Amazon Pinpoint actions for IAM policies - Amazon Pinpoint
Amazon Pinpoint API actionsAmazon Pinpoint SMS and voice version 1 API actions

Amazon Pinpoint actions for IAM policies

To manage access to Amazon Pinpoint resources in your AWS account, you can add Amazon Pinpoint actions to AWS Identity and Access Management (IAM) policies. By using actions in policies, you can control what users can do on the Amazon Pinpoint console. You can also control what users can do programmatically by using the AWS SDKs, the AWS Command Line Interface (AWS CLI), or the Amazon Pinpoint APIs directly.

In a policy, you specify each action with the appropriate Amazon Pinpoint namespace followed by a colon and the name of the action, such as GetSegments. Most actions correspond to a request to the Amazon Pinpoint API using a specific URI and HTTP method. For example, if you allow the mobiletargeting:GetSegments action in a user's policy, the user is allowed to retrieve information about all the segments for a project by submitting an HTTP GET request to the /apps/projectId/segments URI. This policy also allows the user to view that information on the console, and retrieve that information by using an AWS SDK or the AWS CLI.

Each action is performed on a specific Amazon Pinpoint resource, which you identify in a policy statement by its Amazon Resource Name (ARN). For example, the mobiletargeting:GetSegments action is performed on a specific project, which you identify with the ARN, arn:aws:mobiletargeting:region:accountId:apps/projectId.

This topic identifies Amazon Pinpoint actions that you can add to IAM policies for your AWS account. To see examples that demonstrate how you can use actions in policies to manage access to Amazon Pinpoint resources, see Amazon Pinpoint identity-based policy examples.

Amazon Pinpoint API actions

This section identifies actions for features that are available from the Amazon Pinpoint API, which is the primary API for Amazon Pinpoint. To learn more about this API, see the Amazon Pinpoint API Reference.

Analytics and metrics

The following permissions are related to viewing analytics data on the Amazon Pinpoint console. They're also related to retrieving (querying) aggregated data for standard metrics, also referred to as key performance indicators (KPIs), that apply to projects, campaigns, and journeys.

mobiletargeting:GetReports

View analytics data on the Amazon Pinpoint console. This permission is also required in order to create segments that contain custom attributes using the Amazon Pinpoint console. It's also required to obtain an estimate of the size of a segment in the Amazon Pinpoint console.

  • URI – Not applicable

  • Method – Not applicable

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:*

mobiletargeting:GetApplicationDateRangeKpi

Retrieve (query) aggregated data for a standard application metric. This is a metric that applies to all the campaigns or transactional messages that are associated with a project.

mobiletargeting:GetCampaignDateRangeKpi

Retrieve (query) aggregated data for a standard campaign metric. This is a metric that applies to an individual campaign.

mobiletargeting:GetJourneyDateRangeKpi

Retrieve (query) aggregated data for a standard journey engagement metric. This is an engagement metric that applies to an individual journey—for example, the number of messages that were opened by participants for all the activities in a journey.

mobiletargeting:GetJourneyExecutionMetrics

Retrieve (query) aggregated data for standard execution metrics that apply to an individual journey—for example, the number of participants who are actively proceeding through all the activities in a journey.

mobiletargeting:GetJourneyExecutionActivityMetrics

Retrieve (query) aggregated data for standard execution metrics that apply to an individual activity in a journey—for example, the number of participants who started or completed an activity.

Campaigns

The following permissions are related to managing campaigns in your Amazon Pinpoint account.

mobiletargeting:CreateCampaign

Create a campaign for a project.

  • URI – /apps/projectId/campaigns

  • Method – POST

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId/campaigns

mobiletargeting:DeleteCampaign

Delete a specific campaign.

mobiletargeting:GetCampaign

Retrieve information about a specific campaign.

mobiletargeting:GetCampaignActivities

Retrieve information about the activities performed by a campaign.

mobiletargeting:GetCampaigns

Retrieve information about all campaigns for a project.

mobiletargeting:GetCampaignVersion

Retrieve information about a specific campaign version.

mobiletargeting:GetCampaignVersions

Retrieve information about the current and prior versions of a campaign.

mobiletargeting:UpdateCampaign

Update a specific campaign.

Channels

The following permissions are related to managing channels in your Amazon Pinpoint account. In Amazon Pinpoint, channels refer to the methods that you use to contact your customers, such as sending email, SMS messages, or push notifications.

mobiletargeting:DeleteAdmChannel

Disable the Amazon Device Messaging (ADM) channel for a project.

