@cloud-copilot/iam-data
Version:
1,516 lines • 41.2 kB
JSON
{
"addcustomattributes": {
"name": "AddCustomAttributes",
"description": "Grants permission to add user attributes to the user pool schema",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminaddusertogroup": {
"name": "AdminAddUserToGroup",
"description": "Grants permission to add any user to any group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminconfirmsignup": {
"name": "AdminConfirmSignUp",
"description": "Grants permission to confirm any user's registration without a confirmation code",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"admincreateuser": {
"name": "AdminCreateUser",
"description": "Grants permission to create new users and send welcome messages via email or SMS",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"admindeleteuser": {
"name": "AdminDeleteUser",
"description": "Grants permission to delete any user",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"admindeleteuserattributes": {
"name": "AdminDeleteUserAttributes",
"description": "Grants permission to delete attributes from any user",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"admindisableproviderforuser": {
"name": "AdminDisableProviderForUser",
"description": "Grants permission to unlink any user pool user from a third-party identity provider (IdP) user",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"admindisableuser": {
"name": "AdminDisableUser",
"description": "Grants permission to deactivate any user",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminenableuser": {
"name": "AdminEnableUser",
"description": "Grants permission to activate any user",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminforgetdevice": {
"name": "AdminForgetDevice",
"description": "Grants permission to deregister any user's devices",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"admingetdevice": {
"name": "AdminGetDevice",
"description": "Grants permission to get information about any user's devices",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"admingetuser": {
"name": "AdminGetUser",
"description": "Grants permission to look up any user by user name",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"admininitiateauth": {
"name": "AdminInitiateAuth",
"description": "Grants permission to authenticate any user",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminlinkproviderforuser": {
"name": "AdminLinkProviderForUser",
"description": "Grants permission to link any user pool user to a third-party IdP user",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminlistdevices": {
"name": "AdminListDevices",
"description": "Grants permission to list any user's remembered devices",
"accessLevel": "List",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminlistgroupsforuser": {
"name": "AdminListGroupsForUser",
"description": "Grants permission to list the groups that any user belongs to",
"accessLevel": "List",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminlistuserauthevents": {
"name": "AdminListUserAuthEvents",
"description": "Grants permission to lists sign-in events for any user",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminremoveuserfromgroup": {
"name": "AdminRemoveUserFromGroup",
"description": "Grants permission to remove any user from any group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminresetuserpassword": {
"name": "AdminResetUserPassword",
"description": "Grants permission to reset any user's password",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminrespondtoauthchallenge": {
"name": "AdminRespondToAuthChallenge",
"description": "Grants permission to respond to an authentication challenge during the authentication of any user",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminsetusermfapreference": {
"name": "AdminSetUserMFAPreference",
"description": "Grants permission to set any user's preferred MFA method",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminsetuserpassword": {
"name": "AdminSetUserPassword",
"description": "Grants permission to set any user's password",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminsetusersettings": {
"name": "AdminSetUserSettings",
"description": "Grants permission to set user settings for any user",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminupdateautheventfeedback": {
"name": "AdminUpdateAuthEventFeedback",
"description": "Grants permission to update advanced security feedback for any user's authentication event",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminupdatedevicestatus": {
"name": "AdminUpdateDeviceStatus",
"description": "Grants permission to update the status of any user's remembered devices",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminupdateuserattributes": {
"name": "AdminUpdateUserAttributes",
"description": "Grants permission to updates any user's standard or custom attributes",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"adminuserglobalsignout": {
"name": "AdminUserGlobalSignOut",
"description": "Grants permission to sign out any user from all sessions",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"associatesoftwaretoken": {
"name": "AssociateSoftwareToken",
"description": "Grants permission to return a unique generated shared secret key code for the user",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"associatewebacl": {
"name": "AssociateWebACL",
"isPermissionOnly": true,
"description": "Grants permission to associate the user pool with an AWS WAF web ACL",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"changepassword": {
"name": "ChangePassword",
"description": "Grants permission to change the password for a specified user in a user pool",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"confirmdevice": {
"name": "ConfirmDevice",
"description": "Grants permission to confirm tracking of the device. This API call is the call that begins device tracking",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"confirmforgotpassword": {
"name": "ConfirmForgotPassword",
"description": "Grants permission to allow a user to enter a confirmation code to reset a forgotten password",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"confirmsignup": {
"name": "ConfirmSignUp",
"description": "Grants permission to confirm registration of a user and handles the existing alias from a previous user",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"creategroup": {
"name": "CreateGroup",
"description": "Grants permission to create new user pool groups",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createidentityprovider": {
"name": "CreateIdentityProvider",
"description": "Grants permission to add identity providers to user pools",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createmanagedloginbranding": {
"name": "CreateManagedLoginBranding",
"description": "Grants permission to create a branding settings for managed login and associate it with an app client",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createresourceserver": {
"name": "CreateResourceServer",
"description": "Grants permission to create and configure scopes for OAuth 2.0 resource servers",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createuserimportjob": {
"name": "CreateUserImportJob",
"description": "Grants permission to create user CSV import jobs",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createuserpool": {
"name": "CreateUserPool",
"description": "Grants permission to create and set password policy for user pools",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": []
},
"createuserpoolclient": {
"name": "CreateUserPoolClient",
"description": "Grants permission to create user pool app clients",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createuserpooldomain": {
"name": "CreateUserPoolDomain",
"description": "Grants permission to add user pool domains",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletegroup": {
"name": "DeleteGroup",
"description": "Grants permission to delete any empty user pool group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteidentityprovider": {
"name": "DeleteIdentityProvider",
"description": "Grants permission to delete any identity provider from user pools",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deletemanagedloginbranding": {
"name": "DeleteManagedLoginBranding",
"description": "Grants permission to delete the managed login branding style for any app client",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteresourceserver": {
"name": "DeleteResourceServer",
"description": "Grants permission to delete any OAuth 2.0 resource server from user pools",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteuser": {
"name": "DeleteUser",
"description": "Grants permission to allow a user to delete one's self",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteuserattributes": {
"name": "DeleteUserAttributes",
"description": "Grants permission to delete the attributes for a user",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteuserpool": {
"name": "DeleteUserPool",
"description": "Grants permission to delete user pools",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteuserpoolclient": {
"name": "DeleteUserPoolClient",
"description": "Grants permission to delete any user pool app client",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"deleteuserpooldomain": {
"name": "DeleteUserPoolDomain",
"description": "Grants permission to delete any user pool domain",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeidentityprovider": {
"name": "DescribeIdentityProvider",
"description": "Grants permission to describe any user pool identity provider",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describemanagedloginbranding": {
"name": "DescribeManagedLoginBranding",
"description": "Grants permission to get the detailed information about the branding style of managed login",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describemanagedloginbrandingbyclient": {
"name": "DescribeManagedLoginBrandingByClient",
"description": "Grants permission to get the detailed information about the branding style of managed login associated with an appclient",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeresourceserver": {
"name": "DescribeResourceServer",
"description": "Grants permission to describe any OAuth 2.0 resource server",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeriskconfiguration": {
"name": "DescribeRiskConfiguration",
"description": "Grants permission to describe the risk configuration settings of user pools and app clients",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeuserimportjob": {
"name": "DescribeUserImportJob",
"description": "Grants permission to describe any user import job",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeuserpool": {
"name": "DescribeUserPool",
"description": "Grants permission to describe user pools",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeuserpoolclient": {
"name": "DescribeUserPoolClient",
"description": "Grants permission to describe any user pool app client",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"describeuserpooldomain": {
"name": "DescribeUserPoolDomain",
"description": "Grants permission to describe any user pool domain",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"disassociatewebacl": {
"name": "DisassociateWebACL",
"isPermissionOnly": true,
"description": "Grants permission to disassociate the user pool with an AWS WAF web ACL",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"forgetdevice": {
"name": "ForgetDevice",
"description": "Grants permission to forget the specified device",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"forgotpassword": {
"name": "ForgotPassword",
"description": "Grants permission to send a message to the end user with a confirmation code that is required to change the user's password",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getcsvheader": {
"name": "GetCSVHeader",
"description": "Grants permission to generate headers for a user import .csv file",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getdevice": {
"name": "GetDevice",
"description": "Grants permission to get the device",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getgroup": {
"name": "GetGroup",
"description": "Grants permission to describe a user pool group",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getidentityproviderbyidentifier": {
"name": "GetIdentityProviderByIdentifier",
"description": "Grants permission to correlate a user pool IdP identifier to the IdP Name",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getlogdeliveryconfiguration": {
"name": "GetLogDeliveryConfiguration",
"description": "Grants permission to get the detailed activity logging configuration for a user pool",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getsigningcertificate": {
"name": "GetSigningCertificate",
"description": "Grants permission to look up signing certificates for user pools",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"gettokensfromrefreshtoken": {
"name": "GetTokensFromRefreshToken",
"description": "Grants permission to update user tokens with refresh tokens",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getuicustomization": {
"name": "GetUICustomization",
"description": "Grants permission to get UI customization information for the hosted UI of any app client",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getuser": {
"name": "GetUser",
"description": "Grants permission to get the user attributes and metadata for a user",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getuserattributeverificationcode": {
"name": "GetUserAttributeVerificationCode",
"description": "Grants permission to get the user attribute verification code for the specified attribute name",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getuserpoolmfaconfig": {
"name": "GetUserPoolMfaConfig",
"description": "Grants permission to look up the MFA configuration of user pools",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"getwebaclforresource": {
"name": "GetWebACLForResource",
"isPermissionOnly": true,
"description": "Grants permission to get the AWS WAF web ACL that is associated with an Amazon Cognito user pool",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"globalsignout": {
"name": "GlobalSignOut",
"description": "Grants permission to sign out users from all devices",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"initiateauth": {
"name": "InitiateAuth",
"description": "Grants permission to initiate the authentication flow",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listdevices": {
"name": "ListDevices",
"description": "Grants permission to list the devices",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listgroups": {
