CancelMulticastGroupSession","CreateDestination","CreateDeviceProfile","CreateFuotaTask","CreateMulticastGroup","CreateNetworkAnalyzerConfiguration","CreateServiceProfile","CreateWirelessDevice","CreateWirelessGateway","CreateWirelessGatewayTask","CreateWirelessGatewayTaskDefinition","DeleteDestination","DeleteDeviceProfile","DeleteFuotaTask","DeleteMulticastGroup","DeleteNetworkAnalyzerConfiguration","DeleteQueuedMessages","DeleteServiceProfile","DeleteWirelessDevice","DeleteWirelessGateway","DeleteWirelessGatewayTask","DeleteWirelessGatewayTaskDefinition","DisassociateAwsAccountFromPartnerAccount","DisassociateMulticastGroupFromFuotaTask","DisassociateWirelessDeviceFromFuotaTask","DisassociateWirelessDeviceFromMulticastGroup","DisassociateWirelessDeviceFromThing","DisassociateWirelessGatewayFromCertificate","DisassociateWirelessGatewayFromThing","GetDestination","GetDeviceProfile","GetEventConfigurationsByResourceTypes","GetFuotaTask","GetLogLevelsByResourceTypes","GetMulticastGroup","GetMulticastGroupSession","GetNetworkAnalyzerConfiguration","GetPartnerAccount","GetResourceEventConfiguration","GetResourceLogLevel","GetServiceEndpoint","GetServiceProfile","GetWirelessDevice","GetWirelessDeviceStatistics","GetWirelessGateway","GetWirelessGatewayCertificate","GetWirelessGatewayFirmwareInformation","GetWirelessGatewayStatistics","GetWirelessGatewayTask","GetWirelessGatewayTaskDefinition","ListDestinations","ListDeviceProfiles","ListEventConfigurations","ListFuotaTasks","ListMulticastGroups","ListMulticastGroupsByFuotaTask","ListNetworkAnalyzerConfigurations","ListPartnerAccounts","ListQueuedMessages","ListServiceProfiles","ListTagsForResource","ListWirelessDevices","ListWirelessGatewayTaskDefinitions","ListWirelessGateways","PutResourceLogLevel","ResetAllResourceLogLevels","ResetResourceLogLevel","SendDataToMulticastGroup","SendDataToWirelessDevice","StartBulkAssociateWirelessDeviceWithMulticastGroup","StartBulkDisassociateWirelessDeviceFromMulticastGroup","StartFuotaTask","StartMulticastGroupSession","StartNetworkAnalyzerStream","TagResource","TestWirelessDevice","UntagResource","UpdateDestination","UpdateEventConfigurationsByResourceTypes","UpdateFuotaTask","UpdateLogLevelsByResourceTypes","UpdateMulticastGroup","UpdateNetworkAnalyzerConfiguration","UpdatePartnerAccount","UpdateResourceEventConfiguration","UpdateWirelessDevice","UpdateWirelessGateway"],"ARNFormat":"arn:aws:iotwireless:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:iotwireless:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Kinesis Firehose":{"StringPrefix":"firehose","Actions":["CreateDeliveryStream","DeleteDeliveryStream","DescribeDeliveryStream","ListDeliveryStreams","ListTagsForDeliveryStream","PutRecord","PutRecordBatch","StartDeliveryStreamEncryption","StopDeliveryStreamEncryption","TagDeliveryStream","UntagDeliveryStream","UpdateDestination"],"ARNFormat":"arn:aws:firehose:{Region}:{Account}:deliverystream/${DeliveryStreamName}","ARNRegex":"^arn:aws:firehose:.+:[0-9]+:deliverystream/.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Mechanical Turk":{"StringPrefix":"mechanicalturk","Actions":["AcceptQualificationRequest","ApproveAssignment","AssociateQualificationWithWorker","CreateAdditionalAssignmentsForHIT","CreateHIT","CreateHITType","CreateHITWithHITType","CreateQualificationType","CreateWorkerBlock","DeleteHIT","DeleteQualificationType","DeleteWorkerBlock","DisassociateQualificationFromWorker","GetAccountBalance","GetAssignment","GetFileUploadURL","GetHIT","GetQualificationScore","GetQualificationType","ListAssignmentsForHIT","ListBonusPayments","ListHITs","ListHITsForQualificationType","ListQualificationRequests","ListQualificationTypes","ListReviewPolicyResultsForHIT","ListReviewableHITs","ListWorkerBlocks","ListWorkersWithQualificationType","NotifyWorkers","RejectAssignment","RejectQualificationRequest","SendBonus","SendTestEventNotification","UpdateExpirationForHIT","UpdateHITReviewStatus","UpdateHITTypeOfHIT","UpdateNotificationSettings","UpdateQualificationType"],"HasResource":false},"Amazon Storage Gateway":{"StringPrefix":"storagegateway","Actions":["ActivateGateway","AddCache","AddTagsToResource","AddUploadBuffer","AddWorkingStorage","AssignTapePool","AssociateFileSystem","AttachVolume","BypassGovernanceRetention","CancelArchival","CancelRetrieval","CreateCachediSCSIVolume","CreateNFSFileShare","CreateSMBFileShare","CreateSnapshot","CreateSnapshotFromVolumeRecoveryPoint","CreateStorediSCSIVolume","CreateTapePool","CreateTapeWithBarcode","CreateTapes","DeleteAutomaticTapeCreationPolicy","DeleteBandwidthRateLimit","DeleteChapCredentials","DeleteFileShare","DeleteGateway","DeleteSnapshotSchedule","DeleteTape","DeleteTapeArchive","DeleteTapePool","DeleteVolume","DescribeAvailabilityMonitorTest","DescribeBandwidthRateLimit","DescribeBandwidthRateLimitSchedule","DescribeCache","DescribeCachediSCSIVolumes","DescribeChapCredentials","DescribeFileSystemAssociations","DescribeGatewayInformation","DescribeMaintenanceStartTime","DescribeNFSFileShares","DescribeSMBFileShares","DescribeSMBSettings","DescribeSnapshotSchedule","DescribeStorediSCSIVolumes","DescribeTapeArchives","DescribeTapeRecoveryPoints","DescribeTapes","DescribeUploadBuffer","DescribeVTLDevices","DescribeWorkingStorage","DetachVolume","DisableGateway","DisassociateFileSystem","JoinDomain","ListAutomaticTapeCreationPolicies","ListFileShares","ListFileSystemAssociations","ListGateways","ListLocalDisks","ListTagsForResource","ListTapePools","ListTapes","ListVolumeInitiators","ListVolumeRecoveryPoints","ListVolumes","NotifyWhenUploaded","RefreshCache","RemoveTagsFromResource","ResetCache","RetrieveTapeArchive","RetrieveTapeRecoveryPoint","SetLocalConsolePassword","SetSMBGuestPassword","ShutdownGateway","StartAvailabilityMonitorTest","StartGateway","UpdateAutomaticTapeCreationPolicy","UpdateBandwidthRateLimit","UpdateBandwidthRateLimitSchedule","UpdateChapCredentials","UpdateFileSystemAssociation","UpdateGatewayInformation","UpdateGatewaySoftwareNow","UpdateMaintenanceStartTime","UpdateNFSFileShare","UpdateSMBFileShare","UpdateSMBFileShareVisibility","UpdateSMBLocalGroups","UpdateSMBSecurityStrategy","UpdateSnapshotSchedule","UpdateVTLDeviceType"],"ARNFormat":"arn:aws:storagegateway:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:storagegateway:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Elastic MapReduce":{"StringPrefix":"elasticmapreduce","Actions":["AddInstanceFleet","AddInstanceGroups","AddJobFlowSteps","AddTags","AttachEditor","CancelSteps","CreateEditor","CreatePersistentAppUI","CreateRepository","CreateSecurityConfiguration","CreateStudio","CreateStudioPresignedUrl","CreateStudioSessionMapping","DeleteEditor","DeleteRepository","DeleteSecurityConfiguration","DeleteStudio","DeleteStudioSessionMapping","DeleteWorkspaceAccess","DescribeCluster","DescribeEditor","DescribeJobFlows","DescribeNotebookExecution","DescribePersistentAppUI","DescribeReleaseLabel","DescribeRepository","DescribeSecurityConfiguration","DescribeStep","DescribeStudio","DetachEditor","GetAutoTerminationPolicy","GetBlockPublicAccessConfiguration","GetManagedScalingPolicy","GetOnClusterAppUIPresignedURL","GetPersistentAppUIPresignedURL","GetStudioSessionMapping","LinkRepository","ListBootstrapActions","ListClusters","ListEditors","ListInstanceFleets","ListInstanceGroups","ListInstances","ListNotebookExecutions","ListReleaseLabels","ListRepositories","ListSecurityConfigurations","ListSteps","ListStudioSessionMappings","ListStudios","ListWorkspaceAccessIdentities","ModifyCluster","ModifyInstanceFleet","ModifyInstanceGroups","OpenEditorInConsole","PutAutoScalingPolicy","PutAutoTerminationPolicy","PutBlockPublicAccessConfiguration","PutManagedScalingPolicy","PutWorkspaceAccess","RemoveAutoScalingPolicy","RemoveAutoTerminationPolicy","RemoveManagedScalingPolicy","RemoveTags","RunJobFlow","SetTerminationProtection","StartEditor","StartNotebookExecution","StopEditor","StopNotebookExecution","TerminateJobFlows","UnlinkRepository","UpdateEditor","UpdateRepository","UpdateStudio","UpdateStudioSessionMapping","ViewEventsFromAllClustersInConsole"],"ARNFormat":"arn:${Partition}:elasticmapreduce:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:elasticmapreduce:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticmapreduce:RequestTag/${TagKey}","elasticmapreduce:ResourceTag/${TagKey}"],"HasResource":true},"Amazon Route 53 Recovery Cluster":{"StringPrefix":"route53-recovery-cluster","Actions":["GetRoutingControlState","ListRoutingControls","UpdateRoutingControlState","UpdateRoutingControlStates"],"ARNFormat":"arn:${Partition}:route53-recovery-control::${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:route53-recovery-control::.+:.+","conditionKeys":["route53-recovery-cluster:AllowSafetyRulesOverrides"],"HasResource":true},"AWS Batch":{"StringPrefix":"batch","Actions":["CancelJob","CreateComputeEnvironment","CreateJobQueue","CreateSchedulingPolicy","DeleteComputeEnvironment","DeleteJobQueue","DeleteSchedulingPolicy","DeregisterJobDefinition","DescribeComputeEnvironments","DescribeJobDefinitions","DescribeJobQueues","DescribeJobs","DescribeSchedulingPolicies","ListJobs","ListSchedulingPolicies","ListTagsForResource","RegisterJobDefinition","SubmitJob","TagResource","TerminateJob","UntagResource","UpdateComputeEnvironment","UpdateJobQueue","UpdateSchedulingPolicy"],"ARNFormat":"arn:aws:batch:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:aws:batch:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","batch:AWSLogsCreateGroup","batch:AWSLogsGroup","batch:AWSLogsRegion","batch:AWSLogsStreamPrefix","batch:Image","batch:LogDriver","batch:Privileged","batch:ShareIdentifier","batch:User"],"HasResource":true},"High-volume outbound communications":{"StringPrefix":"connect-campaigns","Actions":["CreateCampaign","DeleteCampaign","DescribeCampaign","GetCampaignState","GetCampaignStateBatch","ListCampaigns","ListTagsForResource","PauseCampaign","PutConnectInstanceConfig","PutDialRequestBatch","ResumeCampaign","StartCampaign","StopCampaign","TagResource","UntagResource","UpdateCampaignDialerConfig","UpdateCampaignName","UpdateCampaignOutboundCallConfig"],"ARNFormat":"arn:${Partition}:connect-campaigns:${Region}:${Account}:campaign/${CampaignId}","ARNRegex":"^arn:${Partition}:connect-campaigns:.+:.*:campaign/.*","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS IoT Events":{"StringPrefix":"iotevents","Actions":["BatchAcknowledgeAlarm","BatchDisableAlarm","BatchEnableAlarm","BatchPutMessage","BatchResetAlarm","BatchSnoozeAlarm","BatchUpdateDetector","CreateAlarmModel","CreateDetectorModel","CreateInput","DeleteAlarmModel","DeleteDetectorModel","DeleteInput","DescribeAlarm","DescribeAlarmModel","DescribeDetector","DescribeDetectorModel","DescribeDetectorModelAnalysis","DescribeInput","DescribeLoggingOptions","GetDetectorModelAnalysisResults","ListAlarmModelVersions","ListAlarmModels","ListAlarms","ListDetectorModelVersions","ListDetectorModels","ListDetectors","ListInputRoutings","ListInputs","ListTagsForResource","PutLoggingOptions","StartDetectorModelAnalysis","TagResource","UntagResource","UpdateAlarmModel","UpdateDetectorModel","UpdateInput","UpdateInputRouting"],"ARNFormat":"arn:${Partition}:iotevents:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:iotevents:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","iotevents:keyValue"],"HasResource":true},"AWS Billing Conductor":{"StringPrefix":"billingconductor","Actions":["AssociateAccounts","AssociatePricingRules","BatchAssociateResourcesToCustomLineItem","BatchDisassociateResourcesFromCustomLineItem","CreateBillingGroup","CreateCustomLineItem","CreatePricingPlan","CreatePricingRule","DeleteBillingGroup","DeleteCustomLineItem","DeletePricingPlan","DeletePricingRule","DisassociateAccounts","DisassociatePricingRules","ListAccountAssociations","ListBillingGroupCostReports","ListBillingGroups","ListCustomLineItems","ListPricingPlans","ListPricingPlansAssociatedWithPricingRule","ListPricingRules","ListPricingRulesAssociatedToPricingPlan","ListResourcesAssociatedToCustomLineItem","ListTagsForResource","TagResource","UntagResource","UpdateBillingGroup","UpdateCustomLineItem","UpdatePricingPlan","UpdatePricingRule"],"ARNFormat":"^arn:${Partition}:billingconductor::${Account}:${ResourceType}","ARNRegex":"^arn:${Partition}:billingconductor:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS CloudTrail":{"StringPrefix":"cloudtrail","Actions":["AddTags","CancelQuery","CreateEventDataStore","CreateTrail","DeleteEventDataStore","DeleteTrail","DescribeQuery","DescribeTrails","GetEventDataStore","GetEventSelectors","GetInsightSelectors","GetQueryResults","GetTrail","GetTrailStatus","ListEventDataStores","ListPublicKeys","ListQueries","ListTags","ListTrails","LookupEvents","PutEventSelectors","PutInsightSelectors","RemoveTags","RestoreEventDataStore","StartLogging","StartQuery","StopLogging","UpdateEventDataStore","UpdateTrail"],"ARNFormat":"arn:aws:cloudtrail:${Region}:${Account}:${Resource}","ARNRegex":"^arn:aws:cloudtrail:.+:[0-9]+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon DynamoDB":{"StringPrefix":"dynamodb","Actions":["BatchGetItem","BatchWriteItem","ConditionCheckItem","CreateBackup","CreateGlobalTable","CreateTable","CreateTableReplica","DeleteBackup","DeleteItem","DeleteTable","DeleteTableReplica","DescribeBackup","DescribeContinuousBackups","DescribeContributorInsights","DescribeExport","DescribeGlobalTable","DescribeGlobalTableSettings","DescribeKinesisStreamingDestination","DescribeLimits","DescribeReservedCapacity","DescribeReservedCapacityOfferings","DescribeStream","DescribeTable","DescribeTableReplicaAutoScaling","DescribeTimeToLive","DisableKinesisStreamingDestination","EnableKinesisStreamingDestination","ExportTableToPointInTime","GetItem","GetRecords","GetShardIterator","ListBackups","ListContributorInsights","ListExports","ListGlobalTables","ListStreams","ListTables","ListTagsOfResource","PartiQLDelete","PartiQLInsert","PartiQLSelect","PartiQLUpdate","PurchaseReservedCapacityOfferings","PutItem","Query","RestoreTableFromAwsBackup","RestoreTableFromBackup","RestoreTableToPointInTime","Scan","StartAwsBackupJob","TagResource","UntagResource","UpdateContinuousBackups","UpdateContributorInsights","UpdateGlobalTable","UpdateGlobalTableSettings","UpdateItem","UpdateTable","UpdateTableReplicaAutoScaling","UpdateTimeToLive"],"ARNFormat":"arn:aws:dynamodb:${Region}:${AccountID}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:aws:dynamodb:.+:.+","conditionKeys":["dynamodb:Attributes","dynamodb:EnclosingOperation","dynamodb:FullTableScan","dynamodb:LeadingKeys","dynamodb:ReturnConsumedCapacity","dynamodb:ReturnValues","dynamodb:Select"],"HasResource":true},"Amazon OpenSearch Service (successor to Amazon Elasticsearch Service)":{"StringPrefix":"es","Actions":["AcceptInboundConnection","AcceptInboundCrossClusterSearchConnection","AddTags","AssociatePackage","CancelElasticsearchServiceSoftwareUpdate","CancelServiceSoftwareUpdate","CreateDomain","CreateElasticsearchDomain","CreateElasticsearchServiceRole","CreateOutboundConnection","CreateOutboundCrossClusterSearchConnection","CreatePackage","CreateServiceRole","DeleteDomain","DeleteElasticsearchDomain","DeleteElasticsearchServiceRole","DeleteInboundConnection","DeleteInboundCrossClusterSearchConnection","DeleteOutboundConnection","DeleteOutboundCrossClusterSearchConnection","DeletePackage","DescribeDomain","DescribeDomainAutoTunes","DescribeDomainChangeProgress","DescribeDomainConfig","DescribeDomains","DescribeElasticsearchDomain","DescribeElasticsearchDomainConfig","DescribeElasticsearchDomains","DescribeElasticsearchInstanceTypeLimits","DescribeInboundConnections","DescribeInboundCrossClusterSearchConnections","DescribeInstanceTypeLimits","DescribeOutboundConnections","DescribeOutboundCrossClusterSearchConnections","DescribePackages","DescribeReservedElasticsearchInstanceOfferings","DescribeReservedElasticsearchInstances","DescribeReservedInstanceOfferings","DescribeReservedInstances","DissociatePackage","ESCrossClusterGet","ESHttpDelete","ESHttpGet","ESHttpHead","ESHttpPatch","ESHttpPost","ESHttpPut","GetCompatibleElasticsearchVersions","GetCompatibleVersions","GetPackageVersionHistory","GetUpgradeHistory","GetUpgradeStatus","ListDomainNames","ListDomainsForPackage","ListElasticsearchInstanceTypeDetails","ListElasticsearchInstanceTypes","ListElasticsearchVersions","ListInstanceTypeDetails","ListPackagesForDomain","ListTags","ListVersions","PurchaseReservedElasticsearchInstanceOffering","PurchaseReservedInstanceOffering","RejectInboundConnection","RejectInboundCrossClusterSearchConnection","RemoveTags","StartElasticsearchServiceSoftwareUpdate","StartServiceSoftwareUpdate","UpdateDomainConfig","UpdateElasticsearchDomainConfig","UpdatePackage","UpgradeDomain","UpgradeElasticsearchDomain"],"ARNFormat":"arn:aws:es:${Region}:${Account}:${Resource}","ARNRegex":"^arn:aws:es:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS DeepRacer":{"StringPrefix":"deepracer","Actions":["AddLeaderboardAccessPermission","AdminGetAccountConfig","AdminListAssociatedResources","AdminListAssociatedUsers","AdminManageUser","AdminSetAccountConfig","CloneReinforcementLearningModel","CreateCar","CreateLeaderboard","CreateLeaderboardAccessToken","CreateLeaderboardSubmission","CreateReinforcementLearningModel","DeleteLeaderboard","DeleteModel","EditLeaderboard","GetAccountConfig","GetAlias","GetAssetUrl","GetCar","GetCars","GetEvaluation","GetLatestUserSubmission","GetLeaderboard","GetModel","GetPrivateLeaderboard","GetRankedUserSubmission","GetTrack","GetTrainingJob","ImportModel","ListEvaluations","ListLeaderboardSubmissions","ListLeaderboards","ListModels","ListPrivateLeaderboardParticipants","ListPrivateLeaderboards","ListSubscribedPrivateLeaderboards","ListTagsForResource","ListTracks","ListTrainingJobs","MigrateModels","PerformLeaderboardOperation","RemoveLeaderboardAccessPermission","SetAlias","StartEvaluation","StopEvaluation","StopTrainingReinforcementLearningModel","TagResource","TestRewardFunction","UntagResource","UpdateCar"],"ARNFormat":"arn:aws:deepracer:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:deepracer:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","deepracer:MultiUser","deepracer:UserToken"],"HasResource":true},"Amazon Connect Voice ID":{"StringPrefix":"voiceid","Actions":["CreateDomain","DeleteDomain","DeleteFraudster","DeleteSpeaker","DescribeComplianceConsent","DescribeDomain","DescribeFraudster","DescribeFraudsterRegistrationJob","DescribeSpeaker","DescribeSpeakerEnrollmentJob","EvaluateSession","ListDomains","ListFraudsterRegistrationJobs","ListSpeakerEnrollmentJobs","ListSpeakers","ListTagsForResource","OptOutSpeaker","RegisterComplianceConsent","StartFraudsterRegistrationJob","StartSpeakerEnrollmentJob","TagResource","UntagResource","UpdateDomain"],"ARNFormat":"arn:${Partition}:voiceid:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:voiceid:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon EMR on EKS (EMR Containers)":{"StringPrefix":"emr-containers","Actions":["CancelJobRun","CreateManagedEndpoint","CreateVirtualCluster","DeleteManagedEndpoint","DeleteVirtualCluster","DescribeJobRun","DescribeManagedEndpoint","DescribeVirtualCluster","ListJobRuns","ListManagedEndpoints","ListTagsForResource","ListVirtualClusters","StartJobRun","TagResource","UntagResource"],"ARNFormat":"arn:${Partition}:emr-containers:${region}:${account}:/${resourceType}/${resourcePath}","ARNRegex":"^arn:${Partition}:emr-containers:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","emr-containers:ExecutionRoleArn"],"HasResource":true},"AWS Budget Service":{"StringPrefix":"budgets","Actions":["CreateBudgetAction","DeleteBudgetAction","DescribeBudgetAction","DescribeBudgetActionHistories","DescribeBudgetActionsForAccount","DescribeBudgetActionsForBudget","ExecuteBudgetAction","ModifyBudget","UpdateBudgetAction","ViewBudget"],"ARNFormat":"arn:aws:budgets:::budget/","ARNRegex":"^arn:aws:budgets::.+:.+","HasResource":true},"Amazon EventBridge Schemas":{"StringPrefix":"schemas","Actions":["CreateDiscoverer","CreateRegistry","CreateSchema","DeleteDiscoverer","DeleteRegistry","DeleteResourcePolicy","DeleteSchema","DeleteSchemaVersion","DescribeCodeBinding","DescribeDiscoverer","DescribeRegistry","DescribeSchema","ExportSchema","GetCodeBindingSource","GetDiscoveredSchema","GetResourcePolicy","ListDiscoverers","ListRegistries","ListSchemaVersions","ListSchemas","ListTagsForResource","PutCodeBinding","PutResourcePolicy","SearchSchemas","StartDiscoverer","StopDiscoverer","TagResource","UntagResource","UpdateDiscoverer","UpdateRegistry","UpdateSchema"],"ARNFormat":"arn:aws:schemas:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:schemas:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Network Manager":{"StringPrefix":"networkmanager","Actions":["AcceptAttachment","AssociateConnectPeer","AssociateCustomerGateway","AssociateLink","AssociateTransitGatewayConnectPeer","CreateConnectAttachment","CreateConnectPeer","CreateConnection","CreateCoreNetwork","CreateDevice","CreateGlobalNetwork","CreateLink","CreateSite","CreateSiteToSiteVpnAttachment","CreateVpcAttachment","DeleteAttachment","DeleteConnectPeer","DeleteConnection","DeleteCoreNetwork","DeleteCoreNetworkPolicyVersion","DeleteDevice","DeleteGlobalNetwork","DeleteLink","DeleteResourcePolicy","DeleteSite","DeregisterTransitGateway","DescribeGlobalNetworks","DisassociateConnectPeer","DisassociateCustomerGateway","DisassociateLink","DisassociateTransitGatewayConnectPeer","ExecuteCoreNetworkChangeSet","GetConnectAttachment","GetConnectPeer","GetConnectPeerAssociations","GetConnections","GetCoreNetwork","GetCoreNetworkChangeSet","GetCoreNetworkPolicy","GetCustomerGatewayAssociations","GetDevices","GetLinkAssociations","GetLinks","GetNetworkResourceCounts","GetNetworkResourceRelationships","GetNetworkResources","GetNetworkRoutes","GetNetworkTelemetry","GetResourcePolicy","GetRouteAnalysis","GetSiteToSiteVpnAttachment","GetSites","GetTransitGatewayConnectPeerAssociations","GetTransitGatewayRegistrations","GetVpcAttachment","ListAttachments","ListConnectPeers","ListCoreNetworkPolicyVersions","ListCoreNetworks","ListTagsForResource","PutCoreNetworkPolicy","PutResourcePolicy","RegisterTransitGateway","RejectAttachment","RestoreCoreNetworkPolicyVersion","StartRouteAnalysis","TagResource","UntagResource","UpdateConnection","UpdateCoreNetwork","UpdateDevice","UpdateGlobalNetwork","UpdateLink","UpdateNetworkResourceMetadata","UpdateSite","UpdateVpcAttachment"],"ARNFormat":"arn:${Partition}:networkmanager::${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:networkmanager::.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","networkmanager:cgwArn","networkmanager:subnetArns","networkmanager:tgwArn","networkmanager:tgwConnectPeerArn","networkmanager:vpcArn","networkmanager:vpnConnectionArn"],"HasResource":true},"AWS Support":{"StringPrefix":"support","Actions":["AddAttachmentsToSet","AddCommunicationToCase","CreateCase","DescribeAttachment","DescribeCaseAttributes","DescribeCases","DescribeCommunications","DescribeIssueTypes","DescribeServices","DescribeSeverityLevels","DescribeSupportLevel","DescribeTrustedAdvisorCheckRefreshStatuses","DescribeTrustedAdvisorCheckResult","DescribeTrustedAdvisorCheckSummaries","DescribeTrustedAdvisorChecks","InitiateCallForCase","InitiateChatForCase","PutCaseAttributes","RateCaseCommunication","RefreshTrustedAdvisorCheck","ResolveCase","SearchForCases"],"HasResource":false},"Amazon Cognito Identity":{"StringPrefix":"cognito-identity","Actions":["CreateIdentityPool","DeleteIdentities","DeleteIdentityPool","DescribeIdentity","DescribeIdentityPool","GetCredentialsForIdentity","GetId","GetIdentityPoolRoles","GetOpenIdToken","GetOpenIdTokenForDeveloperIdentity","GetPrincipalTagAttributeMap","ListIdentities","ListIdentityPools","ListTagsForResource","LookupDeveloperIdentity","MergeDeveloperIdentities","SetIdentityPoolRoles","SetPrincipalTagAttributeMap","TagResource","UnlinkDeveloperIdentity","UnlinkIdentity","UntagResource","UpdateIdentityPool"],"ARNFormat":"arn:aws:cognito-identity:::/","ARNRegex":"^arn:aws:cognito-identity:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Polly":{"StringPrefix":"polly","Actions":["DeleteLexicon","DescribeVoices","GetLexicon","GetSpeechSynthesisTask","ListLexicons","ListSpeechSynthesisTasks","PutLexicon","StartSpeechSynthesisTask","SynthesizeSpeech"],"ARNFormat":"arn:aws:polly:::lexicon/","ARNRegex":"^arn:aws:polly::.+","HasResource":true},"AWS AppConfig":{"StringPrefix":"appconfig","Actions":["CreateApplication","CreateConfigurationProfile","CreateDeploymentStrategy","CreateEnvironment","CreateHostedConfigurationVersion","DeleteApplication","DeleteConfigurationProfile","DeleteDeploymentStrategy","DeleteEnvironment","DeleteHostedConfigurationVersion","GetApplication","GetConfiguration","GetConfigurationProfile","GetDeployment","GetDeploymentStrategy","GetEnvironment","GetHostedConfigurationVersion","GetLatestConfiguration","ListApplications","ListConfigurationProfiles","ListDeploymentStrategies","ListDeployments","ListEnvironments","ListHostedConfigurationVersions","ListTagsForResource","StartConfigurationSession","StartDeployment","StopDeployment","TagResource","UntagResource","UpdateApplication","UpdateConfigurationProfile","UpdateDeploymentStrategy","UpdateEnvironment","ValidateConfiguration"],"ARNFormat":"arn:aws:appconfig:${Region}:${Account}:${RelativeId}","ARNRegex":"^arn:aws:appconfig:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS App Runner":{"StringPrefix":"apprunner","Actions":["AssociateCustomDomain","CreateAutoScalingConfiguration","CreateConnection","CreateObservabilityConfiguration","CreateService","CreateVpcConnector","DeleteAutoScalingConfiguration","DeleteConnection","DeleteObservabilityConfiguration","DeleteService","DeleteVpcConnector","DescribeAutoScalingConfiguration","DescribeCustomDomains","DescribeObservabilityConfiguration","DescribeOperation","DescribeService","DescribeVpcConnector","DisassociateCustomDomain","ListAutoScalingConfigurations","ListConnections","ListObservabilityConfigurations","ListOperations","ListServices","ListTagsForResource","ListVpcConnectors","PauseService","ResumeService","StartDeployment","TagResource","UntagResource","UpdateService"],"ARNFormat":"arn:aws:apprunner:${Region}:${Account}:${ResourceType}/${PathToResource}","ARNRegex":"^arn:aws:apprunner:.+","conditionKeys":["apprunner:AutoScalingConfigurationArn","apprunner:ConnectionArn","apprunner:ObservabilityConfigurationArn","apprunner:VpcConnectorArn","aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS License Manager":{"StringPrefix":"license-manager","Actions":["AcceptGrant","CheckInLicense","CheckoutBorrowLicense","CheckoutLicense","CreateGrant","CreateGrantVersion","CreateLicense","CreateLicenseConfiguration","CreateLicenseConversionTaskForResource","CreateLicenseManagerReportGenerator","CreateLicenseVersion","CreateToken","DeleteGrant","DeleteLicense","DeleteLicenseConfiguration","DeleteLicenseManagerReportGenerator","DeleteToken","ExtendLicenseConsumption","GetAccessToken","GetGrant","GetLicense","GetLicenseConfiguration","GetLicenseConversionTask","GetLicenseManagerReportGenerator","GetLicenseUsage","GetServiceSettings","ListAssociationsForLicenseConfiguration","ListDistributedGrants","ListFailuresForLicenseConfigurationOperations","ListLicenseConfigurations","ListLicenseConversionTasks","ListLicenseManagerReportGenerators","ListLicenseSpecificationsForResource","ListLicenseVersions","ListLicenses","ListReceivedGrants","ListReceivedLicenses","ListResourceInventory","ListTagsForResource","ListTokens","ListUsageForLicenseConfiguration","RejectGrant","TagResource","UntagResource","UpdateLicenseConfiguration","UpdateLicenseManagerReportGenerator","UpdateLicenseSpecificationsForResource","UpdateServiceSettings"],"ARNFormat":"arn:aws:license-manager:${Region}:${Account}:${ResourceType}:${ResourceId}","ARNRegex":"^arn:aws:license-manager:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","license-manager:ResourceTag/${TagKey}"],"HasResource":true},"Alexa for Business":{"StringPrefix":"a4b","Actions":["ApproveSkill","AssociateContactWithAddressBook","AssociateDeviceWithNetworkProfile","AssociateDeviceWithRoom","AssociateSkillGroupWithRoom","AssociateSkillWithSkillGroup","AssociateSkillWithUsers","CompleteRegistration","CreateAddressBook","CreateBusinessReportSchedule","CreateConferenceProvider","CreateContact","CreateGatewayGroup","CreateNetworkProfile","CreateProfile","CreateRoom","CreateSkillGroup","CreateUser","DeleteAddressBook","DeleteBusinessReportSchedule","DeleteConferenceProvider","DeleteContact","DeleteDevice","DeleteDeviceUsageData","DeleteGatewayGroup","DeleteNetworkProfile","DeleteProfile","DeleteRoom","DeleteRoomSkillParameter","DeleteSkillAuthorization","DeleteSkillGroup","DeleteUser","DisassociateContactFromAddressBook","DisassociateDeviceFromRoom","DisassociateSkillFromSkillGroup","DisassociateSkillFromUsers","DisassociateSkillGroupFromRoom","ForgetSmartHomeAppliances","GetAddressBook","GetConferencePreference","GetConferenceProvider","GetContact","GetDevice","GetGateway","GetGatewayGroup","GetInvitationConfiguration","GetNetworkProfile","GetProfile","GetRoom","GetRoomSkillParameter","GetSkillGroup","ListBusinessReportSchedules","ListConferenceProviders","ListDeviceEvents","ListGatewayGroups","ListGateways","ListSkills","ListSkillsStoreCategories","ListSkillsStoreSkillsByCategory","ListSmartHomeAppliances","ListTags","PutConferencePreference","PutDeviceSetupEvents","PutInvitationConfiguration","PutRoomSkillParameter","PutSkillAuthorization","RegisterAVSDevice","RegisterDevice","RejectSkill","ResolveRoom","RevokeInvitation","SearchAddressBooks","SearchContacts","SearchDevices","SearchNetworkProfiles","SearchProfiles","SearchRooms","SearchSkillGroups","SearchUsers","SendAnnouncement","SendInvitation","StartDeviceSync","StartSmartHomeApplianceDiscovery","TagResource","UntagResource","UpdateAddressBook","UpdateBusinessReportSchedule","UpdateConferenceProvider","UpdateContact","UpdateDevice","UpdateGateway","UpdateGatewayGroup","UpdateNetworkProfile","UpdateProfile","UpdateRoom","UpdateSkillGroup"],"ARNFormat":"arn:aws:a4b:::/","ARNRegex":"^arn:aws:a4b:.+:.+:.+","conditionKeys":["a4b:amazonId","a4b:filters_deviceType","aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Certificate Manager Private Certificate Authority":{"StringPrefix":"acm-pca","Actions":["CreateCertificateAuthority","CreateCertificateAuthorityAuditReport","CreatePermission","DeleteCertificateAuthority","DeletePermission","DeletePolicy","DescribeCertificateAuthority","DescribeCertificateAuthorityAuditReport","GetCertificate","GetCertificateAuthorityCertificate","GetCertificateAuthorityCsr","GetPolicy","ImportCertificateAuthorityCertificate","IssueCertificate","ListCertificateAuthorities","ListPermissions","ListTags","PutPolicy","RestoreCertificateAuthority","RevokeCertificate","TagCertificateAuthority","UntagCertificateAuthority","UpdateCertificateAuthority"],"ARNFormat":"arn:${Partition}:acm-pca:${Region}:${Account}:${ARNType}/${ResourceId}","ARNRegex":"^arn:${Partition}:acm-pca:.+:[0-9]+:.+","conditionKeys":["acm-pca:TemplateArn","aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Step Functions":{"StringPrefix":"states","Actions":["CreateActivity","CreateStateMachine","DeleteActivity","DeleteStateMachine","DescribeActivity","DescribeExecution","DescribeStateMachine","DescribeStateMachineForExecution","GetActivityTask","GetExecutionHistory","ListActivities","ListExecutions","ListStateMachines","ListTagsForResource","SendTaskFailure","SendTaskHeartbeat","SendTaskSuccess","StartExecution","StartSyncExecution","StopExecution","TagResource","UntagResource","UpdateStateMachine"],"ARNFormat":"arn:aws:::::","ARNRegex":"^arn:aws:states:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Connect Wisdom":{"StringPrefix":"wisdom","Actions":["CreateAssistant","CreateAssistantAssociation","CreateContent","CreateKnowledgeBase","CreateSession","DeleteAssistant","DeleteAssistantAssociation","DeleteContent","DeleteKnowledgeBase","GetAssistant","GetAssistantAssociation","GetContent","GetContentSummary","GetKnowledgeBase","GetRecommendations","GetSession","ListAssistantAssociations","ListAssistants","ListContents","ListKnowledgeBases","ListTagsForResource","NotifyRecommendationsReceived","QueryAssistant","RemoveKnowledgeBaseTemplateUri","SearchContent","SearchSessions","StartContentUpload","TagResource","UntagResource","UpdateContent","UpdateKnowledgeBaseTemplateUri"],"ARNFormat":"arn:aws:wisdom:${Region}:${Account}:${Resource}/${ResourceId}","ARNRegex":"^arn:aws:wisdom:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Message Delivery Service":{"StringPrefix":"ec2messages","Actions":["AcknowledgeMessage","DeleteMessage","FailMessage","GetEndpoint","GetMessages","SendReply"],"HasResource":false},"AWS IoT Greengrass V2":{"StringPrefix":"greengrass","Actions":["AssociateServiceRoleToAccount","BatchAssociateClientDeviceWithCoreDevice","BatchDisassociateClientDeviceFromCoreDevice","CancelDeployment","CreateComponentVersion","CreateDeployment","DeleteComponent","DeleteCoreDevice","DescribeComponent","DisassociateServiceRoleFromAccount","GetComponent","GetComponentVersionArtifact","GetConnectivityInfo","GetCoreDevice","GetDeployment","GetServiceRoleForAccount","ListClientDevicesAssociatedWithCoreDevice","ListComponentVersions","ListComponents","ListCoreDevices","ListDeployments","ListEffectiveDeployments","ListInstalledComponents","ListTagsForResource","ResolveComponentCandidates","TagResource","UntagResource","UpdateConnectivityInfo"],"ARNFormat":"arn:${Partition}:greengrass:${Region}:${Account}:${ResourceType}:${ResourcePath}","ARNRegex":"^arn:${Partition}:greengrass:.+","conditionKeys":["aws:CurrentTime","aws:EpochTime","aws:MultiFactorAuthAge","aws:MultiFactorAuthPresent","aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:SecureTransport","aws:TagKeys","aws:UserAgent"],"HasResource":true},"AWS IoT Greengrass":{"StringPrefix":"greengrass","Actions":["AssociateRoleToGroup","AssociateServiceRoleToAccount","CreateConnectorDefinition","CreateConnectorDefinitionVersion","CreateCoreDefinition","CreateCoreDefinitionVersion","CreateDeployment","CreateDeviceDefinition","CreateDeviceDefinitionVersion","CreateFunctionDefinition","CreateFunctionDefinitionVersion","CreateGroup","CreateGroupCertificateAuthority","CreateGroupVersion","CreateLoggerDefinition","CreateLoggerDefinitionVersion","CreateResourceDefinition","CreateResourceDefinitionVersion","CreateSoftwareUpdateJob","CreateSubscriptionDefinition","CreateSubscriptionDefinitionVersion","DeleteConnectorDefinition","DeleteCoreDefinition","DeleteDeviceDefinition","DeleteFunctionDefinition","DeleteGroup","DeleteLoggerDefinition","DeleteResourceDefinition","DeleteSubscriptionDefinition","DisassociateRoleFromGroup","DisassociateServiceRoleFromAccount","Discover","GetAssociatedRole","GetBulkDeploymentStatus","GetConnectivityInfo","GetConnectorDefinition","GetConnectorDefinitionVersion","GetCoreDefinition","GetCoreDefinitionVersion","GetDeploymentStatus","GetDeviceDefinition","GetDeviceDefinitionVersion","GetFunctionDefinition","GetFunctionDefinitionVersion","GetGroup","GetGroupCertificateAuthority","GetGroupCertificateConfiguration","GetGroupVersion","GetLoggerDefinition","GetLoggerDefinitionVersion","GetResourceDefinition","GetResourceDefinitionVersion","GetServiceRoleForAccount","GetSubscriptionDefinition","GetSubscriptionDefinitionVersion","GetThingRuntimeConfiguration","ListBulkDeploymentDetailedReports","ListBulkDeployments","ListConnectorDefinitionVersions","ListConnectorDefinitions","ListCoreDefinitionVersions","ListCoreDefinitions","ListDeployments","ListDeviceDefinitionVersions","ListDeviceDefinitions","ListFunctionDefinitionVersions","ListFunctionDefinitions","ListGroupCertificateAuthorities","ListGroupVersions","ListGroups","ListLoggerDefinitionVersions","ListLoggerDefinitions","ListResourceDefinitionVersions","ListResourceDefinitions","ListSubscriptionDefinitionVersions","ListSubscriptionDefinitions","ListTagsForResource","ResetDeployments","StartBulkDeployment","StopBulkDeployment","TagResource","UntagResource","UpdateConnectivityInfo","UpdateConnectorDefinition","UpdateCoreDefinition","UpdateDeviceDefinition","UpdateFunctionDefinition","UpdateGroup","UpdateGroupCertificateConfiguration","UpdateLoggerDefinition","UpdateResourceDefinition","UpdateSubscriptionDefinition","UpdateThingRuntimeConfiguration"],"ARNFormat":"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/${ResourceType}/${ResourcePath}","ARNRegex":"^arn:${Partition}:greengrass:.+:[0-9]+:.