Actions, resources, and condition keys for Amazon Personalize - Service Authorization Reference

Actions, resources, and condition keys for Amazon Personalize

Amazon Personalize (service prefix: personalize) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions defined by Amazon Personalize

You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.

The Resource types column indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") in the Resource element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. Required resources are indicated in the table with an asterisk (*). If you specify a resource-level permission ARN in a statement using this action, then it must be of this type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one but not the other.

For details about the columns in the following table, see Actions table.

Actions Description Access level Resource types (*required) Condition keys Dependent actions
CreateBatchInferenceJob Grants permission to create a batch inference job Write

batchInferenceJob*

CreateBatchSegmentJob Grants permission to create a batch segment job Write

batchSegmentJob*

CreateCampaign Grants permission to create a campaign Write

campaign*

CreateDataset Grants permission to create a dataset Write

dataset*

CreateDatasetExportJob Grants permission to create a dataset export job Write

datasetExportJob*

CreateDatasetGroup Grants permission to create a dataset group Write

datasetGroup*

CreateDatasetImportJob Grants permission to create a dataset import job Write

datasetImportJob*

CreateEventTracker Grants permission to create an event tracker Write

eventTracker*

CreateFilter Grants permission to create a filter Write

filter*

CreateRecommender Grants permission to create a recommender Write

recommender*

CreateSchema Grants permission to create a schema Write

schema*

CreateSolution Grants permission to create a solution Write

solution*

CreateSolutionVersion Grants permission to create a solution version Write

solution*

DeleteCampaign Grants permission to delete a campaign Write

campaign*

DeleteDataset Grants permission to delete a dataset Write

dataset*

DeleteDatasetGroup Grants permission to delete a dataset group Write

datasetGroup*

DeleteEventTracker Grants permission to delete an event tracker Write

eventTracker*

DeleteFilter Grants permission to delete a filter Write

filter*

DeleteRecommender Grants permission to delete a recommender Write

recommender*

DeleteSchema Grants permission to delete a schema Write

schema*

DeleteSolution Grants permission to delete a solution including all versions of the solution Write

solution*

DescribeAlgorithm Grants permission to describe an algorithm Read

algorithm*

DescribeBatchInferenceJob Grants permission to describe a batch inference job Read

batchInferenceJob*

DescribeBatchSegmentJob Grants permission to describe a batch segment job Read

batchSegmentJob*

DescribeCampaign Grants permission to describe a campaign Read

campaign*

DescribeDataset Grants permission to describe a dataset Read

dataset*

DescribeDatasetExportJob Grants permission to describe a dataset export job Read

datasetExportJob*

DescribeDatasetGroup Grants permission to describe a dataset group Read

datasetGroup*

DescribeDatasetImportJob Grants permission to describe a dataset import job Read

datasetImportJob*

DescribeEventTracker Grants permission to describe an event tracker Read

eventTracker*

DescribeFeatureTransformation Grants permission to describe a feature transformation Read

featureTransformation*

DescribeFilter Grants permission to describe a filter Read

filter*

DescribeRecipe Grants permission to describe a recipe Read

recipe*

DescribeRecommender Grants permission to describe a recommender Read

recommender*

DescribeSchema Grants permission to describe a schema Read

schema*

DescribeSolution Grants permission to describe a solution Read

solution*

DescribeSolutionVersion Grants permission to describe a version of a solution Read

solution*

GetPersonalizedRanking Grants permission to get a re-ranked list of recommendations Read

campaign*

GetRecommendations Grants permission to get a list of recommendations from a campaign Read

campaign*

GetSolutionMetrics Grants permission to get metrics for a solution version Read

solution*

ListBatchInferenceJobs Grants permission to list batch inference jobs List
ListBatchSegmentJobs Grants permission to list batch segment jobs List
ListCampaigns Grants permission to list campaigns List
ListDatasetExportJobs Grants permission to list dataset export jobs List
ListDatasetGroups Grants permission to list dataset groups List
ListDatasetImportJobs Grants permission to list dataset import jobs List
ListDatasets Grants permission to list datasets List
ListEventTrackers Grants permission to list event trackers List
ListFilters Grants permission to list filters List
ListRecipes Grants permission to list recipes List
ListRecommenders Grants permission to list recommenders List
ListSchemas Grants permission to list schemas List
ListSolutionVersions Grants permission to list versions of a solution List
ListSolutions Grants permission to list solutions List
ListTagsForResource Grants permission to list tags for a resource List
PutEvents Grants permission to put real time event data Write

eventTracker*

PutItems Grants permission to ingest Items data Write

dataset*

PutUsers Grants permission to ingest Users data Write

dataset*

StartRecommender Grants permission to start a recommender Write

recommender*

StopRecommender Grants permission to stop a recommender Write

recommender*

StopSolutionVersionCreation Grants permission to stop a solution version creation Write

solution*

TagResource Grants permission to tag a resource Tagging
UntagResource Grants permission to untag a resource Tagging
UpdateCampaign Grants permission to update a campaign Write

campaign*

UpdateRecommender Grants permission to update a recommender Write

recommender*

Resource types defined by Amazon Personalize

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see Resource types table.

Resource types ARN Condition keys
schema arn:${Partition}:personalize:${Region}:${Account}:schema/${ResourceId}
featureTransformation arn:${Partition}:personalize:${Region}:${Account}:feature-transformation/${ResourceId}
dataset arn:${Partition}:personalize:${Region}:${Account}:dataset/${ResourceId}
datasetGroup arn:${Partition}:personalize:${Region}:${Account}:dataset-group/${ResourceId}
datasetImportJob arn:${Partition}:personalize:${Region}:${Account}:dataset-import-job/${ResourceId}
datasetExportJob arn:${Partition}:personalize:${Region}:${Account}:dataset-export-job/${ResourceId}
solution arn:${Partition}:personalize:${Region}:${Account}:solution/${ResourceId}
campaign arn:${Partition}:personalize:${Region}:${Account}:campaign/${ResourceId}
eventTracker arn:${Partition}:personalize:${Region}:${Account}:event-tracker/${ResourceId}
recipe arn:${Partition}:personalize:${Region}:${Account}:recipe/${ResourceId}
algorithm arn:${Partition}:personalize:${Region}:${Account}:algorithm/${ResourceId}
batchInferenceJob arn:${Partition}:personalize:${Region}:${Account}:batch-inference-job/${ResourceId}
filter arn:${Partition}:personalize:${Region}:${Account}:filter/${ResourceId}
recommender arn:${Partition}:personalize:${Region}:${Account}:recommender/${ResourceId}
batchSegmentJob arn:${Partition}:personalize:${Region}:${Account}:batch-segment-job/${ResourceId}

Condition keys for Amazon Personalize

Personalize has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available keys for conditions.