Actions, resources, and condition keys for Amazon Connect Wisdom

Amazon Connect Wisdom (service prefix: wisdom) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Learn how to configure this service.
View a list of the API operations available for this service.
Learn how to secure this service and its resources by using IAM permission policies.

Topics

Actions defined by Amazon Connect Wisdom
Resource types defined by Amazon Connect Wisdom
Condition keys for Amazon Connect Wisdom

Actions defined by Amazon Connect Wisdom

You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.

The Resource types column indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") in the Resource element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. Required resources are indicated in the table with an asterisk (*). If you specify a resource-level permission ARN in a statement using this action, then it must be of this type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one but not the other.

For details about the columns in the following table, see Actions table.

Actions	Description	Access level	Resource types (*required)	Condition keys
CreateAssistant	Grants permission to create an assistant	Write		aws:TagKeys aws:RequestTag/${TagKey}
CreateAssistantAssociation	Grants permission to create an association between an assistant and another resource	Write	Assistant*
CreateAssistantAssociation		Write		aws:TagKeys aws:RequestTag/${TagKey}
CreateContent	Grants permission to create content	Write	KnowledgeBase*
CreateContent	Grants permission to create content	Write		aws:TagKeys aws:RequestTag/${TagKey}
CreateKnowledgeBase	Grants permission to create a knowledge base	Write		aws:TagKeys aws:RequestTag/${TagKey}
CreateSession	Grants permission to create a session	Write	Assistant*
CreateSession	Grants permission to create a session	Write		aws:TagKeys aws:RequestTag/${TagKey}
DeleteAssistant	Grants permission to delete an assistant	Write	Assistant*
DeleteAssistantAssociation	Grants permission to delete an assistant association	Write	Assistant*
DeleteAssistantAssociation	Grants permission to delete an assistant association	Write	AssistantAssociation*
DeleteContent	Grants permission to delete content	Write	Content*
DeleteContent	Grants permission to delete content	Write	KnowledgeBase*
DeleteKnowledgeBase	Grants permission to delete a knowledge base	Write	KnowledgeBase*
GetAssistant	Grants permission to retrieve information about an assistant	Read	Assistant*
GetAssistantAssociation	Grants permission to retrieve information about an assistant association	Read	Assistant*
GetAssistantAssociation		Read	AssistantAssociation*
GetContent	Grants permission to retrieve content, including a pre-signed URL to download the content	Read	Content*
GetContent		Read	KnowledgeBase*
GetContentSummary	Grants permission to retrieve summary information about the content	Read	Content*
GetContentSummary		Read	KnowledgeBase*
GetKnowledgeBase	Grants permission to retrieve information about the knowledge base	Read	KnowledgeBase*
GetRecommendations	Grants permission to retrieve recommendations for the specified session	Read	Assistant*
GetSession	Grants permission to retrieve information for a specified session	Read	Assistant*
GetSession		Read	Session*
ListAssistantAssociations	Grants permission to list information about assistant associations	List	Assistant*
ListAssistants	Grants permission to list information about assistants	List
ListContents	Grants permission to list the content with a knowledge base	List	KnowledgeBase*
ListKnowledgeBases	Grants permission to list information about knowledge bases	List
ListTagsForResource	Grants permission to list the tags for the specified resource	Read
NotifyRecommendationsReceived	Grants permission to remove the specified recommendations from the specified assistant's queue of newly available recommendations	Write	Assistant*
QueryAssistant	Grants permission to perform a manual search against the specified assistant	Read	Assistant*
RemoveKnowledgeBaseTemplateUri	Grants permission to remove a URI template from a knowledge base	Write	KnowledgeBase*
SearchContent	Grants permission to search for content referencing a specified knowledge base. Can be used to get a specific content resource by its name	Read	KnowledgeBase*
SearchSessions	Grants permission to search for sessions referencing a specified assistant. Can be used to et a specific session resource by its name	Read	Assistant*
StartContentUpload	Grants permission to get a URL to upload content to a knowledge base	Write	KnowledgeBase*
TagResource	Grants permission to add the specified tags to the specified resource	Tagging		aws:TagKeys aws:RequestTag/${TagKey}
UntagResource	Grants permission to remove the specified tags from the specified resource	Tagging		aws:TagKeys
UpdateContent	Grants permission to update information about the content	Write	Content*
UpdateContent	Grants permission to update information about the content	Write	KnowledgeBase*
UpdateKnowledgeBaseTemplateUri	Grants permission to update the template URI of a knowledge base	Write	KnowledgeBase*

Resource types defined by Amazon Connect Wisdom

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see Resource types table.

Resource types	ARN	Condition keys
Assistant	`arn:${Partition}:wisdom:${Region}:${Account}:assistant/${AssistantId}`	aws:ResourceTag/${TagKey}
AssistantAssociation	`arn:${Partition}:wisdom:${Region}:${Account}:association/${AssistantId}/${AssistantAssociationId}`	aws:ResourceTag/${TagKey}
Content	`arn:${Partition}:wisdom:${Region}:${Account}:content/${KnowledgeBaseId}/${ContentId}`	aws:ResourceTag/${TagKey}
KnowledgeBase	`arn:${Partition}:wisdom:${Region}:${Account}:knowledge-base/${KnowledgeBaseId}`	aws:ResourceTag/${TagKey}
Session	`arn:${Partition}:wisdom:${Region}:${Account}:session/${AssistantId}/${SessionId}`	aws:ResourceTag/${TagKey}

Condition keys for Amazon Connect Wisdom

Amazon Connect Wisdom defines the following condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see Condition keys table.

To view the global condition keys that are available to all services, see Available global condition keys.

Condition keys	Description	Type
aws:RequestTag/${TagKey}	Filters actions based on the tags that are passed in the request	String
aws:ResourceTag/${TagKey}	Filters actions based on the tags associated with the resource	String
aws:TagKeys	Filters actions based on the tag keys that are passed in the request	String

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Amazon Connect Voice ID

AWS Connector Service