@cloud-copilot/iam-data
Version:
458 lines • 16.5 kB
JSON
{
"addmembertogroup": {
"name": "AddMemberToGroup",
"description": "Grants permission to add a member to a group in the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"completevirtualmfadeviceregistration": {
"name": "CompleteVirtualMfaDeviceRegistration",
"description": "Grants permission to complete the creation process of a virtual MFA device",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"completewebauthndeviceregistration": {
"name": "CompleteWebAuthnDeviceRegistration",
"description": "Grants permission to complete the registration process of a WebAuthn device",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"createalias": {
"name": "CreateAlias",
"description": "Grants permission to create an alias for the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"createbearertoken": {
"name": "CreateBearerToken",
"description": "Grants permission to create a bearer token for a given provisioning tenant",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"createexternalidpconfigurationfordirectory": {
"name": "CreateExternalIdPConfigurationForDirectory",
"description": "Grants permission to create an External Identity Provider configuration for the directory",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"creategroup": {
"name": "CreateGroup",
"description": "Grants permission to create a group in the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"createprovisioningtenant": {
"name": "CreateProvisioningTenant",
"description": "Grants permission to create a provisioning tenant for a given directory",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"createuser": {
"name": "CreateUser",
"description": "Grants permission to create a user in the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deletebearertoken": {
"name": "DeleteBearerToken",
"description": "Grants permission to delete a bearer token",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteexternalidpcertificate": {
"name": "DeleteExternalIdPCertificate",
"description": "Grants permission to delete the given external IdP certificate",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteexternalidpconfigurationfordirectory": {
"name": "DeleteExternalIdPConfigurationForDirectory",
"description": "Grants permission to delete an External Identity Provider configuration associated with the directory",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deletegroup": {
"name": "DeleteGroup",
"description": "Grants permission to delete a group from the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deletemfadeviceforuser": {
"name": "DeleteMfaDeviceForUser",
"description": "Grants permission to delete a MFA device by device name for a given user",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteprovisioningtenant": {
"name": "DeleteProvisioningTenant",
"description": "Grants permission to delete the provisioning tenant",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"deleteuser": {
"name": "DeleteUser",
"description": "Grants permission to delete a user from the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describedirectory": {
"name": "DescribeDirectory",
"description": "Grants permission to retrieve information about the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describegroup": {
"name": "DescribeGroup",
"description": "Grants permission to query the group data, not including user and group members",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describegroups": {
"name": "DescribeGroups",
"description": "Grants permission to retrieve information about groups from the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeprovisioningtenant": {
"name": "DescribeProvisioningTenant",
"description": "Grants permission to describes the provisioning tenant",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeuser": {
"name": "DescribeUser",
"description": "Grants permission to retrieve information about a user from the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeuserbyuniqueattribute": {
"name": "DescribeUserByUniqueAttribute",
"description": "Grants permission to describe user with a valid unique attribute represented for the user",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"describeusers": {
"name": "DescribeUsers",
"description": "Grants permission to retrieve information about user from the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"disableexternalidpconfigurationfordirectory": {
"name": "DisableExternalIdPConfigurationForDirectory",
"description": "Grants permission to disable authentication of end users with an External Identity Provider",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"disableuser": {
"name": "DisableUser",
"description": "Grants permission to deactivate a user in the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"enableexternalidpconfigurationfordirectory": {
"name": "EnableExternalIdPConfigurationForDirectory",
"description": "Grants permission to enable authentication of end users with an External Identity Provider",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"enableuser": {
"name": "EnableUser",
"description": "Grants permission to activate user in the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getawsspconfigurationfordirectory": {
"name": "GetAWSSPConfigurationForDirectory",
"description": "Grants permission to retrieve the AWS IAM Identity Center Service Provider configurations for the directory",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getgroupid": {
"name": "GetGroupId",
"description": "Grants permission to retrieve ID information about group from the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getuserid": {
"name": "GetUserId",
"description": "Grants permission to retrieve ID information about user from the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"getuserpoolinfo": {
"name": "GetUserPoolInfo",
"description": "(Deprecated) Grants permission to get UserPool Info",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"importexternalidpcertificate": {
"name": "ImportExternalIdPCertificate",
"description": "Grants permission to import the IdP certificate used for verifying external IdP responses",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"ismemberingroup": {
"name": "IsMemberInGroup",
"description": "Grants permission to check if a member is a part of the group in the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"ismemberingroups": {
"name": "IsMemberInGroups",
"description": "Grants permission to check if a member is a part of multiple groups in the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listbearertokens": {
"name": "ListBearerTokens",
"description": "Grants permission to list bearer tokens for a given provisioning tenant",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listexternalidpcertificates": {
"name": "ListExternalIdPCertificates",
"description": "Grants permission to list the external IdP certificates of a given directory and IdP",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listexternalidpconfigurationsfordirectory": {
"name": "ListExternalIdPConfigurationsForDirectory",
"description": "Grants permission to list all the External Identity Provider configurations created for the directory",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listgroups": {
"name": "ListGroups",
"description": "Grants permission to list groups from the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listgroupsformember": {
"name": "ListGroupsForMember",
"description": "Grants permission to list groups of the target member",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listgroupsforuser": {
"name": "ListGroupsForUser",
"description": "Grants permission to list groups for a user from the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listmembersingroup": {
"name": "ListMembersInGroup",
"description": "Grants permission to retrieve all members that are part of a group in the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listmfadevicesforuser": {
"name": "ListMfaDevicesForUser",
"description": "Grants permission to list all active MFA devices and their MFA device metadata for a user",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listprovisioningtenants": {
"name": "ListProvisioningTenants",
"description": "Grants permission to list provisioning tenants for a given directory",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"listusers": {
"name": "ListUsers",
"description": "Grants permission to list users from the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"removememberfromgroup": {
"name": "RemoveMemberFromGroup",
"description": "Grants permission to remove a member that is part of a group in the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"searchgroups": {
"name": "SearchGroups",
"description": "Grants permission to search for groups within the associated directory",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"searchusers": {
"name": "SearchUsers",
"description": "Grants permission to search for users within the associated directory",
"accessLevel": "Read",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"startvirtualmfadeviceregistration": {
"name": "StartVirtualMfaDeviceRegistration",
"description": "Grants permission to begin the creation process of virtual mfa device",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"startwebauthndeviceregistration": {
"name": "StartWebAuthnDeviceRegistration",
"description": "Grants permission to begin the registration process of a WebAuthn device",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"updateexternalidpconfigurationfordirectory": {
"name": "UpdateExternalIdPConfigurationForDirectory",
"description": "Grants permission to update an External Identity Provider configuration associated with the directory",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"updategroup": {
"name": "UpdateGroup",
"description": "Grants permission to update information about a group in the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"updategroupdisplayname": {
"name": "UpdateGroupDisplayName",
"description": "Grants permission to update group display name update group display name response",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"updatemfadeviceforuser": {
"name": "UpdateMfaDeviceForUser",
"description": "Grants permission to update MFA device information",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"updatepassword": {
"name": "UpdatePassword",
"description": "Grants permission to update a password by sending password reset link via email or generating one time password for a user in the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"updateuser": {
"name": "UpdateUser",
"description": "Grants permission to update user information in the directory that AWS IAM Identity Center provides by default",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"updateusername": {
"name": "UpdateUserName",
"description": "Grants permission to update user name update user name response",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"verifyemail": {
"name": "VerifyEmail",
"description": "Grants permission to verify an email address of an User",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
}
}