Actions, resources, and condition keys for Amazon Personalize - Service Authorization Reference

Actions, resources, and condition keys for Amazon Personalize

Amazon Personalize (service prefix: personalize) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions defined by Amazon Personalize

You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.

The Resource types column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") to which the policy applies in the Resource element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (*). If you limit resource access with the Resource element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types.

The Condition keys column of the Actions table includes keys that you can specify in a policy statement's Condition element. For more information on the condition keys that are associated with resources for the service, see the Condition keys column of the Resource types table.

Note

Resource condition keys are listed in the Resource types table. You can find a link to the resource type that applies to an action in the Resource types (*required) column of the Actions table. The resource type in the Resource types table includes the Condition keys column, which are the resource condition keys that apply to an action in the Actions table.

For details about the columns in the following table, see Actions table.

Actions Description Access level Resource types (*required) Condition keys Dependent actions
CreateBatchInferenceJob Grants permission to create a batch inference job Write

batchInferenceJob*

CreateBatchSegmentJob Grants permission to create a batch segment job Write

batchSegmentJob*

CreateCampaign Grants permission to create a campaign Write

campaign*

CreateDataDeletionJob Grants permission to create a data deletion job Write

dataDeletionJob*

CreateDataInsightsJob Grants permission to create a data insights job Write

dataInsightsJob*

CreateDataset Grants permission to create a dataset Write

dataset*

CreateDatasetExportJob Grants permission to create a dataset export job Write

datasetExportJob*

CreateDatasetGroup Grants permission to create a dataset group Write

datasetGroup*

CreateDatasetImportJob Grants permission to create a dataset import job Write

datasetImportJob*

CreateEventTracker Grants permission to create an event tracker Write

eventTracker*

CreateFilter Grants permission to create a filter Write

filter*

CreateMetricAttribution Grants permission to create a metric attribution Write

metricAttribution*

CreateRecommender Grants permission to create a recommender Write

recommender*

CreateSchema Grants permission to create a schema Write

schema*

CreateSolution Grants permission to create a solution Write

solution*

CreateSolutionVersion Grants permission to create a solution version Write

solution*

DeleteCampaign Grants permission to delete a campaign Write

campaign*

DeleteDataset Grants permission to delete a dataset Write

dataset*

DeleteDatasetGroup Grants permission to delete a dataset group Write

datasetGroup*

DeleteEventTracker Grants permission to delete an event tracker Write

eventTracker*

DeleteFilter Grants permission to delete a filter Write

filter*

DeleteMetricAttribution Grants permission to delete a metric attribution Write

metricAttribution*

DeleteRecommender Grants permission to delete a recommender Write

recommender*

DeleteSchema Grants permission to delete a schema Write

schema*

DeleteSolution Grants permission to delete a solution including all versions of the solution Write

solution*

DescribeAlgorithm Grants permission to describe an algorithm Read

algorithm*

DescribeBatchInferenceJob Grants permission to describe a batch inference job Read

batchInferenceJob*

DescribeBatchSegmentJob Grants permission to describe a batch segment job Read

batchSegmentJob*

DescribeCampaign Grants permission to describe a campaign Read

campaign*

DescribeDataDeletionJob Grants permission to describe a data deletion job Read

dataDeletionJob*

DescribeDataInsightsJob Grants permission to describe a data insights job Read

dataInsightsJob*

DescribeDataset Grants permission to describe a dataset Read

dataset*

DescribeDatasetExportJob Grants permission to describe a dataset export job Read

datasetExportJob*

DescribeDatasetGroup Grants permission to describe a dataset group Read

datasetGroup*

DescribeDatasetImportJob Grants permission to describe a dataset import job Read

datasetImportJob*

DescribeEventTracker Grants permission to describe an event tracker Read

eventTracker*

DescribeFeatureTransformation Grants permission to describe a feature transformation Read

featureTransformation*

DescribeFilter Grants permission to describe a filter Read

filter*

DescribeMetricAttribution Grants permission to describe a metric attribution Read

metricAttribution*

DescribeRecipe Grants permission to describe a recipe Read

recipe*

DescribeRecommender Grants permission to describe a recommender Read

recommender*

DescribeSchema Grants permission to describe a schema Read

schema*

DescribeSolution Grants permission to describe a solution Read

solution*

DescribeSolutionVersion Grants permission to describe a version of a solution Read

solution*

GetActionRecommendations Grants permission to get a list of recommended actions Read

campaign*

GetDataInsights Grants permission to get data insights from a data insights job Read

