AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon WorkDocs

Amazon WorkDocs (service prefix: workdocs) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Amazon WorkDocs

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AbortDocumentVersionUpload Aborts the upload of the specified document version that was previously initiated by InitiateDocumentVersionUpload. Write
ActivateUser Activates the specified user. Only active users can access Amazon WorkDocs. Write
AddResourcePermissions Creates a set of permissions for the specified folder or document. Write
AddUserToGroup Write
CheckAlias Read
CreateFolder Creates a folder with the specified name and parent folder. Write
CreateInstance Write
CreateNotificationSubscription Configure WorkDocs to use Amazon SNS notifications. Write
CreateUser Creates a user in a Simple AD or Microsoft AD directory. Write
DeactivateUser Deactivates the specified user, which revokes the user's access to Amazon WorkDocs. Write
DeleteDocument Permanently deletes the specified document and its associated metadata. Write
DeleteFolder Permanently deletes the specified folder and its contents. Write
DeleteFolderContents Deletes the contents of the specified folder. Write
DeleteInstance Write
DeleteNotificationSubscription Deletes the specified subscription from the specified organization. Write
DeleteUser Deletes the specified user from a Simple AD or Microsoft AD directory. Write
DeregisterDirectory Write
DescribeAvailableDirectories List
DescribeDocumentVersions Retrieves the document versions for the specified document. List
DescribeFolderContents Describes the contents of the specified folder, including its documents and sub-folders. List
DescribeInstances List
DescribeNotificationSubscriptions Lists the specified notification subscriptions. List
DescribeResourcePermissions Describes the permissions of a specified resource. List
DescribeUsers Describes the specified users. You can describe all users or filter the results (for example, by status or organization). List
GetDocument Retrieves the specified document object. Read
GetDocumentPath Retrieves the path information (the hierarchy from the root folder) for the requested document. Read
GetDocumentVersion Retrieves version metadata for the specified document. Read
GetFolder Retrieves the metadata of the specified folder. Read
GetFolderPath Retrieves the path information (the hierarchy from the root folder) for the specified folder. Read
InitiateDocumentVersionUpload Creates a new document object and version object. Write
RegisterDirectory Write
RemoveAllResourcePermissions Removes all the permissions from the specified resource. Write
RemoveResourcePermission Removes the permission for the specified principal from the specified resource. Write
RemoveUserFromGroup Write
UpdateDocument Updates the specified attributes of the specified document. Write
UpdateDocumentVersion Changes the status of the document version to ACTIVE. Write
UpdateFolder Updates the specified attributes of the specified folder. Write
UpdateInstanceAlias Write
UpdateUser Updates the specified attributes of the specified user, and grants or revokes administrative privileges to the Amazon WorkDocs site. Write

Resources Defined by WorkDocs

Amazon WorkDocs has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for Amazon WorkDocs

WorkDocs has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.