Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon WorkDocs

Amazon WorkDocs (service prefix: workdocs) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Amazon WorkDocs

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AbortDocumentVersionUpload Aborts the upload of the specified document version that was previously initiated by InitiateDocumentVersionUpload.

Write

ActivateUser Activates the specified user. Only active users can access Amazon WorkDocs.

Write

AddResourcePermissions Creates a set of permissions for the specified folder or document.

Write

AddUserToGroup

Write

CheckAlias

Read Write

CreateFolder Creates a folder with the specified name and parent folder.

Write

CreateInstance

Write

CreateNotificationSubscription Configure WorkDocs to use Amazon SNS notifications.

Write

CreateUser Creates a user in a Simple AD or Microsoft AD directory.

Write

DeactivateUser Deactivates the specified user, which revokes the user's access to Amazon WorkDocs.

Write

DeleteDocument Permanently deletes the specified document and its associated metadata.

Write

DeleteFolder Permanently deletes the specified folder and its contents.

Write

DeleteFolderContents Deletes the contents of the specified folder.

Write

DeleteInstance

Write

DeleteNotificationSubscription Deletes the specified subscription from the specified organization.

Write

DeleteUser Deletes the specified user from a Simple AD or Microsoft AD directory.

Write

DeregisterDirectory

Write

DescribeAvailableDirectories

List Read Write

DescribeDocumentVersions Retrieves the document versions for the specified document.

List Read Write

DescribeFolderContents Describes the contents of the specified folder, including its documents and sub-folders.

List Read Write

DescribeInstances

List Read Write

DescribeNotificationSubscriptions Lists the specified notification subscriptions.

List Read Write

DescribeResourcePermissions Describes the permissions of a specified resource.

List Read Write

DescribeUsers Describes the specified users. You can describe all users or filter the results (for example, by status or organization).

List Read Write

GetDocument Retrieves the specified document object.

Read Write

GetDocumentPath Retrieves the path information (the hierarchy from the root folder) for the requested document.

Read Write

GetDocumentVersion Retrieves version metadata for the specified document.

Read Write

GetFolder Retrieves the metadata of the specified folder.

Read Write

GetFolderPath Retrieves the path information (the hierarchy from the root folder) for the specified folder.

Read Write

InitiateDocumentVersionUpload Creates a new document object and version object.

Write

RegisterDirectory

Write

RemoveAllResourcePermissions Removes all the permissions from the specified resource.

Write

RemoveResourcePermission Removes the permission for the specified principal from the specified resource.

Write

RemoveUserFromGroup

Write

UpdateDocument Updates the specified attributes of the specified document.

Write

UpdateDocumentVersion Changes the status of the document version to ACTIVE.

Write

UpdateFolder Updates the specified attributes of the specified folder.

Write

UpdateInstanceAlias

Write

UpdateUser Updates the specified attributes of the specified user, and grants or revokes administrative privileges to the Amazon WorkDocs site.

Write

Resources Defined by WorkDocs

WorkDocs has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for Amazon WorkDocs

WorkDocs has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.