Menu
AWS Identity and Access Management
User Guide

Service Actions Included in the Write Access Level

You can use the actions below to create, modify, or delete AWS resources.

Amazon API Gateway

These are the Write actions for Amazon API Gateway.

  • execute-api:InvalidateCache

  • execute-api:Invoke

Amazon AWS Cloud Contact Center

These are the Write actions for Amazon AWS Cloud Contact Center.

  • connect:CreateInstance

  • connect:DestroyInstance

  • connect:ModifyInstance

Amazon AppStream

These are the Write actions for Amazon AppStream.

  • appstream:AssociateFleet

  • appstream:CreateFleet

  • appstream:CreateStack

  • appstream:CreateStreamingURL

  • appstream:DeleteFleet

  • appstream:DeleteStack

  • appstream:DisassociateFleet

  • appstream:ExpireSession

  • appstream:StartFleet

  • appstream:StopFleet

  • appstream:UpdateFleet

  • appstream:UpdateStack

Application Auto Scaling

These are the Write actions for Application Auto Scaling.

  • application-autoscaling:DeleteScalingPolicy

  • application-autoscaling:DeregisterScalableTarget

  • application-autoscaling:PutScalingPolicy

  • application-autoscaling:RegisterScalableTarget

Auto Scaling

These are the Write actions for Auto Scaling.

  • autoscaling:AttachInstances

  • autoscaling:AttachLoadBalancerTargetGroups

  • autoscaling:AttachLoadBalancers

  • autoscaling:CompleteLifecycleAction

  • autoscaling:CreateAutoScalingGroup

  • autoscaling:CreateLaunchConfiguration

  • autoscaling:CreateOrUpdateTags

  • autoscaling:DeleteAutoScalingGroup

  • autoscaling:DeleteLaunchConfiguration

  • autoscaling:DeleteLifecycleHook

  • autoscaling:DeleteNotificationConfiguration

  • autoscaling:DeleteScheduledAction

  • autoscaling:DeleteTags

  • autoscaling:DetachInstances

  • autoscaling:DetachLoadBalancers

  • autoscaling:DisableMetricsCollection

  • autoscaling:EnableMetricsCollection

  • autoscaling:EnterStandby

  • autoscaling:ExitStandby

  • autoscaling:PutLifecycleHook

  • autoscaling:PutNotificationConfiguration

  • autoscaling:PutScheduledUpdateGroupAction

  • autoscaling:RecordLifecycleActionHeartbeat

  • autoscaling:ResumeProcesses

  • autoscaling:SetDesiredCapacity

  • autoscaling:SetInstanceHealth

  • autoscaling:SetInstanceProtection

  • autoscaling:SuspendProcesses

  • autoscaling:TerminateInstanceInAutoScalingGroup

  • autoscaling:UpdateAutoScalingGroup

AWS Batch

These are the Write actions for AWS Batch.

  • batch:CancelJob

  • batch:CreateComputeEnvironment

  • batch:CreateJobQueue

  • batch:DeleteComputeEnvironment

  • batch:DeleteJobQueue

  • batch:DeregisterJobDefinition

  • batch:RegisterJobDefinition

  • batch:SubmitJob

  • batch:TerminateJob

  • batch:UpdateComputeEnvironment

  • batch:UpdateJobQueue

AWS Billing

These are the Write actions for AWS Billing.

  • aws-portal:ModifyAccount

  • aws-portal:ModifyBilling

  • aws-portal:ModifyPaymentMethods

AWS Budget Service

These are the Write actions for AWS Budget Service.

  • budgets:ModifyBudget

AWS Certificate Manager

These are the Write actions for AWS Certificate Manager.

  • acm:AddTagsToCertificate

  • acm:ImportCertificate

  • acm:RemoveTagsFromCertificate

  • acm:RequestCertificate

Amazon Cloud Directory

These are the Write actions for Amazon Cloud Directory.

  • clouddirectory:AddFacetToObject

  • clouddirectory:ApplySchema

  • clouddirectory:AttachObject

  • clouddirectory:AttachPolicy

  • clouddirectory:AttachToIndex

  • clouddirectory:BatchWrite

  • clouddirectory:CreateDirectory

  • clouddirectory:CreateFacet

  • clouddirectory:CreateIndex

  • clouddirectory:CreateObject

  • clouddirectory:CreateSchema

  • clouddirectory:DeleteDirectory

  • clouddirectory:DeleteFacet

  • clouddirectory:DeleteObject

  • clouddirectory:DeleteSchema

  • clouddirectory:DetachFromIndex

  • clouddirectory:DetachObject

  • clouddirectory:DetachPolicy

  • clouddirectory:DisableDirectory

  • clouddirectory:EnableDirectory

  • clouddirectory:PublishSchema

  • clouddirectory:PutSchemaFromJson

  • clouddirectory:RemoveFacetFromObject

  • clouddirectory:TagResource

  • clouddirectory:UntagResource

  • clouddirectory:UpdateFacet

  • clouddirectory:UpdateObjectAttributes

  • clouddirectory:UpdateSchema

AWS CloudFormation

These are the Write actions for AWS CloudFormation.

  • cloudformation:CancelUpdateStack

  • cloudformation:ContinueUpdateRollback

  • cloudformation:CreateChangeSet

  • cloudformation:CreateStack

  • cloudformation:CreateUploadBucket

  • cloudformation:DeleteChangeSet

  • cloudformation:DeleteStack

  • cloudformation:ExecuteChangeSet

  • cloudformation:SignalResource

  • cloudformation:UpdateStack

  • cloudformation:ValidateTemplate

Amazon CloudFront

These are the Write actions for Amazon CloudFront.

  • cloudfront:CreateCloudFrontOriginAccessIdentity

  • cloudfront:CreateDistribution

  • cloudfront:CreateDistributionWithTags

  • cloudfront:CreateInvalidation

  • cloudfront:CreateStreamingDistribution

  • cloudfront:CreateStreamingDistributionWithTags

  • cloudfront:DeleteCloudFrontOriginAccessIdentity

  • cloudfront:DeleteDistribution

  • cloudfront:DeleteStreamingDistribution

  • cloudfront:TagResource

  • cloudfront:UntagResource

  • cloudfront:UpdateCloudFrontOriginAccessIdentity

  • cloudfront:UpdateDistribution

  • cloudfront:UpdateStreamingDistribution

AWS CloudHSM

These are the Write actions for AWS CloudHSM.

  • cloudhsm:AddTagsToResource

  • cloudhsm:CreateHapg

  • cloudhsm:CreateHsm

  • cloudhsm:CreateLunaClient

  • cloudhsm:DeleteHapg

  • cloudhsm:DeleteHsm

  • cloudhsm:DeleteLunaClient

  • cloudhsm:ModifyHapg

  • cloudhsm:ModifyHsm

  • cloudhsm:ModifyLunaClient

  • cloudhsm:RemoveTagsFromResource

Amazon CloudSearch

These are the Write actions for Amazon CloudSearch.

  • cloudsearch:AddTags

  • cloudsearch:BuildSuggesters

  • cloudsearch:CreateDomain

  • cloudsearch:DefineAnalysisScheme

  • cloudsearch:DefineExpression

  • cloudsearch:DefineIndexField

  • cloudsearch:DefineSuggester

  • cloudsearch:DeleteAnalysisScheme

  • cloudsearch:DeleteDomain

  • cloudsearch:DeleteExpression

  • cloudsearch:DeleteIndexField

  • cloudsearch:DeleteSuggester

  • cloudsearch:IndexDocuments

  • cloudsearch:RemoveTags

  • cloudsearch:UpdateAvailabilityOptions

  • cloudsearch:UpdateScalingParameters

  • cloudsearch:document

AWS CloudTrail

These are the Write actions for AWS CloudTrail.

  • cloudtrail:AddTags

  • cloudtrail:CreateTrail

  • cloudtrail:DeleteTrail

  • cloudtrail:PutEventSelectors

  • cloudtrail:RemoveTags

  • cloudtrail:StartLogging

  • cloudtrail:StopLogging

  • cloudtrail:UpdateTrail

Amazon CloudWatch

These are the Write actions for Amazon CloudWatch.

  • cloudwatch:DeleteAlarms

  • cloudwatch:DisableAlarmActions

  • cloudwatch:EnableAlarmActions

  • cloudwatch:PutMetricAlarm

  • cloudwatch:PutMetricData

  • cloudwatch:SetAlarmState

Amazon CloudWatch Events

These are the Write actions for Amazon CloudWatch Events.

