# Actions, resources, and condition keys for Amazon Bedrock Agentcore
<a name="list_amazonbedrockagentcore"></a>

Amazon Bedrock Agentcore (service prefix: `bedrock-agentcore`) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:
+ Learn how to [configure this service](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/).
+ View a list of the [API operations available for this service](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/).
+ Learn how to secure this service and its resources by [using IAM](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/) permission policies.

**Topics**
+ [Actions defined by Amazon Bedrock Agentcore](#amazonbedrockagentcore-actions-as-permissions)
+ [Resource types defined by Amazon Bedrock Agentcore](#amazonbedrockagentcore-resources-for-iam-policies)
+ [Condition keys for Amazon Bedrock Agentcore](#amazonbedrockagentcore-policy-keys)

## Actions defined by Amazon Bedrock Agentcore
<a name="amazonbedrockagentcore-actions-as-permissions"></a>

You can specify the following actions in the `Action` element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.

The **Access level** column of the Actions table describes how the action is classified (List, Read, Permissions management, or Tagging). This classification can help you understand the level of access that an action grants when you use it in a policy. For more information about access levels, see [Access levels in policy summaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html).

The **Resource types** column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("\*") to which the policy applies in the `Resource` element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (\*). If you limit resource access with the `Resource` element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types.

The **Condition keys** column of the Actions table includes keys that you can specify in a policy statement's `Condition` element. For more information on the condition keys that are associated with resources for the service, see the **Condition keys** column of the Resource types table.

The **Dependent actions** column of the Actions table shows additional permissions that may be required to successfully call an action. These permissions may be needed in addition to the permission for the action itself. When an action specifies dependent actions, those dependencies may apply to additional resources defined for that action, not only the first resource listed in the table.

**Note**  
Resource condition keys are listed in the [Resource types](#amazonbedrockagentcore-resources-for-iam-policies) table. You can find a link to the resource type that applies to an action in the **Resource types (\*required)** column of the Actions table. The resource type in the Resource types table includes the **Condition keys** column, which are the resource condition keys that apply to an action in the Actions table.

For details about the columns in the following table, see [Actions table](reference_policies_actions-resources-contextkeys.html#actions_table).


