本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# IAM Identity Center AWS 的動作、資源和條件索引鍵
AWS IAM Identity Center (服務字首:`sso`) 提供下列服務特定的資源、動作和條件內容索引鍵,可用於 IAM 許可政策。
參考資料:
+ 了解如何[設定此服務](https://docs.aws.amazon.com/singlesignon/latest/userguide/)。
+ 檢視[可供此服務使用的 API 操作](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_Operations.html)清單。
+ 了解如何[使用 IAM](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access.html) 許可政策來保護此服務及其資源。
**Topics**
+ [IAM Identity Center AWS 定義的動作](#awsiamidentitycenter-actions-as-permissions)
+ [IAM Identity Center AWS 定義的資源類型](#awsiamidentitycenter-resources-for-iam-policies)
+ [IAM Identity Center AWS 的條件索引鍵](#awsiamidentitycenter-policy-keys)
## IAM Identity Center AWS 定義的動作
您可在 IAM 政策陳述式的 `Action` 元素中指定以下動作。使用政策來授予在 AWS中執行操作的許可。在政策中使用動作時,通常會允許或拒絕存取相同名稱的 API 操作或 CLI 命令。不過,在某些情況下,單一動作可控制對多個操作的存取。或者,某些操作需要多種不同的動作。
動作資料表的**存取層級**欄說明動作的分類方式 (列出、讀取、許可管理或標記)。此分類可協助您了解在政策中使用某動作時,該動作授予您的存取層級。如需存取層級的詳細資訊,請參閱[政策摘要中的存取層級](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html)。
「動作」資料表的**資源類型**欄會指出每個動作是否支援資源層級的許可。如果此欄沒有值,您必須在政策陳述式的 `Resource` 元素中指定政策適用的所有資源 ("\*")。如果資料欄包含資源類型,則您可以在具有該動作的陳述式中指定該類型的 ARN。如果動作具有一或多個必要資源,呼叫者必須具有對這些資源使用動作的許可。表格中的必要資源會以星號 (\*) 表示。如果您使用 IAM 政策中的 `Resource` 元素限制資源存取,則每種必要的資源類型必須要有 ARN 或模式。某些動作支援多種資源類型。如果資源類型是選用 (未顯示為必要),則您可以選擇使用其中一種選用資源類型。
「動作」資料表的**條件索引鍵**欄包含您可以在政策陳述式的 `Condition` 元素中指定的索引鍵。如需有關與服務資源相關聯之條件索引鍵的詳細資訊,請參閱「資源類型」資料表的**條件索引鍵**欄。
動作資料表的**相依動作**欄會顯示成功呼叫動作所需的其他許可。除了 動作本身的許可之外,還可能需要這些許可。當動作指定相依動作時,這些相依性可能適用於針對該動作定義的其他資源,而不只是資料表中列出的第一個資源。
**注意**
資源條件索引鍵會列在[資源類型](#awsiamidentitycenter-resources-for-iam-policies)資料表中。您可以在「動作」資料表的**資源類型 (\*必填) **欄中找到適用於動作的資源類型連結。「資源類型」資料表中的資源類型包括**條件索引鍵**欄,其中包含套用至「動作」資料表中動作的資源條件索引鍵。
如需下表各欄的詳細資訊,請參閱[動作資料表](reference_policies_actions-resources-contextkeys.html#actions_table)。
****
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AddRegion.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AddRegion.html) **
- **描述:** 准許將區域新增至 IAM Identity Center 執行個體
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** identitystore:AddRegion
kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許連接 IAM Identity Center AWS 要使用的目錄
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** ds:AuthorizeApplication
identitystore:CreateIdentityStore
kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許建立目錄使用者或群組和描述檔之間的關聯
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachCustomerManagedPolicyReferenceToPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachCustomerManagedPolicyReferenceToPermissionSet.html) **
- **描述:** 准許將客戶受管政策參考連接到許可集
- **存取層級:** 許可管理
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachManagedPolicyToPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_AttachManagedPolicyToPermissionSet.html) **
- **描述:** 准許將 AWS 受管政策連接至許可集
- **存取層級:** 許可管理
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateAccountAssignment.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateAccountAssignment.html) **
- **描述:** 准許 AWS 帳戶 使用指定的許可集,將存取權指派給指定之 的委託人
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Account](#awsiamidentitycenter-Account) / **條件索引鍵:** / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplication.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplication.html) **
- **描述:** 准許建立應用程式
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-ApplicationProvider](#awsiamidentitycenter-ApplicationProvider) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-aws_RequestTag___TagKey_](#awsiamidentitycenter-aws_RequestTag___TagKey_)
[#awsiamidentitycenter-aws_TagKeys](#awsiamidentitycenter-aws_TagKeys) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplicationAssignment.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateApplicationAssignment.html) **
- **描述:** 准許建立應用程式指派
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許將應用程式執行個體新增至 AWS IAM Identity Center
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許新增應用程式執行個體的新憑證
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateInstance.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateInstance.html) **
- **描述:** 准許建立身分中心執行個體
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** / **相依動作:** iam:CreateServiceLinkedRole
identitystore:CreateIdentityStore
organizations:DescribeOrganization
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-aws_RequestTag___TagKey_](#awsiamidentitycenter-aws_RequestTag___TagKey_)
[#awsiamidentitycenter-aws_TagKeys](#awsiamidentitycenter-aws_TagKeys) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateInstanceAccessControlAttributeConfiguration.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateInstanceAccessControlAttributeConfiguration.html) **
- **描述:** 准許啟用 ABAC 的執行個體並指定屬性
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** iam:AttachRolePolicy
iam:CreateRole
iam:DeleteRole
iam:DeleteRolePolicy
iam:DetachRolePolicy
