aws-iam-policy-types
Version:
Autogenerated Typescript types for AWS IAM Policy and enums for all policy actions
1,162 lines (1,161 loc) • 47.8 kB
TypeScript
/**
* All IAM policy actions for AWS Identity and Access Management (IAM) (IAM)
*
* Extracted by `aws-iam-policy` from
* https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentityandaccessmanagementiam.html
*
* 2025-02-24T21:48:15.516Z
*/
export declare enum AwsIamActions {
/**
* Grants permission to add a new client ID (audience) to the list of registered I
* Ds for the specified IAM OpenID Connect (OIDC) provider resource
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddClientIDToOpenIDConnectProvider.html
*/
AddClientIDToOpenIDConnectProvider = "iam:AddClientIDToOpenIDConnectProvider",
/**
* Grants permission to add an IAM role to the specified instance profile
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddRoleToInstanceProfile.html
*/
AddRoleToInstanceProfile = "iam:AddRoleToInstanceProfile",
/**
* Grants permission to add an IAM user to the specified IAM group
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddUserToGroup.html
*/
AddUserToGroup = "iam:AddUserToGroup",
/**
* Grants permission to attach a managed policy to the specified IAM group
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html
*/
AttachGroupPolicy = "iam:AttachGroupPolicy",
/**
* Grants permission to attach a managed policy to the specified IAM role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html
*/
AttachRolePolicy = "iam:AttachRolePolicy",
/**
* Grants permission to attach a managed policy to the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html
*/
AttachUserPolicy = "iam:AttachUserPolicy",
/**
* Grants permission to an IAM user to change their own password
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html
*/
ChangePassword = "iam:ChangePassword",
/**
* Grants permission to create access key and secret access key for the specified
* IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html
*/
CreateAccessKey = "iam:CreateAccessKey",
/**
* Grants permission to create an alias for your AWS account
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccountAlias.html
*/
CreateAccountAlias = "iam:CreateAccountAlias",
/**
* Grants permission to create a new group
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateGroup.html
*/
CreateGroup = "iam:CreateGroup",
/**
* Grants permission to create a new instance profile
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateInstanceProfile.html
*/
CreateInstanceProfile = "iam:CreateInstanceProfile",
/**
* Grants permission to create a password for the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateLoginProfile.html
*/
CreateLoginProfile = "iam:CreateLoginProfile",
/**
* Grants permission to create an IAM resource that describes an identity provider
* (IdP) that supports OpenID Connect (OIDC)
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html
*/
CreateOpenIDConnectProvider = "iam:CreateOpenIDConnectProvider",
/**
* Grants permission to create a new managed policy
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
*/
CreatePolicy = "iam:CreatePolicy",
/**
* Grants permission to create a new version of the specified managed policy
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicyVersion.html
*/
CreatePolicyVersion = "iam:CreatePolicyVersion",
/**
* Grants permission to create a new role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
*/
CreateRole = "iam:CreateRole",
/**
* Grants permission to create an IAM resource that describes an identity provider
* (IdP) that supports SAML 2.0
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateSAMLProvider.html
*/
CreateSAMLProvider = "iam:CreateSAMLProvider",
/**
* Grants permission to create an IAM role that allows an AWS service to perform a
* ctions on your behalf
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceLinkedRole.html
*/
CreateServiceLinkedRole = "iam:CreateServiceLinkedRole",
/**
* Grants permission to create a new service-specific credential for an IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceSpecificCredential.html
*/
CreateServiceSpecificCredential = "iam:CreateServiceSpecificCredential",
/**
* Grants permission to create a new IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateUser.html
*/
CreateUser = "iam:CreateUser",
/**
* Grants permission to create a new virtual MFA device
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateVirtualMFADevice.html
*/
CreateVirtualMFADevice = "iam:CreateVirtualMFADevice",
/**
* Grants permission to deactivate the specified MFA device and remove its associa
* tion with the IAM user for which it was originally enabled
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html
*/
DeactivateMFADevice = "iam:DeactivateMFADevice",
