Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon Route 53 Auto Naming

Amazon Route 53 Auto Naming (service prefix: servicediscovery) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

Actions Defined by Amazon Route 53 Auto Naming

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
CreatePrivateDnsNamespace Creates a private namespace based on DNS, which will be visible only inside a specified Amazon VPC. Write

namespace*

CreatePublicDnsNamespace Creates a public namespace based on DNS, which will be visible on the internet. Write

namespace*

CreateService Creates a service. Write

service*

DeleteNamespace Deletes a specified namespace. Write

namespace*

service*

DeleteService Deletes a specified service. Write

service*

DeregisterInstance Deletes the resource record sets and the health check, if any, that Amazon Route 53 created for the specified instance. Write

service*

GetInstance Gets information about a specified instance. Read
GetInstancesHealthStatus Gets the current health status (Healthy, Unhealthy, or Unknown) of one or more instances. Read
GetNamespace Gets information about a namespace. Read

namespace*

GetOperation Gets information about a specific operation. Read
GetService Gets the settings for a specified service. Read

service*

ListInstances Gets summary information about the instances. List
ListNamespaces Gets information about the namespaces. List

namespace*

ListOperations Lists operations that match the criteria that you specify. List
ListServices Gets settings for all the services that were created by the current AWS account. List

service*

RegisterInstance Creates one or more resource record sets and optionally a health check based on the settings in a specified service. Write

service*

UpdateInstanceHeartbeatStatus Updates the current status for the specified instance. Write

service*

UpdateService Updates the settings in a specified service. Write

service*

Resources Defined by Route 53 Auto Naming

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see The Resource Types Table.

Resource Types ARN Condition Keys
namespace arn:${Partition}:servicediscovery:${Region}:${Account}:stack/${NamespaceName}
service arn:${Partition}:servicediscovery:${Region}:${Account}:service/${ServiceName}

Condition Keys for Amazon Route 53 Auto Naming

Route 53 Auto Naming has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.