****  


- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/) [permission only]**
  - **Description:** Grants permission to configure vended telemetry for a resource
  - **Access level:** Permissions management
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html) [permission only]**
  - **Description:** Grants permission to evaluate Cedar policies for authorization requests
  - **Access level:** Permissions management
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchCreateMemoryRecords.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchCreateMemoryRecords.html) **
  - **Description:** Grants permission to create one or more memory records
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_namespace](#amazonbedrockagentcore-bedrock-agentcore_namespace)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchDeleteMemoryRecords.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchDeleteMemoryRecords.html) **
  - **Description:** Grants permission to delete one or more memory records
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchUpdateMemoryRecords.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_BatchUpdateMemoryRecords.html) **
  - **Description:** Grants permission to update one or more memory records
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_namespace](#amazonbedrockagentcore-bedrock-agentcore_namespace)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CompleteResourceTokenAuth.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CompleteResourceTokenAuth.html) **
  - **Description:** Grants permission to retrieve access token with OAuth2 for 3LO flow to access external resource
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-oauth2credentialprovider](#amazonbedrockagentcore-oauth2credentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_iss](#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_iss) <br /> [#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_sub](#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_sub) <br /> [#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_aud](#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_aud) <br /> [#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_scope](#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_scope) <br /> [#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_client_id](#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_client_id) <br /> [#amazonbedrockagentcore-bedrock-agentcore_userid](#amazonbedrockagentcore-bedrock-agentcore_userid)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ConnectBrowserAutomationStream.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ConnectBrowserAutomationStream.html) **
  - **Description:** Grants permission to connect to a browser automation stream
  - **Access level:** Read
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ConnectBrowserLiveViewStream.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ConnectBrowserLiveViewStream.html) **
  - **Description:** Grants permission to connect to a browser live view stream
  - **Access level:** Read
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CreateABTest.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CreateABTest.html) **
  - **Description:** Grants permission to create an A/B test
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:**  iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateAgentRuntime.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateAgentRuntime.html) **
  - **Description:** Grants permission to create a new agent runtime
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys) <br /> [#amazonbedrockagentcore-bedrock-agentcore_subnets](#amazonbedrockagentcore-bedrock-agentcore_subnets) <br /> [#amazonbedrockagentcore-bedrock-agentcore_securityGroups](#amazonbedrockagentcore-bedrock-agentcore_securityGroups) <br /> [#amazonbedrockagentcore-bedrock-agentcore_RuntimeAuthorizerType](#amazonbedrockagentcore-bedrock-agentcore_RuntimeAuthorizerType) 
  - **Dependent actions:**  iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateAgentRuntimeEndpoint.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateAgentRuntimeEndpoint.html) **
  - **Description:** Grants permission to create a new agent runtime endpoint
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateApiKeyCredentialProvider.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateApiKeyCredentialProvider.html) **
  - **Description:** Grants permission to create a new API Key Credential Provider
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-apikeycredentialprovider](#amazonbedrockagentcore-apikeycredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateBrowser.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateBrowser.html) **
  - **Description:** Grants permission to create a new custom browser
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys) <br /> [#amazonbedrockagentcore-bedrock-agentcore_subnets](#amazonbedrockagentcore-bedrock-agentcore_subnets) <br /> [#amazonbedrockagentcore-bedrock-agentcore_securityGroups](#amazonbedrockagentcore-bedrock-agentcore_securityGroups) 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateBrowserProfile.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateBrowserProfile.html) **
  - **Description:** Grants permission to create a new browser profile
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys) 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateCodeInterpreter.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateCodeInterpreter.html) **
  - **Description:** Grants permission to create a new custom code interpreter
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys) <br /> [#amazonbedrockagentcore-bedrock-agentcore_subnets](#amazonbedrockagentcore-bedrock-agentcore_subnets) <br /> [#amazonbedrockagentcore-bedrock-agentcore_securityGroups](#amazonbedrockagentcore-bedrock-agentcore_securityGroups) 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateConfigurationBundle.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateConfigurationBundle.html) **
  - **Description:** Grants permission to create a new configuration bundle
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateEvaluator.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateEvaluator.html) **
  - **Description:** Grants permission to create a new evaluator
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys) 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CreateEvent.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_CreateEvent.html) **
  - **Description:** Grants permission to create an Event
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_sessionId](#amazonbedrockagentcore-bedrock-agentcore_sessionId) <br /> [#amazonbedrockagentcore-bedrock-agentcore_actorId](#amazonbedrockagentcore-bedrock-agentcore_actorId)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGateway.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGateway.html) **
  - **Description:** Grants permission to create a new gateway
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys) 
  - **Dependent actions:**  iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGatewayRule.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGatewayRule.html) **
  - **Description:** Grants permission to create a new rule in an existing gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGatewayTarget.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateGatewayTarget.html) **
  - **Description:** Grants permission to create a new target in an existing gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateHarness.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateHarness.html) **
  - **Description:** Grants permission to create a new harness
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys) 
  - **Dependent actions:**  bedrock-agentcore:CreateAgentRuntime <br /> bedrock-agentcore:GetAgentRuntime <br /> iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateMemory.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateMemory.html) **
  - **Description:** Grants permission to create a Memory resource
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys) <br /> [#amazonbedrockagentcore-bedrock-agentcore_KmsKeyArn](#amazonbedrockagentcore-bedrock-agentcore_KmsKeyArn) 
  - **Dependent actions:**  iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateOauth2CredentialProvider.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateOauth2CredentialProvider.html) **
  - **Description:** Grants permission to create a new Credential Provider to access external resources with OAuth2 protocol
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-oauth2credentialprovider](#amazonbedrockagentcore-oauth2credentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateOnlineEvaluationConfig.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateOnlineEvaluationConfig.html) **
  - **Description:** Grants permission to create a new online evaluation configuration
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys) 
  - **Dependent actions:**  iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentConnector.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentConnector.html) **
  - **Description:** Grants permission to create a new payment connector under a payment manager
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentCredentialProvider.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentCredentialProvider.html) **
  - **Description:** Grants permission to create a new Payment Credential Provider
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-paymentcredentialprovider](#amazonbedrockagentcore-paymentcredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentInstrument.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentInstrument.html) **
  - **Description:** Grants permission to create a new payment instrument
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentManager.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentManager.html) **
  - **Description:** Grants permission to create a new payment manager
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys) 
  - **Dependent actions:**  iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentSession.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePaymentSession.html) **
  - **Description:** Grants permission to create a new payment session
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePolicy.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePolicy.html) **
  - **Description:** Grants permission to create a new policy within a policy engine
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePolicyEngine.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreatePolicyEngine.html) **
  - **Description:** Grants permission to create a new policy engine
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys) 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateRegistry.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateRegistry.html) **
  - **Description:** Grants permission to create a new registry
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateRegistryRecord.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateRegistryRecord.html) **
  - **Description:** Grants permission to create a new registry record
