Amazon Cloud Directory
Developer Guide

Amazon Cloud Directory API Permissions: Actions, Resources, and Conditions Reference

When you are setting up Access Control and writing permissions policies that you can attach to an IAM identity (identity-based policies), you can use the following table as a reference. The table lists each Amazon Cloud Directory API operation, the corresponding actions for which you can grant permissions to perform the action, the AWS resource for which you can grant the permissions. You specify the actions in the policy's Action field and the resource value in the policy's Resource field.

You can use AWS-wide condition keys in your Amazon Cloud Directory policies to express conditions. For a complete list of AWS-wide keys, see Available Global Condition Keys in the IAM User Guide.

Note

To specify an action, use the clouddirectory: prefix followed by the API operation name (for example, clouddirectory:CreateDirectory).

Amazon Cloud Directory API and Required Permissions for Actions

Amazon Cloud Directory API Operations Required Permissions (API Actions) Resources
AddFacetToObject

clouddirectory:AddFacetToObject

*
ApplySchema clouddirectory:ApplySchema *
AttachObject clouddirectory:AttachObject *

AttachPolicy

clouddirectory:AttachPolicy

*

AttachToIndex

clouddirectory:AttachToIndex

*

AttachTypedLink

clouddirectory:AttachTypedLink

*

BatchRead

clouddirectory:BatchRead

*

BatchWrite

clouddirectory:BatchWrite

*

CreateDirectory

clouddirectory:CreateDirectory

*

CreateFacet

clouddirectory:CreateFacet

*

CreateIndex

clouddirectory:CreateIndex

*

CreateObject

clouddirectory:CreateObject

*

CreateSchema

clouddirectory:CreateSchema

*

CreateTypedLinkFacet

clouddirectory:CreateTypedLinkFacet

*

DeleteDirectory

clouddirectory:DeleteDirectory

*

DeleteFacet

clouddirectory:DeleteFacet

*

DeleteObject

clouddirectory:DeleteObject

*

DeleteSchema

clouddirectory:DeleteSchema

*

DeleteTypedLinkFacet

clouddirectory:DeleteTypedLinkFacet

*

DetachFromIndex

clouddirectory:DetachFromIndex

*

DetachObject

clouddirectory:DetachObject

*

DetachPolicy

clouddirectory:DetachPolicy

*

DetachedTypedLink

clouddirectory:DetachTypedLink

*

DisableDirectory

clouddirectory:DisableDirectory

*

EnableDirectory

clouddirectory:EnableDirectory

*

GetAppliedSchemaVersion

clouddirectory:GetAppliedSchemaVersion

*

GetDirectory

clouddirectory:GetDirectory

*

GetFacet

clouddirectory:GetFacet

*

GetObjectAttributes

clouddirectory:GetObjectAttributes

*

GetObjectInformation

clouddirectory:GetObjectInformation

*

GetSchemaAsJson

clouddirectory:GetSchemaAsJson

*

GetTypedLinkFacetInformation

clouddirectory:GetTypedLinkFacetInformation

*

ListAppliedSchemaArns

clouddirectory:ListAppliedSchemaArns

*

ListAttachedIndices

clouddirectory:ListAttachedIndices

*

ListDevelopmentSchemaArns

clouddirectory:ListDevelopmentSchemaArns

*

ListDirectories

clouddirectory:ListDirectories

*

ListFacetAttributes

clouddirectory:ListFacetAttributes

*

ListFacetNames

clouddirectory:ListFacetNames

*

ListIncomingTypedLinks

clouddirectory:ListIncomingTypedLinks

*

ListIndex

clouddirectory:ListIndex

*

ListObjectAttributes

clouddirectory:ListObjectAttributes

*

ListObjectChildren

clouddirectory:ListObjectChildren

*

ListObjectParentPaths

clouddirectory:ListObjectParentPaths

*

ListObjectParents

clouddirectory:ListObjectParents

*

ListObjectPolicies

clouddirectory:ListObjectPolicies

*

ListOutgoingTypedLinks

clouddirectory:ListOutgoingTypedLinks

*

ListPolicyAttachments

clouddirectory:ListPolicyAttachments

*

ListPublishedSchemaArns

clouddirectory:ListPublishedSchemaArns

*

ListTagsForResource

clouddirectory:ListTagsForResource

*

ListTypedLinkFacetAttributes

clouddirectory:ListTypedLinkFacetAttributes

*

ListTypedLinkFacetNames

clouddirectory:ListTypedLinkFacetNames

*

LookupPolicy

clouddirectory:LookupPolicy

*

PublishSchema

clouddirectory:PublishSchema

*

PutSchemaFromJson

clouddirectory:PutSchemaFromJson

*

RemoveFacetFromObject

clouddirectory:RemoveFacetFromObject

*

TagResource

clouddirectory:TagResource

*

UntagResource

clouddirectory:UntagResource

*

UpdateFacet

clouddirectory:UpdateFacet

*

UpdateObjectAttributes

clouddirectory:UpdateObjectAttributes

*

UpdateSchema

clouddirectory:UpdateSchema

*

UpdateTypedLinkFacet

clouddirectory:UpdateTypedLinkFacet

*

UpgradeAppliedSchema

clouddirectory:UpgradeAppliedSchema

*

UpgradePublishedSchema

clouddirectory:UpgradePublishedSchema

*