  • events:DeleteRule

  • events:DisableRule

  • events:EnableRule

  • events:PutEvents

  • events:PutRule

  • events:PutTargets

  • events:RemoveTargets

Amazon CloudWatch Logs

These are the Write actions for Amazon CloudWatch Logs.

  • logs:CancelExportTask

  • logs:CreateExportTask

  • logs:CreateLogGroup

  • logs:CreateLogStream

  • logs:DeleteDestination

  • logs:DeleteLogGroup

  • logs:DeleteLogStream

  • logs:DeleteMetricFilter

  • logs:DeleteRetentionPolicy

  • logs:DeleteSubscriptionFilter

  • logs:PutDestination

  • logs:PutDestinationPolicy

  • logs:PutLogEvents

  • logs:PutMetricFilter

  • logs:PutRetentionPolicy

  • logs:PutSubscriptionFilter

AWS CodeBuild

These are the Write actions for AWS CodeBuild.

  • codebuild:CreateProject

  • codebuild:DeleteProject

  • codebuild:PersistOAuthToken

  • codebuild:StartBuild

  • codebuild:StopBuild

  • codebuild:UpdateProject

AWS CodeCommit

These are the Write actions for AWS CodeCommit.

  • codecommit:CreateBranch

  • codecommit:CreateRepository

  • codecommit:DeleteRepository

  • codecommit:GitPush

  • codecommit:PutRepositoryTriggers

  • codecommit:TestRepositoryTriggers

  • codecommit:UpdateDefaultBranch

  • codecommit:UpdateRepositoryDescription

  • codecommit:UpdateRepositoryName

AWS CodeDeploy

These are the Write actions for AWS CodeDeploy.

  • codedeploy:AddTagsToOnPremisesInstances

  • codedeploy:ContinueDeployment

  • codedeploy:CreateApplication

  • codedeploy:CreateDeployment

  • codedeploy:CreateDeploymentConfig

  • codedeploy:CreateDeploymentGroup

  • codedeploy:DeleteApplication

  • codedeploy:DeleteDeploymentConfig

  • codedeploy:DeleteDeploymentGroup

  • codedeploy:DeregisterOnPremisesInstance

  • codedeploy:RegisterApplicationRevision

  • codedeploy:RegisterOnPremisesInstance

  • codedeploy:RemoveTagsFromOnPremisesInstances

  • codedeploy:StopDeployment

  • codedeploy:UpdateApplication

  • codedeploy:UpdateDeploymentGroup

AWS CodePipeline

These are the Write actions for AWS CodePipeline.

  • codepipeline:AcknowledgeJob

  • codepipeline:AcknowledgeThirdPartyJob

  • codepipeline:CreateCustomActionType

  • codepipeline:CreatePipeline

  • codepipeline:DeleteCustomActionType

  • codepipeline:DeletePipeline

  • codepipeline:DisableStageTransition

  • codepipeline:EnableStageTransition

  • codepipeline:PollForJobs

  • codepipeline:PollForThirdPartyJobs

  • codepipeline:PutActionRevision

  • codepipeline:PutApprovalResult

  • codepipeline:PutJobFailureResult

  • codepipeline:PutJobSuccessResult

  • codepipeline:PutThirdPartyJobFailureResult

  • codepipeline:PutThirdPartyJobSuccessResult

  • codepipeline:RetryStageExecution

  • codepipeline:StartPipelineExecution

  • codepipeline:UpdatePipeline

Amazon Cognito Identity

These are the Write actions for Amazon Cognito Identity.

  • cognito-identity:CreateIdentityPool

  • cognito-identity:DeleteIdentities

  • cognito-identity:DeleteIdentityPool

  • cognito-identity:GetId

  • cognito-identity:MergeDeveloperIdentities

  • cognito-identity:SetIdentityPoolRoles

  • cognito-identity:UnlinkDeveloperIdentity

  • cognito-identity:UnlinkIdentity

  • cognito-identity:UpdateIdentityPool

Amazon Cognito Sync

These are the Write actions for Amazon Cognito Sync.

  • cognito-sync:BulkPublish

  • cognito-sync:DeleteDataset

  • cognito-sync:RegisterDevice

  • cognito-sync:SetCognitoEvents

  • cognito-sync:SetDatasetConfiguration

  • cognito-sync:SetIdentityPoolConfiguration

  • cognito-sync:SubscribeToDataset

  • cognito-sync:UnsubscribeFromDataset

  • cognito-sync:UpdateRecords

AWS Config

These are the Write actions for AWS Config.

  • config:DeleteConfigRule

  • config:DeleteConfigurationRecorder

  • config:DeleteDeliveryChannel

  • config:DeleteEvaluationResults

  • config:PutConfigRule

  • config:PutConfigurationRecorder

  • config:PutDeliveryChannel

  • config:PutEvaluations

  • config:StartConfigRulesEvaluation

  • config:StartConfigurationRecorder

  • config:StopConfigurationRecorder

AWS Cost and Usage Report

These are the Write actions for AWS Cost and Usage Report.

  • cur:DeleteReportDefinition

  • cur:PutReportDefinition

Data Pipeline

These are the Write actions for Data Pipeline.

  • datapipeline:ActivatePipeline

  • datapipeline:AddTags

  • datapipeline:CreatePipeline

  • datapipeline:DeactivatePipeline

  • datapipeline:DeletePipeline

  • datapipeline:PollForTask

  • datapipeline:PutAccountLimits

  • datapipeline:PutPipelineDefinition

  • datapipeline:RemoveTags

  • datapipeline:ReportTaskProgress

  • datapipeline:ReportTaskRunnerHeartbeat

  • datapipeline:SetStatus

  • datapipeline:SetTaskStatus

AWS Database Migration Service

These are the Write actions for AWS Database Migration Service.

  • dms:AddTagsToResource

  • dms:CreateEndpoint

  • dms:CreateReplicationInstance

  • dms:CreateReplicationSubnetGroup

  • dms:CreateReplicationTask

  • dms:DeleteEndpoint

  • dms:DeleteEventSubscription

  • dms:DeleteReplicationInstance

  • dms:DeleteReplicationSubnetGroup

  • dms:DeleteReplicationTask

  • dms:ModifyEndpoint

  • dms:ModifyEventSubscription

  • dms:ModifyReplicationInstance

  • dms:ModifyReplicationSubnetGroup

  • dms:ModifyReplicationTask

  • dms:RefreshSchemas

  • dms:RemoveTagsFromResource

  • dms:StartReplicationTask

  • dms:StopReplicationTask

AWS Device Farm

These are the Write actions for AWS Device Farm.

  • devicefarm:CreateDevicePool

  • devicefarm:CreateNetworkProfile

  • devicefarm:CreateProject

  • devicefarm:CreateRemoteAccessSession

  • devicefarm:CreateUpload

  • devicefarm:DeleteDevicePool

  • devicefarm:DeleteNetworkProfile

  • devicefarm:DeleteProject

  • devicefarm:DeleteRemoteAccessSession

  • devicefarm:DeleteRun

  • devicefarm:DeleteUpload

  • devicefarm:InstallToRemoteAccessSession

  • devicefarm:PurchaseOffering

  • devicefarm:RenewOffering

  • devicefarm:ScheduleRun

  • devicefarm:StopRemoteAccessSession

  • devicefarm:StopRun

  • devicefarm:UpdateDevicePool

  • devicefarm:UpdateNetworkProfile

  • devicefarm:UpdateProject

AWS Direct Connect

These are the Write actions for AWS Direct Connect.

  • directconnect:AllocateConnectionOnInterconnect

  • directconnect:AllocatePrivateVirtualInterface

  • directconnect:AllocatePublicVirtualInterface

  • directconnect:CreateConnection

  • directconnect:CreateInterconnect

  • directconnect:CreatePrivateVirtualInterface

  • directconnect:CreatePublicVirtualInterface

  • directconnect:DeleteConnection

  • directconnect:DeleteInterconnect

  • directconnect:DeleteVirtualInterface

AWS Directory Service

These are the Write actions for AWS Directory Service.

  • ds:AddIpRoutes

  • ds:AddTagsToResource

  • ds:CancelSchemaExtension

  • ds:ConnectDirectory

  • ds:CreateAlias

  • ds:CreateComputer

  • ds:CreateConditionalForwarder

  • ds:CreateDirectory

  • ds:CreateMicrosoftAD

  • ds:CreateSnapshot

  • ds:CreateTrust

  • ds:DeleteConditionalForwarder

  • ds:DeleteDirectory

  • ds:DeleteSnapshot

  • ds:DeleteTrust

  • ds:DeregisterEventTopic

  • ds:DisableRadius

  • ds:DisableSso

  • ds:EnableRadius

  • ds:EnableSso

  • ds:RegisterEventTopic

  • ds:RemoveIpRoutes

  • ds:RemoveTagsFromResource

  • ds:RestoreFromSnapshot

  • ds:StartSchemaExtension

  • ds:UpdateConditionalForwarder

  • ds:UpdateRadius

Amazon DynamoDB

These are the Write actions for Amazon DynamoDB.

