Change log of AWS IAM permissions

2024-04-02

103 new actions, 9 new resources, 11 new conditions

Additions

Actions

AssociateMemberToFarm
- Description: Grants permission to associate a member to a farm
- Access: Permissions management
- Resources:
  Name: farm
  
  Required: Yes
- Conditions:
  deadline:AssociatedMembershipLevel
  
  deadline:MembershipLevel
- Dependents:
  identitystore:DescribeGroup
  
  identitystore:DescribeUser
  
  identitystore:ListGroupMembershipsForMember
AssociateMemberToFleet
- Description: Grants permission to associate a member to a fleet
- Access: Permissions management
- Resources:
  Name: fleet
  
  Required: Yes
- Conditions:
  deadline:AssociatedMembershipLevel
  
  deadline:MembershipLevel
- Dependents:
  identitystore:DescribeGroup
  
  identitystore:DescribeUser
  
  identitystore:ListGroupMembershipsForMember
AssociateMemberToJob
- Description: Grants permission to associate a member to a job
- Access: Permissions management
- Resources:
  Name: job
  
  Required: Yes
- Conditions:
  deadline:AssociatedMembershipLevel
  
  deadline:MembershipLevel
- Dependents:
  identitystore:DescribeGroup
  
  identitystore:DescribeUser
  
  identitystore:ListGroupMembershipsForMember
AssociateMemberToQueue
- Description: Grants permission to associate a member to a queue
- Access: Permissions management
- Resources:
  Name: queue
  
  Required: Yes
- Conditions:
  deadline:AssociatedMembershipLevel
  
  deadline:MembershipLevel
- Dependents:
  identitystore:DescribeGroup
  
  identitystore:DescribeUser
  
  identitystore:ListGroupMembershipsForMember
AssumeFleetRoleForRead
- Description: Grants permission to assume a fleet role for read-only access
- Access: Write
- Resources:
  Name: fleet
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
AssumeFleetRoleForWorker
- Description: Grants permission to assume a fleet role for a worker
- Access: Write
- Resources:
  Name: worker
  
  Required: Yes
AssumeQueueRoleForRead
- Description: Grants permission to assume a queue role for read-only access
- Access: Write
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
AssumeQueueRoleForUser
- Description: Grants permission to assume a queue role for a user
- Access: Write
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
AssumeQueueRoleForWorker
- Description: Grants permission to assume a queue role for a worker
- Access: Write
- Resources:
  Name: queue
  
  Required: Yes
  
  Name: worker
  
  Required: Yes
BatchGetJobEntity
- Description: Grants permission to get a job entity for a worker
- Access: Read
- Resources:
  Name: worker
  
  Required: Yes
CopyJobTemplate
- Description: Grants permission to copy a job template to an Amazon S3 bucket
- Access: Write
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
  
  s3:PutObject
CreateBudget
- Description: Grants permission to create a budget
- Access: Write
- Resources:
  Name: budget
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
CreateFarm
- Description: Grants permission to create a farm
- Access: Write
- Resources:
  Name: farm
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateFleet
- Description: Grants permission to create a fleet
- Access: Write
- Resources:
  Name: fleet
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  iam:PassRole
  
  identitystore:ListGroupMembershipsForMember
  
  logs:CreateLogGroup
CreateJob
- Description: Grants permission to create a job
- Access: Write
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
CreateLicenseEndpoint
- Description: Grants permission to create a license endpoint for licensed software or products
- Access: Write
- Resources:
  Name: license-endpoint
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  ec2:CreateTags
  
  ec2:CreateVpcEndpoint
  
  ec2:DescribeVpcEndpoints
CreateMonitor
- Description: Grants permission to create a monitor
- Access: Write
- Resources:
  Name: monitor
  
  Required: Yes
- Dependents:
  iam:PassRole
  
  sso:CreateApplication
  
  sso:DeleteApplication
  
  sso:PutApplicationAssignmentConfiguration
  
  sso:PutApplicationAuthenticationMethod
  
  sso:PutApplicationGrant
CreateQueue
- Description: Grants permission to create a queue
- Access: Write
- Resources:
  Name: queue
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  iam:PassRole
  
  identitystore:ListGroupMembershipsForMember
  
  logs:CreateLogGroup
  
  s3:ListBucket
CreateQueueEnvironment
- Description: Grants permission to create a queue environment
- Access: Write
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
CreateQueueFleetAssociation
- Description: Grants permission to create a queue-fleet association
- Access: Write
- Resources:
  Name: fleet
  
