Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for AWS Elastic Beanstalk

AWS Elastic Beanstalk (service prefix: elasticbeanstalk) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by AWS Elastic Beanstalk

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AbortEnvironmentUpdate Cancels in-progress environment configuration update or application version deployment

Write

environment*

elasticbeanstalk:InApplication

ApplyEnvironmentManagedAction Applies a scheduled managed action immediately.

Write

environment*

elasticbeanstalk:InApplication

CheckDNSAvailability Checks if the specified CNAME is available

Read

ComposeEnvironments Create or update a group of environments that each run a separate component of a single application

Write

application*

applicationversion*

elasticbeanstalk:InApplication

CreateApplication Creates an application that has one configuration template named default and no application versions

Write

application*

CreateApplicationVersion Creates an application version for the specified application

Write

application*

applicationversion*

elasticbeanstalk:InApplication

CreateConfigurationTemplate Creates a configuration template

Write

configurationtemplate*

elasticbeanstalk:InApplication

elasticbeanstalk:FromApplication

elasticbeanstalk:FromApplicationVersion

elasticbeanstalk:FromConfigurationTemplate

elasticbeanstalk:FromEnvironment

elasticbeanstalk:FromSolutionStack

CreateEnvironment Launches an environment for the specified application using the specified configuration

Write

environment*

elasticbeanstalk:InApplication

elasticbeanstalk:FromApplicationVersion

elasticbeanstalk:FromConfigurationTemplate

elasticbeanstalk:FromSolutionStack

CreatePlatformVersion Create a new version of your custom platform.

Write

CreateStorageLocation Creates the Amazon S3 storage location for the account

Write

DeleteApplication Deletes the specified application along with all associated versions and configurations

Write

application*

DeleteApplicationVersion Deletes the specified version from the specified application

Write

applicationversion*

elasticbeanstalk:InApplication

DeleteConfigurationTemplate Deletes the specified configuration template

Write

configurationtemplate*

elasticbeanstalk:InApplication

DeleteEnvironmentConfiguration Deletes the draft configuration associated with the running environment

Write

environment*

elasticbeanstalk:InApplication

DeletePlatformVersion Deletes the specified version of a custom platform.

Write

DescribeApplicationVersions Retrieve a list of application versions stored in your AWS Elastic Beanstalk storage bucket

List

applicationversion

elasticbeanstalk:InApplication

DescribeApplications Returns the descriptions of existing applications

List

application

DescribeConfigurationOptions Describes the configuration options

Read

configurationtemplate

elasticbeanstalk:InApplication

environment

elasticbeanstalk:InApplication

solutionstack

DescribeConfigurationSettings Returns a description of the settings for the specified configuration set

Read

configurationtemplate

elasticbeanstalk:InApplication

environment

elasticbeanstalk:InApplication

DescribeEnvironmentHealth Returns information about the overall health of the specified environment

Read

environment

elasticbeanstalk:InApplication

DescribeEnvironmentManagedActionHistory Lists an environment's completed and failed managed actions.

Read

environment

elasticbeanstalk:InApplication

DescribeEnvironmentManagedActions Lists an environment's upcoming and in-progress managed actions.

Read

environment

elasticbeanstalk:InApplication

DescribeEnvironmentResources Returns AWS resources for this environment

Read

environment

elasticbeanstalk:InApplication

DescribeEnvironments Returns descriptions for existing environments

List

environment

elasticbeanstalk:InApplication

DescribeEvents Returns list of event descriptions matching criteria up to the last 6 weeks

Read

application

applicationversion

elasticbeanstalk:InApplication

configurationtemplate

elasticbeanstalk:InApplication

environment

elasticbeanstalk:InApplication

DescribeInstancesHealth Returns more detailed information about the health of the specified instances

Read

environment

elasticbeanstalk:InApplication

DescribePlatformVersion Describes the version of the platform.

Read

ListAvailableSolutionStacks Returns a list of the available solution stack names

List

solutionstack

ListPlatformVersions Lists the available platforms.

List

RebuildEnvironment Deletes and recreates all of the AWS resources for a specified environment and forces a restart

Write

environment*

elasticbeanstalk:InApplication

RequestEnvironmentInfo Initiates a request to compile the specified type of information of the deployed environment

Read

environment*

elasticbeanstalk:InApplication

RestartAppServer Initiates a request to compile the specified type of information of the deployed environment

Write

environment*

elasticbeanstalk:InApplication

RetrieveEnvironmentInfo Retrieves the compiled information from a RequestEnvironmentInfo request

Read

environment*

elasticbeanstalk:InApplication

SwapEnvironmentCNAMEs Swaps the CNAMEs of two environments

Write

environment*

elasticbeanstalk:InApplication

elasticbeanstalk:FromEnvironment

TerminateEnvironment Terminates the specified environment

Write

environment*

elasticbeanstalk:InApplication

UpdateApplication Updates the specified application to have the specified properties

Write

application*

UpdateApplicationVersion Updates the specified application version to have the specified properties

Write

applicationversion*

elasticbeanstalk:InApplication

UpdateConfigurationTemplate Updates the specified configuration template to have the specified properties or configuration option values

Write

configurationtemplate*

elasticbeanstalk:InApplication

UpdateEnvironment Updates the environment

Write

environment*

elasticbeanstalk:InApplication

elasticbeanstalk:FromApplicationVersion

elasticbeanstalk:FromConfigurationTemplate

ValidateConfigurationSettings Takes a set of configuration settings and either a configuration template or environment, and determines whether those values are valid

Read

configurationtemplate

elasticbeanstalk:InApplication

environment

elasticbeanstalk:InApplication

Resources Defined by Elastic Beanstalk

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see The Resource Types Table.

Resource Types ARN Condition Keys
application arn:${Partition}:elasticbeanstalk:${Region}:${Account}:application/${ApplicationName}
applicationversion arn:${Partition}:elasticbeanstalk:${Region}:${Account}:applicationversion/${ApplicationName}/${VersionLabel}

elasticbeanstalk:InApplication

configurationtemplate arn:${Partition}:elasticbeanstalk:${Region}:${Account}:configurationtemplate/${ApplicationName}/${TemplateName}

elasticbeanstalk:InApplication

environment arn:${Partition}:elasticbeanstalk:${Region}:${Account}:environment/${ApplicationName}/${EnvironmentName}

elasticbeanstalk:InApplication

solutionstack arn:${Partition}:elasticbeanstalk:${Region}::solutionstack/${SolutionStackName}

Condition Keys for AWS Elastic Beanstalk

AWS Elastic Beanstalk defines the following condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see The Condition Keys Table.

To view the global condition keys that are available to all services, see Available Global Condition Keys in the IAM Policy Reference.

Condition Keys Description Type
elasticbeanstalk:FromApplication An application as a dependency or a constraint on an input parameter. ARN
elasticbeanstalk:FromApplicationVersion An application version as a dependency or a constraint on an input parameter. ARN
elasticbeanstalk:FromConfigurationTemplate A configuration template as a dependency or a constraint on an input parameter. ARN
elasticbeanstalk:FromEnvironment An environment as a dependency or a constraint on an input parameter. ARN
elasticbeanstalk:FromSolutionStack A solution stack as a dependency or a constraint on an input parameter. ARN
elasticbeanstalk:InApplication The application that contains the resource that the action operates on. ARN