  • URI – /apps/projectId/channels/adm

  • Method – DELETE

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId/channels/adm

mobiletargeting:GetAdmChannel

Retrieve information about the ADM channel for a project.

mobiletargeting:UpdateAdmChannel

Enable or update the ADM channel for a project.

mobiletargeting:DeleteApnsChannel

Disable the Apple Push Notification service (APNs) channel for a project.

mobiletargeting:GetApnsChannel

Retrieve information about the APNs channel for a project.

mobiletargeting:UpdateApnsChannel

Enable or update the APNs channel for a project.

mobiletargeting:DeleteApnsSandboxChannel

Disable the APNs sandbox channel for a project.

mobiletargeting:GetApnsSandboxChannel

Retrieve information about the APNs sandbox channel for a project.

mobiletargeting:UpdateApnsSandboxChannel

Enable or update the APNs sandbox channel for a project.

mobiletargeting:DeleteApnsVoipChannel

Disable the APNs VoIP channel for a project.

mobiletargeting:GetApnsVoipChannel

Retrieve information about the APNs VoIP channel for a project.

mobiletargeting:UpdateApnsVoipChannel

Enable or update the APNs VoIP channel for a project.

mobiletargeting:DeleteApnsVoipSandboxChannel

Disable the APNs VoIP sandbox channel for a project.

mobiletargeting:GetApnsVoipSandboxChannel

Retrieve information about the APNs VoIP sandbox channel for a project.

mobiletargeting:UpdateApnsVoipSandboxChannel

Enable or update the APNs VoIP sandbox channel for a project.

mobiletargeting:DeleteBaiduChannel

Disable the Baidu Cloud Push channel for a project.

mobiletargeting:GetBaiduChannel

Retrieve information about the Baidu Cloud Push channel for a project.

mobiletargeting:UpdateBaiduChannel

Enable or update the Baidu Cloud Push channel for a project.

mobiletargeting:DeleteEmailChannel

Disable the email channel for a project.

mobiletargeting:GetEmailChannel

Retrieve information about the email channel for a project.

mobiletargeting:UpdateEmailChannel

Enable or update the email channel for a project.

mobiletargeting:DeleteGcmChannel

Disable the Firebase Cloud Messaging (FCM) channel for a project. This channel allows Amazon Pinpoint to send push notifications to an Android app through the FCM service, which replaces the Google Cloud Messaging (GCM) service.

  • URI – /apps/projectId/channels/gcm

  • Method – DELETE

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId/channels/gcm

mobiletargeting:GetGcmChannel

Retrieve information about the FCM channel for a project. This channel allows Amazon Pinpoint to send push notifications to an Android app through the FCM service, which replaces the Google Cloud Messaging (GCM) service.

mobiletargeting:UpdateGcmChannel

Enable or update the FCM channel for a project. This channel allows Amazon Pinpoint to send push notifications to an Android app through the FCM service, which replaces the Google Cloud Messaging (GCM) service.

mobiletargeting:DeleteSmsChannel

Disable the SMS channel for a project.

  • URI – /apps/projectId/channels/sms

  • Method – DELETE

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId/channels/sms

mobiletargeting:GetSmsChannel

Retrieve information about the SMS channel for a project.

mobiletargeting:UpdateSmsChannel

Enable or update the SMS channel for a project.

mobiletargeting:GetChannels

Retrieves information about the history and status of each channel for an application.

mobiletargeting:DeleteVoiceChannel

Disables the voice channel for an application and deletes any existing settings for the channel.

mobiletargeting:GetVoiceChannel

Retrieves information about the status and settings of the voice channel for an application.

mobiletargeting:UpdateVoiceChannel

Enables the voice channel for an application or updates the status and settings of the voice channel for an application.

Endpoints

The following permissions are related to managing endpoints in your Amazon Pinpoint account. In Amazon Pinpoint, an endpoint is a single destination for your messages. For example, an endpoint could be a customer's email address, telephone number, or mobile device token.

mobiletargeting:DeleteEndpoint

Delete an endpoint.

mobiletargeting:GetEndpoint

Retrieve information about a specific endpoint.

mobiletargeting:RemoveAttributes

Removes one or more attributes, of the same attribute type, from all the endpoints that are associated with an application.

mobiletargeting:UpdateEndpoint

Create an endpoint or update the information for an endpoint.

mobiletargeting:UpdateEndpointsBatch

Create or update endpoints as a batch operation.