  Required: Yes
  
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
CreateStorageProfile
- Description: Grants permission to create a storage profile for a farm
- Access: Write
- Resources:
  Name: farm
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
CreateWorker
- Description: Grants permission to create a worker
- Access: Write
- Resources:
  Name: worker
  
  Required: Yes
DeleteBudget
- Description: Grants permission to delete a budget
- Access: Write
- Resources:
  Name: budget
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
DeleteFarm
- Description: Grants permission to delete a farm
- Access: Write
- Resources:
  Name: farm
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
DeleteFleet
- Description: Grants permission to delete a fleet
- Access: Write
- Resources:
  Name: fleet
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
DeleteLicenseEndpoint
- Description: Grants permission to delete a license endpoint
- Access: Write
- Resources:
  Name: license-endpoint
  
  Required: Yes
- Dependents:
  ec2:DeleteVpcEndpoints
  
  ec2:DescribeVpcEndpoints
DeleteMeteredProduct
- Description: Grants permission to delete a metered product
- Access: Write
- Resources:
  Name: metered-product
  
  Required: Yes
DeleteMonitor
- Description: Grants permission to delete a monitor
- Access: Write
- Resources:
  Name: monitor
  
  Required: Yes
- Dependents:
  sso:DeleteApplication
DeleteQueue
- Description: Grants permission to delete a queue
- Access: Write
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
DeleteQueueEnvironment
- Description: Grants permission to delete a queue environment
- Access: Write
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
DeleteQueueFleetAssociation
- Description: Grants permission to delete a queue-fleet association
- Access: Write
- Resources:
  Name: fleet
  
  Required: Yes
  
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
DeleteStorageProfile
- Description: Grants permission to delete a storage profile
- Access: Write
- Resources:
  Name: farm
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
DeleteWorker
- Description: Grants permission to delete a worker
- Access: Write
- Resources:
  Name: worker
  
  Required: Yes
DisassociateMemberFromFarm
- Description: Grants permission to disassociate a member from a farm
- Access: Permissions management
- Resources:
  Name: farm
  
  Required: Yes
- Conditions:
  deadline:AssociatedMembershipLevel
- Dependents:
  identitystore:ListGroupMembershipsForMember
DisassociateMemberFromFleet
- Description: Grants permission to disassociate a member from a fleet
- Access: Permissions management
- Resources:
  Name: fleet
  
  Required: Yes
- Conditions:
  deadline:AssociatedMembershipLevel
- Dependents:
  identitystore:ListGroupMembershipsForMember
DisassociateMemberFromJob
- Description: Grants permission to disassociate a member from a job
- Access: Permissions management
- Resources:
  Name: job
  
  Required: Yes
- Conditions:
  deadline:AssociatedMembershipLevel
- Dependents:
  identitystore:ListGroupMembershipsForMember
DisassociateMemberFromQueue
- Description: Grants permission to disassociate a member from a queue
- Access: Permissions management
- Resources:
  Name: queue
  
  Required: Yes
- Conditions:
  deadline:AssociatedMembershipLevel
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetApplicationVersion
- Description: Grants permission to get the latest version of an application
- Access: Read
- Resources:
  Name: monitor
  
  Required: Yes
GetBudget
- Description: Grants permission to get a budget
- Access: Read
- Resources:
  Name: budget
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetFarm
- Description: Grants permission to get a farm
- Access: Read
- Resources:
  Name: farm
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetFleet
- Description: Grants permission to get a fleet
- Access: Read
- Resources:
  Name: fleet
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetJob
- Description: Grants permission to get a job
- Access: Read
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetLicenseEndpoint
- Description: Grants permission to get a license endpoint
- Access: Read
- Resources:
  Name: license-endpoint
  
