You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.
The Resource types column indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") in the Resource element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. Required resources are indicated in the table with an asterisk (*). If you specify a resource-level permission ARN in a statement using this action, then it must be of this type.
Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one but not the other.
For details about the columns in the following table, see Actions table.
Actions Description Access
level Resource ApproveSkill Grants permission to associate a
skill with the organization under the customer's AWS account
Write
addressbook* (p. 21) AssociateContactWithAddressBookGrants permission to associate
a contact with a given address book
Write
contact* (p. 21) device* (p. 21) AssociateDeviceWithNetworkProfileGrants permission to associate
a device with the specified network profile
Write
networkprofile* (p. 22) device* (p. 21) AssociateDeviceWithRoomGrants permission to associate
device with given room Write
room* (p. 21)
room* (p. 21)
AssociateSkillGroupWithRoomGrants permission to associate
the skill group with given room Write
skillgroup* (p. 21)
AssociateSkillWithSkillGroupGrants permission to associate a
skill with a skill group Write skillgroup* (p. 21)
AssociateSkillWithUsersGrants permission to make a private skill available for enrolled users to enable on their devices
Write
CompleteRegistration [permission
only]
Grants permission to complete the operation of registering an Alexa device
Write
Actions Description Access
level Resource types (*required)
Condition
keys Dependent
actions
CreateAddressBookGrants permission to create an address book with the specified details
Write
CreateBusinessReportScheduleGrants permission to create a recurring schedule for usage reports to deliver to the specified S3 location with a specified daily or weekly interval
Write
CreateConferenceProviderGrants permission to add a new conference provider under the user's AWS account
Write
CreateContact Grants permission to create a
contact with the specified details Write
CreateGatewayGroupGrants permission to create a gateway group with the specified details
Write
CreateNetworkProfileGrants permission to create a network profile with the specified details
Write
CreateProfile Grants permission to create a
new profile Write
CreateRoom Grants permission to create
room with the specified details Write profile* (p. 21)
CreateSkillGroupGrants permission to create a skill group with given name and description
Write
CreateUser Grants permission to create a
user Write user* (p. 21)
DeleteAddressBookGrants permission to delete an address book by the address book ARN
Write addressbook* (p. 21)
DeleteBusinessReportScheduleGrants permission to delete the recurring report delivery schedule with the specified schedule ARN
Write schedule* (p. 22)
DeleteConferenceProviderGrants permission to delete a
conference provider Write conferenceprovider* (p. 21) DeleteContact Grants permission to delete a
contact by the contact ARN Write contact* (p. 21) DeleteDevice Grants permission to remove a
device from Alexa For Business Write device* (p. 21)
Actions Description Access
DeleteDeviceUsageDataGrants permission to delete the device's entire previous history of voice input data and associated response data
Write device* (p. 21)
DeleteGatewayGroupGrants permission to delete a
gateway group Write gatewaygroup* (p. 22)
DeleteNetworkProfileGrants permission to delete a network profile by the network profile ARN
Write networkprofile* (p. 22)
DeleteProfile Grants permission to delete
profile by profile ARN Write profile* (p. 21)
DeleteRoom Grants permission to delete
room Write room* (p. 21)
DeleteRoomSkillParameterGrants permission to delete a
parameter from a skill and room Write room* (p. 21)
DeleteSkillAuthorizationGrants permission to unlink a
third-party account from a skill Write room* (p. 21)
DeleteSkillGroupGrants permission to delete skill
group with skill group ARN Write skillgroup* (p. 21) DeleteUser Grants permission to delete a
user Write user* (p. 21)
addressbook* (p. 21) DisassociateContactFromAddressBookGrants permission to
disassociate a contact from a given address book
Write
contact* (p. 21)
DisassociateDeviceFromRoomGrants permission to disassociate device from its current room
Write device* (p. 21)
DisassociateSkillFromSkillGroupGrants permission to
disassociate a skill from a skill group
Write skillgroup* (p. 21)
DisassociateSkillFromUsersGrants permission to make a private skill unavailable for enrolled users and prevent them from enabling it on their devices
Write user* (p. 21)
room* (p. 21)
DisassociateSkillGroupFromRoomGrants permission to
disassociate the skill group from given room
Write
skillgroup* (p. 21)
ForgetSmartHomeAppliancesGrants permission to forget smart home appliances associated to a room
Write room* (p. 21)
Actions Description Access
level Resource types (*required)
Condition
keys Dependent
actions
GetAddressBook Grants permission to get the address book details by the address book ARN
Read addressbook* (p. 21)
GetConferencePreferenceGrants permission to retrieve the
existing conference preferences Read
GetConferenceProviderGrants permission to get details about a specific conference provider
Read conferenceprovider* (p. 21)
GetContact Grants permission to get the contact details by the contact ARN
Read contact* (p. 21)
GetDevice Grants permission to get device
details Read device* (p. 21)
GetGateway Grants permission to retrieve the
details of a gateway Read gateway* (p. 22)
GetGatewayGroupGrants permission to retrieve the
details of a gateway group Read gatewaygroup* (p. 22)
GetInvitationConfigurationGrants permission to retrieve the configured values for the user enrollment invitation email template
Read
GetNetworkProfileGrants permission to get the network profile details by the network profile ARN
Read networkprofile* (p. 22)
GetProfile Grants permission to get profile
when provided with Profile ARN Read profile* (p. 21) GetRoom Grants permission to get room
details Read room* (p. 21)
GetRoomSkillParameterGrants permission to get an existing parameter that has been set for a skill and room
Read room* (p. 21)
GetSkillGroup Grants permission to get skill group details with skill group ARN
Read skillgroup* (p. 21)
ListBusinessReportSchedulesGrants permission to list the details of the schedules that a user configured
List
ListConferenceProvidersGrants permission to list conference providers under a specific AWS account
List
Actions Description Access
level Resource types (*required)
Condition
keys Dependent
actions
ListDeviceEvents Grants permission to list the device event history, including device connection status, for up to 30 days
List device* (p. 21)
ListGatewayGroupsGrants permission to list
gateway group summaries List
ListGateways Grants permission to list
gateway summaries List gatewaygroup* (p. 22)
ListSkills Grants permission to list skills List
ListSkillsStoreCategoriesGrants permission to list all
categories in the Alexa skill store List
ListSkillsStoreSkillsByCategoryGrants permission to list all skills in the Alexa skill store by category
List
ListSmartHomeAppliancesGrants permission to list all of the smart home appliances associated with a room
List room* (p. 21)
device (p. 21)
room (p. 21)
ListTags Grants permission to list all tags
on a resource Read
user (p. 21)
PutConferencePreferenceGrants permission to set the conference preferences on a specific conference provider at the account level
Write
PutDeviceSetupEvents [permission
only]
Grants permission to publish
Alexa device setup events Write
PutInvitationConfigurationGrants permission to configure the email template for the user enrollment invitation with the specified attributes
Write
PutRoomSkillParameterGrants permission to put a room
specific parameter for a skill Write room* (p. 21)
PutSkillAuthorizationGrants permission to link a user's account to a third-party skill provider
Write room* (p. 21)
Actions Description Access
level Resource types (*required)
Condition
keys Dependent
actions
RegisterAVSDeviceGrants permission to register an Alexa-enabled device built by an Original Equipment Manufacturer (OEM) using Alexa Voice Service (AVS)
Write
RegisterDevice [permission only]
Grants permission to register an
Alexa device Write
RejectSkill Grants permission to disassociate a skill from the organization under a user's AWS account
Write
ResolveRoom Grants permission to resolve
room information Read
RevokeInvitationGrants permission to revoke an
invitation Write user* (p. 21)
SearchAddressBooksGrants permission to search address books and list the ones that meet a set of filter and sort criteria
List
SearchContacts Grants permission to search contacts and list the ones that meet a set of filter and sort criteria
List
SearchDevices Grants permission to search for
devices List
SearchNetworkProfilesGrants permission to search network profiles and list the ones that meet a set of filter and sort criteria
List
SearchProfiles Grants permission to search for
profiles List
SearchRooms Grants permission to search for
rooms List
SearchSkillGroupsGrants permission to search for
skill groups List
SearchUsers Grants permission to search for
users List
Actions Description Access
SendAnnouncementGrants permission to trigger an asynchronous flow to send text, SSML, or audio announcements to rooms that are identified by a search or filter
Write
SendInvitation Grants permission to send an
invitation to a user Write user* (p. 21)
StartDeviceSync Grants permission to restore the device and its account to its known, default settings by clearing all information and settings set by its previous users
Write
StartSmartHomeApplianceDiscoveryGrants permission to initiate the discovery of any smart home appliances associated with the room
Read room* (p. 21)
device (p. 21)
room (p. 21)
TagResource Grants permission to add
metadata tags to a resource Tagging
user (p. 21)
device (p. 21)
room (p. 21)
UntagResource Grants permission to remove
metadata tags from a resource Tagging
user (p. 21)
UpdateAddressBookGrants permission to update address book details by the address book ARN
Write addressbook* (p. 21)
UpdateBusinessReportScheduleGrants permission to update the configuration of the report delivery schedule with the specified schedule ARN
Write schedule* (p. 22)
UpdateConferenceProviderGrants permission to update an existing conference provider's settings
Write conferenceprovider* (p. 21)
UpdateContact Grants permission to update the contact details by the contact ARN
Write contact* (p. 21)
UpdateDevice Grants permission to update
device name Write device* (p. 21)
UpdateGateway Grants permission to update the
details of a gateway Write gateway* (p. 22)
Actions Description Access
UpdateGatewayGroupGrants permission to update the
details of a gateway group Write gatewaygroup* (p. 22)
UpdateNetworkProfileGrants permission to update a network profile by the network profile ARN
Write networkprofile* (p. 22)
UpdateProfile Grants permission to update an
existing profile Write profile* (p. 21)
UpdateRoom Grants permission to update
room details Write room* (p. 21)
UpdateSkillGroupGrants permission to update skill group details with skill group ARN
Write skillgroup* (p. 21)