AWS Code Sample
Catalog

artifact-user-policy-grants-access-to-manage-and-download-agreements.json

This IAM identity-based permission policy demonstrates how to grant a user full access to manage agreements and download reports.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:Get", "artifact:AcceptAgreement", "artifact:DownloadAgreement", "artifact:TerminateAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/*", "arn:aws:artifact:::report-package/*" ] }, { "Effect": "Allow", "Action": "iam:ListRoles", "Resource": "arn:aws:iam::*:role/*" }, { "Effect": "Allow", "Action": "iam:CreateRole", "Resource": "arn:aws:iam::*:role/service-role/AWSArtifactAccountSync" }, { "Effect": "Allow", "Action": "iam:AttachRolePolicy", "Resource": "arn:aws:iam::*:role/service-role/AWSArtifactAccountSync", "Condition": { "ArnEquals": { "iam:PolicyARN": "arn:aws:iam::aws:policy/service-role/AWSArtifactAccountSync" } } }, { "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "organizations:EnableAWSServiceAccess", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", ], "Resource": "*" } ] }

Sample Details

Service: artifact

Author: AWS

Type: full-example

On this page: