Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Learn more about AWS Resource Groups authorization and access control

PDF
RSS
Focus mode
Learn more about AWS Resource Groups authorization and access control - AWS Resource Groups

Resource Groups supports the following.

  • Action-based policies. For example, you can create a policy that allows users to perform ListGroups operations, but no others.

  • Resource-level permissions. Resource Groups supports using ARNs to specify individual resources in the policy.

  • Authorization based on tags. Resource Groups supports using resource tags in the condition of a policy. For example, you can create a policy that allows Resource Groups users full access to a group that you have tagged.

  • Temporary credentials. Users can assume a role with a policy that allows AWS Resource Groups operations.

Resource Groups doesn't support resource-based policies.

For more information about how Resource Groups and Tag Editor integrate with AWS Identity and Access Management (IAM), see the following topics in the AWS Identity and Access Management User Guide.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.