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-registry](#amazonbedrockagentcore-registry) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateWorkloadIdentity.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_CreateWorkloadIdentity.html) **
  - **Description:** Grants permission to create a new Workload Identity
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_) <br /> [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteABTest.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteABTest.html) **
  - **Description:** Grants permission to delete an A/B test
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-ab-test](#amazonbedrockagentcore-ab-test) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteAgentRuntime.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteAgentRuntime.html) **
  - **Description:** Grants permission to delete an agent runtime
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteAgentRuntimeEndpoint.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteAgentRuntimeEndpoint.html) **
  - **Description:** Grants permission to delete an agent runtime endpoint
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteApiKeyCredentialProvider.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteApiKeyCredentialProvider.html) **
  - **Description:** Grants permission to delete a registered API Key Credential Provider
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-apikeycredentialprovider](#amazonbedrockagentcore-apikeycredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteBatchEvaluation.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteBatchEvaluation.html) **
  - **Description:** Grants permission to delete a batch evaluation
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-batch-evaluate](#amazonbedrockagentcore-batch-evaluate) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteBrowser.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteBrowser.html) **
  - **Description:** Grants permission to delete a custom browser
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-custom](#amazonbedrockagentcore-browser-custom) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteBrowserProfile.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteBrowserProfile.html) **
  - **Description:** Grants permission to delete a browser profile
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-profile](#amazonbedrockagentcore-browser-profile) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteCodeInterpreter.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteCodeInterpreter.html) **
  - **Description:** Grants permission to delete a custom code interpreter
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter-custom](#amazonbedrockagentcore-code-interpreter-custom) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteConfigurationBundle.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteConfigurationBundle.html) **
  - **Description:** Grants permission to delete a configuration bundle
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-configuration-bundle](#amazonbedrockagentcore-configuration-bundle) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteEvaluator.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteEvaluator.html) **
  - **Description:** Grants permission to delete an evaluator
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-evaluator](#amazonbedrockagentcore-evaluator) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteEvent.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteEvent.html) **
  - **Description:** Grants permission to delete an Event
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_sessionId](#amazonbedrockagentcore-bedrock-agentcore_sessionId) <br /> [#amazonbedrockagentcore-bedrock-agentcore_actorId](#amazonbedrockagentcore-bedrock-agentcore_actorId)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGateway.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGateway.html) **
  - **Description:** Grants permission to delete an existing gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGatewayRule.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGatewayRule.html) **
  - **Description:** Grants permission to delete an existing gateway rule
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGatewayTarget.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteGatewayTarget.html) **
  - **Description:** Grants permission to delete an existing gateway target
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteHarness.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteHarness.html) **
  - **Description:** Grants permission to delete a harness
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-harness](#amazonbedrockagentcore-harness) 
  - **Condition keys:** 
  - **Dependent actions:**  bedrock-agentcore:DeleteAgentRuntime <br /> bedrock-agentcore:GetAgentRuntime <br /> iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteMemory.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteMemory.html) **
  - **Description:** Grants permission to delete a Memory resource
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteMemoryRecord.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteMemoryRecord.html) **
  - **Description:** Grants permission to delete a Memory Record
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteOauth2CredentialProvider.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteOauth2CredentialProvider.html) **
  - **Description:** Grants permission to delete a registered OAuth2 Credential Provider
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-oauth2credentialprovider](#amazonbedrockagentcore-oauth2credentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteOnlineEvaluationConfig.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteOnlineEvaluationConfig.html) **
  - **Description:** Grants permission to delete an online evaluation configuration
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-online-evaluation-config](#amazonbedrockagentcore-online-evaluation-config) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentConnector.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentConnector.html) **
  - **Description:** Grants permission to delete a payment connector
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentCredentialProvider.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentCredentialProvider.html) **
  - **Description:** Grants permission to delete a registered Payment Credential Provider
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-paymentcredentialprovider](#amazonbedrockagentcore-paymentcredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentInstrument.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentInstrument.html) **
  - **Description:** Grants permission to delete a payment instrument
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentManager.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentManager.html) **
  - **Description:** Grants permission to delete a payment manager
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentSession.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePaymentSession.html) **
  - **Description:** Grants permission to delete a payment session
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePolicy.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePolicy.html) **
  - **Description:** Grants permission to delete a policy
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy](#amazonbedrockagentcore-policy)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePolicyEngine.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeletePolicyEngine.html) **
  - **Description:** Grants permission to delete a policy engine
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteRecommendation.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_DeleteRecommendation.html) **
  - **Description:** Grants permission to delete a recommendation
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-recommendation](#amazonbedrockagentcore-recommendation) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteRegistry.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteRegistry.html) **
  - **Description:** Grants permission to delete an existing registry
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-registry](#amazonbedrockagentcore-registry) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteRegistryRecord.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteRegistryRecord.html) **
  - **Description:** Grants permission to delete an existing registry record
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-registry-record](#amazonbedrockagentcore-registry-record) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteResourcePolicy.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteResourcePolicy.html) **
  - **Description:** Grants permission to delete the resource-based policy for a Bedrock resource
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteWorkloadIdentity.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_DeleteWorkloadIdentity.html) **
  - **Description:** Grants permission to delete a registered Workload Identity
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_Evaluate.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_Evaluate.html) **
  - **Description:** Grants permission to run an evaluation using an evaluator
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-evaluator](#amazonbedrockagentcore-evaluator) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetABTest.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetABTest.html) **
  - **Description:** Grants permission to get details of an A/B test
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-ab-test](#amazonbedrockagentcore-ab-test) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetAgentCard.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetAgentCard.html) **
  - **Description:** Grants permission to retrieve an agent card for A2A
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetAgentRuntime.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetAgentRuntime.html) **
  - **Description:** Grants permission to get details of an agent runtime
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetAgentRuntimeEndpoint.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetAgentRuntimeEndpoint.html) **
  - **Description:** Grants permission to get details of an agent runtime endpoint
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetApiKeyCredentialProvider.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetApiKeyCredentialProvider.html) **
  - **Description:** Grants permission to fetch a registered API Key Credential Provider by its name
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-apikeycredentialprovider](#amazonbedrockagentcore-apikeycredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetBatchEvaluation.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetBatchEvaluation.html) **
  - **Description:** Grants permission to get details of a batch evaluation
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-batch-evaluate](#amazonbedrockagentcore-batch-evaluate) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetBrowser.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetBrowser.html) **
  - **Description:** Grants permission to get details of a browser
