docs: Add 'Required Permissions' sections to table docs

.gitignore

@@ -37,4 +37,7 @@ node_modules
 .vscode/
 
 # Ignore dist folders
-dist/
+dist/
+
+# Claude Code work in progress
+.claude/wip/

docs/tables/aws_accessanalyzer_analyzer.md

@@ -12,6 +12,16 @@ The AWS Access Analyzer is a service that helps to identify resources in your or
 
 The `aws_accessanalyzer_analyzer` table in Steampipe provides you with information about analyzers within AWS IAM Access Analyzer. This table allows you, as a DevOps engineer, to query analyzer-specific details, including the analyzer ARN, type, status, and associated metadata. You can utilize this table to gather insights on analyzers, such as the status of each analyzer, the type of analyzer, and the resource that was analyzed. The schema outlines the various attributes of the Access Analyzer for you, including the analyzer ARN, creation time, last resource scanned, and associated tags.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `access-analyzer:ListAnalyzers` | Required to list analyzers |
+| `access-analyzer:GetAnalyzer` | Required to get analyzer details |
+| `access-analyzer:ListFindings` | Required to retrieve findings for an analyzer |
+
 ## Examples
 
 ### Basic info

docs/tables/aws_accessanalyzer_finding.md

@@ -12,6 +12,15 @@ AWS Access Analyzer findings provide detailed information about potential securi
 
 The `aws_accessanalyzer_finding` table in Steampipe allows you to query information related to findings from the AWS IAM Access Analyzer. This table is essential for security and compliance teams, enabling them to identify, analyze, and manage findings related to resource access policies. Through this table, users can access detailed information about each finding, including the actions involved, the condition that led to the finding, the resource and principal involved, and the finding's status. By leveraging this table, you can efficiently address security and compliance issues in your AWS environment.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `access-analyzer:ListFindings` | Required to list findings |
+| `access-analyzer:GetFinding` | Required to get finding details |
+
 ## Examples
 
 ### Basic Info

docs/tables/aws_account.md

@@ -12,6 +12,15 @@ The AWS Account is a container for AWS resources. It is used to sign up for, org
 
 The `aws_account` table in Steampipe provides you with information about your AWS Account. This table allows you, as a DevOps engineer, to query account-specific details, including the account status, owner, and associated resources. You can utilize this table to gather insights on your AWS account, such as the account's ARN, creation date, email address, and more. The schema outlines the various attributes of your AWS account, including the account ID, account alias, and whether your account is a root account.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `iam:ListAccountAliases` | Required to list account aliases |
+| `organizations:DescribeOrganization` | Required to get organization details (optional) |
+
 ## Examples
 
 ### Basic AWS account info

docs/tables/aws_account_alternate_contact.md

@@ -12,6 +12,14 @@ The AWS Account Alternate Contact is a feature that allows you to designate addi
 
 The `aws_account_alternate_contact` table in Steampipe provides you with information about the alternate contacts associated with your AWS account. You can use this table to query alternate contact-specific details, including the contact type, name, title, email, and phone number if you're a DevOps engineer or an AWS administrator. You can use this table to gather insights on alternate contacts, such as their role in the organization, their contact information, and more. The schema outlines the various attributes of your AWS Account Alternate Contact, including the account id, contact type, name, title, email, and phone number.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `account:GetAlternateContact` | Required to get alternate contact information |
+
 **Important Notes**
 This table supports the optional list key column `linked_account_id`, which comes with the following requirements:
 - You must be an identity in the [organization's management account](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account) or a delegated administrator account.

docs/tables/aws_account_contact.md

@@ -12,6 +12,14 @@ The AWS Account Contact is a resource that stores contact information associated
 
 The `aws_account_contact` table in Steampipe provides you with information about contact details associated with an AWS account. This table allows you, as a DevOps engineer, to query contact-specific details, including email, mobile, and address information. You can utilize this table to gather insights on AWS account contact details, such as verification of contact information, understanding the geographical distribution of accounts, and more. The schema outlines the various attributes of the AWS account contact for you, including the account ID, address, email, fax, and phone number.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `account:GetContactInformation` | Required to get contact information |
+
 **Important Notes**
 This table supports the optional list key column `linked_account_id`, with the following requirements:
 - The caller must be an identity in the [organization's management account](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account) or a delegated administrator account.

docs/tables/aws_acm_certificate.md

@@ -12,7 +12,16 @@ The AWS Certificate Manager (ACM) is a service that lets you easily provision, m
 
 The `aws_acm_certificate` table in Steampipe provides you with information about certificates within AWS Certificate Manager (ACM). This table allows you, as a DevOps engineer, to query certificate-specific details, including domain name, status, issuer, and expiration data. You can utilize this table to gather insights on certificates, such as certificate status, verification of issuer, and more. The schema outlines the various attributes of the ACM certificate for you, including the certificate ARN, creation date, domain name, and associated tags.
 