/**
* Grants permission to delete the access key pair that is associated with the spe
* cified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html
*/
DeleteAccessKey = "iam:DeleteAccessKey",
/**
* Grants permission to delete the specified AWS account alias
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountAlias.html
*/
DeleteAccountAlias = "iam:DeleteAccountAlias",
/**
* Grants permission to delete the password policy for the AWS account
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountPasswordPolicy.html
*/
DeleteAccountPasswordPolicy = "iam:DeleteAccountPasswordPolicy",
/**
* Grants permission to delete an existing CloudFront public key
*
* See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
*/
DeleteCloudFrontPublicKey = "iam:DeleteCloudFrontPublicKey",
/**
* Grants permission to delete the specified IAM group
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroup.html
*/
DeleteGroup = "iam:DeleteGroup",
/**
* Grants permission to delete the specified inline policy from its group
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroupPolicy.html
*/
DeleteGroupPolicy = "iam:DeleteGroupPolicy",
/**
* Grants permission to delete the specified instance profile
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteInstanceProfile.html
*/
DeleteInstanceProfile = "iam:DeleteInstanceProfile",
/**
* Grants permission to delete the password for the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteLoginProfile.html
*/
DeleteLoginProfile = "iam:DeleteLoginProfile",
/**
* Grants permission to delete an OpenID Connect identity provider (IdP) resource
* object in IAM
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteOpenIDConnectProvider.html
*/
DeleteOpenIDConnectProvider = "iam:DeleteOpenIDConnectProvider",
/**
* Grants permission to delete the specified managed policy and remove it from any
* IAM entities (users, groups, or roles) to which it is attached
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html
*/
DeletePolicy = "iam:DeletePolicy",
/**
* Grants permission to delete a version from the specified managed policy
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html
*/
DeletePolicyVersion = "iam:DeletePolicyVersion",
/**
* Grants permission to delete the specified role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRole.html
*/
DeleteRole = "iam:DeleteRole",
/**
* Grants permission to remove the permissions boundary from a role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePermissionsBoundary.html
*/
DeleteRolePermissionsBoundary = "iam:DeleteRolePermissionsBoundary",
/**
* Grants permission to delete the specified inline policy from the specified role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html
*/
DeleteRolePolicy = "iam:DeleteRolePolicy",
/**
* Grants permission to delete a SAML provider resource in IAM
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSAMLProvider.html
*/
DeleteSAMLProvider = "iam:DeleteSAMLProvider",
/**
* Grants permission to delete the specified SSH public key
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSSHPublicKey.html
*/
DeleteSSHPublicKey = "iam:DeleteSSHPublicKey",
/**
* Grants permission to delete the specified server certificate
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServerCertificate.html
*/
DeleteServerCertificate = "iam:DeleteServerCertificate",
/**
* Grants permission to delete an IAM role that is linked to a specific AWS servic
* e, if the service is no longer using it
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceLinkedRole.html
*/
DeleteServiceLinkedRole = "iam:DeleteServiceLinkedRole",
/**
* Grants permission to delete the specified service-specific credential for an IA
* M user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceSpecificCredential.html
*/
DeleteServiceSpecificCredential = "iam:DeleteServiceSpecificCredential",
/**
* Grants permission to delete a signing certificate that is associated with the s
* pecified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSigningCertificate.html
*/
DeleteSigningCertificate = "iam:DeleteSigningCertificate",
/**
* Grants permission to delete the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUser.html
*/
DeleteUser = "iam:DeleteUser",
/**
* Grants permission to remove the permissions boundary from the specified IAM use
* r
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPermissionsBoundary.html
*/
DeleteUserPermissionsBoundary = "iam:DeleteUserPermissionsBoundary",
/**
* Grants permission to delete the specified inline policy from an IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html
*/
DeleteUserPolicy = "iam:DeleteUserPolicy",
/**
* Grants permission to delete a virtual MFA device
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteVirtualMFADevice.html
*/