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-custom](#amazonbedrockagentcore-browser-custom) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetBrowserProfile.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetBrowserProfile.html) **
  - **Description:** Grants permission to get details of a browser profile
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-profile](#amazonbedrockagentcore-browser-profile) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetBrowserSession.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetBrowserSession.html) **
  - **Description:** Grants permission to get details of a browser session
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser](#amazonbedrockagentcore-browser)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-custom](#amazonbedrockagentcore-browser-custom)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetCodeInterpreter.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetCodeInterpreter.html) **
  - **Description:** Grants permission to get details of a code interpreter
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter-custom](#amazonbedrockagentcore-code-interpreter-custom) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetCodeInterpreterSession.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetCodeInterpreterSession.html) **
  - **Description:** Grants permission to get details of a code interpreter session
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter](#amazonbedrockagentcore-code-interpreter)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter-custom](#amazonbedrockagentcore-code-interpreter-custom)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetConfigurationBundle.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetConfigurationBundle.html) **
  - **Description:** Grants permission to get details of a configuration bundle
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-configuration-bundle](#amazonbedrockagentcore-configuration-bundle) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetConfigurationBundleVersion.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetConfigurationBundleVersion.html) **
  - **Description:** Grants permission to get a specific version of a configuration bundle
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-configuration-bundle](#amazonbedrockagentcore-configuration-bundle) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetEvaluator.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetEvaluator.html) **
  - **Description:** Grants permission to get details of an evaluator
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-evaluator](#amazonbedrockagentcore-evaluator) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetEvent.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetEvent.html) **
  - **Description:** Grants permission to fetch an Event
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_sessionId](#amazonbedrockagentcore-bedrock-agentcore_sessionId) <br /> [#amazonbedrockagentcore-bedrock-agentcore_actorId](#amazonbedrockagentcore-bedrock-agentcore_actorId)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGateway.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGateway.html) **
  - **Description:** Grants permission to retrieve an existing gateway
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGatewayRule.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGatewayRule.html) **
  - **Description:** Grants permission to retrieve an existing gateway rule
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGatewayTarget.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetGatewayTarget.html) **
  - **Description:** Grants permission to retrieve an existing gateway target
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetHarness.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetHarness.html) **
  - **Description:** Grants permission to get details of a harness
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-harness](#amazonbedrockagentcore-harness) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetMemory.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetMemory.html) **
  - **Description:** Grants permission to fetch details for a Memory resource
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetMemoryRecord.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetMemoryRecord.html) **
  - **Description:** Grants permission to fetch a Memory Record
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetOauth2CredentialProvider.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetOauth2CredentialProvider.html) **
  - **Description:** Grants permission to fetch a registered OAuth2 Credential Provider by its name
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-oauth2credentialprovider](#amazonbedrockagentcore-oauth2credentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetOnlineEvaluationConfig.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetOnlineEvaluationConfig.html) **
  - **Description:** Grants permission to get details of an online evaluation configuration
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-online-evaluation-config](#amazonbedrockagentcore-online-evaluation-config) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentConnector.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentConnector.html) **
  - **Description:** Grants permission to retrieve details of a payment connector
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentCredentialProvider.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentCredentialProvider.html) **
  - **Description:** Grants permission to fetch a registered Payment Credential Provider by its name
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-paymentcredentialprovider](#amazonbedrockagentcore-paymentcredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentInstrument.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentInstrument.html) **
  - **Description:** Grants permission to retrieve details of a payment instrument
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentInstrumentBalance.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentInstrumentBalance.html) **
  - **Description:** Grants permission to retrieve the balance of a payment instrument
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentManager.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentManager.html) **
  - **Description:** Grants permission to retrieve details of a payment manager
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentSession.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPaymentSession.html) **
  - **Description:** Grants permission to retrieve details of a payment session
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicy.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicy.html) **
  - **Description:** Grants permission to retrieve a policy
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy](#amazonbedrockagentcore-policy)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyEngine.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyEngine.html) **
  - **Description:** Grants permission to retrieve a policy engine
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyEngineSummary.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyEngineSummary.html) **
  - **Description:** Grants permission to retrieve a summary of a policy engine
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyGeneration.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyGeneration.html) **
  - **Description:** Grants permission to retrieve status and results of a policy generation request
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-generation](#amazonbedrockagentcore-policy-generation)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyGenerationSummary.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicyGenerationSummary.html) **
  - **Description:** Grants permission to retrieve a summary of a policy generation request
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-generation](#amazonbedrockagentcore-policy-generation)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicySummary.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetPolicySummary.html) **
  - **Description:** Grants permission to retrieve a summary of a policy
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy](#amazonbedrockagentcore-policy)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetRecommendation.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetRecommendation.html) **
  - **Description:** Grants permission to get details of a recommendation
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-recommendation](#amazonbedrockagentcore-recommendation) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetRegistry.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetRegistry.html) **
  - **Description:** Grants permission to retrieve an existing registry
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-registry](#amazonbedrockagentcore-registry) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetRegistryRecord.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetRegistryRecord.html) **
  - **Description:** Grants permission to retrieve an existing registry record
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-registry-record](#amazonbedrockagentcore-registry-record) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetResourceApiKey.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetResourceApiKey.html) **
  - **Description:** Grants permission to retrieve an API Key associated with an Api Key Credential Provider
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-apikeycredentialprovider](#amazonbedrockagentcore-apikeycredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetResourceOauth2Token.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetResourceOauth2Token.html) **
  - **Description:** Grants permission to retrieve access token with OAuth2 2LO or 3LO flow to access external resource
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-oauth2credentialprovider](#amazonbedrockagentcore-oauth2credentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetResourcePaymentToken.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetResourcePaymentToken.html) **
  - **Description:** Grants permission to retrieve a payment authentication token associated with a Payment Credential Provider
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-paymentcredentialprovider](#amazonbedrockagentcore-paymentcredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetResourcePolicy.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetResourcePolicy.html) **
  - **Description:** Grants permission to retrieve the resource-based policy for a Bedrock resource
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetTokenVault.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetTokenVault.html) **
  - **Description:** Grants permission to fetch the current configuration of the TokenVault, including encryption settings
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessToken.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessToken.html) **
  - **Description:** Grants permission to retrieve an Workload access token for agentic workloads not acting on behalf of a user
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessTokenForJWT.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessTokenForJWT.html) **
