AWS SAM policy templates - AWS Serverless Application Model (original) (raw)

AcmGetCertificatePolicy

Gives a permission to read a certificate from AWS Certificate Manager.

AMIDescribePolicy

Gives permission to describe Amazon Machine Images (AMIs).

AthenaQueryPolicy

Gives permissions to execute Athena queries.

AWSSecretsManagerGetSecretValuePolicy

Gives permission to get the secret value for the specified AWS Secrets Manager secret.

AWSSecretsManagerRotationPolicy

Gives permission to rotate a secret in AWS Secrets Manager.

CloudFormationDescribeStacksPolicy

Gives permission to describe AWS CloudFormation stacks.

CloudWatchDashboardPolicy

Gives permissions to put metrics to operate on CloudWatch dashboards.

CloudWatchDescribeAlarmHistoryPolicy

Gives permission to describe CloudWatch alarm history.

CloudWatchPutMetricPolicy

Gives permission to send metrics to CloudWatch.

CodeCommitCrudPolicy

Gives permissions to create/read/update/delete objects within a specific CodeCommit repository.

CodeCommitReadPolicy

Gives permissions to read objects within a specific CodeCommit repository.

CodePipelineLambdaExecutionPolicy

Gives permission for a Lambda function invoked by CodePipeline to report the status of the job.

CodePipelineReadOnlyPolicy

Gives read permission to get details about a CodePipeline pipeline.

ComprehendBasicAccessPolicy

Gives permission for detecting entities, key phrases, languages, and sentiments.

CostExplorerReadOnlyPolicy

Gives read-only permission to the read-only Cost Explorer APIs for billing history.

DynamoDBBackupFullAccessPolicy

Gives read and write permission to DynamoDB on-demand backups for a table.

DynamoDBCrudPolicy

Gives create, read, update, and delete permissions to an Amazon DynamoDB table.

DynamoDBReadPolicy

Gives read-only permission to a DynamoDB table.

DynamoDBReconfigurePolicy

Gives permission to reconfigure a DynamoDB table.

DynamoDBRestoreFromBackupPolicy

Gives permission to restore a DynamoDB table from backup.

DynamoDBStreamReadPolicy

Gives permission to describe and read DynamoDB streams and records.

DynamoDBWritePolicy

Gives write-only permission to a DynamoDB table.

EC2CopyImagePolicy

Gives permission to copy Amazon EC2 images.

EC2DescribePolicy

Gives permission to describe Amazon Elastic Compute Cloud (Amazon EC2) instances.

EcsRunTaskPolicy

Gives permission to start a new task for a task definition.

EFSWriteAccessPolicy

Gives permission to mount an Amazon EFS file system with write access.

EKSDescribePolicy

Gives permission to describe or list Amazon EKS clusters.

ElasticMapReduceAddJobFlowStepsPolicy

Gives permission to add new steps to a running cluster.

ElasticMapReduceCancelStepsPolicy

Gives permission to cancel a pending step or steps in a running cluster.

ElasticMapReduceModifyInstanceFleetPolicy

Gives permission to list details and modify capacities for instance fleets within a cluster.

ElasticMapReduceModifyInstanceGroupsPolicy

Gives permission to list details and modify settings for instance groups within a cluster.

ElasticMapReduceSetTerminationProtectionPolicy

Gives permission to set termination protection for a cluster.

ElasticMapReduceTerminateJobFlowsPolicy

Gives permission to shut down a cluster.

ElasticsearchHttpPostPolicy

Gives POST permission to Amazon OpenSearch Service.

EventBridgePutEventsPolicy

Gives permissions to send events to EventBridge.

FilterLogEventsPolicy

Gives permission to filter CloudWatch Logs events from a specified log group.

FirehoseCrudPolicy

Gives permission to create, write, update, and delete a Firehose delivery stream.

FirehoseWritePolicy

Gives permission to write to a Firehose delivery stream.

KinesisCrudPolicy

Gives permission to create, publish, and delete an Amazon Kinesis stream.

