本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# Amazon Cognito User Pools 的操作、资源和条件键
Amazon Cognito User Pools(服务前缀:`cognito-idp`)提供以下服务特定的资源、操作和条件上下文键以在 IAM 权限策略中使用。
参考:
+ 了解如何[配置该服务](https://docs.aws.amazon.com/cognito/latest/developerguide/)。
+ 查看[适用于该服务的 API 操作列表](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/)。
+ 了解如何[使用 IAM](https://docs.aws.amazon.com/cognito/latest/developerguide/security_iam_service-with-iam.html) 权限策略保护该服务及其资源。
**Topics**
+ [Amazon Cognito User Pools 定义的操作](#amazoncognitouserpools-actions-as-permissions)
+ [Amazon Cognito User Pools 定义的资源类型](#amazoncognitouserpools-resources-for-iam-policies)
+ [Amazon Cognito User Pools 的条件键](#amazoncognitouserpools-policy-keys)
## Amazon Cognito User Pools 定义的操作
您可以在 IAM 策略语句的 `Action` 元素中指定以下操作。可以使用策略授予在 AWS中执行操作的权限。您在策略中使用一项操作时,通常使用相同的名称允许或拒绝对 API 操作或 CLI 命令的访问。但在某些情况下,单一动作可控制对多项操作的访问。还有某些操作需要多种不同的动作。
操作表的**访问级别**列描述如何对操作进行分类(列出、读取、权限管理或标记)。此分类可以帮助您了解当您在策略中使用操作时,相应操作授予的访问级别。有关访问级别的更多信息,请参阅[策略摘要中的访问级别](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html)。
操作表的**资源类型**列指示每项操作是否支持资源级权限。如果该列没有任何值,您必须在策略语句的 `Resource` 元素中指定策略应用的所有资源(“\*”)。通过在 IAM policy 中使用条件来筛选访问权限,以控制是否可以在资源或请求中使用特定标签键。如果操作具有一个或多个必需资源,则调用方必须具有使用这些资源来使用该操作的权限。必需资源在表中以星号 (\*) 表示。如果您在 IAM policy 中使用 `Resource` 元素限制资源访问权限,则必须为每种必需的资源类型添加 ARN 或模式。某些操作支持多种资源类型。如果资源类型是可选的(未指示为必需),则可以选择使用一种可选资源类型。
操作表的**条件键**列包括可以在策略语句的 `Condition` 元素中指定的键。有关与服务资源关联的条件键的更多信息,请参阅资源类型表的**条件键**列。
操作表的**依赖操作**列显示成功调用操作可能需要的其他权限。除了操作本身的权限以外,可能还需要这些权限。若某个操作指定依赖操作,则这些依赖关系可能适用于为该操作定义的其他资源,而不仅仅是表中列出的第一个资源。
**注意**
资源条件键在[资源类型](#amazoncognitouserpools-resources-for-iam-policies)表中列出。您可以在操作表的**资源类型(\* 为必需)**列中找到应用于某项操作的资源类型的链接。资源类型表中的资源类型包括**条件密钥**列,这是应用于操作表中操作的资源条件键。
有关下表中各列的详细信息,请参阅[操作表](reference_policies_actions-resources-contextkeys.html#actions_table)。
****
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AddCustomAttributes.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AddCustomAttributes.html) **
- **描述:** 授予权限以将用户属性添加到用户池架构
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AddUserPoolClientSecret.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AddUserPoolClientSecret.html) **
- **描述:** 授予向机密客户端添加新密钥的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminAddUserToGroup.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminAddUserToGroup.html) **
- **描述:** 授予权限以将任何用户添加到任何组
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminConfirmSignUp.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminConfirmSignUp.html) **
- **描述:** 授予权限以在没有确认码的情况下确认任何用户注册
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUser.html) **
- **描述:** 授予权限以创建新用户并通过电子邮件或 SMS 发送欢迎消息
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDeleteUser.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDeleteUser.html) **
- **描述:** 授予权限以删除任何用户
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDeleteUserAttributes.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDeleteUserAttributes.html) **
- **描述:** 授予权限以删除任何用户的属性
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDisableProviderForUser.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDisableProviderForUser.html) **
- **描述:** 授予权限以取消任何用户池用户与第三方身份提供者 (IdP) 用户的关联
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDisableUser.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminDisableUser.html) **
- **描述:** 授予权限以停用任何用户
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminEnableUser.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminEnableUser.html) **
- **描述:** 授予权限以激活任何用户
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminForgetDevice.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminForgetDevice.html) **
- **描述:** 授予权限以注销任何用户设备
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminGetDevice.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminGetDevice.html) **
- **描述:** 授予权限以获取有关任何用户设备的信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminGetUser.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminGetUser.html) **
- **描述:** 授予权限以按用户名查找任何用户
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html) **
- **描述:** 授予权限以对任何用户进行身份验证
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html) **
- **描述:** 授予权限以将任何用户池用户与第三方 IdP 用户相关联
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListDevices.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListDevices.html) **
- **描述:** 授予权限以列出任何用户的记忆设备
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListGroupsForUser.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListGroupsForUser.html) **
- **描述:** 授予权限以列出任何用户所属的组
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListUserAuthEvents.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListUserAuthEvents.html) **
