{
  "Athena": {
    "administer-resource": [
      "athena:CreateDataCatalog",
      "athena:CreateWorkGroup",
      "athena:DeleteDataCatalog",
      "athena:StopQueryExecution",
      "athena:UpdateDataCatalog",
      "athena:UpdateWorkGroup"
    ],
    "read-config": [
      "athena:BatchGetNamedQuery",
      "athena:BatchGetQueryExecution",
      "athena:GetDatabase",
      "athena:GetDataCatalog",
      "athena:GetNamedQuery",
      "athena:GetQueryExecution",
      "athena:GetTableMetadata",
      "athena:GetWorkGroup",
      "athena:ListDatabases",
      "athena:ListDataCatalogs",
      "athena:ListNamedQueries",
      "athena:ListQueryExecutions",
      "athena:ListTableMetadata",
      "athena:ListTagsForResource",
      "athena:ListWorkGroups"
    ],
    "read-data": [
      "athena:GetQueryResults",
      "athena:GetQueryResultsStream"
    ],
    "write-data": [
      "athena:CreateNamedQuery",
      "athena:DeleteNamedQuery",
      "athena:DeleteWorkGroup",
      "athena:StartQueryExecution",
      "athena:TagResource",
      "athena:UntagResource"
    ]
  },
  "CloudTrail": {
    "administer-resource": [
      "cloudtrail:AddTags",
      "cloudtrail:CreateTrail",
      "cloudtrail:DeleteTrail",
      "cloudtrail:PutEventSelectors",
      "cloudtrail:PutInsightSelectors",
      "cloudtrail:RemoveTags",
      "cloudtrail:StartLogging",
      "cloudtrail:StopLogging",
      "cloudtrail:UpdateTrail"
    ],
    "delete-data": [
      "cloudtrail:DeleteTrail"
    ],
    "read-config": [
      "cloudtrail:DescribeTrails",
      "cloudtrail:GetEventSelectors",
      "cloudtrail:GetInsightSelectors",
      "cloudtrail:GetTrail",
      "cloudtrail:GetTrailStatus",
      "cloudtrail:ListPublicKeys",
      "cloudtrail:ListTags",
      "cloudtrail:ListTrails"
    ],
    "read-data": [
      "cloudtrail:LookupEvents"
    ]
  },
  "DynamoDB": {
    "administer-resource": [
      "dynamodb:CreateBackup",
      "dynamodb:DeleteResourcePolicy",
      "dynamodb:DeleteTableReplica",
      "dynamodb:DisableKinesisStreamingDestination",
      "dynamodb:EnableKinesisStreamingDestination",
      "dynamodb:ExportTableToPointInTime",
      "dynamodb:PutResourcePolicy",
      "dynamodb:RestoreTableToPointInTime",
      "dynamodb:TagResource",
      "dynamodb:UntagResource",
      "dynamodb:UpdateContinuousBackups",
      "dynamodb:UpdateContributorInsights",
      "dynamodb:UpdateKinesisStreamingDestination",
      "dynamodb:UpdateTable",
      "dynamodb:UpdateTableReplicaAutoScaling",
      "dynamodb:UpdateTimeToLive"
    ],
    "delete-data": [
      "dynamodb:DeleteItem",
      "dynamodb:DeleteTable",
      "dynamodb:DeleteTableReplica",
      "dynamodb:PartiQLDelete"
    ],
    "read-config": [
      "dynamodb:DescribeContinuousBackups",
      "dynamodb:DescribeContributorInsights",
      "dynamodb:DescribeExport",
      "dynamodb:DescribeKinesisStreamingDestination",
      "dynamodb:DescribeTable",
      "dynamodb:DescribeTableReplicaAutoScaling",
      "dynamodb:DescribeTimeToLive",
      "dynamodb:GetResourcePolicy",
      "dynamodb:ListTagsOfResource"
    ],
    "read-data": [
      "dynamodb:BatchGetItem",
