AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon Chime

Amazon Chime (service prefix: chime) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Amazon Chime

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AcceptDelegate Grants permission to accept the delegate invitation to share management of an Amazon Chime account with another AWS Account Write
ActivateUsers Grants permission to activate users in an Amazon Chime Enterprise account Write
AddDomain Grants permission to add a domain to your Amazon Chime account Write
AddOrUpdateGroups Grants permission to add new or update existing Active Directory or Okta user groups associated with your Amazon Chime Enterprise account Write
AssociatePhoneNumberWithUser Grants permission to associate a phone number with an Amazon Chime user Write
AssociatePhoneNumbersWithVoiceConnector Grants permission to associate multiple phone numbers with an Amazon Chime voice connector Write
AuthorizeDirectory Grants permission to authorize an Active Directory for your Amazon Chime Enterprise account Write
BatchDeletePhoneNumber Grants permission to move up to 50 phone numbers to the deletion queue Write
BatchSuspendUser Grants permission to suspend up to 50 users from a Team or EnterpriseLWA Amazon Chime account Write
BatchUnsuspendUser Grants permission to remove the suspension from up to 50 previously suspended users for the specified Amazon Chime EnterpriseLWA account Write
BatchUpdatePhoneNumber Grants permission to update phone number details within the UpdatePhoneNumberRequestItem object for up to 50 phone numbers Write
BatchUpdateUser Grants permission to update user details within the UpdateUserRequestItem object for up to 20 users for the specified Amazon Chime account Write
ConnectDirectory Grants permission to connect an Active Directory to your Amazon Chime Enterprise account Write

ds:ConnectDirectory

CreateAccount Grants permission to create an Amazon Chime account under the administrator's AWS account Write
CreateApiKey Grants permission to create a new SCIM access key for your Amazon Chime account and Okta configuration Write
CreateCDRBucket Grants permission to create a new Call Detail Record S3 bucket Write

s3:CreateBucket

s3:ListAllMyBuckets

CreatePhoneNumberOrder Grants permission to create a phone number order with the Carriers Write
CreateVoiceConnector Grants permission to create a voice connector under the administrator's AWS account Write
DeleteAccount Grants permission to delete the specified Amazon Chime account Write
DeleteAccountOpenIdConfig Grants permission to delete the OpenIdConfig attributes from your Amazon Chime account Write
DeleteApiKey Grants permission to delete the specified SCIM access key associated with your Amazon Chime account and Okta configuration Write
DeleteCDRBucket Grants permission to delete a Call Detail Record S3 bucket from your Amazon Chime account Write

s3:DeleteBucket

DeleteDelegate Grants permission to delete delegated AWS account management from your Amazon Chime account Write
DeleteDomain Grants permission to delete a domain from your Amazon Chime account Write
DeleteGroups Grants permission to delete Active Directory or Okta user groups from your Amazon Chime Enterprise account Write
DeletePhoneNumber Grants permission to move a phone number to the deletion queue Write
DeleteVoiceConnector Grants permission to delete the specified voice connector Write
DeleteVoiceConnectorOrigination Grants permission to delete the origination settings for the specified voice connector Write
DeleteVoiceConnectorTermination Grants permission to delete the termination settings for the specified voice connector Write
DeleteVoiceConnectorTerminationCredentials Grants permission to delete SIP termination credentials for the specified voice connector Write
DisassociatePhoneNumberFromUser Grants permission to disassociate the primary provisioned number from the specified Amazon Chime user Write
DisassociatePhoneNumbersFromVoiceConnector Grants permission to disassociate multiple phone numbers from the specified voice connector Write
DisconnectDirectory Grants permission to disconnect the Active Directory from your Amazon Chime Enterprise account Write
GetAccount Grants permission to get details for the specified Amazon Chime account Read
GetAccountResource Grants permission to get details for the account resource associated with your Amazon Chime account Read
GetAccountSettings Grants permission to get account settings for the specified Amazon Chime account ID Read
GetAccountWithOpenIdConfig Grants permission to get the account details and OpenIdConfig attributes for your Amazon Chime account Read
GetCDRBucket Grants permission to get details of a Call Detail Record S3 bucket associated with your Amazon Chime account Read

