Menu
AWS Identity and Access Management
User Guide

Service Summary (List of Actions)

When you view a policy summary in the IAM console, you see a summary of the access level, resources, and conditions allowed or denied for each service within a policy. For each service listed in the policy summary, you can view a service summary. The service summary includes a list of actions and the permissions that are defined for each action within the chosen service. To view a list of actions that belong to each of the action levels for a specific service, see AWS IAM Policy Actions Grouped by Access Level. To see a complete list of actions for a specific service, see AWS Service Actions and Condition Context Keys for Use in IAM Policies.

You can view the service summary for managed policies on the Policies page, or view service summaries for policies attached to a user through the Users page.

To view the service summary for a managed policy

  1. Open the summary for a managed policy as explained in Policy Summary (List of Services).

  2. In the policy summary list of services, choose the name of the service that you want to view.

To view the service summary for a policy attached to a user

  1. Open the summary for a policy attached to a user as explained in Policy Summary (List of Services).

  2. In the policy summary list of services, choose the name of the service that you want to view.

    Note

    If the policy that you select is an inline policy that is attached directly to the user, then the service summary table appears. The table is grouped by the access level of each defined action. If the policy is an inline policy attached from a group, then you are taken to the JSON policy document for that group. If the policy is a managed policy, then you are taken to the service summary for that policy on the Policies page.

The example below is the service summary for Amazon S3 that is allowed from the SummaryAllElements policy summary (see Understanding the Elements of a Policy Summary). For this service, the policy defines five actions. The actions are grouped by access level. For example, two Write actions are defined out of the total 21 Write actions available for the service.


      Service summary dialog image

The service summary table section includes the following information:

  1. Next to the Back link appears the name of the service (in this case S3). The service summary for this service includes the list of allowed actions that are defined in the policy. If instead, the text (Explicitly denied) appears next to the name of a service, then the actions listed in the service summary table are explicitly denied.

  2. Choose JSON to see additional details about the policy, such as viewing the multiple conditions that are applied to the actions. (If you are viewing the service summary for an inline policy that is attached directly to a user, you must close the service summary dialog box and return to the policy summary to access the JSON policy document.)

  3. To view the summary for a specific action, type keywords into the search box to reduce the list of available actions.

  4. Action – This column lists the actions that are defined within the policy and provides the resources and conditions for each action.

  5. The table groups actions into at least one or up to four sections, depending on the level of access (List, Read, Write, and Permissions management) that the policy allows or denies. You can also see the number of actions that are defined out of the total number of actions available within each access level. For information about which actions belong to each of the action levels for AWS services, see AWS IAM Policy Actions Grouped by Access Level. To see a complete list of actions for a specific service, see AWS Service Actions and Condition Context Keys for Use in IAM Policies.

  6. Resource – This column shows the resources that the policy defines for each action. In this example, all actions are allowed on only the arn:aws:s3:::developer_bucket/* Amazon S3 resource.

  7. Request condition – This column tells whether the actions associated with the resource are subject to conditions. This example has multiple request conditions. To learn more about those conditions, click JSON to review the JSON policy document.