+","conditionKeys":["aws:CurrentTime","aws:EpochTime","aws:MultiFactorAuthAge","aws:MultiFactorAuthPresent","aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:SecureTransport","aws:TagKeys","aws:UserAgent"],"HasResource":true},"Amazon Redshift":{"StringPrefix":"redshift","Actions":["AcceptReservedNodeExchange","AddPartner","AssociateDataShareConsumer","AuthorizeClusterSecurityGroupIngress","AuthorizeDataShare","AuthorizeEndpointAccess","AuthorizeSnapshotAccess","BatchDeleteClusterSnapshots","BatchModifyClusterSnapshots","CancelQuery","CancelQuerySession","CancelResize","CopyClusterSnapshot","CreateAuthenticationProfile","CreateCluster","CreateClusterParameterGroup","CreateClusterSecurityGroup","CreateClusterSnapshot","CreateClusterSubnetGroup","CreateClusterUser","CreateEndpointAccess","CreateEventSubscription","CreateHsmClientCertificate","CreateHsmConfiguration","CreateSavedQuery","CreateScheduledAction","CreateSnapshotCopyGrant","CreateSnapshotSchedule","CreateTags","CreateUsageLimit","DeauthorizeDataShare","DeleteAuthenticationProfile","DeleteCluster","DeleteClusterParameterGroup","DeleteClusterSecurityGroup","DeleteClusterSnapshot","DeleteClusterSubnetGroup","DeleteEndpointAccess","DeleteEventSubscription","DeleteHsmClientCertificate","DeleteHsmConfiguration","DeletePartner","DeleteSavedQueries","DeleteScheduledAction","DeleteSnapshotCopyGrant","DeleteSnapshotSchedule","DeleteTags","DeleteUsageLimit","DescribeAccountAttributes","DescribeAuthenticationProfiles","DescribeClusterDbRevisions","DescribeClusterParameterGroups","DescribeClusterParameters","DescribeClusterSecurityGroups","DescribeClusterSnapshots","DescribeClusterSubnetGroups","DescribeClusterTracks","DescribeClusterVersions","DescribeClusters","DescribeDataShares","DescribeDataSharesForConsumer","DescribeDataSharesForProducer","DescribeDefaultClusterParameters","DescribeEndpointAccess","DescribeEndpointAuthorization","DescribeEventCategories","DescribeEventSubscriptions","DescribeEvents","DescribeHsmClientCertificates","DescribeHsmConfigurations","DescribeLoggingStatus","DescribeNodeConfigurationOptions","DescribeOrderableClusterOptions","DescribePartners","DescribeQuery","DescribeReservedNodeExchangeStatus","DescribeReservedNodeOfferings","DescribeReservedNodes","DescribeResize","DescribeSavedQueries","DescribeScheduledActions","DescribeSnapshotCopyGrants","DescribeSnapshotSchedules","DescribeStorage","DescribeTable","DescribeTableRestoreStatus","DescribeTags","DescribeUsageLimits","DisableLogging","DisableSnapshotCopy","DisassociateDataShareConsumer","EnableLogging","EnableSnapshotCopy","ExecuteQuery","FetchResults","GetClusterCredentials","GetReservedNodeExchangeConfigurationOptions","GetReservedNodeExchangeOfferings","JoinGroup","ListDatabases","ListSavedQueries","ListSchemas","ListTables","ModifyAquaConfiguration","ModifyAuthenticationProfile","ModifyCluster","ModifyClusterDbRevision","ModifyClusterIamRoles","ModifyClusterMaintenance","ModifyClusterParameterGroup","ModifyClusterSnapshot","ModifyClusterSnapshotSchedule","ModifyClusterSubnetGroup","ModifyEndpointAccess","ModifyEventSubscription","ModifySavedQuery","ModifyScheduledAction","ModifySnapshotCopyRetentionPeriod","ModifySnapshotSchedule","ModifyUsageLimit","PauseCluster","PurchaseReservedNodeOffering","RebootCluster","RejectDataShare","ResetClusterParameterGroup","ResizeCluster","RestoreFromClusterSnapshot","RestoreTableFromClusterSnapshot","ResumeCluster","RevokeClusterSecurityGroupIngress","RevokeEndpointAccess","RevokeSnapshotAccess","RotateEncryptionKey","UpdatePartnerStatus","ViewQueriesFromConsole","ViewQueriesInConsole"],"ARNFormat":"arn:aws:redshift:${Region}:${Account}:${RelativeId}","ARNRegex":"^arn:aws:redshift:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","redshift:ConsumerIdentifier","redshift:DbName","redshift:DbUser","redshift:DurationSeconds"],"HasResource":true},"Amazon WorkDocs":{"StringPrefix":"workdocs","Actions":["AbortDocumentVersionUpload","ActivateUser","AddResourcePermissions","AddUserToGroup","CheckAlias","CreateComment","CreateCustomMetadata","CreateFolder","CreateInstance","CreateLabels","CreateNotificationSubscription","CreateUser","DeactivateUser","DeleteComment","DeleteCustomMetadata","DeleteDocument","DeleteFolder","DeleteFolderContents","DeleteInstance","DeleteLabels","DeleteNotificationSubscription","DeleteUser","DeregisterDirectory","DescribeActivities","DescribeAvailableDirectories","DescribeComments","DescribeDocumentVersions","DescribeFolderContents","DescribeGroups","DescribeInstances","DescribeNotificationSubscriptions","DescribeResourcePermissions","DescribeRootFolders","DescribeUsers","DownloadDocumentVersion","GetCurrentUser","GetDocument","GetDocumentPath","GetDocumentVersion","GetFolder","GetFolderPath","GetGroup","GetResources","InitiateDocumentVersionUpload","RegisterDirectory","RemoveAllResourcePermissions","RemoveResourcePermission","UpdateDocument","UpdateDocumentVersion","UpdateFolder","UpdateInstanceAlias","UpdateUser"],"HasResource":false},"AWS Marketplace Management Portal":{"StringPrefix":"aws-marketplace-management","Actions":["uploadFiles","viewMarketing","viewReports","viewSettings","viewSupport"],"HasResource":false},"Amazon Comprehend Medical":{"StringPrefix":"comprehendmedical","Actions":["DescribeEntitiesDetectionV2Job","DescribeICD10CMInferenceJob","DescribePHIDetectionJob","DescribeRxNormInferenceJob","DescribeSNOMEDCTInferenceJob","DetectEntitiesV2","DetectPHI","InferICD10CM","InferRxNorm","InferSNOMEDCT","ListEntitiesDetectionV2Jobs","ListICD10CMInferenceJobs","ListPHIDetectionJobs","ListRxNormInferenceJobs","ListSNOMEDCTInferenceJobs","StartEntitiesDetectionV2Job","StartICD10CMInferenceJob","StartPHIDetectionJob","StartRxNormInferenceJob","StartSNOMEDCTInferenceJob","StopEntitiesDetectionV2Job","StopICD10CMInferenceJob","StopPHIDetectionJob","StopRxNormInferenceJob","StopSNOMEDCTInferenceJob"],"ARNFormat":"arn:${Partition}:comprehendmedical:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:comprehendmedical:.+:.+:.+","conditionKeys":["aws:SourceArn","aws:SourceVpc","aws:TagKeys"],"HasResource":false},"AWS DeepComposer":{"StringPrefix":"deepcomposer","Actions":["AssociateCoupon","CreateAudio","CreateComposition","CreateModel","DeleteComposition","DeleteModel","GetComposition","GetModel","GetSampleModel","ListCompositions","ListModels","ListSampleModels","ListTagsForResource","ListTrainingTopics","TagResource","UntagResource","UpdateComposition","UpdateModel"],"ARNFormat":"arn:aws:deepcomposer:::/","ARNRegex":"^arn:aws:deepcomposer:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Elemental Support Content":{"StringPrefix":"elemental-support-content","Actions":["Query"],"ARNFormat":"arn:aws:elemental-support-content:::/","ARNRegex":"^arn:aws:elemental-support-content:.+:.+:.+","HasResource":false},"Amazon Managed Blockchain":{"StringPrefix":"managedblockchain","Actions":["CreateMember","CreateNetwork","CreateNode","CreateProposal","DeleteMember","DeleteNode","GetMember","GetNetwork","GetNode","GetProposal","ListInvitations","ListMembers","ListNetworks","ListNodes","ListProposalVotes","ListProposals","ListTagsForResource","RejectInvitation","TagResource","UntagResource","UpdateMember","UpdateNode","VoteOnProposal"],"ARNFormat":"arn:aws:managedblockchain:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:managedblockchain:.*:[0-9]*:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS WAF":{"StringPrefix":"waf","Actions":["CreateByteMatchSet","CreateGeoMatchSet","CreateIPSet","CreateRateBasedRule","CreateRegexMatchSet","CreateRegexPatternSet","CreateRule","CreateRuleGroup","CreateSizeConstraintSet","CreateSqlInjectionMatchSet","CreateWebACL","CreateWebACLMigrationStack","CreateXssMatchSet","DeleteByteMatchSet","DeleteGeoMatchSet","DeleteIPSet","DeleteLoggingConfiguration","DeletePermissionPolicy","DeleteRateBasedRule","DeleteRegexMatchSet","DeleteRegexPatternSet","DeleteRule","DeleteRuleGroup","DeleteSizeConstraintSet","DeleteSqlInjectionMatchSet","DeleteWebACL","DeleteXssMatchSet","GetByteMatchSet","GetChangeToken","GetChangeTokenStatus","GetGeoMatchSet","GetIPSet","GetLoggingConfiguration","GetPermissionPolicy","GetRateBasedRule","GetRateBasedRuleManagedKeys","GetRegexMatchSet","GetRegexPatternSet","GetRule","GetRuleGroup","GetSampledRequests","GetSizeConstraintSet","GetSqlInjectionMatchSet","GetWebACL","GetXssMatchSet","ListActivatedRulesInRuleGroup","ListByteMatchSets","ListGeoMatchSets","ListIPSets","ListLoggingConfigurations","ListRateBasedRules","ListRegexMatchSets","ListRegexPatternSets","ListRuleGroups","ListRules","ListSizeConstraintSets","ListSqlInjectionMatchSets","ListSubscribedRuleGroups","ListTagsForResource","ListWebACLs","ListXssMatchSets","PutLoggingConfiguration","PutPermissionPolicy","TagResource","UntagResource","UpdateByteMatchSet","UpdateGeoMatchSet","UpdateIPSet","UpdateRateBasedRule","UpdateRegexMatchSet","UpdateRegexPatternSet","UpdateRule","UpdateRuleGroup","UpdateSizeConstraintSet","UpdateSqlInjectionMatchSet","UpdateWebACL","UpdateXssMatchSet"],"ARNFormat":"arn:${Partition}:waf::${Account}:${ResourceId}/${Id}","ARNRegex":"^arn:${Partition}:waf::[0-9]+:.+/.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon AppStream 2.0":{"StringPrefix":"appstream","Actions":["AssociateApplicationFleet","AssociateApplicationToEntitlement","AssociateFleet","BatchAssociateUserStack","BatchDisassociateUserStack","CopyImage","CreateAppBlock","CreateApplication","CreateDirectoryConfig","CreateEntitlement","CreateFleet","CreateImageBuilder","CreateImageBuilderStreamingURL","CreateStack","CreateStreamingURL","CreateUpdatedImage","CreateUsageReportSubscription","CreateUser","DeleteAppBlock","DeleteApplication","DeleteDirectoryConfig","DeleteEntitlement","DeleteFleet","DeleteImage","DeleteImageBuilder","DeleteImagePermissions","DeleteStack","DeleteUsageReportSubscription","DeleteUser","DescribeAppBlocks","DescribeApplicationFleetAssociations","DescribeApplications","DescribeDirectoryConfigs","DescribeEntitlements","DescribeFleets","DescribeImageBuilders","DescribeImagePermissions","DescribeImages","DescribeSessions","DescribeStacks","DescribeUsageReportSubscriptions","DescribeUserStackAssociations","DescribeUsers","DisableUser","DisassociateApplicationFleet","DisassociateApplicationFromEntitlement","DisassociateFleet","EnableUser","ExpireSession","ListAssociatedFleets","ListAssociatedStacks","ListEntitledApplications","ListTagsForResource","StartFleet","StartImageBuilder","StopFleet","StopImageBuilder","Stream","TagResource","UntagResource","UpdateApplication","UpdateDirectoryConfig","UpdateEntitlement","UpdateFleet","UpdateImagePermissions","UpdateStack"],"ARNFormat":"arn:${Partition}:appstream:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:${Partition}:appstream:.+","conditionKeys":["appstream:userId","aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon QuickSight":{"StringPrefix":"quicksight","Actions":["AccountConfigurations","CancelIngestion","CreateAccountCustomization","CreateAdmin","CreateAnalysis","CreateCustomPermissions","CreateDashboard","CreateDataSet","CreateDataSource","CreateEmailCustomizationTemplate","CreateFolder","CreateFolderMembership","CreateGroup","CreateGroupMembership","CreateIAMPolicyAssignment","CreateIngestion","CreateNamespace","CreateReader","CreateTemplate","CreateTemplateAlias","CreateTheme","CreateThemeAlias","CreateUser","CreateVPCConnection","DeleteAccountCustomization","DeleteAnalysis","DeleteCustomPermissions","DeleteDashboard","DeleteDataSet","DeleteDataSource","DeleteEmailCustomizationTemplate","DeleteFolder","DeleteFolderMembership","DeleteGroup","DeleteGroupMembership","DeleteIAMPolicyAssignment","DeleteNamespace","DeleteTemplate","DeleteTemplateAlias","DeleteTheme","DeleteThemeAlias","DeleteUser","DeleteUserByPrincipalId","DeleteVPCConnection","DescribeAccountCustomization","DescribeAccountSettings","DescribeAnalysis","DescribeAnalysisPermissions","DescribeCustomPermissions","DescribeDashboard","DescribeDashboardPermissions","DescribeDataSet","DescribeDataSetPermissions","DescribeDataSource","DescribeDataSourcePermissions","DescribeEmailCustomizationTemplate","DescribeFolder","DescribeFolderPermissions","DescribeFolderResolvedPermissions","DescribeGroup","DescribeGroupMembership","DescribeIAMPolicyAssignment","DescribeIngestion","DescribeIpRestriction","DescribeNamespace","DescribeTemplate","DescribeTemplateAlias","DescribeTemplatePermissions","DescribeTheme","DescribeThemeAlias","DescribeThemePermissions","DescribeUser","GenerateEmbedUrlForAnonymousUser","GenerateEmbedUrlForRegisteredUser","GetAnonymousUserEmbedUrl","GetAuthCode","GetDashboardEmbedUrl","GetGroupMapping","GetSessionEmbedUrl","ListAnalyses","ListCustomPermissions","ListDashboardVersions","ListDashboards","ListDataSets","ListDataSources","ListFolderMembers","ListFolders","ListGroupMemberships","ListGroups","ListIAMPolicyAssignments","ListIAMPolicyAssignmentsForUser","ListIngestions","ListNamespaces","ListTagsForResource","ListTemplateAliases","ListTemplateVersions","ListTemplates","ListThemeAliases","ListThemeVersions","ListThemes","ListUserGroups","ListUsers","PassDataSet","PassDataSource","RegisterUser","RestoreAnalysis","ScopeDownPolicy","SearchAnalyses","SearchDashboards","SearchDirectoryGroups","SearchFolders","SearchGroups","SetGroupMapping","Subscribe","TagResource","Unsubscribe","UntagResource","UpdateAccountCustomization","UpdateAccountSettings","UpdateAnalysis","UpdateAnalysisPermissions","UpdateCustomPermissions","UpdateDashboard","UpdateDashboardPermissions","UpdateDashboardPublishedVersion","UpdateDataSet","UpdateDataSetPermissions","UpdateDataSource","UpdateDataSourcePermissions","UpdateEmailCustomizationTemplate","UpdateFolder","UpdateFolderPermissions","UpdateGroup","UpdateIAMPolicyAssignment","UpdateIpRestriction","UpdateTemplate","UpdateTemplateAlias","UpdateTemplatePermissions","UpdateTheme","UpdateThemeAlias","UpdateThemePermissions","UpdateUser"],"ARNFormat":"arn:aws:quicksight:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:quicksight:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","quicksight:DirectoryType","quicksight:Edition","quicksight:IamArn","quicksight:SessionName","quicksight:UserName"],"HasResource":true},"AWS WAF V2":{"StringPrefix":"wafv2","Actions":["AssociateWebACL","CheckCapacity","CreateIPSet","CreateRegexPatternSet","CreateRuleGroup","CreateWebACL","DeleteFirewallManagerRuleGroups","DeleteIPSet","DeleteLoggingConfiguration","DeletePermissionPolicy","DeleteRegexPatternSet","DeleteRuleGroup","DeleteWebACL","DescribeManagedRuleGroup","DisassociateFirewallManager","DisassociateWebACL","GenerateMobileSdkReleaseUrl","GetIPSet","GetLoggingConfiguration","GetManagedRuleSet","GetMobileSdkRelease","GetPermissionPolicy","GetRateBasedStatementManagedKeys","GetRegexPatternSet","GetRuleGroup","GetSampledRequests","GetWebACL","GetWebACLForResource","ListAvailableManagedRuleGroupVersions","ListAvailableManagedRuleGroups","ListIPSets","ListLoggingConfigurations","ListManagedRuleSets","ListMobileSdkReleases","ListRegexPatternSets","ListResourcesForWebACL","ListRuleGroups","ListTagsForResource","ListWebACLs","PutFirewallManagerRuleGroups","PutLoggingConfiguration","PutManagedRuleSetVersions","PutPermissionPolicy","TagResource","UntagResource","UpdateIPSet","UpdateManagedRuleSetVersionExpiryDate","UpdateRegexPatternSet","UpdateRuleGroup","UpdateWebACL"],"ARNFormat":"arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/${ResourceType}/${ResourceName}/${ResourceId}","ARNRegex":"^arn:${Partition}:wafv2:.+:.+:.+/.+/.+/.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon WorkSpaces Application Manager":{"StringPrefix":"wam","Actions":["AuthenticatePackager"],"HasResource":false},"Amazon Data Lifecycle Manager":{"StringPrefix":"dlm","Actions":["CreateLifecyclePolicy","DeleteLifecyclePolicy","GetLifecyclePolicies","GetLifecyclePolicy","ListTagsForResource","TagResource","UntagResource","UpdateLifecyclePolicy"],"ARNFormat":"arn:${Partition}:dlm:${Region}:${Account}:policy/${ResourceName}","ARNRegex":"^arn:${Partition}:dlm:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Well-Architected Tool":{"StringPrefix":"wellarchitected","Actions":["AssociateLenses","CreateLensShare","CreateLensVersion","CreateMilestone","CreateWorkload","CreateWorkloadShare","DeleteLens","DeleteLensShare","DeleteWorkload","DeleteWorkloadShare","DisassociateLenses","ExportLens","GetAnswer","GetLens","GetLensReview","GetLensReviewReport","GetLensVersionDifference","GetMilestone","GetWorkload","ImportLens","ListAnswers","ListLensReviewImprovements","ListLensReviews","ListLensShares","ListLenses","ListMilestones","ListNotifications","ListShareInvitations","ListTagsForResource","ListWorkloadShares","ListWorkloads","TagResource","UntagResource","UpdateAnswer","UpdateLensReview","UpdateShareInvitation","UpdateWorkload","UpdateWorkloadShare","UpgradeLensReview"],"ARNFormat":"arn:aws:wellarchitected:${Region}:${Account}:${ResourceName}/${ResourceId}","ARNRegex":"^arn:${Partition}:wellarchitected:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Connector Service":{"StringPrefix":"awsconnector","Actions":["GetConnectorHealth","RegisterConnector","ValidateConnectorId"],"ARNFormat":"arn:aws::::/","ARNRegex":"^arn:aws::.+:.+:.+","HasResource":false},"Amazon Kendra":{"StringPrefix":"kendra","Actions":["AssociateEntitiesToExperience","AssociatePersonasToEntities","BatchDeleteDocument","BatchGetDocumentStatus","BatchPutDocument","ClearQuerySuggestions","CreateDataSource","CreateExperience","CreateFaq","CreateIndex","CreateQuerySuggestionsBlockList","CreateThesaurus","DeleteDataSource","DeleteExperience","DeleteFaq","DeleteIndex","DeletePrincipalMapping","DeleteQuerySuggestionsBlockList","DeleteThesaurus","DescribeDataSource","DescribeExperience","DescribeFaq","DescribeIndex","DescribePrincipalMapping","DescribeQuerySuggestionsBlockList","DescribeQuerySuggestionsConfig","DescribeThesaurus","DisassociateEntitiesFromExperience","DisassociatePersonasFromEntities","GetQuerySuggestions","GetSnapshots","ListDataSourceSyncJobs","ListDataSources","ListEntityPersonas","ListExperienceEntities","ListExperiences","ListFaqs","ListGroupsOlderThanOrderingId","ListIndices","ListQuerySuggestionsBlockLists","ListTagsForResource","ListThesauri","PutPrincipalMapping","Query","StartDataSourceSyncJob","StopDataSourceSyncJob","SubmitFeedback","TagResource","UntagResource","UpdateDataSource","UpdateExperience","UpdateIndex","UpdateQuerySuggestionsBlockList","UpdateQuerySuggestionsConfig","UpdateThesaurus"],"ARNFormat":"arn:${Partition}:kendra:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:kendra:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Interactive Video Service":{"StringPrefix":"ivs","Actions":["BatchGetChannel","BatchGetStreamKey","CreateChannel","CreateRecordingConfiguration","CreateStreamKey","DeleteChannel","DeletePlaybackKeyPair","DeleteRecordingConfiguration","DeleteStreamKey","GetChannel","GetPlaybackKeyPair","GetRecordingConfiguration","GetStream","GetStreamKey","GetStreamSession","ImportPlaybackKeyPair","ListChannels","ListPlaybackKeyPairs","ListRecordingConfigurations","ListStreamKeys","ListStreamSessions","ListStreams","ListTagsForResource","PutMetadata","StopStream","TagResource","UntagResource","UpdateChannel"],"ARNFormat":"arn:aws:ivs:${Region}:${AccountId}:${ArnType}/${ResourceId}","ARNRegex":"^arn:aws:ivs:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Lightsail":{"StringPrefix":"lightsail","Actions":["AllocateStaticIp","AttachCertificateToDistribution","AttachDisk","AttachInstancesToLoadBalancer","AttachLoadBalancerTlsCertificate","AttachStaticIp","CloseInstancePublicPorts","CopySnapshot","CreateBucket","CreateBucketAccessKey","CreateCertificate","CreateCloudFormationStack","CreateContactMethod","CreateContainerService","CreateContainerServiceDeployment","CreateContainerServiceRegistryLogin","CreateDisk","CreateDiskFromSnapshot","CreateDiskSnapshot","CreateDistribution","CreateDomain","CreateDomainEntry","CreateInstanceSnapshot","CreateInstances","CreateInstancesFromSnapshot","CreateKeyPair","CreateLoadBalancer","CreateLoadBalancerTlsCertificate","CreateRelationalDatabase","CreateRelationalDatabaseFromSnapshot","CreateRelationalDatabaseSnapshot","DeleteAlarm","DeleteAutoSnapshot","DeleteBucket","DeleteBucketAccessKey","DeleteCertificate","DeleteContactMethod","DeleteContainerImage","DeleteContainerService","DeleteDisk","DeleteDiskSnapshot","DeleteDistribution","DeleteDomain","DeleteDomainEntry","DeleteInstance","DeleteInstanceSnapshot","DeleteKeyPair","DeleteKnownHostKeys","DeleteLoadBalancer","DeleteLoadBalancerTlsCertificate","DeleteRelationalDatabase","DeleteRelationalDatabaseSnapshot","DetachCertificateFromDistribution","DetachDisk","DetachInstancesFromLoadBalancer","DetachStaticIp","DisableAddOn","DownloadDefaultKeyPair","EnableAddOn","ExportSnapshot","GetActiveNames","GetAlarms","GetAutoSnapshots","GetBlueprints","GetBucketAccessKeys","GetBucketBundles","GetBucketMetricData","GetBuckets","GetBundles","GetCertificates","GetCloudFormationStackRecords","GetContactMethods","GetContainerAPIMetadata","GetContainerImages","GetContainerLog","GetContainerServiceDeployments","GetContainerServiceMetricData","GetContainerServicePowers","GetContainerServices","GetDisk","GetDiskSnapshot","GetDiskSnapshots","GetDisks","GetDistributionBundles","GetDistributionLatestCacheReset","GetDistributionMetricData","GetDistributions","GetDomain","GetDomains","GetExportSnapshotRecords","GetInstance","GetInstanceAccessDetails","GetInstanceMetricData","GetInstancePortStates","GetInstanceSnapshot","GetInstanceSnapshots","GetInstanceState","GetInstances","GetKeyPair","GetKeyPairs","GetLoadBalancer","GetLoadBalancerMetricData","GetLoadBalancerTlsCertificates","GetLoadBalancers","GetOperation","GetOperations","GetOperationsForResource","GetRegions","GetRelationalDatabase","GetRelationalDatabaseBlueprints","GetRelationalDatabaseBundles","GetRelationalDatabaseEvents","GetRelationalDatabaseLogEvents","GetRelationalDatabaseLogStreams","GetRelationalDatabaseMasterUserPassword","GetRelationalDatabaseMetricData","GetRelationalDatabaseParameters","GetRelationalDatabaseSnapshot","GetRelationalDatabaseSnapshots","GetRelationalDatabases","GetStaticIp","GetStaticIps","ImportKeyPair","IsVpcPeered","OpenInstancePublicPorts","PeerVpc","PutAlarm","PutInstancePublicPorts","RebootInstance","RebootRelationalDatabase","RegisterContainerImage","ReleaseStaticIp","ResetDistributionCache","SendContactMethodVerification","SetIpAddressType","SetResourceAccessForBucket","StartInstance","StartRelationalDatabase","StopInstance","StopRelationalDatabase","TagResource","TestAlarm","UnpeerVpc","UntagResource","UpdateBucket","UpdateBucketBundle","UpdateContainerService","UpdateDistribution","UpdateDistributionBundle","UpdateDomainEntry","UpdateLoadBalancerAttribute","UpdateRelationalDatabase","UpdateRelationalDatabaseParameters"],"ARNFormat":"arn:aws:lightsail:${Region}:${Account}:${ResourceType}/${Id}","ARNRegex":"^arn:aws:lightsail:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Backup storage":{"StringPrefix":"backup-storage","Actions":["MountCapsule"],"ARNFormat":"arn:aws:backup-storage::::","ARNRegex":"^^arn:aws:backup-storage:.+:.+:.+","HasResource":false},"Amazon Cognito Sync":{"StringPrefix":"cognito-sync","Actions":["BulkPublish","DeleteDataset","DescribeDataset","DescribeIdentityPoolUsage","DescribeIdentityUsage","GetBulkPublishDetails","GetCognitoEvents","GetIdentityPoolConfiguration","ListDatasets","ListIdentityPoolUsage","ListRecords","QueryRecords","RegisterDevice","SetCognitoEvents","SetDatasetConfiguration","SetIdentityPoolConfiguration","SubscribeToDataset","UnsubscribeFromDataset","UpdateRecords"],"ARNFormat":"arn:aws:cognito-sync:${Region}:${Account}:${ResourceType}/${ResourcePath}:","ARNRegex":"^arn:aws:cognito-sync:.+","HasResource":true},"Amazon CloudSearch":{"StringPrefix":"cloudsearch","Actions":["AddTags","BuildSuggesters","CreateDomain","DefineAnalysisScheme","DefineExpression","DefineIndexField","DefineSuggester","DeleteAnalysisScheme","DeleteDomain","DeleteExpression","DeleteIndexField","DeleteSuggester","DescribeAnalysisSchemes","DescribeAvailabilityOptions","DescribeDomainEndpointOptions","DescribeDomains","DescribeExpressions","DescribeIndexFields","DescribeScalingParameters","DescribeServiceAccessPolicies","DescribeSuggesters","IndexDocuments","ListDomainNames","ListTags","RemoveTags","UpdateAvailabilityOptions","UpdateDomainEndpointOptions","UpdateScalingParameters","UpdateServiceAccessPolicies","document","search","suggest"],"ARNFormat":"arn:aws:cloudsearch:::/","ARNRegex":"^arn:aws:cloudsearch:.+:.+:.+","HasResource":true},"Amazon Elastic Transcoder":{"StringPrefix":"elastictranscoder","Actions":["CancelJob","CreateJob","CreatePipeline","CreatePreset","DeletePipeline","DeletePreset","ListJobsByPipeline","ListJobsByStatus","ListPipelines","ListPresets","ReadJob","ReadPipeline","ReadPreset","TestRole","UpdatePipeline","UpdatePipelineNotifications","UpdatePipelineStatus"],"ARNFormat":"arn:aws:elastictranscoder:::/","ARNRegex":"^arn:aws:elastictranscoder:.+","HasResource":true},"AWS IoT FleetWise":{"StringPrefix":"iotfleetwise","Actions":["AssociateVehicle","CreateCampaign","CreateDecoderManifest","CreateFleet","CreateModelManifest","CreateSignalCatalog","CreateVehicle","DeleteCampaign","DeleteDecoderManifest","DeleteFleet","DeleteModelManifest","DeleteSignalCatalog","DeleteVehicle","DisassociateVehicle","GetCampaign","GetDecoderManifest","GetFleet","GetModelManifest","GetRegisterAccountStatus","GetSignalCatalog","GetVehicle","GetVehicleStatus","ImportDecoderManifest","ImportSignalCatalog","ListCampaigns","ListDecoderManifestNetworkInterfaces","ListDecoderManifestSignals","ListDecoderManifests","ListFleets","ListFleetsForVehicle","ListModelManifestNodes","ListModelManifests","ListSignalCatalogNodes","ListSignalCatalogs","ListVehicles","ListVehiclesInFleet","RegisterAccount","UpdateCampaign","UpdateDecoderManifest","UpdateFleet","UpdateModelManifest","UpdateSignalCatalog","UpdateVehicle"],"ARNFormat":"arn:aws:iotfleetwise:${Region}:${Account}:${Type}/${Name}","ARNRegex":"^arn:aws:iotfleetwise:.+:[0-9]+:.+","conditionKeys":["iotfleetwise:UpdateToDecoderManifestArn","iotfleetwise:UpdateToModelManifestArn"],"HasResource":true},"AWS Price List":{"StringPrefix":"pricing","Actions":["DescribeServices","GetAttributeValues","GetProducts"],"HasResource":false},"AWS Backup":{"StringPrefix":"backup","Actions":["CopyFromBackupVault","CopyIntoBackupVault","CreateBackupPlan","CreateBackupSelection","CreateBackupVault","CreateFramework","CreateReportPlan","DeleteBackupPlan","DeleteBackupSelection","DeleteBackupVault","DeleteBackupVaultAccessPolicy","DeleteBackupVaultLockConfiguration","DeleteBackupVaultNotifications","DeleteFramework","DeleteRecoveryPoint","DeleteReportPlan","DescribeBackupJob","DescribeBackupVault","DescribeCopyJob","DescribeFramework","DescribeGlobalSettings","DescribeProtectedResource","DescribeRecoveryPoint","DescribeRegionSettings","DescribeReportJob","DescribeReportPlan","DescribeRestoreJob","DisassociateRecoveryPoint","ExportBackupPlanTemplate","GetBackupPlan","GetBackupPlanFromJSON","GetBackupPlanFromTemplate","GetBackupSelection","GetBackupVaultAccessPolicy","GetBackupVaultNotifications","GetRecoveryPointRestoreMetadata","GetSupportedResourceTypes","ListBackupJobs","ListBackupPlanTemplates","ListBackupPlanVersions","ListBackupPlans","ListBackupSelections","ListBackupVaults","ListCopyJobs","ListFrameworks","ListProtectedResources","ListRecoveryPointsByBackupVault","ListRecoveryPointsByResource","ListReportJobs","ListReportPlans","ListRestoreJobs","ListTags","PutBackupVaultAccessPolicy","PutBackupVaultLockConfiguration","PutBackupVaultNotifications","StartBackupJob","StartCopyJob","StartReportJob","StartRestoreJob","StopBackupJob","TagResource","UntagResource","UpdateBackupPlan","UpdateFramework","UpdateGlobalSettings","UpdateRecoveryPointLifecycle","UpdateRegionSettings","UpdateReportPlan"],"ARNFormat":"arn:${Partition}:backup:${Region}:${Account}:${ResourceType}:${ResourceName}","ARNRegex":"^arn:${Partition}:backup:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","backup:CopyTargetOrgPaths","backup:CopyTargets","backup:FrameworkArns"],"HasResource":true},"Amazon Mobile Analytics":{"StringPrefix":"mobileanalytics","Actions":["GetFinancialReports","GetReports","PutEvents"],"HasResource":false},"AWS Glue DataBrew":{"StringPrefix":"databrew","Actions":["BatchDeleteRecipeVersion","CreateDataset","CreateProfileJob","CreateProject","CreateRecipe","CreateRecipeJob","CreateRuleset","CreateSchedule","DeleteDataset","DeleteJob","DeleteProject","DeleteRecipeVersion","DeleteRuleset","DeleteSchedule","DescribeDataset","DescribeJob","DescribeJobRun","DescribeProject","DescribeRecipe","DescribeRuleset","DescribeSchedule","ListDatasets","ListJobRuns","ListJobs","ListProjects","ListRecipeVersions","ListRecipes","ListRulesets","ListSchedules","ListTagsForResource","PublishRecipe","SendProjectSessionAction","StartJobRun","StartProjectSession","StopJobRun","TagResource","UntagResource","UpdateDataset","UpdateProfileJob","UpdateProject","UpdateRecipe","UpdateRecipeJob","UpdateRuleset","UpdateSchedule"],"ARNFormat":"arn:${Partition}:databrew:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:databrew:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon RHEL Knowledgebase Portal":{"StringPrefix":"rhelkb","Actions":["GetRhelURL"],"ARNFormat":"arn:aws:rhelkb:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:rhelkb:.+","HasResource":false},"Amazon Braket":{"StringPrefix":"braket","Actions":["CancelJob","CancelQuantumTask","CreateJob","CreateQuantumTask","GetDevice","GetJob","GetQuantumTask","ListTagsForResource","SearchDevices","SearchJobs","SearchQuantumTasks","TagResource","UntagResource"],"ARNFormat":"arn:${Partition}:braket:{$Region}:{$AccountI}>:.+","ARNRegex":"^arn:${Partition}:braket::.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS IoT Device Tester":{"StringPrefix":"iot-device-tester","Actions":["CheckVersion","DownloadTestSuite","LatestIdt","SendMetrics","SupportedVersion"],"ARNFormat":"arn:aws:iot-device-tester:::/","ARNRegex":"^arn:aws:iot-device-tester:.+:.+:.+","HasResource":false},"AWS Database Migration Service":{"StringPrefix":"dms","Actions":["AddTagsToResource","ApplyPendingMaintenanceAction","CancelReplicationTaskAssessmentRun","CreateEndpoint","CreateEventSubscription","CreateReplicationInstance","CreateReplicationSubnetGroup","CreateReplicationTask","DeleteCertificate","DeleteConnection","DeleteEndpoint","DeleteEventSubscription","DeleteReplicationInstance","DeleteReplicationSubnetGroup","DeleteReplicationTask","DeleteReplicationTaskAssessmentRun","DescribeAccountAttributes","DescribeApplicableIndividualAssessments","DescribeCertificates","DescribeConnections","DescribeEndpointSettings","DescribeEndpointTypes","DescribeEndpoints","DescribeEventCategories","DescribeEventSubscriptions","DescribeEvents","DescribeOrderableReplicationInstances","DescribeRefreshSchemasStatus","DescribeReplicationInstanceTaskLogs","DescribeReplicationInstances","DescribeReplicationSubnetGroups","DescribeReplicationTaskAssessmentResults","DescribeReplicationTaskAssessmentRuns","DescribeReplicationTaskIndividualAssessments","DescribeReplicationTasks","DescribeSchemas","DescribeTableStatistics","ImportCertificate","ListTagsForResource","ModifyEndpoint","ModifyEventSubscription","ModifyReplicationInstance","ModifyReplicationSubnetGroup","ModifyReplicationTask","MoveReplicationTask","RebootReplicationInstance","RefreshSchemas","ReloadTables","RemoveTagsFromResource","StartReplicationTask","StartReplicationTaskAssessment","StartReplicationTaskAssessmentRun","StopReplicationTask","TestConnection"],"ARNFormat":"arn:aws:dms:${Region}:${Account}:${Resource}","ARNRegex":"^arn:aws:dms:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","dms:cert-tag/${TagKey}","dms:endpoint-tag/${TagKey}","dms:es-tag/${TagKey}","dms:rep-tag/${TagKey}","dms:req-tag/${TagKey}","dms:subgrp-tag/${TagKey}","dms:task-tag/${TagKey}"],"HasResource":true},"Amazon Session Manager Message Gateway Service":{"StringPrefix":"ssmmessages","Actions":["CreateControlChannel","CreateDataChannel","OpenControlChannel","OpenDataChannel"],"HasResource":false},"AWS Network Firewall":{"StringPrefix":"network-firewall","Actions":["AssociateFirewallPolicy","AssociateSubnets","CreateFirewall","CreateFirewallPolicy","CreateRuleGroup","DeleteFirewall","DeleteFirewallPolicy","DeleteResourcePolicy","DeleteRuleGroup","DescribeFirewall","DescribeFirewallPolicy","DescribeLoggingConfiguration","DescribeResourcePolicy","DescribeRuleGroup","DescribeRuleGroupMetadata","DisassociateSubnets","ListFirewallPolicies","ListFirewalls","ListRuleGroups","ListTagsForResource","PutResourcePolicy","TagResource","UntagResource","UpdateFirewallDeleteProtection","UpdateFirewallDescription","UpdateFirewallPolicy","UpdateFirewallPolicyChangeProtection","UpdateLoggingConfiguration","UpdateRuleGroup","UpdateSubnetChangeProtection"],"ARNFormat":"arn:aws:network-firewall:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:network-firewall:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Artifact":{"StringPrefix":"artifact","Actions":["AcceptAgreement","DownloadAgreement","Get","TerminateAgreement"],"ARNFormat":"arn:aws:artifact::","ARNRegex":"^arn:aws:artifact::.+","HasResource":true},"AWS Systems Manager Incident Manager Contacts":{"StringPrefix":"ssm-contacts","Actions":["AcceptPage","ActivateContactChannel","AssociateContact","CreateContact","CreateContactChannel","DeactivateContactChannel","DeleteContact","DeleteContactChannel","DeleteContactPolicy","DescribeEngagement","DescribePage","GetContact","GetContactChannel","GetContactPolicy","ListContactChannels","ListContacts","ListEngagements","ListPageReceipts","ListPagesByContact","ListPagesByEngagement","ListTagsForResource","PutContactPolicy","SendActivationCode","StartEngagement","StopEngagement","TagResource","UntagResource","UpdateContact","UpdateContactChannel","UpdateContactPolicy"],"ARNFormat":"arn:aws:ssm-contacts:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:ssm-contacts:.+","HasResource":true},"Amazon Transcribe":{"StringPrefix":"transcribe","Actions":["CreateCallAnalyticsCategory","CreateLanguageModel","CreateMedicalVocabulary","CreateVocabulary","CreateVocabularyFilter","DeleteCallAnalyticsCategory","DeleteCallAnalyticsJob","DeleteLanguageModel","DeleteMedicalTranscriptionJob","DeleteMedicalVocabulary","DeleteTranscriptionJob","DeleteVocabulary","DeleteVocabularyFilter","DescribeLanguageModel","GetCallAnalyticsCategory","GetCallAnalyticsJob","GetMedicalTranscriptionJob","GetMedicalVocabulary","GetTranscriptionJob","GetVocabulary","GetVocabularyFilter","ListCallAnalyticsCategories","ListCallAnalyticsJobs","ListLanguageModels","ListMedicalTranscriptionJobs","ListMedicalVocabularies","ListTagsForResource","ListTranscriptionJobs","ListVocabularies","ListVocabularyFilters","StartCallAnalyticsJob","StartMedicalStreamTranscription","StartMedicalStreamTranscriptionWebSocket","StartMedicalTranscriptionJob","StartStreamTranscription","StartStreamTranscriptionWebSocket","StartTranscriptionJob","TagResource","UntagResource","UpdateCallAnalyticsCategory","UpdateMedicalVocabulary","UpdateVocabulary","UpdateVocabularyFilter"],"ARNFormat":"arn:${Partition}:transcribe:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:transcribe:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","transcribe:OutputBucketName","transcribe:OutputEncryptionKMSKeyId","transcribe:OutputKey","transcribe:OutputLocation"],"HasResource":true},"AWS IQ Permissions":{"StringPrefix":"iq-permission","Actions":["ApproveAccessGrant"],"ARNFormat":"arn:aws:iq-permission:::/","ARNRegex":"^arn:aws:iq-permission::.