iam:GetRole
iam:ListAttachedRolePolicies
iam:ListRolePolicies
iam:PutRolePolicy
iam:UpdateAssumeRolePolicy
kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許將受管應用程式執行個體新增至 AWS IAM Identity Center
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreatePermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreatePermissionSet.html) **
- **描述:** 准許建立許可集
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-aws_RequestTag___TagKey_](#awsiamidentitycenter-aws_RequestTag___TagKey_)
[#awsiamidentitycenter-aws_TagKeys](#awsiamidentitycenter-aws_TagKeys) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許建立應用程式執行個體的描述檔
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許在目標帳戶中建立聯合信任
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateTrustedTokenIssuer.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_CreateTrustedTokenIssuer.html) **
- **描述:** 准許建立執行個體的受信任字符發行者
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-TrustedTokenIssuer](#awsiamidentitycenter-TrustedTokenIssuer) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-aws_RequestTag___TagKey_](#awsiamidentitycenter-aws_RequestTag___TagKey_)
[#awsiamidentitycenter-aws_TagKeys](#awsiamidentitycenter-aws_TagKeys) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteAccountAssignment.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteAccountAssignment.html) **
- **描述:** 准許 AWS 帳戶 使用指定的許可集,從指定的 刪除委託人的存取權
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Account](#awsiamidentitycenter-Account) / **條件索引鍵:** / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplication.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplication.html) **
- **描述:** 准許刪除應用程式
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAccessScope.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAccessScope.html) **
- **描述:** 准許刪除應用程式的存取範圍
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAssignment.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAssignment.html) **
- **描述:** 准許刪除應用程式指派
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAuthenticationMethod.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationAuthenticationMethod.html) **
- **描述:** 准許刪除應用程式的身分驗證方法
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationGrant.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteApplicationGrant.html) **
- **描述:** 准許從應用程式中刪除授予
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許刪除應用程式執行個體
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許從應用程式執行個體中刪除非作用中或過期的憑證
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInlinePolicyFromPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInlinePolicyFromPermissionSet.html) **
- **描述:** 准許從指定的許可集中刪除內嵌政策
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInstance.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInstance.html) **
- **描述:** 准許刪除身分中心執行個體
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** identitystore:DeleteIdentityStore
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInstanceAccessControlAttributeConfiguration.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteInstanceAccessControlAttributeConfiguration.html) **
- **描述:** 准許停用 ABAC 並移除執行個體的屬性清單
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許刪除受管應用程式執行個體
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeletePermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeletePermissionSet.html) **
- **描述:** 准許刪除許可集
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeletePermissionsBoundaryFromPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeletePermissionsBoundaryFromPermissionSet.html) **
- **描述:** 准許從許可集移除許可界限
- **存取層級:** 許可管理
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許刪除應用程式執行個體的描述檔
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteTrustedTokenIssuer.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DeleteTrustedTokenIssuer.html) **
- **描述:** 准許刪除執行個體的受信任字符發行者
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-TrustedTokenIssuer](#awsiamidentitycenter-TrustedTokenIssuer)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeAccountAssignmentCreationStatus.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeAccountAssignmentCreationStatus.html) **
- **描述:** 准許描述指派建立請求的狀態
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeAccountAssignmentDeletionStatus.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeAccountAssignmentDeletionStatus.html) **
- **描述:** 准許描述指派刪除請求的狀態
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplication.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplication.html) **
- **描述:** 准許取得應用程式的相關資訊
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplicationAssignment.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplicationAssignment.html) **
- **描述:** 准許擷取應用程式指派
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplicationProvider.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeApplicationProvider.html) **