DeleteVirtualMFADevice = "iam:DeleteVirtualMFADevice",
/**
* Grants permission to detach a managed policy from the specified IAM group
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html
*/
DetachGroupPolicy = "iam:DetachGroupPolicy",
/**
* Grants permission to detach a managed policy from the specified role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html
*/
DetachRolePolicy = "iam:DetachRolePolicy",
/**
* Grants permission to detach a managed policy from the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html
*/
DetachUserPolicy = "iam:DetachUserPolicy",
/**
* Grants permission to disable the management of member account root user credent
* ials for an organization managed under the current account
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DisableOrganizationsRootCredentialsManagement.html
*/
DisableOrganizationsRootCredentialsManagement = "iam:DisableOrganizationsRootCredentialsManagement",
/**
* Grants permission to disable privileged root actions in member accounts for an
* organization managed under the current account
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_DisableOrganizationsRootSessions.html
*/
DisableOrganizationsRootSessions = "iam:DisableOrganizationsRootSessions",
/**
* Grants permission to enable an MFA device and associate it with the specified I
* AM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html
*/
EnableMFADevice = "iam:EnableMFADevice",
/**
* Grants permission to enable the management of member account root user credenti
* als for an organization managed under the current account
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableOrganizationsRootCredentialsManagement.html
*/
EnableOrganizationsRootCredentialsManagement = "iam:EnableOrganizationsRootCredentialsManagement",
/**
* Grants permission to enable privileged root actions in member accounts for an o
* rganization managed under the current account
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableOrganizationsRootSessions.html
*/
EnableOrganizationsRootSessions = "iam:EnableOrganizationsRootSessions",
/**
* Grants permission to generate a credential report for the AWS account
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateCredentialReport.html
*/
GenerateCredentialReport = "iam:GenerateCredentialReport",
/**
* Grants permission to generate an access report for an AWS Organizations entity
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html
*/
GenerateOrganizationsAccessReport = "iam:GenerateOrganizationsAccessReport",
/**
* Grants permission to generate a service last accessed data report for an IAM re
* source
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateServiceLastAccessedDetails.html
*/
GenerateServiceLastAccessedDetails = "iam:GenerateServiceLastAccessedDetails",
/**
* Grants permission to retrieve information about when the specified access key w
* as last used
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccessKeyLastUsed.html
*/
GetAccessKeyLastUsed = "iam:GetAccessKeyLastUsed",
/**
* Grants permission to retrieve information about all IAM users, groups, roles, a
* nd policies in your AWS account, including their relationships to one another
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountAuthorizationDetails.html
*/
GetAccountAuthorizationDetails = "iam:GetAccountAuthorizationDetails",
/**
* Grants permission to retrieve the email address that is associated with the acc
* ount
*
* See https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html
*/
GetAccountEmailAddress = "iam:GetAccountEmailAddress",
/**
* Grants permission to retrieve the account name that is associated with the acco
* unt
*
* See https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html
*/
GetAccountName = "iam:GetAccountName",
/**
* Grants permission to retrieve the password policy for the AWS account
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountPasswordPolicy.html
*/
GetAccountPasswordPolicy = "iam:GetAccountPasswordPolicy",
/**
* Grants permission to retrieve information about IAM entity usage and IAM quotas
* in the AWS account
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html
*/
GetAccountSummary = "iam:GetAccountSummary",
/**
* Grants permission to retrieve information about the specified CloudFront public
* key
*
* See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
*/
GetCloudFrontPublicKey = "iam:GetCloudFrontPublicKey",
/**
* Grants permission to retrieve a list of all of the context keys that are refere
* nced in the specified policy
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html
*/
GetContextKeysForCustomPolicy = "iam:GetContextKeysForCustomPolicy",
/**
* Grants permission to retrieve a list of all context keys that are referenced in
* all IAM policies that are attached to the specified IAM identity (user, group,