  • dynamodb:BatchWriteItem

  • dynamodb:CreateTable

  • dynamodb:DeleteItem

  • dynamodb:DeleteTable

  • dynamodb:PurchaseReservedCapacityOfferings

  • dynamodb:PutItem

  • dynamodb:TagResource

  • dynamodb:UntagResource

  • dynamodb:UpdateItem

  • dynamodb:UpdateTable

Amazon EC2

These are the Write actions for Amazon EC2.

  • ec2:AcceptReservedInstancesExchangeQuote

  • ec2:AcceptVpcPeeringConnection

  • ec2:AllocateAddress

  • ec2:AllocateHosts

  • ec2:AssignPrivateIpAddresses

  • ec2:AssociateAddress

  • ec2:AssociateDhcpOptions

  • ec2:AssociateFpgaImage

  • ec2:AssociateIamInstanceProfile

  • ec2:AssociateRouteTable

  • ec2:AttachClassicLinkVpc

  • ec2:AttachInternetGateway

  • ec2:AttachNetworkInterface

  • ec2:AttachVolume

  • ec2:AttachVpnGateway

  • ec2:AuthorizeSecurityGroupEgress

  • ec2:AuthorizeSecurityGroupIngress

  • ec2:BundleInstance

  • ec2:CancelBundleTask

  • ec2:CancelConversionTask

  • ec2:CancelExportTask

  • ec2:CancelImportTask

  • ec2:CancelReservedInstancesListing

  • ec2:CancelSpotFleetRequests

  • ec2:CancelSpotInstanceRequests

  • ec2:ConfirmProductInstance

  • ec2:CopyImage

  • ec2:CopySnapshot

  • ec2:CreateCustomerGateway

  • ec2:CreateDhcpOptions

  • ec2:CreateFlowLogs

  • ec2:CreateImage

  • ec2:CreateInstanceExportTask

  • ec2:CreateInternetGateway

  • ec2:CreateKeyPair

  • ec2:CreateNatGateway

  • ec2:CreateNetworkAcl

  • ec2:CreateNetworkAclEntry

  • ec2:CreateNetworkInterface

  • ec2:CreatePlacementGroup

  • ec2:CreateReservedInstancesListing

  • ec2:CreateRoute

  • ec2:CreateRouteTable

  • ec2:CreateSecurityGroup

  • ec2:CreateSnapshot

  • ec2:CreateSpotDatafeedSubscription

  • ec2:CreateSubnet

  • ec2:CreateTags

  • ec2:CreateVolume

  • ec2:CreateVpc

  • ec2:CreateVpcEndpoint

  • ec2:CreateVpcPeeringConnection

  • ec2:CreateVpnConnection

  • ec2:CreateVpnConnectionRoute

  • ec2:CreateVpnGateway

  • ec2:DeleteCustomerGateway

  • ec2:DeleteDhcpOptions

  • ec2:DeleteFlowLogs

  • ec2:DeleteInternetGateway

  • ec2:DeleteKeyPair

  • ec2:DeleteNatGateway

  • ec2:DeleteNetworkAcl

  • ec2:DeleteNetworkAclEntry

  • ec2:DeleteNetworkInterface

  • ec2:DeletePlacementGroup

  • ec2:DeleteRoute

  • ec2:DeleteRouteTable

  • ec2:DeleteSecurityGroup

  • ec2:DeleteSnapshot

  • ec2:DeleteSpotDatafeedSubscription

  • ec2:DeleteSubnet

  • ec2:DeleteTags

  • ec2:DeleteVolume

  • ec2:DeleteVpc

  • ec2:DeleteVpcEndpoints

  • ec2:DeleteVpcPeeringConnection

  • ec2:DeleteVpnConnection

  • ec2:DeleteVpnConnectionRoute

  • ec2:DeleteVpnGateway

  • ec2:DeregisterImage

  • ec2:DetachClassicLinkVpc

  • ec2:DetachInternetGateway

  • ec2:DetachNetworkInterface

  • ec2:DetachVolume

  • ec2:DetachVpnGateway

  • ec2:DisableVgwRoutePropagation

  • ec2:DisableVpcClassicLink

  • ec2:DisableVpcClassicLinkDnsSupport

  • ec2:DisassociateAddress

  • ec2:DisassociateFpgaImage

  • ec2:DisassociateIamInstanceProfile

  • ec2:DisassociateRouteTable

  • ec2:EnableVgwRoutePropagation

  • ec2:EnableVolumeIO

  • ec2:EnableVpcClassicLink

  • ec2:EnableVpcClassicLinkDnsSupport

  • ec2:ImportImage

  • ec2:ImportInstance

  • ec2:ImportKeyPair

  • ec2:ImportSnapshot

  • ec2:ImportVolume

  • ec2:ModifyHosts

  • ec2:ModifyIdFormat

  • ec2:ModifyIdentityIdFormat

  • ec2:ModifyImageAttribute

  • ec2:ModifyInstanceAttribute

  • ec2:ModifyInstancePlacement

  • ec2:ModifyNetworkInterfaceAttribute

  • ec2:ModifyReservedInstances

  • ec2:ModifySnapshotAttribute

  • ec2:ModifySpotFleetRequest

  • ec2:ModifySubnetAttribute

  • ec2:ModifyVolume

  • ec2:ModifyVolumeAttribute

  • ec2:ModifyVpcAttribute

  • ec2:ModifyVpcEndpoint

  • ec2:ModifyVpcPeeringConnectionOptions

  • ec2:MonitorInstances

  • ec2:MoveAddressToVpc

  • ec2:PurchaseHostReservation

  • ec2:PurchaseReservedInstancesOffering

  • ec2:PurchaseScheduledInstances

  • ec2:RebootInstances

  • ec2:RegisterImage

  • ec2:RejectVpcPeeringConnection

  • ec2:ReleaseAddress

  • ec2:ReleaseHosts

  • ec2:ReplaceIamInstanceProfileAssociation

  • ec2:ReplaceNetworkAclAssociation

  • ec2:ReplaceNetworkAclEntry

  • ec2:ReplaceRoute

  • ec2:ReplaceRouteTableAssociation

  • ec2:ReportInstanceStatus

  • ec2:RequestSpotFleet

  • ec2:RequestSpotInstances

  • ec2:ResetImageAttribute

  • ec2:ResetInstanceAttribute

  • ec2:ResetNetworkInterfaceAttribute

  • ec2:ResetSnapshotAttribute

  • ec2:RestoreAddressToClassic

  • ec2:RevokeSecurityGroupEgress

  • ec2:RevokeSecurityGroupIngress

  • ec2:RunInstances

  • ec2:RunScheduledInstances

  • ec2:StartInstances

  • ec2:StopInstances

  • ec2:TerminateInstances

  • ec2:UnassignPrivateIpAddresses

  • ec2:UnmonitorInstances

Amazon EC2 Container Registry

These are the Write actions for Amazon EC2 Container Registry.

  • ecr:BatchDeleteImage

  • ecr:CompleteLayerUpload

  • ecr:CreateRepository

  • ecr:DeleteRepository

  • ecr:DeleteRepositoryPolicy

  • ecr:InitiateLayerUpload

  • ecr:PutImage

  • ecr:SetRepositoryPolicy

  • ecr:UploadLayerPart

Amazon EC2 Container Service

These are the Write actions for Amazon EC2 Container Service.

  • ecs:CreateCluster

  • ecs:CreateService

  • ecs:DeleteCluster

  • ecs:DeleteService

  • ecs:DeregisterContainerInstance

  • ecs:DeregisterTaskDefinition

  • ecs:DiscoverPollEndpoint

  • ecs:Poll

  • ecs:RegisterContainerInstance

  • ecs:RegisterTaskDefinition

  • ecs:RunTask

  • ecs:StartTask

  • ecs:StartTelemetrySession

  • ecs:StopTask

  • ecs:SubmitContainerStateChange

  • ecs:SubmitTaskStateChange

  • ecs:UpdateContainerAgent

  • ecs:UpdateService

Amazon ElastiCache

These are the Write actions for Amazon ElastiCache.