  Required: Yes
GetMonitor
- Description: Grants permission to get a monitor
- Access: Read
- Resources:
  Name: monitor
  
  Required: Yes
GetQueue
- Description: Grants permission to get a queue
- Access: Read
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetQueueEnvironment
- Description: Grants permission to get a queue environment
- Access: Read
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetQueueFleetAssociation
- Description: Grants permission to get a queue-fleet association
- Access: Read
- Resources:
  Name: fleet
  
  Required: Yes
  
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetSession
- Description: Grants permission to get a session for a job
- Access: Read
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetSessionAction
- Description: Grants permission to get a session action for a job
- Access: Read
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetSessionsStatisticsAggregation
- Description: Grants permission to get all collected statistics for sessions
- Access: Read
- Resources:
  Name: farm
  
  Required: No
  
  Name: fleet
  
  Required: No
  
  Name: queue
  
  Required: No
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetStep
- Description: Grants permission to get a step in a job
- Access: Read
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetStorageProfile
- Description: Grants permission to get a storage profile
- Access: Read
- Resources:
  Name: farm
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetStorageProfileForQueue
- Description: Grants permission to get a storage profile for a queue
- Access: Read
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetTask
- Description: Grants permission to get a job task
- Access: Read
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
GetWorker
- Description: Grants permission to get a worker
- Access: Read
- Resources:
  Name: worker
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListAvailableMeteredProducts
- Description: Grants permission to list all available metered products within a license endpoint
- Access: List
ListBudgets
- Description: Grants permission to list all budgets for a farm
- Access: List
- Resources:
  Name: budget
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListFarmMembers
- Description: Grants permission to list all members of a farm
- Access: List
- Resources:
  Name: farm
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListFarms
- Description: Grants permission to list all farms
- Access: List
- Resources:
  Name: farm
  
  Required: Yes
- Conditions:
  deadline:PrincipalId
  
  deadline:RequesterPrincipalId
- Dependents:
  identitystore:DescribeGroup
  
  identitystore:DescribeUser
  
  identitystore:ListGroupMembershipsForMember
ListFleetMembers
- Description: Grants permission to list all members of a fleet
- Access: List
- Resources:
  Name: fleet
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListFleets
- Description: Grants permission to list all fleets
- Access: List
- Resources:
  Name: fleet
  
  Required: Yes
- Conditions:
  deadline:PrincipalId
  
  deadline:RequesterPrincipalId
- Dependents:
  identitystore:DescribeGroup
  
  identitystore:DescribeUser
  
  identitystore:ListGroupMembershipsForMember
ListJobMembers
- Description: Grants permission to list all members of a job
- Access: List
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListJobs
- Description: Grants permission to list all jobs in a queue
- Access: List
- Resources:
  Name: job
  
  Required: Yes
- Conditions:
  deadline:PrincipalId
  
  deadline:RequesterPrincipalId
- Dependents:
  identitystore:DescribeGroup
  
  identitystore:DescribeUser
  
  identitystore:ListGroupMembershipsForMember
ListLicenseEndpoints
- Description: Grants permission to list all license endpoints
- Access: List
- Resources:
  Name: license-endpoint
  
  Required: Yes
ListMeteredProducts
- Description: Grants permission to list all metered products in a license endpoint
- Access: List
- Resources:
  Name: metered-product
  
  Required: Yes
ListMonitors
- Description: Grants permission to list all monitors
- Access: List
- Resources:
  Name: monitor
  
  Required: Yes
ListQueueEnvironments
- Description: Grants permission to list all queue environments to which a queue is associated
- Access: List
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListQueueFleetAssociations
- Description: Grants permission to list all queue-fleet associations
- Access: List
- Resources:
  Name: farm
  
  Required: No
  
  Name: fleet
  
  Required: No
  
  Name: queue
  
  Required: No
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListQueueMembers
- Description: Grants permission to list all members in a queue
- Access: List
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListQueues
- Description: Grants permission to list all queues on a farm
- Access: List
- Resources:
  Name: queue
  