"name": "ListGroups",
"description": "Grants permission to list all groups in user pools",
"accessLevel": "List",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listidentityproviders": {
"name": "ListIdentityProviders",
"description": "Grants permission to list all identity providers in user pools",
"accessLevel": "List",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listresourceservers": {
"name": "ListResourceServers",
"description": "Grants permission to list all resource servers in user pools",
"accessLevel": "List",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listresourcesforwebacl": {
"name": "ListResourcesForWebACL",
"isPermissionOnly": true,
"description": "Grants permission to list the user pools that are associated with an AWS WAF web ACL",
"accessLevel": "List",
"resourceTypes": [
{
"name": "webacl",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listtagsforresource": {
"name": "ListTagsForResource",
"description": "Grants permission to list the tags that are assigned to an Amazon Cognito user pool",
"accessLevel": "List",
"resourceTypes": [
{
"name": "userpool",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listuserimportjobs": {
"name": "ListUserImportJobs",
"description": "Grants permission to list all user import jobs",
"accessLevel": "List",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listuserpoolclients": {
"name": "ListUserPoolClients",
"description": "Grants permission to list all app clients in user pools",
"accessLevel": "List",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listuserpools": {
"name": "ListUserPools",
"description": "Grants permission to list all user pools",
"accessLevel": "List",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listusers": {
"name": "ListUsers",
"description": "Grants permission to list all user pool users",
"accessLevel": "List",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"listusersingroup": {
"name": "ListUsersInGroup",
"description": "Grants permission to list the users in any group",
"accessLevel": "List",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"resendconfirmationcode": {
"name": "ResendConfirmationCode",
"description": "Grants permission to resend the confirmation (for confirmation of registration) to a specific user in the user pool",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"respondtoauthchallenge": {
"name": "RespondToAuthChallenge",
"description": "Grants permission to respond to the authentication challenge",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"revoketoken": {
"name": "RevokeToken",
"description": "Grants permission to revoke all of the access tokens generated by the specified refresh token",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"setlogdeliveryconfiguration": {
"name": "SetLogDeliveryConfiguration",
"description": "Grants permission to set up or modify the detailed activity logging configuration of a user pool",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"setriskconfiguration": {
"name": "SetRiskConfiguration",
"description": "Grants permission to set risk configuration for user pools and app clients",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"setuicustomization": {
"name": "SetUICustomization",
"description": "Grants permission to customize the hosted UI for any app client",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"setusermfapreference": {
"name": "SetUserMFAPreference",
"description": "Grants permission to set MFA preference for the user in the userpool",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"setuserpoolmfaconfig": {
"name": "SetUserPoolMfaConfig",
"description": "Grants permission to set user pool MFA configuration",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"setusersettings": {
"name": "SetUserSettings",
"description": "Grants permission to set the user settings like multi-factor authentication (MFA)",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"signup": {
"name": "SignUp",
"description": "Grants permission to register the user in the specified user pool and creates a user name, password, and user attributes",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"startuserimportjob": {
"name": "StartUserImportJob",
"description": "Grants permission to start any user import job",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"stopuserimportjob": {
"name": "StopUserImportJob",
"description": "Grants permission to stop any user import job",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"tagresource": {
"name": "TagResource",
"description": "Grants permission to tag a user pool",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "userpool",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"untagresource": {
"name": "UntagResource",
"description": "Grants permission to untag a user pool",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "userpool",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:TagKeys"
],
"dependentActions": []
},
"updateautheventfeedback": {
"name": "UpdateAuthEventFeedback",
"description": "Grants permission to update the feedback for the user authentication event",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"updatedevicestatus": {
"name": "UpdateDeviceStatus",
"description": "Grants permission to update the device status",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"updategroup": {
"name": "UpdateGroup",
"description": "Grants permission to update the configuration of any group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"updateidentityprovider": {
"name": "UpdateIdentityProvider",
"description": "Grants permission to update the configuration of any user pool IdP",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"updatemanagedloginbranding": {
"name": "UpdateManagedLoginBranding",
"description": "Grants permission to update the branding settings of a managed login",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"updateresourceserver": {
"name": "UpdateResourceServer",
"description": "Grants permission to update the configuration of any OAuth 2.0 resource server",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"updateuserattributes": {
"name": "UpdateUserAttributes",
"description": "Grants permission to allow a user to update a specific attribute (one at a time)",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"updateuserpool": {
"name": "UpdateUserPool",
"description": "Grants permission to updates the configuration of user pools",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"updateuserpoolclient": {
"name": "UpdateUserPoolClient",
"description": "Grants permission to update any user pool client",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"updateuserpooldomain": {
"name": "UpdateUserPoolDomain",
"description": "Grants permission to replace the certificate for any custom domain",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "userpool",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"verifysoftwaretoken": {
"name": "VerifySoftwareToken",
"description": "Grants permission to register a user's entered TOTP code and mark the user's software token MFA status as verified if successful",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"verifyuserattribute": {
"name": "VerifyUserAttribute",
"description": "Grants permission to verify a user attribute using a one time verification code",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
}
}