Change log of AWS IAM permissions

2025-07-16

16 new actions, 2 new resources, 2 new conditions

Additions

Actions

CreateIndex
- Description: Grants permission to create a new vector index within a specified vector bucket
- Access: Write
- Resources:
  Name: Index
  
  Required: Yes
CreateVectorBucket
- Description: Grants permission to create a new vector bucket
- Access: Write
- Resources:
  Name: VectorBucket
  
  Required: Yes
- Conditions:
  s3vectors:sseType
  
  s3vectors:kmsKeyArn
DeleteIndex
- Description: Grants permission to delete a specified vector index
- Access: Write
- Resources:
  Name: Index
  
  Required: Yes
DeleteVectorBucket
- Description: Grants permission to delete a specified vector bucket
- Access: Write
- Resources:
  Name: VectorBucket
  
  Required: Yes
DeleteVectorBucketPolicy
- Description: Grants permission to delete the IAM resource policy from a specified vector bucket
- Access: Write
- Resources:
  Name: VectorBucket
  
  Required: Yes
DeleteVectors
- Description: Grants permission to delete a batch of vectors from a specified vector index
- Access: Write
- Resources:
  Name: Index
  
  Required: Yes
GetIndex
- Description: Grants permission to get the attributes of a specified vector index
- Access: Read
- Resources:
  Name: Index
  
  Required: Yes
GetVectorBucket
- Description: Grants permission to get the attributes of a specified vector bucket
- Access: Read
- Resources:
  Name: VectorBucket
  
  Required: Yes
GetVectorBucketPolicy
- Description: Grants permission to get the IAM resource policy for a specific vector bucket
- Access: Read
- Resources:
  Name: VectorBucket
  
  Required: Yes
GetVectors
- Description: Grants permission to get a batch of vectors by their vector keys
- Access: Read
- Resources:
  Name: Index
  
  Required: Yes
ListIndexes
- Description: Grants permission to get a paginated list of all indexes in a specified vector bucket
- Access: List
- Resources:
  Name: VectorBucket
  
  Required: Yes
ListVectorBuckets
- Description: Grants permission to get a paginated list of all vector buckets in the account
- Access: List
ListVectors
- Description: Grants permission to get a paginated list of all vectors in a specified vector index
- Access: List
- Resources:
  Name: Index
  
  Required: Yes
- Dependents:
  s3vectors:GetVectors
PutVectorBucketPolicy
- Description: Grants permission to add an IAM resource policy to a specified vector bucket
- Access: Write
- Resources:
  Name: VectorBucket
  
  Required: Yes
PutVectors
- Description: Grants permission to add a batch of vectors to a specified vector index
- Access: Write
- Resources:
  Name: Index
  
  Required: Yes
QueryVectors
- Description: Grants permission to find approximate nearest neighbors within a specified search vector index for a given query vector
- Access: Read
- Resources:
  Name: Index
  
  Required: Yes
- Dependents:
  s3vectors:GetVectors

Resources

Index
- Arn: arn:${Partition}:s3vectors:${Region}:${Account}:bucket/${BucketName}/index/${IndexName}
VectorBucket
- Arn: arn:${Partition}:s3vectors:${Region}:${Account}:bucket/${BucketName}

Conditions

s3vectors:kmsKeyArn
- Description: Filters access by the AWS KMS key ARN for the key used to encrypt a vector bucket
- Type: ARN
s3vectors:sseType
- Description: Filters access by server-side encryption type
- Type: String

Amazon S3 Vectors (s3vectors)

Additions