      "dynamodb:ConditionCheckItem",
      "dynamodb:GetItem",
      "dynamodb:PartiQLSelect",
      "dynamodb:Query",
      "dynamodb:Scan"
    ],
    "write-data": [
      "dynamodb:BatchWriteItem",
      "dynamodb:PartiQLInsert",
      "dynamodb:PartiQLUpdate",
      "dynamodb:PutItem",
      "dynamodb:UpdateItem"
    ]
  },
  "DynamoDB Accelerator (DAX)": {
    "administer-resource": [
      "dax:CreateCluster",
      "dax:CreateParameterGroup",
      "dax:CreateSubnetGroup",
      "dax:DecreaseReplicationFactor",
      "dax:IncreaseReplicationFactor",
      "dax:RebootNode",
      "dax:TagResource",
      "dax:UntagResource",
      "dax:UpdateCluster",
      "dax:UpdateParameterGroup",
      "dax:UpdateSubnetGroup"
    ],
    "delete-data": [
      "dax:DeleteCluster",
      "dax:DeleteItem",
      "dax:DeleteParameterGroup",
      "dax:DeleteSubnetGroup"
    ],
    "read-config": [
      "dax:DescribeClusters",
      "dax:DescribeDefaultParameters",
      "dax:DescribeEvents",
      "dax:DescribeParameterGroups",
      "dax:DescribeParameters",
      "dax:DescribeSubnetGroups",
      "dax:ListTags"
    ],
    "read-data": [
      "dax:BatchGetItem",
      "dax:ConditionCheckItem",
      "dax:GetItem",
      "dax:Query",
      "dax:Scan"
    ],
    "write-data": [
      "dax:BatchWriteItem",
      "dax:PutItem",
      "dax:UpdateItem"
    ]
  },
  "DynamoDB Streams": {
    "read-config": [
      "dynamodbstreams:DescribeStream",
      "dynamodbstreams:ListStreams"
    ],
    "read-data": [
      "dynamodbstreams:GetRecords",
      "dynamodbstreams:GetShardIterator"
    ]
  },
  "IAM": {
    "administer-resource": [
      "iam:AddRoleToInstanceProfile",
      "iam:AddUserToGroup",
      "iam:AttachGroupPolicy",
      "iam:AttachRolePolicy",
      "iam:AttachUserPolicy",
      "iam:ChangePassword",
      "iam:CreateAccessKey",
      "iam:CreateAccountAlias",
      "iam:CreateGroup",
      "iam:CreateInstanceProfile",
      "iam:CreateLoginProfile",
      "iam:CreateOpenIDConnectProvider",
      "iam:CreatePolicy",
      "iam:CreatePolicyVersion",
      "iam:CreateRole",
      "iam:CreateSAMLProvider",
      "iam:CreateServiceLinkedRole",
      "iam:CreateServiceSpecificCredential",
      "iam:CreateUser",
      "iam:CreateVirtualMFADevice",
      "iam:DeactivateMFADevice",
      "iam:DeleteAccessKey",
      "iam:DeleteAccountAlias",
      "iam:DeleteAccountPasswordPolicy",
      "iam:DeleteGroup",
      "iam:DeleteGroupPolicy",
      "iam:DeleteInstanceProfile",
      "iam:DeleteLoginProfile",
      "iam:DeleteOpenIDConnectProvider",
      "iam:DeletePolicy",
      "iam:DeletePolicyVersion",
      "iam:DeleteRole",
      "iam:DeleteRolePermissionsBoundary",
      "iam:DeleteRolePolicy",
      "iam:DeleteSAMLProvider",
      "iam:DeleteServerCertificate",
      "iam:DeleteServiceLinkedRole",
      "iam:DeleteServiceSpecificCredential",
      "iam:DeleteSigningCertificate",
      "iam:DeleteSSHPublicKey",
      "iam:DeleteUser",
      "iam:DeleteUserPermissionsBoundary",
      "iam:DeleteUserPolicy",
      "iam:DeleteVirtualMFADevice",
      "iam:DetachGroupPolicy",