+","HasResource":false},"AWS Elemental MediaPackage VOD":{"StringPrefix":"mediapackage-vod","Actions":["ConfigureLogs","CreateAsset","CreatePackagingConfiguration","CreatePackagingGroup","DeleteAsset","DeletePackagingConfiguration","DeletePackagingGroup","DescribeAsset","DescribePackagingConfiguration","DescribePackagingGroup","ListAssets","ListPackagingConfigurations","ListPackagingGroups","ListTagsForResource","TagResource","UntagResource","UpdatePackagingGroup"],"ARNFormat":"arn:aws:mediapackage-vod:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}","ARNRegex":"^arn:aws:mediapackage-vod:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Device Farm":{"StringPrefix":"devicefarm","Actions":["CreateDevicePool","CreateInstanceProfile","CreateNetworkProfile","CreateProject","CreateRemoteAccessSession","CreateTestGridProject","CreateTestGridUrl","CreateUpload","CreateVPCEConfiguration","DeleteDevicePool","DeleteInstanceProfile","DeleteNetworkProfile","DeleteProject","DeleteRemoteAccessSession","DeleteRun","DeleteTestGridProject","DeleteUpload","DeleteVPCEConfiguration","GetAccountSettings","GetDevice","GetDeviceInstance","GetDevicePool","GetDevicePoolCompatibility","GetInstanceProfile","GetJob","GetNetworkProfile","GetOfferingStatus","GetProject","GetRemoteAccessSession","GetRun","GetSuite","GetTest","GetTestGridProject","GetTestGridSession","GetUpload","GetVPCEConfiguration","InstallToRemoteAccessSession","ListArtifacts","ListDeviceInstances","ListDevicePools","ListDevices","ListInstanceProfiles","ListJobs","ListNetworkProfiles","ListOfferingPromotions","ListOfferingTransactions","ListOfferings","ListProjects","ListRemoteAccessSessions","ListRuns","ListSamples","ListSuites","ListTagsForResource","ListTestGridProjects","ListTestGridSessionActions","ListTestGridSessionArtifacts","ListTestGridSessions","ListTests","ListUniqueProblems","ListUploads","ListVPCEConfigurations","PurchaseOffering","RenewOffering","ScheduleRun","StopJob","StopRemoteAccessSession","StopRun","TagResource","UntagResource","UpdateDeviceInstance","UpdateDevicePool","UpdateInstanceProfile","UpdateNetworkProfile","UpdateProject","UpdateTestGridProject","UpdateUpload","UpdateVPCEConfiguration"],"ARNFormat":"arn:aws:devicefarm:${Region}:${Account}:${ResourceType}:${ResourceId}","ARNRegex":"^arn:aws:devicefarm:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Ground Station":{"StringPrefix":"groundstation","Actions":["CancelContact","CreateConfig","CreateDataflowEndpointGroup","CreateMissionProfile","DeleteConfig","DeleteDataflowEndpointGroup","DeleteMissionProfile","DescribeContact","GetConfig","GetDataflowEndpointGroup","GetMinuteUsage","GetMissionProfile","GetSatellite","ListConfigs","ListContacts","ListDataflowEndpointGroups","ListGroundStations","ListMissionProfiles","ListSatellites","ListTagsForResource","ReserveContact","TagResource","UntagResource","UpdateConfig","UpdateMissionProfile"],"ARNFormat":"arn:aws:groundstation:${Region}:${AccountID}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:groundstation:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","groundstation:ConfigId","groundstation:ConfigType","groundstation:ContactId","groundstation:DataflowEndpointGroupId","groundstation:GroundStationId","groundstation:MissionProfileId","groundstation:SatelliteId"],"HasResource":true},"Amazon DevOps Guru":{"StringPrefix":"devops-guru","Actions":["AddNotificationChannel","DeleteInsight","DescribeAccountHealth","DescribeAccountOverview","DescribeAnomaly","DescribeEventSourcesConfig","DescribeFeedback","DescribeInsight","DescribeOrganizationHealth","DescribeOrganizationOverview","DescribeOrganizationResourceCollectionHealth","DescribeResourceCollectionHealth","DescribeServiceIntegration","GetCostEstimation","GetResourceCollection","ListAnomaliesForInsight","ListEvents","ListInsights","ListNotificationChannels","ListOrganizationInsights","ListRecommendations","PutFeedback","RemoveNotificationChannel","SearchInsights","SearchOrganizationInsights","StartCostEstimation","UpdateEventSourcesConfig","UpdateResourceCollection","UpdateServiceIntegration"],"ARNFormat":"arn:aws:devops-guru:${Region}:${Account}:","ARNRegex":"^arn:aws:devops-guru:.+:.+:","HasResource":true},"AWS Signer":{"StringPrefix":"signer","Actions":["AddProfilePermission","CancelSigningProfile","DescribeSigningJob","GetSigningPlatform","GetSigningProfile","ListProfilePermissions","ListSigningJobs","ListSigningPlatforms","ListSigningProfiles","ListTagsForResource","PutSigningProfile","RemoveProfilePermission","RevokeSignature","RevokeSigningProfile","StartSigningJob","TagResource","UntagResource"],"ARNFormat":"arn:${Partition}:signer:${Region}:${Account}:/${ResourceType}/${ResourceIdentifier}","ARNRegex":"^arn:${Partition}:signer:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","signer:ProfileVersion"],"HasResource":true},"AWS Purchase Orders Console":{"StringPrefix":"purchase-orders","Actions":["ModifyPurchaseOrders","ViewPurchaseOrders"],"ARNFormat":"arn:aws:purchase-orders:::/","ARNRegex":"^arn:aws:purchase-orders:.+:.+:.+","HasResource":false},"AWS Resource Groups":{"StringPrefix":"resource-groups","Actions":["CreateGroup","DeleteGroup","GetGroup","GetGroupConfiguration","GetGroupQuery","GetTags","GroupResources","ListGroupResources","ListGroups","PutGroupConfiguration","PutGroupPolicy","SearchResources","Tag","UngroupResources","Untag","UpdateGroup","UpdateGroupQuery"],"ARNFormat":"arn:${Partition}:resource-groups:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:resource-groups:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Honeycode":{"StringPrefix":"honeycode","Actions":["ApproveTeamAssociation","BatchCreateTableRows","BatchDeleteTableRows","BatchUpdateTableRows","BatchUpsertTableRows","CreateTeam","CreateTenant","DeleteDomains","DeregisterGroups","DescribeTableDataImportJob","DescribeTeam","GetScreenData","InvokeScreenAutomation","ListDomains","ListGroups","ListTableColumns","ListTableRows","ListTables","ListTagsForResource","ListTeamAssociations","ListTenants","QueryTableRows","RegisterDomainForVerification","RegisterGroups","RejectTeamAssociation","RestartDomainVerification","StartTableDataImportJob","TagResource","UntagResource","UpdateTeam"],"ARNFormat":"arn:aws:honeycode:${Region}:${Account}:${ResourceType}:${ResourcePath}","ARNRegex":"^arn:aws:honeycode:.+:.+:.+","HasResource":true},"AWS IQ":{"StringPrefix":"iq","Actions":["CreateProject"],"ARNFormat":"arn:aws:iq:::/","ARNRegex":"^arn:aws:iq::.+","HasResource":false},"AWS Amplify UI Builder":{"StringPrefix":"amplifyuibuilder","Actions":["CreateComponent","CreateTheme","DeleteComponent","DeleteTheme","ExchangeCodeForToken","ExportComponents","ExportThemes","GetComponent","GetTheme","ListComponents","ListTagsForResource","ListThemes","RefreshToken","TagResource","UntagResource","UpdateComponent","UpdateTheme"],"ARNFormat":"arn:aws:amplifyuibuilder:${Region}:${AccountId}>:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:amplifyuibuilder:.+:.+:.+","conditionKeys":["amplifyuibuilder:AppId","amplifyuibuilder:ComponentsId","amplifyuibuilder:EnvironmentName","amplifyuibuilder:ThemesId","aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon WorkSpaces Web":{"StringPrefix":"workspaces-web","Actions":["AssociateBrowserSettings","AssociateNetworkSettings","AssociateTrustStore","AssociateUserSettings","CreateBrowserSettings","CreateIdentityProvider","CreateNetworkSettings","CreatePortal","CreateTrustStore","CreateUserSettings","DeleteBrowserSettings","DeleteIdentityProvider","DeleteNetworkSettings","DeletePortal","DeleteTrustStore","DeleteUserSettings","DisassociateBrowserSettings","DisassociateNetworkSettings","DisassociateTrustStore","DisassociateUserSettings","GetBrowserSettings","GetIdentityProvider","GetNetworkSettings","GetPortal","GetPortalServiceProviderMetadata","GetTrustStore","GetTrustStoreCertificate","GetUserSettings","ListBrowserSettings","ListIdentityProviders","ListNetworkSettings","ListPortals","ListTagsForResource","ListTrustStoreCertificates","ListTrustStores","ListUserSettings","TagResource","UntagResource","UpdateBrowserSettings","UpdateIdentityProvider","UpdateNetworkSettings","UpdatePortal","UpdateTrustStore","UpdateUserSettings"],"ARNFormat":"arn:${Partition}:workspaces-web:${Region}:${Account}:${ResourceType}/${ResourceIdentifier}","ARNRegex":"^arn:${Partition}:workspaces-web:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Elastic Container Registry Public":{"StringPrefix":"ecr-public","Actions":["BatchCheckLayerAvailability","BatchDeleteImage","CompleteLayerUpload","CreateRepository","DeleteRepository","DeleteRepositoryPolicy","DescribeImageTags","DescribeImages","DescribeRegistries","DescribeRepositories","GetAuthorizationToken","GetRegistryCatalogData","GetRepositoryCatalogData","GetRepositoryPolicy","InitiateLayerUpload","ListTagsForResource","PutImage","PutRegistryCatalogData","PutRepositoryCatalogData","SetRepositoryPolicy","TagResource","UntagResource","UploadLayerPart"],"ARNFormat":"arn:aws:ecr-public::${Account}:${RepositoryOrRegistry}/${RepositoryNameOrAccountId}","ARNRegex":"^arn:aws:ecr-public::.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ecr-public:ResourceTag/${TagKey}"],"HasResource":true},"AWS Snow Device Management":{"StringPrefix":"snow-device-management","Actions":["CancelTask","CreateTask","DescribeDevice","DescribeDeviceEc2Instances","DescribeExecution","DescribeTask","ListDeviceResources","ListDevices","ListExecutions","ListTagsForResource","ListTasks","TagResource","UntagResource"],"ARNFormat":"arn:aws:snow-device-management:::/","ARNRegex":"^arn:aws:snow-device-management:.+:.+:.+/.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon API Gateway Management V2":{"StringPrefix":"apigateway","Actions":["DELETE","GET","PATCH","POST","PUT"],"ARNFormat":"arn:aws:apigateway:${Region}::${ApiGatewayResourcePath}","ARNRegex":"^arn:aws:apigateway:.+","conditionKeys":["apigateway:Request/AccessLoggingDestination","apigateway:Request/AccessLoggingFormat","apigateway:Request/ApiKeyRequired","apigateway:Request/ApiName","apigateway:Request/AuthorizerType","apigateway:Request/AuthorizerUri","apigateway:Request/DisableExecuteApiEndpoint","apigateway:Request/EndpointType","apigateway:Request/MtlsTrustStoreUri","apigateway:Request/MtlsTrustStoreVersion","apigateway:Request/RouteAuthorizationType","apigateway:Request/SecurityPolicy","apigateway:Request/StageName","apigateway:Resource/AccessLoggingDestination","apigateway:Resource/AccessLoggingFormat","apigateway:Resource/ApiKeyRequired","apigateway:Resource/ApiName","apigateway:Resource/AuthorizerType","apigateway:Resource/AuthorizerUri","apigateway:Resource/DisableExecuteApiEndpoint","apigateway:Resource/EndpointType","apigateway:Resource/MtlsTrustStoreUri","apigateway:Resource/MtlsTrustStoreVersion","apigateway:Resource/RouteAuthorizationType","apigateway:Resource/SecurityPolicy","aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon API Gateway Management":{"StringPrefix":"apigateway","Actions":["AddCertificateToDomain","DELETE","GET","PATCH","POST","PUT","RemoveCertificateFromDomain","SetWebACL","UpdateRestApiPolicy"],"ARNFormat":"arn:aws:apigateway:${Region}::${ApiGatewayResourcePath}","ARNRegex":"^arn:aws:apigateway:.+","conditionKeys":["apigateway:Request/AccessLoggingDestination","apigateway:Request/AccessLoggingFormat","apigateway:Request/ApiKeyRequired","apigateway:Request/ApiName","apigateway:Request/AuthorizerType","apigateway:Request/AuthorizerUri","apigateway:Request/DisableExecuteApiEndpoint","apigateway:Request/EndpointType","apigateway:Request/MtlsTrustStoreUri","apigateway:Request/MtlsTrustStoreVersion","apigateway:Request/RouteAuthorizationType","apigateway:Request/SecurityPolicy","apigateway:Request/StageName","apigateway:Resource/AccessLoggingDestination","apigateway:Resource/AccessLoggingFormat","apigateway:Resource/ApiKeyRequired","apigateway:Resource/ApiName","apigateway:Resource/AuthorizerType","apigateway:Resource/AuthorizerUri","apigateway:Resource/DisableExecuteApiEndpoint","apigateway:Resource/EndpointType","apigateway:Resource/MtlsTrustStoreUri","apigateway:Resource/MtlsTrustStoreVersion","apigateway:Resource/RouteAuthorizationType","apigateway:Resource/SecurityPolicy","aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Apache Kafka APIs for Amazon MSK clusters":{"StringPrefix":"kafka-cluster","Actions":["AlterCluster","AlterClusterDynamicConfiguration","AlterGroup","AlterTopic","AlterTopicDynamicConfiguration","AlterTransactionalId","Connect","CreateTopic","DeleteGroup","DeleteTopic","DescribeCluster","DescribeClusterDynamicConfiguration","DescribeGroup","DescribeTopic","DescribeTopicDynamicConfiguration","DescribeTransactionalId","ReadData","WriteData","WriteDataIdempotently"],"ARNFormat":"arn:aws:kafka:${Region}:${Account}:${ResourceType}/${ResourceDescriptor}","ARNRegex":"^arn:aws:kafka:.+","conditionKeys":["aws:ResourceTag/${TagKey}"],"HasResource":true},"AWS Elemental Appliances and Software Activation Service":{"StringPrefix":"elemental-activations","Actions":["CompleteAccountRegistration","CompleteFileUpload","DownloadSoftware","GenerateLicenses","GetActivation","ListTagsForResource","StartAccountRegistration","StartFileUpload","TagResource","UntagResource"],"ARNFormat":"arn:aws:elemental-activations:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:elemental-activations:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Managed Grafana":{"StringPrefix":"grafana","Actions":["AssociateLicense","CreateWorkspace","DeleteWorkspace","DescribeWorkspace","DescribeWorkspaceAuthentication","DisassociateLicense","ListPermissions","ListTagsForResource","ListWorkspaces","TagResource","UntagResource","UpdatePermissions","UpdateWorkspace","UpdateWorkspaceAuthentication"],"ARNFormat":"arn:aws:grafana:${Region}:${Account}:/${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:grafana:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS App Mesh":{"StringPrefix":"appmesh","Actions":["CreateGatewayRoute","CreateMesh","CreateRoute","CreateVirtualGateway","CreateVirtualNode","CreateVirtualRouter","CreateVirtualService","DeleteGatewayRoute","DeleteMesh","DeleteRoute","DeleteVirtualGateway","DeleteVirtualNode","DeleteVirtualRouter","DeleteVirtualService","DescribeGatewayRoute","DescribeMesh","DescribeRoute","DescribeVirtualGateway","DescribeVirtualNode","DescribeVirtualRouter","DescribeVirtualService","ListGatewayRoutes","ListMeshes","ListRoutes","ListTagsForResource","ListVirtualGateways","ListVirtualNodes","ListVirtualRouters","ListVirtualServices","StreamAggregatedResources","TagResource","UntagResource","UpdateGatewayRoute","UpdateMesh","UpdateRoute","UpdateVirtualGateway","UpdateVirtualNode","UpdateVirtualRouter","UpdateVirtualService"],"ARNFormat":"arn:${Partition}:appmesh:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:appmesh:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Database Query Metadata Service":{"StringPrefix":"dbqms","Actions":["CreateFavoriteQuery","CreateQueryHistory","CreateTab","DeleteFavoriteQueries","DeleteQueryHistory","DeleteTab","DescribeFavoriteQueries","DescribeQueryHistory","DescribeTabs","GetQueryString","UpdateFavoriteQuery","UpdateQueryHistory","UpdateTab"],"ARNFormat":"arn:${Partition}:dbqms::","ARNRegex":"^arn:${Partition}:dbqms::.+","HasResource":false},"Amazon Managed Streaming for Apache Kafka":{"StringPrefix":"kafka","Actions":["BatchAssociateScramSecret","BatchDisassociateScramSecret","CreateCluster","CreateClusterV2","CreateConfiguration","DeleteCluster","DeleteConfiguration","DescribeCluster","DescribeClusterOperation","DescribeClusterV2","DescribeConfiguration","DescribeConfigurationRevision","GetBootstrapBrokers","GetCompatibleKafkaVersions","ListClusterOperations","ListClusters","ListClustersV2","ListConfigurationRevisions","ListConfigurations","ListKafkaVersions","ListNodes","ListScramSecrets","ListTagsForResource","RebootBroker","TagResource","UntagResource","UpdateBrokerCount","UpdateBrokerStorage","UpdateBrokerType","UpdateClusterConfiguration","UpdateClusterKafkaVersion","UpdateConfiguration","UpdateConnectivity","UpdateMonitoring","UpdateSecurity"],"ARNFormat":"arn:aws:kafka:${Region}:${Account}:${ResourceType}/${ResourceName}/${Uuid}","ARNRegex":"^arn:aws:kafka:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon CodeGuru Reviewer":{"StringPrefix":"codeguru-reviewer","Actions":["AssociateRepository","CreateCodeReview","CreateConnectionToken","DescribeCodeReview","DescribeRecommendationFeedback","DescribeRepositoryAssociation","DisassociateRepository","GetMetricsData","ListCodeReviews","ListRecommendationFeedback","ListRecommendations","ListRepositoryAssociations","ListTagsForResource","ListThirdPartyRepositories","PutRecommendationFeedback","TagResource","UnTagResource"],"ARNFormat":"arn:aws:codeguru-reviewer:${Region}:${Account}:${ResourceType}:${ResourceName}","ARNRegex":"^arn:aws:codeguru-reviewer:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS CodeDeploy secure host commands service":{"StringPrefix":"codedeploy-commands-secure","Actions":["GetDeploymentSpecification","PollHostCommand","PutHostCommandAcknowledgement","PutHostCommandComplete"],"HasResource":false},"Amazon MemoryDB":{"StringPrefix":"memorydb","Actions":["BatchUpdateClusters","CopySnapshot","CreateAcl","CreateCluster","CreateParameterGroup","CreateSnapshot","CreateSubnetGroup","CreateUser","DeleteAcl","DeleteCluster","DeleteParameterGroup","DeleteSnapshot","DeleteSubnetGroup","DeleteUser","DescribeAcls","DescribeClusters","DescribeEngineVersions","DescribeEvents","DescribeParameterGroups","DescribeParameters","DescribeServiceUpdates","DescribeSnapshots","DescribeSubnetGroups","DescribeUsers","FailoverShard","ListNodeTypeUpdates","ListTags","ResetParameterGroup","TagResource","UntagResource","UpdateAcl","UpdateCluster","UpdateParameterGroup","UpdateSubnetGroup","UpdateUser"],"ARNFormat":"arn::memorydb:::/","ARNRegex":"^arn:.+:memorydb:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Pinpoint SMS Voice V2":{"StringPrefix":"sms-voice","Actions":["AssociateOriginationIdentity","CreateConfigurationSet","CreateEventDestination","CreateOptOutList","CreatePool","DeleteConfigurationSet","DeleteDefaultMessageType","DeleteDefaultSenderId","DeleteEventDestination","DeleteKeyword","DeleteOptOutList","DeleteOptedOutNumber","DeletePool","DeleteTextMessageSpendLimitOverride","DeleteVoiceMessageSpendLimitOverride","DescribeAccountAttributes","DescribeAccountLimits","DescribeConfigurationSets","DescribeKeywords","DescribeOptOutLists","DescribeOptedOutNumbers","DescribePhoneNumbers","DescribePools","DescribeSenderIds","DescribeSpendLimits","DisassociateOriginationIdentity","ListPoolOriginationIdentities","ListTagsForResource","PutKeyword","PutOptedOutNumber","ReleasePhoneNumber","RequestPhoneNumber","SendTextMessage","SendVoiceMessage","SetDefaultMessageType","SetDefaultSenderId","SetTextMessageSpendLimitOverride","SetVoiceMessageSpendLimitOverride","TagResource","UntagResource","UpdateEventDestination","UpdatePhoneNumber","UpdatePool"],"ARNFormat":"arn:${Partition}:sms-voice:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:sms-voice:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Pinpoint SMS and Voice Service":{"StringPrefix":"sms-voice","Actions":["CreateConfigurationSet","CreateConfigurationSetEventDestination","DeleteConfigurationSet","DeleteConfigurationSetEventDestination","GetConfigurationSetEventDestinations","ListConfigurationSets","SendVoiceMessage","UpdateConfigurationSetEventDestination"],"ARNFormat":"arn:aws:sms-voice:::/","ARNRegex":"^arn:aws:sms-voice:.+:.+:.+","HasResource":false},"Amazon CloudWatch":{"StringPrefix":"cloudwatch","Actions":["DeleteAlarms","DeleteAnomalyDetector","DeleteDashboards","DeleteInsightRules","DeleteMetricStream","DescribeAlarmHistory","DescribeAlarms","DescribeAlarmsForMetric","DescribeAnomalyDetectors","DescribeInsightRules","DisableAlarmActions","DisableInsightRules","EnableAlarmActions","EnableInsightRules","GetDashboard","GetInsightRuleReport","GetMetricData","GetMetricStatistics","GetMetricStream","GetMetricWidgetImage","ListDashboards","ListMetricStreams","ListMetrics","ListTagsForResource","PutAnomalyDetector","PutCompositeAlarm","PutDashboard","PutInsightRule","PutMetricAlarm","PutMetricData","PutMetricStream","SetAlarmState","StartMetricStreams","StopMetricStreams","TagResource","UntagResource"],"ARNFormat":"arn:${Partition}:cloudwatch:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:${Partition}:cloudwatch:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","cloudwatch:AlarmActions","cloudwatch:namespace","cloudwatch:requestInsightRuleLogGroups"],"HasResource":true},"Amazon EC2 Auto Scaling":{"StringPrefix":"autoscaling","Actions":["AttachInstances","AttachLoadBalancerTargetGroups","AttachLoadBalancers","BatchDeleteScheduledAction","BatchPutScheduledUpdateGroupAction","CancelInstanceRefresh","CompleteLifecycleAction","CreateAutoScalingGroup","CreateLaunchConfiguration","CreateOrUpdateTags","DeleteAutoScalingGroup","DeleteLaunchConfiguration","DeleteLifecycleHook","DeleteNotificationConfiguration","DeletePolicy","DeleteScheduledAction","DeleteTags","DeleteWarmPool","DescribeAccountLimits","DescribeAdjustmentTypes","DescribeAutoScalingGroups","DescribeAutoScalingInstances","DescribeAutoScalingNotificationTypes","DescribeInstanceRefreshes","DescribeLaunchConfigurations","DescribeLifecycleHookTypes","DescribeLifecycleHooks","DescribeLoadBalancerTargetGroups","DescribeLoadBalancers","DescribeMetricCollectionTypes","DescribeNotificationConfigurations","DescribePolicies","DescribeScalingActivities","DescribeScalingProcessTypes","DescribeScheduledActions","DescribeTags","DescribeTerminationPolicyTypes","DescribeWarmPool","DetachInstances","DetachLoadBalancerTargetGroups","DetachLoadBalancers","DisableMetricsCollection","EnableMetricsCollection","EnterStandby","ExecutePolicy","ExitStandby","GetPredictiveScalingForecast","PutLifecycleHook","PutNotificationConfiguration","PutScalingPolicy","PutScheduledUpdateGroupAction","PutWarmPool","RecordLifecycleActionHeartbeat","ResumeProcesses","SetDesiredCapacity","SetInstanceHealth","SetInstanceProtection","StartInstanceRefresh","SuspendProcesses","TerminateInstanceInAutoScalingGroup","UpdateAutoScalingGroup"],"ARNFormat":"arn:${Partition}:autoscaling:::","ARNRegex":"^arn:${Partition}:autoscaling:.+:.+:.+","conditionKeys":["autoscaling:ImageId","autoscaling:InstanceType","autoscaling:InstanceTypes","autoscaling:LaunchConfigurationName","autoscaling:LaunchTemplateVersionSpecified","autoscaling:LoadBalancerNames","autoscaling:MaxSize","autoscaling:MetadataHttpEndpoint","autoscaling:MetadataHttpPutResponseHopLimit","autoscaling:MetadataHttpTokens","autoscaling:MinSize","autoscaling:ResourceTag/${TagKey}","autoscaling:SpotPrice","autoscaling:TargetGroupARNs","autoscaling:VPCZoneIdentifiers","aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Snowball":{"StringPrefix":"snowball","Actions":["CancelCluster","CancelJob","CreateAddress","CreateCluster","CreateJob","CreateLongTermPricing","CreateReturnShippingLabel","DescribeAddress","DescribeAddresses","DescribeCluster","DescribeJob","DescribeReturnShippingLabel","GetJobManifest","GetJobUnlockCode","GetSnowballUsage","GetSoftwareUpdates","ListClusterJobs","ListClusters","ListCompatibleImages","ListJobs","ListLongTermPricing","UpdateCluster","UpdateJob","UpdateJobShipmentState","UpdateLongTermPricing"],"HasResource":false},"AWS Shield":{"StringPrefix":"shield","Actions":["AssociateDRTLogBucket","AssociateDRTRole","AssociateHealthCheck","AssociateProactiveEngagementDetails","CreateProtection","CreateProtectionGroup","CreateSubscription","DeleteProtection","DeleteProtectionGroup","DeleteSubscription","DescribeAttack","DescribeAttackStatistics","DescribeDRTAccess","DescribeEmergencyContactSettings","DescribeProtection","DescribeProtectionGroup","DescribeSubscription","DisableApplicationLayerAutomaticResponse","DisableProactiveEngagement","DisassociateDRTLogBucket","DisassociateDRTRole","DisassociateHealthCheck","EnableApplicationLayerAutomaticResponse","EnableProactiveEngagement","GetSubscriptionState","ListAttacks","ListProtectionGroups","ListProtections","ListResourcesInProtectionGroup","ListTagsForResource","TagResource","UntagResource","UpdateApplicationLayerAutomaticResponse","UpdateEmergencyContactSettings","UpdateProtectionGroup","UpdateSubscription"],"ARNFormat":"arn:aws:shield::${Account}:${Resource}/${ResourceId}","ARNRegex":"^arn:aws:shield::[0-9]+:.+/.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS IoT TwinMaker":{"StringPrefix":"iottwinmaker","Actions":["BatchPutPropertyValues","CreateComponentType","CreateEntity","CreateScene","CreateWorkspace","DeleteComponentType","DeleteEntity","DeleteScene","DeleteWorkspace","GetComponentType","GetEntity","GetPropertyValue","GetPropertyValueHistory","GetScene","GetWorkspace","ListComponentTypes","ListEntities","ListScenes","ListTagsForResource","ListWorkspaces","TagResource","UntagResource","UpdateComponentType","UpdateEntity","UpdateScene","UpdateWorkspace"],"ARNFormat":"arn:${Partition}:iottwinmaker:${Region}:${Account}:${ResourceType}/${ResourceTypeId}","ARNRegex":"^arn:${Partition}:iottwinmaker:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Secrets Manager":{"StringPrefix":"secretsmanager","Actions":["CancelRotateSecret","CreateSecret","DeleteResourcePolicy","DeleteSecret","DescribeSecret","GetRandomPassword","GetResourcePolicy","GetSecretValue","ListSecretVersionIds","ListSecrets","PutResourcePolicy","PutSecretValue","RemoveRegionsFromReplication","ReplicateSecretToRegions","RestoreSecret","RotateSecret","StopReplicationToReplica","TagResource","UntagResource","UpdateSecret","UpdateSecretVersionStage","ValidateResourcePolicy"],"ARNFormat":"arn:${Partition}:secretsmanager:${Region}:${Account}:secret:${SecretId}","ARNRegex":"^arn:${Partition}:secretsmanager:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","secretsmanager:AddReplicaRegions","secretsmanager:BlockPublicPolicy","secretsmanager:Description","secretsmanager:ForceDeleteWithoutRecovery","secretsmanager:ForceOverwriteReplicaSecret","secretsmanager:KmsKeyId","secretsmanager:ModifyRotationRules","secretsmanager:Name","secretsmanager:RecoveryWindowInDays","secretsmanager:ResourceTag/tag-key","secretsmanager:RotateImmediately","secretsmanager:RotationLambdaARN","secretsmanager:SecretId","secretsmanager:SecretPrimaryRegion","secretsmanager:VersionId","secretsmanager:VersionStage","secretsmanager:resource/AllowRotationLambdaArn"],"HasResource":true},"AWS Application Auto Scaling":{"StringPrefix":"application-autoscaling","Actions":["DeleteScalingPolicy","DeleteScheduledAction","DeregisterScalableTarget","DescribeScalableTargets","DescribeScalingActivities","DescribeScalingPolicies","DescribeScheduledActions","PutScalingPolicy","PutScheduledAction","RegisterScalableTarget"],"HasResource":false},"Amazon FSx":{"StringPrefix":"fsx","Actions":["AssociateFileGateway","AssociateFileSystemAliases","CancelDataRepositoryTask","CopyBackup","CreateBackup","CreateDataRepositoryAssociation","CreateDataRepositoryTask","CreateFileSystem","CreateFileSystemFromBackup","CreateSnapshot","CreateStorageVirtualMachine","CreateVolume","CreateVolumeFromBackup","DeleteBackup","DeleteDataRepositoryAssociation","DeleteFileSystem","DeleteSnapshot","DeleteStorageVirtualMachine","DeleteVolume","DescribeAssociatedFileGateways","DescribeBackups","DescribeDataRepositoryAssociations","DescribeDataRepositoryTasks","DescribeFileSystemAliases","DescribeFileSystems","DescribeSnapshots","DescribeStorageVirtualMachines","DescribeVolumes","DisassociateFileGateway","DisassociateFileSystemAliases","ListTagsForResource","ManageBackupPrincipalAssociations","ReleaseFileSystemNfsV3Locks","RestoreVolumeFromSnapshot","TagResource","UntagResource","UpdateDataRepositoryAssociation","UpdateFileSystem","UpdateSnapshot","UpdateStorageVirtualMachine","UpdateVolume"],"ARNFormat":"arn:${Partition}:fsx:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:${Partition}:fsx:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","fsx:IsBackupCopyDestination","fsx:IsBackupCopySource","fsx:ParentVolumeId","fsx:StorageVirtualMachineId"],"HasResource":true},"AWS Amplify":{"StringPrefix":"amplify","Actions":["CreateApp","CreateBackendEnvironment","CreateBranch","CreateDeployment","CreateDomainAssociation","CreateWebHook","DeleteApp","DeleteBackendEnvironment","DeleteBranch","DeleteDomainAssociation","DeleteJob","DeleteWebHook","GenerateAccessLogs","GetApp","GetArtifactUrl","GetBackendEnvironment","GetBranch","GetDomainAssociation","GetJob","GetWebHook","ListApps","ListArtifacts","ListBackendEnvironments","ListBranches","ListDomainAssociations","ListJobs","ListTagsForResource","ListWebHooks","StartDeployment","StartJob","StopJob","TagResource","UntagResource","UpdateApp","UpdateBranch","UpdateDomainAssociation","UpdateWebHook"],"ARNFormat":"arn:aws:amplify:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:amplify:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS App Mesh Preview":{"StringPrefix":"appmesh-preview","Actions":["CreateGatewayRoute","CreateMesh","CreateRoute","CreateVirtualGateway","CreateVirtualNode","CreateVirtualRouter","CreateVirtualService","DeleteGatewayRoute","DeleteMesh","DeleteRoute","DeleteVirtualGateway","DeleteVirtualNode","DeleteVirtualRouter","DeleteVirtualService","DescribeGatewayRoute","DescribeMesh","DescribeRoute","DescribeVirtualGateway","DescribeVirtualNode","DescribeVirtualRouter","DescribeVirtualService","ListGatewayRoutes","ListMeshes","ListRoutes","ListVirtualGateways","ListVirtualNodes","ListVirtualRouters","ListVirtualServices","StreamAggregatedResources","UpdateGatewayRoute","UpdateMesh","UpdateRoute","UpdateVirtualGateway","UpdateVirtualNode","UpdateVirtualRouter","UpdateVirtualService"],"ARNFormat":"arn:${Partition}:appmesh-preview:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:appmesh-preview:.+:.+:.+","HasResource":true},"Amazon Kinesis Video Streams":{"StringPrefix":"kinesisvideo","Actions":["ConnectAsMaster","ConnectAsViewer","CreateSignalingChannel","CreateStream","DeleteSignalingChannel","DeleteStream","DescribeSignalingChannel","DescribeStream","GetClip","GetDASHStreamingSessionURL","GetDataEndpoint","GetHLSStreamingSessionURL","GetIceServerConfig","GetMedia","GetMediaForFragmentList","GetSignalingChannelEndpoint","ListFragments","ListSignalingChannels","ListStreams","ListTagsForResource","ListTagsForStream","PutMedia","SendAlexaOfferToMaster","TagResource","TagStream","UntagResource","UntagStream","UpdateDataRetention","UpdateSignalingChannel","UpdateStream"],"ARNFormat":"arn:aws:kinesisvideo:${Region}:${Account}:${ResourceType}/${ResourceName}/${CreationTime}","ARNRegex":"^arn:aws:kinesisvideo:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon API Gateway":{"StringPrefix":"execute-api","Actions":["InvalidateCache","Invoke","ManageConnections"],"ARNFormat":"arn:aws:execute-api:::///","ARNRegex":"^arn:aws:execute-api:.+","HasResource":true},"AWS Migration Hub Strategy Recommendations":{"StringPrefix":"migrationhub-strategy","Actions":["GetAntiPattern","GetApplicationComponentDetails","GetApplicationComponentStrategies","GetAssessment","GetImportFileTask","GetMessage","GetPortfolioPreferences","GetPortfolioSummary","GetRecommendationReportDetails","GetServerDetails","GetServerStrategies","ListAntiPatterns","ListApplicationComponents","ListCollectors","ListImportFileTask","ListJarArtifacts","ListServers","PutPortfolioPreferences","RegisterCollector","SendMessage","StartAssessment","StartImportFileTask","StartRecommendationReportGeneration","StopAssessment","UpdateApplicationComponentConfig","UpdateServerConfig"],"ARNFormat":"arn:${Partition}:iam::${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:${ServiceName}:.+:.+:.+","HasResource":false},"AWS Elemental MediaLive":{"StringPrefix":"medialive","Actions":["AcceptInputDeviceTransfer","BatchDelete","BatchStart","BatchStop","BatchUpdateSchedule","CancelInputDeviceTransfer","ClaimDevice","CreateChannel","CreateInput","CreateInputSecurityGroup","CreateMultiplex","CreateMultiplexProgram","CreatePartnerInput","CreateTags","DeleteChannel","DeleteInput","DeleteInputSecurityGroup","DeleteMultiplex","DeleteMultiplexProgram","DeleteReservation","DeleteSchedule","DeleteTags","DescribeChannel","DescribeInput","DescribeInputDevice","DescribeInputDeviceThumbnail","DescribeInputSecurityGroup","DescribeMultiplex","DescribeMultiplexProgram","DescribeOffering","DescribeReservation","DescribeSchedule","ListChannels","ListInputDeviceTransfers","ListInputDevices","ListInputSecurityGroups","ListInputs","ListMultiplexPrograms","ListMultiplexes","ListOfferings","ListReservations","ListTagsForResource","PurchaseOffering","RejectInputDeviceTransfer","StartChannel","StartMultiplex","StopChannel","StopMultiplex","TransferInputDevice","UpdateChannel","UpdateChannelClass","UpdateInput","UpdateInputDevice","UpdateInputSecurityGroup","UpdateMultiplex","UpdateMultiplexProgram","UpdateReservation"],"ARNFormat":"arn:${Partition}:medialive:${Region}:${Account}:${ResourceType}:${ResourceId}","ARNRegex":"^arn:${Partition}:medialive:${Region}:${Account}:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS CloudShell":{"StringPrefix":"cloudshell","Actions":["CreateEnvironment","CreateSession","DeleteEnvironment","GetEnvironmentStatus","GetFileDownloadUrls","GetFileUploadUrls","PutCredentials","StartEnvironment","StopEnvironment"],"ARNFormat":"arn:${Partition}:cloudshell:${Region}:${Account}:environment/${EnvironmentId}","ARNRegex":"^arn:${Partition}:cloudshell:${Region}:${Account}:environment/.+?","HasResource":true},"Amazon Location":{"StringPrefix":"geo","Actions":["AssociateTrackerConsumer","BatchDeleteDevicePositionHistory","BatchDeleteGeofence","BatchEvaluateGeofences","BatchGetDevicePosition","BatchPutGeofence","BatchUpdateDevicePosition","CalculateRoute","CalculateRouteMatrix","CreateGeofenceCollection","CreateMap","CreatePlaceIndex","CreateRouteCalculator","CreateTracker","DeleteGeofenceCollection","DeleteMap","DeletePlaceIndex","DeleteRouteCalculator","DeleteTracker","DescribeGeofenceCollection","DescribeMap","DescribePlaceIndex","DescribeRouteCalculator","DescribeTracker","DisassociateTrackerConsumer","GetDevicePosition","GetDevicePositionHistory","GetGeofence","GetMapGlyphs","GetMapSprites","GetMapStyleDescriptor","GetMapTile","ListDevicePositions","ListGeofenceCollections","ListGeofences","ListMaps","ListPlaceIndexes","ListRouteCalculators","ListTagsForResource","ListTrackerConsumers","ListTrackers","PutGeofence","SearchPlaceIndexForPosition","SearchPlaceIndexForSuggestions","SearchPlaceIndexForText","TagResource","UntagResource","UpdateGeofenceCollection","UpdateMap","UpdatePlaceIndex","UpdateRouteCalculator","UpdateTracker"],"ARNFormat":"arn:${Partition}:geo:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:geo:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Key Management Service":{"StringPrefix":"kms","Actions":["CancelKeyDeletion","ConnectCustomKeyStore","CreateAlias","CreateCustomKeyStore","CreateGrant","CreateKey","Decrypt","DeleteAlias","DeleteCustomKeyStore","DeleteImportedKeyMaterial","DescribeCustomKeyStores","DescribeKey","DisableKey","DisableKeyRotation","DisconnectCustomKeyStore","EnableKey","EnableKeyRotation","Encrypt","GenerateDataKey","GenerateDataKeyPair","GenerateDataKeyPairWithoutPlaintext","GenerateDataKeyWithoutPlaintext","GenerateMac","GenerateRandom","GetKeyPolicy","GetKeyRotationStatus","GetParametersForImport","GetPublicKey","ImportKeyMaterial","ListAliases","ListGrants","ListKeyPolicies","ListKeys","ListResourceTags","ListRetirableGrants","PutKeyPolicy","ReEncryptFrom","ReEncryptTo","ReplicateKey","RetireGrant","RevokeGrant","ScheduleKeyDeletion","Sign","SynchronizeMultiRegionKey","TagResource","UntagResource","UpdateAlias","UpdateCustomKeyStore","UpdateKeyDescription","UpdatePrimaryRegion","Verify","VerifyMac"],"ARNFormat":"arn:aws:kms:${Region}:${AccountId}:${ResourceType}/${Id}","ARNRegex":"^arn:aws:kms:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","kms:BypassPolicyLockoutSafetyCheck","kms:CallerAccount","kms:CustomerMasterKeySpec","kms:CustomerMasterKeyUsage","kms:DataKeyPairSpec","kms:EncryptionAlgorithm","kms:EncryptionContext:${EncryptionContextKey}","kms:EncryptionContextKeys","kms:ExpirationModel","kms:GrantConstraintType","kms:GrantIsForAWSResource","kms:GrantOperations","kms:GranteePrincipal","kms:KeyOrigin","kms:KeySpec","kms:KeyUsage","kms:MacAlgorithm","kms:MessageType","kms:MultiRegion","kms:MultiRegionKeyType","kms:PrimaryRegion","kms:ReEncryptOnSameKey","kms:RecipientAttestation:ImageSha384","kms:ReplicaRegion","kms:RequestAlias","kms:ResourceAliases","kms:RetiringPrincipal","kms:SigningAlgorithm","kms:ValidTo","kms:ViaService","kms:WrappingAlgorithm","kms:WrappingKeySpec"],"HasResource":true},"AWS CloudHSM":{"StringPrefix":"cloudhsm","Actions":["AddTagsToResource","CopyBackupToRegion","CreateCluster","CreateHapg","CreateHsm","CreateLunaClient","DeleteBackup","DeleteCluster","DeleteHapg","DeleteHsm","DeleteLunaClient","DescribeBackups","DescribeClusters","DescribeHapg","DescribeHsm","DescribeLunaClient","GetConfig","InitializeCluster","ListAvailableZones","ListHapgs","ListHsms","ListLunaClients","ListTags","ListTagsForResource","ModifyBackupAttributes","ModifyCluster","ModifyHapg","ModifyHsm","ModifyLunaClient","RemoveTagsFromResource","RestoreBackup","TagResource","UntagResource"],"ARNFormat":"arn::cloudhsm:::","ARNRegex":"^arn::cloudhsm:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon CodeGuru":{"StringPrefix":"codeguru","Actions":["GetCodeGuruFreeTrialSummary"],"ARNFormat":"arn:aws:codeguru:::/","ARNRegex":"^arn:aws:codeguru:.+:.+:.