  - **Description:** Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with JWT token
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_iss](#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_iss) <br /> [#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_sub](#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_sub) <br /> [#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_aud](#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_aud) <br /> [#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_scope](#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_scope) <br /> [#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_client_id](#amazonbedrockagentcore-bedrock-agentcore_InboundJwtClaim_client_id)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessTokenForUserId.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_GetWorkloadAccessTokenForUserId.html) **
  - **Description:** Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with User Id
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_userid](#amazonbedrockagentcore-bedrock-agentcore_userid)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetWorkloadIdentity.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_GetWorkloadIdentity.html) **
  - **Description:** Grants permission to fetch details for a specific Workload identity, including its name and allowed OAuth2 return URLs
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntime.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntime.html) **
  - **Description:** Grants permission to invoke an agent runtime endpoint
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeCommand.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeCommand.html) **
  - **Description:** Grants permission to invoke commands on an agent runtime endpoint
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntime.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntime.html) **
  - **Description:** Grants permission to invoke an agent runtime endpoint with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeWithWebSocketStream.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeWithWebSocketStream.html) **
  - **Description:** Grants permission to invoke an agent runtime endpoint with WebSocket stream
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeWithWebSocketStream.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeAgentRuntimeWithWebSocketStream.html) **
  - **Description:** Grants permission to invoke an agent runtime endpoint with WebSocket stream and with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeCodeInterpreter.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeCodeInterpreter.html) **
  - **Description:** Grants permission to invoke a code interpreter session
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter](#amazonbedrockagentcore-code-interpreter)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter-custom](#amazonbedrockagentcore-code-interpreter-custom)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html) [permission only]**
  - **Description:** Grants permission to invoke a gateway
  - **Access level:** Permissions management
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeHarness.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_InvokeHarness.html) **
  - **Description:** Grants permission to invoke a harness
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-harness](#amazonbedrockagentcore-harness) 
  - **Condition keys:** 
  - **Dependent actions:**  bedrock-agentcore:InvokeAgentRuntime 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html) **
  - **Description:** Grants permission to invoke an MCP operation against an existing registry
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-registry](#amazonbedrockagentcore-registry) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListABTests.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListABTests.html) **
  - **Description:** Grants permission to list A/B tests
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListActors.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListActors.html) **
  - **Description:** Grants permission to list Actors
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimeEndpoints.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimeEndpoints.html) **
  - **Description:** Grants permission to list agent runtime endpoints
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimeVersions.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimeVersions.html) **
  - **Description:** Grants permission to list agent runtime versions
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimes.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListAgentRuntimes.html) **
  - **Description:** Grants permission to list agent runtimes
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListApiKeyCredentialProviders.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListApiKeyCredentialProviders.html) **
  - **Description:** Grants permission to list all API Key Credential Providers in the Token Vault
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-apikeycredentialprovider](#amazonbedrockagentcore-apikeycredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListBatchEvaluations.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListBatchEvaluations.html) **
  - **Description:** Grants permission to list batch evaluations
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListBrowserProfiles.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListBrowserProfiles.html) **
  - **Description:** Grants permission to list browser profiles
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListBrowserSessions.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListBrowserSessions.html) **
  - **Description:** Grants permission to list browser sessions
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListBrowsers.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListBrowsers.html) **
  - **Description:** Grants permission to list browsers
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListCodeInterpreterSessions.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListCodeInterpreterSessions.html) **
  - **Description:** Grants permission to list code interpreter sessions
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter](#amazonbedrockagentcore-code-interpreter)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter-custom](#amazonbedrockagentcore-code-interpreter-custom)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListCodeInterpreters.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListCodeInterpreters.html) **
  - **Description:** Grants permission to list code interpreters
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListConfigurationBundleVersions.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListConfigurationBundleVersions.html) **
  - **Description:** Grants permission to list versions of a configuration bundle
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-configuration-bundle](#amazonbedrockagentcore-configuration-bundle) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListConfigurationBundles.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListConfigurationBundles.html) **
  - **Description:** Grants permission to list configuration bundles
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListEvaluators.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListEvaluators.html) **
  - **Description:** Grants permission to list evaluators
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListEvents.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListEvents.html) **
  - **Description:** Grants permission to list events
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_sessionId](#amazonbedrockagentcore-bedrock-agentcore_sessionId) <br /> [#amazonbedrockagentcore-bedrock-agentcore_actorId](#amazonbedrockagentcore-bedrock-agentcore_actorId)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGatewayRules.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGatewayRules.html) **
  - **Description:** Grants permission to list existing gateway rules
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGatewayTargets.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGatewayTargets.html) **
  - **Description:** Grants permission to list existing gateway targets
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGateways.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListGateways.html) **
  - **Description:** Grants permission to list existing gateways
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListHarnesses.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListHarnesses.html) **
  - **Description:** Grants permission to list harnesses
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListMemories.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListMemories.html) **
  - **Description:** Grants permission to list memory resources
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListMemoryExtractionJobs.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListMemoryExtractionJobs.html) **
  - **Description:** Grants permission to list extraction jobs for this memory
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListMemoryRecords.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListMemoryRecords.html) **
  - **Description:** Grants permission to list memory records
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_namespace](#amazonbedrockagentcore-bedrock-agentcore_namespace) <br /> [#amazonbedrockagentcore-bedrock-agentcore_strategyId](#amazonbedrockagentcore-bedrock-agentcore_strategyId)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListOauth2CredentialProviders.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListOauth2CredentialProviders.html) **
  - **Description:** Grants permission to list all OAuth2 Credential Providers in the Token Vault
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-oauth2credentialprovider](#amazonbedrockagentcore-oauth2credentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListOnlineEvaluationConfigs.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListOnlineEvaluationConfigs.html) **
  - **Description:** Grants permission to list online evaluation configurations
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentConnectors.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentConnectors.html) **
  - **Description:** Grants permission to list payment connectors under a payment manager
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentCredentialProviders.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentCredentialProviders.html) **
  - **Description:** Grants permission to list all Payment Credential Providers in the Token Vault
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-paymentcredentialprovider](#amazonbedrockagentcore-paymentcredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentInstruments.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentInstruments.html) **
  - **Description:** Grants permission to list payment instruments
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentManagers.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentManagers.html) **
  - **Description:** Grants permission to list payment managers
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentSessions.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPaymentSessions.html) **
