AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Data Pipeline

Data Pipeline (service prefix: datapipeline) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Data Pipeline

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
ActivatePipeline Validates the specified pipeline and starts processing pipeline tasks. If the pipeline does not pass validation, activation fails. Write

datapipeline:PipelineCreator

datapipeline:Tag

datapipeline:workerGroup

AddTags Adds or modifies tags for the specified pipeline. Tagging

datapipeline:PipelineCreator

datapipeline:Tag

CreatePipeline Creates a new, empty pipeline. Write

datapipeline:Tag

DeactivatePipeline Deactivates the specified running pipeline. Write

datapipeline:PipelineCreator

datapipeline:Tag

datapipeline:workerGroup

DeletePipeline Deletes a pipeline, its pipeline definition, and its run history. Write

datapipeline:PipelineCreator

datapipeline:Tag

DescribeObjects Gets the object definitions for a set of objects associated with the pipeline. Read

datapipeline:PipelineCreator

datapipeline:Tag

DescribePipelines Retrieves metadata about one or more pipelines. List

datapipeline:PipelineCreator

datapipeline:Tag

EvaluateExpression Task runners call EvaluateExpression to evaluate a string in the context of the specified object. Read

datapipeline:PipelineCreator

datapipeline:Tag

GetAccountLimits Description for GetAccountLimits List
GetPipelineDefinition Gets the definition of the specified pipeline. Read

datapipeline:PipelineCreator

datapipeline:Tag

datapipeline:workerGroup

ListPipelines Lists the pipeline identifiers for all active pipelines that you have permission to access. List
PollForTask Task runners call PollForTask to receive a task to perform from AWS Data Pipeline. Write

datapipeline:workerGroup

PutAccountLimits Description for PutAccountLimits Write
PutPipelineDefinition Adds tasks, schedules, and preconditions to the specified pipeline. Write

datapipeline:PipelineCreator

datapipeline:Tag

datapipeline:workerGroup

QueryObjects Queries the specified pipeline for the names of objects that match the specified set of conditions. Read

datapipeline:PipelineCreator

datapipeline:Tag

RemoveTags Removes existing tags from the specified pipeline. Tagging

datapipeline:PipelineCreator

datapipeline:Tag

ReportTaskProgress Task runners call ReportTaskProgress when assigned a task to acknowledge that it has the task. Write
ReportTaskRunnerHeartbeat Task runners call ReportTaskRunnerHeartbeat every 15 minutes to indicate that they are operational. Write
SetStatus Requests that the status of the specified physical or logical pipeline objects be updated in the specified pipeline. Write

datapipeline:PipelineCreator

datapipeline:Tag

SetTaskStatus Task runners call SetTaskStatus to notify AWS Data Pipeline that a task is completed and provide information about the final status. Write
ValidatePipelineDefinition Validates the specified pipeline definition to ensure that it is well formed and can be run without error. Read

datapipeline:PipelineCreator

datapipeline:Tag

datapipeline:workerGroup

Resources Defined by Data Pipeline

Data Pipeline has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for Data Pipeline

Data Pipeline defines the following condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see The Condition Keys Table.

To view the global condition keys that are available to all services, see Available Global Condition Keys in the IAM Policy Reference.

Condition Keys Description Type
datapipeline:PipelineCreator The IAM user that created the pipeline. ARN
datapipeline:Tag A customer-specified key/value pair that can be attached to a resource. ARN
datapipeline:workerGroup The name of a worker group for which a Task Runner retrieves work. ARN