Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon Cloud Directory

Amazon Cloud Directory (service prefix: clouddirectory) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Amazon Cloud Directory

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AddFacetToObject Adds a new Facet to an object.

Write

directory*

ApplySchema Copies input published schema into Directory with same name and version as that of published schema.

Write

directory*

publishedSchema*

AttachObject Attaches an existing object to another existing object.

Write

directory*

AttachPolicy Attaches a policy object to any other object.

Write

directory*

AttachToIndex Attaches the specified object to the specified index.

Write

directory*

AttachTypedLink Attaches a typed link b/w a source & target object reference.

Write

directory*

BatchRead Performs all the read operations in a batch. Each individual operation inside BatchRead needs to be granted permissions explicitly.

Read

directory*

BatchWrite Performs all the write operations in a batch. Each individual operation inside BatchWrite needs to be granted permissions explicitly.

Write

directory*

CreateDirectory Creates a Directory by copying the published schema into the directory.

Write

publishedSchema*

CreateFacet Creates a new Facet in a schema.

Write

appliedSchema*

developmentSchema*

CreateIndex Creates an index object.

Write

directory*

CreateObject Creates an object in a Directory.

Write

directory*

CreateSchema Creates a new schema in a development state.

Write

CreateTypedLinkFacet Creates a new Typed Link facet in a schema.

Write

appliedSchema*

developmentSchema*

DeleteDirectory Deletes a directory. Only disabled directories can be deleted.

Write

directory*

DeleteFacet Deletes a given Facet. All attributes and Rules associated with the facet will be deleted.

Write

developmentSchema*

DeleteObject Deletes an object and its associated attributes.

Write

directory*

DeleteSchema Deletes a given schema.

Write

developmentSchema*

publishedSchema*

DeleteTypedLinkFacet Deletes a given TypedLink Facet. All attributes and Rules associated with the facet will be deleted.

Write

developmentSchema*

DetachFromIndex Detaches the specified object from the specified index.

Write

directory*

DetachObject Detaches a given object from the parent object.

Write

directory*

DetachPolicy Detaches a policy from an object.

Write

directory*

DetachTypedLink Detaches a given typed link b/w given source and target object reference.

Write

directory*

DisableDirectory Disables the specified directory.

Write

directory*

EnableDirectory Enables the specified directory.

Write

directory*

GetDirectory Retrieves metadata about a directory.

Read

directory*

GetFacet Gets details of the Facet, such as Facet Name, Attributes, Rules, or ObjectType.

Read

appliedSchema*

developmentSchema*

publishedSchema*

GetObjectAttributes Retrieves attributes within a facet that are associated with an object.

Read

directory*

GetObjectInformation Retrieves metadata about an object.

Read

directory*

GetSchemaAsJson Retrieves a JSON representation of the schema.

Read

appliedSchema*

developmentSchema*

publishedSchema*

GetTypedLinkFacetInformation Returns identity attributes order information associated with a given typed link facet.

Read

appliedSchema*

developmentSchema*

publishedSchema*

ListAppliedSchemaArns Lists schemas applied to a directory.

List

directory*

ListAttachedIndices Lists indices attached to an object.

Read

directory*

ListDevelopmentSchemaArns Retrieves the ARNs of schemas in the development state.

List

ListDirectories Lists directories created within an account.

List

ListFacetAttributes Retrieves attributes attached to the facet.

Read

appliedSchema*

developmentSchema*

publishedSchema*

ListFacetNames Retrieves the names of facets that exist in a schema.

Read

appliedSchema*

developmentSchema*

publishedSchema*

ListIncomingTypedLinks Returns a paginated list of all incoming TypedLinks for a given object.

Read

directory*

ListIndex Lists objects attached to the specified index.

Read

directory*

ListObjectAttributes Lists all attributes associated with an object.

Read

directory*

ListObjectChildren Returns a paginated list of child objects associated with a given object.

Read

directory*

ListObjectParentPaths Retrieves all available parent paths for any object type such as node, leaf node, policy node, and index node objects.

Read

directory*

ListObjectParents Lists parent objects associated with a given object in pagination fashion.

Read

directory*

ListObjectPolicies Returns policies attached to an object in pagination fashion.

Read

directory*

ListOutgoingTypedLinks Returns a paginated list of all outgoing TypedLinks for a given object.

Read

directory*

ListPolicyAttachments Returns all of the ObjectIdentifiers to which a given policy is attached.

Read

directory*

ListPublishedSchemaArns Retrieves published schema ARNs.

List

ListTagsForResource Returns tags for a resource.

Read

directory*

ListTypedLinkFacetAttributes Returns a paginated list of attributes associated with typed link facet.

Read

appliedSchema*

developmentSchema*

publishedSchema*

ListTypedLinkFacetNames Returns a paginated list of typed link facet names that exist in a schema.

Read

appliedSchema*

developmentSchema*

publishedSchema*

LookupPolicy Lists all policies from the root of the Directory to the object specified.

Read

directory*

PublishSchema Publishes a development schema with a version.

Write

developmentSchema*

PutSchemaFromJson Allows a schema to be updated using JSON upload. Only available for development schemas.

Write

RemoveFacetFromObject Removes the specified facet from the specified object.

Write

directory*

TagResource Adds tags to a resource.

Tagging

directory*

UntagResource Removes tags from a resource.

Tagging

directory*

UpdateFacet Adds/Updates/Deletes existing Attributes, Rules, or ObjectType of a Facet.

Write

appliedSchema*

developmentSchema*

UpdateObjectAttributes Updates a given object's attributes.

Write

directory*

UpdateSchema Updates the schema name with a new name.

Write

developmentSchema*

UpdateTypedLinkFacet Adds/Updates/Deletes existing Attributes, Rules, identity attribute order of a TypedLink Facet.

Write

developmentSchema*

Resources Defined by Cloud Directory

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see The Resource Types Table.

Resource Types ARN Condition Keys
appliedSchema arn:${Partition}:clouddirectory:${Region}:${Account}:directory/${DirectoryId}/schema/${SchemaName}/${Version}
developmentSchema arn:${Partition}:clouddirectory:${Region}:${Account}:schema/development/${SchemaName}
directory arn:${Partition}:clouddirectory:${Region}:${Account}:directory/${DirectoryId}
publishedSchema arn:${Partition}:clouddirectory:${Region}:${Account}:schema/published/${SchemaName}/${Version}

Condition Keys for Amazon Cloud Directory

Cloud Directory has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.