  Required: Yes
- Conditions:
  deadline:PrincipalId
  
  deadline:RequesterPrincipalId
- Dependents:
  identitystore:DescribeGroup
  
  identitystore:DescribeUser
  
  identitystore:ListGroupMembershipsForMember
ListSessionActions
- Description: Grants permission to list all session actions for a job
- Access: List
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListSessions
- Description: Grants permission to list all sessions for a job
- Access: List
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListSessionsForWorker
- Description: Grants permission to list all sessions for a worker
- Access: List
- Resources:
  Name: worker
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListStepConsumers
- Description: Grants permission to list the step consumers for a job step
- Access: List
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListStepDependencies
- Description: Grants permission to list dependencies for a job step
- Access: List
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListSteps
- Description: Grants permission to list all steps for a job
- Access: List
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListStorageProfiles
- Description: Grants permission to list all storage profiles in a farm
- Access: List
- Resources:
  Name: farm
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListStorageProfilesForQueue
- Description: Grants permission to list all storage profiles in a queue
- Access: List
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListTagsForResource
- Description: Grants permission to list all tags on specified Deadline Cloud resources
- Access: List
- Resources:
  Name: farm
  
  Required: No
  
  Name: fleet
  
  Required: No
  
  Name: license-endpoint
  
  Required: No
  
  Name: queue
  
  Required: No
ListTasks
- Description: Grants permission to list all tasks for a job
- Access: List
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
ListWorkers
- Description: Grants permission to list all workers in a fleet
- Access: List
- Resources:
  Name: worker
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
PutMeteredProduct
- Description: Grants permission to add a metered product to a license endpoint
- Access: Write
- Resources:
  Name: metered-product
  
  Required: Yes
SearchJobs
- Description: Grants permission to search for jobs in multiple queues
- Access: List
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
SearchSteps
- Description: Grants permission to search the steps within a single job or to search the steps for multiple queues
- Access: List
- Resources:
  Name: job
  
  Required: No
  
  Name: queue
  
  Required: No
- Dependents:
  identitystore:ListGroupMembershipsForMember
SearchTasks
- Description: Grants permission to search the tasks within a single job or to search the tasks for multiple queues
- Access: List
- Resources:
  Name: job
  
  Required: No
  
  Name: queue
  
  Required: No
- Dependents:
  identitystore:ListGroupMembershipsForMember
SearchWorkers
- Description: Grants permission to search for workers in multiple fleets
- Access: List
- Resources:
  Name: fleet
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
StartSessionsStatisticsAggregation
- Description: Grants permission to get all collected statistics for sessions
- Access: Read
- Resources:
  Name: fleet
  
  Required: No
  
  Name: queue
  
  Required: No
- Dependents:
  identitystore:ListGroupMembershipsForMember
TagResource
- Description: Grants permission to add or overwrite one or more tags for the specified Deadline Cloud resource
- Access: Tagging
- Resources:
  Name: farm
  
  Required: No
  
  Name: fleet
  
  Required: No
  
  Name: license-endpoint
  
  Required: No
  
  Name: queue
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
UntagResource
- Description: Grants permission to disassociate one or more tags from the specified Deadline Cloud resource
- Access: Tagging
- Resources:
  Name: farm
  
  Required: No
  
  Name: fleet
  
  Required: No
  
  Name: license-endpoint
  
  Required: No
  
  Name: queue
  
  Required: No
- Conditions:
  aws:TagKeys
UpdateBudget
- Description: Grants permission to update a budget
- Access: Write
- Resources:
  Name: budget
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
UpdateFarm
- Description: Grants permission to update a farm
- Access: Write
- Resources:
  Name: farm
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
UpdateFleet
- Description: Grants permission to update a fleet
- Access: Write
- Resources:
  Name: fleet
  
  Required: Yes
- Dependents:
  iam:PassRole
  
  identitystore:ListGroupMembershipsForMember
UpdateJob
- Description: Grants permission to update a job
- Access: Write
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
UpdateMonitor
- Description: Grants permission to update a monitor
- Access: Write
- Resources:
  Name: monitor
  