      "iam:DetachRolePolicy",
      "iam:DetachUserPolicy",
      "iam:EnableMFADevice",
      "iam:PassRole",
      "iam:PutGroupPolicy",
      "iam:PutRolePermissionsBoundary",
      "iam:PutRolePolicy",
      "iam:PutUserPermissionsBoundary",
      "iam:PutUserPolicy",
      "iam:RemoveClientIDFromOpenIDConnectProvider",
      "iam:RemoveRoleFromInstanceProfile",
      "iam:RemoveUserFromGroup",
      "iam:ResetServiceSpecificCredential",
      "iam:ResyncMFADevice",
      "iam:SetDefaultPolicyVersion",
      "iam:SetSecurityTokenServicePreferences",
      "iam:UpdateAccessKey",
      "iam:UpdateAccountPasswordPolicy",
      "iam:UpdateAssumeRolePolicy",
      "iam:UpdateGroup",
      "iam:UpdateLoginProfile",
      "iam:UpdateOpenIDConnectProviderThumbprint",
      "iam:UpdateRole",
      "iam:UpdateRoleDescription",
      "iam:UpdateSAMLProvider",
      "iam:UpdateServerCertificate",
      "iam:UpdateServiceSpecificCredential",
      "iam:UpdateSigningCertificate",
      "iam:UpdateSSHPublicKey",
      "iam:UpdateUser",
      "iam:UploadServerCertificate",
      "iam:UploadSigningCertificate",
      "iam:UploadSSHPublicKey"
    ],
    "read-config": [
      "iam:GetAccountAuthorizationDetails",
      "iam:GetAccountPasswordPolicy",
      "iam:GetContextKeysForCustomPolicy",
      "iam:GetContextKeysForPrincipalPolicy",
      "iam:GetGroup",
      "iam:GetGroupPolicy",
      "iam:GetInstanceProfile",
      "iam:GetLoginProfile",
      "iam:GetOpenIDConnectProvider",
      "iam:GetPolicy",
      "iam:GetPolicyVersion",
      "iam:GetRole",
      "iam:GetRolePolicy",
      "iam:GetSAMLProvider",
      "iam:GetServerCertificate",
      "iam:GetSSHPublicKey",
      "iam:GetUser",
      "iam:GetUserPolicy",
      "iam:ListAccessKeys",
      "iam:ListAccountAliases",
      "iam:ListAttachedGroupPolicies",
      "iam:ListAttachedRolePolicies",
      "iam:ListAttachedUserPolicies",
      "iam:ListEntitiesForPolicy",
      "iam:ListGroupPolicies",
      "iam:ListGroups",
      "iam:ListGroupsForUser",
      "iam:ListInstanceProfiles",
      "iam:ListInstanceProfilesForRole",
      "iam:ListMFADevices",
      "iam:ListOpenIDConnectProviders",
      "iam:ListPolicies",
      "iam:ListPoliciesGrantingServiceAccess",
      "iam:ListPolicyVersions",
      "iam:ListRolePolicies",
      "iam:ListRoles",
      "iam:ListRoleTags",
      "iam:ListSAMLProviders",
      "iam:ListServerCertificates",
      "iam:ListServiceSpecificCredentials",
      "iam:ListSigningCertificates",
      "iam:ListSSHPublicKeys",
      "iam:ListUserPolicies",
      "iam:ListUsers",
      "iam:ListUserTags",
      "iam:ListVirtualMFADevices"
    ],
    "read-data": [
      "iam:GenerateCredentialReport",
      "iam:GenerateOrganizationsAccessReport",
      "iam:GenerateServiceLastAccessedDetails",
      "iam:GetAccessKeyLastUsed",
      "iam:GetAccountSummary",
      "iam:GetCredentialReport",
      "iam:GetOrganizationsAccessReport",
      "iam:GetServiceLastAccessedDetails",
      "iam:GetServiceLastAccessedDetailsWithEntities",
      "iam:GetServiceLinkedRoleDeletionStatus",
      "iam:SimulateCustomPolicy",
      "iam:SimulatePrincipalPolicy"
