Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Elastic Load Balancing V2

Elastic Load Balancing V2 (service prefix: elasticloadbalancing) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Elastic Load Balancing V2

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AddListenerCertificates Adds the specified certificates to the specified secure listener. Write

listener*

AddTags Adds the specified tags to the specified load balancer. Each load balancer can have a maximum of 10 tags. Tagging

loadbalancer/app/

loadbalancer/net/

targetgroup

CreateListener Creates a listener for the specified Application Load Balancer. Write

loadbalancer/app/

loadbalancer/net/

CreateLoadBalancer Creates a load balancer. Write

loadbalancer/app/

loadbalancer/net/

CreateRule Creates a rule for the specified listener. Write

listener*

CreateTargetGroup Creates a target group. Write

targetgroup*

DeleteListener Deletes the specified listener. Write

listener*

DeleteLoadBalancer Deletes the specified load balancer. Write

loadbalancer/app/

loadbalancer/net/

DeleteRule Deletes the specified rule. Write

listener-rule*

DeleteTargetGroup Deletes the specified target group. Write

targetgroup*

DeregisterTargets Deregisters the specified targets from the specified target group. Write

targetgroup*

DescribeAccountLimits Describes the Elastic Load Balancing resource limits for the AWS account. Read
DescribeListenerCertificates Describes the certificates for the specified secure listener. Read
DescribeListeners Describes the specified listeners or the listeners for the specified Application Load Balancer. Read
DescribeLoadBalancerAttributes Describes the attributes for the specified load balancer. Read
DescribeLoadBalancers Describes the specified the load balancers. If no load balancers are specified, the call describes all of your load balancers. Read
DescribeRules Describes the specified rules or the rules for the specified listener. Read
DescribeSSLPolicies Describes the specified policies or all policies used for SSL negotiation. Read
DescribeTags Describes the tags associated with the specified load balancers. Read
DescribeTargetGroupAttributes Describes the attributes for the specified target group. Read
DescribeTargetGroups Describes the specified target groups or all of your target groups. Read
DescribeTargetHealth Describes the health of the specified targets or all of your targets. Read
ModifyListener Modifies the specified properties of the specified listener. Write

listener*

ModifyLoadBalancerAttributes Modifies the attributes of the specified load balancer. Write

loadbalancer/app/

loadbalancer/net/

ModifyRule Modifies the specified rule. Write

listener-rule*

ModifyTargetGroup Modifies the health checks used when evaluating the health state of the targets in the specified target group. Write

targetgroup*

ModifyTargetGroupAttributes Modifies the specified attributes of the specified target group. Write

targetgroup*

RegisterTargets Registers the specified targets with the specified target group. Write

targetgroup*

RemoveListenerCertificates Removes the specified certificates of the specified secure listener. Write

listener*

RemoveTags Removes one or more tags from the specified load balancer. Tagging

loadbalancer/app/

loadbalancer/net/

targetgroup

SetIpAddressType Not found Write

loadbalancer/app/

loadbalancer/net/

SetRulePriorities Sets the priorities of the specified rules. Write

listener-rule*

SetSecurityGroups Associates the specified security groups with the specified load balancer. Write

loadbalancer/app/

loadbalancer/net/

SetSubnets Enables the Availability Zone for the specified subnets for the specified load balancer. Write

loadbalancer/app/

loadbalancer/net/

SetWebAcl [permission only] Gives WebAcl permission to WAF Write

Resources Defined by ELB v2

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see The Resource Types Table.

Resource Types ARN Condition Keys
listener arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}
listener-rule arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/app/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}
loadbalancer/app/ arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/app/${LoadBalancerName}/${LoadBalancerId}

aws:RequestTag/tag-key

aws:TagKeys

elasticloadbalancing:ResourceTag/tag-key

loadbalancer/net/ arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/net/${LoadBalancerName}/${LoadBalancerId}

aws:RequestTag/tag-key

aws:TagKeys

elasticloadbalancing:ResourceTag/tag-key

targetgroup arn:${Partition}:elasticloadbalancing:${Region}:${Account}:targetgroup/${TargetGroupName}/${TargetGroupId}

aws:RequestTag/tag-key

aws:TagKeys

elasticloadbalancing:ResourceTag/tag-key

Condition Keys for Elastic Load Balancing V2

Elastic Load Balancing V2 defines the following condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see The Condition Keys Table.

To view the global condition keys that are available to all services, see Available Global Condition Keys in the IAM Policy Reference.

Condition Keys Description Type
aws:RequestTag/tag-key A key that is present in the request the user makes to the ELB service. String
aws:TagKeys The list of all the tag key names associated with the resource in the request. String
elasticloadbalancing:ResourceTag/ The preface string for a tag key and value pair attached to a resource. String
elasticloadbalancing:ResourceTag/tag-key A tag key and value pair. String