+","HasResource":false},"Amazon EC2":{"StringPrefix":"ec2","Actions":["AcceptReservedInstancesExchangeQuote","AcceptTransitGatewayMulticastDomainAssociations","AcceptTransitGatewayPeeringAttachment","AcceptTransitGatewayVpcAttachment","AcceptVpcEndpointConnections","AcceptVpcPeeringConnection","AdvertiseByoipCidr","AllocateAddress","AllocateHosts","AllocateIpamPoolCidr","ApplySecurityGroupsToClientVpnTargetNetwork","AssignIpv6Addresses","AssignPrivateIpAddresses","AssociateAddress","AssociateClientVpnTargetNetwork","AssociateDhcpOptions","AssociateEnclaveCertificateIamRole","AssociateIamInstanceProfile","AssociateInstanceEventWindow","AssociateRouteTable","AssociateSubnetCidrBlock","AssociateTransitGatewayMulticastDomain","AssociateTransitGatewayRouteTable","AssociateTrunkInterface","AssociateVpcCidrBlock","AttachClassicLinkVpc","AttachInternetGateway","AttachNetworkInterface","AttachVolume","AttachVpnGateway","AuthorizeClientVpnIngress","AuthorizeSecurityGroupEgress","AuthorizeSecurityGroupIngress","BundleInstance","CancelBundleTask","CancelCapacityReservation","CancelCapacityReservationFleets","CancelConversionTask","CancelExportTask","CancelImportTask","CancelReservedInstancesListing","CancelSpotFleetRequests","CancelSpotInstanceRequests","ConfirmProductInstance","CopyFpgaImage","CopyImage","CopySnapshot","CreateCapacityReservation","CreateCapacityReservationFleet","CreateCarrierGateway","CreateClientVpnEndpoint","CreateClientVpnRoute","CreateCoipPoolPermission","CreateCustomerGateway","CreateDefaultSubnet","CreateDefaultVpc","CreateDhcpOptions","CreateEgressOnlyInternetGateway","CreateFleet","CreateFlowLogs","CreateFpgaImage","CreateImage","CreateInstanceEventWindow","CreateInstanceExportTask","CreateInternetGateway","CreateIpam","CreateIpamPool","CreateIpamScope","CreateKeyPair","CreateLaunchTemplate","CreateLaunchTemplateVersion","CreateLocalGatewayRoute","CreateLocalGatewayRouteTablePermission","CreateLocalGatewayRouteTableVpcAssociation","CreateManagedPrefixList","CreateNatGateway","CreateNetworkAcl","CreateNetworkAclEntry","CreateNetworkInsightsAccessScope","CreateNetworkInsightsPath","CreateNetworkInterface","CreateNetworkInterfacePermission","CreatePlacementGroup","CreatePublicIpv4Pool","CreateReplaceRootVolumeTask","CreateReservedInstancesListing","CreateRestoreImageTask","CreateRoute","CreateRouteTable","CreateSecurityGroup","CreateSnapshot","CreateSnapshots","CreateSpotDatafeedSubscription","CreateStoreImageTask","CreateSubnet","CreateSubnetCidrReservation","CreateTags","CreateTrafficMirrorFilter","CreateTrafficMirrorFilterRule","CreateTrafficMirrorSession","CreateTrafficMirrorTarget","CreateTransitGateway","CreateTransitGatewayConnect","CreateTransitGatewayConnectPeer","CreateTransitGatewayMulticastDomain","CreateTransitGatewayPeeringAttachment","CreateTransitGatewayPrefixListReference","CreateTransitGatewayRoute","CreateTransitGatewayRouteTable","CreateTransitGatewayVpcAttachment","CreateVolume","CreateVpc","CreateVpcEndpoint","CreateVpcEndpointConnectionNotification","CreateVpcEndpointServiceConfiguration","CreateVpcPeeringConnection","CreateVpnConnection","CreateVpnConnectionRoute","CreateVpnGateway","DeleteCarrierGateway","DeleteClientVpnEndpoint","DeleteClientVpnRoute","DeleteCoipPoolPermission","DeleteCustomerGateway","DeleteDhcpOptions","DeleteEgressOnlyInternetGateway","DeleteFleets","DeleteFlowLogs","DeleteFpgaImage","DeleteInstanceEventWindow","DeleteInternetGateway","DeleteIpam","DeleteIpamPool","DeleteIpamScope","DeleteKeyPair","DeleteLaunchTemplate","DeleteLaunchTemplateVersions","DeleteLocalGatewayRoute","DeleteLocalGatewayRouteTablePermission","DeleteLocalGatewayRouteTableVpcAssociation","DeleteManagedPrefixList","DeleteNatGateway","DeleteNetworkAcl","DeleteNetworkAclEntry","DeleteNetworkInsightsAccessScope","DeleteNetworkInsightsAccessScopeAnalysis","DeleteNetworkInsightsAnalysis","DeleteNetworkInsightsPath","DeleteNetworkInterface","DeleteNetworkInterfacePermission","DeletePlacementGroup","DeletePublicIpv4Pool","DeleteQueuedReservedInstances","DeleteResourcePolicy","DeleteRoute","DeleteRouteTable","DeleteSecurityGroup","DeleteSnapshot","DeleteSpotDatafeedSubscription","DeleteSubnet","DeleteSubnetCidrReservation","DeleteTags","DeleteTrafficMirrorFilter","DeleteTrafficMirrorFilterRule","DeleteTrafficMirrorSession","DeleteTrafficMirrorTarget","DeleteTransitGateway","DeleteTransitGatewayConnect","DeleteTransitGatewayConnectPeer","DeleteTransitGatewayMulticastDomain","DeleteTransitGatewayPeeringAttachment","DeleteTransitGatewayPrefixListReference","DeleteTransitGatewayRoute","DeleteTransitGatewayRouteTable","DeleteTransitGatewayVpcAttachment","DeleteVolume","DeleteVpc","DeleteVpcEndpointConnectionNotifications","DeleteVpcEndpointServiceConfigurations","DeleteVpcEndpoints","DeleteVpcPeeringConnection","DeleteVpnConnection","DeleteVpnConnectionRoute","DeleteVpnGateway","DeprovisionByoipCidr","DeprovisionIpamPoolCidr","DeprovisionPublicIpv4PoolCidr","DeregisterImage","DeregisterInstanceEventNotificationAttributes","DeregisterTransitGatewayMulticastGroupMembers","DeregisterTransitGatewayMulticastGroupSources","DescribeAccountAttributes","DescribeAddresses","DescribeAddressesAttribute","DescribeAggregateIdFormat","DescribeAvailabilityZones","DescribeBundleTasks","DescribeByoipCidrs","DescribeCapacityReservationFleets","DescribeCapacityReservations","DescribeCarrierGateways","DescribeClassicLinkInstances","DescribeClientVpnAuthorizationRules","DescribeClientVpnConnections","DescribeClientVpnEndpoints","DescribeClientVpnRoutes","DescribeClientVpnTargetNetworks","DescribeCoipPools","DescribeConversionTasks","DescribeCustomerGateways","DescribeDhcpOptions","DescribeEgressOnlyInternetGateways","DescribeElasticGpus","DescribeExportImageTasks","DescribeExportTasks","DescribeFastLaunchImages","DescribeFastSnapshotRestores","DescribeFleetHistory","DescribeFleetInstances","DescribeFleets","DescribeFlowLogs","DescribeFpgaImageAttribute","DescribeFpgaImages","DescribeHostReservationOfferings","DescribeHostReservations","DescribeHosts","DescribeIamInstanceProfileAssociations","DescribeIdFormat","DescribeIdentityIdFormat","DescribeImageAttribute","DescribeImages","DescribeImportImageTasks","DescribeImportSnapshotTasks","DescribeInstanceAttribute","DescribeInstanceCreditSpecifications","DescribeInstanceEventNotificationAttributes","DescribeInstanceEventWindows","DescribeInstanceStatus","DescribeInstanceTypeOfferings","DescribeInstanceTypes","DescribeInstances","DescribeInternetGateways","DescribeIpamPools","DescribeIpamScopes","DescribeIpams","DescribeIpv6Pools","DescribeKeyPairs","DescribeLaunchTemplateVersions","DescribeLaunchTemplates","DescribeLocalGatewayRouteTablePermissions","DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations","DescribeLocalGatewayRouteTableVpcAssociations","DescribeLocalGatewayRouteTables","DescribeLocalGatewayVirtualInterfaceGroups","DescribeLocalGatewayVirtualInterfaces","DescribeLocalGateways","DescribeManagedPrefixLists","DescribeMovingAddresses","DescribeNatGateways","DescribeNetworkAcls","DescribeNetworkInsightsAccessScopeAnalyses","DescribeNetworkInsightsAccessScopes","DescribeNetworkInsightsAnalyses","DescribeNetworkInsightsPaths","DescribeNetworkInterfaceAttribute","DescribeNetworkInterfacePermissions","DescribeNetworkInterfaces","DescribePlacementGroups","DescribePrefixLists","DescribePrincipalIdFormat","DescribePublicIpv4Pools","DescribeRegions","DescribeReplaceRootVolumeTasks","DescribeReservedInstances","DescribeReservedInstancesListings","DescribeReservedInstancesModifications","DescribeReservedInstancesOfferings","DescribeRouteTables","DescribeScheduledInstanceAvailability","DescribeScheduledInstances","DescribeSecurityGroupReferences","DescribeSecurityGroupRules","DescribeSecurityGroups","DescribeSnapshotAttribute","DescribeSnapshotTierStatus","DescribeSnapshots","DescribeSpotDatafeedSubscription","DescribeSpotFleetInstances","DescribeSpotFleetRequestHistory","DescribeSpotFleetRequests","DescribeSpotInstanceRequests","DescribeSpotPriceHistory","DescribeStaleSecurityGroups","DescribeStoreImageTasks","DescribeSubnets","DescribeTags","DescribeTrafficMirrorFilters","DescribeTrafficMirrorSessions","DescribeTrafficMirrorTargets","DescribeTransitGatewayAttachments","DescribeTransitGatewayConnectPeers","DescribeTransitGatewayConnects","DescribeTransitGatewayMulticastDomains","DescribeTransitGatewayPeeringAttachments","DescribeTransitGatewayRouteTables","DescribeTransitGatewayVpcAttachments","DescribeTransitGateways","DescribeTrunkInterfaceAssociations","DescribeVolumeAttribute","DescribeVolumeStatus","DescribeVolumes","DescribeVolumesModifications","DescribeVpcAttribute","DescribeVpcClassicLink","DescribeVpcClassicLinkDnsSupport","DescribeVpcEndpointConnectionNotifications","DescribeVpcEndpointConnections","DescribeVpcEndpointServiceConfigurations","DescribeVpcEndpointServicePermissions","DescribeVpcEndpointServices","DescribeVpcEndpoints","DescribeVpcPeeringConnections","DescribeVpcs","DescribeVpnConnections","DescribeVpnGateways","DetachClassicLinkVpc","DetachInternetGateway","DetachNetworkInterface","DetachVolume","DetachVpnGateway","DisableEbsEncryptionByDefault","DisableFastLaunch","DisableFastSnapshotRestores","DisableImageDeprecation","DisableIpamOrganizationAdminAccount","DisableSerialConsoleAccess","DisableTransitGatewayRouteTablePropagation","DisableVgwRoutePropagation","DisableVpcClassicLink","DisableVpcClassicLinkDnsSupport","DisassociateAddress","DisassociateClientVpnTargetNetwork","DisassociateEnclaveCertificateIamRole","DisassociateIamInstanceProfile","DisassociateInstanceEventWindow","DisassociateRouteTable","DisassociateSubnetCidrBlock","DisassociateTransitGatewayMulticastDomain","DisassociateTransitGatewayRouteTable","DisassociateTrunkInterface","DisassociateVpcCidrBlock","EnableEbsEncryptionByDefault","EnableFastLaunch","EnableFastSnapshotRestores","EnableImageDeprecation","EnableIpamOrganizationAdminAccount","EnableSerialConsoleAccess","EnableTransitGatewayRouteTablePropagation","EnableVgwRoutePropagation","EnableVolumeIO","EnableVpcClassicLink","EnableVpcClassicLinkDnsSupport","ExportClientVpnClientCertificateRevocationList","ExportClientVpnClientConfiguration","ExportImage","ExportTransitGatewayRoutes","GetAssociatedEnclaveCertificateIamRoles","GetAssociatedIpv6PoolCidrs","GetCapacityReservationUsage","GetCoipPoolUsage","GetConsoleOutput","GetConsoleScreenshot","GetDefaultCreditSpecification","GetEbsDefaultKmsKeyId","GetEbsEncryptionByDefault","GetFlowLogsIntegrationTemplate","GetGroupsForCapacityReservation","GetHostReservationPurchasePreview","GetInstanceTypesFromInstanceRequirements","GetIpamAddressHistory","GetIpamPoolAllocations","GetIpamPoolCidrs","GetIpamResourceCidrs","GetLaunchTemplateData","GetManagedPrefixListAssociations","GetManagedPrefixListEntries","GetNetworkInsightsAccessScopeAnalysisFindings","GetNetworkInsightsAccessScopeContent","GetPasswordData","GetReservedInstancesExchangeQuote","GetResourcePolicy","GetSerialConsoleAccessStatus","GetSpotPlacementScores","GetSubnetCidrReservations","GetTransitGatewayAttachmentPropagations","GetTransitGatewayMulticastDomainAssociations","GetTransitGatewayPrefixListReferences","GetTransitGatewayRouteTableAssociations","GetTransitGatewayRouteTablePropagations","GetVpnConnectionDeviceSampleConfiguration","GetVpnConnectionDeviceTypes","ImportClientVpnClientCertificateRevocationList","ImportImage","ImportInstance","ImportKeyPair","ImportSnapshot","ImportVolume","ListImagesInRecycleBin","ListSnapshotsInRecycleBin","ModifyAddressAttribute","ModifyAvailabilityZoneGroup","ModifyCapacityReservation","ModifyCapacityReservationFleet","ModifyClientVpnEndpoint","ModifyDefaultCreditSpecification","ModifyEbsDefaultKmsKeyId","ModifyFleet","ModifyFpgaImageAttribute","ModifyHosts","ModifyIdFormat","ModifyIdentityIdFormat","ModifyImageAttribute","ModifyInstanceAttribute","ModifyInstanceCapacityReservationAttributes","ModifyInstanceCreditSpecification","ModifyInstanceEventStartTime","ModifyInstanceEventWindow","ModifyInstanceMaintenanceOptions","ModifyInstanceMetadataOptions","ModifyInstancePlacement","ModifyIpam","ModifyIpamPool","ModifyIpamResourceCidr","ModifyIpamScope","ModifyLaunchTemplate","ModifyManagedPrefixList","ModifyNetworkInterfaceAttribute","ModifyPrivateDnsNameOptions","ModifyReservedInstances","ModifySecurityGroupRules","ModifySnapshotAttribute","ModifySnapshotTier","ModifySpotFleetRequest","ModifySubnetAttribute","ModifyTrafficMirrorFilterNetworkServices","ModifyTrafficMirrorFilterRule","ModifyTrafficMirrorSession","ModifyTransitGateway","ModifyTransitGatewayPrefixListReference","ModifyTransitGatewayVpcAttachment","ModifyVolume","ModifyVolumeAttribute","ModifyVpcAttribute","ModifyVpcEndpoint","ModifyVpcEndpointConnectionNotification","ModifyVpcEndpointServiceConfiguration","ModifyVpcEndpointServicePayerResponsibility","ModifyVpcEndpointServicePermissions","ModifyVpcPeeringConnectionOptions","ModifyVpcTenancy","ModifyVpnConnection","ModifyVpnConnectionOptions","ModifyVpnTunnelCertificate","ModifyVpnTunnelOptions","MonitorInstances","MoveAddressToVpc","MoveByoipCidrToIpam","ProvisionByoipCidr","ProvisionIpamPoolCidr","ProvisionPublicIpv4PoolCidr","PurchaseHostReservation","PurchaseReservedInstancesOffering","PurchaseScheduledInstances","PutResourcePolicy","RebootInstances","RegisterImage","RegisterInstanceEventNotificationAttributes","RegisterTransitGatewayMulticastGroupMembers","RegisterTransitGatewayMulticastGroupSources","RejectTransitGatewayMulticastDomainAssociations","RejectTransitGatewayPeeringAttachment","RejectTransitGatewayVpcAttachment","RejectVpcEndpointConnections","RejectVpcPeeringConnection","ReleaseAddress","ReleaseHosts","ReleaseIpamPoolAllocation","ReplaceIamInstanceProfileAssociation","ReplaceNetworkAclAssociation","ReplaceNetworkAclEntry","ReplaceRoute","ReplaceRouteTableAssociation","ReplaceTransitGatewayRoute","ReportInstanceStatus","RequestSpotFleet","RequestSpotInstances","ResetAddressAttribute","ResetEbsDefaultKmsKeyId","ResetFpgaImageAttribute","ResetImageAttribute","ResetInstanceAttribute","ResetNetworkInterfaceAttribute","ResetSnapshotAttribute","RestoreAddressToClassic","RestoreImageFromRecycleBin","RestoreManagedPrefixListVersion","RestoreSnapshotFromRecycleBin","RestoreSnapshotTier","RevokeClientVpnIngress","RevokeSecurityGroupEgress","RevokeSecurityGroupIngress","RunInstances","RunScheduledInstances","SearchLocalGatewayRoutes","SearchTransitGatewayMulticastGroups","SearchTransitGatewayRoutes","SendDiagnosticInterrupt","SendSpotInstanceInterruptions","StartInstances","StartNetworkInsightsAccessScopeAnalysis","StartNetworkInsightsAnalysis","StartVpcEndpointServicePrivateDnsVerification","StopInstances","TerminateClientVpnConnections","TerminateInstances","UnassignIpv6Addresses","UnassignPrivateIpAddresses","UnmonitorInstances","UpdateSecurityGroupRuleDescriptionsEgress","UpdateSecurityGroupRuleDescriptionsIngress","WithdrawByoipCidr"],"ARNFormat":"arn:aws:ec2:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:aws:ec2:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ec2:AccepterVpc","ec2:Add/group","ec2:Add/userId","ec2:AllocationId","ec2:AssociatePublicIpAddress","ec2:Attribute","ec2:Attribute/${AttributeName}","ec2:AuthenticationType","ec2:AuthorizedService","ec2:AuthorizedUser","ec2:AutoPlacement","ec2:AvailabilityZone","ec2:CapacityReservationFleet","ec2:ClientRootCertificateChainArn","ec2:CloudwatchLogGroupArn","ec2:CloudwatchLogStreamArn","ec2:CreateAction","ec2:DPDTimeoutSeconds","ec2:DhcpOptionsID","ec2:DirectoryArn","ec2:Domain","ec2:EbsOptimized","ec2:ElasticGpuType","ec2:Encrypted","ec2:GatewayType","ec2:HostRecovery","ec2:IKEVersions","ec2:ImageID","ec2:ImageType","ec2:InsideTunnelCidr","ec2:InsideTunnelIpv6Cidr","ec2:InstanceAutoRecovery","ec2:InstanceID","ec2:InstanceMarketType","ec2:InstanceMetadataTags","ec2:InstanceProfile","ec2:InstanceType","ec2:InternetGatewayID","ec2:Ipv4IpamPoolId","ec2:Ipv6IpamPoolId","ec2:IsLaunchTemplateResource","ec2:KeyPairName","ec2:KeyPairType","ec2:KmsKeyId","ec2:LaunchTemplate","ec2:MetadataHttpEndpoint","ec2:MetadataHttpPutResponseHopLimit","ec2:MetadataHttpTokens","ec2:NetworkAclID","ec2:NetworkInterfaceID","ec2:NewInstanceProfile","ec2:OutpostArn","ec2:Owner","ec2:ParentSnapshot","ec2:ParentVolume","ec2:Permission","ec2:Phase1DHGroup","ec2:Phase1EncryptionAlgorithms","ec2:Phase1IntegrityAlgorithms","ec2:Phase1LifetimeSeconds","ec2:Phase2DHGroup","ec2:Phase2EncryptionAlgorithms","ec2:Phase2IntegrityAlgorithms","ec2:Phase2LifetimeSeconds","ec2:PlacementGroup","ec2:PlacementGroupName","ec2:PlacementGroupStrategy","ec2:PreSharedKeys","ec2:ProductCode","ec2:Public","ec2:PublicIpAddress","ec2:Quantity","ec2:Region","ec2:RekeyFuzzPercentage","ec2:RekeyMarginTimeSeconds","ec2:Remove/group","ec2:Remove/userId","ec2:ReplayWindowSizePackets","ec2:RequesterVpc","ec2:ReservedInstancesOfferingType","ec2:ResourceTag/","ec2:ResourceTag/${TagKey}","ec2:RoleDelivery","ec2:RootDeviceType","ec2:RouteTableID","ec2:RoutingType","ec2:SamlProviderArn","ec2:SecurityGroupID","ec2:ServerCertificateArn","ec2:SnapshotID","ec2:SnapshotTime","ec2:SourceInstanceARN","ec2:SourceOutpostArn","ec2:Subnet","ec2:SubnetID","ec2:Tenancy","ec2:VolumeID","ec2:VolumeIops","ec2:VolumeSize","ec2:VolumeThroughput","ec2:VolumeType","ec2:Vpc","ec2:VpcID","ec2:VpcPeeringConnectionID","ec2:VpceServiceName","ec2:VpceServiceOwner","ec2:VpceServicePrivateDnsName"],"HasResource":true},"AWS Import Export Disk Service":{"StringPrefix":"importexport","Actions":["CancelJob","CreateJob","GetShippingLabel","GetStatus","ListJobs","UpdateJob"],"HasResource":false},"AWS Microservice Extractor for .NET":{"StringPrefix":"serviceextract","Actions":["GetConfig"],"ARNFormat":"arn:aws:serviceextract:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:serviceextract:.+:.+:.+","HasResource":false},"AWS Data Pipeline":{"StringPrefix":"datapipeline","Actions":["ActivatePipeline","AddTags","CreatePipeline","DeactivatePipeline","DeletePipeline","DescribeObjects","DescribePipelines","EvaluateExpression","GetAccountLimits","GetPipelineDefinition","ListPipelines","PollForTask","PutAccountLimits","PutPipelineDefinition","QueryObjects","RemoveTags","ReportTaskProgress","ReportTaskRunnerHeartbeat","SetStatus","SetTaskStatus","ValidatePipelineDefinition"],"conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","datapipeline:PipelineCreator","datapipeline:Tag","datapipeline:workerGroup"],"HasResource":false},"AWS Server Migration Service":{"StringPrefix":"sms","Actions":["CreateApp","CreateReplicationJob","DeleteApp","DeleteAppLaunchConfiguration","DeleteAppReplicationConfiguration","DeleteAppValidationConfiguration","DeleteReplicationJob","DeleteServerCatalog","DisassociateConnector","GenerateChangeSet","GenerateTemplate","GetApp","GetAppLaunchConfiguration","GetAppReplicationConfiguration","GetAppValidationConfiguration","GetAppValidationOutput","GetConnectors","GetMessages","GetReplicationJobs","GetReplicationRuns","GetServers","ImportAppCatalog","ImportServerCatalog","LaunchApp","ListApps","NotifyAppValidationOutput","PutAppLaunchConfiguration","PutAppReplicationConfiguration","PutAppValidationConfiguration","SendMessage","StartAppReplication","StartOnDemandAppReplication","StartOnDemandReplicationRun","StopAppReplication","TerminateApp","UpdateApp","UpdateReplicationJob"],"ARNFormat":"arn:aws::::/","ARNRegex":"^arn:aws::.+:.+:.+","HasResource":false},"Amazon Monitron":{"StringPrefix":"monitron","Actions":["AssociateProjectAdminUser","CreateProject","DeleteProject","DisassociateProjectAdminUser","GetProject","GetProjectAdminUser","ListProjectAdminUsers","ListProjects","ListTagsForResource","TagResource","UntagResource","UpdateProject"],"ARNFormat":"arn:aws:monitron:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:monitron:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS CloudFormation":{"StringPrefix":"cloudformation","Actions":["ActivateType","BatchDescribeTypeConfigurations","CancelUpdateStack","ContinueUpdateRollback","CreateChangeSet","CreateStack","CreateStackInstances","CreateStackSet","CreateUploadBucket","DeactivateType","DeleteChangeSet","DeleteStack","DeleteStackInstances","DeleteStackSet","DeregisterType","DescribeAccountLimits","DescribeChangeSet","DescribeChangeSetHooks","DescribePublisher","DescribeStackDriftDetectionStatus","DescribeStackEvents","DescribeStackInstance","DescribeStackResource","DescribeStackResourceDrifts","DescribeStackResources","DescribeStackSet","DescribeStackSetOperation","DescribeStacks","DescribeType","DescribeTypeRegistration","DetectStackDrift","DetectStackResourceDrift","DetectStackSetDrift","EstimateTemplateCost","ExecuteChangeSet","GetStackPolicy","GetTemplate","GetTemplateSummary","ImportStacksToStackSet","ListChangeSets","ListExports","ListImports","ListStackInstances","ListStackResources","ListStackSetOperationResults","ListStackSetOperations","ListStackSets","ListStacks","ListTypeRegistrations","ListTypeVersions","ListTypes","PublishType","RecordHandlerProgress","RegisterPublisher","RegisterType","RollbackStack","SetStackPolicy","SetTypeConfiguration","SetTypeDefaultVersion","SignalResource","StopStackSetOperation","TagResource","TestType","UntagResource","UpdateStack","UpdateStackInstances","UpdateStackSet","UpdateTerminationProtection","ValidateTemplate"],"ARNFormat":"arn:${Partition}:cloudformation:${Region}:${AccountId}:${ResourceType}/${Id}","ARNRegex":"^arn:${Partition}:cloudformation:.+:[0-9]+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","cloudformation:ChangeSetName","cloudformation:ImportResourceTypes","cloudformation:ResourceTypes","cloudformation:RoleArn","cloudformation:StackPolicyUrl","cloudformation:TargetRegion","cloudformation:TemplateUrl"],"HasResource":true},"AWS Cloud Control API":{"StringPrefix":"cloudformation","Actions":["CancelResourceRequest","CreateResource","DeleteResource","GetResource","GetResourceRequestStatus","ListResourceRequests","ListResources","UpdateResource"],"ARNFormat":"arn:aws:cloudformation:${Region}:${Account}:${RelativeId}","ARNRegex":"^arn:aws:cloudformation:.+:[0-9]+:.+","HasResource":false},"Amazon WorkMail Message Flow":{"StringPrefix":"workmailmessageflow","Actions":["GetRawMessageContent","PutRawMessageContent"],"ARNFormat":"arn:${Partition}:workmailmessageflow:${Region}:${Account}:message/${OrganizationId}/${Context}/${MessageId}","ARNRegex":"^arn:${Partition}:workmailmessageflow:.+:.+:.+","HasResource":true},"Recycle Bin":{"StringPrefix":"rbin","Actions":["CreateRule","DeleteRule","GetRule","ListRules","ListTagsForResource","TagResource","UntagResource","UpdateRule"],"ARNFormat":"arn:${Partition}:rbin:${Region}:${Account}:rule/${ResourceName}","ARNRegex":"^arn:.+:rbin:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Chatbot":{"StringPrefix":"chatbot","Actions":["CreateChimeWebhookConfiguration","CreateSlackChannelConfiguration","DeleteChimeWebhookConfiguration","DeleteSlackChannelConfiguration","DeleteSlackUserIdentity","DeleteSlackWorkspaceAuthorization","DescribeChimeWebhookConfigurations","DescribeSlackChannelConfigurations","DescribeSlackChannels","DescribeSlackUserIdentities","DescribeSlackWorkspaces","GetAccountPreferences","GetSlackOauthParameters","RedeemSlackOauthCode","UpdateAccountPreferences","UpdateChimeWebhookConfiguration","UpdateSlackChannelConfiguration"],"ARNFormat":"arn:${Partition}:chatbot::${Account}:chat-configuration/${ConfigurationType}/${ChatbotConfigurationName}","ARNRegex":"^arn:${Partition}:chatbot:.+","HasResource":true},"Amazon Macie":{"StringPrefix":"macie2","Actions":["AcceptInvitation","BatchGetCustomDataIdentifiers","CreateClassificationJob","CreateCustomDataIdentifier","CreateFindingsFilter","CreateInvitations","CreateMember","CreateSampleFindings","DeclineInvitations","DeleteCustomDataIdentifier","DeleteFindingsFilter","DeleteInvitations","DeleteMember","DescribeBuckets","DescribeClassificationJob","DescribeOrganizationConfiguration","DisableMacie","DisableOrganizationAdminAccount","DisassociateFromAdministratorAccount","DisassociateFromMasterAccount","DisassociateMember","EnableMacie","EnableOrganizationAdminAccount","GetAdministratorAccount","GetBucketStatistics","GetClassificationExportConfiguration","GetCustomDataIdentifier","GetFindingStatistics","GetFindings","GetFindingsFilter","GetFindingsPublicationConfiguration","GetInvitationsCount","GetMacieSession","GetMasterAccount","GetMember","GetUsageStatistics","GetUsageTotals","ListClassificationJobs","ListCustomDataIdentifiers","ListFindings","ListFindingsFilters","ListInvitations","ListManagedDataIdentifiers","ListMembers","ListOrganizationAdminAccounts","ListTagsForResource","PutClassificationExportConfiguration","PutFindingsPublicationConfiguration","SearchResources","TagResource","TestCustomDataIdentifier","UntagResource","UpdateClassificationJob","UpdateFindingsFilter","UpdateMacieSession","UpdateMemberSession","UpdateOrganizationConfiguration"],"ARNFormat":"arn:aws:macie2:::/","ARNRegex":"^arn:aws:macie2:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Migration Hub Orchestrator":{"StringPrefix":"migrationhub-orchestrator","Actions":["CreateWorkflow","CreateWorkflowStep","CreateWorkflowStepGroup","DeleteWorkflow","DeleteWorkflowStep","DeleteWorkflowStepGroup","GetMessage","GetTemplate","GetTemplateStep","GetTemplateStepGroup","GetWorkflow","GetWorkflowStep","GetWorkflowStepGroup","ListPlugins","ListTagsForResource","ListTemplateStepGroups","ListTemplateSteps","ListTemplates","ListWorkflowStepGroups","ListWorkflowSteps","ListWorkflows","RegisterPlugin","RetryWorkflowStep","SendMessage","StartWorkflow","StopWorkflow","TagResource","UntagResource","UpdateWorkflow","UpdateWorkflowStep","UpdateWorkflowStepGroup"],"ARNFormat":"arn:${Partition}:migrationhub-orchestrator:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:migrationhub-orchestrator:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Health APIs and Notifications":{"StringPrefix":"health","Actions":["DescribeAffectedAccountsForOrganization","DescribeAffectedEntities","DescribeAffectedEntitiesForOrganization","DescribeEntityAggregates","DescribeEventAggregates","DescribeEventDetails","DescribeEventDetailsForOrganization","DescribeEventTypes","DescribeEvents","DescribeEventsForOrganization","DescribeHealthServiceStatusForOrganization","DisableHealthServiceAccessForOrganization","EnableHealthServiceAccessForOrganization"],"ARNFormat":"arn:aws:health::${Namespace}:${RelativeId}","ARNRegex":"^arn:aws:health:[^:]*:[^:]*:.+","conditionKeys":["health:eventTypeCode","health:service"],"HasResource":true},"AWS Outposts":{"StringPrefix":"outposts","Actions":["CancelOrder","CreateOrder","CreateOutpost","CreatePrivateConnectivityConfig","CreateSite","DeleteOutpost","DeleteSite","GetCatalogItem","GetOrder","GetOutpost","GetOutpostInstanceTypes","GetPrivateConnectivityConfig","GetSite","GetSiteAddress","ListAssets","ListCatalogItems","ListOrders","ListOutposts","ListSites","ListTagsForResource","TagResource","UntagResource","UpdateOutpost","UpdateSite","UpdateSiteAddress","UpdateSiteRackPhysicalProperties"],"ARNFormat":"arn:aws:outposts:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:outposts:.+:.+:.+","HasResource":false},"Amazon GameLift":{"StringPrefix":"gamelift","Actions":["AcceptMatch","ClaimGameServer","CreateAlias","CreateBuild","CreateFleet","CreateFleetLocations","CreateGameServerGroup","CreateGameSession","CreateGameSessionQueue","CreateMatchmakingConfiguration","CreateMatchmakingRuleSet","CreatePlayerSession","CreatePlayerSessions","CreateScript","CreateVpcPeeringAuthorization","CreateVpcPeeringConnection","DeleteAlias","DeleteBuild","DeleteFleet","DeleteFleetLocations","DeleteGameServerGroup","DeleteGameSessionQueue","DeleteMatchmakingConfiguration","DeleteMatchmakingRuleSet","DeleteScalingPolicy","DeleteScript","DeleteVpcPeeringAuthorization","DeleteVpcPeeringConnection","DeregisterGameServer","DescribeAlias","DescribeBuild","DescribeEC2InstanceLimits","DescribeFleetAttributes","DescribeFleetCapacity","DescribeFleetEvents","DescribeFleetLocationAttributes","DescribeFleetLocationCapacity","DescribeFleetLocationUtilization","DescribeFleetPortSettings","DescribeFleetUtilization","DescribeGameServer","DescribeGameServerGroup","DescribeGameServerInstances","DescribeGameSessionDetails","DescribeGameSessionPlacement","DescribeGameSessionQueues","DescribeGameSessions","DescribeInstances","DescribeMatchmaking","DescribeMatchmakingConfigurations","DescribeMatchmakingRuleSets","DescribePlayerSessions","DescribeRuntimeConfiguration","DescribeScalingPolicies","DescribeScript","DescribeVpcPeeringAuthorizations","DescribeVpcPeeringConnections","GetGameSessionLogUrl","GetInstanceAccess","ListAliases","ListBuilds","ListFleets","ListGameServerGroups","ListGameServers","ListScripts","ListTagsForResource","PutScalingPolicy","RegisterGameServer","RequestUploadCredentials","ResolveAlias","ResumeGameServerGroup","SearchGameSessions","StartFleetActions","StartGameSessionPlacement","StartMatchBackfill","StartMatchmaking","StopFleetActions","StopGameSessionPlacement","StopMatchmaking","SuspendGameServerGroup","TagResource","UntagResource","UpdateAlias","UpdateBuild","UpdateFleetAttributes","UpdateFleetCapacity","UpdateFleetPortSettings","UpdateGameServer","UpdateGameServerGroup","UpdateGameSession","UpdateGameSessionQueue","UpdateMatchmakingConfiguration","UpdateRuntimeConfiguration","UpdateScript","ValidateMatchmakingRuleSet"],"ARNFormat":"arn:aws:gamelift:${Region}:${AccountId}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:gamelift:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS IoT Fleet Hub for Device Management":{"StringPrefix":"iotfleethub","Actions":["CreateApplication","DeleteApplication","DescribeApplication","ListApplications","ListTagsForResource","TagResource","UntagResource","UpdateApplication"],"ARNFormat":"arn:aws:iotfleethub:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:iotfleethub:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Route 53 Recovery Controls":{"StringPrefix":"route53-recovery-control-config","Actions":["CreateCluster","CreateControlPanel","CreateRoutingControl","CreateSafetyRule","DeleteCluster","DeleteControlPanel","DeleteRoutingControl","DeleteSafetyRule","DescribeCluster","DescribeControlPanel","DescribeRoutingControl","DescribeRoutingControlByName","DescribeSafetyRule","ListAssociatedRoute53HealthChecks","ListClusters","ListControlPanels","ListRoutingControls","ListSafetyRules","ListTagsForResource","TagResource","UntagResource","UpdateControlPanel","UpdateRoutingControl","UpdateSafetyRule"],"ARNFormat":"arn:${Partition}:route53-recovery-control::${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:route53-recovery-control::.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS OpsWorks Configuration Management":{"StringPrefix":"opsworks-cm","Actions":["AssociateNode","CreateBackup","CreateServer","DeleteBackup","DeleteServer","DescribeAccountAttributes","DescribeBackups","DescribeEvents","DescribeNodeAssociationStatus","DescribeServers","DisassociateNode","ExportServerEngineAttribute","ListTagsForResource","RestoreServer","StartMaintenance","TagResource","UntagResource","UpdateServer","UpdateServerEngineAttributes"],"ARNFormat":"arn:aws:opsworks-cm:::/","ARNRegex":"^arn:aws:opsworks-cm:.+:[0-9]+:.+","HasResource":true},"Amazon Timestream":{"StringPrefix":"timestream","Actions":["CancelQuery","CreateDatabase","CreateScheduledQuery","CreateTable","DeleteDatabase","DeleteScheduledQuery","DeleteTable","DescribeDatabase","DescribeEndpoints","DescribeScheduledQuery","DescribeTable","ExecuteScheduledQuery","ListDatabases","ListMeasures","ListScheduledQueries","ListTables","ListTagsForResource","PrepareQuery","Select","SelectValues","TagResource","UntagResource","UpdateDatabase","UpdateScheduledQuery","UpdateTable","WriteRecords"],"ARNFormat":"arn:${Partition}:timestream:${Region}:${Account}:database/${DatabaseName}/table/${TableName}","ARNRegex":"^arn:${Partition}:timestream:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS IoT RoboRunner":{"StringPrefix":"iotroborunner","Actions":["CreateAction","CreateActionTemplate","CreateActionTemplateDependency","CreateActivity","CreateActivityDependency","CreateDestination","CreateDestinationRelationship","CreateSite","CreateTask","CreateTaskDependency","CreateWorker","CreateWorkerFleet","DeleteAction","DeleteActionTemplate","DeleteActionTemplateDependency","DeleteActivity","DeleteActivityDependency","DeleteDestination","DeleteDestinationRelationship","DeleteSite","DeleteTask","DeleteTaskDependency","DeleteWorker","DeleteWorkerFleet","GetAction","GetActionTemplate","GetActivity","GetDestination","GetDestinationRelationship","GetSite","GetTask","GetWorker","GetWorkerFleet","ListActionTemplates","ListActions","ListActivities","ListDestinationRelationships","ListDestinations","ListSites","ListTasks","ListWorkerFleets","ListWorkers","UpdateActionState","UpdateActivity","UpdateDestination","UpdateSite","UpdateTask","UpdateWorker","UpdateWorkerFleet"],"ARNFormat":"arn:${Partition}:iotroborunner:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:${Partition}:iotroborunner:.+:.+:.+","conditionKeys":["iotroborunner:ActionResourceId","iotroborunner:ActionTemplateResourceId","iotroborunner:ActivityResourceId","iotroborunner:DestinationRelationshipResourceId","iotroborunner:DestinationResourceId","iotroborunner:SiteResourceId","iotroborunner:TaggingResourceTagKey","iotroborunner:TaskResourceId","iotroborunner:WorkerFleetResourceId","iotroborunner:WorkerResourceId"],"HasResource":true},"Amazon EC2 Instance Connect":{"StringPrefix":"ec2-instance-connect","Actions":["SendSSHPublicKey","SendSerialConsoleSSHPublicKey"],"ARNFormat":"arn:aws:ec2:::/","ARNRegex":"^arn:aws:ec2:.+","conditionKeys":["aws:ResourceTag/${TagKey}","ec2:ResourceTag/${TagKey}","ec2:osuser"],"HasResource":true},"Amazon Interactive Video Service Chat":{"StringPrefix":"ivschat","Actions":["CreateChatToken","CreateRoom","DeleteMessage","DeleteRoom","DisconnectUser","GetRoom","ListRooms","ListTagsForResource","SendEvent","TagResource","UntagResource","UpdateRoom"],"ARNFormat":"arn:aws:ivschat:${Region}:${AccountId}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:ivschat:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon RDS IAM Authentication":{"StringPrefix":"rds-db","Actions":["connect"],"ARNFormat":"arn:aws:rds-db:::dbuser:/","ARNRegex":"^arn:aws:rds-db:.