- **描述:** 准許描述應用程式提供者
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-ApplicationProvider](#awsiamidentitycenter-ApplicationProvider)
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeInstance.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeInstance.html) **
- **描述:** 准許取得身分中心執行個體的相關資訊
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeInstanceAccessControlAttributeConfiguration.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeInstanceAccessControlAttributeConfiguration.html) **
- **描述:** 准許取得 ABAC 執行個體使用的屬性清單
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribePermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribePermissionSet.html) **
- **描述:** 准許描述許可集
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribePermissionSetProvisioningStatus.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribePermissionSetProvisioningStatus.html) **
- **描述:** 准許描述指定許可集佈建請求的狀態
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeRegion.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeRegion.html) **
- **描述:** 准許擷取特定 IAM Identity Center 執行個體區域的組態詳細資訊
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許取得您的組織已啟用 IAM Identity Center AWS 的區域
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeTrustedTokenIssuer.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DescribeTrustedTokenIssuer.html) **
- **描述:** 准許描述執行個體的受信任字符發行者
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-TrustedTokenIssuer](#awsiamidentitycenter-TrustedTokenIssuer)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DetachCustomerManagedPolicyReferenceFromPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DetachCustomerManagedPolicyReferenceFromPermissionSet.html) **
- **描述:** 准許將客戶受管政策參考從許可集中分離
- **存取層級:** 許可管理
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DetachManagedPolicyFromPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_DetachManagedPolicyFromPermissionSet.html) **
- **描述:** 准許從指定的許可集分離連接的 AWS 受管政策
- **存取層級:** 許可管理
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許取消關聯 IAM Identity Center AWS 要使用的目錄
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** ds:UnauthorizeApplication
identitystore:DeleteIdentityStore
kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許將目錄使用者或群組與描述檔的關聯取消
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAccessScope.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAccessScope.html) **
- **描述:** 准許取得應用程式的存取範圍
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAssignmentConfiguration.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAssignmentConfiguration.html) **
- **描述:** 准許讀取應用程式的指派組態
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAuthenticationMethod.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationAuthenticationMethod.html) **
- **描述:** 准許取得應用程式的身分驗證方法
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationGrant.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationGrant.html) **
- **描述:** 准許取得屬於應用程序授予的相關詳細資訊
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取應用程式執行個體的詳細資訊
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationSessionConfiguration.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetApplicationSessionConfiguration.html) **
- **描述:** 准許取得應用程式的工作階段組態
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取應用程式範本詳細資訊
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetInlinePolicyForPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetInlinePolicyForPermissionSet.html) **
- **描述:** 准許取得指派給許可集的內嵌政策
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取應用程式執行個體的詳細資訊
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取目錄的 MFA 裝置管理設定
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取許可集的詳細資訊
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetPermissionsBoundaryForPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_GetPermissionsBoundaryForPermissionSet.html) **
- **描述:** 准許取得許可集的許可界限
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取應用程式執行個體的描述檔
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許檢查 IAM Identity Center AWS 是否已啟用
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取目前 SSO 執行個體的共用組態
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取目前 SSO 執行個體的組態
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許在目標帳戶中擷取聯合信任
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許透過上傳服務提供者提供的應用程式 SAML 中繼資料檔案來更新應用程式執行個體
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentCreationStatus.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentCreationStatus.html) **
- **描述:** 准許列出指定 SSO 執行個體的 AWS 帳戶 指派建立請求狀態
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentDeletionStatus.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentDeletionStatus.html) **
- **描述:** 准許列出指定 SSO 執行個體的 AWS 帳戶 指派刪除請求狀態
