IAM actions control access to Identity and Access Management itself. Use these actions to permit administrative operations on groups, roles, policies, users, organizations, invitations, role trusts, and assumed role sessions. Granting these actions allows users to manage who can access what within the organization.
Groups
| Action |
Description |
iam.group.AddMember |
Add user to group |
iam.group.Create |
Create IAM group |
iam.group.Delete |
Delete IAM group |
iam.group.List |
List IAM groups |
iam.group.ListPolicies |
List group policies |
iam.group.ListRoles |
List group roles |
iam.group.Read |
Get group details |
iam.group.RemoveMember |
Remove user from group |
iam.group.Update |
Update IAM group |
Roles
| Action |
Description |
iam.role.AssumeRole |
Assume IAM role |
iam.role.AttachGroup |
Attach role to group |
iam.role.AttachPolicy |
Attach policy to role |
iam.role.AttachUser |
Attach role to user |
iam.role.Create |
Create IAM role |
iam.role.Delete |
Delete IAM role |
iam.role.DetachGroup |
Detach role from group |
iam.role.DetachPolicy |
Detach policy from role |
iam.role.DetachUser |
Detach role from user |
iam.role.List |
List IAM roles |
iam.role.ListGroups |
List groups with role |
iam.role.ListPolicies |
List role policies |
iam.role.ListUsers |
List users with role |
iam.role.Read |
Get role details |
iam.role.Restore |
Restore IAM role |
iam.role.Update |
Update IAM role |
Policies
| Action |
Description |
iam.policy.Create |
Create IAM policy |
iam.policy.Delete |
Delete IAM policy |
iam.policy.List |
List IAM policies |
iam.policy.ListGroups |
List groups with policy |
iam.policy.ListUsers |
List users with policy |
iam.policy.Read |
Get policy details |
iam.policy.Update |
Update or attach policy |
Role Trusts
| Action |
Description |
iam.roletrust.Create |
Create role trust |
iam.roletrust.Delete |
Delete role trust |
iam.roletrust.List |
List role trusts |
iam.roletrust.Read |
Get role trust details |
iam.roletrust.Restore |
Restore role trust |
iam.roletrust.Update |
Update role trust |
Assumed Role Sessions
| Action |
Description |
iam.assumedrole.Delete |
Revoke assumed role session |
iam.assumedrole.List |
List assumed role sessions for user |
iam.assumedrole.Read |
Get assumed role session |
Organizations
| Action |
Description |
iam.organization.Create |
Create organization |
iam.organization.Delete |
Delete organization |
iam.organization.List |
List organizations |
iam.organization.Read |
Get organization details |
iam.organization.Update |
Update organization |
Invitations
| Action |
Description |
iam.invitation.Create |
Create invitation |
iam.invitation.Delete |
Delete invitation |
iam.invitation.List |
List invitations |
iam.invitation.Read |
Get invitation details |
Users
| Action |
Description |
iam.user.ListGroups |
List user groups |
iam.user.ListPolicies |
List user policies |
iam.user.ListRoles |
List user roles |