{ "createidentitysource": { "name": "CreateIdentitySource", "description": "Grants permission to create a reference to an external identity provider (IdP) that is compatible with OpenID Connect (OIDC) authentication protocol, such as Amazon Cognito", "accessLevel": "Write", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "createpolicy": { "name": "CreatePolicy", "description": "Grants permission to create a Cedar policy and save it in the specified policy store", "accessLevel": "Write", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "createpolicystore": { "name": "CreatePolicyStore", "description": "Grants permission to create a Cedar policy and save it in the specified policy store", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [ "aws:ResourceTag/${TagKey}", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependentActions": [] }, "createpolicytemplate": { "name": "CreatePolicyTemplate", "description": "Grants permission to create a policy template", "accessLevel": "Write", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deleteidentitysource": { "name": "DeleteIdentitySource", "description": "Grants permission to delete an identity source that references an identity provider (IdP) such as Amazon Cognito", "accessLevel": "Write", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletepolicy": { "name": "DeletePolicy", "description": "Grants permission to delete the specified policy from the policy store", "accessLevel": "Write", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletepolicystore": { "name": "DeletePolicyStore", "description": "Grants permission to delete the specified policy store", "accessLevel": "Write", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletepolicytemplate": { "name": "DeletePolicyTemplate", "description": "Grants permission to delete the specified policy template from the policy store", "accessLevel": "Write", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getidentitysource": { "name": "GetIdentitySource", "description": "Grants permission to retrieve the details about the specified identity source", "accessLevel": "Read", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getpolicy": { "name": "GetPolicy", "description": "Grants permission to retrieve information about the specified policy", "accessLevel": "Read", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getpolicystore": { "name": "GetPolicyStore", "description": "Grants permission to retrieve details about a policy store", "accessLevel": "Read", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [ "verifiedpermissions:ListTagsForResource" ] }, "getpolicytemplate": { "name": "GetPolicyTemplate", "description": "Grants permission to retrieve the details for the specified policy template in the specified policy store", "accessLevel": "Read", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "getschema": { "name": "GetSchema", "description": "Grants permission to retrieve the details for the specified schema in the specified policy store", "accessLevel": "Read", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "isauthorized": { "name": "IsAuthorized", "description": "Grants permission to make an authorization decision about a service request described in the parameters", "accessLevel": "Read", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "isauthorizedwithtoken": { "name": "IsAuthorizedWithToken", "description": "Grants permission to make an authorization decision about a service request described in the parameters. The principal in this request comes from an external identity source", "accessLevel": "Read", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listidentitysources": { "name": "ListIdentitySources", "description": "Grants permission to return a paginated list of all of the identity sources defined in the specified policy store", "accessLevel": "List", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listpolicies": { "name": "ListPolicies", "description": "Grants permission to return a paginated list of all policies stored in the specified policy store", "accessLevel": "List", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listpolicystores": { "name": "ListPolicyStores", "description": "Grants permission to return a paginated list of all policy stores in the calling Amazon Web Services account", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "listpolicytemplates": { "name": "ListPolicyTemplates", "description": "Grants permission to return a paginated list of all policy templates in the specified policy store", "accessLevel": "List", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listtagsforresource": { "name": "ListTagsForResource", "description": "Grants permission to view a list of resource tags for the specified policy store", "accessLevel": "Read", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "putschema": { "name": "PutSchema", "description": "Grants permission to create or update the policy schema in the specified policy store", "accessLevel": "Write", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "tagresource": { "name": "TagResource", "description": "Grants permission to add tags to the specified policy store", "accessLevel": "Tagging", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependentActions": [] }, "untagresource": { "name": "UntagResource", "description": "Grants permission to remove tags from the specified policy store", "accessLevel": "Tagging", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:TagKeys" ], "dependentActions": [] }, "updateidentitysource": { "name": "UpdateIdentitySource", "description": "Grants permission to update the specified identity source to use a new identity provider (IdP) source, or to change the mapping of identities from the IdP to a different principal entity type", "accessLevel": "Write", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "updatepolicy": { "name": "UpdatePolicy", "description": "Grants permission to modify the specified Cedar static policy in the specified policy store", "accessLevel": "Write", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "updatepolicystore": { "name": "UpdatePolicyStore", "description": "Grants permission to modify the validation setting for a policy store", "accessLevel": "Write", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "updatepolicytemplate": { "name": "UpdatePolicyTemplate", "description": "Grants permission to update the specified policy template", "accessLevel": "Write", "resourceTypes": [ { "name": "policy-store", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] } }