Menu
AWS Identity and Access Management
User Guide

Service Actions Included in the Permissions management Access Level

You can use the actions below to grant or modify permissions for AWS resources and IAM principals. If an AWS service does not appear on this page then that service does not have any actions in the Permissions management category.

Auto Scaling

These are the Permissions management actions for Auto Scaling.

  • autoscaling:DeletePolicy

  • autoscaling:ExecutePolicy

  • autoscaling:PutScalingPolicy

AWS Certificate Manager

These are the Permissions management actions for AWS Certificate Manager.

  • acm:DeleteCertificate

  • acm:ResendValidationEmail

AWS CloudFormation

These are the Permissions management actions for AWS CloudFormation.

  • cloudformation:SetStackPolicy

Amazon CloudSearch

These are the Permissions management actions for Amazon CloudSearch.

  • cloudsearch:UpdateServiceAccessPolicies

AWS CodeStar

These are the Permissions management actions for AWS CodeStar.

  • codestar:AssociateTeamMember

  • codestar:CreateProject

  • codestar:DeleteProject

  • codestar:DisassociateTeamMember

  • codestar:UpdateTeamMember

Amazon Glacier

These are the Permissions management actions for Amazon Glacier.

  • glacier:AbortVaultLock

  • glacier:CompleteVaultLock

  • glacier:DeleteVaultAccessPolicy

  • glacier:InitiateVaultLock

  • glacier:SetDataRetrievalPolicy

  • glacier:SetVaultAccessPolicy

Identity And Access Management

These are the Permissions management actions for Identity And Access Management.

  • iam:AttachGroupPolicy

  • iam:AttachRolePolicy

  • iam:AttachUserPolicy

  • iam:CreatePolicy

  • iam:CreatePolicyVersion

  • iam:DeleteAccountPasswordPolicy

  • iam:DeleteGroupPolicy

  • iam:DeletePolicy

  • iam:DeletePolicyVersion

  • iam:DeleteRolePolicy

  • iam:DeleteUserPolicy

  • iam:DetachGroupPolicy

  • iam:DetachRolePolicy

  • iam:DetachUserPolicy

  • iam:PutGroupPolicy

  • iam:PutRolePolicy

  • iam:PutUserPolicy

  • iam:SetDefaultPolicyVersion

  • iam:UpdateAssumeRolePolicy

AWS IoT

These are the Permissions management actions for AWS IoT.

  • iot:AttachPrincipalPolicy

  • iot:CreatePolicy

  • iot:CreatePolicyVersion

  • iot:DeletePolicy

  • iot:DeletePolicyVersion

  • iot:DetachPrincipalPolicy

  • iot:SetDefaultPolicyVersion

AWS Key Management Service

These are the Permissions management actions for AWS Key Management Service.

  • kms:CreateGrant

  • kms:CreateKey

  • kms:PutKeyPolicy

  • kms:RetireGrant

  • kms:RevokeGrant

AWS Lambda

These are the Permissions management actions for AWS Lambda.

  • lambda:AddPermission

  • lambda:EnableReplication

  • lambda:RemovePermission

AWS OpsWorks

These are the Permissions management actions for AWS OpsWorks.

  • opsworks:SetPermission

  • opsworks:UpdateUserProfile

Amazon RDS

These are the Permissions management actions for Amazon RDS.

  • rds:AuthorizeDBSecurityGroupIngress

Amazon Redshift

These are the Permissions management actions for Amazon Redshift.

  • redshift:AuthorizeCluster

  • redshift:AuthorizeSnapshotAccess

  • redshift:CreateClusterUser

  • redshift:CreateSnapshotCopyGrant

  • redshift:JoinGroup

  • redshift:ModifyClusterIamRoles

  • redshift:RevokeClusterSecurityGroupIngress

  • redshift:RevokeSnapshotAccess

  • redshift:RotateEncryptionKey

Amazon S3

These are the Permissions management actions for Amazon S3.

  • s3:DeleteBucketPolicy

  • s3:ObjectOwnerOverrideToBucketOwner

  • s3:PutBucketAcl

  • s3:PutBucketPolicy

  • s3:PutObjectAcl

  • s3:PutObjectVersionAcl

Amazon SNS

These are the Permissions management actions for Amazon SNS.

  • sns:AddPermission

  • sns:RemovePermission

Amazon SQS

These are the Permissions management actions for Amazon SQS.

  • sqs:AddPermission

  • sqs:RemovePermission

AWS Service Catalog

These are the Permissions management actions for AWS Service Catalog.

  • servicecatalog:CreatePortfolioShare

  • servicecatalog:DeletePortfolioShare

AWS WAF

These are the Permissions management actions for AWS WAF.

  • waf:CreateWebACL

  • waf:DeleteWebACL

  • waf:UpdateWebACL

AWS WAF Regional

These are the Permissions management actions for AWS WAF Regional.

  • waf-regional:CreateWebACL

  • waf-regional:DeleteWebACL

  • waf-regional:UpdateWebACL