AWS Directory Service (ds)

2025-08-02

7 new actions

Additions

    Actions
  • CreateHybridAD
    • Description:  Grants permission to create a Hybrid Managed AD directory
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

    • Dependents: 

      ec2:AuthorizeSecurityGroupEgress

      ec2:AuthorizeSecurityGroupIngress

      ec2:CreateNetworkInterface

      ec2:CreateNetworkInterfacePermission

      ec2:CreateSecurityGroup

      ec2:CreateTags

      ec2:DescribeNetworkInterfaces

      ec2:DescribeSubnets

      ec2:DescribeVpcs

      iam:CreateServiceLinkedRole

      iam:GetRole

      secretsmanager:DescribeSecret

      secretsmanager:GetSecretValue

      ssm:GetCommandInvocation

      ssm:GetConnectionStatus

      ssm:ListCommands

      ssm:SendCommand

  • DeleteADAssessment
    • Description:  Grants permission to delete a directory assessment
    • Access:  Write
  • DescribeADAssessment
    • Description:  Grants permission to describe a directory assessment
    • Access:  Read
  • DescribeHybridADUpdate
    • Description:  Grants permission to describe the updates of a specified hybrid directory
    • Access:  Read
    • Resources: 

      Name: directory

      Required: Yes

  • ListADAssessments
    • Description:  Grants permission to list directory assessments
    • Access:  List
  • StartADAssessment
    • Description:  Grants permission to start a directory assessment
    • Access:  Write
    • Dependents: 

      ec2:AuthorizeSecurityGroupEgress

      ec2:AuthorizeSecurityGroupIngress

      ec2:CreateNetworkInterface

      ec2:CreateNetworkInterfacePermission

      ec2:CreateSecurityGroup

      ec2:DeleteNetworkInterface

      ec2:DeleteSecurityGroup

      ec2:DescribeNetworkInterfaces

      ec2:DescribeSubnets

      ec2:DescribeVpcs

      ssm:GetCommandInvocation

      ssm:GetConnectionStatus

      ssm:ListCommands

      ssm:SendCommand

  • UpdateHybridAD
    • Description:  Grants permission to update configurations for a specified hybrid directory
    • Access:  Write
    • Resources: 

      Name: directory

      Required: Yes

    • Dependents: 

      ec2:AuthorizeSecurityGroupEgress

      ec2:AuthorizeSecurityGroupIngress

      ec2:CreateNetworkInterface

      ec2:CreateNetworkInterfacePermission

      ec2:CreateSecurityGroup

      ec2:CreateTags

      ec2:DescribeNetworkInterfaces

      ec2:DescribeSubnets

      ec2:DescribeVpcs

      secretsmanager:DescribeSecret

      secretsmanager:GetSecretValue

      ssm:GetCommandInvocation

      ssm:GetConnectionStatus

      ssm:ListCommands

      ssm:SendCommand