* or role)
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html
*/
GetContextKeysForPrincipalPolicy = "iam:GetContextKeysForPrincipalPolicy",
/**
* Grants permission to retrieve a credential report for the AWS account
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetCredentialReport.html
*/
GetCredentialReport = "iam:GetCredentialReport",
/**
* Grants permission to retrieve a list of IAM users in the specified IAM group
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroup.html
*/
GetGroup = "iam:GetGroup",
/**
* Grants permission to retrieve an inline policy document that is embedded in the
* specified IAM group
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html
*/
GetGroupPolicy = "iam:GetGroupPolicy",
/**
* Grants permission to retrieve information about the specified instance profile,
* including the instance profile's path, GUID, ARN, and role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetInstanceProfile.html
*/
GetInstanceProfile = "iam:GetInstanceProfile",
/**
* Grants permission to retrieve the user name and password creation date for the
* specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetLoginProfile.html
*/
GetLoginProfile = "iam:GetLoginProfile",
/**
* Grants permission to retrieve information about an MFA device for the specified
* user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetMFADevice.html
*/
GetMFADevice = "iam:GetMFADevice",
/**
* Grants permission to retrieve information about the specified OpenID Connect (O
* IDC) provider resource in IAM
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOpenIDConnectProvider.html
*/
GetOpenIDConnectProvider = "iam:GetOpenIDConnectProvider",
/**
* Grants permission to retrieve an AWS Organizations access report
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOrganizationsAccessReport.html
*/
GetOrganizationsAccessReport = "iam:GetOrganizationsAccessReport",
/**
* Grants permission to retrieve information about the specified managed policy, i
* ncluding the policy's default version and the total number of identities to whi
* ch the policy is attached
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html
*/
GetPolicy = "iam:GetPolicy",
/**
* Grants permission to retrieve information about a version of the specified mana
* ged policy, including the policy document
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html
*/
GetPolicyVersion = "iam:GetPolicyVersion",
/**
* Grants permission to retrieve information about the specified role, including t
* he role's path, GUID, ARN, and the role's trust policy
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html
*/
GetRole = "iam:GetRole",
/**
* Grants permission to retrieve an inline policy document that is embedded with t
* he specified IAM role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html
*/
GetRolePolicy = "iam:GetRolePolicy",
/**
* Grants permission to retrieve the SAML provider metadocument that was uploaded
* when the IAM SAML provider resource was created or updated
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSAMLProvider.html
*/
GetSAMLProvider = "iam:GetSAMLProvider",
/**
* Grants permission to retrieve the specified SSH public key, including metadata
* about the key
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSSHPublicKey.html
*/
GetSSHPublicKey = "iam:GetSSHPublicKey",
/**
* Grants permission to retrieve information about the specified server certificat
* e stored in IAM
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServerCertificate.html
*/
GetServerCertificate = "iam:GetServerCertificate",
/**
* Grants permission to retrieve information about the service last accessed data
* report
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetails.html
*/
GetServiceLastAccessedDetails = "iam:GetServiceLastAccessedDetails",
/**
* Grants permission to retrieve information about the entities from the service l
* ast accessed data report
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetailsWithEntities.html
*/
GetServiceLastAccessedDetailsWithEntities = "iam:GetServiceLastAccessedDetailsWithEntities",
/**
* Grants permission to retrieve an IAM service-linked role deletion status
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLinkedRoleDeletionStatus.html
*/
GetServiceLinkedRoleDeletionStatus = "iam:GetServiceLinkedRoleDeletionStatus",
/**
* Grants permission to retrieve information about the specified IAM user, includi
* ng the user's creation date, path, unique ID, and ARN
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html
*/
GetUser = "iam:GetUser",
/**
* Grants permission to retrieve an inline policy document that is embedded in the
* specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html
*/
GetUserPolicy = "iam:GetUserPolicy",
/**