dataInsightsJob*

GetPersonalizedRanking Grants permission to get a re-ranked list of recommendations Read

campaign*

GetRecommendations Grants permission to get a list of recommendations from a campaign Read

campaign*

GetSolutionMetrics Grants permission to get metrics for a solution version Read

solution*

ListBatchInferenceJobs Grants permission to list batch inference jobs List
ListBatchSegmentJobs Grants permission to list batch segment jobs List
ListCampaigns Grants permission to list campaigns List
ListDataDeletionJobs Grants permission to list data deletion jobs List
ListDataInsightsJobs Grants permission to list data insights jobs List
ListDatasetExportJobs Grants permission to list dataset export jobs List
ListDatasetGroups Grants permission to list dataset groups List
ListDatasetImportJobs Grants permission to list dataset import jobs List
ListDatasets Grants permission to list datasets List
ListEventTrackers Grants permission to list event trackers List
ListFilters Grants permission to list filters List
ListMetricAttributionMetrics Grants permission to list metric attribution metrics List
ListMetricAttributions Grants permission to list metric attributions List
ListRecipes Grants permission to list recipes List
ListRecommenders Grants permission to list recommenders List
ListSchemas Grants permission to list schemas List
ListSolutionVersions Grants permission to list versions of a solution List
ListSolutions Grants permission to list solutions List
ListTagsForResource Grants permission to list tags for a resource List
PutActionInteractions Grants permission to put real time action interaction data Write
PutActions Grants permission to ingest Actions data Write

dataset*

PutEvents Grants permission to put real time event data Write
PutItems Grants permission to ingest Items data Write

dataset*

PutUsers Grants permission to ingest Users data Write

dataset*

StartRecommender Grants permission to start a recommender Write

recommender*

StopRecommender Grants permission to stop a recommender Write

recommender*

StopSolutionVersionCreation Grants permission to stop a solution version creation Write

solution*

TagResource Grants permission to tag a resource Tagging
UntagResource Grants permission to untag a resource Tagging
UpdateCampaign Grants permission to update a campaign Write

campaign*

UpdateDataset Grants permission to update a dataset Write

dataset*

UpdateMetricAttribution Grants permission to update a metric attribution Write

metricAttribution*

UpdateRecommender Grants permission to update a recommender Write

recommender*

UpdateSolution Grants permission to update a solution Write

solution*

Resource types defined by Amazon Personalize

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the Resource types table. For details about the columns in the following table, see Resource types table.

Resource types ARN Condition keys
schema arn:${Partition}:personalize:${Region}:${Account}:schema/${ResourceId}
featureTransformation arn:${Partition}:personalize:${Region}:${Account}:feature-transformation/${ResourceId}
dataset arn:${Partition}:personalize:${Region}:${Account}:dataset/${ResourceId}
datasetGroup arn:${Partition}:personalize:${Region}:${Account}:dataset-group/${ResourceId}
datasetImportJob arn:${Partition}:personalize:${Region}:${Account}:dataset-import-job/${ResourceId}
dataInsightsJob arn:${Partition}:personalize:${Region}:${Account}:data-insights-job/${ResourceId}
datasetExportJob arn:${Partition}:personalize:${Region}:${Account}:dataset-export-job/${ResourceId}
dataDeletionJob arn:${Partition}:personalize:${Region}:${Account}:data-deletion-job/${ResourceId}
solution arn:${Partition}:personalize:${Region}:${Account}:solution/${ResourceId}
campaign arn:${Partition}:personalize:${Region}:${Account}:campaign/${ResourceId}
eventTracker arn:${Partition}:personalize:${Region}:${Account}:event-tracker/${ResourceId}
recipe arn:${Partition}:personalize:${Region}:${Account}:recipe/${ResourceId}
algorithm arn:${Partition}:personalize:${Region}:${Account}:algorithm/${ResourceId}
batchInferenceJob arn:${Partition}:personalize:${Region}:${Account}:batch-inference-job/${ResourceId}
filter arn:${Partition}:personalize:${Region}:${Account}:filter/${ResourceId}
recommender arn:${Partition}:personalize:${Region}:${Account}:recommender/${ResourceId}
batchSegmentJob arn:${Partition}:personalize:${Region}:${Account}:batch-segment-job/${ResourceId}
metricAttribution arn:${Partition}:personalize:${Region}:${Account}:metric-attribution/${ResourceId}

Condition keys for Amazon Personalize

Personalize has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available keys for conditions.