Event streams

The following permissions are related to managing event streams for your Amazon Pinpoint account.

mobiletargeting:DeleteEventStream

Delete the event stream for a project.

  • URI – /apps/projectId/eventstream/

  • Method – DELETE

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId/eventstream

mobiletargeting:GetEventStream

Retrieve information about the event stream for a project.

mobiletargeting:PutEventStream

Create or update an event stream for a project.

Events

The following permissions are related to managing events jobs in your Amazon Pinpoint account. In Amazon Pinpoint, you create import jobs to create segments based on endpoint definitions that are stored in an Amazon S3 bucket.

mobiletargeting:PutEvents

Creates a new event to record for endpoints, or creates or updates endpoint data that existing events are associated with.

Export jobs

The following permissions are related to managing export jobs in your Amazon Pinpoint account. In Amazon Pinpoint, you create export jobs to send information about endpoints to an Amazon S3 bucket for storage or analysis.

mobiletargeting:CreateExportJob

Create an export job for exporting endpoint definitions to Amazon S3.

  • URI – /apps/projectId/jobs/export

  • Method – POST

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId/jobs/export

mobiletargeting:GetExportJob

Retrieve information about a specific export job for a project.

mobiletargeting:GetExportJobs

Retrieve a list of all the export jobs for a project.

  • URI – /apps/projectId/jobs/export

  • Method – GET

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId/jobs/export

Import jobs

The following permissions are related to managing import jobs in your Amazon Pinpoint account. In Amazon Pinpoint, you create import jobs to create segments based on endpoint definitions that are stored in an Amazon S3 bucket.

mobiletargeting:CreateImportJob

Import endpoint definitions from Amazon S3 to create a segment.

mobiletargeting:GetImportJob

Retrieve information about a specific import job for a project.

mobiletargeting:GetImportJobs

Retrieve information about all the import jobs for a project.

Journeys

The following permissions are related to managing journeys in your Amazon Pinpoint account.

mobiletargeting:CreateJourney

Create a journey for a project.

  • URI – /apps/projectId/journeys

  • Method – POST

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId/journeys

mobiletargeting:GetJourney

Retrieve information about a specific journey.

mobiletargeting:ListJourneys

Retrieve information about all the journeys for a project.

  • URI – /apps/projectId/journeys

  • Method – GET

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId/journeys

mobiletargeting:UpdateJourney

Update the configuration and other settings for a specific journey.

mobiletargeting:UpdateJourneyState

Cancel an active journey.

mobiletargeting:DeleteJourney

Delete a specific journey.

Message templates

The following permissions are related to creating and managing message templates for your Amazon Pinpoint account. A message template is a set of content and settings that you can define, save, and reuse in messages that you send for any of your Amazon Pinpoint projects.

mobiletargeting:ListTemplates

Retrieve information about all the message templates that are associated with your Amazon Pinpoint account.

  • URI – /templates

  • Method – GET

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:templates

mobiletargeting:ListTemplateVersions

Retrieve information about all the versions of a specific message template.

mobiletargeting:UpdateTemplateActiveVersion

Designate a specific version of a message template as the active version of the template.

mobiletargeting:GetEmailTemplate

Retrieve information about a message template for messages that are sent through the email channel.

mobiletargeting:CreateEmailTemplate

Create a message template for messages that are sent through the email channel.

mobiletargeting:UpdateEmailTemplate

Update an existing message template for messages that are sent through the email channel.

mobiletargeting:DeleteEmailTemplate

Delete a message template for messages that were sent through the email channel.

mobiletargeting:GetPushTemplate

Retrieve information about a message template for messages that are sent through a push notification channel.

mobiletargeting:CreatePushTemplate

Create a message template for messages that are sent through a push notification channel.

mobiletargeting:UpdatePushTemplate

Update an existing message template for messages that are sent through a push notification channel.

mobiletargeting:DeletePushTemplate

Delete a message template for messages that were sent through a push notification channel.

mobiletargeting:GetSmsTemplate

Retrieve information about a message template for messages that are sent through the SMS channel.

mobiletargeting:CreateSmsTemplate

Create a message template for messages that are sent through the SMS channel.