* Grants permission to list information about the access key IDs that are associa
* ted with the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html
*/
ListAccessKeys = "iam:ListAccessKeys",
/**
* Grants permission to list the account alias that is associated with the AWS acc
* ount
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html
*/
ListAccountAliases = "iam:ListAccountAliases",
/**
* Grants permission to list all managed policies that are attached to the specifi
* ed IAM group
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html
*/
ListAttachedGroupPolicies = "iam:ListAttachedGroupPolicies",
/**
* Grants permission to list all managed policies that are attached to the specifi
* ed IAM role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html
*/
ListAttachedRolePolicies = "iam:ListAttachedRolePolicies",
/**
* Grants permission to list all managed policies that are attached to the specifi
* ed IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html
*/
ListAttachedUserPolicies = "iam:ListAttachedUserPolicies",
/**
* Grants permission to list all current CloudFront public keys for the account
*
* See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
*/
ListCloudFrontPublicKeys = "iam:ListCloudFrontPublicKeys",
/**
* Grants permission to list all IAM identities to which the specified managed pol
* icy is attached
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html
*/
ListEntitiesForPolicy = "iam:ListEntitiesForPolicy",
/**
* Grants permission to list the names of the inline policies that are embedded in
* the specified IAM group
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html
*/
ListGroupPolicies = "iam:ListGroupPolicies",
/**
* Grants permission to list the IAM groups that have the specified path prefix
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroups.html
*/
ListGroups = "iam:ListGroups",
/**
* Grants permission to list the IAM groups that the specified IAM user belongs to
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupsForUser.html
*/
ListGroupsForUser = "iam:ListGroupsForUser",
/**
* Grants permission to list the tags that are attached to the specified instance
* profile
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfileTags.html
*/
ListInstanceProfileTags = "iam:ListInstanceProfileTags",
/**
* Grants permission to list the instance profiles that have the specified path pr
* efix
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfiles.html
*/
ListInstanceProfiles = "iam:ListInstanceProfiles",
/**
* Grants permission to list the instance profiles that have the specified associa
* ted IAM role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfilesForRole.html
*/
ListInstanceProfilesForRole = "iam:ListInstanceProfilesForRole",
/**
* Grants permission to list the tags that are attached to the specified virtual m
* fa device
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADeviceTags.html
*/
ListMFADeviceTags = "iam:ListMFADeviceTags",
/**
* Grants permission to list the MFA devices for an IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADevices.html
*/
ListMFADevices = "iam:ListMFADevices",
/**
* Grants permission to list the tags that are attached to the specified OpenID Co
* nnect provider
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviderTags.html
*/
ListOpenIDConnectProviderTags = "iam:ListOpenIDConnectProviderTags",
/**
* Grants permission to list information about the IAM OpenID Connect (OIDC) provi
* der resource objects that are defined in the AWS account
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html
*/
ListOpenIDConnectProviders = "iam:ListOpenIDConnectProviders",
/**
* Grants permission to list the centralized root access features enabled for your
* organization
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOrganizationsFeatures.html
*/
ListOrganizationsFeatures = "iam:ListOrganizationsFeatures",
/**
* Grants permission to list all managed policies
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html
*/
ListPolicies = "iam:ListPolicies",
/**
* Grants permission to list information about the policies that grant an entity a
* ccess to a specific service
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPoliciesGrantingServiceAccess.html
*/
ListPoliciesGrantingServiceAccess = "iam:ListPoliciesGrantingServiceAccess",
/**
* Grants permission to list the tags that are attached to the specified managed p
* olicy
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyTags.html
*/
ListPolicyTags = "iam:ListPolicyTags",
/**
* Grants permission to list information about the versions of the specified manag
* ed policy, including the version that is currently set as the policy's default
* version
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html
*/
ListPolicyVersions = "iam:ListPolicyVersions",
/**