- **描述:** 授予权限以列出任何用户的登录事件
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRemoveUserFromGroup.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRemoveUserFromGroup.html) **
- **描述:** 授予权限以从任何组删除任何用户
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminResetUserPassword.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminResetUserPassword.html) **
- **描述:** 授予权限以重置任何用户的密码
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html) **
- **描述:** 授予权限以便在对任何用户进行身份验证期间响应身份验证质询
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html) **
- **描述:** 授予权限以设置任何用户的首选 MFA 方法
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html) **
- **描述:** 授予权限以设置任何用户的密码
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserSettings.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserSettings.html) **
- **描述:** 授予权限以为任何用户设定用户设置
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateAuthEventFeedback.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateAuthEventFeedback.html) **
- **描述:** 授予权限以便为任何用户的身份验证事件更新高级安全反馈
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateDeviceStatus.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateDeviceStatus.html) **
- **描述:** 授予权限以更新任何用户的记忆设备状态
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) **
- **描述:** 授予权限以更新任何用户的标准或自定义属性
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUserGlobalSignOut.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUserGlobalSignOut.html) **
- **描述:** 授予权限以从所有会话中注销任何用户
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html) **
- **描述:** 授予权限以返回为用户生成的唯一共享私有密钥代码
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [${UserGuideDocPage}user-pool-waf.html](${UserGuideDocPage}user-pool-waf.html) [仅权限]**
- **描述:** 授予将用户池与 AWS WAF Web ACL 关联的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazoncognitouserpools-webacl](#amazoncognitouserpools-webacl) / **条件键:** / **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ChangePassword.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ChangePassword.html) **
- **描述:** 授予权限以更改用户群体中指定用户的密码
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) **
- **描述:** 授予权限以确认对设备的跟踪。此 API 调用是开始设备跟踪的调用
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html) **
- **描述:** 授予权限以允许用户输入确认代码以重置忘记的密码
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmSignUp.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmSignUp.html) **
- **描述:** 授予权限以确认用户的注册并处理以前用户的现有别名
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html) **
- **描述:** 授予权限以创建新的用户池组
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateIdentityProvider.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateIdentityProvider.html) **
- **描述:** 授予权限以将身份提供者添加到用户池
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateManagedLoginBranding.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateManagedLoginBranding.html) **
- **描述:** 授予权限以创建托管登录的品牌设置并将其与应用程序客户端关联
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateResourceServer.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateResourceServer.html) **
- **描述:** 授予为 OAuth 2.0 资源服务器创建和配置作用域的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateTerms.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateTerms.html) **
- **描述:** 授予创建术语并将其与应用程序客户端关联的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserImportJob.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserImportJob.html) **
- **描述:** 授予权限以创建用户 CSV 导入任务
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) **
- **描述:** 授予权限以为用户池创建和设置密码策略
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:** [#amazoncognitouserpools-aws_RequestTag___TagKey_](#amazoncognitouserpools-aws_RequestTag___TagKey_) [#amazoncognitouserpools-aws_TagKeys](#amazoncognitouserpools-aws_TagKeys) [#amazoncognitouserpools-aws_ResourceTag___TagKey_](#amazoncognitouserpools-aws_ResourceTag___TagKey_)
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html) **
- **描述:** 授予权限以创建用户池应用程序客户端
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolDomain.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolDomain.html) **
- **描述:** 授予权限以添加用户池域
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteGroup.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteGroup.html) **
- **描述:** 授予权限以删除任何空用户池组
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteIdentityProvider.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteIdentityProvider.html) **
- **描述:** 授予权限以从用户池中删除任何身份提供者
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteManagedLoginBranding.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteManagedLoginBranding.html) **
