Menu
Amazon Chime
Administration Guide

Control Access to the Amazon Chime Console

Access to the Amazon Chime console is managed through IAM. By default, IAM users in your AWS account have access to manage your Amazon Chime accounts. To restrict the access IAM users have to Amazon Chime, create IAM policies that grant permissions to perform specific actions, such as changing license types, then attach those policies to the IAM users or groups that require those permissions.

For more information about IAM policies, see Access Management. For more information about managing and creating custom IAM policies, see Working with Policies.

Amazon Chime Actions

The following is the complete list of Amazon Chime actions.

Action Description

Accounts

Chime:CreateAccount

Creates a new Amazon Chime account.

Chime:RenameAccount

Modifies the account name for your Amazon Chime enterprise or team account.

Chime:ListAccounts

Lists the Amazon Chime accounts associated with your AWS account.

Chime:GetAccount

Gets the account details for an Amazon Chime account.

Chime:DeleteAccount

Deletes an Amazon Chime account.

Users

Chime:CountUsers

Counts the users in an Amazon Chime account.

Chime:GetAccountSettings

Shows your Amazon Chime account settings.

Chime:UpdateAccountSettings

Modifies your Amazon Chime account settings.

Chime:ListUsers

Lists the users in an Amazon Chime account.

Chime:GetUser

Gets the user details for an Amazon Chime user.

Chime:GetUserByEmail

Gets user details for an Amazon Chime user based on the email address in an Amazon Chime enterprise or team account.

Chime:InviteUsers

Invites new users to an Amazon Chime account.

Chime:SuspendUsers

Suspend users from an Amazon Chime enterprise account.

Chime:ActivateUsers

Activates users in an Amazon Chime enterprise account.

Chime:UpdateUserLicenses

Manages the licenses for your Amazon Chime users.

Chime:ResetPersonalPin

Resets the personal meeting PIN for an Amazon Chime user.

Domains

Chime:ListDomains

Lists domains associated with your Amazon Chime account.

Chime:AddDomain

Adds a domain to your Amazon Chime account.

Chime:GetDomain

Shows domain details for a domain associated with your Amazon Chime account.

Chime:DeleteDomain

Deletes a domain from your Amazon Chime account.

Directories

Chime:ListDirectories

Lists active Active Directories hosted in the Directory Service of your AWS account.

Chime:ConnectDirectory

Connects an Active Directory to your Amazon Chime enterprise account.

Chime:DisconnectDirectory

Disconnects the Active Directory from your Amazon Chime enterprise account.

Chime:ListGroups

Lists Active Directory user groups associated with your Amazon Chime enterprise account.

Chime:AddOrUpdateGroups

Adds new or updates existing Active Directory user groups associated with your Amazon Chime enterprise account.

Chime:DeleteGroups

Deletes Active Directory user groups from your Amazon Chime enterprise account.

Example: Full Console Access

The following policy statement grants an IAM user full access to the Amazon Chime console.

Copy
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "Chime:*" ], "Effect": "Allow", "Resource": "*" } ] }

Example: Read-only Console Access

The following policy statement grants IAM users read-only access to the Amazon Chime console. They can see all of the users, their current status, and their personal meeting PINs, but not make any changes.

Copy
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "Chime:ListAccounts", "Chime:GetAccount", "Chime:GetAccountSettings", "Chime:ListUsers", "Chime:GetUser", "Chime:GetUserByEmail", "Chime:ListDomains", "Chime:GetDomain", "Chime:ListGroups" ], "Effect": "Allow", "Resource": "*" } ] }