IAM policies for Verified Permissions
Verified Permissions manages the permissions of users within your application. In order for your application to call the Verified Permissions APIs or for AWS Management Console users to be allowed to manage Cedar policies in a Verified Permissions policy store, you must add the necessary IAM permissions.
Identity-based policies are JSON permissions policy documents that you can attach to an identity, such as an IAM user, group of users, or role. These policies control what actions users and roles can perform, on which resources, and under what conditions. To learn how to create an identity-based policy, see Creating IAM policies in the IAM User Guide.
With IAM identity-based policies, you can specify allowed or denied actions and resources as well as the conditions under which actions are allowed or denied (listed below). You can't specify the principal in an identity-based policy because it applies to the user or role to which it is attached. To learn about all of the elements that you can use in a JSON policy, see IAM JSON policy elements reference in the IAM User Guide.
| Action | Description |
|---|---|
| CreateIdentitySource | Action to create a new identity source. |
| CreatePolicy |
Action to create a Cedar policy in a policy store. You can create either a static policy or a policy linked to a policy template. |
| CreatePolicyStore | Action to create a new policy store. |
| CreatePolicyTemplate | Action to create a new policy template. |
| DeleteIdentitySource | Action to delete an identity source. |
| DeletePolicy | Action to delete a policy from a policy store. |
| DeletePolicyStore | Action to delete a policy store. |
| DeletePolicyTemplate | Action to delete a policy template. |
| GetIdentitySource | Action to get an identity source. |
| GetPolicy | Action to retrieve information about a specified policy. |
| GetPolicyStore | Action to retrieve information about a specified policy store. |
| GetPolicyTemplate | Action to get a policy template. |
| GetSchema | Action to get a schema. |
| IsAuthorized | Action to get an authorization response based on the parameters described in the authorization request. |
| IsAuthorizedWithToken | Action to get an authorization response based on the parameters described in the authorization request where the principal comes from an identity token. |
| ListIdentitySources | Action to list all the identity sources in the AWS account. |
| ListPolicies | Action to list all policies in a policy store. |
| ListPolicyStores | Action to list all policy stores in the AWS account. |
| ListPolicyTemplates | Action to list all policy templates in the AWS account. |
| ListTagsForResource | Action to list all the tags for a resource. |
| PutSchema | Action to add a schema to a policy store. |
| TagResource | Action to add a tag to a resource. |
| UpdateIdentitySource | Action to update an identity source. |
| UpdatePolicy | Action to update a policy in a policy store. |
| UpdatePolicyStore | Action to update a policy store. |
| UpdatePolicyTemplate | Action to update a policy template. |
| UntagResource | Action to remove a tag from a resource. |
Example IAM policy for permission to the CreatePolicy action:
