Change log of AWS IAM permissions

2025-11-22

5 new conditions | 19 updated actions

Conditions

identitystore:GroupExternalIdIssuers
- Description: Filters access by Issuer present in ExternalIds for Group resources
- Type: ArrayOfARN
identitystore:IdentityStoreArn
- Description: Filters access by Identity Store ARN
- Type: ARN
identitystore:PrimaryRegion
- Description: Filters access by Primary Region of Identity Store
- Type: String
identitystore:ReservedUserId
- Description: Filters access by a previously reserved User ID for CreateUser operation
- Type: String
identitystore:UserExternalIdIssuers
- Description: Filters access by Issuer present in ExternalIds for User resources
- Type: ArrayOfARN

Actions

CreateGroup
- ＋ identitystore:PrimaryRegion
- ＋ identitystore:GroupExternalIdIssuers
CreateGroupMembership
- ＋ identitystore:PrimaryRegion
CreateUser
- ＋ identitystore:PrimaryRegion
- ＋ identitystore:UserExternalIdIssuers
- ＋ identitystore:ReservedUserId
DeleteGroup
- ＋ identitystore:PrimaryRegion
- ＋ identitystore:GroupExternalIdIssuers
DeleteGroupMembership
- ＋ identitystore:PrimaryRegion
DeleteUser
- ＋ identitystore:PrimaryRegion
- ＋ identitystore:UserExternalIdIssuers
DescribeGroup
- ＋ identitystore:PrimaryRegion
- ＋ identitystore:GroupExternalIdIssuers
DescribeGroupMembership
- ＋ identitystore:PrimaryRegion
DescribeUser
- ＋ identitystore:PrimaryRegion
- ＋ identitystore:UserExternalIdIssuers
GetGroupId
- ＋ identitystore:PrimaryRegion
GetGroupMembershipId
- ＋ identitystore:PrimaryRegion
GetUserId
- ＋ identitystore:PrimaryRegion
IsMemberInGroups
- ＋ identitystore:PrimaryRegion
ListGroupMemberships
- ＋ identitystore:PrimaryRegion
ListGroupMembershipsForMember
- ＋ identitystore:PrimaryRegion
ListGroups
- ＋ identitystore:PrimaryRegion
- ＋ identitystore:GroupExternalIdIssuers
ListUsers
- ＋ identitystore:PrimaryRegion
- ＋ identitystore:UserExternalIdIssuers
UpdateGroup
- ＋ identitystore:PrimaryRegion
- ＋ identitystore:GroupExternalIdIssuers
UpdateUser
- ＋ identitystore:PrimaryRegion
- ＋ identitystore:UserExternalIdIssuers

AWS Identity Store (identitystore)