+","HasResource":true},"Application Discovery":{"StringPrefix":"discovery","Actions":["AssociateConfigurationItemsToApplication","BatchDeleteImportData","CreateApplication","CreateTags","DeleteApplications","DeleteTags","DescribeAgents","DescribeConfigurations","DescribeContinuousExports","DescribeExportConfigurations","DescribeExportTasks","DescribeImportTasks","DescribeTags","DisassociateConfigurationItemsFromApplication","ExportConfigurations","GetDiscoverySummary","ListConfigurations","ListServerNeighbors","StartContinuousExport","StartDataCollectionByAgentIds","StartExportTask","StartImportTask","StopContinuousExport","StopDataCollectionByAgentIds","UpdateApplication"],"HasResource":false},"Amazon Elastic Block Store":{"StringPrefix":"ebs","Actions":["CompleteSnapshot","GetSnapshotBlock","ListChangedBlocks","ListSnapshotBlocks","PutSnapshotBlock","StartSnapshot"],"ARNFormat":"arn:aws:ebs:::/","ARNRegex":"^arn:aws:ebs:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ebs:Description","ebs:ParentSnapshot","ebs:VolumeSize"],"HasResource":true},"AWS CodeCommit":{"StringPrefix":"codecommit","Actions":["AssociateApprovalRuleTemplateWithRepository","BatchAssociateApprovalRuleTemplateWithRepositories","BatchDescribeMergeConflicts","BatchDisassociateApprovalRuleTemplateFromRepositories","BatchGetCommits","BatchGetPullRequests","BatchGetRepositories","CancelUploadArchive","CreateApprovalRuleTemplate","CreateBranch","CreateCommit","CreatePullRequest","CreatePullRequestApprovalRule","CreateRepository","CreateUnreferencedMergeCommit","DeleteApprovalRuleTemplate","DeleteBranch","DeleteCommentContent","DeleteFile","DeletePullRequestApprovalRule","DeleteRepository","DescribeMergeConflicts","DescribePullRequestEvents","DisassociateApprovalRuleTemplateFromRepository","EvaluatePullRequestApprovalRules","GetApprovalRuleTemplate","GetBlob","GetBranch","GetComment","GetCommentReactions","GetCommentsForComparedCommit","GetCommentsForPullRequest","GetCommit","GetCommitHistory","GetCommitsFromMergeBase","GetDifferences","GetFile","GetFolder","GetMergeCommit","GetMergeConflicts","GetMergeOptions","GetObjectIdentifier","GetPullRequest","GetPullRequestApprovalStates","GetPullRequestOverrideState","GetReferences","GetRepository","GetRepositoryTriggers","GetTree","GetUploadArchiveStatus","GitPull","GitPush","ListApprovalRuleTemplates","ListAssociatedApprovalRuleTemplatesForRepository","ListBranches","ListPullRequests","ListRepositories","ListRepositoriesForApprovalRuleTemplate","ListTagsForResource","MergeBranchesByFastForward","MergeBranchesBySquash","MergeBranchesByThreeWay","MergePullRequestByFastForward","MergePullRequestBySquash","MergePullRequestByThreeWay","OverridePullRequestApprovalRules","PostCommentForComparedCommit","PostCommentForPullRequest","PostCommentReply","PutCommentReaction","PutFile","PutRepositoryTriggers","TagResource","TestRepositoryTriggers","UntagResource","UpdateApprovalRuleTemplateContent","UpdateApprovalRuleTemplateDescription","UpdateApprovalRuleTemplateName","UpdateComment","UpdateDefaultBranch","UpdatePullRequestApprovalRuleContent","UpdatePullRequestApprovalState","UpdatePullRequestDescription","UpdatePullRequestStatus","UpdatePullRequestTitle","UpdateRepositoryDescription","UpdateRepositoryName","UploadArchive"],"ARNFormat":"arn:aws:codecommit:${Region}:${Account}:${RepositoryName}","ARNRegex":"^arn:aws:codecommit:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","codecommit:References"],"HasResource":true},"Amazon CodeGuru Profiler":{"StringPrefix":"codeguru-profiler","Actions":["AddNotificationChannels","BatchGetFrameMetricData","ConfigureAgent","CreateProfilingGroup","DeleteProfilingGroup","DescribeProfilingGroup","GetFindingsReportAccountSummary","GetNotificationConfiguration","GetPolicy","GetProfile","GetRecommendations","ListFindingsReports","ListProfileTimes","ListProfilingGroups","ListTagsForResource","PostAgentProfile","PutPermission","RemoveNotificationChannel","RemovePermission","SubmitFeedback","TagResource","UntagResource","UpdateProfilingGroup"],"ARNFormat":"arn:aws:codeguru-profiler:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:codeguru-profiler:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS IoT Core Device Advisor":{"StringPrefix":"iotdeviceadvisor","Actions":["CreateSuiteDefinition","DeleteSuiteDefinition","GetEndpoint","GetSuiteDefinition","GetSuiteRun","GetSuiteRunReport","ListSuiteDefinitions","ListSuiteRuns","ListTagsForResource","StartSuiteRun","StopSuiteRun","TagResource","UntagResource","UpdateSuiteDefinition"],"ARNFormat":"arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:iotdeviceadvisor:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon SNS":{"StringPrefix":"sns","Actions":["AddPermission","CheckIfPhoneNumberIsOptedOut","ConfirmSubscription","CreatePlatformApplication","CreatePlatformEndpoint","CreateSMSSandboxPhoneNumber","CreateTopic","DeleteEndpoint","DeletePlatformApplication","DeleteSMSSandboxPhoneNumber","DeleteTopic","GetEndpointAttributes","GetPlatformApplicationAttributes","GetSMSAttributes","GetSMSSandboxAccountStatus","GetSubscriptionAttributes","GetTopicAttributes","ListEndpointsByPlatformApplication","ListOriginationNumbers","ListPhoneNumbersOptedOut","ListPlatformApplications","ListSMSSandboxPhoneNumbers","ListSubscriptions","ListSubscriptionsByTopic","ListTagsForResource","ListTopics","OptInPhoneNumber","Publish","RemovePermission","SetEndpointAttributes","SetPlatformApplicationAttributes","SetSMSAttributes","SetSubscriptionAttributes","SetTopicAttributes","Subscribe","TagResource","Unsubscribe","UntagResource","VerifySMSSandboxPhoneNumber"],"ARNFormat":"arn:aws:sns:${Region}:${Account}:${TopicName}","ARNRegex":"^arn:aws:sns:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","sns:Endpoint","sns:Protocol"],"HasResource":true},"Amazon Cognito User Pools":{"StringPrefix":"cognito-idp","Actions":["AddCustomAttributes","AdminAddUserToGroup","AdminConfirmSignUp","AdminCreateUser","AdminDeleteUser","AdminDeleteUserAttributes","AdminDisableProviderForUser","AdminDisableUser","AdminEnableUser","AdminForgetDevice","AdminGetDevice","AdminGetUser","AdminInitiateAuth","AdminLinkProviderForUser","AdminListDevices","AdminListGroupsForUser","AdminListUserAuthEvents","AdminRemoveUserFromGroup","AdminResetUserPassword","AdminRespondToAuthChallenge","AdminSetUserMFAPreference","AdminSetUserPassword","AdminSetUserSettings","AdminUpdateAuthEventFeedback","AdminUpdateDeviceStatus","AdminUpdateUserAttributes","AdminUserGlobalSignOut","AssociateSoftwareToken","ChangePassword","ConfirmDevice","ConfirmForgotPassword","ConfirmSignUp","CreateGroup","CreateIdentityProvider","CreateResourceServer","CreateUserImportJob","CreateUserPool","CreateUserPoolClient","CreateUserPoolDomain","DeleteGroup","DeleteIdentityProvider","DeleteResourceServer","DeleteUser","DeleteUserAttributes","DeleteUserPool","DeleteUserPoolClient","DeleteUserPoolDomain","DescribeIdentityProvider","DescribeResourceServer","DescribeRiskConfiguration","DescribeUserImportJob","DescribeUserPool","DescribeUserPoolClient","DescribeUserPoolDomain","ForgetDevice","ForgotPassword","GetCSVHeader","GetDevice","GetGroup","GetIdentityProviderByIdentifier","GetSigningCertificate","GetUICustomization","GetUser","GetUserAttributeVerificationCode","GetUserPoolMfaConfig","GlobalSignOut","InitiateAuth","ListDevices","ListGroups","ListIdentityProviders","ListResourceServers","ListTagsForResource","ListUserImportJobs","ListUserPoolClients","ListUserPools","ListUsers","ListUsersInGroup","ResendConfirmationCode","RespondToAuthChallenge","RevokeToken","SetRiskConfiguration","SetUICustomization","SetUserMFAPreference","SetUserPoolMfaConfig","SetUserSettings","SignUp","StartUserImportJob","StopUserImportJob","TagResource","UntagResource","UpdateAuthEventFeedback","UpdateDeviceStatus","UpdateGroup","UpdateIdentityProvider","UpdateResourceServer","UpdateUserAttributes","UpdateUserPool","UpdateUserPoolClient","UpdateUserPoolDomain","VerifySoftwareToken","VerifyUserAttribute"],"ARNFormat":"arn:aws:cognito-idp:${Region}:${Account}:${ResourceType}/${ResourcePath}:","ARNRegex":"^arn:aws:cognito-idp:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Tag Editor":{"StringPrefix":"resource-explorer","Actions":["ListResourceTypes","ListResources","ListTags"],"ARNFormat":"arn:aws:resource-explorer:::/","ARNRegex":"^arn:aws:resource-explorer:.+","HasResource":false},"AWS Elastic Beanstalk":{"StringPrefix":"elasticbeanstalk","Actions":["AbortEnvironmentUpdate","AddTags","ApplyEnvironmentManagedAction","AssociateEnvironmentOperationsRole","CheckDNSAvailability","ComposeEnvironments","CreateApplication","CreateApplicationVersion","CreateConfigurationTemplate","CreateEnvironment","CreatePlatformVersion","CreateStorageLocation","DeleteApplication","DeleteApplicationVersion","DeleteConfigurationTemplate","DeleteEnvironmentConfiguration","DeletePlatformVersion","DescribeAccountAttributes","DescribeApplicationVersions","DescribeApplications","DescribeConfigurationOptions","DescribeConfigurationSettings","DescribeEnvironmentHealth","DescribeEnvironmentManagedActionHistory","DescribeEnvironmentManagedActions","DescribeEnvironmentResources","DescribeEnvironments","DescribeEvents","DescribeInstancesHealth","DescribePlatformVersion","DisassociateEnvironmentOperationsRole","ListAvailableSolutionStacks","ListPlatformBranches","ListPlatformVersions","ListTagsForResource","PutInstanceStatistics","RebuildEnvironment","RemoveTags","RequestEnvironmentInfo","RestartAppServer","RetrieveEnvironmentInfo","SwapEnvironmentCNAMEs","TerminateEnvironment","UpdateApplication","UpdateApplicationResourceLifecycle","UpdateApplicationVersion","UpdateConfigurationTemplate","UpdateEnvironment","UpdateTagsForResource","ValidateConfigurationSettings"],"ARNFormat":"arn:aws:elasticbeanstalk:${Region}:${AccountID}:${ResourceType}/${PathToResource}","ARNRegex":"^arn:aws:elasticbeanstalk:.+:.*:.+/.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticbeanstalk:FromApplication","elasticbeanstalk:FromApplicationVersion","elasticbeanstalk:FromConfigurationTemplate","elasticbeanstalk:FromEnvironment","elasticbeanstalk:FromPlatform","elasticbeanstalk:FromSolutionStack","elasticbeanstalk:InApplication"],"HasResource":true},"CloudWatch Application Insights":{"StringPrefix":"applicationinsights","Actions":["CreateApplication","CreateComponent","CreateLogPattern","DeleteApplication","DeleteComponent","DeleteLogPattern","DescribeApplication","DescribeComponent","DescribeComponentConfiguration","DescribeComponentConfigurationRecommendation","DescribeLogPattern","DescribeObservation","DescribeProblem","DescribeProblemObservations","ListApplications","ListComponents","ListConfigurationHistory","ListLogPatternSets","ListLogPatterns","ListProblems","ListTagsForResource","TagResource","UntagResource","UpdateApplication","UpdateComponent","UpdateComponentConfiguration","UpdateLogPattern"],"HasResource":false},"Elastic Load Balancing V2":{"StringPrefix":"elasticloadbalancing","Actions":["AddListenerCertificates","AddTags","CreateListener","CreateLoadBalancer","CreateRule","CreateTargetGroup","DeleteListener","DeleteLoadBalancer","DeleteRule","DeleteTargetGroup","DeregisterTargets","DescribeAccountLimits","DescribeListenerCertificates","DescribeListeners","DescribeLoadBalancerAttributes","DescribeLoadBalancers","DescribeRules","DescribeSSLPolicies","DescribeTags","DescribeTargetGroupAttributes","DescribeTargetGroups","DescribeTargetHealth","ModifyListener","ModifyLoadBalancerAttributes","ModifyRule","ModifyTargetGroup","ModifyTargetGroupAttributes","RegisterTargets","RemoveListenerCertificates","RemoveTags","SetIpAddressType","SetRulePriorities","SetSecurityGroups","SetSubnets","SetWebAcl"],"ARNFormat":"arn:aws:elasticloadbalancing:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:aws:elasticloadbalancing:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticloadbalancing:ResourceTag/${TagKey}"],"HasResource":true},"Elastic Load Balancing":{"StringPrefix":"elasticloadbalancing","Actions":["AddTags","ApplySecurityGroupsToLoadBalancer","AttachLoadBalancerToSubnets","ConfigureHealthCheck","CreateAppCookieStickinessPolicy","CreateLBCookieStickinessPolicy","CreateLoadBalancer","CreateLoadBalancerListeners","CreateLoadBalancerPolicy","DeleteLoadBalancer","DeleteLoadBalancerListeners","DeleteLoadBalancerPolicy","DeregisterInstancesFromLoadBalancer","DescribeInstanceHealth","DescribeLoadBalancerAttributes","DescribeLoadBalancerPolicies","DescribeLoadBalancerPolicyTypes","DescribeLoadBalancers","DescribeTags","DetachLoadBalancerFromSubnets","DisableAvailabilityZonesForLoadBalancer","EnableAvailabilityZonesForLoadBalancer","ModifyLoadBalancerAttributes","RegisterInstancesWithLoadBalancer","RemoveTags","SetLoadBalancerListenerSSLCertificate","SetLoadBalancerPoliciesForBackendServer","SetLoadBalancerPoliciesOfListener"],"ARNFormat":"arn:aws:elasticloadbalancing:::/","ARNRegex":"^arn:aws:elasticloadbalancing:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","elasticloadbalancing:ResourceTag/","elasticloadbalancing:ResourceTag/${TagKey}"],"HasResource":true},"AmazonMediaImport":{"StringPrefix":"mediaimport","Actions":["CreateDatabaseBinarySnapshot"],"ARNFormat":"arn:aws:mediaimport:${Region}:${Account}/*","HasResource":false},"Amazon Lookout for Equipment":{"StringPrefix":"lookoutequipment","Actions":["CreateDataset","CreateInferenceScheduler","CreateModel","DeleteDataset","DeleteInferenceScheduler","DeleteModel","DescribeDataIngestionJob","DescribeDataset","DescribeInferenceScheduler","DescribeModel","ListDataIngestionJobs","ListDatasets","ListInferenceExecutions","ListInferenceSchedulers","ListModels","ListSensorStatistics","ListTagsForResource","StartDataIngestionJob","StartInferenceScheduler","StopInferenceScheduler","TagResource","UntagResource","UpdateInferenceScheduler"],"ARNFormat":"arn:aws:lookoutequipment:${Region}:${AccountId}:${ResourceType}/${ResourceName}/${ResourceId}","ARNRegex":"^arn:aws:lookoutequipment:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Lookout for Metrics":{"StringPrefix":"lookoutmetrics","Actions":["ActivateAnomalyDetector","BackTestAnomalyDetector","CreateAlert","CreateAnomalyDetector","CreateMetricSet","DeactivateAnomalyDetector","DeleteAlert","DeleteAnomalyDetector","DescribeAlert","DescribeAnomalyDetectionExecutions","DescribeAnomalyDetector","DescribeMetricSet","DetectMetricSetConfig","GetAnomalyGroup","GetDataQualityMetrics","GetFeedback","GetSampleData","ListAlerts","ListAnomalyDetectors","ListAnomalyGroupRelatedMetrics","ListAnomalyGroupSummaries","ListAnomalyGroupTimeSeries","ListMetricSets","ListTagsForResource","PutFeedback","TagResource","UntagResource","UpdateAnomalyDetector","UpdateMetricSet"],"ARNFormat":"arn:${Partition}:lookoutmetrics:${Region}:${AccountId}:${ResourceType}:${ResourceName}","ARNRegex":"^arn:${Partition}:lookoutmetrics:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Marketplace Commerce Analytics Service":{"StringPrefix":"marketplacecommerceanalytics","Actions":["GenerateDataSet","StartSupportDataExport"],"HasResource":false},"Amazon Translate":{"StringPrefix":"translate","Actions":["CreateParallelData","DeleteParallelData","DeleteTerminology","DescribeTextTranslationJob","GetParallelData","GetTerminology","ImportTerminology","ListParallelData","ListTerminologies","ListTextTranslationJobs","StartTextTranslationJob","StopTextTranslationJob","TranslateText","UpdateParallelData"],"ARNFormat":"arn:${Partition}:translate:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:translate:.+:.+:.+","HasResource":false},"AWS WAF Regional":{"StringPrefix":"waf-regional","Actions":["AssociateWebACL","CreateByteMatchSet","CreateGeoMatchSet","CreateIPSet","CreateRateBasedRule","CreateRegexMatchSet","CreateRegexPatternSet","CreateRule","CreateRuleGroup","CreateSizeConstraintSet","CreateSqlInjectionMatchSet","CreateWebACL","CreateWebACLMigrationStack","CreateXssMatchSet","DeleteByteMatchSet","DeleteGeoMatchSet","DeleteIPSet","DeleteLoggingConfiguration","DeletePermissionPolicy","DeleteRateBasedRule","DeleteRegexMatchSet","DeleteRegexPatternSet","DeleteRule","DeleteRuleGroup","DeleteSizeConstraintSet","DeleteSqlInjectionMatchSet","DeleteWebACL","DeleteXssMatchSet","DisassociateWebACL","GetByteMatchSet","GetChangeToken","GetChangeTokenStatus","GetGeoMatchSet","GetIPSet","GetLoggingConfiguration","GetPermissionPolicy","GetRateBasedRule","GetRateBasedRuleManagedKeys","GetRegexMatchSet","GetRegexPatternSet","GetRule","GetRuleGroup","GetSampledRequests","GetSizeConstraintSet","GetSqlInjectionMatchSet","GetWebACL","GetWebACLForResource","GetXssMatchSet","ListActivatedRulesInRuleGroup","ListByteMatchSets","ListGeoMatchSets","ListIPSets","ListLoggingConfigurations","ListRateBasedRules","ListRegexMatchSets","ListRegexPatternSets","ListResourcesForWebACL","ListRuleGroups","ListRules","ListSizeConstraintSets","ListSqlInjectionMatchSets","ListSubscribedRuleGroups","ListTagsForResource","ListWebACLs","ListXssMatchSets","PutLoggingConfiguration","PutPermissionPolicy","TagResource","UntagResource","UpdateByteMatchSet","UpdateGeoMatchSet","UpdateIPSet","UpdateRateBasedRule","UpdateRegexMatchSet","UpdateRegexPatternSet","UpdateRule","UpdateRuleGroup","UpdateSizeConstraintSet","UpdateSqlInjectionMatchSet","UpdateWebACL","UpdateXssMatchSet"],"ARNFormat":"arn:${Partition}:waf-regional:${Region}:${Account}:${ResourceId}/${Id}","ARNRegex":"^arn:${Partition}:waf-regional:.+:[0-9]+:.+/.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Elastic Container Service":{"StringPrefix":"ecs","Actions":["CreateCapacityProvider","CreateCluster","CreateService","CreateTaskSet","DeleteAccountSetting","DeleteAttributes","DeleteCapacityProvider","DeleteCluster","DeleteService","DeleteTaskSet","DeregisterContainerInstance","DeregisterTaskDefinition","DescribeCapacityProviders","DescribeClusters","DescribeContainerInstances","DescribeServices","DescribeTaskDefinition","DescribeTaskSets","DescribeTasks","DiscoverPollEndpoint","ExecuteCommand","ListAccountSettings","ListAttributes","ListClusters","ListContainerInstances","ListServices","ListTagsForResource","ListTaskDefinitionFamilies","ListTaskDefinitions","ListTasks","Poll","PutAccountSetting","PutAccountSettingDefault","PutAttributes","PutClusterCapacityProviders","RegisterContainerInstance","RegisterTaskDefinition","RunTask","StartTask","StartTelemetrySession","StopTask","SubmitAttachmentStateChanges","SubmitContainerStateChange","SubmitTaskStateChange","TagResource","UntagResource","UpdateCapacityProvider","UpdateCluster","UpdateClusterSettings","UpdateContainerAgent","UpdateContainerInstancesState","UpdateService","UpdateServicePrimaryTaskSet","UpdateTaskSet"],"ARNFormat":"arn:${Partition}:ecs:${Region}:${Account}:${ResourceType}/${RelativeId}","ARNRegex":"^arn:aws:ecs:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ecs:ResourceTag/${TagKey}","ecs:capacity-provider","ecs:cluster","ecs:container-instances","ecs:container-name","ecs:enable-execute-command","ecs:service","ecs:task","ecs:task-definition"],"HasResource":true},"Amazon Elastic Container Registry":{"StringPrefix":"ecr","Actions":["BatchCheckLayerAvailability","BatchDeleteImage","BatchGetImage","BatchGetRepositoryScanningConfiguration","BatchImportUpstreamImage","CompleteLayerUpload","CreatePullThroughCacheRule","CreateRepository","DeleteLifecyclePolicy","DeletePullThroughCacheRule","DeleteRegistryPolicy","DeleteRepository","DeleteRepositoryPolicy","DescribeImageReplicationStatus","DescribeImageScanFindings","DescribeImages","DescribePullThroughCacheRules","DescribeRegistry","DescribeRepositories","GetAuthorizationToken","GetDownloadUrlForLayer","GetLifecyclePolicy","GetLifecyclePolicyPreview","GetRegistryPolicy","GetRegistryScanningConfiguration","GetRepositoryPolicy","InitiateLayerUpload","ListImages","ListTagsForResource","PutImage","PutImageScanningConfiguration","PutImageTagMutability","PutLifecyclePolicy","PutRegistryPolicy","PutRegistryScanningConfiguration","PutReplicationConfiguration","ReplicateImage","SetRepositoryPolicy","StartImageScan","StartLifecyclePolicyPreview","TagResource","UntagResource","UploadLayerPart"],"ARNFormat":"arn:aws:ecr:${Region}:${Account}:repository/${RepositoryName}","ARNRegex":"^arn:aws:ecr:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","ecr:ResourceTag/${TagKey}"],"HasResource":true},"Amazon DynamoDB Accelerator (DAX)":{"StringPrefix":"dax","Actions":["BatchGetItem","BatchWriteItem","ConditionCheckItem","CreateCluster","CreateParameterGroup","CreateSubnetGroup","DecreaseReplicationFactor","DeleteCluster","DeleteItem","DeleteParameterGroup","DeleteSubnetGroup","DescribeClusters","DescribeDefaultParameters","DescribeEvents","DescribeParameterGroups","DescribeParameters","DescribeSubnetGroups","GetItem","IncreaseReplicationFactor","ListTags","PutItem","Query","RebootNode","Scan","TagResource","UntagResource","UpdateCluster","UpdateItem","UpdateParameterGroup","UpdateSubnetGroup"],"ARNFormat":"arn:${Partition}:dax:${Region}:${Account}:cache/${ClusterName}","ARNRegex":"^arn:${Partition}:dax:.+:[0-9]+:cache/[a-zA-Z0-9_.-]+","conditionKeys":["dax:EnclosingOperation"],"HasResource":true},"Amazon Resource Group Tagging API":{"StringPrefix":"tag","Actions":["DescribeReportCreation","GetComplianceSummary","GetResources","GetTagKeys","GetTagValues","StartReportCreation","TagResources","UntagResources"],"HasResource":false},"Amazon CloudWatch Logs":{"StringPrefix":"logs","Actions":["AssociateKmsKey","CancelExportTask","CreateExportTask","CreateLogDelivery","CreateLogGroup","CreateLogStream","DeleteDestination","DeleteLogDelivery","DeleteLogGroup","DeleteLogStream","DeleteMetricFilter","DeleteQueryDefinition","DeleteResourcePolicy","DeleteRetentionPolicy","DeleteSubscriptionFilter","DescribeDestinations","DescribeExportTasks","DescribeLogGroups","DescribeLogStreams","DescribeMetricFilters","DescribeQueries","DescribeQueryDefinitions","DescribeResourcePolicies","DescribeSubscriptionFilters","DisassociateKmsKey","FilterLogEvents","GetLogDelivery","GetLogEvents","GetLogGroupFields","GetLogRecord","GetQueryResults","ListLogDeliveries","ListTagsLogGroup","PutDestination","PutDestinationPolicy","PutLogEvents","PutMetricFilter","PutQueryDefinition","PutResourcePolicy","PutRetentionPolicy","PutSubscriptionFilter","StartQuery","StopQuery","TagLogGroup","TestMetricFilter","UntagLogGroup","UpdateLogDelivery"],"ARNFormat":"arn:aws:logs:.+:.+:.+","ARNRegex":"^arn:aws:logs:.+","conditionKeys":["aws:ResourceTag/${TagKey}"],"HasResource":true},"AWS Backup Gateway":{"StringPrefix":"backup-gateway","Actions":["AssociateGatewayToServer","Backup","CreateGateway","DeleteGateway","DeleteHypervisor","DisassociateGatewayFromServer","ImportHypervisorConfiguration","ListGateways","ListHypervisors","ListTagsForResource","ListVirtualMachines","PutMaintenanceStartTime","Restore","TagResource","TestHypervisorConfiguration","UntagResource","UpdateGatewayInformation","UpdateHypervisor"],"ARNFormat":"arn:${Partition}:aws:backup-gateway:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:?.*:aws:backup-gateway:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Service Catalog":{"StringPrefix":"servicecatalog","Actions":["AcceptPortfolioShare","AssociateAttributeGroup","AssociateBudgetWithResource","AssociatePrincipalWithPortfolio","AssociateProductWithPortfolio","AssociateResource","AssociateServiceActionWithProvisioningArtifact","AssociateTagOptionWithResource","BatchAssociateServiceActionWithProvisioningArtifact","BatchDisassociateServiceActionFromProvisioningArtifact","CopyProduct","CreateApplication","CreateAttributeGroup","CreateConstraint","CreatePortfolio","CreatePortfolioShare","CreateProduct","CreateProvisionedProductPlan","CreateProvisioningArtifact","CreateServiceAction","CreateTagOption","DeleteApplication","DeleteAttributeGroup","DeleteConstraint","DeletePortfolio","DeletePortfolioShare","DeleteProduct","DeleteProvisionedProductPlan","DeleteProvisioningArtifact","DeleteServiceAction","DeleteTagOption","DescribeConstraint","DescribeCopyProductStatus","DescribePortfolio","DescribePortfolioShareStatus","DescribePortfolioShares","DescribeProduct","DescribeProductAsAdmin","DescribeProductView","DescribeProvisionedProduct","DescribeProvisionedProductPlan","DescribeProvisioningArtifact","DescribeProvisioningParameters","DescribeRecord","DescribeServiceAction","DescribeServiceActionExecutionParameters","DescribeTagOption","DisableAWSOrganizationsAccess","DisassociateAttributeGroup","DisassociateBudgetFromResource","DisassociatePrincipalFromPortfolio","DisassociateProductFromPortfolio","DisassociateResource","DisassociateServiceActionFromProvisioningArtifact","DisassociateTagOptionFromResource","EnableAWSOrganizationsAccess","ExecuteProvisionedProductPlan","ExecuteProvisionedProductServiceAction","GetAWSOrganizationsAccessStatus","GetApplication","GetAssociatedResource","GetAttributeGroup","GetProvisionedProductOutputs","ImportAsProvisionedProduct","ListAcceptedPortfolioShares","ListApplications","ListAssociatedAttributeGroups","ListAssociatedResources","ListAttributeGroups","ListBudgetsForResource","ListConstraintsForPortfolio","ListLaunchPaths","ListOrganizationPortfolioAccess","ListPortfolioAccess","ListPortfolios","ListPortfoliosForProduct","ListPrincipalsForPortfolio","ListProvisionedProductPlans","ListProvisioningArtifacts","ListProvisioningArtifactsForServiceAction","ListRecordHistory","ListResourcesForTagOption","ListServiceActions","ListServiceActionsForProvisioningArtifact","ListStackInstancesForProvisionedProduct","ListTagOptions","ListTagsForResource","ProvisionProduct","RejectPortfolioShare","ScanProvisionedProducts","SearchProducts","SearchProductsAsAdmin","SearchProvisionedProducts","SyncResource","TagResource","TerminateProvisionedProduct","UntagResource","UpdateApplication","UpdateAttributeGroup","UpdateConstraint","UpdatePortfolio","UpdatePortfolioShare","UpdateProduct","UpdateProvisionedProduct","UpdateProvisionedProductProperties","UpdateProvisioningArtifact","UpdateServiceAction","UpdateTagOption"],"ARNFormat":"arn:aws:(catalog|servicecatalog):${Region}:${Account}:${ResourceType}/${Id}","ARNRegex":"^arn:aws:(catalog|servicecatalog):.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","servicecatalog:accountLevel","servicecatalog:roleLevel","servicecatalog:userLevel"],"HasResource":true},"AWS Elastic Disaster Recovery":{"StringPrefix":"drs","Actions":["AssociateFailbackClientToRecoveryInstanceForDrs","BatchCreateVolumeSnapshotGroupForDrs","BatchDeleteSnapshotRequestForDrs","CreateRecoveryInstanceForDrs","CreateReplicationConfigurationTemplate","CreateSessionForDrs","CreateSourceServerForDrs","DeleteJob","DeleteRecoveryInstance","DeleteReplicationConfigurationTemplate","DeleteSourceServer","DescribeJobLogItems","DescribeJobs","DescribeRecoveryInstances","DescribeRecoverySnapshots","DescribeReplicationConfigurationTemplates","DescribeReplicationServerAssociationsForDrs","DescribeSnapshotRequestsForDrs","DescribeSourceServers","DisconnectRecoveryInstance","DisconnectSourceServer","GetAgentCommandForDrs","GetAgentConfirmedResumeInfoForDrs","GetAgentInstallationAssetsForDrs","GetAgentReplicationInfoForDrs","GetAgentRuntimeConfigurationForDrs","GetAgentSnapshotCreditsForDrs","GetChannelCommandsForDrs","GetFailbackCommandForDrs","GetFailbackLaunchRequestedForDrs","GetFailbackReplicationConfiguration","GetLaunchConfiguration","GetReplicationConfiguration","GetSuggestedFailbackClientDeviceMappingForDrs","InitializeService","IssueAgentCertificateForDrs","ListTagsForResource","NotifyAgentAuthenticationForDrs","NotifyAgentConnectedForDrs","NotifyAgentDisconnectedForDrs","NotifyAgentReplicationProgressForDrs","NotifyConsistencyAttainedForDrs","NotifyReplicationServerAuthenticationForDrs","RetryDataReplication","SendAgentLogsForDrs","SendAgentMetricsForDrs","SendChannelCommandResultForDrs","SendClientLogsForDrs","SendClientMetricsForDrs","StartFailbackLaunch","StartRecovery","StopFailback","TagResource","TerminateRecoveryInstances","UntagResource","UpdateAgentBacklogForDrs","UpdateAgentConversionInfoForDrs","UpdateAgentReplicationInfoForDrs","UpdateAgentReplicationProcessStateForDrs","UpdateAgentSourcePropertiesForDrs","UpdateFailbackClientDeviceMappingForDrs","UpdateFailbackClientLastSeenForDrs","UpdateFailbackReplicationConfiguration","UpdateLaunchConfiguration","UpdateReplicationCertificateForDrs","UpdateReplicationConfiguration","UpdateReplicationConfigurationTemplate"],"ARNFormat":"arn:aws:drs:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:drs:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","drs:EC2InstanceARN"],"HasResource":true},"Amazon MQ":{"StringPrefix":"mq","Actions":["CreateBroker","CreateConfiguration","CreateTags","CreateUser","DeleteBroker","DeleteTags","DeleteUser","DescribeBroker","DescribeBrokerEngineTypes","DescribeBrokerInstanceOptions","DescribeConfiguration","DescribeConfigurationRevision","DescribeUser","ListBrokers","ListConfigurationRevisions","ListConfigurations","ListTags","ListUsers","RebootBroker","UpdateBroker","UpdateConfiguration","UpdateUser"],"ARNFormat":"arn:${Partition}:mq:${Region}:${Account}:.+","ARNRegex":"^arn:${Partition}:mq:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Control Tower":{"StringPrefix":"controltower","Actions":["CreateManagedAccount","DeregisterManagedAccount","DeregisterOrganizationalUnit","DescribeAccountFactoryConfig","DescribeCoreService","DescribeGuardrail","DescribeGuardrailForTarget","DescribeManagedAccount","DescribeManagedOrganizationalUnit","DescribeSingleSignOn","DisableGuardrail","EnableGuardrail","GetAvailableUpdates","GetGuardrailComplianceStatus","GetHomeRegion","GetLandingZoneStatus","ListDirectoryGroups","ListEnabledGuardrails","ListGuardrailViolations","ListGuardrails","ListGuardrailsForTarget","ListManagedAccounts","ListManagedAccountsForGuardrail","ListManagedAccountsForParent","ListManagedOrganizationalUnits","ListManagedOrganizationalUnitsForGuardrail","ManageOrganizationalUnit","SetupLandingZone","UpdateAccountFactoryConfig"],"ARNFormat":"arn:aws:controltower:::/","ARNRegex":"^arn:aws:controltower:.+:.+:.+","HasResource":false},"Amazon Nimble Studio":{"StringPrefix":"nimble","Actions":["AcceptEulas","CreateLaunchProfile","CreateStreamingImage","CreateStreamingSession","CreateStreamingSessionStream","CreateStudio","CreateStudioComponent","DeleteLaunchProfile","DeleteLaunchProfileMember","DeleteStreamingImage","DeleteStreamingSession","DeleteStudio","DeleteStudioComponent","DeleteStudioMember","GetEula","GetFeatureMap","GetLaunchProfile","GetLaunchProfileDetails","GetLaunchProfileInitialization","GetLaunchProfileMember","GetStreamingImage","GetStreamingSession","GetStreamingSessionStream","GetStudio","GetStudioComponent","GetStudioMember","ListEulaAcceptances","ListEulas","ListLaunchProfileMembers","ListLaunchProfiles","ListStreamingImages","ListStreamingSessions","ListStudioComponents","ListStudioMembers","ListStudios","ListTagsForResource","PutLaunchProfileMembers","PutStudioLogEvents","PutStudioMembers","StartStreamingSession","StartStudioSSOConfigurationRepair","StopStreamingSession","TagResource","UntagResource","UpdateLaunchProfile","UpdateLaunchProfileMember","UpdateStreamingImage","UpdateStudio","UpdateStudioComponent"],"ARNFormat":"arn:aws:nimble:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:aws:nimble:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","nimble:createdBy","nimble:ownedBy","nimble:principalId","nimble:requesterPrincipalId","nimble:studioId"],"HasResource":true},"Amazon Managed Workflows for Apache Airflow":{"StringPrefix":"airflow","Actions":["CreateCliToken","CreateEnvironment","CreateWebLoginToken","DeleteEnvironment","GetEnvironment","ListEnvironments","ListTagsForResource","PublishMetrics","TagResource","UntagResource","UpdateEnvironment"],"ARNFormat":"arn:aws:airflow:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:airflow:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Tax Settings":{"StringPrefix":"tax","Actions":["GetExemptions","UpdateExemptions"],"HasResource":false},"Amazon S3 Object Lambda":{"StringPrefix":"s3-object-lambda","Actions":["AbortMultipartUpload","DeleteObject","DeleteObjectTagging","DeleteObjectVersion","DeleteObjectVersionTagging","GetObject","GetObjectAcl","GetObjectLegalHold","GetObjectRetention","GetObjectTagging","GetObjectVersion","GetObjectVersionAcl","GetObjectVersionTagging","ListBucket","ListBucketMultipartUploads","ListBucketVersions","ListMultipartUploadParts","PutObject","PutObjectAcl","PutObjectLegalHold","PutObjectRetention","PutObjectTagging","PutObjectVersionAcl","PutObjectVersionTagging","RestoreObject","WriteGetObjectResponse"],"ARNFormat":"arn:aws:s3-object-lambda:::accesspoint/","ARNRegex":"^arn:aws:s3-object-lambda:::.+","conditionKeys":["s3-object-lambda:TlsVersion","s3-object-lambda:authType","s3-object-lambda:signatureAge","s3-object-lambda:versionid"],"HasResource":true},"AWS Sustainability":{"StringPrefix":"sustainability","Actions":["GetCarbonFootprintSummary"],"ARNFormat":"arn:aws:sustainability:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:sustainability:.+:.+:.+","HasResource":false},"Amazon Personalize":{"StringPrefix":"personalize","Actions":["CreateBatchInferenceJob","CreateBatchSegmentJob","CreateCampaign","CreateDataset","CreateDatasetExportJob","CreateDatasetGroup","CreateDatasetImportJob","CreateEventTracker","CreateFilter","CreateRecommender","CreateSchema","CreateSolution","CreateSolutionVersion","DeleteCampaign","DeleteDataset","DeleteDatasetGroup","DeleteEventTracker","DeleteFilter","DeleteRecommender","DeleteSchema","DeleteSolution","DescribeAlgorithm","DescribeBatchInferenceJob","DescribeBatchSegmentJob","DescribeCampaign","DescribeDataset","DescribeDatasetExportJob","DescribeDatasetGroup","DescribeDatasetImportJob","DescribeEventTracker","DescribeFeatureTransformation","DescribeFilter","DescribeRecipe","DescribeRecommender","DescribeSchema","DescribeSolution","DescribeSolutionVersion","GetPersonalizedRanking","GetRecommendations","GetSolutionMetrics","ListBatchInferenceJobs","ListBatchSegmentJobs","ListCampaigns","ListDatasetExportJobs","ListDatasetGroups","ListDatasetImportJobs","ListDatasets","ListEventTrackers","ListFilters","ListRecipes","ListRecommenders","ListSchemas","ListSolutionVersions","ListSolutions","PutEvents","PutItems","PutUsers","StartRecommender","StopRecommender","StopSolutionVersionCreation","UpdateCampaign","UpdateRecommender"],"ARNFormat":"arn:${Partition}:personalize:${Region}:${Account}:${Resourcename}/${ResourceId}","ARNRegex":"^arn:${Partition}:personalize:.+:.+:.+","HasResource":true},"AWS Cloud9":{"StringPrefix":"cloud9","Actions":["ActivateEC2Remote","CreateEnvironmentEC2","CreateEnvironmentMembership","CreateEnvironmentSSH","CreateEnvironmentToken","DeleteEnvironment","DeleteEnvironmentMembership","DescribeEC2Remote","DescribeEnvironmentMemberships","DescribeEnvironmentStatus","DescribeEnvironments","DescribeSSHRemote","GetEnvironmentConfig","GetEnvironmentSettings","GetMembershipSettings","GetUserPublicKey","GetUserSettings","ListEnvironments","ListTagsForResource","ModifyTemporaryCredentialsOnEnvironmentEC2","TagResource","UntagResource","UpdateEnvironment","UpdateEnvironmentMembership","UpdateEnvironmentSettings","UpdateMembershipSettings","UpdateSSHRemote","UpdateUserSettings","ValidateEnvironmentName"],"ARNFormat":"arn:aws:cloud9:${Region}:${Account}:${ResourceType}:${ResourceId}","ARNRegex":"^arn:aws:cloud9:.+:[0-9]+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","cloud9:EnvironmentId","cloud9:EnvironmentName","cloud9:InstanceType","cloud9:OwnerArn","cloud9:Permissions","cloud9:SubnetId","cloud9:UserArn"],"HasResource":true},"AWS Elemental Appliances and Software":{"StringPrefix":"elemental-appliances-software","Actions":["CreateQuote","GetQuote","ListQuotes","ListTagsForResource","TagResource","UntagResource","UpdateQuote"],"ARNFormat":"arn:aws:elemental-appliances-software:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:elemental-appliances-software:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Detective":{"StringPrefix":"detective","Actions":["AcceptInvitation","CreateGraph","CreateMembers","DeleteGraph","DeleteMembers","DescribeOrganizationConfiguration","DisableOrganizationAdminAccount","DisassociateMembership","EnableOrganizationAdminAccount","GetFreeTrialEligibility","GetGraphIngestState","GetMembers","GetPricingInformation","GetUsageInformation","ListGraphs","ListInvitations","ListMembers","ListOrganizationAdminAccounts","ListTagsForResource","RejectInvitation","SearchGraph","StartMonitoringMember","TagResource","UntagResource","UpdateOrganizationConfiguration"],"ARNFormat":"arn:aws:detective:${Region}:${AccountId}:graph:${GraphId}","ARNRegex":"^arn:aws:detective:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Transfer Family":{"StringPrefix":"transfer","Actions":["CreateAccess","CreateServer","CreateUser","CreateWorkflow","DeleteAccess","DeleteServer","DeleteSshPublicKey","DeleteUser","DeleteWorkflow","DescribeAccess","DescribeExecution","DescribeSecurityPolicy","DescribeServer","DescribeUser","DescribeWorkflow","ImportSshPublicKey","ListAccesses","ListExecutions","ListSecurityPolicies","ListServers","ListTagsForResource","ListUsers","ListWorkflows","SendWorkflowStepState","StartServer","StopServer","TagResource","TestIdentityProvider","UntagResource","UpdateAccess","UpdateServer","UpdateUser"],"ARNFormat":"arn:aws:transfer:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:transfer:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Panorama":{"StringPrefix":"panorama","Actions":["CreateApp","CreateAppDeployment","CreateAppVersion","CreateApplicationInstance","CreateDataSource","CreateDeploymentConfiguration","CreateInputs","CreateJobForDevices","CreateModel","CreateNodeFromTemplateJob","CreatePackage","CreatePackageImportJob","CreateStreams","DeleteApp","DeleteAppVersion","DeleteDataSource","DeleteDevice","DeleteModel","DeletePackage","DeregisterPackageVersion","DescribeApp","DescribeAppDeployment","DescribeAppVersion","DescribeApplicationInstance","DescribeApplicationInstanceDetails","DescribeDataSource","DescribeDevice","DescribeDeviceJob","DescribeModel","DescribeNode","DescribeNodeFromTemplateJob","DescribePackage","DescribePackageImportJob","DescribePackageVersion","DescribeSoftware","GetDeploymentConfiguration","GetInputs","GetStreams","GetWebSocketURL","ListAppDeploymentOperations","ListAppVersions","ListApplicationInstanceDependencies","ListApplicationInstanceNodeInstances","ListApplicationInstances","ListApps","ListDataSources","ListDeploymentConfigurations","ListDevices","ListDevicesJobs","ListModels","ListNodeFromTemplateJobs","ListNodes","ListPackageImportJobs","ListPackages","ListTagsForResource","ProvisionDevice","RegisterPackageVersion","RemoveApplicationInstance","TagResource","UntagResource","UpdateApp","UpdateAppConfiguration","UpdateDataSource","UpdateDeviceMetadata"],"ARNFormat":"arn:${Partition}:panorama:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:panorama:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS IAM Access Analyzer":{"StringPrefix":"access-analyzer","Actions":["ApplyArchiveRule","CancelPolicyGeneration","CreateAccessPreview","CreateAnalyzer","CreateArchiveRule","DeleteAnalyzer","DeleteArchiveRule","GetAccessPreview","GetAnalyzedResource","GetAnalyzer","GetArchiveRule","GetFinding","GetGeneratedPolicy","ListAccessPreviewFindings","ListAccessPreviews","ListAnalyzedResources","ListAnalyzers","ListArchiveRules","ListFindings","ListPolicyGenerations","ListTagsForResource","StartPolicyGeneration","StartResourceScan","TagResource","UntagResource","UpdateArchiveRule","UpdateFindings","ValidatePolicy"],"ARNFormat":"arn:${Partition}:access-analyzer:${Region}:${Account}:analyzer/${AnalyzerName}","ARNRegex":"^arn:${Partition}:access-analyzer:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Textract":{"StringPrefix":"textract","Actions":["AnalyzeDocument","AnalyzeExpense","AnalyzeID","DetectDocumentText","GetDocumentAnalysis","GetDocumentTextDetection","GetExpenseAnalysis","StartDocumentAnalysis","StartDocumentTextDetection","StartExpenseAnalysis"],"ARNFormat":"arn:${Partition}:textract:${Region}:${AccountID}:${RelativeId}","ARNRegex":"^arn:${Partition}:textract:.