Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for AWS OpsWorks

AWS OpsWorks (service prefix: opsworks) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by AWS OpsWorks

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AssignInstance Assign a registered instance to a layer

Write

AssignVolume Assigns one of the stack's registered Amazon EBS volumes to a specified instance

Write

AssociateElasticIp Associates one of the stack's registered Elastic IP addresses with a specified instance

Write

AttachElasticLoadBalancer Attaches an Elastic Load Balancing load balancer to a specified layer

Write

CloneStack Creates a clone of a specified stack

Write

CreateApp Creates an app for a specified stack

Write

CreateDeployment Runs deployment or stack commands

Write

CreateInstance Creates an instance in a specified stack

Write

CreateLayer Creates a layer

Write

CreateStack Creates a new stack

Write

CreateUserProfile Creates a new user profile

Write

DeleteApp Deletes a specified app

Write

DeleteInstance Deletes a specified instance, which terminates the associated Amazon EC2 instance

Write

DeleteLayer Deletes a specified layer

Write

DeleteStack Deletes a specified stack

Write

DeleteUserProfile Deletes a user profile

Write

DeregisterEcsCluster Deletes a user profile

Write

DeregisterElasticIp Deregisters a specified Elastic IP address

Write

DeregisterInstance Deregister a registered Amazon EC2 or on-premises instance

Write

DeregisterRdsDbInstance Deregisters an Amazon RDS instance

Write

DeregisterVolume Deregisters an Amazon EBS volume

Write

DescribeAgentVersions Describes the available AWS OpsWorks agent versions

List

DescribeApps Requests a description of a specified set of apps

List

DescribeCommands Describes the results of specified commands

List

DescribeDeployments Requests a description of a specified set of deployments

List

DescribeEcsClusters Describes Amazon ECS clusters that are registered with a stack

List

DescribeElasticIps Describes Elastic IP addresses

List

DescribeElasticLoadBalancers Describes a stack's Elastic Load Balancing instances

List

DescribeInstances Requests a description of a set of instances

List

DescribeLayers Requests a description of one or more layers in a specified stack

List

DescribeLoadBasedAutoScaling Describes load-based auto scaling configurations for specified layers

List

DescribeMyUserProfile Describes a user's SSH information

List

DescribePermissions Describes the permissions for a specified stack

List

DescribeRaidArrays Describe an instance's RAID arrays

List

DescribeRdsDbInstances Describes Amazon RDS instances

List

DescribeServiceErrors Describes AWS OpsWorks service errors

List

DescribeStackProvisioningParameters Requests a description of a stack's provisioning parameters

List

DescribeStackSummary Describes the number of layers and apps in a specified stack, and the number of instances in each state, such as running_setup or online

List

DescribeStacks Requests a description of one or more stacks

List

DescribeTimeBasedAutoScaling Describes time-based auto scaling configurations for specified instances

List

DescribeUserProfiles Describe specified users

List

DescribeVolumes Describes an instance's Amazon EBS volumes

List

DetachElasticLoadBalancer Detaches a specified Elastic Load Balancing instance from its layer

Write

DisassociateElasticIp Disassociates an Elastic IP address from its instance

Write

GetHostnameSuggestion Gets a generated host name for the specified layer, based on the current host name theme

Read

GrantAccess Grants RDP access to a Windows instance for a specified time period

Write

ListTags Returns a list of tags that are applied to the specified stack or layer

List

RebootInstance Reboots a specified instance

Write

RegisterEcsCluster Registers a specified Amazon ECS cluster with a stack

Write

RegisterElasticIp Registers an Elastic IP address with a specified stack

Write

RegisterInstance Registers instances with a specified stack that were created outside of AWS OpsWorks

Write

RegisterRdsDbInstance Registers an Amazon RDS instance with a stack

Write

RegisterVolume Registers an Amazon EBS volume with a specified stack

Write

SetLoadBasedAutoScaling Specify the load-based auto scaling configuration for a specified layer

Write

SetPermission Specifies a user's permissions

Permissions management

SetTimeBasedAutoScaling Specify the time-based auto scaling configuration for a specified instance

Write

StartInstance Starts a specified instance

Write

StartStack Starts a stack's instances

Write

StopInstance Stops a specified instance

Write

StopStack Stops a specified stack

Write

TagResource Apply tags to a specified stack or layer

Write

UnassignInstance Unassigns a registered instance from all of it's layers

Write

UnassignVolume Unassigns an assigned Amazon EBS volume

Write

UntagResource Removes tags from a specified stack or layer

Write

UpdateApp Updates a specified app

Write

UpdateElasticIp Updates a registered Elastic IP address's name

Write

UpdateInstance Updates a specified instance

Write

UpdateLayer Updates a specified layer

Write

UpdateMyUserProfile Updates a user's SSH public key

Write

UpdateRdsDbInstance Updates an Amazon RDS instance

Write

UpdateStack Updates a specified stack

Write

UpdateUserProfile Updates a specified user profile

Permissions management

UpdateVolume Updates an Amazon EBS volume's name or mount point

Write

Resources Defined by OpsWorks

OpsWorks has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for AWS OpsWorks

OpsWorks has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.