{ "addcustomattributes": { "name": "AddCustomAttributes", "description": "Grants permission to add user attributes to the user pool schema", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adduserpoolclientsecret": { "name": "AddUserPoolClientSecret", "description": "Grants permission to add a new secret to a confidential client", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminaddusertogroup": { "name": "AdminAddUserToGroup", "description": "Grants permission to add any user to any group", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminconfirmsignup": { "name": "AdminConfirmSignUp", "description": "Grants permission to confirm any user's registration without a confirmation code", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "admincreateuser": { "name": "AdminCreateUser", "description": "Grants permission to create new users and send welcome messages via email or SMS", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "admindeleteuser": { "name": "AdminDeleteUser", "description": "Grants permission to delete any user", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "admindeleteuserattributes": { "name": "AdminDeleteUserAttributes", "description": "Grants permission to delete attributes from any user", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "admindisableproviderforuser": { "name": "AdminDisableProviderForUser", "description": "Grants permission to unlink any user pool user from a third-party identity provider (IdP) user", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "admindisableuser": { "name": "AdminDisableUser", "description": "Grants permission to deactivate any user", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminenableuser": { "name": "AdminEnableUser", "description": "Grants permission to activate any user", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminforgetdevice": { "name": "AdminForgetDevice", "description": "Grants permission to deregister any user's devices", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "admingetdevice": { "name": "AdminGetDevice", "description": "Grants permission to get information about any user's devices", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "admingetuser": { "name": "AdminGetUser", "description": "Grants permission to look up any user by user name", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "admininitiateauth": { "name": "AdminInitiateAuth", "description": "Grants permission to authenticate any user", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminlinkproviderforuser": { "name": "AdminLinkProviderForUser", "description": "Grants permission to link any user pool user to a third-party IdP user", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminlistdevices": { "name": "AdminListDevices", "description": "Grants permission to list any user's remembered devices", "accessLevel": "List", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminlistgroupsforuser": { "name": "AdminListGroupsForUser", "description": "Grants permission to list the groups that any user belongs to", "accessLevel": "List", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminlistuserauthevents": { "name": "AdminListUserAuthEvents", "description": "Grants permission to lists sign-in events for any user", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminremoveuserfromgroup": { "name": "AdminRemoveUserFromGroup", "description": "Grants permission to remove any user from any group", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminresetuserpassword": { "name": "AdminResetUserPassword", "description": "Grants permission to reset any user's password", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminrespondtoauthchallenge": { "name": "AdminRespondToAuthChallenge", "description": "Grants permission to respond to an authentication challenge during the authentication of any user", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminsetusermfapreference": { "name": "AdminSetUserMFAPreference", "description": "Grants permission to set any user's preferred MFA method", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminsetuserpassword": { "name": "AdminSetUserPassword", "description": "Grants permission to set any user's password", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminsetusersettings": { "name": "AdminSetUserSettings", "description": "Grants permission to set user settings for any user", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminupdateautheventfeedback": { "name": "AdminUpdateAuthEventFeedback", "description": "Grants permission to update advanced security feedback for any user's authentication event", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminupdatedevicestatus": { "name": "AdminUpdateDeviceStatus", "description": "Grants permission to update the status of any user's remembered devices", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminupdateuserattributes": { "name": "AdminUpdateUserAttributes", "description": "Grants permission to updates any user's standard or custom attributes", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "adminuserglobalsignout": { "name": "AdminUserGlobalSignOut", "description": "Grants permission to sign out any user from all sessions", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "associatesoftwaretoken": { "name": "AssociateSoftwareToken", "description": "Grants permission to return a unique generated shared secret key code for the user", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "associatewebacl": { "name": "AssociateWebACL", "isPermissionOnly": true, "description": "Grants permission to associate the user pool with an AWS WAF web ACL", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "webacl", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "changepassword": { "name": "ChangePassword", "description": "Grants permission to change the password for a specified user in a user