+","HasResource":false},"AWS Activate":{"StringPrefix":"activate","Actions":["CreateForm","GetAccountContact","GetContentInfo","GetCosts","GetCredits","GetMemberInfo","GetProgram","PutMemberInfo"],"HasResource":false},"Amazon AppIntegrations":{"StringPrefix":"app-integrations","Actions":["CreateDataIntegration","CreateDataIntegrationAssociation","CreateEventIntegration","CreateEventIntegrationAssociation","DeleteDataIntegration","DeleteDataIntegrationAssociation","DeleteEventIntegration","DeleteEventIntegrationAssociation","GetDataIntegration","GetEventIntegration","ListDataIntegrationAssociations","ListDataIntegrations","ListEventIntegrationAssociations","ListEventIntegrations","ListTagsForResource","TagResource","UntagResource","UpdateDataIntegration","UpdateEventIntegration"],"ARNFormat":"arn:aws:app-integrations:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:app-integrations:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Application Discovery Arsenal":{"StringPrefix":"arsenal","Actions":["RegisterOnPremisesAgent"],"HasResource":false},"Amazon FinSpace":{"StringPrefix":"finspace","Actions":["CreateEnvironment","CreateUser","DeleteEnvironment","GetEnvironment","GetLoadSampleDataSetGroupIntoEnvironmentStatus","GetUser","ListEnvironments","ListTagsForResource","ListUsers","LoadSampleDataSetGroupIntoEnvironment","ResetUserPassword","TagResource","UntagResource","UpdateEnvironment","UpdateUser"],"ARNFormat":"arn:${Partition}:finspace:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:${Partition}:finspace:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon GroundTruth Labeling":{"StringPrefix":"groundtruthlabeling","Actions":["AssociatePatchToManifestJob","DescribeConsoleJob","ListDatasetObjects","RunFilterOrSampleDatasetJob","RunGenerateManifestByCrawlingJob"],"ARNFormat":"arn:${Partition}:groundtruthlabeling:${region}:${account}:${resourceType}/${resourcePath}","ARNRegex":"^arn:${Partition}:groundtruthlabeling:.+","HasResource":false},"Amazon S3 on Outposts":{"StringPrefix":"s3-outposts","Actions":["AbortMultipartUpload","CreateAccessPoint","CreateBucket","CreateEndpoint","DeleteAccessPoint","DeleteAccessPointPolicy","DeleteBucket","DeleteBucketPolicy","DeleteEndpoint","DeleteObject","DeleteObjectTagging","GetAccessPoint","GetAccessPointPolicy","GetBucket","GetBucketPolicy","GetBucketTagging","GetLifecycleConfiguration","GetObject","GetObjectTagging","ListAccessPoints","ListBucket","ListBucketMultipartUploads","ListEndpoints","ListMultipartUploadParts","ListRegionalBuckets","ListSharedEndpoints","PutAccessPointPolicy","PutBucketPolicy","PutBucketTagging","PutLifecycleConfiguration","PutObject","PutObjectAcl","PutObjectTagging"],"ARNFormat":"arn:${Partition}:s3-outposts:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:${Partition}:s3-outposts:.+","conditionKeys":["s3-outposts:AccessPointNetworkOrigin","s3-outposts:DataAccessPointAccount","s3-outposts:DataAccessPointArn","s3-outposts:ExistingObjectTag/","s3-outposts:RequestObjectTag/","s3-outposts:RequestObjectTagKeys","s3-outposts:authType","s3-outposts:delimiter","s3-outposts:max-keys","s3-outposts:prefix","s3-outposts:signatureAge","s3-outposts:signatureversion","s3-outposts:x-amz-acl","s3-outposts:x-amz-content-sha256","s3-outposts:x-amz-copy-source","s3-outposts:x-amz-metadata-directive","s3-outposts:x-amz-server-side-encryption","s3-outposts:x-amz-storage-class"],"HasResource":true},"AWS Elemental MediaStore":{"StringPrefix":"mediastore","Actions":["CreateContainer","DeleteContainer","DeleteContainerPolicy","DeleteCorsPolicy","DeleteLifecyclePolicy","DeleteMetricPolicy","DeleteObject","DescribeContainer","DescribeObject","GetContainerPolicy","GetCorsPolicy","GetLifecyclePolicy","GetMetricPolicy","GetObject","ListContainers","ListItems","ListTagsForResource","PutContainerPolicy","PutCorsPolicy","PutLifecyclePolicy","PutMetricPolicy","PutObject","StartAccessLogging","StopAccessLogging","TagResource","UntagResource"],"ARNFormat":"arn:aws:mediastore:${Region}:${Account}:${Resource}","ARNRegex":"^arn:aws:mediastore:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS BugBust":{"StringPrefix":"bugbust","Actions":["CreateEvent","EvaluateProfilingGroups","GetEvent","GetJoinEventStatus","JoinEvent","ListBugs","ListEventParticipants","ListEventScores","ListEvents","ListProfilingGroups","ListPullRequests","ListTagsForResource","TagResource","UntagResource","UpdateEvent","UpdateWorkItem","UpdateWorkItemAdmin"],"ARNFormat":"arn:aws:bugbust:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:bugbust:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon HealthLake":{"StringPrefix":"healthlake","Actions":["CreateFHIRDatastore","CreateResource","DeleteFHIRDatastore","DeleteResource","DescribeFHIRDatastore","DescribeFHIRExportJob","DescribeFHIRImportJob","GetCapabilities","ListFHIRDatastores","ListFHIRExportJobs","ListFHIRImportJobs","ListTagsForResource","ReadResource","SearchWithGet","SearchWithPost","StartFHIRExportJob","StartFHIRImportJob","TagResource","UntagResource","UpdateResource"],"ARNFormat":"arn:${Partition}:healthlake:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:healthlake:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS IoT 1-Click":{"StringPrefix":"iot1click","Actions":["AssociateDeviceWithPlacement","ClaimDevicesByClaimCode","CreatePlacement","CreateProject","DeletePlacement","DeleteProject","DescribeDevice","DescribePlacement","DescribeProject","DisassociateDeviceFromPlacement","FinalizeDeviceClaim","GetDeviceMethods","GetDevicesInPlacement","InitiateDeviceClaim","InvokeDeviceMethod","ListDeviceEvents","ListDevices","ListPlacements","ListProjects","ListTagsForResource","TagResource","UnclaimDevice","UntagResource","UpdateDeviceState","UpdatePlacement","UpdateProject"],"ARNFormat":"arn:aws:iot1click:${Region}:${Account}:${Type}/${Name}","ARNRegex":"^arn:aws:iot1click:.+:[0-9]+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Managed Streaming for Kafka Connect":{"StringPrefix":"kafkaconnect","Actions":["CreateConnector","CreateCustomPlugin","CreateWorkerConfiguration","DeleteConnector","DeleteCustomPlugin","DescribeConnector","DescribeCustomPlugin","DescribeWorkerConfiguration","ListConnectors","ListCustomPlugins","ListWorkerConfigurations","UpdateConnector"],"ARNFormat":"arn:aws:kafkaconnect:${Region}:${Account}:${ResourceType}/${ResourceName}/${UUID}","ARNRegex":"^arn:aws:kafkaconnect:.+","HasResource":true},"AWS CodePipeline":{"StringPrefix":"codepipeline","Actions":["AcknowledgeJob","AcknowledgeThirdPartyJob","CreateCustomActionType","CreatePipeline","DeleteCustomActionType","DeletePipeline","DeleteWebhook","DeregisterWebhookWithThirdParty","DisableStageTransition","EnableStageTransition","GetActionType","GetJobDetails","GetPipeline","GetPipelineExecution","GetPipelineState","GetThirdPartyJobDetails","ListActionExecutions","ListActionTypes","ListPipelineExecutions","ListPipelines","ListTagsForResource","ListWebhooks","PollForJobs","PollForThirdPartyJobs","PutActionRevision","PutApprovalResult","PutJobFailureResult","PutJobSuccessResult","PutThirdPartyJobFailureResult","PutThirdPartyJobSuccessResult","PutWebhook","RegisterWebhookWithThirdParty","RetryStageExecution","StartPipelineExecution","StopPipelineExecution","TagResource","UntagResource","UpdateActionType","UpdatePipeline"],"ARNFormat":"arn:aws:codepipeline:${Region}:${Account}:${PathToPipelineResource}","ARNRegex":"^arn:aws:codepipeline:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Security Hub":{"StringPrefix":"securityhub","Actions":["AcceptAdministratorInvitation","AcceptInvitation","BatchDisableStandards","BatchEnableStandards","BatchGetStandardsControlAssociations","BatchImportFindings","BatchUpdateFindings","BatchUpdateStandardsControlAssociations","CreateActionTarget","CreateFindingAggregator","CreateInsight","CreateMembers","DeclineInvitations","DeleteActionTarget","DeleteFindingAggregator","DeleteInsight","DeleteInvitations","DeleteMembers","DescribeActionTargets","DescribeHub","DescribeOrganizationConfiguration","DescribeProducts","DescribeStandards","DescribeStandardsControls","DisableImportFindingsForProduct","DisableOrganizationAdminAccount","DisableSecurityHub","DisassociateFromAdministratorAccount","DisassociateFromMasterAccount","DisassociateMembers","EnableImportFindingsForProduct","EnableOrganizationAdminAccount","EnableSecurityHub","GetAdhocInsightResults","GetAdministratorAccount","GetControlFindingSummary","GetEnabledStandards","GetFindingAggregator","GetFindings","GetFreeTrialEndDate","GetFreeTrialUsage","GetInsightFindingTrend","GetInsightResults","GetInsights","GetInvitationsCount","GetMasterAccount","GetMembers","GetUsage","InviteMembers","ListControlEvaluationSummaries","ListEnabledProductsForImport","ListFindingAggregators","ListInvitations","ListMembers","ListOrganizationAdminAccounts","ListSecurityControlDefinitions","ListTagsForResource","SendFindingEvents","SendInsightEvents","TagResource","UntagResource","UpdateActionTarget","UpdateFindingAggregator","UpdateFindings","UpdateInsight","UpdateOrganizationConfiguration","UpdateSecurityHubConfiguration","UpdateStandardsControl"],"ARNFormat":"arn:${Partition}:securityhub:${Region}:${Account}:.+","ARNRegex":"^arn:${Partition}:securityhub:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","securityhub:ASFFSyntaxPath/${ASFFSyntaxPath}","securityhub:TargetAccount"],"HasResource":true},"Amazon EC2 Image Builder":{"StringPrefix":"imagebuilder","Actions":["CancelImageCreation","CreateComponent","CreateContainerRecipe","CreateDistributionConfiguration","CreateImage","CreateImagePipeline","CreateImageRecipe","CreateInfrastructureConfiguration","DeleteComponent","DeleteContainerRecipe","DeleteDistributionConfiguration","DeleteImage","DeleteImagePipeline","DeleteImageRecipe","DeleteInfrastructureConfiguration","GetComponent","GetComponentPolicy","GetContainerRecipe","GetContainerRecipePolicy","GetDistributionConfiguration","GetImage","GetImagePipeline","GetImagePolicy","GetImageRecipe","GetImageRecipePolicy","GetInfrastructureConfiguration","ImportComponent","ImportVmImage","ListComponentBuildVersions","ListComponents","ListContainerRecipes","ListDistributionConfigurations","ListImageBuildVersions","ListImagePackages","ListImagePipelineImages","ListImagePipelines","ListImageRecipes","ListImages","ListInfrastructureConfigurations","ListTagsForResource","PutComponentPolicy","PutContainerRecipePolicy","PutImagePolicy","PutImageRecipePolicy","StartImagePipelineExecution","TagResource","UntagResource","UpdateDistributionConfiguration","UpdateImagePipeline","UpdateInfrastructureConfiguration"],"ARNFormat":"arn:aws:imagebuilder:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:imagebuilder:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","imagebuilder:CreatedResourceTag/","imagebuilder:CreatedResourceTagKeys","imagebuilder:Ec2MetadataHttpTokens","imagebuilder:StatusTopicArn"],"HasResource":true},"Amazon SQS":{"StringPrefix":"sqs","Actions":["AddPermission","ChangeMessageVisibility","CreateQueue","DeleteMessage","DeleteQueue","GetQueueAttributes","GetQueueUrl","ListDeadLetterSourceQueues","ListQueueTags","ListQueues","PurgeQueue","ReceiveMessage","RemovePermission","SendMessage","SetQueueAttributes","TagQueue","UntagQueue"],"ARNFormat":"arn:aws:sqs:${Region}:${AccountID}:${QueueName}","ARNRegex":"^arn:aws:sqs:.+","HasResource":true},"AWS Cloud Map":{"StringPrefix":"servicediscovery","Actions":["CreateHttpNamespace","CreatePrivateDnsNamespace","CreatePublicDnsNamespace","CreateService","DeleteNamespace","DeleteService","DeregisterInstance","DiscoverInstances","GetInstance","GetInstancesHealthStatus","GetNamespace","GetOperation","GetService","ListInstances","ListNamespaces","ListOperations","ListServices","ListTagsForResource","RegisterInstance","TagResource","UntagResource","UpdateHttpNamespace","UpdateInstanceCustomHealthStatus","UpdatePrivateDnsNamespace","UpdatePublicDnsNamespace","UpdateService"],"ARNFormat":"arn:aws:servicediscovery:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:servicediscovery:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","servicediscovery:NamespaceArn","servicediscovery:NamespaceName","servicediscovery:ServiceArn","servicediscovery:ServiceName"],"HasResource":true},"AWS Tiros":{"StringPrefix":"tiros","Actions":["CreateQuery","GetQueryAnswer","GetQueryExplanation"],"ARNFormat":"arn:aws:tiros:::","ARNRegex":"^arn:aws:tiros::.+","HasResource":false},"AWS Compute Optimizer":{"StringPrefix":"compute-optimizer","Actions":["DeleteRecommendationPreferences","DescribeRecommendationExportJobs","ExportAutoScalingGroupRecommendations","ExportEBSVolumeRecommendations","ExportEC2InstanceRecommendations","ExportLambdaFunctionRecommendations","GetAutoScalingGroupRecommendations","GetEBSVolumeRecommendations","GetEC2InstanceRecommendations","GetEC2RecommendationProjectedMetrics","GetEffectiveRecommendationPreferences","GetEnrollmentStatus","GetEnrollmentStatusesForOrganization","GetLambdaFunctionRecommendations","GetRecommendationPreferences","GetRecommendationSummaries","PutRecommendationPreferences","UpdateEnrollmentStatus"],"conditionKeys":["compute-optimizer:ResourceType"],"HasResource":false},"Amazon S3 Glacier":{"StringPrefix":"glacier","Actions":["AbortMultipartUpload","AbortVaultLock","AddTagsToVault","CompleteMultipartUpload","CompleteVaultLock","CreateVault","DeleteArchive","DeleteVault","DeleteVaultAccessPolicy","DeleteVaultNotifications","DescribeJob","DescribeVault","GetDataRetrievalPolicy","GetJobOutput","GetVaultAccessPolicy","GetVaultLock","GetVaultNotifications","InitiateJob","InitiateMultipartUpload","InitiateVaultLock","ListJobs","ListMultipartUploads","ListParts","ListProvisionedCapacity","ListTagsForVault","ListVaults","PurchaseProvisionedCapacity","RemoveTagsFromVault","SetDataRetrievalPolicy","SetVaultAccessPolicy","SetVaultNotifications","UploadArchive","UploadMultipartPart"],"ARNFormat":"arn:${Partition}:glacier:${Region}:${Account}:vault/${VaultName}","ARNRegex":"^arn:${Partition}:glacier:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:TagKeys","glacier:ArchiveAgeInDays","glacier:ResourceTag/"],"HasResource":true},"Amazon Rekognition":{"StringPrefix":"rekognition","Actions":["CompareFaces","CreateCollection","CreateDataset","CreateProject","CreateProjectVersion","CreateStreamProcessor","DeleteCollection","DeleteDataset","DeleteFaces","DeleteProject","DeleteProjectVersion","DeleteStreamProcessor","DescribeCollection","DescribeDataset","DescribeProjectVersions","DescribeProjects","DescribeStreamProcessor","DetectCustomLabels","DetectFaces","DetectLabels","DetectModerationLabels","DetectProtectiveEquipment","DetectText","DistributeDatasetEntries","GetCelebrityInfo","GetCelebrityRecognition","GetContentModeration","GetFaceDetection","GetFaceSearch","GetLabelDetection","GetPersonTracking","GetSegmentDetection","GetTextDetection","IndexFaces","ListCollections","ListDatasetEntries","ListDatasetLabels","ListFaces","ListStreamProcessors","ListTagsForResource","RecognizeCelebrities","SearchFaces","SearchFacesByImage","StartCelebrityRecognition","StartContentModeration","StartFaceDetection","StartFaceSearch","StartLabelDetection","StartPersonTracking","StartProjectVersion","StartSegmentDetection","StartStreamProcessor","StartTextDetection","StopProjectVersion","StopStreamProcessor","TagResource","UntagResource","UpdateDatasetEntries"],"ARNFormat":"arn:aws:rekognition:${Region}:${AccountID}:${RelativeId}","ARNRegex":"^arn:aws:rekognition:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Launch Wizard":{"StringPrefix":"launchwizard","Actions":["DeleteApp","DescribeProvisionedApp","DescribeProvisioningEvents","GetInfrastructureSuggestion","GetIpAddress","GetResourceCostEstimate","ListProvisionedApps","StartProvisioning"],"ARNRegex":"^arn:aws:launchwizard:.+:.+:.+","HasResource":false},"AWS Elemental MediaConvert":{"StringPrefix":"mediaconvert","Actions":["AssociateCertificate","CancelJob","CreateJob","CreateJobTemplate","CreatePreset","CreateQueue","DeleteJobTemplate","DeletePolicy","DeletePreset","DeleteQueue","DescribeEndpoints","DisassociateCertificate","GetJob","GetJobTemplate","GetPolicy","GetPreset","GetQueue","ListJobTemplates","ListJobs","ListPresets","ListQueues","ListTagsForResource","PutPolicy","TagResource","UntagResource","UpdateJobTemplate","UpdatePreset","UpdateQueue"],"ARNFormat":"arn:${Partition}:mediaconvert:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:mediaconvert:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Service Quotas":{"StringPrefix":"servicequotas","Actions":["AssociateServiceQuotaTemplate","DeleteServiceQuotaIncreaseRequestFromTemplate","DisassociateServiceQuotaTemplate","GetAWSDefaultServiceQuota","GetAssociationForServiceQuotaTemplate","GetRequestedServiceQuotaChange","GetServiceQuota","GetServiceQuotaIncreaseRequestFromTemplate","ListAWSDefaultServiceQuotas","ListRequestedServiceQuotaChangeHistory","ListRequestedServiceQuotaChangeHistoryByQuota","ListServiceQuotaIncreaseRequestsInTemplate","ListServiceQuotas","ListServices","ListTagsForResource","PutServiceQuotaIncreaseRequestIntoTemplate","RequestServiceQuotaIncrease","TagResource","UntagResource"],"ARNFormat":"arn:aws:servicequotas:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:aws:servicequotas:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","servicequotas:service"],"HasResource":true},"Amazon Inspector":{"StringPrefix":"inspector","Actions":["AddAttributesToFindings","CreateAssessmentTarget","CreateAssessmentTemplate","CreateExclusionsPreview","CreateResourceGroup","DeleteAssessmentRun","DeleteAssessmentTarget","DeleteAssessmentTemplate","DescribeAssessmentRuns","DescribeAssessmentTargets","DescribeAssessmentTemplates","DescribeCrossAccountAccessRole","DescribeExclusions","DescribeFindings","DescribeResourceGroups","DescribeRulesPackages","GetAssessmentReport","GetExclusionsPreview","GetTelemetryMetadata","ListAssessmentRunAgents","ListAssessmentRuns","ListAssessmentTargets","ListAssessmentTemplates","ListEventSubscriptions","ListExclusions","ListFindings","ListRulesPackages","ListTagsForResource","PreviewAgents","RegisterCrossAccountAccessRole","RemoveAttributesFromFindings","SetTagsForResource","StartAssessmentRun","StopAssessmentRun","SubscribeToEvent","UnsubscribeFromEvent","UpdateAssessmentTarget"],"HasResource":false},"AWS RoboMaker":{"StringPrefix":"robomaker","Actions":["BatchDeleteWorlds","BatchDescribeSimulationJob","CancelDeploymentJob","CancelSimulationJob","CancelSimulationJobBatch","CancelWorldExportJob","CancelWorldGenerationJob","CreateDeploymentJob","CreateFleet","CreateRobot","CreateRobotApplication","CreateRobotApplicationVersion","CreateSimulationApplication","CreateSimulationApplicationVersion","CreateSimulationJob","CreateWorldExportJob","CreateWorldGenerationJob","CreateWorldTemplate","DeleteFleet","DeleteRobot","DeleteRobotApplication","DeleteSimulationApplication","DeleteWorldTemplate","DeregisterRobot","DescribeDeploymentJob","DescribeFleet","DescribeRobot","DescribeRobotApplication","DescribeSimulationApplication","DescribeSimulationJob","DescribeSimulationJobBatch","DescribeWorld","DescribeWorldExportJob","DescribeWorldGenerationJob","DescribeWorldTemplate","GetWorldTemplateBody","ListDeploymentJobs","ListFleets","ListRobotApplications","ListRobots","ListSimulationApplications","ListSimulationJobBatches","ListSimulationJobs","ListSupportedAvailabilityZones","ListTagsForResource","ListWorldExportJobs","ListWorldGenerationJobs","ListWorldTemplates","ListWorlds","RegisterRobot","RestartSimulationJob","StartSimulationJobBatch","SyncDeploymentJob","TagResource","UntagResource","UpdateRobotApplication","UpdateRobotDeployment","UpdateSimulationApplication","UpdateWorldTemplate"],"ARNFormat":"arn:${Partition}:robomaker:${Region}:${AccountId}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:robomaker:.+:.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon QLDB":{"StringPrefix":"qldb","Actions":["CancelJournalKinesisStream","CreateLedger","DeleteLedger","DescribeJournalKinesisStream","DescribeJournalS3Export","DescribeLedger","ExecuteStatement","ExportJournalToS3","GetBlock","GetDigest","GetRevision","InsertSampleData","ListJournalKinesisStreamsForLedger","ListJournalS3Exports","ListJournalS3ExportsForLedger","ListLedgers","ListTagsForResource","PartiQLCreateIndex","PartiQLCreateTable","PartiQLDelete","PartiQLDropIndex","PartiQLDropTable","PartiQLHistoryFunction","PartiQLInsert","PartiQLSelect","PartiQLUndropTable","PartiQLUpdate","SendCommand","ShowCatalog","StreamJournalToKinesis","TagResource","UntagResource","UpdateLedger","UpdateLedgerPermissionsMode"],"ARNFormat":"arn:${Partition}:qldb:${Region}:${Account}:${ResourceType}/${ResourcePath}","ARNRegex":"^arn:${Partition}:qldb:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","qldb:Purge"],"HasResource":true},"AWS CodeStar":{"StringPrefix":"codestar","Actions":["AssociateTeamMember","CreateProject","CreateUserProfile","DeleteExtendedAccess","DeleteProject","DeleteUserProfile","DescribeProject","DescribeUserProfile","DisassociateTeamMember","GetExtendedAccess","ListProjects","ListResources","ListTagsForProject","ListTeamMembers","ListUserProfiles","PutExtendedAccess","TagProject","UntagProject","UpdateProject","UpdateTeamMember","UpdateUserProfile","VerifyServiceRole"],"ARNFormat":"arn:aws:codestar:::/","ARNRegex":"^arn:aws:codestar:.+:[0-9]+:project/.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","iam:ResourceTag/${TagKey}"],"HasResource":true},"AWS CodeArtifact":{"StringPrefix":"codeartifact","Actions":["AssociateExternalConnection","AssociateWithDownstreamRepository","CopyPackageVersions","CreateDomain","CreateRepository","DeleteDomain","DeleteDomainPermissionsPolicy","DeletePackageVersions","DeleteRepository","DeleteRepositoryPermissionsPolicy","DescribeDomain","DescribePackageVersion","DescribeRepository","DisassociateExternalConnection","DisposePackageVersions","GetAuthorizationToken","GetDomainPermissionsPolicy","GetPackageVersionAsset","GetPackageVersionReadme","GetRepositoryEndpoint","GetRepositoryPermissionsPolicy","ListDomains","ListPackageVersionAssets","ListPackageVersionDependencies","ListPackageVersions","ListPackages","ListRepositories","ListRepositoriesInDomain","ListTagsForResource","PublishPackageVersion","PutDomainPermissionsPolicy","PutPackageMetadata","PutRepositoryPermissionsPolicy","ReadFromRepository","TagResource","UntagResource","UpdatePackageVersionsStatus","UpdateRepository"],"ARNFormat":"arn:${Partition}:codeartifact:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:codeartifact:.+:[0-9]+:.+/.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Direct Connect":{"StringPrefix":"directconnect","Actions":["AcceptDirectConnectGatewayAssociationProposal","AllocateConnectionOnInterconnect","AllocateHostedConnection","AllocatePrivateVirtualInterface","AllocatePublicVirtualInterface","AllocateTransitVirtualInterface","AssociateConnectionWithLag","AssociateHostedConnection","AssociateMacSecKey","AssociateVirtualInterface","ConfirmConnection","ConfirmCustomerAgreement","ConfirmPrivateVirtualInterface","ConfirmPublicVirtualInterface","ConfirmTransitVirtualInterface","CreateBGPPeer","CreateConnection","CreateDirectConnectGateway","CreateDirectConnectGatewayAssociation","CreateDirectConnectGatewayAssociationProposal","CreateInterconnect","CreateLag","CreatePrivateVirtualInterface","CreatePublicVirtualInterface","CreateTransitVirtualInterface","DeleteBGPPeer","DeleteConnection","DeleteDirectConnectGateway","DeleteDirectConnectGatewayAssociation","DeleteDirectConnectGatewayAssociationProposal","DeleteInterconnect","DeleteLag","DeleteVirtualInterface","DescribeConnectionLoa","DescribeConnections","DescribeConnectionsOnInterconnect","DescribeCustomerMetadata","DescribeDirectConnectGatewayAssociationProposals","DescribeDirectConnectGatewayAssociations","DescribeDirectConnectGatewayAttachments","DescribeDirectConnectGateways","DescribeHostedConnections","DescribeInterconnectLoa","DescribeInterconnects","DescribeLags","DescribeLoa","DescribeLocations","DescribeRouterConfiguration","DescribeTags","DescribeVirtualGateways","DescribeVirtualInterfaces","DisassociateConnectionFromLag","DisassociateMacSecKey","ListVirtualInterfaceTestHistory","StartBgpFailoverTest","StopBgpFailoverTest","TagResource","UntagResource","UpdateConnection","UpdateDirectConnectGateway","UpdateDirectConnectGatewayAssociation","UpdateLag","UpdateVirtualInterfaceAttributes"],"ARNFormat":"arn:${Partition}:directconnect:${Region}:${Account}:${ResourceType}/${ResourceId}","ARNRegex":"^arn:${Partition}:directconnect:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Neptune":{"StringPrefix":"neptune-db","Actions":["connect"],"ARNFormat":"arn:aws:neptune-db:::","ARNRegex":"^arn:aws:neptune-db:.+","HasResource":true},"AWS DataSync":{"StringPrefix":"datasync","Actions":["CancelTaskExecution","CreateAgent","CreateLocationEfs","CreateLocationFsxLustre","CreateLocationFsxOpenZfs","CreateLocationFsxWindows","CreateLocationHdfs","CreateLocationNfs","CreateLocationObjectStorage","CreateLocationS3","CreateLocationSmb","CreateTask","DeleteAgent","DeleteLocation","DeleteTask","DescribeAgent","DescribeLocationEfs","DescribeLocationFsxLustre","DescribeLocationFsxOpenZfs","DescribeLocationFsxWindows","DescribeLocationHdfs","DescribeLocationNfs","DescribeLocationObjectStorage","DescribeLocationS3","DescribeLocationSmb","DescribeTask","DescribeTaskExecution","ListAgents","ListLocations","ListTagsForResource","ListTaskExecutions","ListTasks","StartTaskExecution","TagResource","UntagResource","UpdateAgent","UpdateLocationHdfs","UpdateLocationNfs","UpdateLocationObjectStorage","UpdateLocationSmb","UpdateTask","UpdateTaskExecution"],"ARNFormat":"arn:${Partition}:datasync:${Region}:${Account}:${ResourceType}/${ResourceName}","ARNRegex":"^arn:${Partition}:datasync:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Organizations":{"StringPrefix":"organizations","Actions":["AcceptHandshake","AttachPolicy","CancelHandshake","CloseAccount","CreateAccount","CreateGovCloudAccount","CreateOrganization","CreateOrganizationalUnit","CreatePolicy","DeclineHandshake","DeleteOrganization","DeleteOrganizationalUnit","DeletePolicy","DeregisterDelegatedAdministrator","DescribeAccount","DescribeCreateAccountStatus","DescribeEffectivePolicy","DescribeHandshake","DescribeOrganization","DescribeOrganizationalUnit","DescribePolicy","DetachPolicy","DisableAWSServiceAccess","DisablePolicyType","EnableAWSServiceAccess","EnableAllFeatures","EnablePolicyType","InviteAccountToOrganization","LeaveOrganization","ListAWSServiceAccessForOrganization","ListAccounts","ListAccountsForParent","ListChildren","ListCreateAccountStatus","ListDelegatedAdministrators","ListDelegatedServicesForAccount","ListHandshakesForAccount","ListHandshakesForOrganization","ListOrganizationalUnitsForParent","ListParents","ListPolicies","ListPoliciesForTarget","ListRoots","ListTagsForResource","ListTargetsForPolicy","MoveAccount","RegisterDelegatedAdministrator","RemoveAccountFromOrganization","TagResource","UntagResource","UpdateOrganizationalUnit","UpdatePolicy"],"ARNFormat":"arn:${Partition}:organizations::${MasterAccountId}:${Resource}/o-${OrganizationId}(/${ResourceType}/${ResourceId})?","ARNRegex":"^arn:${Partition}:organizations::.+:.+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys","organizations:PolicyType","organizations:ServicePrincipal"],"HasResource":true},"AWS Performance Insights":{"StringPrefix":"pi","Actions":["DescribeDimensionKeys","GetDimensionKeyDetails","GetResourceMetadata","GetResourceMetrics","ListAvailableResourceDimensions","ListAvailableResourceMetrics"],"ARNFormat":"arn:aws:pi:${Region}:${Account}:${ResourceType}/${RelativeId}","ARNRegex":"^arn:aws:pi:.+","HasResource":true},"Amazon Kinesis Analytics V2":{"StringPrefix":"kinesisanalytics","Actions":["AddApplicationCloudWatchLoggingOption","AddApplicationInput","AddApplicationInputProcessingConfiguration","AddApplicationOutput","AddApplicationReferenceDataSource","AddApplicationVpcConfiguration","CreateApplication","CreateApplicationPresignedUrl","CreateApplicationSnapshot","DeleteApplication","DeleteApplicationCloudWatchLoggingOption","DeleteApplicationInputProcessingConfiguration","DeleteApplicationOutput","DeleteApplicationReferenceDataSource","DeleteApplicationSnapshot","DeleteApplicationVpcConfiguration","DescribeApplication","DescribeApplicationSnapshot","DescribeApplicationVersion","DiscoverInputSchema","ListApplicationSnapshots","ListApplicationVersions","ListApplications","ListTagsForResource","RollbackApplication","StartApplication","StopApplication","TagResource","UntagResource","UpdateApplication","UpdateApplicationMaintenanceConfiguration"],"ARNFormat":"arn:aws:kinesisanalytics:::application/","ARNRegex":"^arn:aws:kinesisanalytics:.+:[0-9]+:application/[a-zA-Z0-9_.-]+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"Amazon Kinesis Analytics":{"StringPrefix":"kinesisanalytics","Actions":["AddApplicationInput","AddApplicationOutput","AddApplicationReferenceDataSource","CreateApplication","DeleteApplication","DeleteApplicationOutput","DeleteApplicationReferenceDataSource","DescribeApplication","DiscoverInputSchema","GetApplicationState","ListApplications","ListTagsForResource","StartApplication","StopApplication","TagResource","UntagResource","UpdateApplication"],"ARNFormat":"arn:aws:kinesisanalytics:::application/","ARNRegex":"^arn:aws:kinesisanalytics:.+:[0-9]+:application/[a-zA-Z0-9_.-]+","conditionKeys":["aws:RequestTag/${TagKey}","aws:ResourceTag/${TagKey}","aws:TagKeys"],"HasResource":true},"AWS Account Management":{"StringPrefix":"account","Actions":["DeleteAlternateContact","DisableRegion","EnableRegion","GetAlternateContact","ListRegions","PutAlternateContact"],"ARNFormat":"arn:${Partition}:account::${Account}:account","ARNRegex":"^arn:${Partition}:account::.+:account","conditionKeys":["account:AccountResourceOrgPaths","account:AccountResourceOrgTags/${TagKey}","account:AlternateContactTypes","account:TargetRegion"],"HasResource":true}},"policyTypes":{"SQSPolicy":{"Name":"SQS Queue Policy","AssociatedService":["Amazon SQS"]},"S3Policy":{"Name":"S3 Bucket Policy","AssociatedService":["Amazon S3"]},"VPCPolicy":{"Name":"VPC Endpoint Policy","AssociatedService":["Amazon S3","Amazon DynamoDB For VPC Policies"]},"IAMPolicy":{"Name":"IAM Policy","AssociatedService":["*"]},"SNSPolicy":{"Name":"SNS Topic Policy","AssociatedService":["Amazon SNS"]}},"VPCPolicyServiceActionMap":{"Amazon DynamoDB For VPC Policies":["DescribeContinuousBackups","DescribeBackup","DescribeReservedCapacity","PurchaseReservedCapacityOfferings","ListBackups","DeleteItem","Query","DeleteBackup","DescribeTable","CreateTable","BatchGetItem","BatchWriteItem","DeleteTable","RestoreTableFromBackup","GetItem","DescribeLimits","UpdateTable","UpdateItem","DescribeReservedCapacityOfferings","ListTables","Scan","PutItem","CreateBackup"]}} \ No newline at end of file diff --git a/alpine/jenkins/Dockerfile b/alpine/jenkins/Dockerfile new file mode 100644 index 0000000..6f678ac --- /dev/null +++ b/alpine/jenkins/Dockerfile @@ -0,0 +1,18 @@ +FROM alpine:latest +LABEL description="Jenkins" +LABEL maintainer="racken@one27.cf" +LABEL notes="Get initial admin password by docker exec -it and cat /root/.jenkins/secrets/initialAdminPassword" +LABEL java-version="openjdk11" +LABEL jenkins-version="2.222.3" +LABEL exposed-port="8080" +LABEL jenkins-path="/jenkins" +ENV container docker +RUN apk add openjdk11 wget openjdk11-jre-headless ttf-dejavu; mkdir /opt/tomcat +WORKDIR /opt/tomcat +RUN wget -q -O- http://ftp.cuhk.edu.hk/pub/packages/apache.org/tomcat/tomcat-9/v9.0.34/bin/apache-tomcat-9.0.34.tar.gz | tar zxf - --strip-components=1 +RUN rm -rf /opt/tomcat/webapps/ROOT +RUN wget -q -O /opt/tomcat/webapps/jenkins.war http://mirrors.jenkins.io/war-stable/latest/jenkins.war +ENV JAVA_HOME="/usr" +ENV JAVA_OPTS="-Djava.awt.headless=true -Xmx2g -Dhudson.DNSMultiCast.disabled=true -Duser.timezone=Asia/Hong_Kong" +EXPOSE 8080 +CMD ["/opt/tomcat/bin/catalina.sh", "run"] diff --git a/alpine/jenkins/start.sh b/alpine/jenkins/start.sh new file mode 100755 index 0000000..f0bcc81 --- /dev/null +++ b/alpine/jenkins/start.sh @@ -0,0 +1,3 @@ +docker run --name jenkins --cpus 2 \ +--net macvlan --ip 192.168.86.211 -d --restart=always alpine-jenkins + diff --git a/alpine/nginx-with-volume/Dockerfile b/alpine/nginx-with-volume/Dockerfile new file mode 100644 index 0000000..a0ca5db --- /dev/null +++ b/alpine/nginx-with-volume/Dockerfile @@ -0,0 +1,8 @@ +FROM alpine:latest +ENV container docker +VOLUME /var/www +RUN apk update; apk upgrade; apk add nginx nginx-mod-http-dav-ext +RUN mkdir -p /run/nginx +COPY index.html /var/www/index.html +EXPOSE 80 +CMD [ "/usr/sbin/nginx", "-c", "/etc/nginx/nginx.conf" ] diff --git a/alpine/nginx-with-volume/README.md b/alpine/nginx-with-volume/README.md new file mode 100644 index 0000000..fc3d568 --- /dev/null +++ b/alpine/nginx-with-volume/README.md @@ -0,0 +1,6 @@ +# Revision notes +20191206: since 1.17.6, /var/www/nextcloud needs to be mounted. not sure why it worked before... also created xpknet and assigned static IP to containers. nginx is on 192.168.188.2 and fpm on 192.168.188.10 +20191206: changed to macvlan. nginx is on 192.168.86.3 and fpm on 192.168.86.4 + +# General notes +dav is needed for enpass diff --git a/alpine/nginx-with-volume/build.sh b/alpine/nginx-with-volume/build.sh new file mode 100755 index 0000000..45e03f4 --- /dev/null +++ b/alpine/nginx-with-volume/build.sh @@ -0,0 +1,2 @@ +export DOCKER_BUILDKIT=1 +docker build --network host -t alpine/nginx-v . diff --git a/alpine/nginx-with-volume/index.html b/alpine/nginx-with-volume/index.html new file mode 100644 index 0000000..60484cd --- /dev/null +++ b/alpine/nginx-with-volume/index.html @@ -0,0 +1,5 @@ +

+
+

+Go to observium +
