Menu
AWS Directory Service
Administration Guide (Version 1.0)

Amazon Cloud Directory API Permissions: Actions, Resources, and Conditions Reference

When you are setting up Access Control and writing permissions policies that you can attach to an IAM identity (identity-based policies), you can use the following table as a reference. The table lists each Amazon Cloud Directory API operation, the corresponding actions for which you can grant permissions to perform the action, the AWS resource for which you can grant the permissions. You specify the actions in the policy's Action field and the resource value in the policy's Resource field.

You can use AWS-wide condition keys in your Amazon Cloud Directory policies to express conditions. For a complete list of AWS-wide keys, see Available Keys in the IAM User Guide.

Note

To specify an action, use the clouddirectory: prefix followed by the API operation name (for example, clouddirectory:CreateDirectory).

Amazon Cloud Directory API and Required Permissions for Actions

Amazon Cloud Directory API Operations Required Permissions (API Actions) Resources
AddFacetToObject

clouddirectory:AddFacetToObject

*
ApplySchema clouddirectory:ApplySchema *
AttachObject clouddirectory:AttachObject *

AttachPolicy

clouddirectory:AttachPolicy

*

AttachToIndex

clouddirectory:AttachToIndex

*

BatchRead

clouddirectory:BatchRead

*

BatchWrite

clouddirectory:BatchWrite

*

CreateDirectory

clouddirectory:CreateDirectory

*

CreateFacet

clouddirectory:CreateFacet

*

CreateIndex

clouddirectory:CreateIndex

*

CreateObject

clouddirectory:CreateObject

*

CreateSchema

clouddirectory:CreateSchema

*

CreateSchema

clouddirectory:CreateSchema

*

DeleteDirectory

clouddirectory:DeleteDirectory

*

DeleteFacet

clouddirectory:DeleteFacet

*

DeleteObject

clouddirectory:DeleteObject

*

DeleteSchema

clouddirectory:DeleteSchema

*

DetachFromIndex

clouddirectory:DetachFromIndex

*

DetachObject

clouddirectory:DetachObject

*

DetachPolicy

clouddirectory:DetachPolicy

*

DisableDirectory

clouddirectory:DisableDirectory

*

EnableDirectory

clouddirectory:EnableDirectory

*

GetDirectory

clouddirectory:GetDirectory

*

GetFacet

clouddirectory:GetFacet

*

GetObjectInformation

clouddirectory:GetObjectInformation

*

GetSchemaAsJson

clouddirectory:GetSchemaAsJson

*

ListAppliedSchemaArns

clouddirectory:ListAppliedSchemaArns

*

ListAttachedIndices

clouddirectory:ListAttachedIndices

*

ListDevelopmentSchemaArns

clouddirectory:ListDevelopmentSchemaArns

*

ListDirectories

clouddirectory:ListDirectories

*

ListFacetAttributes

clouddirectory:ListFacetAttributes

*

ListFacetNames

clouddirectory:ListFacetNames

*

ListIndex

clouddirectory:ListIndex

*

ListObjectAttributes

clouddirectory:ListObjectAttributes

*

ListObjectChildren

clouddirectory:ListObjectChildren

*

ListObjectParents

clouddirectory:ListObjectParents

*

ListObjectPolicies

clouddirectory:ListObjectPolicies

*

ListPolicyAttachments

clouddirectory:ListPolicyAttachments

*

ListPublishedSchemaArns

clouddirectory:ListPublishedSchemaArns

*

ListTagsForResource

clouddirectory:ListTagsForResource

*

LookupPolicy

clouddirectory:LookupPolicy

*

PublishSchema

clouddirectory:PublishSchema

*

PutSchemaFromJson

clouddirectory:PutSchemaFromJson

*

RemoveFacetFromObject

clouddirectory:RemoveFacetFromObject

*

TagResource

clouddirectory:TagResource

*

UntagResource

clouddirectory:UntagResource

*

UpdateFacet

clouddirectory:UpdateFacet

*

UpdateObjectAttributes

clouddirectory:UpdateObjectAttributes

*

UpdateSchema

clouddirectory:UpdateSchema

*