Menu
Amazon Rekognition
Developer Guide

Amazon Rekognition API Permissions: Actions, Permissions, and Resources Reference

When you are setting up Access Control and writing a permissions policy that you can attach to an IAM identity (identity-based policies), you can use the following table as a reference. The table lists each Amazon Rekognition API operation, the corresponding actions for which you can grant permissions to perform the action, and the AWS resource for which you can grant the permissions. You specify the actions in the policy's Action field, and you specify the resource value in the policy's Resource field.

You can use AWS-wide condition keys in your Amazon Rekognition policies to express conditions. For a complete list of AWS-wide keys, see Available Keys in the IAM User Guide.

Note

To specify an action, use the rekognition prefix followed by the API operation name (for example, rekognition:DeleteCollection).

If you see an expand arrow () in the upper-right corner of the table, you can open the table in a new window. To close the window, choose the close button (X) in the lower-right corner.

Amazon Rekognition API and Required Permissions for Actions

Amazon Rekognition API Operations Required Permissions (API Actions) Resources

CreateCollection

rekognition:CreateCollection

arn:aws:rekognition:region:account-id:collection/collection-id

DeleteCollection

rekognition:DeleteCollection

arn:aws:rekognition:region:account-id:collection/collection-id

DeleteFaces

rekognition:DeleteFaces

arn:aws:rekognition:region:account-id:collection/collection-id

DetectFaces

rekognition:DetectFaces

arn:aws:rekognition:region:account-id:collection/collection-id

IndexFaces

rekognition:IndexFaces

arn:aws:rekognition:region:account-id:collection/collection-id

ListCollections

rekognition:ListCollections

arn:aws:rekognition:region:account-id:*

ListFaces

rekognition:ListFaces

arn:aws:rekognition:region:account-id:collection/collection-id

SearchFaces

rekognition:SearchFaces

arn:aws:rekognition:region:account-id:collection/collection-id

SearchFacesByImage

rekognition:SearchFacesByImage

arn:aws:rekognition:region:account-id:collection/collection-id

CreateStreamProcessor

rekognition:CreateStreamProcessor

arn:aws:rekognition:region:account-id:collection/collection-id

arn:aws:rekognition:region:account-id:streamprocessor/stream-processor-name

DeleteStreamProcessor

rekognition:DeleteStreamProcessor

arn:aws:rekognition:region:account-id:streamprocessor/stream-processor-name

ListStreamProcessors

rekognition:ListStreamProcessors

arn:aws:rekognition:region:account-id:streamprocessor/stream-processor-name

StartStreamProcessor

rekognition:StartStreamProcessor

arn:aws:rekognition:region:account-id:streamprocessor/stream-processor-name

StopStreamProcessor

rekognition:StopStreamProcessor

arn:aws:rekognition:region:account-id:streamprocessor/stream-processor-name

CompareFaces

rekognition:CompareFaces

None used.

DetectFaces

rekognition:DetectFaces

None used.

DetectLabels

rekognition:DetectLabels

None used.

DetectModerationLabels

rekognition:DetectModerationLabels

None used.

DetectText

rekognition:DetectText

None used.

GetCelebrityInfo

rekognition:GetCelebrityInfo

None used.

RecognizeCelebrities

rekognition:RecognizeCelebrities

None used.

GetCelebrityRecognition

rekognition:GetCelebrityRecognition

None used.

GetContentModeration

rekognition:GetContentModeration

None used.

GetFaceDetection

rekognition:GetFaceDetection

None used.

GetLabelDetection

rekognition:GetLabelDetection

None used.

GetPersonTracking

rekognition:GetPersonTracking

None used.

StartCelebrityRecognition

rekognition:StartCelebrityRecognition

None used.

StartContentModeration

rekognition:StartContentModeration

None used.

StartFaceDetection

rekognition:StartFaceDetection

None used.

StartLabelDetection

rekognition:StartLabelDetection

None used.

StartPersonTracking

rekognition:StartPersonTracking

None used.