Amazon DataZone Control (datazonecontrol)

2023-03-29

29 new actions, 2 new resources, 3 new conditions

Additions

    Actions
  • CreateAccountAssociationInvitation
    • Description:  Grants permission to request association of an account with a given domain
    • Access:  Write
  • CreateDataSource
    • Description:  Grants permission to create Amazon DataZone data sources used for publishing and subscribing to data
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • CreateEnvironment
    • Description:  Grants permission to provision a root-domain which is a top level entity that contains other Amazon DataZone resources
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • DeleteDataSource
    • Description:  Grants permission to delete a data source
    • Access:  Write
    • Resources: 

      Name: data-source

      Required: Yes

  • DeleteEnvironment
    • Description:  Grants permission to delete a provisioned root-domain
    • Access:  Write
    • Resources: 

      Name: environment

      Required: Yes

  • DissociateAccount
    • Description:  Grants permission to disassociate an account with a given domain
    • Access:  Write
  • GetAssociatedDomain
    • Description:  Grants permission to retrieve information about any associated domain in the associated account
    • Access:  Read
  • GetDataSourceByEnvironment
    • Description:  Grants permission to retrieve any data source under any domain for a given root-domain
    • Access:  Read
    • Resources: 

      Name: data-source

      Required: Yes

  • GetDomain
    • Description:  Grants permission to retrieve information about any domain in the account
    • Access:  Read
  • GetEnvironment
    • Description:  Grants permission to retrieve information about a root-domain
    • Access:  Read
    • Resources: 

      Name: environment

      Required: Yes

  • GetMetadataCollector
    • Description:  Grants permission to retrieve a publishing job
    • Access:  Read
  • GetUserPortalLoginAuthCode
    • Description:  Grants permission to retrieve credentials to log into Amazon DataZone data portal from AWS management console
    • Access:  Read
  • ListAccountAssociationInvitations
    • Description:  Grants permission to retrieve all account-association invitations for a given associated account
    • Access:  List
  • ListAllAssociatedAccountsForEnvironment
    • Description:  Grants permission to list all associated accounts under the given root-domain, including accounts associated to its sub-domains
    • Access:  List
  • ListAssociatedEnvironments
    • Description:  Grants permission to lists all the associated domains for a given associated account
    • Access:  List
  • ListDataSources
    • Description:  Grants permission to retrieve all data sources under any domain in the associated account
    • Access:  List
  • ListDataSourcesByEnvironment
    • Description:  Grants permission to retrieve all data sources under any domain for a given root-domain
    • Access:  List
  • ListDomains
    • Description:  Grants permission to list all the sub-domains for a given domain or a root-domain
    • Access:  List
  • ListEnvironment
    • Description:  Grants permission to retrieve all root-domains
    • Access:  List
  • ListMetadataCollectorRuns
    • Description:  Grants permission to list all runs for a given publishing job through Amazon DataZone console for a data source
    • Access:  List
  • ListMetadataCollectors
    • Description:  Grants permission to retrieve all publishing jobs
    • Access:  List
  • ListProjects
    • Description:  Grants permission to retrieve all Amazon DataZone projects
    • Access:  List
  • ListTagsForResource
    • Description:  Grants permission to retrieve all tags associated with a resource
    • Access:  Read
    • Resources: 

      Name: data-source

      Required: No

      Name: environment

      Required: No

  • ReviewAccountAssociationInvitation
    • Description:  Grants permission to accept or reject the pending association requests for the given account
    • Access:  Write
  • TagResource
    • Description:  Grants permission to add or update tags to a resource
    • Access:  Tagging
    • Resources: 

      Name: data-source

      Required: No

      Name: environment

      Required: No

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • UntagResource
    • Description:  Grants permission to remove tags associated with a resource
    • Access:  Tagging
    • Resources: 

      Name: data-source

      Required: No

      Name: environment

      Required: No

    • Conditions: 

      aws:TagKeys
  • UpdateAccountAssociationDescription
    • Description:  Grants permission to update the description of the account association of the given associated account and given domain
    • Access:  Write
  • UpdateDataSource
    • Description:  Grants permission to update a data source
    • Access:  Write
    • Resources: 

      Name: data-source

      Required: Yes

  • UpdateEnvironment
    • Description:  Grants permission to update information for a root-domain
    • Access:  Write
    • Resources: 

      Name: environment

      Required: Yes

    Resources
  • environment
    • Arn:  arn:${Partition}:datazonecontrol:${Region}:${Account}:domain/${DomainId}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • data-source
    • Arn:  arn:${Partition}:datazonecontrol:${Region}:${Account}:data-source/${DomainId}
    • Conditions: 

      aws:ResourceTag/${TagKey}
    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access by the tags that are passed in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access by the tags associated with the resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access by the tag keys that are passed in the request
    • Type:  ArrayOfString