* Grants permission to list the names of the inline policies that are embedded in
* the specified IAM role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html
*/
ListRolePolicies = "iam:ListRolePolicies",
/**
* Grants permission to list the tags that are attached to the specified IAM role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoleTags.html
*/
ListRoleTags = "iam:ListRoleTags",
/**
* Grants permission to list the IAM roles that have the specified path prefix
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoles.html
*/
ListRoles = "iam:ListRoles",
/**
* Grants permission to list the tags that are attached to the specified SAML prov
* ider
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviderTags.html
*/
ListSAMLProviderTags = "iam:ListSAMLProviderTags",
/**
* Grants permission to list the SAML provider resources in IAM
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviders.html
*/
ListSAMLProviders = "iam:ListSAMLProviders",
/**
* Grants permission to list information about the SSH public keys that are associ
* ated with the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSSHPublicKeys.html
*/
ListSSHPublicKeys = "iam:ListSSHPublicKeys",
/**
* Grants permission to list the status of all active STS regional endpoints
*
* See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
*/
ListSTSRegionalEndpointsStatus = "iam:ListSTSRegionalEndpointsStatus",
/**
* Grants permission to list the tags that are attached to the specified server ce
* rtificate
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificateTags.html
*/
ListServerCertificateTags = "iam:ListServerCertificateTags",
/**
* Grants permission to list the server certificates that have the specified path
* prefix
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificates.html
*/
ListServerCertificates = "iam:ListServerCertificates",
/**
* Grants permission to list the service-specific credentials that are associated
* with the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServiceSpecificCredentials.html
*/
ListServiceSpecificCredentials = "iam:ListServiceSpecificCredentials",
/**
* Grants permission to list information about the signing certificates that are a
* ssociated with the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSigningCertificates.html
*/
ListSigningCertificates = "iam:ListSigningCertificates",
/**
* Grants permission to list the names of the inline policies that are embedded in
* the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserPolicies.html
*/
ListUserPolicies = "iam:ListUserPolicies",
/**
* Grants permission to list the tags that are attached to the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserTags.html
*/
ListUserTags = "iam:ListUserTags",
/**
* Grants permission to list the IAM users that have the specified path prefix
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUsers.html
*/
ListUsers = "iam:ListUsers",
/**
* Grants permission to list virtual MFA devices by assignment status
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListVirtualMFADevices.html
*/
ListVirtualMFADevices = "iam:ListVirtualMFADevices",
/**
* Grants permission to pass a role to a service
*
* See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html
*/
PassRole = "iam:PassRole",
/**
* Grants permission to create or update an inline policy document that is embedde
* d in the specified IAM group
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html
*/
PutGroupPolicy = "iam:PutGroupPolicy",
/**
* Grants permission to set a managed policy as a permissions boundary for a role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePermissionsBoundary.html
*/
PutRolePermissionsBoundary = "iam:PutRolePermissionsBoundary",
/**
* Grants permission to create or update an inline policy document that is embedde
* d in the specified IAM role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html
*/
PutRolePolicy = "iam:PutRolePolicy",
/**
* Grants permission to set a managed policy as a permissions boundary for an IAM
* user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPermissionsBoundary.html
*/
PutUserPermissionsBoundary = "iam:PutUserPermissionsBoundary",
/**
* Grants permission to create or update an inline policy document that is embedde
* d in the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
*/
PutUserPolicy = "iam:PutUserPolicy",
/**
* Grants permission to remove the client ID (audience) from the list of client ID
* s in the specified IAM OpenID Connect (OIDC) provider resource
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveClientIDFromOpenIDConnectProvider.html
*/
RemoveClientIDFromOpenIDConnectProvider = "iam:RemoveClientIDFromOpenIDConnectProvider",
/**
* Grants permission to remove an IAM role from the specified EC2 instance profile
