Actions, resources, and condition keys for Amazon Cloud Directory
Amazon Cloud Directory (service prefix:
clouddirectory
) provides the following service-specific resources, actions, and condition context
keys for use in IAM permission policies.
References:
-
Learn how to configure this service .
-
View a list of the API operations available for this service .
-
Learn how to secure this service and its resources by using IAM permission policies.
Topics
Actions defined by Amazon Cloud Directory
You can specify the following actions in the
Action
element of an IAM policy statement. Use policies to grant permissions to perform
an operation in AWS. When you use an action in a policy, you usually allow or
deny access to the API operation or CLI command with the same name. However,
in some cases, a single action controls access to more than one operation. Alternatively,
some operations require several different actions.
The
Resource types
column indicates whether each action supports resource-level permissions. If
there is no value for this column, you must specify all resources ("*") in the
Resource
element of your policy statement. If the column includes a resource type, then
you can specify an ARN of that type in a statement with that action. Required
resources are indicated in the table with an asterisk (*). If you specify a resource-level
permission ARN in a statement using this action, then it must be of this type.
Some actions support multiple resource types. If the resource type is optional (not
indicated as required), then you can choose to use one but not the other.
For details about the columns in the following table, see The actions table .
Actions | Description | Access level | Resource types (*required) | Condition keys | Dependent actions |
---|---|---|---|---|---|
AddFacetToObject | Adds a new Facet to an object. | Write | |||
ApplySchema | Copies input published schema into Directory with same name and version as that of published schema. | Write | |||
AttachObject | Attaches an existing object to another existing object. | Write | |||
AttachPolicy | Attaches a policy object to any other object. | Write | |||
AttachToIndex | Attaches the specified object to the specified index. | Write | |||
AttachTypedLink | Attaches a typed link b/w a source & target object reference. | Write | |||
BatchRead | Performs all the read operations in a batch. Each individual operation inside BatchRead needs to be granted permissions explicitly. | Read | |||
BatchWrite | Performs all the write operations in a batch. Each individual operation inside BatchWrite needs to be granted permissions explicitly. | Write | |||
CreateDirectory | Creates a Directory by copying the published schema into the directory. | Write | |||
CreateFacet | Creates a new Facet in a schema. | Write | |||
CreateIndex | Creates an index object. | Write | |||
CreateObject | Creates an object in a Directory. | Write | |||
CreateSchema | Creates a new schema in a development state. | Write | |||
CreateTypedLinkFacet | Creates a new Typed Link facet in a schema. | Write | |||
DeleteDirectory | Deletes a directory. Only disabled directories can be deleted. | Write | |||
DeleteFacet | Deletes a given Facet. All attributes and Rules associated with the facet will be deleted. | Write | |||
DeleteObject | Deletes an object and its associated attributes. | Write | |||
DeleteSchema | Deletes a given schema. | Write | |||
DeleteTypedLinkFacet | Deletes a given TypedLink Facet. All attributes and Rules associated with the facet will be deleted. | Write | |||
DetachFromIndex | Detaches the specified object from the specified index. | Write | |||
DetachObject | Detaches a given object from the parent object. | Write | |||
DetachPolicy | Detaches a policy from an object. | Write | |||
DetachTypedLink | Detaches a given typed link b/w given source and target object reference. | Write | |||
DisableDirectory | Disables the specified directory. | Write | |||
EnableDirectory | Enables the specified directory. | Write | |||
GetDirectory | Retrieves metadata about a directory. | Read | |||
GetFacet | Gets details of the Facet, such as Facet Name, Attributes, Rules, or ObjectType. | Read | |||
GetLinkAttributes | Retrieves attributes that are associated with a typed link. | Read | |||
GetObjectAttributes | Retrieves attributes within a facet that are associated with an object. | Read | |||
GetObjectInformation | Retrieves metadata about an object. | Read | |||
GetSchemaAsJson | Retrieves a JSON representation of the schema. | Read | |||