pool", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "confirmdevice": { "name": "ConfirmDevice", "description": "Grants permission to confirm tracking of the device. This API call is the call that begins device tracking", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "confirmforgotpassword": { "name": "ConfirmForgotPassword", "description": "Grants permission to allow a user to enter a confirmation code to reset a forgotten password", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "confirmsignup": { "name": "ConfirmSignUp", "description": "Grants permission to confirm registration of a user and handles the existing alias from a previous user", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "creategroup": { "name": "CreateGroup", "description": "Grants permission to create new user pool groups", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "createidentityprovider": { "name": "CreateIdentityProvider", "description": "Grants permission to add identity providers to user pools", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "createmanagedloginbranding": { "name": "CreateManagedLoginBranding", "description": "Grants permission to create a branding settings for managed login and associate it with an app client", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "createresourceserver": { "name": "CreateResourceServer", "description": "Grants permission to create and configure scopes for OAuth 2.0 resource servers", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "createterms": { "name": "CreateTerms", "description": "Grants permission to create terms and associate it with an app client", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "createuserimportjob": { "name": "CreateUserImportJob", "description": "Grants permission to create user CSV import jobs", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "createuserpool": { "name": "CreateUserPool", "description": "Grants permission to create and set password policy for user pools", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependentActions": [] }, "createuserpoolclient": { "name": "CreateUserPoolClient", "description": "Grants permission to create user pool app clients", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "createuserpooldomain": { "name": "CreateUserPoolDomain", "description": "Grants permission to add user pool domains", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletegroup": { "name": "DeleteGroup", "description": "Grants permission to delete any empty user pool group", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteidentityprovider": { "name": "DeleteIdentityProvider", "description": "Grants permission to delete any identity provider from user pools", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletemanagedloginbranding": { "name": "DeleteManagedLoginBranding", "description": "Grants permission to delete the managed login branding style for any app client", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteresourceserver": { "name": "DeleteResourceServer", "description": "Grants permission to delete any OAuth 2.0 resource server from user pools", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteterms": { "name": "DeleteTerms", "description": "Grants permission to delete terms for an app client", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteuser": { "name": "DeleteUser", "description": "Grants permission to allow a user to delete one's self", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "deleteuserattributes": { "name": "DeleteUserAttributes", "description": "Grants permission to delete the attributes for a user", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "deleteuserpool": { "name": "DeleteUserPool", "description": "Grants permission to delete user pools", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteuserpoolclient": { "name": "DeleteUserPoolClient", "description": "Grants permission to delete any user pool app client", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteuserpoolclientsecret": { "name": "DeleteUserPoolClientSecret", "description": "Grants permission to delete a secret from a list of secrets associated with a client", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteuserpooldomain": { "name": "DeleteUserPoolDomain", "description": "Grants permission to delete any user pool domain", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeidentityprovider": { "name": "DescribeIdentityProvider", "description": "Grants permission to describe any user pool identity provider", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describemanagedloginbranding": { "name": "DescribeManagedLoginBranding", "description": "Grants permission to get the detailed information about the branding style of managed login", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describemanagedloginbrandingbyclient": { "name": "DescribeManagedLoginBrandingByClient", "description": "Grants permission to get the detailed information about the branding style of managed login associated with an appclient", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeresourceserver": { "name": "DescribeResourceServer", "description": "Grants permission to describe any OAuth 2.0 resource server", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeriskconfiguration": { "name": "DescribeRiskConfiguration", "description": "Grants permission to describe the risk configuration settings of user pools and app clients", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeterms": { "name": "DescribeTerms", "description": "Grants permission to get the detailed information about terms for an app client", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeuserimportjob": { "name": "DescribeUserImportJob", "description": "Grants permission to describe any user import job", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeuserpool": { "name": "DescribeUserPool", "description": "Grants permission to describe user