  • elasticache:AddTagsToResource

  • elasticache:AuthorizeCacheSecurityGroupIngress

  • elasticache:CopySnapshot

  • elasticache:CreateCacheCluster

  • elasticache:CreateCacheParameterGroup

  • elasticache:CreateCacheSecurityGroup

  • elasticache:CreateCacheSubnetGroup

  • elasticache:CreateReplicationGroup

  • elasticache:CreateSnapshot

  • elasticache:DeleteCacheCluster

  • elasticache:DeleteCacheParameterGroup

  • elasticache:DeleteCacheSecurityGroup

  • elasticache:DeleteCacheSubnetGroup

  • elasticache:DeleteReplicationGroup

  • elasticache:DeleteSnapshot

  • elasticache:ModifyCacheCluster

  • elasticache:ModifyCacheParameterGroup

  • elasticache:ModifyCacheSubnetGroup

  • elasticache:ModifyReplicationGroup

  • elasticache:PurchaseReservedCacheNodesOffering

  • elasticache:RebootCacheCluster

  • elasticache:RemoveTagsFromResource

  • elasticache:ResetCacheParameterGroup

  • elasticache:RevokeCacheSecurityGroupIngress

AWS Elastic Beanstalk

These are the Write actions for AWS Elastic Beanstalk.

  • elasticbeanstalk:AbortEnvironmentUpdate

  • elasticbeanstalk:ApplyEnvironmentManagedAction

  • elasticbeanstalk:ComposeEnvironments

  • elasticbeanstalk:CreateApplication

  • elasticbeanstalk:CreateApplicationVersion

  • elasticbeanstalk:CreateConfigurationTemplate

  • elasticbeanstalk:CreateEnvironment

  • elasticbeanstalk:CreatePlatformVersion

  • elasticbeanstalk:CreateStorageLocation

  • elasticbeanstalk:DeleteApplication

  • elasticbeanstalk:DeleteApplicationVersion

  • elasticbeanstalk:DeleteConfigurationTemplate

  • elasticbeanstalk:DeleteEnvironmentConfiguration

  • elasticbeanstalk:DeletePlatformVersion

  • elasticbeanstalk:RebuildEnvironment

  • elasticbeanstalk:RestartAppServer

  • elasticbeanstalk:SwapEnvironmentCNAMEs

  • elasticbeanstalk:TerminateEnvironment

  • elasticbeanstalk:UpdateApplication

  • elasticbeanstalk:UpdateApplicationResourceLifecycle

  • elasticbeanstalk:UpdateApplicationVersion

  • elasticbeanstalk:UpdateConfigurationTemplate

  • elasticbeanstalk:UpdateEnvironment

Amazon Elastic File System

These are the Write actions for Amazon Elastic File System.

  • elasticfilesystem:CreateFileSystem

  • elasticfilesystem:CreateMountTarget

  • elasticfilesystem:CreateTags

  • elasticfilesystem:DeleteFileSystem

  • elasticfilesystem:DeleteMountTarget

  • elasticfilesystem:DeleteTags

  • elasticfilesystem:ModifyMountTargetSecurityGroups

Elastic Load Balancing V2

These are the Write actions for Elastic Load Balancing V2.

  • elasticloadbalancing:AddTags

  • elasticloadbalancing:CreateListener

  • elasticloadbalancing:CreateLoadBalancer

  • elasticloadbalancing:CreateRule

  • elasticloadbalancing:CreateTargetGroup

  • elasticloadbalancing:DeleteListener

  • elasticloadbalancing:DeleteLoadBalancer

  • elasticloadbalancing:DeleteRule

  • elasticloadbalancing:DeleteTargetGroup

  • elasticloadbalancing:DeregisterTargets

  • elasticloadbalancing:ModifyListener

  • elasticloadbalancing:ModifyLoadBalancerAttributes

  • elasticloadbalancing:ModifyRule

  • elasticloadbalancing:ModifyTargetGroup

  • elasticloadbalancing:ModifyTargetGroupAttributes

  • elasticloadbalancing:RegisterTargets

  • elasticloadbalancing:RemoveTags

  • elasticloadbalancing:SetIpAddressType

  • elasticloadbalancing:SetRulePriorities

  • elasticloadbalancing:SetSecurityGroups

  • elasticloadbalancing:SetSubnets

Amazon Elastic MapReduce

These are the Write actions for Amazon Elastic MapReduce.

  • elasticmapreduce:AddInstanceGroups

  • elasticmapreduce:AddJobFlowSteps

  • elasticmapreduce:AddTags

  • elasticmapreduce:CancelSteps

  • elasticmapreduce:CreateSecurityConfiguration

  • elasticmapreduce:DeleteSecurityConfiguration

  • elasticmapreduce:ModifyInstanceGroups

  • elasticmapreduce:PutAutoScalingPolicy

  • elasticmapreduce:RemoveAutoScalingPolicy

  • elasticmapreduce:RemoveTags

  • elasticmapreduce:RunJobFlow

  • elasticmapreduce:SetTerminationProtection

  • elasticmapreduce:SetVisibleToAllUsers

  • elasticmapreduce:TerminateJobFlows

Amazon Elastic Transcoder

These are the Write actions for Amazon Elastic Transcoder.

  • elastictranscoder:CancelJob

  • elastictranscoder:CreateJob

  • elastictranscoder:CreatePipeline

  • elastictranscoder:CreatePreset

  • elastictranscoder:DeletePipeline

  • elastictranscoder:DeletePreset

  • elastictranscoder:TestRole

  • elastictranscoder:UpdatePipeline

  • elastictranscoder:UpdatePipelineNotifications

  • elastictranscoder:UpdatePipelineStatus

Amazon Elasticsearch Service

These are the Write actions for Amazon Elasticsearch Service.

  • es:AddTags

  • es:CreateElasticsearchDomain

  • es:DeleteElasticsearchDomain

  • es:ESHttpPost

  • es:ESHttpPut

  • es:RemoveTags

  • es:UpdateElasticsearchDomainConfig

Amazon GameLift

These are the Write actions for Amazon GameLift.

  • gamelift:CreateAlias

  • gamelift:CreateBuild

  • gamelift:CreateFleet

  • gamelift:CreateGameSession

  • gamelift:CreatePlayerSession

  • gamelift:CreatePlayerSessions

  • gamelift:DeleteAlias

  • gamelift:DeleteBuild

  • gamelift:DeleteFleet

  • gamelift:DeleteScalingPolicy

  • gamelift:PutScalingPolicy

  • gamelift:UpdateAlias

  • gamelift:UpdateBuild

  • gamelift:UpdateFleetAttributes

  • gamelift:UpdateFleetCapacity

  • gamelift:UpdateFleetPortSettings

  • gamelift:UpdateGameSession

  • gamelift:UpdateRuntimeConfiguration

Amazon Glacier

These are the Write actions for Amazon Glacier.

  • glacier:AbortMultipartUpload

  • glacier:AddTagsToVault

  • glacier:CompleteMultipartUpload

  • glacier:CreateVault

  • glacier:DeleteArchive

  • glacier:DeleteVault

  • glacier:DeleteVaultNotifications

  • glacier:InitiateJob

  • glacier:InitiateMultipartUpload

  • glacier:PurchaseProvisionedCapacity

  • glacier:RemoveTagsFromVault

  • glacier:SetVaultNotifications

  • glacier:UploadArchive

  • glacier:UploadMultipartPart

Identity And Access Management

These are the Write actions for Identity And Access Management.

  • iam:AddClientIDToOpenIDConnectProvider

  • iam:AddRoleToInstanceProfile

  • iam:AddUserToGroup

  • iam:ChangePassword

  • iam:CreateAccessKey

  • iam:CreateAccountAlias

  • iam:CreateGroup

  • iam:CreateInstanceProfile

  • iam:CreateLoginProfile

  • iam:CreateOpenIDConnectProvider

  • iam:CreateRole

  • iam:CreateSAMLProvider

  • iam:CreateUser

  • iam:CreateVirtualMFADevice

  • iam:DeactivateMFADevice

  • iam:DeleteAccessKey

  • iam:DeleteAccountAlias

  • iam:DeleteGroup

  • iam:DeleteInstanceProfile

  • iam:DeleteLoginProfile

  • iam:DeleteOpenIDConnectProvider

  • iam:DeleteRole

  • iam:DeleteSAMLProvider

  • iam:DeleteSSHPublicKey

  • iam:DeleteServerCertificate

  • iam:DeleteSigningCertificate

  • iam:DeleteUser

  • iam:DeleteVirtualMFADevice

  • iam:EnableMFADevice

  • iam:PassRole

  • iam:RemoveClientIDFromOpenIDConnectProvider

  • iam:RemoveRoleFromInstanceProfile

  • iam:RemoveUserFromGroup

  • iam:ResyncMFADevice

  • iam:UpdateAccessKey

  • iam:UpdateAccountPasswordPolicy

  • iam:UpdateGroup

  • iam:UpdateLoginProfile

  • iam:UpdateOpenIDConnectProviderThumbprint

  • iam:UpdateSAMLProvider

  • iam:UpdateSSHPublicKey

  • iam:UpdateServerCertificate

  • iam:UpdateSigningCertificate

  • iam:UpdateUser

  • iam:UploadSSHPublicKey

  • iam:UploadServerCertificate

  • iam:UploadSigningCertificate

AWS Import Export Disk Service

These are the Write actions for AWS Import Export Disk Service.

