Amazon Verified Permissions (verifiedpermissions)

2023-06-15

24 new actions, 1 new resource

Additions

    Actions
  • CreateIdentitySource
    • Description:  Grants permission to create a reference to an external identity provider (IdP) that is compatible with OpenID Connect (OIDC) authentication protocol, such as Amazon Cognito
    • Access:  Write
    • Resources: 

      Name: policy-store

      Required: Yes

  • CreatePolicy
    • Description:  Grants permission to create a Cedar policy and save it in the specified policy store
    • Access:  Write
    • Resources: 

      Name: policy-store

      Required: Yes

  • CreatePolicyStore
    • Description:  Grants permission to create a Cedar policy and save it in the specified policy store
    • Access:  Write
  • CreatePolicyTemplate
    • Description:  Grants permission to create a policy template
    • Access:  Write
    • Resources: 

      Name: policy-store

      Required: Yes

  • DeleteIdentitySource
    • Description:  Grants permission to delete an identity source that references an identity provider (IdP) such as Amazon Cognito
    • Access:  Write
    • Resources: 

      Name: policy-store

      Required: Yes

  • DeletePolicy
    • Description:  Grants permission to delete the specified policy from the policy store
    • Access:  Write
    • Resources: 

      Name: policy-store

      Required: Yes

  • DeletePolicyStore
    • Description:  Grants permission to delete the specified policy store
    • Access:  Write
    • Resources: 

      Name: policy-store

      Required: Yes

  • DeletePolicyTemplate
    • Description:  Grants permission to delete the specified policy template from the policy store
    • Access:  Write
    • Resources: 

      Name: policy-store

      Required: Yes

  • GetIdentitySource
    • Description:  Grants permission to retrieve the details about the specified identity source
    • Access:  Read
    • Resources: 

      Name: policy-store

      Required: Yes

  • GetPolicy
    • Description:  Grants permission to retrieve information about the specified policy
    • Access:  Read
    • Resources: 

      Name: policy-store

      Required: Yes

  • GetPolicyStore
    • Description:  Grants permission to retrieve details about a policy store
    • Access:  Read
    • Resources: 

      Name: policy-store

      Required: Yes

  • GetPolicyTemplate
    • Description:  Grants permission to retrieve the details for the specified policy template in the specified policy store
    • Access:  Read
    • Resources: 

      Name: policy-store

      Required: Yes

  • GetSchema
    • Description:  Grants permission to retrieve the details for the specified schema in the specified policy store
    • Access:  Read
    • Resources: 

      Name: policy-store

      Required: Yes

  • IsAuthorized
    • Description:  Grants permission to make an authorization decision about a service request described in the parameters
    • Access:  Read
    • Resources: 

      Name: policy-store

      Required: Yes

  • IsAuthorizedWithToken
    • Description:  Grants permission to make an authorization decision about a service request described in the parameters. The principal in this request comes from an external identity source
    • Access:  Read
    • Resources: 

      Name: policy-store

      Required: Yes

  • ListIdentitySources
    • Description:  Grants permission to return a paginated list of all of the identity sources defined in the specified policy store
    • Access:  List
    • Resources: 

      Name: policy-store

      Required: Yes

  • ListPolicies
    • Description:  Grants permission to return a paginated list of all policies stored in the specified policy store
    • Access:  List
    • Resources: 

      Name: policy-store

      Required: Yes

  • ListPolicyStores
    • Description:  Grants permission to return a paginated list of all policy stores in the calling Amazon Web Services account
    • Access:  List
  • ListPolicyTemplates
    • Description:  Grants permission to return a paginated list of all policy templates in the specified policy store
    • Access:  List
    • Resources: 

      Name: policy-store

      Required: Yes

  • PutSchema
    • Description:  Grants permission to create or update the policy schema in the specified policy store
    • Access:  Write
    • Resources: 

      Name: policy-store

      Required: Yes

  • UpdateIdentitySource
    • Description:  Grants permission to update the specified identity source to use a new identity provider (IdP) source, or to change the mapping of identities from the IdP to a different principal entity type
    • Access:  Write
    • Resources: 

      Name: policy-store

      Required: Yes

  • UpdatePolicy
    • Description:  Grants permission to modify the specified Cedar static policy in the specified policy store
    • Access:  Write
    • Resources: 

      Name: policy-store

      Required: Yes

  • UpdatePolicyStore
    • Description:  Grants permission to modify the validation setting for a policy store
    • Access:  Write
    • Resources: 

      Name: policy-store

      Required: Yes

  • UpdatePolicyTemplate
    • Description:  Grants permission to update the specified policy template
    • Access:  Write
    • Resources: 

      Name: policy-store

      Required: Yes

    Resources
  • policy-store
    • Arn:  arn:${Partition}:verifiedpermissions::${Account}:policy-store/${PolicyStoreId}