Actions |
Root |
Admin |
User |
Read Only |
Description |
accounts:CreateAccount |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create an Account |
accounts:CreateAccountType |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create an Account Type |
accounts:DeleteAccountType |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete an Account Type |
accounts:DiscoverAccounts |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to discover AWS Accounts associated with the Organization |
accounts:OnboardAccounts |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to onboard AWS Accounts associated with the Organization |
accounts:ReadAccountTypes |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view Account Types |
accounts:ReadAccounts |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view Accounts |
accounts:UpdateAccount |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update an Account name, description and tags |
accounts:UpdateAccountType |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update an Account Type |
accounts:UpdateAccountTypeAccess |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to add an AWS role to an Account Type |
account:UpdateAccountTypeMembers |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to move accounts between Account Types |
account:UpdatePolicies |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to add or remove Policies from an Account Type |
alias:CheckAliasAvailability |
✔️ |
✔️ |
✔️ |
|
Allows token to check if a Customer Alias is already in use |
networking:CreateCIDRExclusion |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create a CIDR Exclusion |
networking:CreateCIDRRange |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create a CIDR Range |
networking:CreateDnsResolver |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create a DNS Resolver |
networking:CreateDnsRule |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create a DNS Rule |
networking:CreateDxAssociation |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create a DX Association between a Stax Networking Hub or Stax VPC and a Stax DX Gateway |
networking:CreateDxResource |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create a DX Resource, a DX Gateway and/or DX Vif |
networking:CreateHub |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create a Networking Hub |
networking:CreateVPC |
✔️ |
✔️ |
✔️ |
❌ |
Allows the token to create a VPC |
networking:CreateVpnConnection |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create a VPN Connection between a Stax Networking Hub or Stax VPC and a Stax VPN Customer Gateway |
networking:CreateVpnCustomerGateway |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create a VPN Customer Gateway |
networking:DeleteCIDRExclusion |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a CIDR Exclusion |
networking:DeleteCIDRRange |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a CIDR Range |
networking:DeleteDnsResolver |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a DNS Resolver within a Stax Networking Hub |
networking:DeleteDnsRule |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a DNS Rule |
networking:DeleteDxAssociation |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a DX Association |
networking:DeleteDxGateway |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a DX Gateway |
networking:DeleteDxVif |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a DX Vif |
networking:DeleteHub |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a Networking Hub |
networking:DeleteVPC |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a VPC |
networking:DeleteVpnConnection |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a VPN Connection with a Stax VPN Customer Gateway |
networking:DeleteVpnCustomerGateway |
✔️ |
✔️ |
✔️ |
❌ |
Allows the token to delete a Stax VPN Customer Gateway |
networking:ReadCIDRExclusions |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view CIDR Exclusions |
networking:ReadCIDRRange |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view CIDR Ranges |
networking:ReadDnsResolvers |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view DNS Resolvers for a Stax Networking Hub |
networking:ReadDnsRules |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view DNS Rules for Stax DNS Resolvers |
networking:ReadDxAssociations |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view DX Associations |
networking:ReadDxConnections |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view DX Connections within Accounts |
networking:ReadDxResources |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view DX Gateways |
networking:ReadDxVifStatus |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view DX Vifs |
networking:ReadHubs |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view Networking Hubs |
networking:ReadVPCs |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view VPCs |
networking:ReadVpnConnection |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view VPN Connections |
networking:ReadVpnConnectionStatus |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view the connectivity status of VPN Tunnels for VPN Connections |
networking:ReadVpnCustomerGateways |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view VPN Customer Gateways |
networking:UpdateCIDRExclusion |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update a CIDR Exclusion |
networking:UpdateCIDRRange |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update a CIDR Range |
networking:UpdateDnsResolver |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update a DNS Resolver |
networking:UpdateDnsRule |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update a DNS Rule |
networking:UpdateDxAssociation |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update a DX Association |
networking:UpdateDxVif |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update a DX Vif |
networking:UpdateHub |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update a Networking Hub |
networking:UpdateVPC |
✔️ |
✔️ |
✔️ |
❌ |
Allows the token to update a VPC |
networking:UpdateVpnConnection |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update a VPN Connection |
networking:UpdateVpnCustomerGateway |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update a VPN Customer Gateway |
organisations:AttachPolicy |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to attach a Policy to an Organization |
organisations:CreatePolicy |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create a Policy |
organisations:DeletePolicy |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a Policy |
organisations:DetachPolicy |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to detach a Policy from an Organization |
organisations:ReadOrganisation |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view their Organization details |
organisations:ReadPolicies |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view Policies |
organisations:UpdatePolicy |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update a Policy |
tasks:ReadTasks |
✔️ |
✔️ |
✔️ |
|
Allows the token to view the status of a task |
tasks:ReadTasksbyStatus |
✔️ |
✔️ |
✔️ |
|
Allows the token to view tasks by status |
teams:CreateAPIToken |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create an API Token |
teams:CreateGroup |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create a Group |
teams:CreateUser |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to invite a new team member |
teams:DeleteAPIToken |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete an API Token |
teams:DeleteGroup |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a Group |
teams:DeleteUser |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a team member |
teams:ReadAPITokens |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view API Tokens |
teams:ReadGroups |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view Groups |
teams:ReadUsers |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view all team members |
teams:UpdateAPITokens |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update an API Token |
teams:UpdateGroup |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update a Group |
teams:UpdateGroupMembers |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to add a Group member |
teams:UpdateUser |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to update a team member's details or deactivate/activate them |
teams:UpdateUserPassword |
✔️ |
✔️ |
✔️ |
❌ |
Allows the token to request a password reset |
workloads:CreateCatalogueItem |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create a Workload Catalogue Item |
workloads:CreateCatalogueVersion |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to create a Workload Catalogue Version within a Workload Catalogue Item |
workloads:CreateWorkload |
✔️ |
✔️ |
✔️ |
❌ |
Allows the token to deploy a Workload |
workloads:DeleteCatalogueItem |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a Workload Catalogue Item |
workloads:DeleteCatalogueVersion |
✔️ |
✔️ |
❌ |
❌ |
Allows the token to delete a Workload Catalogue Version |
workloads:DeleteWorkload |
✔️ |
✔️ |
✔️ |
❌ |
Allows the token to delete a Workload |
workloads:ReadCatalogueItems |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view the Workload Catalogue |
workloads:ReadCatalogueManifest |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view a Workload Catalogue Manifest |
workloads:ReadCatalogueTemplate |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view the Workload CloudFormation Template |
workloads:ReadWorkloads |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the token to view a active Workloads |
workloads:UpdateWorkload |
✔️ |
✔️ |
✔️ |
❌ |
Allows the token to update an active Workload |