    ],
    "write-data": [
      "iam:AddClientIDToOpenIDConnectProvider",
      "iam:TagRole",
      "iam:TagUser",
      "iam:UntagRole",
      "iam:UntagUser"
    ]
  },
  "KMS": {
    "administer-resource": [
      "kms:CancelKeyDeletion",
      "kms:ConnectCustomKeyStore",
      "kms:CreateAlias",
      "kms:CreateCustomKeyStore",
      "kms:CreateGrant",
      "kms:CreateKey",
      "kms:DeleteAlias",
      "kms:DisableKey",
      "kms:DisableKeyRotation",
      "kms:DisconnectCustomKeyStore",
      "kms:EnableKey",
      "kms:EnableKeyRotation",
      "kms:PutKeyPolicy",
      "kms:RetireGrant",
      "kms:RevokeGrant",
      "kms:ScheduleKeyDeletion",
      "kms:TagResource",
      "kms:UntagResource",
      "kms:UpdateAlias",
      "kms:UpdateCustomKeyStore",
      "kms:UpdateKeyDescription"
    ],
    "delete-data": [
      "kms:DeleteCustomKeyStore",
      "kms:DeleteImportedKeyMaterial"
    ],
    "read-config": [
      "kms:DescribeCustomKeyStores",
      "kms:DescribeKey",
      "kms:GetKeyPolicy",
      "kms:GetKeyRotationStatus",
      "kms:GetParametersForImport",
      "kms:GetPublicKey",
      "kms:ListAliases",
      "kms:ListGrants",
      "kms:ListKeyPolicies",
      "kms:ListKeys",
      "kms:ListResourceTags",
      "kms:ListRetirableGrants"
    ],
    "read-data": [
      "kms:Decrypt",
      "kms:Verify"
    ],
    "write-data": [
      "kms:Encrypt",
      "kms:GenerateDataKey",
      "kms:GenerateDataKeyPair",
      "kms:GenerateDataKeyPairWithoutPlaintext",
      "kms:GenerateDataKeyWithoutPlaintext",
      "kms:GenerateRandom",
      "kms:ImportKeyMaterial",
      "kms:ReEncryptFrom",
      "kms:ReEncryptTo",
      "kms:Sign"
    ]
  },
  "RDS": {
    "administer-resource": [
      "rds:AddRoleToDBCluster",
      "rds:AddRoleToDBInstance",
      "rds:AddSourceIdentifierToSubscription",
      "rds:AddTagsToResource",
      "rds:ApplyPendingMaintenanceAction",
      "rds:AuthorizeDBSecurityGroupIngress",
      "rds:BacktrackDBCluster",
      "rds:CopyDBClusterParameterGroup",
      "rds:CopyDBClusterSnapshot",
      "rds:CopyDBParameterGroup",
      "rds:CopyDBSnapshot",
      "rds:CopyOptionGroup",
      "rds:CreateDBCluster",
      "rds:CreateDBClusterEndpoint",
      "rds:CreateDBClusterParameterGroup",
      "rds:CreateDBClusterSnapshot",
      "rds:CreateDBInstance",
      "rds:CreateDBInstanceReadReplica",
      "rds:CreateDBParameterGroup",
      "rds:CreateDBProxy",
      "rds:CreateDBSecurityGroup",
      "rds:CreateDBSnapshot",
      "rds:CreateDBSubnetGroup",
      "rds:CreateEventSubscription",
      "rds:CreateGlobalCluster",
      "rds:CreateOptionGroup",
      "rds:DeleteDBCluster",
      "rds:DeleteDBClusterEndpoint",
      "rds:DeleteDBClusterParameterGroup",
      "rds:DeleteDBInstance",
      "rds:DeleteDBParameterGroup",
      "rds:DeleteDBProxy",
      "rds:DeleteDBSecurityGroup",
      "rds:DeleteDBSubnetGroup",
      "rds:DeleteEventSubscription",
      "rds:DeleteGlobalCluster",
      "rds:DeregisterDBProxyTargets",
      "rds:FailoverDBCluster",
      "rds:ModifyCurrentDBClusterCapacity",
      "rds:ModifyDBCluster",