  • URI – /templates/template-name/sms

  • Method – POST

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:templates/template-name/SMS

mobiletargeting:UpdateSmsTemplate

Update an existing message template for messages that are sent through the SMS channel.

mobiletargeting:DeleteSmsTemplate

Delete a message template for messages that were sent through the SMS channel.

  • URI – /templates/template-name/sms

  • Method – DELETE

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:templates/template-name/SMS

mobiletargeting:GetVoiceTemplate

Retrieve information about a message template for messages that are sent through the voice channel.

mobiletargeting:CreateVoiceTemplate

Create a message template for messages that are sent through the voice channel.

mobiletargeting:UpdateVoiceTemplate

Update an existing message template for messages that are sent through the voice channel.

mobiletargeting:DeleteVoiceTemplate

Delete a message template for messages that were sent through the voice channel.

Messages

The following permissions are related to sending messages and push notifications from your Amazon Pinpoint account. You can use the SendMessages and SendUsersMessages operations to send messages to specific endpoints without creating segments and campaigns first.

mobiletargeting:SendMessages

Send a message or push notification to specific endpoints.

  • URI – /apps/projectId/messages

  • Method – POST

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId/messages

mobiletargeting:SendUsersMessages

Send a message or push notification to all the endpoints that are associated with a specific user ID.

One-time passwords

The following permissions are related to sending and validating one-time passwords (OTPs) in Amazon Pinpoint.

mobiletargeting:SendOTPMessage

Send a text message that contains a one-time password.

  • URI – /apps/projectId/otp

  • Method – POST

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId/otp

mobiletargeting:VerifyOTPMessage

Check the validity of a one-time password (OTP) that was generated using the SendOTPMessage operation.

  • URI – /apps/projectId/verify-otp

  • Method – POST

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId/verify-otp

Phone number validation

The following permissions are related to using the phone number validation service in Amazon Pinpoint.

mobiletargeting:PhoneNumberValidate

Retrieve information about a phone number.

  • URI – /phone/number/validate

  • Method – POST

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:phone/number/validate

Projects

The following permissions are related to managing projects in your Amazon Pinpoint account. Originally, projects were referred to as applications. For the purposes of these operations, an Amazon Pinpoint application is the same as an Amazon Pinpoint project.

mobiletargeting:CreateApp

Create an Amazon Pinpoint project.

  • URI – /apps

  • Method – POST

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps

mobiletargeting:DeleteApp

Delete an Amazon Pinpoint project.

  • URI – /apps/projectId

  • Method – DELETE

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId

mobiletargeting:GetApp

Retrieve information about an Amazon Pinpoint project.

  • URI – /apps/projectId

  • Method – GET

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId

mobiletargeting:GetApps

Retrieve information about all the projects that are associated with your Amazon Pinpoint account.

  • URI – /apps

  • Method – GET

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps

mobiletargeting:GetApplicationSettings

Retrieve the default settings for an Amazon Pinpoint project.

  • URI – /apps/projectId/settings

  • Method – GET

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId

mobiletargeting:UpdateApplicationSettings

Update the default settings for an Amazon Pinpoint project.

  • URI – /apps/projectId/settings

  • Method – PUT

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId

Recommender models

The following permissions are related to managing Amazon Pinpoint configurations for retrieving and processing recommendation data from recommender models. A recommender model is a type of machine learning model that predicts and generates personalized recommendations by finding patterns in data.

mobiletargeting:CreateRecommenderConfiguration

Create an Amazon Pinpoint configuration for a recommender model.

  • URI – /recommenders

  • Method – POST

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:recommenders

mobiletargeting:GetRecommenderConfigurations

Retrieve information about all the recommender model configurations that are associated with your Amazon Pinpoint account.

  • URI – /recommenders

  • Method – GET

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:recommenders

mobiletargeting:GetRecommenderConfiguration

Retrieve information about an individual Amazon Pinpoint configuration for a recommender model.

  • URI – /recommenders/recommenderId

  • Method – GET

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:recommenders/recommenderId

mobiletargeting:UpdateRecommenderConfiguration

Update an Amazon Pinpoint configuration for a recommender model.

  • URI – /recommenders/recommenderId

  • Method – PUT

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:recommenders/recommenderId

mobiletargeting:DeleteRecommenderConfiguration

Delete an Amazon Pinpoint configuration for a recommender model.