  • importexport:CancelJob

  • importexport:CreateJob

  • importexport:UpdateJob

Amazon Inspector

These are the Write actions for Amazon Inspector.

  • inspector:AddAttributesToFindings

  • inspector:CreateAssessmentTarget

  • inspector:CreateAssessmentTemplate

  • inspector:CreateResourceGroup

  • inspector:DeleteAssessmentRun

  • inspector:DeleteAssessmentTarget

  • inspector:DeleteAssessmentTemplate

  • inspector:RegisterCrossAccountAccessRole

  • inspector:RemoveAttributesFromFindings

  • inspector:SetTagsForResource

  • inspector:StartAssessmentRun

  • inspector:StopAssessmentRun

  • inspector:SubscribeToEvent

  • inspector:UnsubscribeFromEvent

  • inspector:UpdateAssessmentTarget

AWS IoT

These are the Write actions for AWS IoT.

  • iot:AcceptCertificateTransfer

  • iot:AttachThingPrincipal

  • iot:CancelCertificateTransfer

  • iot:Connect

  • iot:CreateCertificateFromCsr

  • iot:CreateKeysAndCertificate

  • iot:CreateThing

  • iot:CreateThingType

  • iot:CreateTopicRule

  • iot:DeleteCACertificate

  • iot:DeleteCertificate

  • iot:DeleteRegistrationCode

  • iot:DeleteThing

  • iot:DeleteThingShadow

  • iot:DeleteThingType

  • iot:DeleteTopicRule

  • iot:DeprecateThingType

  • iot:DetachThingPrincipal

  • iot:DisableTopicRule

  • iot:EnableTopicRule

  • iot:Publish

  • iot:Receive

  • iot:RegisterCACertificate

  • iot:RegisterCertificate

  • iot:RejectCertificateTransfer

  • iot:ReplaceTopicRule

  • iot:SetLoggingOptions

  • iot:Subscribe

  • iot:TransferCertificate

  • iot:UpdateCACertificate

  • iot:UpdateCertificate

  • iot:UpdateThing

  • iot:UpdateThingShadow

AWS Key Management Service

These are the Write actions for AWS Key Management Service.

  • kms:CancelKeyDeletion

  • kms:CreateAlias

  • kms:Decrypt

  • kms:DeleteAlias

  • kms:DeleteImportedKeyMaterial

  • kms:DisableKey

  • kms:DisableKeyRotation

  • kms:EnableKey

  • kms:EnableKeyRotation

  • kms:Encrypt

  • kms:GenerateDataKey

  • kms:GenerateDataKeyWithoutPlaintext

  • kms:ImportKeyMaterial

  • kms:ScheduleKeyDeletion

  • kms:TagResource

  • kms:UntagResource

  • kms:UpdateAlias

  • kms:UpdateKeyDescription

Amazon Kinesis

These are the Write actions for Amazon Kinesis.

  • kinesis:AddTagsToStream

  • kinesis:CreateStream

  • kinesis:DecreaseStreamRetentionPeriod

  • kinesis:DeleteStream

  • kinesis:DisableEnhancedMonitoring

  • kinesis:EnableEnhancedMonitoring

  • kinesis:IncreaseStreamRetentionPeriod

  • kinesis:MergeShards

  • kinesis:PutRecord

  • kinesis:PutRecords

  • kinesis:RemoveTagsFromStream

  • kinesis:SplitShard

  • kinesis:UpdateShardCount

Amazon Kinesis Firehose

These are the Write actions for Amazon Kinesis Firehose.

  • firehose:CreateDeliveryStream

  • firehose:DeleteDeliveryStream

  • firehose:PutRecord

  • firehose:PutRecordBatch

  • firehose:UpdateDestination

AWS Lambda

These are the Write actions for AWS Lambda.

  • lambda:CreateAlias

  • lambda:CreateEventSourceMapping

  • lambda:CreateFunction

  • lambda:DeleteAlias

  • lambda:DeleteEventSourceMapping

  • lambda:DeleteFunction

  • lambda:Invoke

  • lambda:InvokeAsync

  • lambda:InvokeFunction

  • lambda:PublishVersion

  • lambda:UpdateAlias

  • lambda:UpdateEventSourceMapping

  • lambda:UpdateFunctionCode

  • lambda:UpdateFunctionConfiguration

Amazon Lightsail

These are the Write actions for Amazon Lightsail.

  • lightsail:AllocateStaticIp

  • lightsail:AttachStaticIp

  • lightsail:CloseInstancePublicPorts

  • lightsail:CreateDomain

  • lightsail:CreateDomainEntry

  • lightsail:CreateInstanceSnapshot

  • lightsail:CreateInstances

  • lightsail:CreateInstancesFromSnapshot

  • lightsail:CreateKeyPair

  • lightsail:DeleteDomain

  • lightsail:DeleteDomainEntry

  • lightsail:DeleteInstance

  • lightsail:DeleteInstanceSnapshot

  • lightsail:DeleteKeyPair

  • lightsail:DetachStaticIp

  • lightsail:ImportKeyPair

  • lightsail:OpenInstancePublicPorts

  • lightsail:PeerVpc

  • lightsail:RebootInstance

  • lightsail:ReleaseStaticIp

  • lightsail:StartInstance

  • lightsail:StopInstance

  • lightsail:UnpeerVpc

  • lightsail:UpdateDomainEntry

Amazon Machine Learning

These are the Write actions for Amazon Machine Learning.

  • machinelearning:AddTags

  • machinelearning:CreateBatchPrediction

  • machinelearning:CreateDataSourceFromRDS

  • machinelearning:CreateDataSourceFromRedshift

  • machinelearning:CreateDataSourceFromS3

  • machinelearning:CreateEvaluation

  • machinelearning:CreateMLModel

  • machinelearning:CreateRealtimeEndpoint

  • machinelearning:DeleteBatchPrediction

  • machinelearning:DeleteDataSource

  • machinelearning:DeleteEvaluation

  • machinelearning:DeleteMLModel

  • machinelearning:DeleteRealtimeEndpoint

  • machinelearning:DeleteTags

  • machinelearning:Predict

  • machinelearning:UpdateBatchPrediction

  • machinelearning:UpdateDataSource

  • machinelearning:UpdateEvaluation

  • machinelearning:UpdateMLModel

Manage Amazon API Gateway

These are the Write actions for Manage Amazon API Gateway.

  • apigateway:DELETE

  • apigateway:PATCH

  • apigateway:POST

  • apigateway:PUT

AWS Marketplace

These are the Write actions for AWS Marketplace.

  • aws-marketplace:Subscribe

  • aws-marketplace:Unsubscribe

AWS Marketplace Management Portal

These are the Write actions for AWS Marketplace Management Portal.

  • aws-marketplace-management:uploadFiles

Amazon Mechanical Turk

These are the Write actions for Amazon Mechanical Turk.

  • mechanicalturk:ApproveAssignment

  • mechanicalturk:ApproveRejectedAssignment

  • mechanicalturk:AssignQualification

  • mechanicalturk:BlockWorker

  • mechanicalturk:ChangeHITTypeOfHIT

  • mechanicalturk:CreateHIT

  • mechanicalturk:CreateQualificationType

  • mechanicalturk:DisableHIT

  • mechanicalturk:DisposeHIT

  • mechanicalturk:DisposeQualificationType

  • mechanicalturk:ExtendHIT

  • mechanicalturk:ForceExpireHIT

  • mechanicalturk:GrantBonus

  • mechanicalturk:GrantQualification

  • mechanicalturk:NotifyWorkers

  • mechanicalturk:RegisterHITType

  • mechanicalturk:RejectAssignment

  • mechanicalturk:RejectQualificationRequest

  • mechanicalturk:RevokeQualification

  • mechanicalturk:SendTestEventNotification

  • mechanicalturk:SetHITAsReviewing

  • mechanicalturk:SetHITTypeNotification

  • mechanicalturk:UnblockWorker

  • mechanicalturk:UpdateQualificationScore

  • mechanicalturk:UpdateQualificationType

Amazon Mobile Analytics

These are the Write actions for Amazon Mobile Analytics.

