{
  "copybackuptoregion": {
    "name": "CopyBackupToRegion",
    "description": "Grants permission to create a copy of a backup in the specified region",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "backup",
        "required": true,
        "conditionKeys": [],
        "dependentActions": [
          "cloudhsm:CopyBackupToRegion",
          "cloudhsm:TagResource",
          "cloudhsm:UntagResource"
        ]
      }
    ],
    "conditionKeys": [
      "aws:RequestTag/${TagKey}",
      "aws:TagKeys"
    ],
    "dependentActions": []
  },
  "createcluster": {
    "name": "CreateCluster",
    "description": "Grants permission to create a new AWS CloudHSM cluster",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "backup",
        "required": false,
        "conditionKeys": [],
        "dependentActions": [
          "cloudhsm:TagResource",
          "ec2:AuthorizeSecurityGroupEgress",
          "ec2:AuthorizeSecurityGroupIngress",
          "ec2:CreateSecurityGroup",
          "ec2:DescribeSecurityGroups",
          "ec2:DescribeSubnets",
          "ec2:RevokeSecurityGroupEgress",
          "iam:CreateServiceLinkedRole"
        ]
      }
    ],
    "conditionKeys": [
      "aws:RequestTag/${TagKey}",
      "aws:TagKeys"
    ],
    "dependentActions": []
  },
  "createhsm": {
    "name": "CreateHsm",
    "description": "Grants permission to create a new hardware security module (HSM) in the specified AWS CloudHSM cluster",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "cluster",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": [
      "ec2:AuthorizeSecurityGroupEgress",
      "ec2:AuthorizeSecurityGroupIngress",
      "ec2:CreateNetworkInterface",
      "ec2:CreateSecurityGroup",
      "ec2:DeleteNetworkInterface",
      "ec2:DescribeNetworkInterfaces",
      "ec2:DescribeSecurityGroups",
      "ec2:DescribeSubnets",
      "ec2:RevokeSecurityGroupEgress"
    ]
  },
  "deletebackup": {
    "name": "DeleteBackup",
    "description": "Grants permission to delete the specified CloudHSM backup",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "backup",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "deletecluster": {
    "name": "DeleteCluster",
    "description": "Grants permission to delete the specified AWS CloudHSM cluster",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "cluster",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": [
      "ec2:DeleteNetworkInterface",
      "ec2:DeleteSecurityGroup"
    ]
  },
  "deletehsm": {
    "name": "DeleteHsm",
    "description": "Grants permission to delete the specified HSM",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": [
      "ec2:DeleteNetworkInterface"
    ]
  },
  "deleteresourcepolicy": {
    "name": "DeleteResourcePolicy",
    "description": "Grants permission to delete the policy attached to CloudHSM resources",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "backup",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "describebackups": {
    "name": "DescribeBackups",
    "description": "Grants permission to get information about backups of AWS CloudHSM clusters",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "describeclusters": {
    "name": "DescribeClusters",
    "description": "Grants permission to get information about AWS CloudHSM clusters",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "getresourcepolicy": {
    "name": "GetResourcePolicy",
    "description": "Grants permission to get information about the policy attached to a AWS CloudHSM resource",
    "accessLevel": "Read",
    "resourceTypes": [
      {
        "name": "backup",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "initializecluster": {
    "name": "InitializeCluster",
    "description": "Grants permission to claim an AWS CloudHSM cluster",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "cluster",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "listtags": {
    "name": "ListTags",
    "description": "Grants permission to get a list of tags for the specified AWS CloudHSM cluster",
    "accessLevel": "Read",
    "resourceTypes": [
      {
        "name": "backup",
        "required": false,
        "conditionKeys": [],
        "dependentActions": []
      },
      {
        "name": "cluster",
        "required": false,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "modifybackupattributes": {
    "name": "ModifyBackupAttributes",
    "description": "Grants permission to modify attributes for an AWS CloudHSM backup",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "backup",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "modifycluster": {
    "name": "ModifyCluster",
    "description": "Grants permission to modify AWS CloudHSM cluster",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "cluster",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": [
      "ec2:DescribeSubnets"
    ]
  },
  "putresourcepolicy": {
    "name": "PutResourcePolicy",
    "description": "Grants permission to attach a policy to an AWS CloudHSM resource",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "backup",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "restorebackup": {
    "name": "RestoreBackup",
    "description": "Grants permission to restore the specified CloudHSM backup",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "backup",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "tagresource": {
    "name": "TagResource",
    "description": "Grants permission to add or overwrite one or more tags for the specified AWS CloudHSM cluster",
    "accessLevel": "Tagging",
    "resourceTypes": [
      {
        "name": "backup",
        "required": false,
        "conditionKeys": [],
        "dependentActions": []
      },
      {
        "name": "cluster",
        "required": false,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [
      "aws:RequestTag/${TagKey}",
      "aws:TagKeys"
    ],
    "dependentActions": []
  },
  "untagresource": {
    "name": "UntagResource",
    "description": "Grants permission to remove the specified tag or tags from the specified AWS CloudHSM cluster",
    "accessLevel": "Tagging",
    "resourceTypes": [
      {
        "name": "backup",
        "required": false,
        "conditionKeys": [],
        "dependentActions": []
      },
      {
        "name": "cluster",
        "required": false,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [
      "aws:TagKeys"
    ],
    "dependentActions": []
  }
}