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveRoleFromInstanceProfile.html
*/
RemoveRoleFromInstanceProfile = "iam:RemoveRoleFromInstanceProfile",
/**
* Grants permission to remove an IAM user from the specified group
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveUserFromGroup.html
*/
RemoveUserFromGroup = "iam:RemoveUserFromGroup",
/**
* Grants permission to reset the password for an existing service-specific creden
* tial for an IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html
*/
ResetServiceSpecificCredential = "iam:ResetServiceSpecificCredential",
/**
* Grants permission to synchronize the specified MFA device with its IAM entity (
* user or role)
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResyncMFADevice.html
*/
ResyncMFADevice = "iam:ResyncMFADevice",
/**
* Grants permission to set the version of the specified policy as the policy's de
* fault version
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetDefaultPolicyVersion.html
*/
SetDefaultPolicyVersion = "iam:SetDefaultPolicyVersion",
/**
* Grants permission to activate or deactivate an STS regional endpoint
*
* See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
*/
SetSTSRegionalEndpointStatus = "iam:SetSTSRegionalEndpointStatus",
/**
* Grants permission to set the STS global endpoint token version
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetSecurityTokenServicePreferences.html
*/
SetSecurityTokenServicePreferences = "iam:SetSecurityTokenServicePreferences",
/**
* Grants permission to simulate whether an identity-based policy or resource-base
* d policy provides permissions for specific API operations and resources
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html
*/
SimulateCustomPolicy = "iam:SimulateCustomPolicy",
/**
* Grants permission to simulate whether an identity-based policy that is attached
* to a specified IAM entity (user or role) provides permissions for specific API
* operations and resources
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html
*/
SimulatePrincipalPolicy = "iam:SimulatePrincipalPolicy",
/**
* Grants permission to add tags to an instance profile
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagInstanceProfile.html
*/
TagInstanceProfile = "iam:TagInstanceProfile",
/**
* Grants permission to add tags to a virtual mfa device
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagMFADevice.html
*/
TagMFADevice = "iam:TagMFADevice",
/**
* Grants permission to add tags to an OpenID Connect provider
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagOpenIDConnectProvider.html
*/
TagOpenIDConnectProvider = "iam:TagOpenIDConnectProvider",
/**
* Grants permission to add tags to a managed policy
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagPolicy.html
*/
TagPolicy = "iam:TagPolicy",
/**
* Grants permission to add tags to an IAM role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagRole.html
*/
TagRole = "iam:TagRole",
/**
* Grants permission to add tags to a SAML Provider
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagSAMLProvider.html
*/
TagSAMLProvider = "iam:TagSAMLProvider",
/**
* Grants permission to add tags to a server certificate
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagServerCertificate.html
*/
TagServerCertificate = "iam:TagServerCertificate",
/**
* Grants permission to add tags to an IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagUser.html
*/
TagUser = "iam:TagUser",
/**
* Grants permission to remove the specified tags from the instance profile
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagInstanceProfile.html
*/
UntagInstanceProfile = "iam:UntagInstanceProfile",
/**
* Grants permission to remove the specified tags from the virtual mfa device
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagMFADevice.html
*/
UntagMFADevice = "iam:UntagMFADevice",
/**
* Grants permission to remove the specified tags from the OpenID Connect provider
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagOpenIDConnectProvider.html
*/
UntagOpenIDConnectProvider = "iam:UntagOpenIDConnectProvider",
/**
* Grants permission to remove the specified tags from the managed policy
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagPolicy.html
*/
UntagPolicy = "iam:UntagPolicy",
/**
* Grants permission to remove the specified tags from the role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagRole.html
*/
UntagRole = "iam:UntagRole",
/**
* Grants permission to remove the specified tags from the SAML Provider
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagSAMLProvider.html
*/
UntagSAMLProvider = "iam:UntagSAMLProvider",
/**
* Grants permission to remove the specified tags from the server certificate
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagServerCertificate.html
*/
UntagServerCertificate = "iam:UntagServerCertificate",