      "rds:ModifyDBClusterEndpoint",
      "rds:ModifyDBClusterParameterGroup",
      "rds:ModifyDBClusterSnapshotAttribute",
      "rds:ModifyDBInstance",
      "rds:ModifyDBParameterGroup",
      "rds:ModifyDBProxy",
      "rds:ModifyDBProxyTargetGroup",
      "rds:ModifyDBSnapshot",
      "rds:ModifyDBSnapshotAttribute",
      "rds:ModifyDBSubnetGroup",
      "rds:ModifyEventSubscription",
      "rds:ModifyGlobalCluster",
      "rds:ModifyOptionGroup",
      "rds:PromoteReadReplica",
      "rds:PromoteReadReplicaDBCluster",
      "rds:PurchaseReservedDBInstancesOffering",
      "rds:RebootDBInstance",
      "rds:RegisterDBProxyTargets",
      "rds:RemoveFromGlobalCluster",
      "rds:RemoveRoleFromDBCluster",
      "rds:RemoveRoleFromDBInstance",
      "rds:RemoveSourceIdentifierFromSubscription",
      "rds:RemoveTagsFromResource",
      "rds:ResetDBClusterParameterGroup",
      "rds:ResetDBParameterGroup",
      "rds:RestoreDBClusterFromS3",
      "rds:RestoreDBClusterFromSnapshot",
      "rds:RestoreDBClusterToPointInTime",
      "rds:RestoreDBInstanceFromDBSnapshot",
      "rds:RestoreDBInstanceFromS3",
      "rds:RestoreDBInstanceToPointInTime",
      "rds:RevokeDBSecurityGroupIngress",
      "rds:StartActivityStream",
      "rds:StartDBCluster",
      "rds:StartDBInstance",
      "rds:StopActivityStream",
      "rds:StopDBCluster",
      "rds:StopDBInstance"
    ],
    "delete-data": [
      "rds:DeleteDBCluster",
      "rds:DeleteDBClusterSnapshot",
      "rds:DeleteDBInstance",
      "rds:DeleteDBInstanceAutomatedBackup",
      "rds:DeleteDBSnapshot",
      "rds:DeleteGlobalCluster",
      "rds:DeleteOptionGroup"
    ],
    "read-config": [
      "rds:DescribeAccountAttributes",
      "rds:DescribeCertificates",
      "rds:DescribeDBClusterBacktracks",
      "rds:DescribeDBClusterEndpoints",
      "rds:DescribeDBClusterParameterGroups",
      "rds:DescribeDBClusterParameters",
      "rds:DescribeDBClusters",
      "rds:DescribeDBClusterSnapshotAttributes",
      "rds:DescribeDBClusterSnapshots",
      "rds:DescribeDBEngineVersions",
      "rds:DescribeDBInstanceAutomatedBackups",
      "rds:DescribeDBInstances",
      "rds:DescribeDBLogFiles",
      "rds:DescribeDBParameterGroups",
      "rds:DescribeDBParameters",
      "rds:DescribeDBProxies",
      "rds:DescribeDBProxyTargetGroups",
      "rds:DescribeDBProxyTargets",
      "rds:DescribeDBSecurityGroups",
      "rds:DescribeDBSnapshotAttributes",
      "rds:DescribeDBSnapshots",
      "rds:DescribeDBSubnetGroups",
      "rds:DescribeEngineDefaultClusterParameters",
      "rds:DescribeEngineDefaultParameters",
      "rds:DescribeEventCategories",
      "rds:DescribeEvents",
      "rds:DescribeEventSubscriptions",
      "rds:DescribeExportTasks",
      "rds:DescribeGlobalClusters",
      "rds:DescribeOptionGroupOptions",
      "rds:DescribeOptionGroups",
      "rds:DescribeOrderableDBInstanceOptions",
      "rds:DescribePendingMaintenanceActions",
      "rds:DescribeReservedDBInstances",
      "rds:DescribeReservedDBInstancesOfferings",
      "rds:DescribeSourceRegions",
      "rds:DescribeValidDBInstanceModifications",