  Required: Yes
- Dependents:
  iam:PassRole
  
  sso:PutApplicationGrant
  
  sso:UpdateApplication
UpdateQueue
- Description: Grants permission to update a queue
- Access: Write
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  iam:PassRole
  
  identitystore:ListGroupMembershipsForMember
UpdateQueueEnvironment
- Description: Grants permission to update a queue environment
- Access: Write
- Resources:
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
UpdateQueueFleetAssociation
- Description: Grants permission to update a queue-fleet association
- Access: Write
- Resources:
  Name: fleet
  
  Required: Yes
  
  Name: queue
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
UpdateSession
- Description: Grants permission to update a session for a job
- Access: Write
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
UpdateStep
- Description: Grants permission to update a step for a job
- Access: Write
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
UpdateStorageProfile
- Description: Grants permission to update a storage profile for a farm
- Access: Write
- Resources:
  Name: farm
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
UpdateTask
- Description: Grants permission to update a task
- Access: Write
- Resources:
  Name: job
  
  Required: Yes
- Dependents:
  identitystore:ListGroupMembershipsForMember
UpdateWorker
- Description: Grants permission to update a worker
- Access: Write
- Resources:
  Name: worker
  
  Required: Yes
- Dependents:
  logs:CreateLogStream
UpdateWorkerSchedule
- Description: Grants permission to update the schedule for a worker
- Access: Write
- Resources:
  Name: worker
  
  Required: Yes
- Dependents:
  logs:CreateLogStream

Resources

budget
- Arn: arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/budget/${BudgetId}
- Conditions:
  deadline:FarmMembershipLevels
farm
- Arn: arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}
- Conditions:
  aws:ResourceTag/${TagKey}
  
  deadline:FarmMembershipLevels
fleet
- Arn: arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/fleet/${FleetId}
- Conditions:
  aws:ResourceTag/${TagKey}
  
  deadline:FarmMembershipLevels
  
  deadline:FleetMembershipLevels
job
- Arn: arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/queue/${QueueId}/job/${JobId}
- Conditions:
  deadline:FarmMembershipLevels
  
  deadline:JobMembershipLevels
  
  deadline:QueueMembershipLevels
license-endpoint
- Arn: arn:${Partition}:deadline:${Region}:${Account}:license-endpoint/${LicenseEndpointId}
- Conditions:
  aws:ResourceTag/${TagKey}
metered-product
- Arn: arn:${Partition}:deadline:${Region}:${Account}:license-endpoint/${LicenseEndpointId}/metered-product/${ProductId}
monitor
- Arn: arn:${Partition}:deadline:${Region}:${Account}:monitor/${MonitorId}
queue
- Arn: arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/queue/${QueueId}
- Conditions:
  aws:ResourceTag/${TagKey}
  
  deadline:FarmMembershipLevels
  
  deadline:QueueMembershipLevels
worker
- Arn: arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/fleet/${FleetId}/worker/${WorkerId}
- Conditions:
  deadline:FarmMembershipLevels
  
  deadline:FleetMembershipLevels

Conditions

aws:RequestTag/${TagKey}
- Description: Filters access by the tags that are passed in the request
- Type: String
aws:ResourceTag/${TagKey}
- Description: Filters access by the tags associated with the resource
- Type: String
aws:TagKeys
- Description: Filters access by the tag keys that are passed in the request
- Type: ArrayOfString
deadline:AssociatedMembershipLevel
- Description: Filters access by the associated membership level of the principal provided in the request
- Type: String
deadline:FarmMembershipLevels
- Description: Filters access by membership levels on the farm
- Type: ArrayOfString
deadline:FleetMembershipLevels
- Description: Filters access by membership levels on the fleet
- Type: ArrayOfString
deadline:JobMembershipLevels
- Description: Filters access by membership levels on the job
- Type: ArrayOfString
deadline:MembershipLevel
- Description: Filters access by the membership level passed in the request
- Type: String
deadline:PrincipalId
- Description: Filters access by the principle ID provided in the request
- Type: String
deadline:QueueMembershipLevels
- Description: Filters access by membership levels on the queue
- Type: ArrayOfString
deadline:RequesterPrincipalId
- Description: Filters access by the user calling the Deadline Cloud API
- Type: String

AWS Deadline Cloud (deadline)

Additions