  - **Description:** Grants permission to list payment sessions
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicies.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicies.html) **
  - **Description:** Grants permission to list policies within a policy engine
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngineSummaries.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngineSummaries.html) **
  - **Description:** Grants permission to list policy engine summaries
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngines.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngines.html) **
  - **Description:** Grants permission to list policy engines
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationAssets.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationAssets.html) **
  - **Description:** Grants permission to list generated policy assets from a generation request
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-generation](#amazonbedrockagentcore-policy-generation)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationSummaries.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationSummaries.html) **
  - **Description:** Grants permission to list policy generation summaries
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerations.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerations.html) **
  - **Description:** Grants permission to list policy generation requests
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicySummaries.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicySummaries.html) **
  - **Description:** Grants permission to list policy summaries within a policy engine
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListRecommendations.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListRecommendations.html) **
  - **Description:** Grants permission to list recommendations
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListRegistries.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListRegistries.html) **
  - **Description:** Grants permission to list existing registries
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListRegistryRecords.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListRegistryRecords.html) **
  - **Description:** Grants permission to list existing registry records in a registry
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-registry](#amazonbedrockagentcore-registry) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListSessions.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_ListSessions.html) **
  - **Description:** Grants permission to list sessions
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_actorId](#amazonbedrockagentcore-bedrock-agentcore_actorId)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListTagsForResource.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListTagsForResource.html) **
  - **Description:** Grants permission to list tags for a Bedrock-AgentCore resource
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-apikeycredentialprovider](#amazonbedrockagentcore-apikeycredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-custom](#amazonbedrockagentcore-browser-custom)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-profile](#amazonbedrockagentcore-browser-profile)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter-custom](#amazonbedrockagentcore-code-interpreter-custom)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-evaluator](#amazonbedrockagentcore-evaluator)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-harness](#amazonbedrockagentcore-harness)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-oauth2credentialprovider](#amazonbedrockagentcore-oauth2credentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-online-evaluation-config](#amazonbedrockagentcore-online-evaluation-config)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-paymentcredentialprovider](#amazonbedrockagentcore-paymentcredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListWorkloadIdentities.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListWorkloadIdentities.html) **
  - **Description:** Grants permission to list all Workload Identities in the caller's AWS account
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html) [permission only]**
  - **Description:** Grants permission to create or modify wildcard policies that apply to gateway resources
  - **Access level:** Permissions management
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html) [permission only]**
  - **Description:** Grants permission to create or modify policies that apply to specific gateway resources
  - **Access level:** Permissions management
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html) [permission only]**
  - **Description:** Grants permission to perform partial evaluation of Cedar policies to authorize a caller to list tools they are allowed to call
  - **Access level:** Permissions management
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ProcessPayment.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ProcessPayment.html) **
  - **Description:** Grants permission to process a payment transaction
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_PutResourcePolicy.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_PutResourcePolicy.html) **
  - **Description:** Grants permission to create or update the resource-based policy for a Bedrock resource
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_RetrieveMemoryRecords.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_RetrieveMemoryRecords.html) **
  - **Description:** Grants permission to retrieve memory records through sematic query
  - **Access level:** List
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_namespace](#amazonbedrockagentcore-bedrock-agentcore_namespace) <br /> [#amazonbedrockagentcore-bedrock-agentcore_strategyId](#amazonbedrockagentcore-bedrock-agentcore_strategyId)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_SaveBrowserSessionProfile.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_SaveBrowserSessionProfile.html) **
  - **Description:** Grants permission to save a browser session profile
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser](#amazonbedrockagentcore-browser)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-custom](#amazonbedrockagentcore-browser-custom)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-profile](#amazonbedrockagentcore-browser-profile)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_SearchRegistryRecords.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_SearchRegistryRecords.html) **
  - **Description:** Grants permission to search for registry records
  - **Access level:** Read
  - **Resource types (\*required):**  [#amazonbedrockagentcore-registry](#amazonbedrockagentcore-registry) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_SetTokenVaultCMK.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_SetTokenVaultCMK.html) **
  - **Description:** Grants permission to associate a Customer Managed Key (CMK) or a Service Managed Key with a specific TokenVault
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartBatchEvaluation.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartBatchEvaluation.html) **
  - **Description:** Grants permission to start a batch evaluation
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartBrowserSession.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartBrowserSession.html) **
  - **Description:** Grants permission to start a new browser session
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser](#amazonbedrockagentcore-browser)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-custom](#amazonbedrockagentcore-browser-custom)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-profile](#amazonbedrockagentcore-browser-profile)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartCodeInterpreterSession.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartCodeInterpreterSession.html) **
  - **Description:** Grants permission to start a new code interpreter session
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter](#amazonbedrockagentcore-code-interpreter)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter-custom](#amazonbedrockagentcore-code-interpreter-custom)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartMemoryExtractionJob.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartMemoryExtractionJob.html) **
  - **Description:** Grants permission to start memory extraction job
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_strategyId](#amazonbedrockagentcore-bedrock-agentcore_strategyId) <br /> [#amazonbedrockagentcore-bedrock-agentcore_sessionId](#amazonbedrockagentcore-bedrock-agentcore_sessionId) <br /> [#amazonbedrockagentcore-bedrock-agentcore_actorId](#amazonbedrockagentcore-bedrock-agentcore_actorId)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_StartPolicyGeneration.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_StartPolicyGeneration.html) **
  - **Description:** Grants permission to start an AI-powered policy generation request
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartRecommendation.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StartRecommendation.html) **
  - **Description:** Grants permission to start a recommendation
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopBatchEvaluation.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopBatchEvaluation.html) **
  - **Description:** Grants permission to stop a batch evaluation
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-batch-evaluate](#amazonbedrockagentcore-batch-evaluate) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopBrowserSession.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopBrowserSession.html) **
  - **Description:** Grants permission to stop a browser session
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser](#amazonbedrockagentcore-browser)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-custom](#amazonbedrockagentcore-browser-custom)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopCodeInterpreterSession.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopCodeInterpreterSession.html) **
  - **Description:** Grants permission to stop a code interpreter session
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter](#amazonbedrockagentcore-code-interpreter)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter-custom](#amazonbedrockagentcore-code-interpreter-custom)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopRuntimeSession.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_StopRuntimeSession.html) **
  - **Description:** Grants permission to stop a runtime session
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_SubmitRegistryRecordForApproval.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_SubmitRegistryRecordForApproval.html) **
  - **Description:** Grants permission to submit a registry record for approval
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-registry-record](#amazonbedrockagentcore-registry-record) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/welcome.html) [permission only]**
  - **Description:** Grants permission to enable search on gateways
  - **Access level:** Permissions management
