Skip to main content

List of policies actions

CK

ActionDescriptionResource typesCondition keys
AbortMultipartUploadInStepGrants permission to abort a multipart upload in a stepstepck:Roles
CompleteMultipartUploadInStepGrants permission to complete a multipart upload in a stepstepck:Roles
CreateKitGrants permission to create a kitkit
CreateMultipartUploadInStepGrants permission to create a multipart upload in a stepstepck:Roles
DeleteKitGrants permission to delete a kitkit
ExecuteKitGrants permission to execute a kitkit
ExecuteStepGrants permission to execute a stepstepck:Roles
GetExecutedProcessGrants permission to retrieve an executed processexecuted-processck:Roles
GetKitGrants permission to retrieve a kitkit
GetObjectInStepGrants permission to download an object in a stepstepck:Roles
GetStepGrants permission to retrieve a stepstepck:Roles
ListAuditLogsGrants permission to ListAuditLogs
ListExecutedProcessesGrants permission to list all executed processes
ListKitsExecutedProcessesGrants permission to list executed processes on a kitkit
ListKitsGrants permission to list all kits
ListKitsStatsGrants permission to list all kits' statistics
ListObjectVersionsInStepGrants permission to list object's versions in a stepstepck:Roles
PutObjectInStepGrants permission to upload an object in a stepstepck:Roles
UpdateKitGrants permission to update a kitkit
UpdateStepStatusGrants permission to update the status of a stepstepck:Roles
UpdateStepRolesGrants permission to update the roles in a stepstepck:Roles
UploadPartInStepGrants permission to upload a part in a stepstepck:Roles

IAM

ActionDescriptionResource typesCondition keys
AddClientIDToOpenIDConnectProviderGrants permission to add a new client ID (audience) to the list of registered IDs for the specified IAM OpenID Connect (OIDC) provider resourceoidc-provider
AddUserToGroupGrants permission to add an IAM user to the specified IAM groupgroup
AttachGroupPolicyGrants permission to attach a managed policy to the specified IAM groupgroup
CreateAccessKeyGrants permission to create access key and secret access key for the specified IAM useruser
CreateGroupGrants permission to create a new groupgroup
CreateOpenIDConnectProviderGrants permission to create an IAM resource that describes an identity provider (IdP) that supports OpenID Connect (OIDC)oidc-provider
CreatePolicyGrants permission to create a new managed policypolicy
CreatePolicyVersionGrants permission to create a new version of the specified managed policypolicy
CreateUserGrants permission to create a new IAM useruseriam:PermissionsBoundary
DeleteAccessKeyGrants permission to delete the access key pair that is associated with the specified IAM useruser
DeleteGroupGrants permission to delete the specified IAM groupgroup
DeleteOpenIDConnectProviderGrants permission to delete an OpenID Connect identity provider (IdP) resource object in IAMoidc-provider
DeletePolicyGrants permission to delete the specified managed policy and remove it from any IAM entities (users, groups, or roles) to which it is attachedpolicy
DeletePolicyVersionGrants permission to delete a version from the specified managed policypolicy
DeleteUserGrants permission to delete the specified IAM useruser
DeleteUserPermissionsBoundaryGrants permission to remove the permissions boundary from the specified IAM useruseriam:PermissionsBoundary
DetachGroupPolicyGrants permission to detach a managed policy from the specified IAM groupgroup
GetOpenIDConnectProviderGrants permission to retrieve information about the specified OpenID Connect (OIDC) provider resource in IAMoidc-provider
GetPolicyGrants permission to retrieve information about the specified managed policy, including the policy's default version and the total number of identities to which the policy is attachedpolicy
GetPolicyVersionGrants permission to retrieve information about a version of the specified managed policy, including the policy documentpolicy
GetUserGrants permission to retrieve information about the specified IAM user, including the user's creation date, path, unique ID, and ARNuser
ListAccessKeysGrants permission to list information about the access key IDs that are associated with the specified IAM useruser
ListAllAccessKeysGrants permission to list information about all access key IDs in the account
ListAttachedGroupPoliciesGrants permission to list all managed policies that are attached to the specified IAM groupgroup
ListEntitiesForPolicyGrants permission to list all IAM identities to which the specified managed policy is attachedpolicy
ListGroupsGrants permission to list the IAM groups that have the specified path prefix
ListGroupsForUserGrants permission to list the IAM groups that the specified IAM user belongs touser
ListOpenIDConnectProvidersGrants permission to list the tags that are attached to the specified OpenID Connect provideroidc-provider
ListPoliciesGrants permission to list all managed policies
ListPolicyVersionsGrants permission to list information about the versions of the specified managed policy, including the version that is currently set as the policy's default versionpolicy
ListUsersGrants permission to list the IAM users that have the specified path prefix
PutUserPermissionsBoundaryGrants permission to set a managed policy as a permissions boundary for an IAM useruseriam:PermissionsBoundary
RemoveClientIDFromOpenIDConnectProviderGrants permission to remove the client ID (audience) from the list of client IDs in the specified IAM OpenID Connect (OIDC) provider resourceoidc-provider
RemoveUserFromGroupGrants permission to remove an IAM user from the specified groupgroup
SetDefaultPolicyVersionGrants permission to set the version of the specified policy as the policy's default versionpolicy
SimulatePrincipalPolicyGrants permission to simulate whether an identity-based policy that is attached to a specified IAM entity (user or role) provides permissions for specific API operations and resourcesgroup
user
UpdateAccessKeyGrants permission to update the status of the specified access key as Active or Inactiveuser
UpdateOpenIDConnectProviderThumbprintGrants permission to update the entire list of server certificate thumbprints that are associated with an OpenID Connect (OIDC) provider resourceoidc-provider

S3

ActionDescriptionResource typesCondition keys
AbortMultipartUploadGrants permission to abort a multipart uploadobject
CreateBucketGrants permission to create a new bucketbucket
DeleteBucketGrants permission to delete the bucket named in the URIbucket
DeleteObjectGrants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the objectobject
DeleteObjectVersionGrants permission to remove a specific version of an objectobject
GetBucketLocationGrants permission to return the Region that an Amazon S3 bucket resides inbucket
GetBucketVersioningGrants permission to return the versioning state of an Amazon S3 bucketbucket
GetObjectGrants permission to retrieve objects from Amazon S3object
GetObjectVersionGrants permission to retrieve a specific version of an objectobject
ListAllMyBucketsGrants permission to list all buckets owned by the authenticated sender of the request
ListBucketGrants permission to list some or all of the objects in an Amazon S3 bucket (up to 1000)bucket
ListBucketMultipartUploadsGrants permission to list in-progress multipart uploadsbucket
ListBucketVersionsGrants permission to list metadata about all the versions of objects in an Amazon S3 bucketbucket
ListMultipartUploadPartsGrants permission to list the parts that have been uploaded for a specific multipart uploadobject
PutBucketVersioningGrants permission to set the versioning state of an existing Amazon S3 bucketbucket
PutObjectGrants permission to add an object to a bucketobject

STS

ActionDescriptionResource typesCondition keys
AssumeRoleWithWebIdentityGrants permission to obtain a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity providerrole
LoginWithWebIdentityGrants permission to obtain a set of temporary security credentials for users who have been authenticated using the Astran builtin identity provideruser
TagSessionGrants permission to add tags to a STS sessionuser