  • URI – /recommenders/recommenderId

  • Method – DELETE

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:recommenders/recommenderId

Segments

The following permissions are related to managing segments in your Amazon Pinpoint account. In Amazon Pinpoint, segments are groups of recipients for your campaigns that share certain attributes that you define.

mobiletargeting:CreateSegment

Create a segment. To allow a user to create a segment by importing endpoint data from outside Amazon Pinpoint, allow the mobiletargeting:CreateImportJob action.

  • URI – /apps/projectId/segments

  • Method – POST

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId

mobiletargeting:DeleteSegment

Delete a segment.

mobiletargeting:GetSegment

Retrieve information about a specific segment.

mobiletargeting:GetSegmentExportJobs

Retrieve information about jobs that export endpoint definitions for a segment.

mobiletargeting:GetSegments

Retrieve information about all the segments for a project.

  • URI – /apps/projectId/segments

  • Method – GET

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId

mobiletargeting:GetSegmentImportJobs

Retrieve information about jobs that create segments by importing endpoint definitions from Amazon S3.

mobiletargeting:GetSegmentVersion

Retrieve information about a specific segment version.

mobiletargeting:GetSegmentVersions

Retrieve information about the current and prior versions of a segment.

mobiletargeting:UpdateSegment

Update a specific segment.

Tags

The following permissions are related to viewing and managing tags for Amazon Pinpoint resources.

mobiletargeting:ListTagsForResource

Retrieve information about the tags that are associated with a project, campaign, message template, or segment.

  • URI – /tags/resource-arn

  • Method – GET

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:*

mobiletargeting:TagResource

Add one or more tags to a project, campaign, message template, or segment.

  • URI – /tags/resource-arn

  • Method – POST

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:*

mobiletargeting:UntagResource

Remove one or more tags from a project, campaign, message template, or segment.

  • URI – /tags/resource-arn

  • Method – DELETE

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:*

Users

The following permissions are related to managing users. In Amazon Pinpoint, users correspond to individuals who receive messages from you. A single user might be associated with more than one endpoint.

mobiletargeting:DeleteUserEndpoints

Delete all the endpoints that are associated with a user ID.

  • URI – /apps/projectId/users/userId

  • Method – DELETE

  • Resource ARN – arn:aws:mobiletargeting:region:accountId:apps/projectId/users/userId

mobiletargeting:GetUserEndpoints

Retrieve information about all the endpoints that are associated with a user ID.

Amazon Pinpoint SMS and voice version 1 API actions

This section identifies actions for features that are available from the Amazon Pinpoint SMS and Voice API. This is a supplemental API that provides advanced options for using and managing the SMS and voice channels in Amazon Pinpoint. To learn more about this API, see the Amazon Pinpoint SMS and voice API reference.

sms-voice:CreateConfigurationSet

Create a configuration set for sending voice messages.

  • URI – /sms-voice/configuration-sets

  • Method – POST

  • Resource ARN – Not available. Use *.

sms-voice:DeleteConfigurationSet

Delete a configuration set for sending voice messages.

  • URI – /sms-voice/configuration-sets/ConfigurationSetName

  • Method – DELETE

  • Resource ARN – Not available. Use *.

sms-voice:GetConfigurationSetEventDestinations

Retrieve information about a configuration set and the event destinations that it contains.

  • URI – /sms-voice/configuration-sets/ConfigurationSetName/event-destinations

  • Method – GET

  • Resource ARN – Not available. Use *.

sms-voice:CreateConfigurationSetEventDestination

Create an event destination for voice events.

  • URI – /sms-voice/configuration-sets/ConfigurationSetName/event-destinations

  • Method – POST

  • Resource ARN – Not available. Use *.

sms-voice:UpdateConfigurationSetEventDestination

Update an event destination for voice events.

  • URI – /sms-voice/configuration-sets/ConfigurationSetName/event-destinations/EventDestinationName

  • Method – PUT

  • Resource ARN – Not available. Use *.

sms-voice:DeleteConfigurationSetEventDestination

Delete an event destination for voice events.

  • URI – /sms-voice/configuration-sets/ConfigurationSetName/event-destinations/EventDestinationName

  • Method – DELETE

  • Resource ARN – Not available. Use *.

sms-voice:SendVoiceMessage

Create and send voice messages.

  • URI – /sms-voice/voice/message

  • Method – POST

  • Resource ARN – Not available. Use *.