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_TagResource.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_TagResource.html) **
  - **Description:** Grants permission to Tag a Bedrock-AgentCore resource
  - **Access level:** Tagging
  - **Resource types (\*required):**  [#amazonbedrockagentcore-apikeycredentialprovider](#amazonbedrockagentcore-apikeycredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-custom](#amazonbedrockagentcore-browser-custom)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-profile](#amazonbedrockagentcore-browser-profile)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter-custom](#amazonbedrockagentcore-code-interpreter-custom)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-evaluator](#amazonbedrockagentcore-evaluator)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-harness](#amazonbedrockagentcore-harness)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-oauth2credentialprovider](#amazonbedrockagentcore-oauth2credentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-online-evaluation-config](#amazonbedrockagentcore-online-evaluation-config)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-paymentcredentialprovider](#amazonbedrockagentcore-paymentcredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys) <br /> [#amazonbedrockagentcore-aws_RequestTag___TagKey_](#amazonbedrockagentcore-aws_RequestTag___TagKey_)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UntagResource.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UntagResource.html) **
  - **Description:** Grants permission to Untag a Bedrock-AgentCore resource
  - **Access level:** Tagging
  - **Resource types (\*required):**  [#amazonbedrockagentcore-apikeycredentialprovider](#amazonbedrockagentcore-apikeycredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-custom](#amazonbedrockagentcore-browser-custom)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-profile](#amazonbedrockagentcore-browser-profile)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-code-interpreter-custom](#amazonbedrockagentcore-code-interpreter-custom)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-evaluator](#amazonbedrockagentcore-evaluator)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-harness](#amazonbedrockagentcore-harness)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-oauth2credentialprovider](#amazonbedrockagentcore-oauth2credentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-online-evaluation-config](#amazonbedrockagentcore-online-evaluation-config)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-paymentcredentialprovider](#amazonbedrockagentcore-paymentcredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-aws_TagKeys](#amazonbedrockagentcore-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_UpdateABTest.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_UpdateABTest.html) **
  - **Description:** Grants permission to update an A/B test
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-ab-test](#amazonbedrockagentcore-ab-test) 
  - **Condition keys:** 
  - **Dependent actions:**  iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateAgentRuntime.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateAgentRuntime.html) **
  - **Description:** Grants permission to update an agent runtime
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:**  iam:PassRole 
  - **Resource types (\*required):**  / **Condition keys:**  [#amazonbedrockagentcore-bedrock-agentcore_subnets](#amazonbedrockagentcore-bedrock-agentcore_subnets) <br /> [#amazonbedrockagentcore-bedrock-agentcore_securityGroups](#amazonbedrockagentcore-bedrock-agentcore_securityGroups) <br /> [#amazonbedrockagentcore-bedrock-agentcore_RuntimeAuthorizerType](#amazonbedrockagentcore-bedrock-agentcore_RuntimeAuthorizerType)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateAgentRuntimeEndpoint.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateAgentRuntimeEndpoint.html) **
  - **Description:** Grants permission to update an agent runtime endpoint
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime](#amazonbedrockagentcore-runtime)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-runtime-endpoint](#amazonbedrockagentcore-runtime-endpoint)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateApiKeyCredentialProvider.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateApiKeyCredentialProvider.html) **
  - **Description:** Grants permission to update an existing API Key Credential Provider
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-apikeycredentialprovider](#amazonbedrockagentcore-apikeycredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_UpdateBrowserStream.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/API_UpdateBrowserStream.html) **
  - **Description:** Grants permission to update the status of browser session stream
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser](#amazonbedrockagentcore-browser)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-browser-custom](#amazonbedrockagentcore-browser-custom)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateConfigurationBundle.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateConfigurationBundle.html) **
  - **Description:** Grants permission to update a configuration bundle
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-configuration-bundle](#amazonbedrockagentcore-configuration-bundle) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateEvaluator.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateEvaluator.html) **
  - **Description:** Grants permission to update an evaluator
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-evaluator](#amazonbedrockagentcore-evaluator) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateGateway.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateGateway.html) **
  - **Description:** Grants permission to update an existing gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:**  iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateGatewayRule.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateGatewayRule.html) **
  - **Description:** Grants permission to update an existing gateway rule
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateGatewayTarget.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateGatewayTarget.html) **
  - **Description:** Grants permission to update an existing gateway target
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-gateway](#amazonbedrockagentcore-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateHarness.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateHarness.html) **
  - **Description:** Grants permission to update a harness
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-harness](#amazonbedrockagentcore-harness) 
  - **Condition keys:** 
  - **Dependent actions:**  bedrock-agentcore:GetAgentRuntime <br /> bedrock-agentcore:UpdateAgentRuntime <br /> iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateMemory.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateMemory.html) **
  - **Description:** Grants permission to update a Memory resource
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-memory](#amazonbedrockagentcore-memory) 
  - **Condition keys:** 
  - **Dependent actions:**  iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateOauth2CredentialProvider.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateOauth2CredentialProvider.html) **
  - **Description:** Grants permission to update an existing OAuth2 Credential Provider
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-oauth2credentialprovider](#amazonbedrockagentcore-oauth2credentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateOnlineEvaluationConfig.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateOnlineEvaluationConfig.html) **
  - **Description:** Grants permission to update an online evaluation configuration
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-online-evaluation-config](#amazonbedrockagentcore-online-evaluation-config) 
  - **Condition keys:** 
  - **Dependent actions:**  iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePaymentConnector.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePaymentConnector.html) **
  - **Description:** Grants permission to update an existing payment connector
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePaymentCredentialProvider.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePaymentCredentialProvider.html) **
  - **Description:** Grants permission to update an existing Payment Credential Provider
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-paymentcredentialprovider](#amazonbedrockagentcore-paymentcredentialprovider)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-token-vault](#amazonbedrockagentcore-token-vault)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePaymentManager.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePaymentManager.html) **
  - **Description:** Grants permission to update an existing payment manager
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-payment-manager](#amazonbedrockagentcore-payment-manager) 
  - **Condition keys:** 
  - **Dependent actions:**  iam:PassRole 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePolicy.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePolicy.html) **
  - **Description:** Grants permission to update an existing policy
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy](#amazonbedrockagentcore-policy)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePolicyEngine.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdatePolicyEngine.html) **
  - **Description:** Grants permission to update a policy engine
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-policy-engine](#amazonbedrockagentcore-policy-engine) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateRegistry.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateRegistry.html) **
  - **Description:** Grants permission to update an existing registry
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-registry](#amazonbedrockagentcore-registry) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateRegistryRecord.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateRegistryRecord.html) **
  - **Description:** Grants permission to update an existing registry record
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-registry-record](#amazonbedrockagentcore-registry-record) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateRegistryRecordStatus.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateRegistryRecordStatus.html) **
  - **Description:** Grants permission to update the status of a registry record
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-registry-record](#amazonbedrockagentcore-registry-record) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateWorkloadIdentity.html](https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_UpdateWorkloadIdentity.html) **
  - **Description:** Grants permission to update the metadata of an existing Workload Identity
  - **Access level:** Write
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity](#amazonbedrockagentcore-workload-identity)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#amazonbedrockagentcore-workload-identity-directory](#amazonbedrockagentcore-workload-identity-directory)  / **Condition keys:**  / **Dependent actions:** 



