Amazon Cloud Directory API Permissions: Actions, Resources, and Conditions Reference

When you are setting up Access Control and writing permissions policies that you can attach to an IAM identity (identity-based policies), you can use the following table as a reference. The table lists each Amazon Cloud Directory API operation, the corresponding actions for which you can grant permissions to perform the action, the AWS resource for which you can grant the permissions. You specify the actions in the policy's Action field and the resource value in the policy's Resource field.

You can use AWS-wide condition keys in your Amazon Cloud Directory policies to express conditions. For a complete list of AWS-wide keys, see Available Global Condition Keys in the IAM User Guide.

Note

To specify an action, use the clouddirectory: prefix followed by the API operation name (for example, clouddirectory:CreateDirectory).

Amazon Cloud Directory API and Required Permissions for Actions
Amazon Cloud Directory API Operations	Required Permissions (API Actions)	Resources
AddFacetToObject	`clouddirectory:AddFacetToObject`	*
ApplySchema	`clouddirectory:ApplySchema`	*
AttachObject	`clouddirectory:AttachObject`	*
AttachPolicy	`clouddirectory:AttachPolicy`	*
AttachToIndex	`clouddirectory:AttachToIndex`	*
AttachTypedLink	`clouddirectory:AttachTypedLink`	*
BatchRead	`clouddirectory:BatchRead`	*
BatchWrite	`clouddirectory:BatchWrite`	*
CreateDirectory	`clouddirectory:CreateDirectory`	*
CreateFacet	`clouddirectory:CreateFacet`	*
CreateIndex	`clouddirectory:CreateIndex`	*
CreateObject	`clouddirectory:CreateObject`	*
CreateSchema	`clouddirectory:CreateSchema`	*
CreateTypedLinkFacet	`clouddirectory:CreateTypedLinkFacet`	*
DeleteDirectory	`clouddirectory:DeleteDirectory`	*
DeleteFacet	`clouddirectory:DeleteFacet`	*
DeleteObject	`clouddirectory:DeleteObject`	*
DeleteSchema	`clouddirectory:DeleteSchema`	*
DeleteTypedLinkFacet	`clouddirectory:DeleteTypedLinkFacet`	*
DetachFromIndex	`clouddirectory:DetachFromIndex`	*
DetachObject	`clouddirectory:DetachObject`	*
DetachPolicy	`clouddirectory:DetachPolicy`	*
DetachedTypedLink	`clouddirectory:DetachTypedLink`	*
DisableDirectory	`clouddirectory:DisableDirectory`	*
EnableDirectory	`clouddirectory:EnableDirectory`	*
GetAppliedSchemaVersion	`clouddirectory:GetAppliedSchemaVersion`	*
GetDirectory	`clouddirectory:GetDirectory`	*
GetFacet	`clouddirectory:GetFacet`	*
GetObjectAttributes	`clouddirectory:GetObjectAttributes`	*
GetObjectInformation	`clouddirectory:GetObjectInformation`	*
GetSchemaAsJson	`clouddirectory:GetSchemaAsJson`	*
GetTypedLinkFacetInformation	`clouddirectory:GetTypedLinkFacetInformation`	*
ListAppliedSchemaArns	`clouddirectory:ListAppliedSchemaArns`	*
ListAttachedIndices	`clouddirectory:ListAttachedIndices`	*
ListDevelopmentSchemaArns	`clouddirectory:ListDevelopmentSchemaArns`	*
ListDirectories	`clouddirectory:ListDirectories`	*
ListFacetAttributes	`clouddirectory:ListFacetAttributes`	*
ListFacetNames	`clouddirectory:ListFacetNames`	*
ListIncomingTypedLinks	`clouddirectory:ListIncomingTypedLinks`	*
ListIndex	`clouddirectory:ListIndex`	*
ListObjectAttributes	`clouddirectory:ListObjectAttributes`	*
ListObjectChildren	`clouddirectory:ListObjectChildren`	*
ListObjectParentPaths	`clouddirectory:ListObjectParentPaths`	*
ListObjectParents	`clouddirectory:ListObjectParents`	*
ListObjectPolicies	`clouddirectory:ListObjectPolicies`	*
ListOutgoingTypedLinks	`clouddirectory:ListOutgoingTypedLinks`	*
ListPolicyAttachments	`clouddirectory:ListPolicyAttachments`	*
ListPublishedSchemaArns	`clouddirectory:ListPublishedSchemaArns`	*
ListTagsForResource	`clouddirectory:ListTagsForResource`	*
ListTypedLinkFacetAttributes	`clouddirectory:ListTypedLinkFacetAttributes`	*
ListTypedLinkFacetNames	`clouddirectory:ListTypedLinkFacetNames`	*
LookupPolicy	`clouddirectory:LookupPolicy`	*
PublishSchema	`clouddirectory:PublishSchema`	*
PutSchemaFromJson	`clouddirectory:PutSchemaFromJson`	*
RemoveFacetFromObject	`clouddirectory:RemoveFacetFromObject`	*
TagResource	`clouddirectory:TagResource`	*
UntagResource	`clouddirectory:UntagResource`	*
UpdateFacet	`clouddirectory:UpdateFacet`	*
UpdateObjectAttributes	`clouddirectory:UpdateObjectAttributes`	*
UpdateSchema	`clouddirectory:UpdateSchema`	*
UpdateTypedLinkFacet	`clouddirectory:UpdateTypedLinkFacet`	*
UpgradeAppliedSchema	`clouddirectory:UpgradeAppliedSchema`	*
UpgradePublishedSchema	`clouddirectory:UpgradePublishedSchema`	*

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using Identity-Based Policies (IAM Policies)

Logging and Monitoring