diff --git a/alpine/nginx-with-volume/nginx.conf b/alpine/nginx-with-volume/nginx.conf new file mode 100644 index 0000000..a8023ef --- /dev/null +++ b/alpine/nginx-with-volume/nginx.conf @@ -0,0 +1,254 @@ +user nginx; +worker_processes 2; +daemon off; +load_module "modules/ngx_http_dav_ext_module.so"; + +error_log /var/log/nginx/error-local.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 2000; +} + +http { + server_tokens off; + include /etc/nginx/mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + client_max_body_size 200M; + + gzip on; + gzip_min_length 1100; + gzip_buffers 4 8k; + gzip_types text/plain; + + # caching + proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=zone1:10m max_size=1G; + proxy_temp_path /tmp/nginx-proxy 1 2; + proxy_cache_key "$scheme$request_method$host$request_uri"; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_bypass $cookie_session; + proxy_no_cache $cookie_session; + proxy_headers_hash_max_size 1024; + proxy_headers_hash_bucket_size 128; + + log_format cached '$remote_addr ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" $upstream_cache_status'; + + + # Useragent ACL: works but ubuntu online accounts does not provide any useragent + #map $http_user_agent $useragent_acl { + # default deny; + # ~(Desktop|Chrome|Nextcloud-iOS|Nextcloud-android|mirall|Mozilla/5\.0|git|ansible-httpget|Go-http-client) allow; + #} + + # _ _ _ _ + # _ __ | |__ _ __ | |__ __ _ _ __ __| | | ___ _ __ + # | '_ \| '_ \| '_ \ _____| '_ \ / _` | '_ \ / _` | |/ _ \ '__| + # | |_) | | | | |_) |_____| | | | (_| | | | | (_| | | __/ | + # | .__/|_| |_| .__/ |_| |_|\__,_|_| |_|\__,_|_|\___|_| + # |_| |_| + # + + upstream php-handler { + server 192.168.86.210:9000; + #server unix:/var/run/php/php7.2-fpm.sock; + } + + server { + listen 80 default_server; + # root /var/www/null; + root /var/www/letsencrypt; + + # for letsencrypt / acme-tiny + location /.well-known { + try_files $uri $uri/ =404; + } + + location /.well-known/acme-challenge/ { + alias /var/www/letsencrypt/; + } + + location / { + return 301 https://$host$request_uri; + } + # Useragent ACL + # if ($useragent_acl = deny) { + # return 403; + # } + + # letsencrypt validation + #location /.well-known/acme-challenge/ { + # alias /var/www/letsencrypt/; + #} + + #if ($http_x_forwarded_proto != "https") { +# return 301 https://$host$request_uri; +# } + } + + server { + listen 443 ssl http2 default_server; + root /var/www; + # still need TLS1.2 for Lixil Jenkins git pull + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ecdh_curve secp521r1:secp384r1:prime256v1; + ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256; + ssl_prefer_server_ciphers on; + ssl_session_timeout 10m; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag "noindex, nofollow"; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + + ssl_certificate /home/ssl/xpk.headdesk.me.crt; + ssl_certificate_key /home/ssl/xpk.headdesk.me.key; + + # filter out PROPFIND in access log + set $logme 1; + + if ($request_method = PROPFIND) { + set $logme 0; + } + + access_log /var/log/nginx/access.log cached if=$logme; + + # Useragent ACL + # if ($useragent_acl = deny) { + # return 403; + #} + + #location / { + # proxy_pass http://192.168.86.10:8080/; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header HTTP_X_FORWARDED_PROTO https; + # proxy_set_header Host $host; + # proxy_cache_bypass $http_pragma $http_authorization; + # } + + # letsencrypt validation + location /.well-known/acme-challenge/ { + alias /var/www/letsencrypt/; + } + fastcgi_hide_header X-Powered-By; + location = /.well-known/carddav { + return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav; + } + + location /nextcloud/ { + rewrite ^ /nextcloud/index.php; + } + location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { + deny all; + } + location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { + fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + fastcgi_param HTTPS on; + # Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + # Enable pretty urls + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) { + try_files $uri/ =404; + index index.php; + } + + location ~ ^\/nextcloud.*\.(?:css|js|woff2?|svg|gif|map)$ { + try_files $uri /nextcloud/index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag "noindex, nofollow"; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + } + location ~ ^\/nextcloud.*\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { + try_files $uri /nextcloud/index.php$request_uri; + } + + location /git/ { + proxy_pass http://192.168.86.53:3000/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header HTTP_X_FORWARDED_PROTO https; + proxy_set_header Host $host; + proxy_http_version 1.1; + # caching: do not enable, causes cross account caching! + # proxy_cache zone1; + # proxy_cache_valid 200 302 5m; + # proxy_cache_valid any 10m; + } + + location /pad/ { + proxy_pass http://192.168.86.51:9001/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header HTTP_X_FORWARDED_PROTO https; + proxy_set_header Host $host; + proxy_http_version 1.1; + proxy_cookie_path / "/pad; HTTPOnly; Secure"; + proxy_cookie_flags express secure httponly; + } + + location /jenkins/ { + proxy_pass http://192.168.86.55:8080/jenkins/; + proxy_redirect default; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header HTTP_X_FORWARDED_PROTO https; + proxy_set_header Host $host; + proxy_http_version 1.1; + } + + location /mon/ { + proxy_pass http://192.168.86.57/; + proxy_buffering off; + proxy_redirect default; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header HTTP_X_FORWARDED_PROTO https; + proxy_set_header Host $host; + proxy_http_version 1.1; + proxy_cookie_path / "/mon; HTTPOnly; Secure"; + proxy_cookie_flags express secure httponly; + } + + location /enpass/ { + root /var/www; + auth_basic enpass; + auth_basic_user_file /var/www/enpass/.htpass; + dav_methods PUT DELETE MKCOL COPY MOVE; + dav_ext_methods PROPFIND OPTIONS; + dav_access user:rw group:rw all:r; + create_full_put_path on; + autoindex on; + } + } +} diff --git a/alpine/nginx-with-volume/restart-nginx.sh b/alpine/nginx-with-volume/restart-nginx.sh new file mode 100755 index 0000000..cb984af --- /dev/null +++ b/alpine/nginx-with-volume/restart-nginx.sh @@ -0,0 +1,4 @@ +docker stop nginx +docker rm nginx +sleep 5 +/my/container-config/alpine/nginx/start-nginx.sh diff --git a/alpine/nginx-with-volume/start-nginx.sh b/alpine/nginx-with-volume/start-nginx.sh new file mode 100755 index 0000000..379355f --- /dev/null +++ b/alpine/nginx-with-volume/start-nginx.sh @@ -0,0 +1,14 @@ +# nginx container +docker run --name nginx -v /my/container-config/alpine/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \ +-m 2g -v /my/sites/ssl-cert:/home/ssl \ +-v /var/www/nextcloud:/var/www/nextcloud:ro \ +-v /var/www/enpass:/var/www/enpass:rw \ +-v /var/www/letsencrypt:/var/www/letsencrypt:ro \ +--net macvlan --ip 192.168.86.209 -d --restart=always alpine/nginx + +# clearlinux/nginx +#docker run --name nginx -v /my/container-config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \ +#-v /etc/letsencrypt:/etc/letsencrypt:ro -m 2g \ +#-v /var/www/nextcloud:/var/www/nextcloud:ro \ +#--net macvlan --ip 192.168.86.3 -d --restart=always clearlinux/nginx + diff --git a/alpine/nginx/Dockerfile b/alpine/nginx/Dockerfile new file mode 100644 index 0000000..47237ca --- /dev/null +++ b/alpine/nginx/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine:latest +ENV container docker +RUN apk update; apk upgrade; apk add nginx nginx-mod-http-dav-ext +RUN mkdir -p /run/nginx +COPY index.html /var/www/index.html +EXPOSE 80 +CMD [ "/usr/sbin/nginx", "-c", "/etc/nginx/nginx.conf" ] diff --git a/alpine/nginx/README.md b/alpine/nginx/README.md new file mode 100644 index 0000000..fc3d568 --- /dev/null +++ b/alpine/nginx/README.md @@ -0,0 +1,6 @@ +# Revision notes +20191206: since 1.17.6, /var/www/nextcloud needs to be mounted. not sure why it worked before... also created xpknet and assigned static IP to containers. nginx is on 192.168.188.2 and fpm on 192.168.188.10 +20191206: changed to macvlan. nginx is on 192.168.86.3 and fpm on 192.168.86.4 + +# General notes +dav is needed for enpass diff --git a/alpine/nginx/build.sh b/alpine/nginx/build.sh new file mode 100755 index 0000000..66e0c1d --- /dev/null +++ b/alpine/nginx/build.sh @@ -0,0 +1,2 @@ +export DOCKER_BUILDKIT=1 +docker build --network host -t alpine/nginx . diff --git a/alpine/nginx/index.html b/alpine/nginx/index.html new file mode 100644 index 0000000..60484cd --- /dev/null +++ b/alpine/nginx/index.html @@ -0,0 +1,5 @@ +

+
+

+Go to observium +
diff --git a/alpine/nginx/nginx.conf b/alpine/nginx/nginx.conf new file mode 100644 index 0000000..dc707ce --- /dev/null +++ b/alpine/nginx/nginx.conf @@ -0,0 +1,301 @@ +user nginx; +worker_processes 2; +daemon off; +load_module "modules/ngx_http_dav_ext_module.so"; + +error_log /var/log/nginx/error-local.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 2000; +} + +http { + server_tokens off; + include /etc/nginx/mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + client_max_body_size 200M; + + gzip on; + gzip_min_length 1100; + gzip_buffers 4 8k; + gzip_types text/plain; + + # caching + proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=zone1:10m max_size=1G; + proxy_temp_path /tmp/nginx-proxy 1 2; + proxy_cache_key "$scheme$request_method$host$request_uri"; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_bypass $cookie_session; + proxy_no_cache $cookie_session; + proxy_headers_hash_max_size 1024; + proxy_headers_hash_bucket_size 128; + + log_format cached '$remote_addr ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" $upstream_cache_status'; + + + # Useragent ACL + map $http_user_agent $blockagent { + default 0; + ~*Bytespider 1; + ~*Yandex 1; + ~*DotBot 1; + ~*Chrome/104.0.0.0 1; + ~*l9explore 1; + ~*ImagesiftBot 1; + } + + # _ _ _ _ + # _ __ | |__ _ __ | |__ __ _ _ __ __| | | ___ _ __ + # | '_ \| '_ \| '_ \ _____| '_ \ / _` | '_ \ / _` | |/ _ \ '__| + # | |_) | | | | |_) |_____| | | | (_| | | | | (_| | | __/ | + # | .__/|_| |_| .__/ |_| |_|\__,_|_| |_|\__,_|_|\___|_| + # |_| |_| + # + + upstream php-handler { + server 192.168.86.210:9000; + #server unix:/var/run/php/php7.2-fpm.sock; + } + + server { + listen 80 default_server; + # root /var/www/null; + root /var/www/letsencrypt; + + # for letsencrypt / acme-tiny + location /.well-known { + try_files $uri $uri/ =404; + } + + location /.well-known/acme-challenge/ { + alias /var/www/letsencrypt/; + } + + location / { + return 301 https://$host$request_uri; + } + # Useragent ACL + if ($blockagent) {return 403;} + + # letsencrypt validation + #location /.well-known/acme-challenge/ { + # alias /var/www/letsencrypt/; + #} + + #if ($http_x_forwarded_proto != "https") { +# return 301 https://$host$request_uri; +# } + } + + server { + listen 443 ssl default_server; + http2 on; + root /var/www; + # still need TLS1.2 for Lixil Jenkins git pull + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ecdh_curve secp521r1:secp384r1:prime256v1; + ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384; + ssl_prefer_server_ciphers on; + ssl_session_timeout 10m; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag "noindex, nofollow"; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + + ssl_certificate /home/ssl/xpk.headdesk.me.crt; + ssl_certificate_key /home/ssl/xpk.headdesk.me.key; + + # filter out PROPFIND in access log + set $logme 1; + + if ($request_method = PROPFIND) { + set $logme 0; + } + + #access_log /var/log/nginx/access.log cached if=$logme; + access_log syslog:server=192.168.86.10,nohostname cached if=$logme; + + # Useragent ACL + # if ($useragent_acl = deny) { + # return 403; + #} + + # try again + if ($blockagent) {return 403;} + + #location / { + # proxy_pass http://192.168.86.10:8080/; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header HTTP_X_FORWARDED_PROTO https; + # proxy_set_header Host $host; + # proxy_cache_bypass $http_pragma $http_authorization; + # } + + # letsencrypt validation + location /.well-known/acme-challenge/ { + alias /var/www/letsencrypt/; + } + fastcgi_hide_header X-Powered-By; + location = /.well-known/carddav { + return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav; + } + + location /nextcloud/ { + rewrite ^ /nextcloud/index.php; + } + location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { + deny all; + } + location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { + fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + fastcgi_param HTTPS on; + # Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + # Enable pretty urls + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) { + try_files $uri/ =404; + index index.php; + } + + location ~ ^\/nextcloud.*\.(?:css|js|woff2?|svg|gif|map)$ { + try_files $uri /nextcloud/index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag "noindex, nofollow"; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + } + location ~ ^\/nextcloud.*\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { + try_files $uri /nextcloud/index.php$request_uri; + } + + location /git/ { + proxy_pass http://192.168.86.53:3000/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header HTTP_X_FORWARDED_PROTO https; + proxy_set_header Host $host; + proxy_http_version 1.1; + # caching: do not enable, causes cross account caching! + # proxy_cache zone1; + # proxy_cache_valid 200 302 5m; + # proxy_cache_valid any 10m; + } + + location /pad/ { + proxy_pass http://192.168.86.51:9001/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header HTTP_X_FORWARDED_PROTO https; + proxy_set_header Host $host; + proxy_http_version 1.1; + proxy_cookie_path / "/pad; HTTPOnly; Secure"; + proxy_cookie_flags express secure httponly; + } + + location /jenkins/ { + proxy_pass http://192.168.86.55:8080/jenkins/; + proxy_redirect default; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header HTTP_X_FORWARDED_PROTO https; + proxy_set_header Host $host; + proxy_http_version 1.1; + } + + location /mon/ { + proxy_pass http://192.168.86.57/; + proxy_buffering off; + proxy_redirect default; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header HTTP_X_FORWARDED_PROTO https; + proxy_set_header Host $host; + proxy_http_version 1.1; + proxy_cookie_path / "/mon; HTTPOnly; Secure"; + proxy_cookie_flags express secure httponly; + } + + location /enpass/ { + root /var/www; + auth_basic enpass; + auth_basic_user_file /var/www/enpass/.htpass; + dav_methods PUT DELETE MKCOL COPY MOVE; + dav_ext_methods PROPFIND OPTIONS; + dav_access user:rw group:rw all:r; + create_full_put_path on; + autoindex on; + } + } + + server { + listen 443 ssl; + server_name mon.headdesk.me; + http2 on; + root /var/www; + ssl_protocols TLSv1.3; + ssl_ecdh_curve secp521r1:secp384r1:prime256v1; + ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384; + ssl_prefer_server_ciphers on; + ssl_session_timeout 10m; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag "noindex, nofollow"; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + + ssl_certificate /home/ssl/mon.headdesk.me.crt; + ssl_certificate_key /home/ssl/mon.headdesk.me.key; + location / { + proxy_pass http://192.168.86.57/; + proxy_buffering off; + proxy_redirect default; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header HTTP_X_FORWARDED_PROTO https; + proxy_set_header Host $host; + proxy_http_version 1.1; + #proxy_cookie_path / "/mon; HTTPOnly; Secure"; + #proxy_cookie_flags express secure httponly; + } + } +} + + diff --git a/alpine/nginx/restart-nginx.sh b/alpine/nginx/restart-nginx.sh new file mode 100755 index 0000000..cb984af --- /dev/null +++ b/alpine/nginx/restart-nginx.sh @@ -0,0 +1,4 @@ +docker stop nginx +docker rm nginx +sleep 5 +/my/container-config/alpine/nginx/start-nginx.sh diff --git a/alpine/nginx/start-nginx.sh b/alpine/nginx/start-nginx.sh new file mode 100755 index 0000000..379355f --- /dev/null +++ b/alpine/nginx/start-nginx.sh @@ -0,0 +1,14 @@ +# nginx container +docker run --name nginx -v /my/container-config/alpine/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \ +-m 2g -v /my/sites/ssl-cert:/home/ssl \ +-v /var/www/nextcloud:/var/www/nextcloud:ro \ +-v /var/www/enpass:/var/www/enpass:rw \ +-v /var/www/letsencrypt:/var/www/letsencrypt:ro \ +--net macvlan --ip 192.168.86.209 -d --restart=always alpine/nginx + +# clearlinux/nginx +#docker run --name nginx -v /my/container-config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \ +#-v /etc/letsencrypt:/etc/letsencrypt:ro -m 2g \ +#-v /var/www/nextcloud:/var/www/nextcloud:ro \ +#--net macvlan --ip 192.168.86.3 -d --restart=always clearlinux/nginx + diff --git a/alpine/openstack-cli/Dockerfile b/alpine/openstack-cli/Dockerfile new file mode 100644 index 0000000..9f5b9d4 --- /dev/null +++ b/alpine/openstack-cli/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine +LABEL description="Openstack cli on alpine" +LABEL maintainer="racken@one27.cf" +ENV container docker +RUN apk update; apk add py3-pip gcc python3-dev musl-dev linux-headers libffi-dev bash +RUN pip3 install python-openstackclient +ENTRYPOINT ["/bin/bash"] diff --git a/alpine/ping/Dockerfile b/alpine/ping/Dockerfile new file mode 100644 index 0000000..b52e81e --- /dev/null +++ b/alpine/ping/Dockerfile @@ -0,0 +1,5 @@ +FROM alpine:latest +LABEL description="ping test on alpine" +LABEL maintainer="racken@one27.cf" +ENV container docker +CMD ["ping", "-qi5", "210.0.248.38"] diff --git a/alpine/pma/Dockerfile b/alpine/pma/Dockerfile new file mode 100644 index 0000000..22c6c6b --- /dev/null +++ b/alpine/pma/Dockerfile @@ -0,0 +1,13 @@ +FROM alpine:latest +LABEL description="phpmyadmin on alpine" +LABEL maintainer="racken@one27.cf" +ENV container docker +RUN apk update; apk add bash tini php81-pdo_mysql php81-fpm nginx php81-session supervisor unzip php81-iconv php81-mysqli php81-xml php81-mbstring +RUN mkdir -p /var/www/html /etc/supervisor.d +COPY nginx-default.conf /etc/nginx/http.d/default.conf +RUN wget -O /tmp/pma.zip https://files.phpmyadmin.net/phpMyAdmin/5.2.1/phpMyAdmin-5.2.1-all-languages.zip +RUN unzip -qd /var/www/html /tmp/pma.zip; mv /var/www/html/phpMyAdmin* /var/www/html/pma; rm -f /tmp/pma.zip +COPY config.inc.php /var/www/html/pma/config.inc.php +RUN mkdir -p /var/www/html/pma/tmp/; chmod 777 /var/www/html/pma/tmp/ +COPY run.ini /etc/supervisor.d/run.ini +CMD ["/usr/bin/supervisord", "-n"] diff --git a/alpine/pma/config.inc.php b/alpine/pma/config.inc.php new file mode 100644 index 0000000..30e371a --- /dev/null +++ b/alpine/pma/config.inc.php @@ -0,0 +1,36 @@ +. + */ + +declare(strict_types=1); + +/** + * This is needed for cookie based authentication to encrypt password in + * cookie. Needs to be 32 chars long. + */ +$cfg['blowfish_secret'] = 'Z2RVfRex/rIuhv2AAJXQuzbllMs5PelMIWWMCO4Aoag='; + +/** + * Servers configuration + */ +$i = 0; + +/** + * First server + */ +$i++; +/* Authentication type */ +$cfg['Servers'][$i]['auth_type'] = 'cookie'; +/* Server parameters */ +$cfg['Servers'][$i]['host'] = 'localhost'; +$cfg['Servers'][$i]['compress'] = false; +$cfg['Servers'][$i]['AllowNoPassword'] = false; +$cfg['UploadDir'] = ''; +$cfg['SaveDir'] = ''; +$cfg['AllowArbitraryServer'] = true; + diff --git a/alpine/pma/nginx-default.conf b/alpine/pma/nginx-default.conf new file mode 100644 index 0000000..daae74e --- /dev/null +++ b/alpine/pma/nginx-default.conf @@ -0,0 +1,23 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + root /var/www/html; + + # You may need this to prevent return 404 recursion. + location = /404.html { + internal; + } + + location / { + index index.php index.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_param HTTP_PROXY ""; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_index index.php; + include fastcgi_params; + } +} diff --git a/alpine/pma/refresh-service.sh b/alpine/pma/refresh-service.sh new file mode 100644 index 0000000..396f998 --- /dev/null +++ b/alpine/pma/refresh-service.sh @@ -0,0 +1,5 @@ +aws ecr get-login-password --region ap-southeast-1 | docker login --username AWS --password-stdin 728959568254.dkr.ecr.ap-southeast-1.amazonaws.com/ +docker push 728959568254.dkr.ecr.ap-southeast-1.amazonaws.com/lixil-cms/phpmyadmin +aws ecs update-service --cluster dev-apse1-lixil-cms-ecs-cluster --service dev-lixil-pma-service --force-new-deployment +aws ecs update-service --cluster staging-apse1-lixil-cms-ecs-cluster --service staging-apse1-lixil-cms-pma-service --force-new-deployment +aws ecs update-service --cluster prod-apse1-lixil-cms-ecs-cluster --service prod-apse1-lixil-cms-pma-service --force-new-deployment diff --git a/alpine/pma/run.ini b/alpine/pma/run.ini new file mode 100644 index 0000000..2111e9d --- /dev/null +++ b/alpine/pma/run.ini @@ -0,0 +1,10 @@ +[program:nginx] +command=/usr/sbin/nginx -g 'daemon off;' +autostart=true +autorestart=true + +[program:phpfpm] +command=/usr/sbin/php-fpm81 -F +autostart=true +autorestart=true + diff --git a/alpine/privoxy/Dockerfile b/alpine/privoxy/Dockerfile new file mode 100644 index 0000000..fecb8b5 --- /dev/null +++ b/alpine/privoxy/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine:latest +LABEL description="Privoxy web proxy" +LABEL maintainer="racken@one27.cf" +ENV container docker +RUN apk update; apk add tini privoxy +RUN cd /etc/privoxy; touch default.filter user.filter; mv match-all.action.new match-all.action; mv user.action.new user.action +COPY default.action /etc/privoxy/default.action +COPY config /etc/privoxy/config +ENTRYPOINT ["/sbin/tini", "--"] +CMD ["/usr/sbin/privoxy", "--no-daemon", "--user", "privoxy", "/etc/privoxy/config"] diff --git a/alpine/privoxy/config b/alpine/privoxy/config new file mode 100644 index 0000000..f6fd938 --- /dev/null +++ b/alpine/privoxy/config @@ -0,0 +1,33 @@ +user-manual /usr/share/doc/privoxy/user-manual +confdir /etc/privoxy +#actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on. +#actionsfile default.action # Main actions file +#actionsfile user.action # User customizations +#filterfile default.filter +#filterfile user.filter # User customizations +listen-address :8086 +toggle 0 +enable-remote-toggle 0 +enable-remote-http-toggle 0 +enable-edit-actions 0 +enforce-blocks 0 +buffer-limit 4096 +enable-proxy-authentication-forwarding 1 +forwarded-connect-retries 0 +accept-intercepted-requests 0 +allow-cgi-request-crunching 0 +split-large-forms 0 +keep-alive-timeout 15 +tolerate-pipelining 1 +socket-timeout 300 +permit-access 192.168.86.0/24 +permit-access [fc00::0]/64 +logdir /var/log/privoxy +logfile privoxy.log +#debug 1024 +#log-messages 1 +receive-buffer-size 32768 +listen-backlog 512 +max-client-connections 512 +socket-timeout 180 +tolerate-pipelining 1 diff --git a/alpine/privoxy/default.action b/alpine/privoxy/default.action new file mode 100644 index 0000000..dae8280 --- /dev/null +++ b/alpine/privoxy/default.action @@ -0,0 +1,2 @@ +{-block} +.* diff --git a/alpine/privoxy/restart.sh b/alpine/privoxy/restart.sh new file mode 100755 index 0000000..6b63e5d --- /dev/null +++ b/alpine/privoxy/restart.sh @@ -0,0 +1,2 @@ +docker rm -f privoxy +./start.sh diff --git a/alpine/privoxy/start.sh b/alpine/privoxy/start.sh new file mode 100755 index 0000000..06fd5ba --- /dev/null +++ b/alpine/privoxy/start.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker run -d --name privoxy --network macvlan --cpus 2 --memory 1g --restart always --ip 192.168.86.18 alpine/privoxy diff --git a/alpine/redis/Dockerfile b/alpine/redis/Dockerfile new file mode 100644 index 0000000..893af60 --- /dev/null +++ b/alpine/redis/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine:latest +LABEL description="Redis for use with gitea" +LABEL maintainer="racken@one27.cf" +ENV container docker +RUN apk add bash tini redis +#RUN addgroup -g 3000 ctnuser && adduser -u 3000 -G ctnuser -D ctnuser +RUN sed -i -e 's/^bind.*/bind 0.0.0.0/g' -e 's/^protected-mode.*/protected-mode no/g' -e 's/^timeout.*/timeout 60/g' -e 's/^\(logfile.*\)/## \1/g' /etc/redis.conf +RUN chown -R redis:redis /var/log/redis +USER redis +ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/redis-server", "/etc/redis.conf"] diff --git a/alpine/redis/build.sh b/alpine/redis/build.sh new file mode 100755 index 0000000..c68fee0 --- /dev/null +++ b/alpine/redis/build.sh @@ -0,0 +1,2 @@ +export DOCKER_BUILDKIT=1 +docker build --network host -t alpine/redis . diff --git a/alpine/redis/restart.sh b/alpine/redis/restart.sh new file mode 100755 index 0000000..5f18956 --- /dev/null +++ b/alpine/redis/restart.sh @@ -0,0 +1,2 @@ +docker rm -f redis +docker run -d --name redis --network macvlan --ip 192.168.86.212 --restart=always alpine/redis diff --git a/alpine/squid/Dockerfile b/alpine/squid/Dockerfile new file mode 100644 index 0000000..7cb98bf --- /dev/null +++ b/alpine/squid/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine:latest +LABEL description="squid on alpine" +LABEL maintainer="racken@one27.cf" +ENV container docker +RUN apk update; apk add squid bash tini +ENTRYPOINT ["/sbin/tini", "--"] +CMD ["/usr/sbin/squid", "-N"] diff --git a/alpine/squid/start.sh b/alpine/squid/start.sh new file mode 100755 index 0000000..94818e4 --- /dev/null +++ b/alpine/squid/start.sh @@ -0,0 +1,3 @@ +docker run --name squid --cpus 2 -m 800m \ +--net macvlan --ip 192.168.86.88 -d --restart=always alpine-squid + diff --git a/alpine/terraform13/Dockerfile b/alpine/terraform13/Dockerfile new file mode 100644 index 0000000..57cff0e --- /dev/null +++ b/alpine/terraform13/Dockerfile @@ -0,0 +1,9 @@ +FROM alpine:latest +LABEL description="Terraform1.3 on Alpine" +LABEL maintainer="xpk@headdesk.me" +ENV container docker +RUN apk update +RUN apk add wget curl git bash libarchive-tools aws-cli +RUN wget -qO - https://releases.hashicorp.com/terraform/1.3.9/terraform_1.3.9_linux_amd64.zip | bsdtar -xOf - > /usr/bin/terraform +RUN chmod 755 /usr/bin/terraform +CMD ["/bin/bash"] diff --git a/alpine/terraform13/build.sh b/alpine/terraform13/build.sh new file mode 100755 index 0000000..ac35fc7 --- /dev/null +++ b/alpine/terraform13/build.sh @@ -0,0 +1,3 @@ +#!/bin/bash +export DOCKER_BUILDKIT=1 +docker buildx build --network host -t alpine/terraform13 . diff --git a/alpine/tini-test/Dockerfile b/alpine/tini-test/Dockerfile new file mode 100644 index 0000000..29fe6a8 --- /dev/null +++ b/alpine/tini-test/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine:latest +LABEL description="tini test" +LABEL maintainer="racken@one27.cf" +ENV container docker +RUN apk add bash tini +#ENV TINI_VERSION v0.19.0 +#ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini +#RUN chmod +x /tini +ENTRYPOINT ["/sbin/tini", "--"] +CMD ["/bin/bash"] diff --git a/alpine/valkey/Dockerfile b/alpine/valkey/Dockerfile new file mode 100644 index 0000000..282e689 --- /dev/null +++ b/alpine/valkey/Dockerfile @@ -0,0 +1,8 @@ +FROM alpine:latest +LABEL description="Valkey server" +LABEL maintainer="racken@one27.cf" +ENV container docker +RUN apk add bash tini valkey valkey-cli +COPY valkey.conf /etc/valkey/valkey.conf +USER valkey +ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/valkey-server", "/etc/valkey/valkey.conf"] diff --git a/alpine/valkey/build.sh b/alpine/valkey/build.sh new file mode 100755 index 0000000..671478c --- /dev/null +++ b/alpine/valkey/build.sh @@ -0,0 +1,2 @@ +export DOCKER_BUILDKIT=1 +docker build --network host -t alpine/valkey . diff --git a/alpine/valkey/restart.sh b/alpine/valkey/restart.sh new file mode 100755 index 0000000..7411378 --- /dev/null +++ b/alpine/valkey/restart.sh @@ -0,0 +1,3 @@ +docker rm -f valkey +#docker run -d --name valkey --network macvlan --ip 192.168.86.212 --restart=always alpine/valkey +docker run -d --name valkey --network macvlan --ip 192.168.86.212 --restart=always valkey/valkey diff --git a/alpine/valkey/valkey.conf b/alpine/valkey/valkey.conf new file mode 100644 index 0000000..fea6aa2 --- /dev/null +++ b/alpine/valkey/valkey.conf @@ -0,0 +1,79 @@ +#bind 127.0.0.1 -::1 +protected-mode no +port 6379 +tcp-backlog 511 +unixsocket /run/valkey/valkey.sock +unixsocketperm 770 +timeout 0 +tcp-keepalive 300 +loglevel notice +syslog-enabled yes +syslog-ident valkey +databases 16 +always-show-logo no +set-proc-title yes +proc-title-template "{title} {listen-addr} {server-mode}" +locale-collate "" +stop-writes-on-bgsave-error yes +rdbcompression yes +rdbchecksum yes +dbfilename dump.rdb +rdb-del-sync-files no +dir /var/lib/valkey +replica-serve-stale-data yes +replica-read-only yes +repl-diskless-sync yes +repl-diskless-sync-delay 5 +repl-diskless-sync-max-replicas 0 +repl-diskless-load disabled +repl-disable-tcp-nodelay no +replica-priority 100 +acllog-max-len 128 +lazyfree-lazy-eviction no +lazyfree-lazy-expire no +lazyfree-lazy-server-del no +replica-lazy-flush no +lazyfree-lazy-user-del no +lazyfree-lazy-user-flush no +io-threads 4 +oom-score-adj no +oom-score-adj-values 0 200 800 +disable-thp yes +appendonly no +appendfilename "appendonly.aof" +appenddirname "appendonlydir" +appendfsync everysec +no-appendfsync-on-rewrite no +auto-aof-rewrite-percentage 100 +auto-aof-rewrite-min-size 64mb +aof-load-truncated yes +aof-use-rdb-preamble yes +aof-timestamp-enabled no + +slowlog-log-slower-than 10000 +slowlog-max-len 128 +latency-monitor-threshold 0 +notify-keyspace-events "" +hash-max-listpack-entries 512 +hash-max-listpack-value 64 +list-max-listpack-size -2 +list-compress-depth 0 +set-max-intset-entries 512 +set-max-listpack-entries 128 +set-max-listpack-value 64 +zset-max-listpack-entries 128 +zset-max-listpack-value 64 +hll-sparse-max-bytes 3000 +stream-node-max-bytes 4096 +stream-node-max-entries 100 +activerehashing yes +client-output-buffer-limit normal 0 0 0 +client-output-buffer-limit replica 256mb 64mb 60 +client-output-buffer-limit pubsub 32mb 8mb 60 +hz 10 +dynamic-hz yes +aof-rewrite-incremental-fsync yes +rdb-save-incremental-fsync yes +jemalloc-bg-thread yes +include /etc/valkey/valkey.d/*.conf + diff --git a/centos6/dp-tools/Dockerfile b/centos6/dp-tools/Dockerfile new file mode 100644 index 0000000..9e0753f --- /dev/null +++ b/centos6/dp-tools/Dockerfile @@ -0,0 +1,15 @@ +FROM centos:6 +LABEL description="Legacy Datapipe tools for Linux team" +LABEL notes="These tools may be supported by Dan Drowns from LDP" +ENV container docker +RUN yum -y install epel-release +RUN rpm -ivh http://repo.openfusion.net/centos6-x86_64/openfusion-release-0.7-1.of.el6.noarch.rpm +RUN yum -y install wget perl perl-SOAP-Lite perl-PAR-Dist perl-parent perl-DBI perl-Frontier-RPC perl-Frontier-RPC-Client perl-Crypt-SSLeay expect perl-Expect perl-IO-Stty perl-TermReadKey perl-Mozilla-CA perl-Try-Tiny +RUN rpm -e httpd mod_perl --nodeps +RUN wget -q --no-check-certificate -O/dp-tools.tgz https://files.unix.cl.datapipe.net/index.php/s/jfTZMT6EZrAmHrb/download +WORKDIR / +RUN tar zxf dp-tools.tgz +COPY README /root/README +ENV PATH="$PATH:/dp/tools/maps-3.1.5/bin:/dp/tools/ssutils/bin:/dp/tools/serverlogin" +ENV PS1 "see /root/README $ " +ENTRYPOINT ["/bin/bash"] diff --git a/centos6/dp-tools/README b/centos6/dp-tools/README new file mode 100644 index 0000000..7e88178 --- /dev/null +++ b/centos6/dp-tools/README @@ -0,0 +1,8 @@ +# LDP tools +3 tools can be found under /dp/tools: +- maps: works with vDNS, use Rackspace RSA token +- serverlogin: works with vDNS, use Rackspace RSA token +- ssutils: cli tool for logging into LDP servers, talks to secretserver + +# sources +https://github.datapipe.net/abob/ssutils diff --git a/centos7/filegw/Dockerfile b/centos7/filegw/Dockerfile new file mode 100644 index 0000000..931c71f --- /dev/null +++ b/centos7/filegw/Dockerfile @@ -0,0 +1,9 @@ +FROM centos:7 +LABEL description="Smb file File gateway" +ENV container docker +RUN rm -f /etc/yum.repos.d/*.repo +COPY centos-vault.repo /etc/yum.repos.d/centos-vault.repo +RUN yum -y install samba4 samba4-client +COPY smb.conf /etc/samba/smb.conf +COPY run.sh /run.sh +ENTRYPOINT ["/run.sh"] diff --git a/centos7/filegw/centos-vault.repo b/centos7/filegw/centos-vault.repo new file mode 100644 index 0000000..46a7713 --- /dev/null +++ b/centos7/filegw/centos-vault.repo @@ -0,0 +1,36 @@ +# C7.8.2003 +[C7.8.2003-base] +name=CentOS-7.8.2003 - Base +baseurl=http://vault.centos.org/7.8.2003/os/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 +enabled=1 + +[C7.8.2003-updates] +name=CentOS-7.8.2003 - Updates +baseurl=http://vault.centos.org/7.8.2003/updates/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 +enabled=1 + +[C7.8.2003-extras] +name=CentOS-7.8.2003 - Extras +baseurl=http://vault.centos.org/7.8.2003/extras/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 +enabled=0 + +[C7.8.2003-centosplus] +name=CentOS-7.8.2003 - CentOSPlus +baseurl=http://vault.centos.org/7.8.2003/centosplus/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 +enabled=0 + +[C7.8.2003-fasttrack] +name=CentOS-7.8.2003 - Fasttrack +baseurl=http://vault.centos.org/7.8.2003/fasttrack/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 +enabled=0 + diff --git a/centos7/filegw/run.sh b/centos7/filegw/run.sh new file mode 100755 index 0000000..de87778 --- /dev/null +++ b/centos7/filegw/run.sh @@ -0,0 +1,6 @@ +#!/bin/bash +/usr/sbin/smbd -FS --no-process-group & +/usr/sbin/nmbd -F & + +wait +exit $? diff --git a/centos7/filegw/smb.conf b/centos7/filegw/smb.conf new file mode 100644 index 0000000..38d23f7 --- /dev/null +++ b/centos7/filegw/smb.conf @@ -0,0 +1,30 @@ +[global] +map to guest = Bad Password + workgroup = ZOOLO + server string = File Gateway + netbios name = FILEGW + hosts allow = 127. 192.168.86. + security = user + passdb backend = tdbsam + load printers = no + printing = bsd +[music] + comment = Music + browseable = Yes + read only = Yes + path = /nas/music + public = Yes + writable = No + printable = No + guest ok = yes + guest only = yes +[movies] + comment = Movies + browseable = Yes + read only = Yes + path = /nas/movies + public = Yes + writable = No + printable = No + guest ok = yes + guest only = yes diff --git a/centos7/filegw/start.sh b/centos7/filegw/start.sh new file mode 100755 index 0000000..e81f41c --- /dev/null +++ b/centos7/filegw/start.sh @@ -0,0 +1 @@ +docker run -d --name filegw --network macvlan -v /nas/music:/nas/music:ro -v /nas/movies:/nas/movies:ro --restart always centos7/filegw diff --git a/centos8/ebcli/Dockerfile b/centos8/ebcli/Dockerfile new file mode 100644 index 0000000..d6e55c9 --- /dev/null +++ b/centos8/ebcli/Dockerfile @@ -0,0 +1,7 @@ +FROM centos:8 +ENV container docker +RUN yum -y install gcc make git python3 zlib-devel openssl-devel ncurses-devel libffi-devel sqlite-devel readline-devel bzip2-devel +RUN git clone https://github.com/aws/aws-elastic-beanstalk-cli-setup.git +RUN ./aws-elastic-beanstalk-cli-setup/scripts/bundled_installer +ENV PATH="/root/.ebcli-virtual-env/executables:/root/.pyenv/versions/3.7.2/bin:$PATH" +CMD ["/bin/bash"] diff --git a/centos8/jenkins/.dockerignore b/centos8/jenkins/.dockerignore new file mode 100644 index 0000000..f5fb22e --- /dev/null +++ b/centos8/jenkins/.dockerignore @@ -0,0 +1,2 @@ +jenkins-home +README.md diff --git a/centos8/jenkins/Dockerfile b/centos8/jenkins/Dockerfile new file mode 100644 index 0000000..0782f20 --- /dev/null +++ b/centos8/jenkins/Dockerfile @@ -0,0 +1,28 @@ +FROM centos:8 +LABEL description="Jenkins on Tomcat, with git and ansible" +LABEL maintainer="racken@racker.tech" +LABEL notes="Get initial admin password by docker exec -it and cat /root/.jenkins/secrets/initialAdminPassword" +LABEL java-version="java-11-openjdk" +LABEL exposed-port="8080" +LABEL jenkins-path="/jenkins" +ENV container docker +RUN yum -y install java-11-openjdk-headless wget dejavu-fonts-common dejavu-sans-fonts dejavu-serif-fonts dejavu-sans-mono-fonts java-11-openjdk-devel git python3-pip yum-utils unzip; mkdir -p /opt/tomcat +RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" +RUN unzip -qq awscliv2.zip +RUN /aws/install +#RUN pip3 install ansible +WORKDIR /opt/tomcat +RUN wget -q -O- https://apache.website-solution.net/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.tar.gz | tar zxf - --strip-components=1 +RUN rm -rf /opt/tomcat/webapps/ROOT +RUN wget -q -O /opt/tomcat/webapps/jenkins.war http://mirrors.jenkins.io/war-stable/latest/jenkins.war +RUN yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo +RUN yum -y install docker-ce-cli +ENV TINI_VERSION v0.19.0 +ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini +RUN chmod +x /tini +ENV JAVA_HOME="/usr" +ENV JAVA_OPTS="-Djava.awt.headless=true -Xmx2g -Dhudson.DNSMultiCast.disabled=true -Duser.timezone=Asia/Hong_Kong" +EXPOSE 8080 +ENTRYPOINT ["/tini", "--"] +CMD ["/opt/tomcat/bin/catalina.sh", "run"] + diff --git a/centos8/jenkins/README.md b/centos8/jenkins/README.md new file mode 100644 index 0000000..f064181 --- /dev/null +++ b/centos8/jenkins/README.md @@ -0,0 +1,8 @@ +# Upgrade +update dockerfile and change the tomcat wget link to the latest +build new image using dockerfile +stop and delete running container +start a new one + +## Notes +for historical reason, jenkins on ism is running on centos8. diff --git a/centos8/jenkins/start.sh b/centos8/jenkins/start.sh new file mode 100755 index 0000000..9ca00be --- /dev/null +++ b/centos8/jenkins/start.sh @@ -0,0 +1,5 @@ +docker run --name jenkins2 --cpus 2 \ +--net macvlan --ip 192.168.86.55 -d --restart=always \ +-v /my/container-config/centos8/jenkins/jenkins-home:/root/.jenkins \ +-v /var/run/docker.sock:/var/run/docker.sock \ +centos8-jenkins diff --git a/centos8/observium.decrecated/.dockerignore b/centos8/observium.decrecated/.dockerignore new file mode 100644 index 0000000..ce8a093 --- /dev/null +++ b/centos8/observium.decrecated/.dockerignore @@ -0,0 +1,2 @@ +app.data/ +app.data.tgz diff --git a/centos8/observium.decrecated/Dockerfile b/centos8/observium.decrecated/Dockerfile new file mode 100644 index 0000000..c6f1934 --- /dev/null +++ b/centos8/observium.decrecated/Dockerfile @@ -0,0 +1,30 @@ +FROM centos:8 +LABEL description="Observium 19.8.10000 on CentOS8" +LABEL maintainer="xpk@headdesk.me" +LABEL notes="Initial user/pass = observium/observium. Mount /opt/observium and /var/lib/mysql on persistent storage." +LABEL exposed-port="80" +LABEL git="https://xpk.headdesk.me/git/centos8-observium" +ENV container docker +RUN dnf -y install epel-release +RUN dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm +dnf module enable php:remi-8.1 -y +RUN dnf -y install http://yum.opennms.org/repofiles/opennms-repo-stable-rhel7.noarch.rpm +#RUN dnf -y install wget httpd php php-opcache php-mysqlnd php-gd php-posix php-pear cronie net-snmp net-snmp-utils fping mariadb rrdtool ipmitool graphviz ImageMagick php-json python3-PyMySQL libsodium libsodium-devel php-devel make supervisor --nobest +RUN dnf -y install wget httpd php php-opcache php-mysqlnd php-gd php-sodium php-posix php-pear cronie net-snmp net-snmp-utils fping mariadb rrdtool ipmitool graphviz ImageMagick php-json python3-PyMySQL libsodium php-devel supervisor --nobest +#RUN mysql_install_db -u mysql +#RUN pecl install libsodium; echo "extension=sodium.so" > /etc/php.d/sodium.ini +RUN ln -s /usr/bin/python3 /usr/bin/python; mkdir -p /opt/observium /run/supervisor /run/php-fpm +WORKDIR /opt/observium +# RUN wget -qq -O- http://www.observium.org/observium-community-latest.tar.gz | tar zxf - --strip-components=1 +# for upgrade, see upgrade.md +COPY config.php /opt/observium/config.php +COPY observium.ini /etc/supervisord.d/observium.ini +COPY crontab /var/spool/cron/root +#RUN mkdir -p /opt/observium/rrd /opt/observium/logs; chown apache:apache /opt/observium/{rrd,logs} +RUN sed -i -e 's@/var/www/html@/opt/observium/html@g' -e 's/AllowOverride.