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignments.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignments.html) **
- **描述:** 准許列出 AWS 帳戶 具有指定許可集之指定 的受指派者
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Account](#awsiamidentitycenter-Account) / **條件索引鍵:** / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentsForPrincipal.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountAssignmentsForPrincipal.html) **
- **描述:** 准許列出指派給使用者或群組的帳戶
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountsForProvisionedPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListAccountsForProvisionedPermissionSet.html) **
- **描述:** 准許列出佈建指定許可集的所有 AWS 帳戶
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAccessScopes.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAccessScopes.html) **
- **描述:** 准許列出應用程式的存取範圍
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAssignments.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAssignments.html) **
- **描述:** 准許列出應用程式指派
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAssignmentsForPrincipal.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAssignmentsForPrincipal.html) **
- **描述:** 准許列出指派給使用者或群組的應用程式
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAuthenticationMethods.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationAuthenticationMethods.html) **
- **描述:** 准許列出應用程式的身分驗證方法
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationGrants.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationGrants.html) **
- **描述:** 准許列出來自應用程式的授予
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取特定應用程式執行個體的所有憑證
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取所有應用程式執行個體
- **存取層級:** 清單
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
sso:GetApplicationInstance
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationProviders.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplicationProviders.html) **
- **描述:** 准許列出應用程式提供者
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-ApplicationProvider](#awsiamidentitycenter-ApplicationProvider)
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取所有支援的應用程式範本
- **存取層級:** 清單
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** sso:GetApplicationTemplate
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplications.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListApplications.html) **
- **描述:** 授予許可擷取與 IAM 身分中心的執行個體相關聯的所有應用程式
- **存取層級:** 清單
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListCustomerManagedPolicyReferencesInPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListCustomerManagedPolicyReferencesInPermissionSet.html) **
- **描述:** 准許列出連接至指定許可集的客戶受管政策參考
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取連線至 IAM Identity Center AWS 之目錄的詳細資訊
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html) **
- **描述:** 准許列出發起人可以存取的 SSO 執行個體
- **存取層級:** 清單
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListManagedPoliciesInPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListManagedPoliciesInPermissionSet.html) **
- **描述:** 准許列出連接到指定許可集的 AWS 受管政策
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSetProvisioningStatus.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSetProvisioningStatus.html) **
- **描述:** 准許列出指定 SSO 執行個體的許可集佈建請求的狀態
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSets.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSets.html) **
- **描述:** 准許擷取所有許可集
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSetsProvisionedToAccount.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListPermissionSetsProvisionedToAccount.html) **
- **描述:** 准許列出佈建至指定 的所有許可集 AWS 帳戶
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Account](#awsiamidentitycenter-Account) / **條件索引鍵:** / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取與描述檔相關聯的目錄使用者或群組
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許擷取應用程式執行個體的所有描述檔
- **存取層級:** 清單
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
sso:GetProfile
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListRegions.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListRegions.html) **
- **描述:** 准許列出為 IAM Identity Center 執行個體設定的所有區域
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListTagsForResource.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListTagsForResource.html) **
- **描述:** 准許列出連接到指定資源的標籤
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-TrustedTokenIssuer](#awsiamidentitycenter-TrustedTokenIssuer) / **條件索引鍵:** / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListTrustedTokenIssuers.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListTrustedTokenIssuers.html) **
- **描述:** 准許列出執行個體的受信任字符發行者
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ProvisionPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ProvisionPermissionSet.html) **
- **描述:** 准許將指定許可集佈建到指定的目標