GetTypedLinkFacetInformation | Returns identity attributes order information associated with a given typed link facet. | Read | |||
ListAppliedSchemaArns | Lists schemas applied to a directory. | List | |||
ListAttachedIndices | Lists indices attached to an object. | Read | |||
ListDevelopmentSchemaArns | Retrieves the ARNs of schemas in the development state. | List | |||
ListDirectories | Lists directories created within an account. | List | |||
ListFacetAttributes | Retrieves attributes attached to the facet. | Read | |||
ListFacetNames | Retrieves the names of facets that exist in a schema. | Read | |||
ListIncomingTypedLinks | Returns a paginated list of all incoming TypedLinks for a given object. | Read | |||
ListIndex | Lists objects attached to the specified index. | Read | |||
ListManagedSchemaArns | Lists the major version families of each managed schema. If a major version ARN is provided as SchemaArn, the minor version revisions in that family are listed instead. | List | |||
ListObjectAttributes | Lists all attributes associated with an object. | Read | |||
ListObjectChildren | Returns a paginated list of child objects associated with a given object. | Read | |||
ListObjectParentPaths | Retrieves all available parent paths for any object type such as node, leaf node, policy node, and index node objects. | Read | |||
ListObjectParents | Lists parent objects associated with a given object in pagination fashion. | Read | |||
ListObjectPolicies | Returns policies attached to an object in pagination fashion. | Read | |||
ListOutgoingTypedLinks | Returns a paginated list of all outgoing TypedLinks for a given object. | Read | |||
ListPolicyAttachments | Returns all of the ObjectIdentifiers to which a given policy is attached. | Read | |||
ListPublishedSchemaArns | Retrieves published schema ARNs. | List | |||
ListTagsForResource | Returns tags for a resource. | Read | |||
ListTypedLinkFacetAttributes | Returns a paginated list of attributes associated with typed link facet. | Read | |||
ListTypedLinkFacetNames | Returns a paginated list of typed link facet names that exist in a schema. | Read | |||
LookupPolicy | Lists all policies from the root of the Directory to the object specified. | Read | |||
PublishSchema | Publishes a development schema with a version. | Write | |||
PutSchemaFromJson | Allows a schema to be updated using JSON upload. Only available for development schemas. | Write | |||
RemoveFacetFromObject | Removes the specified facet from the specified object. | Write | |||
TagResource | Adds tags to a resource. | Tagging | |||
UntagResource | Removes tags from a resource. | Tagging | |||
UpdateFacet | Adds/Updates/Deletes existing Attributes, Rules, or ObjectType of a Facet. | Write | |||
UpdateLinkAttributes | Updates a given typed link’s attributes. Attributes to be updated must not contribute to the typed link’s identity, as defined by its IdentityAttributeOrder. | Write | |||
UpdateObjectAttributes | Updates a given object's attributes. | Write | |||
UpdateSchema | Updates the schema name with a new name. | Write | |||
UpdateTypedLinkFacet | Adds/Updates/Deletes existing Attributes, Rules, identity attribute order of a TypedLink Facet. | Write |
Resource types defined by Amazon Cloud Directory
The following resource types are defined by this service and can be used in the
Resource
element of IAM permission policy statements. Each action in the
Actions table
identifies the resource types that can be specified with that action. A resource
type can also define which condition keys you can include in a policy. These
keys are displayed in the last column of the table. For details about the columns
in the following table, see
The resource types table
.
Resource types | ARN | Condition keys |
---|---|---|
appliedSchema |
arn:$
{
Partition}:clouddirectory:$
{
Region}:$
{
Account}:directory/$
{
DirectoryId}/schema/$
{
SchemaName}/$
{
Version}
|
|
developmentSchema |
arn:$
{
Partition}:clouddirectory:$
{
Region}:$
{
Account}:schema/development/$
{
SchemaName}
|
|
directory |
arn:$
{
Partition}:clouddirectory:$
{
Region}:$
{
Account}:directory/$
{
DirectoryId}
|
|
publishedSchema |
arn:$
{
Partition}:clouddirectory:$
{
Region}:$
{
Account}:schema/published/$
{
SchemaName}/$
{
Version}
|
Condition keys for Amazon Cloud Directory
Cloud Directory has no service-specific context keys that can be used in the
Condition
element of policy statements. For the list of the global context keys that are
available to all services, see
Available keys for conditions
.