Skip to main content

API Token Permissions

API Tokens provide programmatic access to the Stax API and cannot be used to log into the Stax console. The below table provides a a list of permissions for each Stax role used to manage the access level of your API Token.

KeyDescription
✔️API token can perform this action
API token cannot perform this action
ActionsRootAdminOperationsUserRead OnlyDescription
accounts:CreateAccount✔️✔️✔️Allows the token to create an Account
accounts:CreateAccountType✔️✔️✔️Allows the token to create an Account Type
accounts:DeleteAccountType✔️✔️✔️Allows the token to delete an Account Type
accounts:DiscoverAccounts✔️✔️✔️Allows the token to discover AWS Accounts associated with the Organization
accounts:OnboardAccounts✔️✔️✔️Allows the token to onboard AWS Accounts associated with the Organization
accounts:ReadAccountTypes✔️✔️✔️✔️✔️Allows the token to view Account Types
accounts:ReadAccounts✔️✔️✔️✔️✔️Allows the token to view Accounts
accounts:UpdateAccount✔️✔️✔️Allows the token to update an Account name, description and tags
accounts:UpdateAccountType✔️✔️✔️Allows the token to update an Account Type
accounts:UpdateAccountTypeAccess✔️✔️✔️Allows the token to add an AWS role to an Account Type
account:UpdateAccountTypeMembers✔️✔️✔️Allows the token to move accounts between Account Types
account:UpdatePolicies✔️✔️✔️Allows the token to add or remove Policies from an Account Type
alias:CheckAliasAvailability✔️✔️✔️✔️Allows token to check if a Customer Alias is already in use
networking:CreateCIDRExclusion✔️✔️✔️Allows the token to create a CIDR Exclusion
networking:CreateCIDRRange✔️✔️✔️Allows the token to create a CIDR Range
networking:CreateDnsResolver✔️✔️✔️Allows the token to create a DNS Resolver
networking:CreateDnsRule✔️✔️✔️Allows the token to create a DNS Rule
networking:CreateDxAssociation✔️✔️✔️Allows the token to create a DX Association between a Stax Networking Hub or Stax VPC and a Stax DX Gateway
networking:CreateDxResource✔️✔️✔️Allows the token to create a DX Resource, a DX Gateway and/or DX Vif
networking:CreateHub✔️✔️✔️Allows the token to create a Networking Hub
networking:CreateVPC✔️✔️✔️✔️Allows the token to create a VPC
networking:CreateVpnConnection✔️✔️✔️Allows the token to create a VPN Connection between a Stax Networking Hub or Stax VPC and a Stax VPN Customer Gateway
networking:CreateVpnCustomerGateway✔️✔️✔️Allows the token to create a VPN Customer Gateway
networking:DeleteCIDRExclusion✔️✔️✔️Allows the token to delete a CIDR Exclusion
networking:DeleteCIDRRange✔️✔️✔️Allows the token to delete a CIDR Range
networking:DeleteDnsResolver✔️✔️✔️Allows the token to delete a DNS Resolver within a Stax Networking Hub
networking:DeleteDnsRule✔️✔️✔️Allows the token to delete a DNS Rule
networking:DeleteDxAssociation✔️✔️✔️Allows the token to delete a DX Association
networking:DeleteDxGateway✔️✔️✔️Allows the token to delete a DX Gateway
networking:DeleteDxVif✔️✔️✔️Allows the token to delete a DX Vif
networking:DeleteHub✔️✔️✔️Allows the token to delete a Networking Hub
networking:DeleteVPC✔️✔️✔️Allows the token to delete a VPC
networking:DeleteVpnConnection✔️✔️✔️Allows the token to delete a VPN Connection with a Stax VPN Customer Gateway
networking:DeleteVpnCustomerGateway✔️✔️✔️✔️Allows the token to delete a Stax VPN Customer Gateway
networking:ReadCIDRExclusions✔️✔️✔️✔️✔️Allows the token to view CIDR Exclusions
networking:ReadCIDRRange✔️✔️✔️✔️✔️Allows the token to view CIDR Ranges
networking:ReadDnsResolvers✔️✔️✔️✔️✔️Allows the token to view DNS Resolvers for a Stax Networking Hub
networking:ReadDnsRules✔️✔️✔️✔️✔️Allows the token to view DNS Rules for Stax DNS Resolvers
networking:ReadDxAssociations✔️✔️✔️✔️✔️Allows the token to view DX Associations
networking:ReadDxConnections✔️✔️✔️✔️✔️Allows the token to view DX Connections within Accounts
networking:ReadDxResources✔️✔️✔️✔️✔️Allows the token to view DX Gateways
networking:ReadDxVifStatus✔️✔️✔️✔️✔️Allows the token to view DX Vifs
networking:ReadHubs✔️✔️✔️✔️✔️Allows the token to view Networking Hubs
networking:ReadVPCs✔️✔️✔️✔️✔️Allows the token to view VPCs
networking:ReadVpnConnection✔️✔️✔️✔️✔️Allows the token to view VPN Connections
networking:ReadVpnConnectionStatus✔️✔️✔️✔️✔️Allows the token to view the connectivity status of VPN Tunnels for VPN Connections
networking:ReadVpnCustomerGateways✔️✔️✔️✔️✔️Allows the token to view VPN Customer Gateways
networking:UpdateCIDRExclusion✔️✔️✔️Allows the token to update a CIDR Exclusion
networking:UpdateCIDRRange✔️✔️✔️Allows the token to update a CIDR Range
networking:UpdateDnsResolver✔️✔️✔️Allows the token to update a DNS Resolver
networking:UpdateDnsRule✔️✔️✔️Allows the token to update a DNS Rule
networking:UpdateDxAssociation✔️✔️✔️Allows the token to update a DX Association
networking:UpdateDxVif✔️✔️✔️Allows the token to update a DX Vif
networking:UpdateHub✔️✔️✔️Allows the token to update a Networking Hub
networking:UpdateVPC✔️✔️✔️✔️Allows the token to update a VPC
networking:UpdateVpnConnection✔️✔️✔️Allows the token to update a VPN Connection
networking:UpdateVpnCustomerGateway✔️✔️✔️Allows the token to update a VPN Customer Gateway
organisations:AttachPolicy✔️✔️Allows the token to attach a Policy to an Organization
organisations:CreatePolicy✔️✔️Allows the token to create a Policy
organisations:DeletePolicy✔️✔️Allows the token to delete a Policy
organisations:DetachPolicy✔️✔️Allows the token to detach a Policy from an Organization
organisations:ReadOrganisation✔️✔️✔️✔️✔️Allows the token to view their Organization details
organisations:ReadPolicies✔️✔️✔️✔️✔️Allows the token to view Policies
organisations:UpdatePolicy✔️✔️Allows the token to update a Policy
tasks:ReadTasks✔️✔️✔️✔️Allows the token to view the status of a task
tasks:ReadTasksbyStatus✔️✔️✔️✔️Allows the token to view tasks by status
teams:CreateAPIToken✔️✔️Allows the token to create an API Token
teams:CreateGroup✔️✔️✔️Allows the token to create a Group
teams:CreateUser✔️✔️✔️Allows the token to invite a new team member
teams:DeleteAPIToken✔️✔️Allows the token to delete an API Token
teams:DeleteGroup✔️✔️✔️Allows the token to delete a Group
teams:DeleteUser✔️✔️✔️Allows the token to delete a team member
teams:ReadAPITokens✔️✔️✔️✔️✔️Allows the token to view API Tokens
teams:ReadGroups✔️✔️✔️✔️✔️Allows the token to view Groups
teams:ReadUsers✔️✔️✔️✔️✔️Allows the token to view all team members
teams:UpdateAPITokens✔️✔️Allows the token to update an API Token
teams:UpdateGroup✔️✔️✔️Allows the token to update a Group
teams:UpdateGroupMembers✔️✔️✔️Allows the token to add a Group member
teams:UpdateUser✔️✔️✔️Allows the token to update a team member's details or deactivate/activate them
teams:UpdateUserPassword✔️✔️✔️✔️Allows the token to request a password reset
workloads:CreateCatalogueItem✔️✔️✔️Allows the token to create a Workload Catalogue Item
workloads:CreateCatalogueVersion✔️✔️✔️Allows the token to create a Workload Catalogue Version within a Workload Catalogue Item
workloads:CreateWorkload✔️✔️✔️✔️Allows the token to deploy a Workload
workloads:DeleteCatalogueItem✔️✔️✔️Allows the token to delete a Workload Catalogue Item
workloads:DeleteCatalogueVersion✔️✔️✔️Allows the token to delete a Workload Catalogue Version
workloads:DeleteWorkload✔️✔️✔️✔️Allows the token to delete a Workload
workloads:ReadCatalogueItems✔️✔️✔️✔️✔️Allows the token to view the Workload Catalogue
workloads:ReadCatalogueManifest✔️✔️✔️✔️✔️Allows the token to view a Workload Catalogue Manifest
workloads:ReadCatalogueTemplate✔️✔️✔️✔️✔️Allows the token to view the Workload CloudFormation Template
workloads:ReadWorkloads✔️✔️✔️✔️✔️Allows the token to view a active Workloads
workloads:UpdateWorkload✔️✔️✔️✔️Allows the token to update an active Workload