      "rds:ListTagsForResource"
    ],
    "read-data": [
      "rds:CrossRegionCommunication",
      "rds:DownloadCompleteDBLogFile",
      "rds:DownloadDBLogFilePortion",
      "rds:RestoreDBClusterFromSnapshot",
      "rds:RestoreDBInstanceFromDBSnapshot"
    ],
    "write-data": [
      "rds:CancelExportTask",
      "rds:CreateDBClusterSnapshot",
      "rds:CreateDBSnapshot",
      "rds:CrossRegionCommunication",
      "rds:StartExportTask"
    ]
  },
  "RDS Data": {
    "write-data": [
      "rds-data:BatchExecuteStatement",
      "rds-data:BeginTransaction",
      "rds-data:CommitTransaction",
      "rds-data:ExecuteSql",
      "rds-data:ExecuteStatement",
      "rds-data:RollbackTransaction"
    ]
  },
  "RDS DB": {
    "use-resource": [
      "rds-db:connect"
    ]
  },
  "Redshift": {
    "administer-resource": [
      "redshift:AcceptReservedNodeExchange",
      "redshift:AuthorizeClusterSecurityGroupIngress",
      "redshift:AuthorizeSnapshotAccess",
      "redshift:BatchDeleteClusterSnapshots",
      "redshift:BatchModifyClusterSnapshots",
      "redshift:CancelQuerySession",
      "redshift:CancelResize",
      "redshift:CopyClusterSnapshot",
      "redshift:CreateCluster",
      "redshift:CreateClusterParameterGroup",
      "redshift:CreateClusterSecurityGroup",
      "redshift:CreateClusterSnapshot",
      "redshift:CreateClusterSubnetGroup",
      "redshift:CreateClusterUser",
      "redshift:CreateEventSubscription",
      "redshift:CreateHsmClientCertificate",
      "redshift:CreateHsmConfiguration",
      "redshift:CreateSnapshotCopyGrant",
      "redshift:CreateSnapshotSchedule",
      "redshift:DeleteCluster",
      "redshift:DeleteClusterParameterGroup",
      "redshift:DeleteClusterSecurityGroup",
      "redshift:DeleteClusterSnapshot",
      "redshift:DeleteClusterSubnetGroup",
      "redshift:DeleteEventSubscription",
      "redshift:DeleteHsmClientCertificate",
      "redshift:DeleteHsmConfiguration",
      "redshift:DeleteSnapshotCopyGrant",
      "redshift:DeleteSnapshotSchedule",
      "redshift:DisableLogging",
      "redshift:DisableSnapshotCopy",
      "redshift:EnableLogging",
      "redshift:EnableSnapshotCopy",
      "redshift:JoinGroup",
      "redshift:ModifyCluster",
      "redshift:ModifyClusterDbRevision",
      "redshift:ModifyClusterIamRoles",
      "redshift:ModifyClusterMaintenance",
      "redshift:ModifyClusterParameterGroup",
      "redshift:ModifyClusterSnapshot",
      "redshift:ModifyClusterSnapshotSchedule",
      "redshift:ModifyClusterSubnetGroup",
      "redshift:ModifyEventSubscription",
      "redshift:ModifyScheduledAction",
      "redshift:ModifySnapshotCopyRetentionPeriod",
      "redshift:ModifySnapshotSchedule",
      "redshift:PauseCluster",
      "redshift:PurchaseReservedNodeOffering",
      "redshift:RebootCluster",
      "redshift:ResetClusterParameterGroup",
      "redshift:ResizeCluster",
      "redshift:RestoreFromClusterSnapshot",
      "redshift:RestoreTableFromClusterSnapshot",
      "redshift:ResumeCluster",
      "redshift:RevokeClusterSecurityGroupIngress",
      "redshift:RevokeSnapshotAccess",
      "redshift:RotateEncryptionKey"