## Resource types defined by Amazon Bedrock Agentcore
<a name="amazonbedrockagentcore-resources-for-iam-policies"></a>

The following resource types are defined by this service and can be used in the `Resource` element of IAM permission policy statements. Each action in the [Actions table](#amazonbedrockagentcore-actions-as-permissions) identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see [Resource types table](reference_policies_actions-resources-contextkeys.html#resources_table).


****  

| Resource types | ARN | Condition keys | 
| --- | --- | --- | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/evaluator.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/evaluator.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:evaluator/${EvaluatorId}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/onlineEvaluationConfig.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/onlineEvaluationConfig.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:online-evaluation-config/${OnlineEvaluationConfigId}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/memory.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/memory.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:memory/${MemoryId}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/gateway.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/gateway.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:gateway/${GatewayId}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/workloadIdentity.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/workloadIdentity.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:workload-identity-directory/${DirectoryId}/workload-identity/${WorkloadIdentityName}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/oauth2credentialprovider.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/oauth2credentialprovider.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}/oauth2credentialprovider/${Name}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/apikeycredentialprovider.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/apikeycredentialprovider.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}/apikeycredentialprovider/${Name}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/runtime.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/runtime.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:runtime/${RuntimeId}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/runtimeEndpoint.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/runtimeEndpoint.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:runtime/${RuntimeId}/runtime-endpoint/${Name}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/codeInterpreter.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/codeInterpreter.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:code-interpreter-custom/${CodeInterpreterId}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/codeInterpreter.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/codeInterpreter.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:aws:code-interpreter/${CodeInterpreterId}  |  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/browser.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/browser.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:browser-custom/${BrowserId}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/browser.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/browser.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:aws:browser/${BrowserId}  |  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/browserProfile.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/browserProfile.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:browser-profile/${BrowserProfileId}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/workloadIdentityDirectory.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/workloadIdentityDirectory.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:workload-identity-directory/${DirectoryId}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/tokenVault.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/tokenVault.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/policyEngine.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/policyEngine.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:policy-engine/${PolicyEngineId}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/policy.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/policy.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:policy-engine/${PolicyEngineId}/policy/${PolicyId}  |  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/policyGeneration.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/policyGeneration.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:policy-engine/${PolicyEngineId}/policy-generation/${PolicyGenerationId}  |  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/registry.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/registry.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:registry/${RegistryId}  |  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/registryRecord.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/registryRecord.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:registry/${RegistryId}/record/${RecordId}  |  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/harness.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/harness.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:harness/${HarnessId}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/batchEvaluation.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/batchEvaluation.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:batch-evaluate/${BatchEvaluationId}  |  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/abTest.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/abTest.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:ab-test/${ABTestId}  |  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/recommendation.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/recommendation.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:recommendation/${RecommendationId}  |  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/configurationBundle.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/configurationBundle.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:configuration-bundle/${ConfigurationBundleId}  |  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/paymentManager.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/paymentManager.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:payment-manager/${PaymentManagerId}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/paymentcredentialprovider.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/paymentcredentialprovider.html)  |  arn:${Partition}:bedrock-agentcore:${Region}:${Account}:token-vault/${TokenVaultId}/paymentcredentialprovider/${Name}  |  [#amazonbedrockagentcore-aws_ResourceTag___TagKey_](#amazonbedrockagentcore-aws_ResourceTag___TagKey_)  | 

## Condition keys for Amazon Bedrock Agentcore
<a name="amazonbedrockagentcore-policy-keys"></a>

Amazon Bedrock Agentcore defines the following condition keys that can be used in the `Condition` element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see [Condition keys table](reference_policies_actions-resources-contextkeys.html#context_keys_table).

To view the global condition keys that are available to all services, see [AWS global condition context keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html).


****  

| Condition keys | Description | Type | 
| --- | --- | --- | 
|   [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-globally-available](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-globally-available)  | Filters access by creating requests based on the allowed set of values for each of the mandatory tags | String | 
|   [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-globally-available](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-globally-available)  | Filters access by having actions based on the tag value associated with the resource | String | 
|   [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-globally-available](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-globally-available)  | Filters access by creating requests based on the presence of mandatory tags in the request | ArrayOfString | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-gatewayAuthorizerType](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-gatewayAuthorizerType)  | Filters access by the authorizerType attribute on a Gateway | String | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-aud](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-aud)  | Filters access by the audience claim (aud) in the JWT passed in the request | ArrayOfString | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-client_id](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-client_id)  | Filters access by the client\_id claim in the JWT passed in the request | String | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-iss](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-iss)  | Filters access by the issuer (iss) claim present in the JWT passed in the request | String | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-scope](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-scope)  | Filters access by the scope claim in the JWT passed in the request | ArrayOfString | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-sub](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-sub)  | Filters access by the subject claim (sub) in the JWT passed in the request | String | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-kmsKeyArn](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-kmsKeyArn)  | Filters access by KMS Key arn provided | String | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-authorizer-type-condition-key.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-authorizer-type-condition-key.html)  | Filters access by the authorizer type configured for the AgentCore runtime | String | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-actorId](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-actorId)  | Filters access by Actor Id | String | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-namespace](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-namespace)  | Filters access by namespace | String | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/security-vpc-condition.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/security-vpc-condition.html)  | Filters access by the ID of security groups configured for the AgentCore runtime | ArrayOfString | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-sessionId](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-sessionId)  | Filters access by Session Id | String | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-strategyId](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-strategyId)  | Filters access by Memory Strategy Id | String | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/security-vpc-condition.html](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/security-vpc-condition.html)  | Filters access by the ID of subnets configured for the AgentCore runtime | ArrayOfString | 
|   [https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-userid](https://docs.aws.amazon.com/bedrock-agentcore/latest/APIReference/#condition-keys-userid)  | Filters access by the static user ID value passed in the request | String |