+## Required Permissions
 
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `acm:ListCertificates` | Required to list certificates |
+| `acm:DescribeCertificate` | Required to get certificate details |
+| `acm:GetCertificate` | Required to get certificate content |
+| `acm:ListTagsForCertificate` | Required to get certificate tags |
 
 ## Examples
 

docs/tables/aws_acmpca_certificate_authority.md

@@ -12,6 +12,16 @@ The `aws_acmpca_certificate_authority` table provides detailed information about
 
 This table can be utilized to monitor the configuration and operational health of your private certificate authorities managed through AWS ACM PCA. It enables security analysts, compliance auditors, and cloud administrators to assess the certificate authorities' compliance with policies, investigate issuance metadata, and understand the security standards being applied.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `acm-pca:ListCertificateAuthorities` | Required to list certificate authorities |
+| `acm-pca:DescribeCertificateAuthority` | Required to get certificate authority details |
+| `acm-pca:ListTags` | Required to get certificate authority tags |
+
 ## Examples
 
 ### Basic information

docs/tables/aws_amplify_app.md

@@ -12,6 +12,15 @@ The AWS Amplify App is a part of AWS Amplify, a set of tools and services that e
 
 The `aws_amplify_app` table in Steampipe provides you with information about apps within AWS Amplify. This table allows you, as a DevOps engineer, to query app-specific details, including the name, ARN, creation date, last update date, default domain, and associated metadata. You can utilize this table to gather insights on Amplify Apps, such as the apps' status, platform, repository, and more. The schema outlines the various attributes of the Amplify App for you, including the app ID, app ARN, platform, repository, production branch, and associated tags.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `amplify:ListApps` | Required to list Amplify apps |
+| `amplify:GetApp` | Required to get app details |
+
 ## Examples
 
 ### Basic info

docs/tables/aws_api_gateway_account.md

@@ -12,6 +12,14 @@ AWS API Gateway Account represents the account-level settings for Amazon API Gat
 
 The `aws_api_gateway_account` table in Steampipe provides you with information about Account settings within AWS API Gateway. This table allows you, as a DevOps engineer, to query Account-specific details, including throttle settings, CloudWatch role ARN, API key version, and supported features. You can utilize this table to gather insights on Account settings, such as throttle limits, monitoring configuration, and feature availability. The schema outlines the various attributes of the Account for you, including the CloudWatch role ARN, throttle settings, API key version, and supported features.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `apigateway:GET` | Required to get account settings |
+
 ## Examples
 
 ### Basic info

docs/tables/aws_api_gateway_api_key.md

@@ -12,6 +12,14 @@ AWS API Gateway API Keys are used to control and track API usage in Amazon API G
 
 The `aws_api_gateway_api_key` table in Steampipe provides you with information about API Keys within AWS API Gateway. This table allows you, as a DevOps engineer, to query API Key-specific details, including its ID, value, enabled status, and associated metadata. You can utilize this table to gather insights on API Keys, such as keys that are enabled, keys associated with specific stages, and more. The schema outlines the various attributes of the API Key for you, including the key ID, creation date, enabled status, and associated tags.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `apigateway:GET` | Required to list and get API keys |
+
 ## Examples
 
 ### API gateway API key basic info

docs/tables/aws_api_gateway_authorizer.md

@@ -12,6 +12,14 @@ The AWS API Gateway Authorizer is a crucial component in Amazon API Gateway that
 
 The `aws_api_gateway_api_authorizer` table in Steampipe provides you with information about API Gateway Authorizers within AWS API Gateway. This table allows you, as a DevOps engineer, to query authorizer-specific details, including the authorizer's ID, name, type, provider ARNs, and other configuration details. You can utilize this table to gather insights on authorizers, such as the authorizer's type, the ARN of the authorizer's provider, and more. The schema outlines the various attributes of the API Gateway Authorizer for you, including the authorizer's ID, name, type, provider ARNs, and associated metadata.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `apigateway:GET` | Required to list and get authorizers |
+
 ## Examples
 
 ### API gateway API authorizer basic info

docs/tables/aws_api_gateway_domain_name.md

@@ -12,6 +12,14 @@ The AWS API Gateway Domain Name is a component of Amazon's API Gateway service t
 
 The `aws_api_gateway_domain_name` table in Steampipe provides you with information about domain names within AWS API Gateway. This table allows you, as a DevOps engineer, to query domain-specific details, including the domain name, certificate details, and the associated API. You can utilize this table to gather insights on domains, such as the domain's endpoint configuration, the type of certificate used, and the API it's associated with. The schema outlines the various attributes of the domain name for you, including the domain name, certificate upload date, certificate ARN, and endpoint configuration.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `apigateway:GET` | Required to list and get domain names |
+
 ## Examples
 
 ### Basic info

docs/tables/aws_api_gateway_method.md

@@ -12,6 +12,14 @@ Represents a client-facing interface by which the client calls the API to access
 
 The `aws_api_gateway_method` table in Steampipe allows users to query information about AWS API Gateway Methods. These methods represent client-facing interfaces for accessing back-end resources. Users can retrieve details such as the REST API ID, resource ID, HTTP method, path, and whether API key authorization is required. Additionally, users can query methods with specific criteria, such as HTTP method type or authorization type.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `apigateway:GET` | Required to list resources and get method details |
+
 ## Examples
 