- **描述:** 授予权限以删除任何应用程序客户端的托管登录品牌风格
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteResourceServer.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteResourceServer.html) **
- **描述:** 授予从用户池中删除任何 OAuth 2.0 资源服务器的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteTerms.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteTerms.html) **
- **描述:** 授予删除应用程序客户端条款的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUser.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUser.html) **
- **描述:** 授予权限以允许用户删除自己
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserAttributes.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserAttributes.html) **
- **描述:** 授予权限以删除用户的属性
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserPool.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserPool.html) **
- **描述:** 授予权限以删除用户池
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserPoolClient.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserPoolClient.html) **
- **描述:** 授予权限以删除任何用户池应用程序客户端
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserPoolClientSecret.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserPoolClientSecret.html) **
- **描述:** 授予从与客户端关联的密钥列表中删除密钥的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserPoolDomain.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DeleteUserPoolDomain.html) **
- **描述:** 授予权限以删除任何用户池域
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeIdentityProvider.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeIdentityProvider.html) **
- **描述:** 授予权限以描述任何用户池身份提供者
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBranding.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBranding.html) **
- **描述:** 授予权限以获取有关托管登录的品牌风格的详细信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBrandingByClient.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBrandingByClient.html) **
- **描述:** 授予权限以获取有关与应用程序客户端关联的托管登录的品牌风格的详细信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeResourceServer.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeResourceServer.html) **
- **描述:** 授予描述任何 OAuth 2.0 资源服务器的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) **
- **描述:** 授予权限以描述用户池和应用程序客户端的风险配置设置
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeTerms.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeTerms.html) **
- **描述:** 授予获取应用程序客户端条款详细信息的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserImportJob.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserImportJob.html) **
- **描述:** 授予权限以描述任何用户导入任务
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) **
- **描述:** 授予权限以描述用户池
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html) **
- **描述:** 授予权限以描述任何用户池应用程序客户端
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolDomain.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolDomain.html) **
- **描述:** 授予权限以描述任何用户池域
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [${UserGuideDocPage}user-pool-waf.html](${UserGuideDocPage}user-pool-waf.html) [仅权限]**
- **描述:** 授予取消用户池与 AWS WAF Web ACL 关联的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgetDevice.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgetDevice.html) **
- **描述:** 授予权限以忘记指定设备
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html) **
- **描述:** 授予权限以向最终用户发送消息,其中包含更改用户密码所需的确认代码
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetCSVHeader.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetCSVHeader.html) **
- **描述:** 授予权限为用户导入 .csv 文件生成标头
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetDevice.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetDevice.html) **
- **描述:** 授予权限以获取设备
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetGroup.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetGroup.html) **
- **描述:** 授予权限以描述用户池组
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetIdentityProviderByIdentifier.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetIdentityProviderByIdentifier.html) **
- **描述:** 授予权限以将用户池 IdP 标识符与 IdP 名称相关联
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetLogDeliveryConfiguration.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetLogDeliveryConfiguration.html) **
- **描述:** 授予权限以获取用户群体的详细活动日志配置
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetSigningCertificate.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetSigningCertificate.html) **
- **描述:** 授予权限以为用户池查找签名证书
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetTokensFromRefreshToken.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetTokensFromRefreshToken.html) **
- **描述:** 授予权限以使用刷新令牌更新用户令牌
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUICustomization.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUICustomization.html) **