    ],
    "delete-data": [
      "redshift:BatchDeleteClusterSnapshots",
      "redshift:DeleteCluster",
      "redshift:DeleteClusterSnapshot"
    ],
    "read-config": [
      "redshift:DescribeAccountAttributes",
      "redshift:DescribeClusterDbRevisions",
      "redshift:DescribeClusterParameterGroups",
      "redshift:DescribeClusterParameters",
      "redshift:DescribeClusters",
      "redshift:DescribeClusterSecurityGroups",
      "redshift:DescribeClusterSnapshots",
      "redshift:DescribeClusterSubnetGroups",
      "redshift:DescribeClusterTracks",
      "redshift:DescribeClusterVersions",
      "redshift:DescribeDefaultClusterParameters",
      "redshift:DescribeEventCategories",
      "redshift:DescribeEvents",
      "redshift:DescribeEventSubscriptions",
      "redshift:DescribeHsmClientCertificates",
      "redshift:DescribeHsmConfigurations",
      "redshift:DescribeLoggingStatus",
      "redshift:DescribeNodeConfigurationOptions",
      "redshift:DescribeOrderableClusterOptions",
      "redshift:DescribeQuery",
      "redshift:DescribeReservedNodeOfferings",
      "redshift:DescribeReservedNodes",
      "redshift:DescribeResize",
      "redshift:DescribeSavedQueries",
      "redshift:DescribeScheduledActions",
      "redshift:DescribeSnapshotCopyGrants",
      "redshift:DescribeSnapshotSchedules",
      "redshift:DescribeStorage",
      "redshift:DescribeTable",
      "redshift:DescribeTableRestoreStatus",
      "redshift:DescribeTags",
      "redshift:GetReservedNodeExchangeOfferings",
      "redshift:ListDatabases",
      "redshift:ListSavedQueries",
      "redshift:ListSchemas",
      "redshift:ListTables"
    ],
    "read-data": [
      "redshift:FetchResults",
      "redshift:ViewQueriesFromConsole"
    ],
    "use-resource": [
      "redshift:GetClusterCredentials"
    ],
    "write-data": [
      "redshift:CancelQuery",
      "redshift:CopyClusterSnapshot",
      "redshift:CreateSavedQuery",
      "redshift:CreateScheduledAction",
      "redshift:CreateTags",
      "redshift:DeleteSavedQueries",
      "redshift:DeleteScheduledAction",
      "redshift:DeleteTags",
      "redshift:ExecuteQuery",
      "redshift:ModifySavedQuery",
      "redshift:ViewQueriesInConsole"
    ]
  },
  "S3": {
    "administer-resource": [
      "s3:DeleteBucket",
      "s3:DeleteBucketPolicy",
      "s3:DeleteBucketWebsite",
      "s3:ObjectOwnerOverrideToBucketOwner",
      "s3:PutAccelerateConfiguration",
      "s3:PutAnalyticsConfiguration",
      "s3:PutBucketAcl",
      "s3:PutBucketCORS",
      "s3:PutBucketLogging",
      "s3:PutBucketNotification",
      "s3:PutBucketObjectLockConfiguration",
      "s3:PutBucketOwnershipControls",
      "s3:PutBucketPolicy",
      "s3:PutBucketPublicAccessBlock",
      "s3:PutBucketRequestPayment",
      "s3:PutBucketTagging",
      "s3:PutBucketVersioning",
      "s3:PutBucketWebsite",
      "s3:PutEncryptionConfiguration",
      "s3:PutIntelligentTieringConfiguration",
      "s3:PutInventoryConfiguration",
      "s3:PutLifecycleConfiguration",
      "s3:PutMetricsConfiguration",
      "s3:PutObjectAcl",
      "s3:PutObjectLegalHold",
