Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

AWS Cloud Map API permissions reference

Focus mode
AWS Cloud Map API permissions reference - AWS Cloud Map

When you set up access control and write a permissions policy that you can attach to an IAM identity (identity-based policies), you can use the following list as a reference. The list includes each AWS Cloud Map API action and the actions that you must grant permissions access to. You specify the actions in the Action field for the policy. For details about the resource value you must specify in the Resource field or the IAM policy, see Actions, resources, and condition keys for AWS Cloud Map in the Service Authorization Reference.

You can use AWS Cloud Map–specific condition keys in your IAM policies for some operations. For more information, see Condition keys for AWS Cloud Map in the Service Authorization Reference.

To specify an action, use the servicediscovery prefix followed by the API action name, for example, servicediscovery:CreatePublicDnsNamespace and route53:CreateHostedZone.

Required permissions for AWS Cloud Map actions

CreateHttpNamespace

Required permissions (API action):

  • servicediscovery:CreateHttpNamespace

CreatePrivateDnsNamespace

Required permissions (API action):

  • servicediscovery:CreatePrivateDnsNamespace

  • route53:CreateHostedZone

  • route53:GetHostedZone

  • route53:ListHostedZonesByName

  • ec2:DescribeVpcs

  • ec2:DescribeRegions

CreatePublicDnsNamespace

Required permissions (API action):

  • servicediscovery:CreatePublicDnsNamespace

  • route53:CreateHostedZone

  • route53:GetHostedZone

  • route53:ListHostedZonesByName

CreateService

Required Permissions (API Action): servicediscovery:CreateService

DeleteNamespace

Required permissions (API action):

  • servicediscovery:DeleteNamespace

DeleteService

Required Permissions (API Action): servicediscovery:DeleteService

DeleteServiceAttributes

Required Permissions (API Action): servicediscovery:DeleteServiceAttributes

DeregisterInstance

Required permissions (API action):

  • servicediscovery:DeregisterInstance

  • route53:GetHealthCheck

  • route53:DeleteHealthCheck

  • route53:UpdateHealthCheck

DiscoverInstances

Required Permissions (API Action): servicediscovery:DiscoverInstances

GetInstance

Required Permissions (API Action): servicediscovery:GetInstance

GetInstancesHealthStatus

Required Permissions (API Action): servicediscovery:GetInstancesHealthStatus

GetNamespace

Required Permissions (API Action): servicediscovery:GetNamespace

GetOperation

Required Permissions (API Action): servicediscovery:GetOperation

GetService

Required Permissions (API Action): servicediscovery:GetService

GetServiceAttributes

Required Permissions (API Action): servicediscovery:GetServiceAttributes

ListInstances

Required Permissions (API Action): servicediscovery:ListInstances

ListNamespaces

Required Permissions (API Action): servicediscovery:ListNamespaces

ListOperations

Required Permissions (API Action): servicediscovery:ListOperations

ListServices

Required Permissions (API Action): servicediscovery:ListServices

ListTagsForResource

Required Permissions (API Action): servicediscovery:ListTagsForResource

RegisterInstance

Required permissions (API action):

  • servicediscovery:RegisterInstance

  • route53:GetHealthCheck

  • route53:CreateHealthCheck

  • route53:UpdateHealthCheck

  • ec2:DescribeInstances

TagResource

Required Permissions (API Action): servicediscovery:TagResource

UntagResource

Required Permissions (API Action): servicediscovery:UntagResource

UpdateHttpNamespace

Required Permissions (API Action): servicediscovery:UpdateHttpNamespace

UpdateInstanceCustomHealthStatus

Required Permissions (API Action): servicediscovery:UpdateInstanceCustomHealthStatus

UpdatePrivateDnsNamespace

Required permissions (API action):

  • servicediscovery:UpdatePrivateDnsNamespace

  • route53:ChangeResourceRecordSets

UpdatePublicDnsNamespace

Required permissions (API action):

  • servicediscovery:UpdatePublicDnsNamespace

  • route53:ChangeResourceRecordSets

UpdateService

Required permissions (API action):

  • servicediscovery:UpdateService

  • route53:GetHealthCheck

  • route53:CreateHealthCheck

  • route53:DeleteHealthCheck

  • route53:UpdateHealthCheck

UpdateServiceAttributes

Required Permissions (API Action): servicediscovery:UpdateServiceAttributes

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.