pools", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeuserpoolclient": { "name": "DescribeUserPoolClient", "description": "Grants permission to describe any user pool app client", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeuserpooldomain": { "name": "DescribeUserPoolDomain", "description": "Grants permission to describe any user pool domain", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "disassociatewebacl": { "name": "DisassociateWebACL", "isPermissionOnly": true, "description": "Grants permission to disassociate the user pool with an AWS WAF web ACL", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "forgetdevice": { "name": "ForgetDevice", "description": "Grants permission to forget the specified device", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "forgotpassword": { "name": "ForgotPassword", "description": "Grants permission to send a message to the end user with a confirmation code that is required to change the user's password", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "getcsvheader": { "name": "GetCSVHeader", "description": "Grants permission to generate headers for a user import .csv file", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getdevice": { "name": "GetDevice", "description": "Grants permission to get the device", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "getgroup": { "name": "GetGroup", "description": "Grants permission to describe a user pool group", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getidentityproviderbyidentifier": { "name": "GetIdentityProviderByIdentifier", "description": "Grants permission to correlate a user pool IdP identifier to the IdP Name", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getlogdeliveryconfiguration": { "name": "GetLogDeliveryConfiguration", "description": "Grants permission to get the detailed activity logging configuration for a user pool", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getsigningcertificate": { "name": "GetSigningCertificate", "description": "Grants permission to look up signing certificates for user pools", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "gettokensfromrefreshtoken": { "name": "GetTokensFromRefreshToken", "description": "Grants permission to update user tokens with refresh tokens", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "getuicustomization": { "name": "GetUICustomization", "description": "Grants permission to get UI customization information for the hosted UI of any app client", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getuser": { "name": "GetUser", "description": "Grants permission to get the user attributes and metadata for a user", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "getuserattributeverificationcode": { "name": "GetUserAttributeVerificationCode", "description": "Grants permission to get the user attribute verification code for the specified attribute name", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "getuserpoolmfaconfig": { "name": "GetUserPoolMfaConfig", "description": "Grants permission to look up the MFA configuration of user pools", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getwebaclforresource": { "name": "GetWebACLForResource", "isPermissionOnly": true, "description": "Grants permission to get the AWS WAF web ACL that is associated with an Amazon Cognito user pool", "accessLevel": "Read", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "globalsignout": { "name": "GlobalSignOut", "description": "Grants permission to sign out users from all devices", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "initiateauth": { "name": "InitiateAuth", "description": "Grants permission to initiate the authentication flow", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "listdevices": { "name": "ListDevices", "description": "Grants permission to list the devices", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "listgroups": { "name": "ListGroups", "description": "Grants permission to list all groups in user pools", "accessLevel": "List", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listidentityproviders": { "name": "ListIdentityProviders", "description": "Grants permission to list all identity providers in user pools", "accessLevel": "List", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listresourceservers": { "name": "ListResourceServers", "description": "Grants permission to list all resource servers in user pools", "accessLevel": "List", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listresourcesforwebacl": { "name": "ListResourcesForWebACL", "isPermissionOnly": true, "description": "Grants permission to list the user pools that are associated with an AWS WAF web ACL", "accessLevel": "List", "resourceTypes": [ { "name": "webacl", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listtagsforresource": { "name": "ListTagsForResource", "description": "Grants permission to list the tags that are assigned to an Amazon Cognito user pool", "accessLevel": "List", "resourceTypes": [ { "name": "userpool", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listterms": { "name": "ListTerms", "description": "Grants permission to list all terms for a user pool", "accessLevel": "List", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listuserimportjobs": { "name": "ListUserImportJobs", "description": "Grants permission to list all user import jobs", "accessLevel": "List", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listuserpoolclientsecrets": { "name": "ListUserPoolClientSecrets", "description": "Grants permission to list all secrets associated with a client", "accessLevel": "List", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listuserpoolclients": { "name": "ListUserPoolClients", "description": "Grants permission to list all app clients in user pools", "accessLevel": "List", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listuserpools": { "name": "ListUserPools", "description": "Grants permission to list all user