*/AllowOverride All/g' /etc/httpd/conf/httpd.conf +#ADD initialise.sh /opt/observium/initialise.sh +#RUN chmod 755 /opt/observium/initialise.sh && /opt/observium/initialise.sh +# Add static route +RUN ip route add 192.168.167.0/24 via 192.168.86.2 +EXPOSE 80 +CMD ["/usr/bin/supervisord", "-n"] diff --git a/centos8/observium.decrecated/Dockerfile-freshinstall b/centos8/observium.decrecated/Dockerfile-freshinstall new file mode 100644 index 0000000..8927f3c --- /dev/null +++ b/centos8/observium.decrecated/Dockerfile-freshinstall @@ -0,0 +1,25 @@ +FROM centos:8 +LABEL description="Observium 19.8.10000 on CentOS8" +LABEL maintainer="xpk@headdesk.me" +LABEL notes="Initial user/pass = observium/observium. Mount /opt/observium and /var/lib/mysql on persistent storage." +LABEL exposed-port="80" +LABEL git="https://xpk.headdesk.me/git/centos8-observium" +ENV container docker +RUN yum -y install epel-release +RUN yum -y install http://yum.opennms.org/repofiles/opennms-repo-stable-rhel7.noarch.rpm +RUN yum -y install wget httpd php php-opcache php-mysqlnd php-gd php-posix php-pear cronie net-snmp net-snmp-utils fping mariadb-server mariadb rrdtool ipmitool graphviz ImageMagick php-json python3-PyMySQL libsodium libsodium-devel php-devel make supervisor --nobest +RUN mysql_install_db -u mysql +RUN pecl install libsodium; echo "extension=sodium.so" > /etc/php.d/sodium.ini +RUN ln -s /usr/bin/python3 /usr/bin/python; mkdir -p /opt/observium /run/supervisor /run/php-fpm +WORKDIR /opt/observium +RUN wget -qq -O- http://www.observium.org/observium-community-latest.tar.gz | tar zxf - --strip-components=1 +COPY config.php /opt/observium/config.php +COPY observium.ini /etc/supervisord.d/observium.ini +COPY crontab /var/spool/cron/root +RUN mkdir -p /opt/observium/rrd /opt/observium/logs; chown apache:apache /opt/observium/{rrd,logs} +RUN sed -i -e 's@/var/www/html@/opt/observium/html@g' /etc/httpd/conf/httpd.conf +RUN sed -i -e 's/AllowOverride.*/AllowOverride All/g' /etc/httpd/conf/httpd.conf +ADD initialise.sh /opt/observium/initialise.sh +RUN chmod 755 /opt/observium/initialise.sh && /opt/observium/initialise.sh +EXPOSE 80 +CMD ["/usr/bin/supervisord", "-n"] diff --git a/centos8/observium.decrecated/build.sh b/centos8/observium.decrecated/build.sh new file mode 100755 index 0000000..94b0abb --- /dev/null +++ b/centos8/observium.decrecated/build.sh @@ -0,0 +1 @@ +docker build -t centos8-observium --network macvlan . diff --git a/centos8/observium.decrecated/config.php b/centos8/observium.decrecated/config.php new file mode 100644 index 0000000..c74f4d1 --- /dev/null +++ b/centos8/observium.decrecated/config.php @@ -0,0 +1,37 @@ +"; +//$config['email']['default_only'] = TRUE; + +// End config.php + +$config['fping'] = "/usr/sbin/fping"; +$config['housekeeping']['rrd']['age'] = 5184000; diff --git a/centos8/observium.decrecated/crontab b/centos8/observium.decrecated/crontab new file mode 100644 index 0000000..4b632a9 --- /dev/null +++ b/centos8/observium.decrecated/crontab @@ -0,0 +1,14 @@ +# Run a complete discovery of all devices once every 6 hours +33 */6 * * * /opt/observium/discovery.php -h all >> /dev/null 2>&1 + +# Run automated discovery of newly added devices every 3 minutes +*/3 * * * * /opt/observium/discovery.php -h new >> /dev/null 2>&1 + +# Run multithreaded poller wrapper every 5 minutes +*/5 * * * * /opt/observium/poller-wrapper.py >> /dev/null 2>&1 + +# Run housekeeping script daily for syslog, eventlog and alert log +13 5 * * * /opt/observium/housekeeping.php -ysel + +# Run housekeeping script daily for rrds, ports, orphaned entries in the database and performance data +47 4 * * * /opt/observium/housekeeping.php -yrptb diff --git a/centos8/observium.decrecated/initialise.sh b/centos8/observium.decrecated/initialise.sh new file mode 100644 index 0000000..0c98597 --- /dev/null +++ b/centos8/observium.decrecated/initialise.sh @@ -0,0 +1,8 @@ +/usr/bin/pidproxy /run/mariadb/mariadb.pid /usr/bin/mysqld_safe --pid-file=/run/mariadb/mariadb.pid & +mysql -Nse 'create database observium default charset utf8 collate utf8_general_ci;' +mysql -Nse "create user observium@localhost identified by '25d38c2b7ffa43d94621b578';" +mysql -Nse 'grant all on observium.* to observium@localhost;' +mysql -Nse 'flush privileges;' +cd /opt/observium +./discovery.php -u +./adduser.php observium observium 10 diff --git a/centos8/observium.decrecated/observium.ini b/centos8/observium.decrecated/observium.ini new file mode 100644 index 0000000..f5dd515 --- /dev/null +++ b/centos8/observium.decrecated/observium.ini @@ -0,0 +1,29 @@ +[program:httpd] +command=/usr/sbin/apachectl -DFOREGROUND +autostart=true +autorestart=true +killasgroup=true +stopasgroup=true + +[program:phpfpm] +command=/usr/sbin/php-fpm -c /etc/php-fpm.conf -F +autostart=true +autorestart=true + +#[program:mysql] +#command=/usr/bin/pidproxy /run/mariadb/mariadb.pid /usr/bin/mysqld_safe --pid-file=/run/mariadb/mariadb.pid +#autostart=true +#autorestart=true + +[program:crond] +command=/usr/sbin/crond -nsp +autostart=true +autorestart=true + +[program:staticroute] +command=/sbin/ip r a 192.168.167.0/24 via 192.168.86.2 +autostart=true +autorestart=false +startretries=1 +startsecs = 0 + diff --git a/centos8/observium.decrecated/start.sh b/centos8/observium.decrecated/start.sh new file mode 100755 index 0000000..9f31135 --- /dev/null +++ b/centos8/observium.decrecated/start.sh @@ -0,0 +1,5 @@ +docker run -d --name observium --network macvlan --ip=192.168.86.57 \ +--cap-add NET_ADMIN \ +-v /my/container-config/centos8/observium/app.data:/opt/observium \ +-e TZ=Asia/Hong_Kong \ +--restart=always centos8-observium diff --git a/centos8/observium.decrecated/upgrade.md b/centos8/observium.decrecated/upgrade.md new file mode 100644 index 0000000..f6f6b22 --- /dev/null +++ b/centos8/observium.decrecated/upgrade.md @@ -0,0 +1,3 @@ +# attach to container +cd /opt/observium +wget -qq -O- http://www.observium.org/observium-community-latest.tar.gz | tar zxf - --strip-components=1 diff --git a/debian/awscliv2/Dockerfile b/debian/awscliv2/Dockerfile new file mode 100644 index 0000000..877dbc3 --- /dev/null +++ b/debian/awscliv2/Dockerfile @@ -0,0 +1,8 @@ +FROM amazonlinux:2 +LABEL maintainer="racken@one27.cf" +LABEL description="awscli 2.0.9 on amzn2" +ENV container docker +RUN /usr/bin/yum -y install unzip groff less jq +RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o /tmp/awscliv2.zip; cd /tmp; unzip awscliv2.zip; ./aws/install +ENV PS1 "awscli $ " +ENTRYPOINT ["/bin/bash"] diff --git a/debian/awscliv2/docker-compose.yml b/debian/awscliv2/docker-compose.yml new file mode 100644 index 0000000..0666d2e --- /dev/null +++ b/debian/awscliv2/docker-compose.yml @@ -0,0 +1,12 @@ +# it does not fucking work +version: '3.7' +services: + awscliv2: + build: . + networks: + - xpknet + +networks: + xpknet: + external: true + name: macvlan diff --git a/debian/awscliv2/start.sh b/debian/awscliv2/start.sh new file mode 100755 index 0000000..995773e --- /dev/null +++ b/debian/awscliv2/start.sh @@ -0,0 +1,2 @@ +docker run -it --name awscli2 --network macvlan -v /my/container-config/awscli-cred:/root/.aws hub.racker.tech/debian-awscli2 + diff --git a/debian/danted/Dockerfile b/debian/danted/Dockerfile new file mode 100644 index 0000000..242a834 --- /dev/null +++ b/debian/danted/Dockerfile @@ -0,0 +1,4 @@ +FROM debian +RUN apt -y update && apt -y install dante-server +COPY danted.conf /etc/danted.conf +ENTRYPOINT ["/usr/sbin/danted","-f", "/etc/danted.conf"] diff --git a/debian/danted/danted.conf b/debian/danted/danted.conf new file mode 100644 index 0000000..5847a6f --- /dev/null +++ b/debian/danted/danted.conf @@ -0,0 +1,16 @@ +internal: eth0 port = 1080 +external: eth0 +socksmethod: none +user.privileged: proxy +user.unprivileged: nobody +user.libwrap: nobody + +client pass { + from: 192.168.86.0/24 to: 0.0.0.0/0 + log: connect error +} + +socks pass { + from: 192.168.86.0/24 to: 0.0.0.0/0 + log: connect error +} diff --git a/debian/danted/start.sh b/debian/danted/start.sh new file mode 100755 index 0000000..607fb70 --- /dev/null +++ b/debian/danted/start.sh @@ -0,0 +1,3 @@ +docker run --name danted \ +-d -m 2g --net macvlan --ip 192.168.86.222 --restart=always debian/danted + diff --git a/debian/etcd/Dockerfile b/debian/etcd/Dockerfile new file mode 100644 index 0000000..a870e36 --- /dev/null +++ b/debian/etcd/Dockerfile @@ -0,0 +1,3 @@ +FROM debian +RUN apt -y update && apt -y install etcd +ENTRYPOINT ["/usr/bin/etcd","--name","tfstate","--listen-client-urls","http://0.0.0.0:2379", "--advertise-client-urls","http://0.0.0.0:2379"] diff --git a/debian/librenms/Dockerfile b/debian/librenms/Dockerfile new file mode 100644 index 0000000..6f226a0 --- /dev/null +++ b/debian/librenms/Dockerfile @@ -0,0 +1,20 @@ +FROM debian +RUN apt update +RUN apt install -y apt-transport-https lsb-release ca-certificates wget bash acl curl fping git graphviz imagemagick mariadb-client mtr-tiny nginx-full nmap php-cli php-curl php-fpm php-gd php-gmp php-json php-mbstring php-mysql php-snmp php-xml php-zip python3-dotenv python3-pymysql python3-redis python3-setuptools python3-systemd python3-pip rrdtool snmp snmpd whois supervisor cron nginx-confgen +RUN useradd librenms -d /opt/librenms -M -r -s "$(which bash)" +RUN git clone https://github.com/librenms/librenms.git /opt/librenms +RUN chown -R librenms:librenms /opt/librenms; chmod 771 /opt/librenms +RUN sed -i -e 's#;date.timezone.*#date.timezone=Asia/Hong_Kong#' /etc/php/8.2/fpm/php.ini +RUN ln -sf /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime +RUN sed -i 's/www-data/librenms/g' /etc/php/8.2/fpm/pool.d/www.conf +RUN sed -i 's/;listen.mode.*/listen.mode = 0666/g' /etc/php/8.2/fpm/pool.d/www.conf +RUN echo 'php_admin_value[date.timezone] = "Asia/Hong_Kong"' >> /etc/php/8.2/fpm/pool.d/www.conf +RUN su - librenms -c "/opt/librenms/scripts/composer_wrapper.php install --no-dev" +COPY nms-vhost.conf /etc/nginx/sites-enabled/nms-vhost.conf +COPY nms-spv.conf /etc/supervisor/conf.d/nms-spv.conf +RUN cp /opt/librenms/config.php.default /opt/librenms/config.php; chown librenms:librenms /opt/librenms/config.php +RUN pip3 install -r /opt/librenms/requirements.txt --break-system-packages +RUN cp crontab /var/spool/cron/crontabs/librenms; chmod 600 /var/spool/cron/crontabs/librenms +#ENTRYPOINT ["/bin/bash"] +EXPOSE 80 +CMD ["/usr/bin/supervisord", "-n"] diff --git a/debian/librenms/crontab b/debian/librenms/crontab new file mode 100644 index 0000000..46914d8 --- /dev/null +++ b/debian/librenms/crontab @@ -0,0 +1,9 @@ +* * * * * /usr/bin/env php artisan schedule:run --no-ansi --no-interaction +33 */6 * * * /opt/librenms/cronic /opt/librenms/discovery-wrapper.py 1 +*/5 * * * * /opt/librenms/discovery.php -h new >> /dev/null 2>&1 +*/5 * * * * /opt/librenms/cronic /opt/librenms/poller-wrapper.py 16 +* * * * * /opt/librenms/alerts.php >> /dev/null 2>&1 +*/5 * * * * /opt/librenms/poll-billing.php >> /dev/null 2>&1 +01 * * * * /opt/librenms/billing-calculate.php >> /dev/null 2>&1 +*/5 * * * * /opt/librenms/check-services.php >> /dev/null 2>&1 + diff --git a/debian/librenms/nms-spv.conf b/debian/librenms/nms-spv.conf new file mode 100644 index 0000000..5445c6e --- /dev/null +++ b/debian/librenms/nms-spv.conf @@ -0,0 +1,16 @@ +[program:nginx] +command=/usr/sbin/nginx -g "daemon off;" +autostart=true +autorestart=true +killasgroup=true +stopasgroup=true + +[program:phpfpm] +command=/usr/sbin/php-fpm8.2 -c /etc/php/8.2/fpm/pool.d/www.conf -F +autostart=true +autorestart=true + +[program:crond] +command=/usr/sbin/cron -f +autostart=true +autorestart=true diff --git a/debian/librenms/nms-vhost.conf b/debian/librenms/nms-vhost.conf new file mode 100644 index 0000000..49bfe82 --- /dev/null +++ b/debian/librenms/nms-vhost.conf @@ -0,0 +1,21 @@ +server { + listen 80; + server_name nms.zoo.lo; + root /opt/librenms/html; + index index.php; + + charset utf-8; + gzip on; + gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon; + location / { + try_files $uri $uri/ /index.php?$query_string; + } + location ~ [^/]\.php(/|$) { + fastcgi_pass unix:/run/php/php8.2-fpm.sock; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include fastcgi.conf; + } + location ~ /\.(?!well-known).* { + deny all; + } +} diff --git a/debian/librenms/start.sh b/debian/librenms/start.sh new file mode 100755 index 0000000..37c441c --- /dev/null +++ b/debian/librenms/start.sh @@ -0,0 +1 @@ +docker run -d --name nms --network macvlan --ip 192.168.86.144 debian/librenms diff --git a/debian/nginx-cloudflared/Dockerfile b/debian/nginx-cloudflared/Dockerfile new file mode 100644 index 0000000..7ee65f1 --- /dev/null +++ b/debian/nginx-cloudflared/Dockerfile @@ -0,0 +1,11 @@ +FROM debian:latest +ENV container docker +RUN apt update; apt install curl -y +RUN mkdir -p --mode=0755 /usr/share/keyrings +RUN curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null +RUN echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared bookworm main' | tee /etc/apt/sources.list.d/cloudflared.list +RUN apt update; apt install nginx cloudflared -y +#RUN mkdir -p /run/nginx +#COPY index.html /var/www/index.html +EXPOSE 80 +CMD [ "/usr/sbin/nginx", "-c", "/etc/nginx/nginx.conf" ] diff --git a/debian/nginx-cloudflared/README.md b/debian/nginx-cloudflared/README.md new file mode 100644 index 0000000..0512edb --- /dev/null +++ b/debian/nginx-cloudflared/README.md @@ -0,0 +1,7 @@ +# Revision notes +20240402: based on alpine/nginx, trying to add cloudflared but this may cause problem for local access +20191206: since 1.17.6, /var/www/nextcloud needs to be mounted. not sure why it worked before... also created xpknet and assigned static IP to containers. nginx is on 192.168.188.2 and fpm on 192.168.188.10 +20191206: changed to macvlan. nginx is on 192.168.86.3 and fpm on 192.168.86.4 + +# General notes +dav is needed for enpass diff --git a/debian/nginx-cloudflared/build.sh b/debian/nginx-cloudflared/build.sh new file mode 100755 index 0000000..1f27dc5 --- /dev/null +++ b/debian/nginx-cloudflared/build.sh @@ -0,0 +1,2 @@ +export DOCKER_BUILDKIT=1 +docker build --network host -t debian/nginx . diff --git a/debian/nginx-cloudflared/index.html b/debian/nginx-cloudflared/index.html new file mode 100644 index 0000000..60484cd --- /dev/null +++ b/debian/nginx-cloudflared/index.html @@ -0,0 +1,5 @@ +

+
+

+Go to observium +
diff --git a/debian/nginx-cloudflared/nginx.conf b/debian/nginx-cloudflared/nginx.conf new file mode 100644 index 0000000..a8023ef --- /dev/null +++ b/debian/nginx-cloudflared/nginx.conf @@ -0,0 +1,254 @@ +user nginx; +worker_processes 2; +daemon off; +load_module "modules/ngx_http_dav_ext_module.so"; + +error_log /var/log/nginx/error-local.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 2000; +} + +http { + server_tokens off; + include /etc/nginx/mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + client_max_body_size 200M; + + gzip on; + gzip_min_length 1100; + gzip_buffers 4 8k; + gzip_types text/plain; + + # caching + proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=zone1:10m max_size=1G; + proxy_temp_path /tmp/nginx-proxy 1 2; + proxy_cache_key "$scheme$request_method$host$request_uri"; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_bypass $cookie_session; + proxy_no_cache $cookie_session; + proxy_headers_hash_max_size 1024; + proxy_headers_hash_bucket_size 128; + + log_format cached '$remote_addr ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" $upstream_cache_status'; + + + # Useragent ACL: works but ubuntu online accounts does not provide any useragent + #map $http_user_agent $useragent_acl { + # default deny; + # ~(Desktop|Chrome|Nextcloud-iOS|Nextcloud-android|mirall|Mozilla/5\.0|git|ansible-httpget|Go-http-client) allow; + #} + + # _ _ _ _ + # _ __ | |__ _ __ | |__ __ _ _ __ __| | | ___ _ __ + # | '_ \| '_ \| '_ \ _____| '_ \ / _` | '_ \ / _` | |/ _ \ '__| + # | |_) | | | | |_) |_____| | | | (_| | | | | (_| | | __/ | + # | .__/|_| |_| .__/ |_| |_|\__,_|_| |_|\__,_|_|\___|_| + # |_| |_| + # + + upstream php-handler { + server 192.168.86.210:9000; + #server unix:/var/run/php/php7.2-fpm.sock; + } + + server { + listen 80 default_server; + # root /var/www/null; + root /var/www/letsencrypt; + + # for letsencrypt / acme-tiny + location /.well-known { + try_files $uri $uri/ =404; + } + + location /.well-known/acme-challenge/ { + alias /var/www/letsencrypt/; + } + + location / { + return 301 https://$host$request_uri; + } + # Useragent ACL + # if ($useragent_acl = deny) { + # return 403; + # } + + # letsencrypt validation + #location /.well-known/acme-challenge/ { + # alias /var/www/letsencrypt/; + #} + + #if ($http_x_forwarded_proto != "https") { +# return 301 https://$host$request_uri; +# } + } + + server { + listen 443 ssl http2 default_server; + root /var/www; + # still need TLS1.2 for Lixil Jenkins git pull + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ecdh_curve secp521r1:secp384r1:prime256v1; + ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256; + ssl_prefer_server_ciphers on; + ssl_session_timeout 10m; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag "noindex, nofollow"; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + + ssl_certificate /home/ssl/xpk.headdesk.me.crt; + ssl_certificate_key /home/ssl/xpk.headdesk.me.key; + + # filter out PROPFIND in access log + set $logme 1; + + if ($request_method = PROPFIND) { + set $logme 0; + } + + access_log /var/log/nginx/access.log cached if=$logme; + + # Useragent ACL + # if ($useragent_acl = deny) { + # return 403; + #} + + #location / { + # proxy_pass http://192.168.86.10:8080/; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header HTTP_X_FORWARDED_PROTO https; + # proxy_set_header Host $host; + # proxy_cache_bypass $http_pragma $http_authorization; + # } + + # letsencrypt validation + location /.well-known/acme-challenge/ { + alias /var/www/letsencrypt/; + } + fastcgi_hide_header X-Powered-By; + location = /.well-known/carddav { + return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav; + } + + location /nextcloud/ { + rewrite ^ /nextcloud/index.php; + } + location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { + deny all; + } + location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { + fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + fastcgi_param HTTPS on; + # Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + # Enable pretty urls + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) { + try_files $uri/ =404; + index index.php; + } + + location ~ ^\/nextcloud.*\.(?:css|js|woff2?|svg|gif|map)$ { + try_files $uri /nextcloud/index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag "noindex, nofollow"; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + } + location ~ ^\/nextcloud.*\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { + try_files $uri /nextcloud/index.php$request_uri; + } + + location /git/ { + proxy_pass http://192.168.86.53:3000/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header HTTP_X_FORWARDED_PROTO https; + proxy_set_header Host $host; + proxy_http_version 1.1; + # caching: do not enable, causes cross account caching! + # proxy_cache zone1; + # proxy_cache_valid 200 302 5m; + # proxy_cache_valid any 10m; + } + + location /pad/ { + proxy_pass http://192.168.86.51:9001/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header HTTP_X_FORWARDED_PROTO https; + proxy_set_header Host $host; + proxy_http_version 1.1; + proxy_cookie_path / "/pad; HTTPOnly; Secure"; + proxy_cookie_flags express secure httponly; + } + + location /jenkins/ { + proxy_pass http://192.168.86.55:8080/jenkins/; + proxy_redirect default; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header HTTP_X_FORWARDED_PROTO https; + proxy_set_header Host $host; + proxy_http_version 1.1; + } + + location /mon/ { + proxy_pass http://192.168.86.57/; + proxy_buffering off; + proxy_redirect default; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header HTTP_X_FORWARDED_PROTO https; + proxy_set_header Host $host; + proxy_http_version 1.1; + proxy_cookie_path / "/mon; HTTPOnly; Secure"; + proxy_cookie_flags express secure httponly; + } + + location /enpass/ { + root /var/www; + auth_basic enpass; + auth_basic_user_file /var/www/enpass/.htpass; + dav_methods PUT DELETE MKCOL COPY MOVE; + dav_ext_methods PROPFIND OPTIONS; + dav_access user:rw group:rw all:r; + create_full_put_path on; + autoindex on; + } + } +} diff --git a/debian/nginx-cloudflared/restart-nginx.sh b/debian/nginx-cloudflared/restart-nginx.sh new file mode 100755 index 0000000..cb984af --- /dev/null +++ b/debian/nginx-cloudflared/restart-nginx.sh @@ -0,0 +1,4 @@ +docker stop nginx +docker rm nginx +sleep 5 +/my/container-config/alpine/nginx/start-nginx.sh diff --git a/debian/nginx-cloudflared/start-nginx.sh b/debian/nginx-cloudflared/start-nginx.sh new file mode 100755 index 0000000..15be285 --- /dev/null +++ b/debian/nginx-cloudflared/start-nginx.sh @@ -0,0 +1,5 @@ +# nginx container +docker run --name nginxcf -v /my/container-config/alpine/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \ +-m 2g -v /var/www/nextcloud:/var/www/nextcloud:ro \ +-v /var/www/enpass:/var/www/enpass:rw \ +--net macvlan --ip 192.168.86.210 -d --restart=always debian/nginx diff --git a/debian/privoxy/Dockerfile b/debian/privoxy/Dockerfile new file mode 100644 index 0000000..f9b54d3 --- /dev/null +++ b/debian/privoxy/Dockerfile @@ -0,0 +1,5 @@ +FROM debian +RUN apt -y update && apt -y install privoxy +COPY config /etc/privoxy/config +COPY default.action /etc/privoxy/default.action +ENTRYPOINT ["privoxy", "--no-daemon", "--user", "privoxy", "/etc/privoxy/config"] diff --git a/debian/privoxy/config b/debian/privoxy/config new file mode 100644 index 0000000..234315d --- /dev/null +++ b/debian/privoxy/config @@ -0,0 +1,23 @@ +user-manual /usr/share/doc/privoxy/user-manual +confdir /etc/privoxy +actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on. +actionsfile default.action # Main actions file +actionsfile user.action # User customizations +filterfile default.filter +filterfile user.filter # User customizations +listen-address 0.0.0.0:3128 +toggle 1 +enable-remote-toggle 0 +enable-remote-http-toggle 0 +enable-edit-actions 0 +enforce-blocks 0 +buffer-limit 4096 +enable-proxy-authentication-forwarding 0 +forwarded-connect-retries 0 +accept-intercepted-requests 0 +allow-cgi-request-crunching 0 +split-large-forms 0 +keep-alive-timeout 5 +tolerate-pipelining 1 +socket-timeout 300 +permit-access 192.168.86.0/24 diff --git a/debian/privoxy/default.action b/debian/privoxy/default.action new file mode 100644 index 0000000..acac116 --- /dev/null +++ b/debian/privoxy/default.action @@ -0,0 +1,3 @@ +{-block} +.* + diff --git a/debian/privoxy/start.sh b/debian/privoxy/start.sh new file mode 100755 index 0000000..0680c6d --- /dev/null +++ b/debian/privoxy/start.sh @@ -0,0 +1,3 @@ +docker run --name privoxy \ +-d -m 2g --net macvlan --ip 192.168.86.88 --restart=always debian/privoxy + diff --git a/dragonfly/start.sh b/dragonfly/start.sh new file mode 100644 index 0000000..9bffa09 --- /dev/null +++ b/dragonfly/start.sh @@ -0,0 +1,2 @@ +docker run --network macvlan --ulimit memlock=-1 -d --name dragonfly \ +--ip 192.168.86.212 --restart=always docker.dragonflydb.io/dragonflydb/dragonfly diff --git a/keydb/restart.sh b/keydb/restart.sh new file mode 100755 index 0000000..90f0053 --- /dev/null +++ b/keydb/restart.sh @@ -0,0 +1,2 @@ +docker rm -f keydb +docker run --name keydb -d --network macvlan --ip 192.168.86.212 --restart=always eqalpha/keydb keydb-server /etc/keydb/keydb.conf --server-threads 4 diff --git a/rocky/awscli2/Dockerfile b/rocky/awscli2/Dockerfile new file mode 100644 index 0000000..5bccc5b --- /dev/null +++ b/rocky/awscli2/Dockerfile @@ -0,0 +1,8 @@ +FROM rockylinux:9 +LABEL maintainer="racken@racker.tech" +LABEL description="awscli2 on rocky9" +ENV container docker +RUN /usr/bin/dnf -y install unzip jq git wget curl bind-utils +RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o /tmp/awscliv2.zip; cd /tmp; unzip -qq awscliv2.zip; ./aws/install +ENV PS1 "awscli ❯ " +ENTRYPOINT ["/bin/bash"] diff --git a/rocky/observium/.dockerignore b/rocky/observium/.dockerignore new file mode 100644 index 0000000..ce8a093 --- /dev/null +++ b/rocky/observium/.dockerignore @@ -0,0 +1,2 @@ +app.data/ +app.data.tgz diff --git a/rocky/observium/Dockerfile b/rocky/observium/Dockerfile new file mode 100644 index 0000000..c250d7e --- /dev/null +++ b/rocky/observium/Dockerfile @@ -0,0 +1,29 @@ +FROM rockylinux:9 +LABEL description="Observium 19.8.10000 on RockyLinux" +LABEL maintainer="xpk@headdesk.me" +LABEL notes="Initial user/pass = observium/observium. Mount /opt/observium and /var/lib/mysql on persistent storage." +LABEL exposed-port="80" +ENV container docker +RUN dnf -y install epel-release +#RUN dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm +#RUN dnf module enable php:remi-8.1 -y +# RUN dnf -y install http://yum.opennms.org/repofiles/opennms-repo-stable-rhel7.noarch.rpm +#RUN dnf -y install wget httpd php php-opcache php-mysqlnd php-gd php-posix php-pear cronie net-snmp net-snmp-utils fping mariadb rrdtool ipmitool graphviz ImageMagick php-json python3-PyMySQL libsodium libsodium-devel php-devel make supervisor --nobest +RUN dnf -y install wget httpd php php-opcache php-mysqlnd php-gd php-sodium php-posix php-pear cronie net-snmp net-snmp-utils fping mariadb rrdtool ipmitool graphviz ImageMagick php-json python3-PyMySQL libsodium php-devel supervisor python-unversioned-command procps-ng iproute --nobest +#RUN mysql_install_db -u mysql +#RUN pecl install libsodium; echo "extension=sodium.so" > /etc/php.d/sodium.ini +RUN mkdir -p /opt/observium /run/supervisor /run/php-fpm +WORKDIR /opt/observium +# RUN wget -qq -O- http://www.observium.org/observium-community-latest.tar.gz | tar zxf - --strip-components=1 +# for upgrade, see upgrade.md +COPY config.php /opt/observium/config.php +COPY observium.ini /etc/supervisord.d/observium.ini +COPY crontab /var/spool/cron/root +#RUN mkdir -p /opt/observium/rrd /opt/observium/logs; chown apache:apache /opt/observium/{rrd,logs} +RUN sed -i -e 's@/var/www/html@/opt/observium/html@g' -e 's/AllowOverride.*/AllowOverride All/g' /etc/httpd/conf/httpd.conf +#ADD initialise.sh /opt/observium/initialise.sh +#RUN chmod 755 /opt/observium/initialise.sh && /opt/observium/initialise.sh +# Add static route +# RUN ip route add 192.168.167.0/24 via 192.168.86.2 +EXPOSE 80 +CMD ["/usr/bin/supervisord", "-n"] diff --git a/rocky/observium/Dockerfile-freshinstall b/rocky/observium/Dockerfile-freshinstall new file mode 100644 index 0000000..8927f3c --- /dev/null +++ b/rocky/observium/Dockerfile-freshinstall @@ -0,0 +1,25 @@ +FROM centos:8 +LABEL description="Observium 19.8.10000 on CentOS8" +LABEL maintainer="xpk@headdesk.me" +LABEL notes="Initial user/pass = observium/observium. Mount /opt/observium and /var/lib/mysql on persistent storage." +LABEL exposed-port="80" +LABEL git="https://xpk.headdesk.me/git/centos8-observium" +ENV container docker +RUN yum -y install epel-release +RUN yum -y install http://yum.opennms.org/repofiles/opennms-repo-stable-rhel7.noarch.rpm +RUN yum -y install wget httpd php php-opcache php-mysqlnd php-gd php-posix php-pear cronie net-snmp net-snmp-utils fping mariadb-server mariadb rrdtool ipmitool graphviz ImageMagick php-json python3-PyMySQL libsodium libsodium-devel php-devel make supervisor --nobest +RUN mysql_install_db -u mysql +RUN pecl install libsodium; echo "extension=sodium.so" > /etc/php.d/sodium.ini +RUN ln -s /usr/bin/python3 /usr/bin/python; mkdir -p /opt/observium /run/supervisor /run/php-fpm +WORKDIR /opt/observium +RUN wget -qq -O- http://www.observium.org/observium-community-latest.tar.gz | tar zxf - --strip-components=1 +COPY config.php /opt/observium/config.php +COPY observium.ini /etc/supervisord.d/observium.ini +COPY crontab /var/spool/cron/root +RUN mkdir -p /opt/observium/rrd /opt/observium/logs; chown apache:apache /opt/observium/{rrd,logs} +RUN sed -i -e 's@/var/www/html@/opt/observium/html@g' /etc/httpd/conf/httpd.conf +RUN sed -i -e 's/AllowOverride.*/AllowOverride All/g' /etc/httpd/conf/httpd.conf +ADD initialise.sh /opt/observium/initialise.sh +RUN chmod 755 /opt/observium/initialise.sh && /opt/observium/initialise.sh +EXPOSE 80 +CMD ["/usr/bin/supervisord", "-n"] diff --git a/rocky/observium/Dockerfile8 b/rocky/observium/Dockerfile8 new file mode 100644 index 0000000..1b058a0 --- /dev/null +++ b/rocky/observium/Dockerfile8 @@ -0,0 +1,29 @@ +FROM rockylinux/rockylinux +LABEL description="Observium 19.8.10000 on RockyLinux" +LABEL maintainer="xpk@headdesk.me" +LABEL notes="Initial user/pass = observium/observium. Mount /opt/observium and /var/lib/mysql on persistent storage." +LABEL exposed-port="80" +ENV container docker +RUN dnf -y install epel-release +RUN dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm +RUN dnf module enable php:remi-8.1 -y +# RUN dnf -y install http://yum.opennms.org/repofiles/opennms-repo-stable-rhel7.noarch.rpm +#RUN dnf -y install wget httpd php php-opcache php-mysqlnd php-gd php-posix php-pear cronie net-snmp net-snmp-utils fping mariadb rrdtool ipmitool graphviz ImageMagick php-json python3-PyMySQL libsodium libsodium-devel php-devel make supervisor --nobest +RUN dnf -y install wget httpd php php-opcache php-mysqlnd php-gd php-sodium php-posix php-pear cronie net-snmp net-snmp-utils fping mariadb rrdtool ipmitool graphviz ImageMagick php-json python3-PyMySQL libsodium php-devel supervisor --nobest +#RUN mysql_install_db -u mysql +#RUN pecl install libsodium; echo "extension=sodium.so" > /etc/php.d/sodium.ini +RUN alternatives --set python /usr/bin/python3 ; mkdir -p /opt/observium /run/supervisor /run/php-fpm +WORKDIR /opt/observium +# RUN wget -qq -O- http://www.observium.org/observium-community-latest.tar.gz | tar zxf - --strip-components=1 +# for upgrade, see upgrade.md +COPY config.php /opt/observium/config.php +COPY observium.ini /etc/supervisord.d/observium.ini +COPY crontab /var/spool/cron/root +#RUN mkdir -p /opt/observium/rrd /opt/observium/logs; chown apache:apache /opt/observium/{rrd,logs} +RUN sed -i -e 's@/var/www/html@/opt/observium/html@g' -e 's/AllowOverride.*/AllowOverride All/g' /etc/httpd/conf/httpd.conf +#ADD initialise.sh /opt/observium/initialise.sh +#RUN chmod 755 /opt/observium/initialise.sh && /opt/observium/initialise.sh +# Add static route +# RUN ip route add 192.168.167.0/24 via 192.168.86.2 +EXPOSE 80 +CMD ["/usr/bin/supervisord", "-n"] diff --git a/rocky/observium/build.sh b/rocky/observium/build.sh new file mode 100755 index 0000000..0c9ef31 --- /dev/null +++ b/rocky/observium/build.sh @@ -0,0 +1,3 @@ +export DOCKER_BUILDKIT=1 +docker build --network host -t rocky/observium . + diff --git a/rocky/observium/config.php b/rocky/observium/config.php new file mode 100644 index 0000000..c74f4d1 --- /dev/null +++ b/rocky/observium/config.php @@ -0,0 +1,37 @@ +"; +//$config['email']['default_only'] = TRUE; + +// End config.php + +$config['fping'] = "/usr/sbin/fping"; +$config['housekeeping']['rrd']['age'] = 5184000; diff --git a/rocky/observium/crontab b/rocky/observium/crontab new file mode 100644 index 0000000..4b632a9 --- /dev/null +++ b/rocky/observium/crontab @@ -0,0 +1,14 @@ +# Run a complete discovery of all devices once every 6 hours +33 */6 * * * /opt/observium/discovery.php -h all >> /dev/null 2>&1 + +# Run automated discovery of newly added devices every 3 minutes +*/3 * * * * /opt/observium/discovery.php -h new >> /dev/null 2>&1 + +# Run multithreaded poller wrapper every 5 minutes +*/5 * * * * /opt/observium/poller-wrapper.py >> /dev/null 2>&1 + +# Run housekeeping script daily for syslog, eventlog and alert log +13 5 * * * /opt/observium/housekeeping.php -ysel + +# Run housekeeping script daily for rrds, ports, orphaned entries in the database and performance data +47 4 * * * /opt/observium/housekeeping.php -yrptb diff --git a/rocky/observium/initialise.sh b/rocky/observium/initialise.sh new file mode 100644 index 0000000..0c98597 --- /dev/null +++ b/rocky/observium/initialise.sh @@ -0,0 +1,8 @@ +/usr/bin/pidproxy /run/mariadb/mariadb.pid /usr/bin/mysqld_safe --pid-file=/run/mariadb/mariadb.pid & +mysql -Nse 'create database observium default charset utf8 collate utf8_general_ci;' +mysql -Nse "create user observium@localhost identified by '25d38c2b7ffa43d94621b578';" +mysql -Nse 'grant all on observium.* to observium@localhost;' +mysql -Nse 'flush privileges;' +cd /opt/observium +./discovery.php -u +./adduser.php observium observium 10 diff --git a/rocky/observium/observium.ini b/rocky/observium/observium.ini new file mode 100644 index 0000000..9ba8b6e --- /dev/null +++ b/rocky/observium/observium.ini @@ -0,0 +1,29 @@ +[program:httpd] +command=/usr/sbin/httpd -DFOREGROUND +autostart=true +autorestart=true +killasgroup=true +stopasgroup=true + +[program:phpfpm] +command=/usr/sbin/php-fpm -c /etc/php-fpm.conf -F +autostart=true +autorestart=true + +#[program:mysql] +#command=/usr/bin/pidproxy /run/mariadb/mariadb.pid /usr/bin/mysqld_safe --pid-file=/run/mariadb/mariadb.pid +#autostart=true +#autorestart=true + +[program:crond] +command=/usr/sbin/crond -nsp +autostart=true +autorestart=true + +[program:staticroute] +command=/sbin/ip r a 192.168.167.0/24 via 192.168.86.2 +autostart=true +autorestart=false +startretries=1 +startsecs = 0 + diff --git a/rocky/observium/observium8.ini b/rocky/observium/observium8.ini new file mode 100644 index 0000000..f5dd515 --- /dev/null +++ b/rocky/observium/observium8.ini @@ -0,0 +1,29 @@ +[program:httpd] +command=/usr/sbin/apachectl -DFOREGROUND +autostart=true +autorestart=true +killasgroup=true +stopasgroup=true + +[program:phpfpm] +command=/usr/sbin/php-fpm -c /etc/php-fpm.conf -F +autostart=true +autorestart=true + +#[program:mysql] +#command=/usr/bin/pidproxy /run/mariadb/mariadb.pid /usr/bin/mysqld_safe --pid-file=/run/mariadb/mariadb.pid +#autostart=true +#autorestart=true + +[program:crond] +command=/usr/sbin/crond -nsp +autostart=true +autorestart=true + +[program:staticroute] +command=/sbin/ip r a 192.168.167.0/24 via 192.168.86.2 +autostart=true +autorestart=false +startretries=1 +startsecs = 0 + diff --git a/rocky/observium/start.sh b/rocky/observium/start.sh new file mode 100755 index 0000000..88296a1 --- /dev/null +++ b/rocky/observium/start.sh @@ -0,0 +1,5 @@ +docker run -d --name observium --network macvlan --ip=192.168.86.57 \ +--cap-add NET_ADMIN --cpus=3 --memory=1500m \ +-v /my/apps/observium:/opt/observium \ +-e TZ=Asia/Hong_Kong \ +--restart=always rocky/observium diff --git a/rocky/observium/upgrade.md b/rocky/observium/upgrade.md new file mode 100644 index 0000000..2b09ab3 --- /dev/null +++ b/rocky/observium/upgrade.md @@ -0,0 +1,3 @@ +# See official upgrade steps +https://docs.observium.org/updating/ + diff --git a/rocky/sshd/Dockerfile b/rocky/sshd/Dockerfile new file mode 100644 index 0000000..96425b5 --- /dev/null +++ b/rocky/sshd/Dockerfile @@ -0,0 +1,17 @@ +FROM rockylinux/rockylinux +ENV container docker +RUN dnf -y install openssh-server openssh-clients +RUN echo root:kit+instigates+polynomials | chpasswd +RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa +RUN ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa +RUN ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519 +RUN sed -i -e '/UseDNS/a UseDNS no' /etc/ssh/sshd_config +RUN echo "TrustedUserCAKeys /etc/ssh/zoo_ssh_ca.pub" >> /etc/ssh/sshd_config +RUN echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvRHDhxwI9MMzSFhFKs3UDFVV8Y6oVSXX6CY+rpiKRj" > /etc/ssh/zoo_ssh_ca.pub +RUN echo "GatewayPorts yes" >> /etc/ssh/sshd_config +RUN echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config +RUN echo PS1=\"[rocky] $ \" >> ~/.bashrc +RUN rm -f /run/nologin +EXPOSE 22 +CMD ["/usr/sbin/sshd", "-D"] +