Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon Rekognition

Amazon Rekognition (service prefix: rekognition) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Amazon Rekognition

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
CompareFaces Compares a face in source input image with each face detected in the target input image. Read
CreateCollection Creates a collection in an AWS region. You can then add faces to the collection using the IndexFaces API. Write

collection*

CreateStreamProcessor Creates an Amazon Rekognition stream processor that you can use to detect and recognize faces in a streaming video. Write

collection*

streamprocessor*

DeleteCollection Deletes the specified collection. Note that this operation removes all faces in the collection. Write

collection*

DeleteFaces Deletes faces from a collection. Write

collection*

DeleteStreamProcessor Deletes the stream processor identified by Name. Write

streamprocessor*

DescribeStreamProcessor Provides information about a stream processor created by CreateStreamProcessor. Read

streamprocessor*

DetectFaces Detects human faces within an image (JPEG or PNG) provided as input. Read
DetectLabels Detects instances of real-world labels within an image (JPEG or PNG) provided as input. Read
DetectModerationLabels Detects moderation labels within input image. Read
DetectText Detects text in the input image and converts it into machine-readable text. Read
GetCelebrityInfo Gets the name and additional information about a celebrity based on his or her Rekognition ID. Read
GetCelebrityRecognition Gets the celebrity recognition results for a Rekognition Video analysis started by StartCelebrityRecognition. Read
GetContentModeration Gets the content moderation analysis results for a Rekognition Video analysis started by StartContentModeration. Read
GetFaceDetection Gets face detection results for a Rekognition Video analysis started by StartFaceDetection. Read
GetFaceSearch Gets the face search results for Rekognition Video face search started by StartFaceSearch. Read
GetLabelDetection Gets the label detection results of a Rekognition Video analysis started by StartLabelDetection. Read
GetPersonTracking Gets information about people detected within a video. Read
IndexFaces Detects faces in the input image and adds them to the specified collection. Write

collection*

ListCollections Returns a list of collection IDs in your account. Read

collection*

ListFaces Returns metadata for faces in the specified collection. Read

collection*

ListStreamProcessors Gets a list of stream processors that you have created with CreateStreamProcessor. List

streamprocessor*

RecognizeCelebrities Returns an array of celebrities recognized in the input image. Read
SearchFaces For a given input face ID, searches the specified collection for matching faces. Read

collection*

SearchFacesByImage For a given input image, first detects the largest face in the image, and then searches the specified collection for matching faces. Read

collection*

StartCelebrityRecognition Starts asynchronous recognition of celebrities in a video. Write
StartContentModeration Starts asynchronous detection of explicit or suggestive adult content in a video. Write
StartFaceDetection Starts asynchronous detection of faces in a video. Write
StartFaceSearch Starts the asynchronous search for faces in a collection that match the faces of persons detected in a video. Write

collection*

StartLabelDetection Starts asynchronous detection of labels in a video. Write
StartPersonTracking Starts the asynchronous tracking of persons in a video. Write
StartStreamProcessor Starts processing a stream processor. Write

streamprocessor*

StopStreamProcessor Stops a running stream processor that was created by CreateStreamProcessor. Write

streamprocessor*

Resources Defined by Rekognition

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see The Resource Types Table.

Resource Types ARN Condition Keys
collection arn:${Partition}:rekognition:${Region}:${Account}:collection/${CollectionId}
streamprocessor arn:${Partition}:rekognition:${Region}:${Account}:streamprocessor/${StreamprocessorId}

Condition Keys for Amazon Rekognition

Rekognition has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.