  • mobileanalytics:PutEvents

AWS Mobile Hub

These are the Write actions for AWS Mobile Hub.

  • mobilehub:CreateProject

  • mobilehub:CreateServiceRole

  • mobilehub:DeleteProject

  • mobilehub:DeployToStage

  • mobilehub:GenerateProjectParameters

  • mobilehub:SynchronizeProject

  • mobilehub:UpdateProject

AWS OpsWorks

These are the Write actions for AWS OpsWorks.

  • opsworks:AssignInstance

  • opsworks:AssignVolume

  • opsworks:AssociateElasticIp

  • opsworks:AttachElasticLoadBalancer

  • opsworks:CloneStack

  • opsworks:CreateApp

  • opsworks:CreateDeployment

  • opsworks:CreateInstance

  • opsworks:CreateLayer

  • opsworks:CreateStack

  • opsworks:CreateUserProfile

  • opsworks:DeleteApp

  • opsworks:DeleteInstance

  • opsworks:DeleteLayer

  • opsworks:DeleteStack

  • opsworks:DeleteUserProfile

  • opsworks:DeregisterEcsCluster

  • opsworks:DeregisterElasticIp

  • opsworks:DeregisterInstance

  • opsworks:DeregisterRdsDbInstance

  • opsworks:DeregisterVolume

  • opsworks:DetachElasticLoadBalancer

  • opsworks:DisassociateElasticIp

  • opsworks:GrantAccess

  • opsworks:RebootInstance

  • opsworks:RegisterEcsCluster

  • opsworks:RegisterElasticIp

  • opsworks:RegisterInstance

  • opsworks:RegisterRdsDbInstance

  • opsworks:RegisterVolume

  • opsworks:SetLoadBasedAutoScaling

  • opsworks:SetTimeBasedAutoScaling

  • opsworks:StartInstance

  • opsworks:StartStack

  • opsworks:StopInstance

  • opsworks:StopStack

  • opsworks:UnassignInstance

  • opsworks:UnassignVolume

  • opsworks:UpdateApp

  • opsworks:UpdateElasticIp

  • opsworks:UpdateInstance

  • opsworks:UpdateLayer

  • opsworks:UpdateMyUserProfile

  • opsworks:UpdateRdsDbInstance

  • opsworks:UpdateStack

  • opsworks:UpdateVolume

AWS OpsWorks Configuration Management

These are the Write actions for AWS OpsWorks Configuration Management.

  • opsworks-cm:AssociateNode

  • opsworks-cm:CreateBackup

  • opsworks-cm:CreateServer

  • opsworks-cm:DeleteBackup

  • opsworks-cm:DeleteServer

  • opsworks-cm:DisassociateNode

  • opsworks-cm:RestoreServer

  • opsworks-cm:StartMaintenance

  • opsworks-cm:UpdateServer

  • opsworks-cm:UpdateServerEngineAttributes

AWS Organizations

These are the Write actions for AWS Organizations.

  • organizations:AcceptHandshake

  • organizations:AttachPolicy

  • organizations:CancelHandshake

  • organizations:CreateAccount

  • organizations:CreateOrganization

  • organizations:CreateOrganizationalUnit

  • organizations:CreatePolicy

  • organizations:DeclineHandshake

  • organizations:DeleteOrganization

  • organizations:DeleteOrganizationalUnit

  • organizations:DeletePolicy

  • organizations:DetachPolicy

  • organizations:DisablePolicyType

  • organizations:EnableFullControl

  • organizations:EnablePolicyType

  • organizations:InviteAccountToOrganization

  • organizations:LeaveOrganization

  • organizations:MoveAccount

  • organizations:RemoveAccountFromOrganization

  • organizations:UpdateOrganizationalUnit

  • organizations:UpdatePolicy

Amazon Pinpoint

These are the Write actions for Amazon Pinpoint.

  • mobiletargeting:CreateCampaign

  • mobiletargeting:CreateImportJob

  • mobiletargeting:CreateSegment

  • mobiletargeting:DeleteApnsChannel

  • mobiletargeting:DeleteCampaign

  • mobiletargeting:DeleteGcmChannel

  • mobiletargeting:DeleteSegment

  • mobiletargeting:UpdateApnsChannel

  • mobiletargeting:UpdateApplicationSettings

  • mobiletargeting:UpdateCampaign

  • mobiletargeting:UpdateEndpoint

  • mobiletargeting:UpdateEndpointsBatch

  • mobiletargeting:UpdateGcmChannel

  • mobiletargeting:UpdateSegment

Amazon Polly

These are the Write actions for Amazon Polly.

  • polly:DeleteLexicon

  • polly:PutLexicon

Amazon RDS

These are the Write actions for Amazon RDS.

  • rds:AddRoleToDBCluster

  • rds:AddSourceIdentifierToSubscription

  • rds:AddTagsToResource

  • rds:ApplyPendingMaintenanceAction

  • rds:CopyDBClusterSnapshot

  • rds:CopyDBParameterGroup

  • rds:CopyDBSnapshot

  • rds:CopyOptionGroup

  • rds:CreateDBCluster

  • rds:CreateDBClusterParameterGroup

  • rds:CreateDBClusterSnapshot

  • rds:CreateDBInstance

  • rds:CreateDBInstanceReadReplica

  • rds:CreateDBParameterGroup

  • rds:CreateDBSecurityGroup

  • rds:CreateDBSnapshot

  • rds:CreateDBSubnetGroup

  • rds:CreateEventSubscription

  • rds:CreateOptionGroup

  • rds:DeleteDBCluster

  • rds:DeleteDBClusterParameterGroup

  • rds:DeleteDBClusterSnapshot

  • rds:DeleteDBInstance

  • rds:DeleteDBParameterGroup

  • rds:DeleteDBSecurityGroup

  • rds:DeleteDBSnapshot

  • rds:DeleteDBSubnetGroup

  • rds:DeleteEventSubscription

  • rds:DeleteOptionGroup

  • rds:FailoverDBCluster

  • rds:ModifyDBCluster

  • rds:ModifyDBClusterParameterGroup

  • rds:ModifyDBClusterSnapshotAttribute

  • rds:ModifyDBInstance

  • rds:ModifyDBParameterGroup

  • rds:ModifyDBSnapshotAttribute

  • rds:ModifyDBSubnetGroup

  • rds:ModifyEventSubscription

  • rds:ModifyOptionGroup

  • rds:PromoteReadReplica

  • rds:PurchaseReservedDBInstancesOffering

  • rds:RebootDBInstance

  • rds:RemoveSourceIdentifierFromSubscription

  • rds:RemoveTagsFromResource

  • rds:ResetDBClusterParameterGroup

  • rds:ResetDBParameterGroup

  • rds:RestoreDBClusterFromSnapshot

  • rds:RestoreDBClusterToPointInTime

  • rds:RestoreDBInstanceFromDBSnapshot

  • rds:RestoreDBInstanceToPointInTime

  • rds:RevokeDBSecurityGroupIngress

Amazon Redshift

These are the Write actions for Amazon Redshift.

  • redshift:AuthorizeClusterSecurityGroupIngress

  • redshift:CancelQuerySession

  • redshift:CopyClusterSnapshot

  • redshift:CreateCluster

  • redshift:CreateClusterParameterGroup

  • redshift:CreateClusterSecurityGroup

  • redshift:CreateClusterSnapshot

  • redshift:CreateClusterSubnetGroup

  • redshift:CreateEventSubscription

  • redshift:CreateHsmClientCertificate

  • redshift:CreateHsmConfiguration

  • redshift:CreateTags

  • redshift:DeleteCluster

  • redshift:DeleteClusterParameterGroup

  • redshift:DeleteClusterSecurityGroup

  • redshift:DeleteClusterSnapshot

  • redshift:DeleteClusterSubnetGroup

  • redshift:DeleteEventSubscription

  • redshift:DeleteHsmClientCertificate

  • redshift:DeleteHsmConfiguration

  • redshift:DeleteSnapshotCopyGrant

  • redshift:DeleteTags

  • redshift:DisableLogging

  • redshift:DisableSnapshotCopy

  • redshift:EnableLogging

  • redshift:EnableSnapshotCopy

  • redshift:ModifyCluster

  • redshift:ModifyClusterParameterGroup

  • redshift:ModifyClusterSubnetGroup

  • redshift:ModifyEventSubscription

  • redshift:ModifySnapshotCopyRetentionPeriod

  • redshift:PurchaseReservedNodeOffering

  • redshift:RebootCluster

  • redshift:ResetClusterParameterGroup

  • redshift:RestoreFromClusterSnapshot

  • redshift:RestoreTableFromClusterSnapshot

Amazon Rekognition

These are the Write actions for Amazon Rekognition.

  • rekognition:CreateCollection

  • rekognition:DeleteCollection

  • rekognition:DeleteFaces

  • rekognition:IndexFaces

Amazon Resource Group Tagging API

These are the Write actions for Amazon Resource Group Tagging API.

  • tag:TagResources

  • tag:UntagResources

  • tag:addResourceTags

  • tag:removeResourceTags

Amazon Route 53

These are the Write actions for Amazon Route 53.

  • route53:AssociateVPCWithHostedZone

  • route53:ChangeResourceRecordSets

  • route53:ChangeTagsForResource

  • route53:CreateHealthCheck

  • route53:CreateHostedZone

  • route53:CreateReusableDelegationSet

  • route53:CreateTrafficPolicy

  • route53:CreateTrafficPolicyInstance

  • route53:CreateTrafficPolicyVersion

  • route53:DeleteHealthCheck

  • route53:DeleteHostedZone

  • route53:DeleteReusableDelegationSet

  • route53:DeleteTrafficPolicy

  • route53:DeleteTrafficPolicyInstance

  • route53:DisableDomainAutoRenew

  • route53:DisassociateVPCFromHostedZone

  • route53:EnableDomainAutoRenew

  • route53:UpdateHealthCheck

  • route53:UpdateHostedZoneComment

  • route53:UpdateTrafficPolicyComment

  • route53:UpdateTrafficPolicyInstance

Amazon Route53 Domains

These are the Write actions for Amazon Route53 Domains.

  • route53domains:DeleteTagsForDomain

  • route53domains:DisableDomainAutoRenew

  • route53domains:DisableDomainTransferLock

  • route53domains:EnableDomainAutoRenew

  • route53domains:EnableDomainTransferLock

  • route53domains:RegisterDomain

  • route53domains:RenewDomain

  • route53domains:ResendContactReachabilityEmail

  • route53domains:RetrieveDomainAuthCode

  • route53domains:TransferDomain

  • route53domains:UpdateDomainContact

  • route53domains:UpdateDomainContactPrivacy

  • route53domains:UpdateDomainNameservers

  • route53domains:UpdateTagsForDomain

Amazon S3

These are the Write actions for Amazon S3.

  • s3:AbortMultipartUpload

  • s3:CreateBucket

  • s3:DeleteBucket

  • s3:DeleteBucketWebsite

  • s3:DeleteObject

  • s3:DeleteObjectVersion

  • s3:PutAccelerateConfiguration

  • s3:PutBucketCORS

  • s3:PutBucketLogging

  • s3:PutBucketNotification

  • s3:PutBucketRequestPayment

  • s3:PutBucketTagging

  • s3:PutBucketVersioning

  • s3:PutBucketWebsite

  • s3:PutLifecycleConfiguration

  • s3:PutObject

  • s3:PutObjectTagging

  • s3:PutReplicationConfiguration

  • s3:ReplicateDelete

  • s3:ReplicateObject

  • s3:RestoreObject

Amazon SES

These are the Write actions for Amazon SES.

  • ses:CloneReceiptRuleSet

  • ses:CreateReceiptFilter

  • ses:CreateReceiptRule

  • ses:CreateReceiptRuleSet

  • ses:DeleteIdentity

  • ses:DeleteIdentityPolicy

  • ses:DeleteReceiptFilter

  • ses:DeleteReceiptRule

  • ses:DeleteReceiptRuleSet

  • ses:DeleteVerifiedEmailAddress

  • ses:PutIdentityPolicy

  • ses:ReorderReceiptRuleSet

  • ses:SendBounce

  • ses:SendEmail

  • ses:SendRawEmail

  • ses:SetActiveReceiptRuleSet

  • ses:SetIdentityDkimEnabled

  • ses:SetIdentityFeedbackForwardingEnabled

  • ses:SetIdentityHeadersInNotificationsEnabled

  • ses:SetIdentityMailFromDomain

  • ses:SetIdentityNotificationTopic

  • ses:SetReceiptRulePosition

  • ses:UpdateReceiptRule

Amazon SNS

These are the Write actions for Amazon SNS.

  • sns:ConfirmSubscription

  • sns:CreatePlatformApplication

  • sns:CreatePlatformEndpoint

  • sns:CreateTopic

  • sns:DeleteEndpoint

  • sns:DeletePlatformApplication

  • sns:DeleteTopic

  • sns:OptInPhoneNumber

  • sns:Publish

  • sns:SetEndpointAttributes

  • sns:SetPlatformApplicationAttributes

  • sns:SetSMSAttributes

  • sns:SetSubscriptionAttributes

  • sns:SetTopicAttributes

  • sns:Subscribe

  • sns:Unsubscribe

Amazon SQS

These are the Write actions for Amazon SQS.

  • sqs:ChangeMessageVisibility

  • sqs:ChangeMessageVisibilityBatch

  • sqs:CreateQueue

  • sqs:DeleteMessage

  • sqs:DeleteMessageBatch

  • sqs:DeleteQueue

  • sqs:PurgeQueue

  • sqs:SendMessage

  • sqs:SendMessageBatch

  • sqs:SetQueueAttributes

AWS Security Token Service

These are the Write actions for AWS Security Token Service.

  • sts:AssumeRole

  • sts:AssumeRoleWithSAML

  • sts:AssumeRoleWithWebIdentity

  • sts:DecodeAuthorizationMessage

AWS Service Catalog

These are the Write actions for AWS Service Catalog.

  • servicecatalog:AcceptPortfolioShare

  • servicecatalog:AssociatePrincipalWithPortfolio

  • servicecatalog:AssociateProductWithPortfolio

  • servicecatalog:CreateConstraint

  • servicecatalog:CreatePortfolio

  • servicecatalog:CreateProduct

  • servicecatalog:CreateProvisioningArtifact

  • servicecatalog:DeleteConstraint

  • servicecatalog:DeletePortfolio

  • servicecatalog:DeleteProduct

  • servicecatalog:DeleteProvisioningArtifact

  • servicecatalog:DisassociatePrincipalFromPortfolio

  • servicecatalog:DisassociateProductFromPortfolio

  • servicecatalog:ProvisionProduct

  • servicecatalog:RejectPortfolioShare

  • servicecatalog:TerminateProvisionedProduct

  • servicecatalog:UpdateConstraint

  • servicecatalog:UpdatePortfolio

  • servicecatalog:UpdateProduct

  • servicecatalog:UpdateProvisionedProduct

  • servicecatalog:UpdateProvisioningArtifact

AWS Shield

These are the Write actions for AWS Shield.

  • shield:CreateProtection

  • shield:CreateSubscription

  • shield:DeleteProtection

  • shield:DeleteSubscription

Amazon Simple Systems Manager

These are the Write actions for Amazon Simple Systems Manager.

  • ssm:AddTagsToResource

  • ssm:CancelCommand

  • ssm:CreateActivation

  • ssm:CreateAssociation

  • ssm:CreateAssociationBatch

  • ssm:CreateDocument

  • ssm:CreateMaintenanceWindow

  • ssm:DeleteActivation

  • ssm:DeleteAssociation

  • ssm:DeleteDocument

  • ssm:DeleteMaintenanceWindow

  • ssm:DeleteParameter

  • ssm:DeregisterManagedInstance

  • ssm:DeregisterTargetFromMaintenanceWindow

  • ssm:DeregisterTaskFromMaintenanceWindow

  • ssm:ModifyDocumentPermission

  • ssm:PutInventory

  • ssm:PutParameter

  • ssm:RegisterTargetWithMaintenanceWindow

  • ssm:RegisterTaskWithMaintenanceWindow

  • ssm:RemoveTagsFromResource

  • ssm:SendCommand

  • ssm:StartAssociationsOnce

  • ssm:UpdateAssociation

  • ssm:UpdateAssociationStatus

  • ssm:UpdateDocument

  • ssm:UpdateDocumentDefaultVersion

  • ssm:UpdateInstanceAssociationStatus

  • ssm:UpdateInstanceInformation

  • ssm:UpdateMaintenanceWindow

  • ssm:UpdateManagedInstanceRole

Amazon Simple Workflow Service

These are the Write actions for Amazon Simple Workflow Service.

