Actions, resources, and condition keys for AWS DeepRacer - AWS Identity and Access Management

Actions, resources, and condition keys for AWS DeepRacer

Tip

This page is moving to a new location on November 16, 2020. Please update your bookmark to use the new page at https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsdeepracer.html.

AWS DeepRacer (service prefix: deepracer) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions defined by AWS DeepRacer

You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.

The Resource types column indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") in the Resource element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. Required resources are indicated in the table with an asterisk (*). If you specify a resource-level permission ARN in a statement using this action, then it must be of this type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one but not the other.

For details about the columns in the following table, see The actions table.

Actions Description Access level Resource types (*required) Condition keys Dependent actions
CloneReinforcementLearningModel [permission only] Grants permission to clone existing DeepRacer models Write

reinforcement_learning_model*

track*

CreateAccountResources [permission only] Grants permission to create resources needed by DeepRacer on behalf of the user Write
CreateLeaderboardSubmission [permission only] Grants permission to submit DeepRacer models to be evaluated for leaderboards Write

leaderboard*

reinforcement_learning_model*

CreateReinforcementLearningModel [permission only] Grants permission to create reinforcement learning models for DeepRacer Write

track*

DeleteAccountResources [permission only] Grants permission to delete resources created by DeepRacer on behalf of the user Write
DeleteModel [permission only] Grants permission to delete DeepRacer models Write

reinforcement_learning_model*

GetAccountResources [permission only] Grants permission to retrieve the resources created by DeepRacer on behalf of the user Read
GetAlias [permission only] Grants permission to retrieve the user's alias for submitting DeepRacer models to leaderboards Read
GetEvaluation [permission only] Grants permission to retrieve information about existing DeepRacer models' evaluation jobs Read

evaluation_job*

GetLatestUserSubmission [permission only] Grants permission to retrieve information about how the latest submitted DeepRacer model for a user performed on a leaderboard Read

leaderboard*

GetLeaderboard [permission only] Grants permission to retrieve information about leaderboards Read

leaderboard*

GetModel [permission only] Grants permission to retrieve information about existing DeepRacer models Read

reinforcement_learning_model*

GetRankedUserSubmission [permission only] Grants permission to retrieve information about the performance of a user's DeepRacer model that got placed on a leaderboard Read

leaderboard*

GetTrack [permission only] Grants permission to retrieve information about DeepRacer tracks Read

track*

GetTrainingJob [permission only] Grants permission to retrieve information about existing DeepRacer models' training job Read

training_job*

ListEvaluations [permission only] Grants permission to list DeepRacer models' evaluation jobs List

reinforcement_learning_model*

ListLeaderboardSubmissions [permission only] Grants permission to list all the submissions of DeepRacer models of a user on a leaderboard List

leaderboard*

ListLeaderboards [permission only] Grants permission to list all the available leaderboards List
ListModels [permission only] Grants permission to list all existing DeepRacer models List
ListTracks [permission only] Grants permission to list all DeepRacer tracks List
ListTrainingJobs [permission only] Grants permission to list DeepRacer models' training jobs List

reinforcement_learning_model*

SetAlias [permission only] Grants permission to set the user's alias for submitting DeepRacer models to leaderboards Write
StartEvaluation [permission only] Grants permission to evaluate DeepRacer models in a simulated environment Write

reinforcement_learning_model*

track*

StopEvaluation [permission only] Grants permission to stop DeepRacer model evaluations Write

evaluation_job*

StopTrainingReinforcementLearningModel [permission only] Grants permission to stop training DeepRacer models Write

reinforcement_learning_model*

TestRewardFunction [permission only] Grants permission to test reward functions for correctness Write

Resource types defined by AWS DeepRacer

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see The resource types table.

Resource types ARN Condition keys
reinforcement_learning_model arn:${Partition}:deepracer:${Region}:${Account}:model/reinforcement_learning/${ResourceId}
training_job arn:${Partition}:deepracer:${Region}:${Account}:training_job/${ResourceId}
evaluation_job arn:${Partition}:deepracer:${Region}:${Account}: evaluation_job/${ResourceId}
leaderboard_evaluation_job arn:${Partition}:deepracer:${Region}:${Account}:leaderboard_evaluation_job/${ResourceId}
track arn:${Partition}:deepracer:${Region}::track/${ResourceId}
leaderboard arn:${Partition}:deepracer:${Region}::leaderboard/${ResourceId}

Condition keys for AWS DeepRacer

DeepRacer has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available keys for conditions.