/**
* Grants permission to remove the specified tags from the user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagUser.html
*/
UntagUser = "iam:UntagUser",
/**
* Grants permission to update the status of the specified access key as Active or
* Inactive
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html
*/
UpdateAccessKey = "iam:UpdateAccessKey",
/**
* Grants permission to update the email address that is associated with the accou
* nt
*
* See https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html
*/
UpdateAccountEmailAddress = "iam:UpdateAccountEmailAddress",
/**
* Grants permission to update the account name that is associated with the accoun
* t
*
* See https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html
*/
UpdateAccountName = "iam:UpdateAccountName",
/**
* Grants permission to update the password policy settings for the AWS account
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccountPasswordPolicy.html
*/
UpdateAccountPasswordPolicy = "iam:UpdateAccountPasswordPolicy",
/**
* Grants permission to update the policy that grants an IAM entity permission to
* assume a role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html
*/
UpdateAssumeRolePolicy = "iam:UpdateAssumeRolePolicy",
/**
* Grants permission to update an existing CloudFront public key
*
* See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
*/
UpdateCloudFrontPublicKey = "iam:UpdateCloudFrontPublicKey",
/**
* Grants permission to update the name or path of the specified IAM group
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateGroup.html
*/
UpdateGroup = "iam:UpdateGroup",
/**
* Grants permission to change the password for the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateLoginProfile.html
*/
UpdateLoginProfile = "iam:UpdateLoginProfile",
/**
* Grants permission to update the entire list of server certificate thumbprints t
* hat are associated with an OpenID Connect (OIDC) provider resource
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateOpenIDConnectProviderThumbprint.html
*/
UpdateOpenIDConnectProviderThumbprint = "iam:UpdateOpenIDConnectProviderThumbprint",
/**
* Grants permission to update the description or maximum session duration setting
* of a role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateRole.html
*/
UpdateRole = "iam:UpdateRole",
/**
* Grants permission to update only the description of a role
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateRoleDescription.html
*/
UpdateRoleDescription = "iam:UpdateRoleDescription",
/**
* Grants permission to update the metadata document for an existing SAML provider
* resource
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSAMLProvider.html
*/
UpdateSAMLProvider = "iam:UpdateSAMLProvider",
/**
* Grants permission to update the status of an IAM user's SSH public key to activ
* e or inactive
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSSHPublicKey.html
*/
UpdateSSHPublicKey = "iam:UpdateSSHPublicKey",
/**
* Grants permission to update the name or the path of the specified server certif
* icate stored in IAM
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateServerCertificate.html
*/
UpdateServerCertificate = "iam:UpdateServerCertificate",
/**
* Grants permission to update the status of a service-specific credential to acti
* ve or inactive for an IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateServiceSpecificCredential.html
*/
UpdateServiceSpecificCredential = "iam:UpdateServiceSpecificCredential",
/**
* Grants permission to update the status of the specified user signing certificat
* e to active or disabled
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSigningCertificate.html
*/
UpdateSigningCertificate = "iam:UpdateSigningCertificate",
/**
* Grants permission to update the name or the path of the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateUser.html
*/
UpdateUser = "iam:UpdateUser",
/**
* Grants permission to upload a CloudFront public key
*
* See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
*/
UploadCloudFrontPublicKey = "iam:UploadCloudFrontPublicKey",
/**
* Grants permission to upload an SSH public key and associate it with the specifi
* ed IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadSSHPublicKey.html
*/
UploadSSHPublicKey = "iam:UploadSSHPublicKey",
/**
* Grants permission to upload a server certificate entity for the AWS account
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadServerCertificate.html
*/
UploadServerCertificate = "iam:UploadServerCertificate",
/**
* Grants permission to upload an X.509 signing certificate and associate it with
* the specified IAM user
*
* See https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadSigningCertificate.html
*/
UploadSigningCertificate = "iam:UploadSigningCertificate"
}