Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Application Discovery

Application Discovery (service prefix: discovery) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Application Discovery

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AssociateConfigurationItemsToApplication Associates one or more configuration items with an application. Write
CreateApplication Creates an application with the given name and description. Write
CreateTags Creates one or more tags for configuration items. Tags are metadata that help you categorize IT assets. This API accepts a list of multiple configuration items. Tagging
DeleteApplications Deletes a list of applications and their associations with configuration items. Write
DeleteTags Deletes the association between configuration items and one or more tags. This API accepts a list of multiple configuration items. Tagging
DescribeAgents Lists agents or the Connector by ID or lists all agents/Connectors associated with your user account if you did not specify an ID. Read
DescribeConfigurations Retrieves attributes for a list of configuration item IDs. All of the supplied IDs must be for the same asset type (server, application, process, or connection). Output fields are specific to the asset type selected. For example, the output for a server configuration item includes a list of attributes about the server, such as host name, operating system, and number of network cards. Read
DescribeExportConfigurations Retrieves the status of a given export process. You can retrieve status from a maximum of 100 processes. Read
DescribeTags Retrieves a list of configuration items that are tagged with a specific tag. Or retrieves a list of all tags assigned to a specific configuration item. Read
DisassociateConfigurationItemsFromApplication Disassociates one or more configuration items from an application. Write
ExportConfigurations Exports all discovered configuration data to an Amazon S3 bucket or an application that enables you to view and evaluate the data. Data includes tags and tag associations, processes, connections, servers, and system performance. Write
GetDiscoverySummary Retrieves a short summary of discovered assets. Read
ListConfigurations Retrieves a list of configuration items according to criteria you specify in a filter. The filter criteria identify relationship requirements. List
ListServerNeighbors Retrieves a list of servers which are one network hop away from a specified server. List
StartDataCollectionByAgentIds Instructs the specified agents or Connectors to start collecting data. Write
StartExportTask Export the configuration data about discovered configuration items and relationships to an S3 bucket in a specified format. Write
StopDataCollectionByAgentIds Instructs the specified agents or Connectors to stop collecting data. Write
UpdateApplication Updates metadata about an application. Write

Resources Defined by Application Discovery

Application Discovery has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for Application Discovery

Application Discovery has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.