      "s3:PutObjectRetention",
      "s3:PutObjectVersionAcl",
      "s3:PutReplicationConfiguration"
    ],
    "delete-data": [
      "s3:DeleteObject",
      "s3:DeleteObjectTagging",
      "s3:DeleteObjectVersion",
      "s3:DeleteObjectVersionTagging"
    ],
    "read-config": [
      "s3:GetAccelerateConfiguration",
      "s3:GetAnalyticsConfiguration",
      "s3:GetBucketAcl",
      "s3:GetBucketCORS",
      "s3:GetBucketLocation",
      "s3:GetBucketLogging",
      "s3:GetBucketNotification",
      "s3:GetBucketObjectLockConfiguration",
      "s3:GetBucketOwnershipControls",
      "s3:GetBucketPolicy",
      "s3:GetBucketPolicyStatus",
      "s3:GetBucketPublicAccessBlock",
      "s3:GetBucketRequestPayment",
      "s3:GetBucketTagging",
      "s3:GetBucketVersioning",
      "s3:GetBucketWebsite",
      "s3:GetEncryptionConfiguration",
      "s3:GetIntelligentTieringConfiguration",
      "s3:GetInventoryConfiguration",
      "s3:GetLifecycleConfiguration",
      "s3:GetMetricsConfiguration",
      "s3:GetObjectAcl",
      "s3:GetObjectAttributes",
      "s3:GetObjectLegalHold",
      "s3:GetObjectRetention",
      "s3:GetObjectTagging",
      "s3:GetObjectVersionAcl",
      "s3:GetObjectVersionAttributes",
      "s3:GetObjectVersionTagging",
      "s3:GetReplicationConfiguration",
      "s3:ListBucketMultipartUploads",
      "s3:ListBucketVersions",
      "s3:ListMultipartUploadParts"
    ],
    "read-data": [
      "s3:GetObject",
      "s3:GetObjectTorrent",
      "s3:GetObjectVersion",
      "s3:GetObjectVersionForReplication",
      "s3:GetObjectVersionTorrent",
      "s3:ListBucket"
    ],
    "write-data": [
      "s3:AbortMultipartUpload",
      "s3:InitiateReplication",
      "s3:PutBucketTagging",
      "s3:PutObject",
      "s3:PutObjectTagging",
      "s3:PutObjectVersionTagging",
      "s3:ReplicateDelete",
      "s3:ReplicateObject",
      "s3:ReplicateTags",
      "s3:RestoreObject"
    ]
  },
  "SQS": {
    "administer-resource": [
      "sqs:AddPermission",
      "sqs:CancelMessageMoveTask",
      "sqs:CreateQueue",
      "sqs:DeleteQueue",
      "sqs:PurgeQueue",
      "sqs:RemovePermission",
      "sqs:SetQueueAttributes",
      "sqs:StartMessageMoveTask",
      "sqs:TagQueue",
      "sqs:UntagQueue"
    ],
    "delete-data": [
      "sqs:DeleteMessage",
      "sqs:DeleteQueue",
      "sqs:PurgeQueue"
    ],
    "read-config": [
      "sqs:GetQueueAttributes",
      "sqs:GetQueueUrl",
      "sqs:ListDeadLetterSourceQueues",
      "sqs:ListMessageMoveTasks",
      "sqs:ListQueues",
      "sqs:ListQueueTags"
    ],
    "read-data": [
      "sqs:ReceiveMessage"
    ],
    "write-data": [
      "sqs:ChangeMessageVisibility",
      "sqs:SendMessage"
    ]
  },
  "STS": {
    "read-data": [
      "sts:GetAccessKeyInfo",
      "sts:GetCallerIdentity",
      "sts:GetFederationToken",
      "sts:GetServiceBearerToken",
      "sts:GetSessionToken"
    ],
    "use-resource": [
      "sts:AssumeRole",
      "sts:AssumeRoleWithSAML",
      "sts:AssumeRoleWithWebIdentity"
    ],
    "write-data": [
      "sts:DecodeAuthorizationMessage",
      "sts:TagSession"
    ]
  }
}