s3:GetBucketAcl

s3:GetBucketLocation

s3:GetBucketLogging

s3:GetBucketVersioning

s3:GetBucketWebsite

GetDomain Grants permission to get domain details for a domain associated with your Amazon Chime account Read
GetGlobalSettings Grants permission to get global settings related to Amazon Chime for the AWS account Read
GetMeetingDetail Grants permission to get attendee, connection, and other details for a meeting Read
GetPhoneNumber Grants permission to get details for the specified phone number Read
GetPhoneNumberOrder Grants permission to get details for the specified phone number order Read
GetTelephonyLimits Grants permission to get telephony limits for the AWS account Read
GetUser Grants permission to get details for the specified user ID Read
GetUserActivityReportData Grants permission to get a summary of user activity on the user details page Read
GetUserByEmail Grants permission to get user details for an Amazon Chime user based on the email address in an Amazon Chime Enterprise or Team account Read
GetUserSettings Grants permission to get user settings related to the specified Amazon Chime user Read
GetVoiceConnector Grants permission to get details for the specified voice connector Read
GetVoiceConnectorOrigination Grants permission to get details of the origination settings for the specified voice connector Read
GetVoiceConnectorTermination Grants permission to get details of the termination settings for the specified voice connector Read
GetVoiceConnectorTerminationHealth Grants permission to get details of the termination health for the specified voice connector Read
InviteDelegate Grants permission to send an invitation to accept a request for AWS account delegation for an Amazon Chime account Write
InviteUsers Grants permission to invite as many as 50 users to the specified Amazon Chime account Write
ListAccountUsageReportData Grants permission to list Amazon Chime account usage reporting data List
ListAccounts Grants permission to list the Amazon Chime accounts under the administrator's AWS account List
ListApiKeys Grants permission to list the SCIM access keys defined for your Amazon Chime account and Okta configuration List
ListCDRBucket Grants permission to list Call Detail Record S3 buckets List

s3:ListAllMyBuckets

s3:ListBucket

ListCallingRegions Grants permission to list the calling regions available for the administrator's AWS account Read
ListDelegates Grants permission to list account delegate information associated with your Amazon Chime account List
ListDirectories Grants permission to list active Active Directories hosted in the Directory Service of your AWS account List
ListDomains Grants permission to list domains associated with your Amazon Chime account List
ListGroups Grants permission to list Active Directory or Okta user groups associated with your Amazon Chime Enterprise account List
ListMeetingEvents Grants permission to list all events that occurred for a specified meeting List
ListMeetingsReportData Grants permission to list meetings ended during the specified date range List
ListPhoneNumberOrders Grants permission to list the phone number orders under the administrator's AWS account Read
ListPhoneNumbers Grants permission to list the phone numbers under the administrator's AWS account Read
ListUsers Grants permission to list the users that belong to the specified Amazon Chime account List
ListVoiceConnectorTerminationCredentials Grants permission to list the SIP termination credentials for the specified voice connector Read
ListVoiceConnectors Grants permission to list the voice connectors under the administrator's AWS account Read
LogoutUser Grants permission to log out the specified user from all of the devices they are currently logged into Write
PutVoiceConnectorOrigination Grants permission to update the origination settings for the specified voice connector Write
PutVoiceConnectorTermination Grants permission to update the termination settings for the specified voice connector Write
PutVoiceConnectorTerminationCredentials Grants permission to add SIP termination credentials for the specified voice connector Write
RenameAccount Grants permission to modify the account name for your Amazon Chime Enterprise or Team account Write
RenewDelegate Grants permission to renew the delegation request associated with an Amazon Chime account Write
ResetAccountResource Grants permission to reset the account resource in your Amazon Chime account Write
ResetPersonalPIN Grants permission to reset the personal meeting PIN for the specified user on an Amazon Chime account Write
RestorePhoneNumber Grants permission to restore the specified phone number from the deltion queue back to the phone number inventory Write
RetrieveDataExports Grants permission to download the file containing links to all user attachments returned as part of the "Request attachments" action List
SearchAvailablePhoneNumbers Grants permission to search phone numbers that can be ordered from the carrier Read
StartDataExport Grants permission to submit the "Request attachments" request Write
SubmitSupportRequest Grants permission to submit a customer service support request Write
SuspendUsers Grants permission to suspend users from an Amazon Chime Enterprise account Write
UnauthorizeDirectory Grants permission to unauthorize an Active Directory from your Amazon Chime Enterprise account Write
UpdateAccount Grants permission to update account details for the specified Amazon Chime account Write
UpdateAccountOpenIdConfig Grants permission to update the OpenIdConfig attributes for your Amazon Chime account Write
UpdateAccountResource Grants permission to update the account resource in your Amazon Chime account Write
UpdateAccountSettings Grants permission to update the settings for the specified Amazon Chime account Write
UpdateCDRSettings Grants permission to update your Call Detail Record S3 bucket Write

s3:CreateBucket

s3:DeleteBucket

s3:ListAllMyBuckets

UpdateGlobalSettings Grants permission to update the global settings related to Amazon Chime for the AWS account Write
UpdatePhoneNumber Grants permission to update phone number details for the specified phone number Write
UpdateSupportedLicenses Grants permission to update the supported license tiers available for users in your Amazon Chime account Write
UpdateUser Grants permission to update user details for a specified user ID Write
UpdateUserLicenses Grants permission to update the licenses for your Amazon Chime users Write
UpdateUserSettings Grants permission to update user settings related to the specified Amazon Chime user Write
UpdateVoiceConnector Grants permission to update voice connector details for the specified voice connector Write
ValidateAccountResource Grants permission to validate the account resource in your Amazon Chime account Read

Resources Defined by Chime

Amazon Chime has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for Amazon Chime

Chime has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.