- **描述:** 授予权限以获取任何应用程序客户端的托管 UI 的 UI 自定义信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) **
- **描述:** 授予权限以获取用户的用户属性和元数据
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserAttributeVerificationCode.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserAttributeVerificationCode.html) **
- **描述:** 授予权限以获取指定属性名称的用户属性验证码
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserPoolMfaConfig.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserPoolMfaConfig.html) **
- **描述:** 授予权限以查找用户池 MFA 配置
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [${UserGuideDocPage}user-pool-waf.html](${UserGuideDocPage}user-pool-waf.html) [仅权限]**
- **描述:** 授予获取与 Amazon Cognito 用户池关联的 AWS WAF 网络 ACL 的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GlobalSignOut.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GlobalSignOut.html) **
- **描述:** 授予权限以从所有设备中注销用户
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html) **
- **描述:** 授予权限以启动身份验证流程
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListDevices.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListDevices.html) **
- **描述:** 授予权限以列出设备
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListGroups.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListGroups.html) **
- **描述:** 授予权限以列出用户池中的所有组
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListIdentityProviders.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListIdentityProviders.html) **
- **描述:** 授予权限以列出用户池中的所有身份提供者
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListResourceServers.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListResourceServers.html) **
- **描述:** 授予权限以列出用户池中的所有资源服务器
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [${UserGuideDocPage}user-pool-waf.html](${UserGuideDocPage}user-pool-waf.html) [仅权限]**
- **描述:** 授予列出与 AWS WAF Web ACL 关联的用户池的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazoncognitouserpools-webacl](#amazoncognitouserpools-webacl)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListTagsForResource.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListTagsForResource.html) **
- **描述:** 授予权限以列出分配给 Amazon Cognito 用户池的标签
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListTerms.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListTerms.html) **
- **描述:** 授予列出用户池所有术语的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserImportJobs.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserImportJobs.html) **
- **描述:** 授予权限以列出所有用户导入任务
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserPoolClientSecrets.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserPoolClientSecrets.html) **
- **描述:** 授予列出与客户端关联的所有密钥的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserPoolClients.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserPoolClients.html) **
- **描述:** 授予权限以列出用户池中的所有应用程序客户端
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserPools.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUserPools.html) **
- **描述:** 授予权限以列出所有用户池
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsers.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsers.html) **
- **描述:** 授予权限以列出所有用户池用户
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsersInGroup.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsersInGroup.html) **
- **描述:** 授予权限以列出任何组中的用户
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ResendConfirmationCode.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ResendConfirmationCode.html) **
- **描述:** 授予权限以向用户群体中的指定用户重新发送确认(用于确认注册)
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html) **
- **描述:** 授予权限以响应身份验证质询
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) **
- **描述:** 授予权限以撤销指定刷新令牌生成的所有访问令牌
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetLogDeliveryConfiguration.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetLogDeliveryConfiguration.html) **
- **描述:** 授予权限以设置或修改用户群体的详细活动日志配置
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) **
- **描述:** 授予权限以为用户池和应用程序客户端设置风险配置
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUICustomization.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUICustomization.html) **
- **描述:** 授予权限以自定义任何应用程序客户端的托管 UI
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html) **
- **描述:** 授予权限以设置用户群体中的用户的 MFA 首选项
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) **
- **描述:** 授予权限以设置用户池 MFA 配置
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserSettings.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserSettings.html) **
- **描述:** 授予权限以设置用户设置,如多重身份验证(MFA)
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) **
- **描述:** 授予权限以在指定的用户群体中注册用户,并创建用户名、密码和用户属性
