AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon Chime

Amazon Chime (service prefix: chime) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Amazon Chime

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AcceptDelegate Grants permission to accept the delegate invitation to share management of an Amazon Chime account with another AWS Account Write
ActivateUsers Grants permission to activate users in an Amazon Chime Enterprise account Write
AddDomain Grants permission to add a domain to your Amazon Chime account Write
AddOrUpdateGroups Grants permission to add new or update existing Active Directory or Okta user groups associated with your Amazon Chime Enterprise account Write
AuthorizeDirectory Grants permission to authorize an Active Directory for your Amazon Chime Enterprise account Write
BatchSuspendUser Grants permission to suspend up to 50 users from a Team or EnterpriseLWA Amazon Chime account Write
BatchUnsuspendUser Grants permission to remove the suspension from up to 50 previously suspended users for the specified Amazon Chime EnterpriseLWA account Write
BatchUpdateUser Grants permission to update user details within the UpdateUserRequestItem object for up to 20 users for the specified Amazon Chime account Write
ConnectDirectory Grants permission to connect an Active Directory to your Amazon Chime Enterprise account Write

ds:ConnectDirectory

CreateAccount Grants permission to create an Amazon Chime account under the administrator's AWS account Write
CreateApiKey Grants permission to create a new SCIM access key for your Amazon Chime account and Okta configuration Write
CreateCDRBucket Grants permission to create a new Call Detail Record S3 bucket Write

s3:CreateBucket

s3:ListAllMyBuckets

DeleteAccount Grants permission to delete the specified Amazon Chime account Write
DeleteAccountOpenIdConfig Grants permission to delete the OpenIdConfig attributes from your Amazon Chime account Write
DeleteApiKey Grants permission to delete the specified SCIM access key associated with your Amazon Chime account and Okta configuration Write
DeleteCDRBucket Grants permission to delete a Call Detail Record S3 bucket from your Amazon Chime account Write

s3:DeleteBucket

DeleteDelegate Grants permission to delete delegated AWS account management from your Amazon Chime account Write
DeleteDomain Grants permission to delete a domain from your Amazon Chime account Write
DeleteGroups Grants permission to delete Active Directory or Okta user groups from your Amazon Chime Enterprise account Write
DisconnectDirectory Grants permission to disconnect the Active Directory from your Amazon Chime Enterprise account Write
GetAccount Grants permission to get details for the specified Amazon Chime account Read
GetAccountResource Grants permission to get details for the account resource associated with your Amazon Chime account Read
GetAccountSettings Grants permission to get account settings for the specified Amazon Chime account ID Read
GetAccountWithOpenIdConfig Grants permission to get the account details and OpenIdConfig attributes for your Amazon Chime account Read
GetCDRBucket Grants permission to get details of a Call Detail Record S3 bucket associated with your Amazon Chime account Read

s3:GetBucketAcl

s3:GetBucketLocation

s3:GetBucketLogging

s3:GetBucketVersioning

s3:GetBucketWebsite

GetDomain Grants permission to get domain details for a domain associated with your Amazon Chime account Read
GetMeetingDetail Grants permission to get attendee, connection, and other details for a meeting Read
GetUser Grants permission to get details for the specified user ID Read
GetUserActivityReportData Grants permission to get a summary of user activity on the user details page Read
GetUserByEmail Grants permission to get user details for an Amazon Chime user based on the email address in an Amazon Chime Enterprise or Team account Read
InviteDelegate Grants permission to send an invitation to accept a request for AWS account delegation for an Amazon Chime account Write
InviteUsers Grants permission to invite as many as 50 users to the specified Amazon Chime account Write
ListAccountUsageReportData Grants permission to list Amazon Chime account usage reporting data List
ListAccounts Grants permission to list the Amazon Chime accounts under the administrator's AWS account List
ListApiKeys Grants permission to list the SCIM access keys defined for your Amazon Chime account and Okta configuration List
ListCDRBucket Grants permission to list Call Detail Record S3 buckets List

s3:ListAllMyBuckets

s3:ListBucket

ListDelegates Grants permission to list account delegate information associated with your Amazon Chime account List
ListDirectories Grants permission to list active Active Directories hosted in the Directory Service of your AWS account List
ListDomains Grants permission to list domains associated with your Amazon Chime account List
ListGroups Grants permission to list Active Directory or Okta user groups associated with your Amazon Chime Enterprise account List
ListMeetingEvents Grants permission to list all events that occurred for a specified meeting List
ListMeetingsReportData Grants permission to list meetings ended during the specified date range List
ListUsers Grants permission to list the users that belong to the specified Amazon Chime account List
LogoutUser Grants permission to log out the specified user from all of the devices they are currently logged into Write
RenameAccount Grants permission to modify the account name for your Amazon Chime Enterprise or Team account Write
RenewDelegate Grants permission to renew the delegation request associated with an Amazon Chime account Write
ResetAccountResource Grants permission to reset the account resource in your Amazon Chime account Write
ResetPersonalPin Grants permission to reset the personal meeting PIN for the specified user on an Amazon Chime account Write
RetrieveDataExports Grants permission to download the file containing links to all user attachments returned as part of the "Request attachments" action List
StartDataExport Grants permission to submit the "Request attachments" request Write
SubmitSupportRequest Grants permission to submit a customer service support request Write
SuspendUsers Grants permission to suspend users from an Amazon Chime Enterprise account Write
UnauthorizeDirectory Grants permission to unauthorize an Active Directory from your Amazon Chime Enterprise account Write
UpdateAccount Grants permission to update account details for the specified Amazon Chime account Write
UpdateAccountOpenIdConfig Grants permission to update the OpenIdConfig attributes for your Amazon Chime account Write
UpdateAccountResource Grants permission to update the account resource in your Amazon Chime account Write
UpdateAccountSettings Grants permission to update the settings for the specified Amazon Chime account Write
UpdateCDRSettings Grants permission to update your Call Detail Record S3 bucket Write

s3:CreateBucket

s3:DeleteBucket

s3:ListAllMyBuckets

UpdateSupportedLicenses Grants permission to update the supported license tiers available for users in your Amazon Chime account Write
UpdateUser Grants permission to update user details for a specified user ID Write
UpdateUserLicenses Grants permission to update the licenses for your Amazon Chime users Write
ValidateAccountResource Grants permission to validate the account resource in your Amazon Chime account Read

Resources Defined by Chime

Amazon Chime has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for Amazon Chime

Chime has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.