  • swf:CancelTimer

  • swf:CancelWorkflowExecution

  • swf:CompleteWorkflowExecution

  • swf:ContinueAsNewWorkflowExecution

  • swf:DeprecateActivityType

  • swf:DeprecateDomain

  • swf:DeprecateWorkflowType

  • swf:FailWorkflowExecution

  • swf:PollForActivityTask

  • swf:PollForDecisionTask

  • swf:RecordActivityTaskHeartbeat

  • swf:RecordMarker

  • swf:RegisterActivityType

  • swf:RegisterDomain

  • swf:RegisterWorkflowType

  • swf:RequestCancelActivityTask

  • swf:RequestCancelExternalWorkflowExecution

  • swf:RequestCancelWorkflowExecution

  • swf:RespondActivityTaskCanceled

  • swf:RespondActivityTaskCompleted

  • swf:RespondActivityTaskFailed

  • swf:RespondDecisionTaskCompleted

  • swf:ScheduleActivityTask

  • swf:SignalExternalWorkflowExecution

  • swf:SignalWorkflowExecution

  • swf:StartChildWorkflowExecution

  • swf:StartTimer

  • swf:StartWorkflowExecution

  • swf:TerminateWorkflowExecution

Amazon SimpleDB

These are the Write actions for Amazon SimpleDB.

  • sdb:BatchDeleteAttributes

  • sdb:BatchPutAttributes

  • sdb:CreateDomain

  • sdb:DeleteAttributes

  • sdb:DeleteDomain

  • sdb:DomainMetadata

  • sdb:PutAttributes

AWS Step Functions

These are the Write actions for AWS Step Functions.

  • states:CreateActivity

  • states:CreateStateMachine

  • states:DeleteActivity

  • states:DeleteStateMachine

  • states:SendTaskFailure

  • states:SendTaskHeartbeat

  • states:SendTaskSuccess

  • states:StartExecution

  • states:StopExecution

Amazon Storage Gateway

These are the Write actions for Amazon Storage Gateway.

  • storagegateway:ActivateGateway

  • storagegateway:AddCache

  • storagegateway:AddTagsToResource

  • storagegateway:AddUploadBuffer

  • storagegateway:AddWorkingStorage

  • storagegateway:CancelArchival

  • storagegateway:CancelRetrieval

  • storagegateway:CreateCachediSCSIVolume

  • storagegateway:CreateSnapshot

  • storagegateway:CreateSnapshotFromVolumeRecoveryPoint

  • storagegateway:CreateStorediSCSIVolume

  • storagegateway:CreateTapeWithBarcode

  • storagegateway:CreateTapes

  • storagegateway:DeleteBandwidthRateLimit

  • storagegateway:DeleteChapCredentials

  • storagegateway:DeleteGateway

  • storagegateway:DeleteSnapshotSchedule

  • storagegateway:DeleteTape

  • storagegateway:DeleteTapeArchive

  • storagegateway:DeleteVolume

  • storagegateway:DisableGateway

  • storagegateway:RemoveTagsFromResource

  • storagegateway:ResetCache

  • storagegateway:RetrieveTapeArchive

  • storagegateway:RetrieveTapeRecoveryPoint

  • storagegateway:SetLocalConsolePassword

  • storagegateway:ShutdownGateway

  • storagegateway:StartGateway

  • storagegateway:UpdateBandwidthRateLimit

  • storagegateway:UpdateChapCredentials

  • storagegateway:UpdateGatewayInformation

  • storagegateway:UpdateGatewaySoftwareNow

  • storagegateway:UpdateMaintenanceStartTime

  • storagegateway:UpdateSnapshotSchedule

  • storagegateway:UpdateVTLDeviceType

Amazon Support

These are the Write actions for Amazon Support.

  • support:AddAttachmentsToSet

  • support:AddCommunicationToCase

  • support:CreateCase

  • support:RefreshTrustedAdvisorCheck

  • support:ResolveCase

AWS Trusted Advisor

These are the Write actions for AWS Trusted Advisor.

  • trustedadvisor:ExcludeCheckItems

  • trustedadvisor:IncludeCheckItems

  • trustedadvisor:RefreshCheck

  • trustedadvisor:UpdateNotificationPreferences

AWS WAF

These are the Write actions for AWS WAF.

  • waf:CreateByteMatchSet

  • waf:CreateIPSet

  • waf:CreateRule

  • waf:CreateSizeConstraintSet

  • waf:CreateSqlInjectionMatchSet

  • waf:CreateXssMatchSet

  • waf:DeleteByteMatchSet

  • waf:DeleteIPSet

  • waf:DeleteRule

  • waf:DeleteSizeConstraintSet

  • waf:DeleteSqlInjectionMatchSet

  • waf:DeleteXssMatchSet

  • waf:UpdateByteMatchSet

  • waf:UpdateIPSet

  • waf:UpdateRule

  • waf:UpdateSizeConstraintSet

  • waf:UpdateSqlInjectionMatchSet

  • waf:UpdateXssMatchSet

AWS WAF Regional

These are the Write actions for AWS WAF Regional.

  • waf-regional:AssociateWebACL

  • waf-regional:CreateByteMatchSet

  • waf-regional:CreateIPSet

  • waf-regional:CreateRule

  • waf-regional:CreateSizeConstraintSet

  • waf-regional:CreateSqlInjectionMatchSet

  • waf-regional:CreateXssMatchSet

  • waf-regional:DeleteByteMatchSet

  • waf-regional:DeleteIPSet

  • waf-regional:DeleteRule

  • waf-regional:DeleteSizeConstraintSet

  • waf-regional:DeleteSqlInjectionMatchSet

  • waf-regional:DeleteXssMatchSet

  • waf-regional:DisassociateWebACL

  • waf-regional:UpdateByteMatchSet

  • waf-regional:UpdateIPSet

  • waf-regional:UpdateRule

  • waf-regional:UpdateSizeConstraintSet

  • waf-regional:UpdateSqlInjectionMatchSet

  • waf-regional:UpdateXssMatchSet

Amazon WorkDocs

These are the Write actions for Amazon WorkDocs.

  • workdocs:AbortDocumentVersionUpload

  • workdocs:ActivateUser

  • workdocs:AddResourcePermissions

  • workdocs:AddUserToGroup

  • workdocs:CreateFolder

  • workdocs:CreateInstance

  • workdocs:CreateNotificationSubscription

  • workdocs:CreateUser

  • workdocs:DeactivateUser

  • workdocs:DeleteDocument

  • workdocs:DeleteFolder

  • workdocs:DeleteFolderContents

  • workdocs:DeleteInstance

  • workdocs:DeleteNotificationSubscription

  • workdocs:DeleteUser

  • workdocs:DeregisterDirectory

  • workdocs:InitiateDocumentVersionUpload

  • workdocs:RegisterDirectory

  • workdocs:RemoveAllResourcePermissions

  • workdocs:RemoveResourcePermission

  • workdocs:RemoveUserFromGroup

  • workdocs:UpdateDocument

  • workdocs:UpdateDocumentVersion

  • workdocs:UpdateFolder

  • workdocs:UpdateInstanceAlias

  • workdocs:UpdateUser

Amazon WorkMail

These are the Write actions for Amazon WorkMail.

  • workmail:AddMembersToGroup

  • workmail:CreateGroup

  • workmail:CreateMailDomain

  • workmail:CreateMailUser

  • workmail:CreateOrganization

  • workmail:CreateResource

  • workmail:DeleteMailDomain

  • workmail:DeleteMobileDevice

  • workmail:DeleteOrganization

  • workmail:DisableMailGroups

  • workmail:DisableMailUsers

  • workmail:EnableMailDomain

  • workmail:EnableMailGroups

  • workmail:EnableMailUsers

  • workmail:RemoveMembersFromGroup

  • workmail:ResetUserPassword

  • workmail:SetAdmin

  • workmail:SetDefaultMailDomain

  • workmail:SetMailGroupDetails

  • workmail:SetMailUserDetails

  • workmail:SetMobilePolicyDetails

  • workmail:WipeMobileDevice

Amazon WorkSpaces

These are the Write actions for Amazon WorkSpaces.

  • workspaces:CreateTags

  • workspaces:CreateWorkspaces

  • workspaces:DeleteTags

  • workspaces:ModifyWorkspaceProperties

  • workspaces:RebootWorkspaces

  • workspaces:RebuildWorkspaces

  • workspaces:StartWorkspaces

  • workspaces:StopWorkspaces

  • workspaces:TerminateWorkspaces

Amazon WorkSpaces Application Manager

These are the Write actions for Amazon WorkSpaces Application Manager.

  • wam:AuthenticatePackager

AWS XRay

These are the Write actions for AWS XRay.

  • xray:PutTelemetryRecords

  • xray:PutTraceSegments

On this page: