Actions, resources, and condition keys for AWS Partner Central
AWS Partner Central (service prefix: partnercentral) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.
References:
-
Learn how to configure this service.
-
View a list of the API operations available for this service.
-
Learn how to secure this service and its resources by using IAM permission policies.
Topics
Actions defined by AWS Partner Central
You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.
The Access level column of the Actions table describes how the action is classified (List, Read, Permissions management, or Tagging). This classification can help you understand the level of access that an action grants when you use it in a policy. For more information about access levels, see Access levels in policy summaries.
The Resource types column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") to which the policy applies in the Resource element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (*). If you limit resource access with the Resource element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types.
The Condition keys column of the Actions table includes keys that you can specify in a policy statement's Condition element. For more information on the condition keys that are associated with resources for the service, see the Condition keys column of the Resource types table.
The Dependent actions column of the Actions table shows additional permissions that may be required to successfully call an action. These permissions may be needed in addition to the permission for the action itself. When an action specifies dependent actions, those dependencies may apply to additional resources defined for that action, not only the first resource listed in the table.
Note
Resource condition keys are listed in the Resource types table. You can find a link to the resource type that applies to an action in the Resource types (*required) column of the Actions table. The resource type in the Resource types table includes the Condition keys column, which are the resource condition keys that apply to an action in the Actions table.
For details about the columns in the following table, see Actions table.
| Actions | Description | Access level | Resource types (*required) | Condition keys | Dependent actions |
|---|---|---|---|---|---|
| AcceptChannelHandshake | Grants permission to accept channel handshakes in AWS Partner Central | Write | |||
| AcceptConnectionInvitation | Grants permission to accept connection invitations in AWS Partner Central | Write | |||
| AcceptEngagementInvitation | Grants permission to accept Engagement Invitations on AWS Partner Central | Write | |||
| AmendBenefitApplication | Grants permission to amend benefit applications in AWS Partner Central | Write | |||
| AssignOpportunity | Grants permission to assign Opportunities on AWS Partner Central | Write | |||
| AssociateAwsTrainingCertificationEmailDomain | Grants permission to associate AWS Training and Certification email domains in AWS Partner Central | Write | |||
| AssociateBenefitApplicationResource | Grants permission to associate benefit application resources in AWS Partner Central | Write | |||
| AssociateOpportunity | Grants permission to associate Opportunities on AWS Partner Central with other entities | Write | |||
| CancelBenefitApplication | Grants permission to cancel benefit applications in AWS Partner Central | Write | |||
| CancelChannelHandshake | Grants permission to cancel channel handshakes in AWS Partner Central | Write | |||
| CancelConnection | Grants permission to cancel connections in AWS Partner Central | Write | |||
| CancelConnectionInvitation | Grants permission to cancel connection invitations in AWS Partner Central | Write | |||
| CancelProfileUpdateTask | Grants permission to cancel profile update tasks in AWS Partner Central | Write | |||
| CreateBenefitApplication | Grants permission to create benefit applications in AWS Partner Central | Write | |||
| CreateBusinessPlan [permission only] | Grants permission to create business plans in AWS Partner Central | Write | |||
| CreateChannelHandshake | Grants permission to create channel handshakes in AWS Partner Central | Write | |||
| CreateCollaborationChannelMembers [permission only] | Grants permission to create collaboration channel members in AWS Partner Central | Write | |||
| CreateCollaborationChannelRequest [permission only] | Grants permission to create collaboration channel requests in AWS Partner Central | Write | |||
| CreateConnectionInvitation | Grants permission to create connection invitations in AWS Partner Central | Write | |||
| CreateEngagement | Grants permission to creating engagements in AWS Partner Central | Write | |||
| CreateEngagementContext | Grants permission to create engagement contexts in AWS Partner Central | Write | |||
| CreateEngagementInvitation | Grants permission to creating engagement invitations in AWS Partner Central | Write | |||
| CreateOpportunity | Grants permission to create new Opportunities on AWS Partner Central | Write | |||
| CreatePartner | Grants permission to create partners in AWS Partner Central | Write | |||
| CreateProgramManagementAccount | Grants permission to create program management accounts in AWS Partner Central | Write | |||
| CreateRelationship | Grants permission to create relationships in AWS Partner Central | Write | |||
| CreateResourceSnapshot | Grants permission to creating resource snapshots in AWS Partner Central | Write | |||
| CreateResourceSnapshotJob | Grants permission to creating resource snapshot jobs in AWS Partner Central | Write | |||
| DeleteProgramManagementAccount | Grants permission to delete program management accounts in AWS Partner Central | Write | |||
| DeleteRelationship | Grants permission to delete relationships in AWS Partner Central | Write | |||
| DeleteResourceSnapshotJob | Grants permission to deleting resource snapshot jobs on AWS Partner Central | Write | |||
| DisassociateAwsTrainingCertificationEmailDomain | Grants permission to disassociate AWS Training and Certification email domains in AWS Partner Central | Write | |||
| DisassociateBenefitApplicationResource | Grants permission to disassociate benefit application resources in AWS Partner Central | Write | |||
| DisassociateOpportunity | Grants permission to disassociate Opportunities on AWS Partner Central from other entities | Write | |||
| EnrollInPartnerPath [permission only] | Grants permission to enroll in partner paths in AWS Partner Central | Write | |||
| GetAllianceLeadContact | Grants permission to retrieve alliance lead contact information in AWS Partner Central | Read | |||
| GetAwsOpportunitySummary | Grants permission to retrieve AWS Opportunity Summaries for Opportunities on AWS Partner Central | Read | |||
| GetBenefit | Grants permission to retrieve benefit details in AWS Partner Central | Read | |||
| GetBenefitAllocation | Grants permission to retrieve benefit allocation details in AWS Partner Central | Read | |||
| GetBenefitApplication | Grants permission to retrieve benefit application details in AWS Partner Central | Read | |||
| GetBusinessPlan [permission only] | Grants permission to retrieve business plan details in AWS Partner Central | Read | |||
| GetCollaborationChannel [permission only] | Grants permission to retrieve collaboration channel details in AWS Partner Central | Read | |||
| GetConnection | Grants permission to retrieve connection details in AWS Partner Central | Read | |||
| GetConnectionInvitation | Grants permission to retrieve connection invitation details in AWS Partner Central | Read | |||
| GetConnectionPreferences | Grants permission to retrieve connection preferences in AWS Partner Central | Read | |||
| GetEngagement | Grants permission to retrieval of engagement details in AWS Partner Central | Read | |||
| GetEngagementInvitation | Grants permission to retrieve details of Engagement Invitations on AWS Partner Central | Read | |||
| GetOpportunity | Grants permission to retrieve details of Opportunities on AWS Partner Central | Read | |||
| GetPartner | Grants permission to retrieve partner details in AWS Partner Central | Read | |||
| GetPartnerDashboard | Grants permission to retrieve partner dashboard information in AWS Partner Central | Read | |||
| GetPartnerProfile [permission only] | Grants permission to retrieve public partner profile details in AWS Partner Central | Read | |||
| GetProfileUpdateTask | Grants permission to retrieve profile update task details in AWS Partner Central | Read | |||
| GetProfileVisibility | Grants permission to retrieve profile visibility settings in AWS Partner Central | Read | |||
| GetProgramManagementAccount [permission only] | Grants permission to retrieve program management account details in AWS Partner Central | Read | |||
| GetRelationship | Grants permission to retrieve relationship details in AWS Partner Central | Read | |||
| GetResourceSnapshot | Grants permission to retrieving resource snapshot details in AWS Partner Central | Read | |||
| GetResourceSnapshotJob | Grants permission to retrieving resource snapshot job details in AWS Partner Central | Read | |||
| GetSellingSystemSettings | Grants permission to retrieving selling system settings in AWS Partner Central | Read | |||
| GetVerification | Grants permission to retrieve verification details in AWS Partner Central | Read | |||
| ListBenefitAllocations | Grants permission to list benefit allocations in AWS Partner Central | List | |||
| ListBenefitApplications | Grants permission to list benefit applications in AWS Partner Central | List | |||
| ListBenefits | Grants permission to list benefits in AWS Partner Central | List | |||
| ListBusinessPlans [permission only] | Grants permission to list business plans in AWS Partner Central | List | |||
| ListChannelHandshakes | Grants permission to list channel handshakes in AWS Partner Central | List | |||
| ListCollaborationChannels [permission only] | Grants permission to list collaboration channels in AWS Partner Central | List | |||
| ListConnectionInvitations | Grants permission to list connection invitations in AWS Partner Central | List | |||
| ListConnections | Grants permission to list connections in AWS Partner Central | List | |||
| ListEngagementByAcceptingInvitationTasks | Grants permission to listing engagements by accepting invitation tasks in AWS Partner Central | List | |||
| ListEngagementFromOpportunityTasks | Grants permission to listing engagements from opportunity tasks in AWS Partner Central | List | |||
| ListEngagementInvitations | Grants permission to list Engagement Invitations on AWS Partner Central | List | |||
| ListEngagementMembers | Grants permission to listing engagement members in AWS Partner Central | Read | |||
| ListEngagementResourceAssociations | Grants permission to listing engagement resource associations in AWS Partner Central | Read | |||
| ListEngagements | Grants permission to listing engagements in AWS Partner Central | List | |||
| ListOpportunities | Grants permission to list Opportunities on AWS Partner Central | List | |||
| ListOpportunityFromEngagementTasks | Grants permission to list opportunity from engagement tasks in AWS Partner Central | List | |||
| ListPartnerPaths [permission only] | Grants permission to list partner paths in AWS Partner Central | List | |||
| ListPartners | Grants permission to list partners in AWS Partner Central | List | |||
| ListProgramManagementAccounts | Grants permission to list program management accounts in AWS Partner Central | List | |||
| ListRelationships | Grants permission to list relationships in AWS Partner Central | List | |||
| ListResourceSnapshotJobs | Grants permission to listing resource snapshot jobs in AWS Partner Central | List | |||
| ListResourceSnapshots | Grants permission to listing resource snapshots in AWS Partner Central | List | |||
| ListSolutions | Grants permission to list Solutions on AWS Partner Central | List | |||
| ListTagsForResource | Grants permission to add lists tags to a resource. Supported resource: ResourceSnapshotJob | Read | |||
| PutAllianceLeadContact | Grants permission to set alliance lead contact information in AWS Partner Central | Write | |||
| PutBusinessPlan [permission only] | Grants permission to update business plans in AWS Partner Central | Write | |||
| PutProfileVisibility | Grants permission to set profile visibility in AWS Partner Central | Write | |||
| PutSellingSystemSettings | Grants permission to put selling system settings in AWS Partner Central | Write | |||
| RecallBenefitApplication | Grants permission to recall benefit applications in AWS Partner Central | Write | |||
| RejectChannelHandshake | Grants permission to reject channel handshakes in AWS Partner Central | Write | |||
| RejectConnectionInvitation | Grants permission to reject connection invitations in AWS Partner Central | Write | |||
| RejectEngagementInvitation | Grants permission to reject Engagement Invitations on AWS Partner Central | Write | |||
| SearchPartnerProfiles [permission only] | Grants permission to search public partner profiles in AWS Partner Central | List | |||
| SendEmailVerificationCode | Grants permission to send email verification codes in AWS Partner Central | Write | |||
| StartEngagementByAcceptingInvitationTask | Grants permission to initiate tasks that start Engagements on AWS Partner Central by accepting an Engagement Invitation | Write |
partnercentral:AcceptEngagementInvitation partnercentral:CreateOpportunity partnercentral:CreateResourceSnapshotJob partnercentral:GetEngagementInvitation partnercentral:StartResourceSnapshotJob partnercentral:SubmitOpportunity |
||
| StartEngagementFromOpportunityTask | Grants permission to initiate tasks that start Engagements from Opportunities on AWS Partner Central | Write |
partnercentral:CreateEngagement partnercentral:CreateEngagementInvitation partnercentral:CreateResourceSnapshotJob partnercentral:GetOpportunity partnercentral:StartResourceSnapshotJob partnercentral:SubmitOpportunity |
||
| StartOpportunityFromEngagementTask | Grants permission to initiate tasks that start Opportunities from Engagements on AWS Partner Central | Write |
partnercentral:CreateEngagementContext partnercentral:CreateOpportunity partnercentral:CreateResourceSnapshot partnercentral:CreateResourceSnapshotJob partnercentral:GetEngagement partnercentral:StartResourceSnapshotJob |
||
| StartProfileUpdateTask | Grants permission to start profile update tasks in AWS Partner Central | Write | |||
| StartResourceSnapshotJob | Grants permission to starting resource snapshot jobs in AWS Partner Central | Write | |||
| StartVerification | Grants permission to start verification processes in AWS Partner Central | Write | |||
| StopResourceSnapshotJob | Grants permission to stopping resource snapshot jobs in AWS Partner Central | Write | |||
| SubmitBenefitApplication | Grants permission to submit benefit applications in AWS Partner Central | Write | |||
| SubmitOpportunity | Grants permission to submit Opportunities on AWS Partner Central | Write | |||
| TagResource | Grants permission to add new tags to a resource. Supported resource: ResourceSnapshotJob | Tagging | |||
| UntagResource | Grants permission to remove tags from a resource. Supported resource: ResourceSnapshotJob | Tagging | |||
| UpdateBenefitApplication | Grants permission to update benefit applications in AWS Partner Central | Write | |||
| UpdateConnectionPreferences | Grants permission to update connection preferences in AWS Partner Central | Write | |||
| UpdateEngagementContext | Grants permission to update engagement contexts in AWS Partner Central | Write | |||
| UpdateOpportunity | Grants permission to update Opportunities on AWS Partner Central | Write | |||
| UpdateProgramManagementAccount | Grants permission to update program management accounts in AWS Partner Central | Write | |||
| UpdateRelationship | Grants permission to update relationships in AWS Partner Central | Write | |||
Resource types defined by AWS Partner Central
The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the Resource types table. For details about the columns in the following table, see Resource types table.
| Resource types | ARN | Condition keys |
|---|---|---|
| Engagement |
arn:${Partition}:partnercentral:${Region}::catalog/${Catalog}/engagement/${Identifier}
|
|
| engagement-by-accepting-invitation-task |
arn:${Partition}:partnercentral:${Region}::catalog/${Catalog}/engagement-by-accepting-invitation-task/${TaskId}
|
|
| engagement-from-opportunity-task |
arn:${Partition}:partnercentral:${Region}::catalog/${Catalog}/engagement-from-opportunity-task/${TaskId}
|
|
| engagement-invitation |
arn:${Partition}:partnercentral:${Region}::catalog/${Catalog}/engagement-invitation/${Identifier}
|
|
| Opportunity |
arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/opportunity/${Identifier}
|
|
| resource-snapshot-job |
arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/resource-snapshot-job/${Identifier}
|
|
| ResourceSnapshot |
arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/engagement/${EngagementIdentifier}/resource/${ResourceType}/${ResourceIdentifier}/template/${TemplateIdentifier}/resource-snapshot/${SnapshotRevision}
|
|
| Solution |
arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/solution/${Identifier}
|
|
| Partner |
arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/partner/${Identifier}
|
|
| Connection |
arn:${Partition}:partnercentral:${Region}::catalog/${Catalog}/connection/${Identifier}
|
|
| ConnectionInvitation |
arn:${Partition}:partnercentral:${Region}::catalog/${Catalog}/connection-invitation/${Identifier}
|
|
| ConnectionPreferences |
arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/connection-preferences
|
|
| OpportunityFromEngagementTask |
arn:${Partition}:partnercentral:${Region}::catalog/${Catalog}/opportunity-from-engagement-task/${TaskId}
|
|
| Benefit |
arn:${Partition}:partnercentral:${Region}::catalog/${Catalog}/benefit/${Identifier}
|
|
| BenefitAllocation |
arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/benefit-allocation/${Identifier}
|
|
| BenefitApplication |
arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/benefit-application/${Identifier}
|
|
| ProgramManagementAccount |
arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/program-management-account/${Identifier}
|
|
| Relationship |
arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/program-management-account/${ProgramManagementAccountId}/relationship/${RelationshipId}
|
|
| ChannelHandshake |
arn:${Partition}:partnercentral:${Region}:${Account}:catalog/${Catalog}/channel-handshake/${Identifier}
|
|
| Dashboard |
arn:${Partition}:partnercentral::${Account}:catalog/${Catalog}/ReportingData/${TableId}/Dashboard/${DashboardId}
|
Condition keys for AWS Partner Central
AWS Partner Central defines the following condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see Condition keys table.
To view the global condition keys that are available to all services, see AWS global condition context keys.
| Condition keys | Description | Type |
|---|---|---|
| aws:RequestTag/${TagKey} | Filters access by the tags that are passed in the request | String |
| aws:ResourceTag/${TagKey} | Filters access by the tags associated with the resource | String |
| aws:TagKeys | Filters access by the tag keys that are passed in the request | ArrayOfString |
| partnercentral:Catalog | Filters access by a specific Catalog | String |
| partnercentral:ChannelHandshakeType | Filters access by channel handshake types | String |
| partnercentral:FulfillmentTypes | Filters access by benefit fulfillment types | ArrayOfString |
| partnercentral:Programs | Filters access by program | ArrayOfString |
| partnercentral:RelatedEntityType | Filters access by entity types for Opportunity association | String |
| partnercentral:VerificationType | Filters access by the type of verification being performed | String |