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_StartUserImportJob.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_StartUserImportJob.html) **
- **描述:** 授予权限以启动任何用户导入任务
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_StopUserImportJob.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_StopUserImportJob.html) **
- **描述:** 授予权限以停止任何用户导入任务
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_TagResource.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_TagResource.html) **
- **描述:** 授予权限以标记用户池
- **访问级别:** 标签
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazoncognitouserpools-aws_RequestTag___TagKey_](#amazoncognitouserpools-aws_RequestTag___TagKey_) [#amazoncognitouserpools-aws_TagKeys](#amazoncognitouserpools-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UntagResource.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UntagResource.html) **
- **描述:** 授予权限以取消标记用户池
- **访问级别:** 标签
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazoncognitouserpools-aws_TagKeys](#amazoncognitouserpools-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateAuthEventFeedback.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateAuthEventFeedback.html) **
- **描述:** 授予权限以更新用户身份验证事件的反馈
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) **
- **描述:** 授予权限以更新设备状态
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateGroup.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateGroup.html) **
- **描述:** 授予权限以更新任何组的配置
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateIdentityProvider.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateIdentityProvider.html) **
- **描述:** 授予权限以更新任何用户池 IdP 的配置
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateManagedLoginBranding.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateManagedLoginBranding.html) **
- **描述:** 授予权限以更新托管登录的品牌设置
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateResourceServer.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateResourceServer.html) **
- **描述:** 授予更新任何 OAuth 2.0 资源服务器配置的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateTerms.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateTerms.html) **
- **描述:** 授予更新应用程序客户端条款的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) **
- **描述:** 授予权限以允许用户更新特定属性(每次一个)
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) **
- **描述:** 授予权限以更新用户池配置
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazoncognitouserpools-aws_RequestTag___TagKey_](#amazoncognitouserpools-aws_RequestTag___TagKey_) [#amazoncognitouserpools-aws_TagKeys](#amazoncognitouserpools-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolClient.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolClient.html) **
- **描述:** 授予权限以更新任何用户池客户端
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolDomain.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolDomain.html) **
- **描述:** 授予权限以替换任何自定义域的证书
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazoncognitouserpools-userpool](#amazoncognitouserpools-userpool)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifySoftwareToken.html) **
- **描述:** 授予权限以注册用户输入的 TOTP 代码,并将用户的软件令牌 MFA 状态标记为“已验证”(如果成功)
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) **
- **描述:** 授予权限以使用一次性验证码来验证用户属性
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
## Amazon Cognito User Pools 定义的资源类型
以下资源类型是由该服务定义的,可以在 IAM 权限策略语句的 `Resource` 元素中使用这些资源类型。[操作表](#amazoncognitouserpools-actions-as-permissions)中的每个操作指定了可以使用该操作指定的资源类型。您也可以在策略中包含条件键,从而定义资源类型。这些键显示在资源类型表的最后一列。有关下表中各列的详细信息,请参阅[资源类型表](reference_policies_actions-resources-contextkeys.html#resources_table)。
****
| 资源类型 | ARN | 条件键 |
| --- | --- | --- |
| [https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html) | arn:\$\{Partition\}:cognito-idp:\$\{Region\}:\$\{Account\}:userpool/\$\{UserPoolId\} | [#amazoncognitouserpools-aws_ResourceTag___TagKey_](#amazoncognitouserpools-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) | arn:\$\{Partition\}:wafv2:\$\{Region\}:\$\{Account\}:\$\{Scope\}/webacl/\$\{Name\}/\$\{Id\} | |
## Amazon Cognito User Pools 的条件键
Amazon Cognito User Pools 定义以下可以在 IAM policy 的 `Condition` 元素中使用的条件键。您可以使用这些键进一步细化应用策略语句的条件。有关下表中各列的详细信息,请参阅[条件键表](reference_policies_actions-resources-contextkeys.html#context_keys_table)。
要查看适用于所有服务的全局条件键,请参阅 [AWS 全局条件上下文键](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html)。
****
| 条件键 | 描述 | Type |
| --- | --- | --- |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag) | 根据在请求中是否具有标签键值对来筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag) | 按附加到资源的标签键值对筛选操作 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys) | 按请求中包含的键筛选访问 | ArrayOfString |