pools", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "listusers": { "name": "ListUsers", "description": "Grants permission to list all user pool users", "accessLevel": "List", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listusersingroup": { "name": "ListUsersInGroup", "description": "Grants permission to list the users in any group", "accessLevel": "List", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "resendconfirmationcode": { "name": "ResendConfirmationCode", "description": "Grants permission to resend the confirmation (for confirmation of registration) to a specific user in the user pool", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "respondtoauthchallenge": { "name": "RespondToAuthChallenge", "description": "Grants permission to respond to the authentication challenge", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "revoketoken": { "name": "RevokeToken", "description": "Grants permission to revoke all of the access tokens generated by the specified refresh token", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "setlogdeliveryconfiguration": { "name": "SetLogDeliveryConfiguration", "description": "Grants permission to set up or modify the detailed activity logging configuration of a user pool", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "setriskconfiguration": { "name": "SetRiskConfiguration", "description": "Grants permission to set risk configuration for user pools and app clients", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "setuicustomization": { "name": "SetUICustomization", "description": "Grants permission to customize the hosted UI for any app client", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "setusermfapreference": { "name": "SetUserMFAPreference", "description": "Grants permission to set MFA preference for the user in the userpool", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "setuserpoolmfaconfig": { "name": "SetUserPoolMfaConfig", "description": "Grants permission to set user pool MFA configuration", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "setusersettings": { "name": "SetUserSettings", "description": "Grants permission to set the user settings like multi-factor authentication (MFA)", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "signup": { "name": "SignUp", "description": "Grants permission to register the user in the specified user pool and creates a user name, password, and user attributes", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "startuserimportjob": { "name": "StartUserImportJob", "description": "Grants permission to start any user import job", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "stopuserimportjob": { "name": "StopUserImportJob", "description": "Grants permission to stop any user import job", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "tagresource": { "name": "TagResource", "description": "Grants permission to tag a user pool", "accessLevel": "Tagging", "resourceTypes": [ { "name": "userpool", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependentActions": [] }, "untagresource": { "name": "UntagResource", "description": "Grants permission to untag a user pool", "accessLevel": "Tagging", "resourceTypes": [ { "name": "userpool", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:TagKeys" ], "dependentActions": [] }, "updateautheventfeedback": { "name": "UpdateAuthEventFeedback", "description": "Grants permission to update the feedback for the user authentication event", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "updatedevicestatus": { "name": "UpdateDeviceStatus", "description": "Grants permission to update the device status", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "updategroup": { "name": "UpdateGroup", "description": "Grants permission to update the configuration of any group", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "updateidentityprovider": { "name": "UpdateIdentityProvider", "description": "Grants permission to update the configuration of any user pool IdP", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "updatemanagedloginbranding": { "name": "UpdateManagedLoginBranding", "description": "Grants permission to update the branding settings of a managed login", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "updateresourceserver": { "name": "UpdateResourceServer", "description": "Grants permission to update the configuration of any OAuth 2.0 resource server", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "updateterms": { "name": "UpdateTerms", "description": "Grants permission to update terms for an app client", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "updateuserattributes": { "name": "UpdateUserAttributes", "description": "Grants permission to allow a user to update a specific attribute (one at a time)", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "updateuserpool": { "name": "UpdateUserPool", "description": "Grants permission to updates the configuration of user pools", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependentActions": [] }, "updateuserpoolclient": { "name": "UpdateUserPoolClient", "description": "Grants permission to update any user pool client", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "updateuserpooldomain": { "name": "UpdateUserPoolDomain", "description": "Grants permission to replace the certificate for any custom domain", "accessLevel": "Write", "resourceTypes": [ { "name": "userpool", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "verifysoftwaretoken": { "name": "VerifySoftwareToken", "description": "Grants permission to register a user's entered TOTP code and mark the user's software token MFA status as verified if successful", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "verifyuserattribute": { "name": "VerifyUserAttribute", "description": "Grants permission to verify a user attribute using a one time verification code", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] } }