AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon Chime

Amazon Chime (service prefix: chime) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Amazon Chime

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AcceptDelegate Accepts the delegate invitation to share management of an Amazon Chime account with another AWS Account Write
ActivateUsers Activates users in an Amazon Chime enterprise account Write
AddDomain Adds a domain to your Amazon Chime account Write
AddOrUpdateGroups Adds new or updates existing Active Directory or Okta user groups associated with your Amazon Chime enterprise account Write
AuthorizeDirectory Authorize an Active Directory to your Amazon Chime enterprise account Write
BatchUpdateUser Updates details for multiple users Write
ConnectDirectory Connects an Active Directory to your Amazon Chime enterprise account Write

ds:ConnectDirectory

CreateAccount Creates a new Amazon Chime account Write
CreateApiKey Generates a new SCIM access key for your Amazon Chime account and Okta configuration Write
CreateCDRBucket Creates a new Call Detail Record S3 bucket Write

s3:CreateBucket

s3:ListAllMyBuckets

DeleteAccount Deletes an Amazon Chime account Write
DeleteAccountOpenIdConfig Deletes the OpenIdConfig attributes from your Amazon Chime account Write
DeleteApiKey Deletes the specified SCIM access key associated with your Amazon Chime account and Okta configuration Write
DeleteCDRBucket Deletes a Call Detail Record S3 bucket from your Amazon Chime account Write

s3:DeleteBucket

DeleteDelegate Deletes delegated AWS account management from your Amazon Chime account Write
DeleteDomain Deletes a domain from your Amazon Chime account Write
DeleteGroups Deletes Active Directory or Okta user groups from your Amazon Chime enterprise account Write
DisconnectDirectory Disconnects the Active Directory from your Amazon Chime enterprise account Write
GetAccount Gets the account details for an Amazon Chime account Read
GetAccountResource Shows the details of the account resource associated with your Amazon Chime account Read
GetAccountSettings Shows your Amazon Chime account settings Read
GetAccountWithOpenIdConfig Gets the account details and OpenIdConfig attributes for your Amazon Chime account Read
GetCDRBucket Gets the details of a Call Detail Record S3 bucket associated with your Amazon Chime account Read

s3:GetBucketAcl

s3:GetBucketLocation

s3:GetBucketLogging

s3:GetBucketVersioning

s3:GetBucketWebsite

GetDomain Shows domain details for a domain associated with your Amazon Chime account Read
GetMeetingDetail Shows attendee, connection and other details for a meeting. Read
GetUser Gets the user details for an Amazon Chime user Read
GetUserActivityReportData Shows summary of user activity on the user details page Read
GetUserByEmail Gets user details for an Amazon Chime user based on the email address in an Amazon Chime enterprise or team account Read
InviteDelegate Sends an invitation to accept a request for AWS account delegation for an Amazon Chime account Write
InviteUsers Invites new users to an Amazon Chime account Write
ListAccountUsageReportData Lists Amazon Chime account usage reporting data List
ListAccounts Lists the Amazon Chime accounts associated with your AWS account List
ListApiKeys Lists the SCIM access keys defined for your Amazon Chime account and Okta configuration List
ListCDRBucket Lists Call Detail Record S3 buckets List

s3:ListAllMyBuckets

s3:ListBucket

ListDelegates Lists account delegate information associated with your Amazon Chime account List
ListDirectories Lists active Active Directories hosted in the Directory Service of your AWS account List
ListDomains Lists domains associated with your Amazon Chime account List
ListGroups Lists Active Directory or Okta user groups associated with your Amazon Chime enterprise account List
ListMeetingEvents Lists all events that occurred for a meeting List
ListMeetingsReportData Lists meetings ended during the date range List
ListUsers Lists the users in an Amazon Chime account List
LogoutUser Spike an Amazon Chime user device Write
RenameAccount Modifies the account name for your Amazon Chime enterprise or team account Write
RenewDelegate Renews the delegation request associated with an Amazon Chime account Write
ResetAccountResource Resets the account resource in your Amazon Chime account Write
ResetPersonalPin Resets the personal meeting PIN for an Amazon Chime user Write
RetrieveDataExports Downloads the file containing links to all user attachments returned as part of the "Request attachments" action. List
StartDataExport Submits the "Request attachments" request. Write
SubmitSupportRequest Submits a customer service support request Write
SuspendUsers Suspend users from an Amazon Chime enterprise account Write
UnauthorizeDirectory Unauthorize an Active Directory to your Amazon Chime enterprise account Write
UpdateAccount Updates an existing account's details Write
UpdateAccountOpenIdConfig Updates the OpenIdConfig attributes for your Amazon Chime account Write
UpdateAccountResource Updates the account resource in your Amazon Chime account Write
UpdateAccountSettings Modifies your Amazon Chime account settings Write
UpdateCDRBucket Updates your Call Detail Record S3 bucket Write

s3:CreateBucket

s3:DeleteBucket

s3:ListAllMyBuckets

UpdateSupportedLicenses Updates the supported license tiers available for users in your Amazon Chime account Write
UpdateUser Updates an existing user's details Write
UpdateUserLicenses Manages the licenses for your Amazon Chime users Write
ValidateAccountResource Validates the account resource in your Amazon Chime account Read

Resources Defined by Chime

Amazon Chime has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for Amazon Chime

Chime has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.