KinesisStreamReadPolicy

Gives permission to list and read an Amazon Kinesis stream.

KMSDecryptPolicy

Gives permission to decrypt with an AWS Key Management Service (AWS KMS) key.

KMSEncryptPolicy

Gives permission to encrypt with an AWS Key Management Service (AWS KMS) key.

LambdaInvokePolicy

Gives permission to invoke an AWS Lambda function, alias, or version.

MobileAnalyticsWriteOnlyAccessPolicy

Gives write-only permission to put event data for all application resources.

OrganizationsListAccountsPolicy

Gives read-only permission to list child account names and IDs.

PinpointEndpointAccessPolicy

Gives permission to get and update endpoints for an Amazon Pinpoint application.

PollyFullAccessPolicy

Gives full access permission to Amazon Polly lexicon resources.

RekognitionDetectOnlyPolicy

Gives permission to detect faces, labels, and text.

RekognitionFacesManagementPolicy

Gives permission to add, delete, and search faces in an Amazon Rekognition collection.

RekognitionFacesPolicy

Gives permission to compare and detect faces and labels.

RekognitionLabelsPolicy

Gives permission to detect object and moderation labels.

RekognitionNoDataAccessPolicy

Gives permission to compare and detect faces and labels.

RekognitionReadPolicy

Gives permission to list and search faces.

RekognitionWriteOnlyAccessPolicy

Gives permission to create collection and index faces.

Route53ChangeResourceRecordSetsPolicy

Gives permission to change resource record sets in Route 53.

S3CrudPolicy

Gives create, read, update, and delete permission to act on the objects in an Amazon S3 bucket.

S3FullAccessPolicy

Gives full access permission to act on the objects in an Amazon S3 bucket.

S3ReadPolicy

Gives read-only permission to read objects in an Amazon Simple Storage Service (Amazon S3) bucket.

S3WritePolicy

Gives write permission to write objects into an Amazon S3 bucket.

SageMakerCreateEndpointConfigPolicy

Gives permission to create an endpoint configuration in SageMaker AI.

SageMakerCreateEndpointPolicy

Gives permission to create an endpoint in SageMaker AI.

ServerlessRepoReadWriteAccessPolicy

Gives permission to create and list applications in the AWS Serverless Application Repository service.

SESBulkTemplatedCrudPolicy

Gives permission to send email, templated email, templated bulk emails and verify identity.

SESBulkTemplatedCrudPolicy_v2

Gives permission to send Amazon SES email, templated email, and templated bulk emails and to verify identity.

SESCrudPolicy

Gives permission to send email and verify identity.

SESEmailTemplateCrudPolicy

Gives permission to create, get, list, update and delete Amazon SES email templates.

SESSendBouncePolicy

Gives SendBounce permission to an Amazon Simple Email Service (Amazon SES) identity.

SNSCrudPolicy

Gives permission to create, publish, and subscribe to Amazon SNS topics.

SNSPublishMessagePolicy

Gives permission to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic.

SQSPollerPolicy

Gives permission to poll an Amazon Simple Queue Service (Amazon SQS) queue.

SQSSendMessagePolicy

Gives permission to send message to an Amazon SQS queue.

SSMParameterReadPolicy

Gives permission to access a parameter from an Amazon EC2 Systems Manager (SSM) parameter store to load secrets in this account. Use when parameter name doesn't have slash prefix.

SSMParameterWithSlashPrefixReadPolicy

Gives permission to access a parameter from an Amazon EC2 Systems Manager (SSM) parameter store to load secrets in this account. Use when parameter name has slash prefix.

StepFunctionsExecutionPolicy

Gives permission to start a Step Functions state machine execution.

TextractDetectAnalyzePolicy

Gives access to detect and analyze documents with Amazon Textract.

TextractGetResultPolicy

Gives access to get detected and analyzed documents from Amazon Textract.

TextractPolicy

Gives full access to Amazon Textract.

VPCAccessPolicy

Gives access to create, delete, describe, and detach elastic network interfaces.