AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for AWS OpsWorks

AWS OpsWorks (service prefix: opsworks) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.


Actions Defined by AWS OpsWorks

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AssignInstance Assign a registered instance to a layer Write
AssignVolume Assigns one of the stack's registered Amazon EBS volumes to a specified instance Write
AssociateElasticIp Associates one of the stack's registered Elastic IP addresses with a specified instance Write
AttachElasticLoadBalancer Attaches an Elastic Load Balancing load balancer to a specified layer Write
CloneStack Creates a clone of a specified stack Write
CreateApp Creates an app for a specified stack Write
CreateDeployment Runs deployment or stack commands Write
CreateInstance Creates an instance in a specified stack Write
CreateLayer Creates a layer Write
CreateStack Creates a new stack Write
CreateUserProfile Creates a new user profile Write
DeleteApp Deletes a specified app Write
DeleteInstance Deletes a specified instance, which terminates the associated Amazon EC2 instance Write
DeleteLayer Deletes a specified layer Write
DeleteStack Deletes a specified stack Write
DeleteUserProfile Deletes a user profile Write
DeregisterEcsCluster Deletes a user profile Write
DeregisterElasticIp Deregisters a specified Elastic IP address Write
DeregisterInstance Deregister a registered Amazon EC2 or on-premises instance Write
DeregisterRdsDbInstance Deregisters an Amazon RDS instance Write
DeregisterVolume Deregisters an Amazon EBS volume Write
DescribeAgentVersions Describes the available AWS OpsWorks agent versions List
DescribeApps Requests a description of a specified set of apps List
DescribeCommands Describes the results of specified commands List
DescribeDeployments Requests a description of a specified set of deployments List
DescribeEcsClusters Describes Amazon ECS clusters that are registered with a stack List
DescribeElasticIps Describes Elastic IP addresses List
DescribeElasticLoadBalancers Describes a stack's Elastic Load Balancing instances List
DescribeInstances Requests a description of a set of instances List
DescribeLayers Requests a description of one or more layers in a specified stack List
DescribeLoadBasedAutoScaling Describes load-based auto scaling configurations for specified layers List
DescribeMyUserProfile Describes a user's SSH information List
DescribePermissions Describes the permissions for a specified stack List
DescribeRaidArrays Describe an instance's RAID arrays List
DescribeRdsDbInstances Describes Amazon RDS instances List
DescribeServiceErrors Describes AWS OpsWorks service errors List
DescribeStackProvisioningParameters Requests a description of a stack's provisioning parameters List
DescribeStackSummary Describes the number of layers and apps in a specified stack, and the number of instances in each state, such as running_setup or online List
DescribeStacks Requests a description of one or more stacks List
DescribeTimeBasedAutoScaling Describes time-based auto scaling configurations for specified instances List
DescribeUserProfiles Describe specified users List
DescribeVolumes Describes an instance's Amazon EBS volumes List
DetachElasticLoadBalancer Detaches a specified Elastic Load Balancing instance from its layer Write
DisassociateElasticIp Disassociates an Elastic IP address from its instance Write
GetHostnameSuggestion Gets a generated host name for the specified layer, based on the current host name theme Read
GrantAccess Grants RDP access to a Windows instance for a specified time period Write
ListTags Returns a list of tags that are applied to the specified stack or layer List
RebootInstance Reboots a specified instance Write
RegisterEcsCluster Registers a specified Amazon ECS cluster with a stack Write
RegisterElasticIp Registers an Elastic IP address with a specified stack Write
RegisterInstance Registers instances with a specified stack that were created outside of AWS OpsWorks Write
RegisterRdsDbInstance Registers an Amazon RDS instance with a stack Write
RegisterVolume Registers an Amazon EBS volume with a specified stack Write
SetLoadBasedAutoScaling Specify the load-based auto scaling configuration for a specified layer Write
SetPermission Specifies a user's permissions Permissions management
SetTimeBasedAutoScaling Specify the time-based auto scaling configuration for a specified instance Write
StartInstance Starts a specified instance Write
StartStack Starts a stack's instances Write
StopInstance Stops a specified instance Write
StopStack Stops a specified stack Write
TagResource Apply tags to a specified stack or layer Write
UnassignInstance Unassigns a registered instance from all of it's layers Write
UnassignVolume Unassigns an assigned Amazon EBS volume Write
UntagResource Removes tags from a specified stack or layer Write
UpdateApp Updates a specified app Write
UpdateElasticIp Updates a registered Elastic IP address's name Write
UpdateInstance Updates a specified instance Write
UpdateLayer Updates a specified layer Write
UpdateMyUserProfile Updates a user's SSH public key Write
UpdateRdsDbInstance Updates an Amazon RDS instance Write
UpdateStack Updates a specified stack Write
UpdateUserProfile Updates a specified user profile Permissions management
UpdateVolume Updates an Amazon EBS volume's name or mount point Write

Resources Defined by OpsWorks

OpsWorks has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for AWS OpsWorks

OpsWorks has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.