 ### Basic info

docs/tables/aws_api_gateway_rest_api.md

@@ -12,6 +12,14 @@ The AWS API Gateway Rest API is a fully managed service that makes it easy for d
 
 The `aws_api_gateway_rest_api` table in Steampipe provides you with information about API Gateway REST APIs within AWS API Gateway. This table allows you, as a DevOps engineer, to query REST API-specific details, including the API's name, description, id, and created date. You can utilize this table to gather insights on APIs, such as their deployment status, endpoint configurations, and more. The schema outlines the various attributes of the API Gateway REST API for you, including the API's ARN, created date, endpoint configuration, and associated tags.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `apigateway:GET` | Required to list and get REST APIs |
+
 ## Examples
 
 ### API gateway rest API basic info

docs/tables/aws_api_gateway_stage.md

@@ -12,6 +12,14 @@ The AWS API Gateway Stages are crucial parts of the API Gateway service that hel
 
 The `aws_api_gateway_stage` table in Steampipe provides you with information about stages within AWS API Gateway. This table allows you, as a DevOps engineer, to query stage-specific details, including the associated deployment, API, stage description, and associated metadata. You can utilize this table to gather insights on stages, such as the stage's deployment ID, the associated API, stage settings, and more. The schema outlines the various attributes of the API Gateway stage for you, including the stage name, deployment ID, API ID, created date, and associated tags.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `apigateway:GET` | Required to list and get stages |
+
 ## Examples
 
 ### Count of stages per rest APIs

docs/tables/aws_api_gateway_usage_plan.md

@@ -12,6 +12,14 @@ The AWS API Gateway Usage Plans are a feature of Amazon API Gateway that allows
 
 The `aws_api_gateway_usage_plan` table in Steampipe provides you with information about usage plans within AWS API Gateway. This table allows you, as a DevOps engineer, to query usage plan specific details, including associated API stages, throttle and quota limits, and associated metadata. You can utilize this table to gather insights on usage plans, such as plans with specific rate limits, the number of requests your clients can make per a given period, and more. The schema outlines the various attributes of the usage plan, including the plan ID, name, description, associated API keys, and associated tags for you.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `apigateway:GET` | Required to list and get usage plans |
+
 ## Examples
 
 ### Basic info

docs/tables/aws_api_gatewayv2_api.md

@@ -12,6 +12,14 @@ The AWS API Gateway is a fully managed service that makes it easy for developers
 
 The `aws_api_gatewayv2_api` table in Steampipe provides you with information about APIs within AWS API Gateway. This table allows you, as a DevOps engineer, to query API-specific details, including the API ID, name, protocol type, route selection expression, and associated tags. You can utilize this table to gather insights on APIs, such as their configuration details, associated resources, and more. The schema outlines the various attributes of the API for you, including the API key selection expression, CORS configuration, created date, and description.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `apigateway:GET` | Required to list and get APIs |
+
 ## Examples
 
 ### Basic info

docs/tables/aws_api_gatewayv2_domain_name.md

@@ -12,6 +12,14 @@ The AWS API Gateway Domain Name is a component of Amazon API Gateway that you as
 
 The `aws_api_gatewayv2_domain_name` table in Steampipe provides you with information about each domain name within the AWS API Gateway Service. This table allows you to query domain name details, including associated API mappings, security policy, and associated tags. The schema outlines the various attributes of the domain name for you, including the domain name ARN, domain name, endpoint type, and associated tags.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `apigateway:GET` | Required to list and get domain names |
+
 ## Examples
 
 ### Basic info

docs/tables/aws_api_gatewayv2_integration.md

@@ -12,6 +12,14 @@ The AWS API Gateway Integrations is a feature within the Amazon API Gateway serv
 
 The `aws_api_gatewayv2_integration` table in Steampipe provides you with information about each integration within AWS API Gateway. This table allows you as a DevOps engineer to query integration-specific details, including the integration type, API Gateway ID, integration method, and more. You can utilize this table to gather insights on integrations, such as integration protocols, request templates, and connection type. The schema outlines the various attributes of the integration for you, including the integration ID, integration response selection expression, integration subtype, and associated tags.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `apigateway:GET` | Required to list and get integrations |
+
 ## Examples
 
 ### Basic info

docs/tables/aws_api_gatewayv2_route.md

@@ -12,6 +12,14 @@ The AWS API Gateway V2 Routes is a feature within the Amazon API Gateway service
 
 The `aws_api_gatewayv2_route` table in Steampipe provides you with information about routes within AWS API Gateway V2. This table allows you, as a DevOps engineer, to query route-specific details, including the route key, route response selection expression, and target. You can utilize this table to gather insights on routes, such as route configurations, route response behaviors, and more. The schema outlines the various attributes of the route for you, including the API identifier, route ID, route key, and associated metadata.
 
+## Required Permissions
+
+This table requires the following IAM permissions:
+
+| Permission | Description |
+|------------|-------------|
+| `apigateway:GET` | Required to list and get routes |
+
 ## Examples
 
 ### Basic info