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Account](#awsiamidentitycenter-Account) / **條件索引鍵:** / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAccessScope.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAccessScope.html) **
- **描述:** 准許建立/更新應用程式的存取範圍
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAssignmentConfiguration.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAssignmentConfiguration.html) **
- **描述:** 准許將指派組態新增至應用程式
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAuthenticationMethod.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAuthenticationMethod.html) **
- **描述:** 准許建立/更新應用程式的身分驗證方法
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationGrant.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationGrant.html) **
- **描述:** 准許建立/更新應用程式的授予
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationSessionConfiguration.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationSessionConfiguration.html) **
- **描述:** 准許放置應用程式的工作階段組態
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutInlinePolicyToPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutInlinePolicyToPermissionSet.html) **
- **描述:** 准許將 IAM 內嵌政策連接到許可集
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許針對目錄放置 MFA 裝置管理設定
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutPermissionsBoundaryToPermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutPermissionsBoundaryToPermissionSet.html) **
- **描述:** 准許將許可界限新增至許可集
- **存取層級:** 許可管理
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許與將政策新增至許可集
- **存取層級:** 許可管理
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_RemoveRegion.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_RemoveRegion.html) **
- **描述:** 准許從 IAM Identity Center 執行個體中移除區域
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** identitystore:RemoveRegion
kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許搜尋關聯目錄中的群組
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** ds:DescribeDirectories
kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許搜尋關聯目錄中的使用者
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** ds:DescribeDirectories
kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許初始化 AWS IAM Identity Center
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
kms:DescribeKey
kms:Encrypt
kms:GenerateDataKeyWithoutPlaintext
organizations:DescribeOrganization
organizations:EnableAWSServiceAccess
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_TagResource.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_TagResource.html) **
- **描述:** 准許將一組標籤與指定資源建立關聯
- **存取層級:** 標記
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-TrustedTokenIssuer](#awsiamidentitycenter-TrustedTokenIssuer) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-aws_RequestTag___TagKey_](#awsiamidentitycenter-aws_RequestTag___TagKey_)
[#awsiamidentitycenter-aws_TagKeys](#awsiamidentitycenter-aws_TagKeys) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UntagResource.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UntagResource.html) **
- **描述:** 准許將一組標籤與指定資源取消關聯
- **存取層級:** 標記
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-TrustedTokenIssuer](#awsiamidentitycenter-TrustedTokenIssuer) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-aws_TagKeys](#awsiamidentitycenter-aws_TagKeys) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateApplication.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateApplication.html) **
- **描述:** 准許更新應用程式
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Application](#awsiamidentitycenter-Application) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許將憑證設定為此應用程式執行個體的作用中憑證
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許更新應用程式執行個體的顯示資料
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許更新應用程式執行個體的聯合回應組態
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許更新應用程式執行個體的聯合回應結構描述組態
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許更新應用程式執行個體的安全性詳細資訊
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許更新應用程式執行個體的服務供應商相關組態
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許更新應用程式執行個體的狀態
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateInstance.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateInstance.html) **
- **描述:** 准許更新身分中心執行個體
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** identitystore:UpdateIdentityStore
kms:Decrypt
kms:DescribeKey
kms:Encrypt
kms:GenerateDataKeyWithoutPlaintext
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateInstanceAccessControlAttributeConfiguration.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateInstanceAccessControlAttributeConfiguration.html) **
- **描述:** 准許更新與 ABAC 執行個體搭配使用的屬性
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許更新受管應用程式執行個體的狀態
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdatePermissionSet.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdatePermissionSet.html) **
- **描述:** 准許更新許可集
- **存取層級:** 許可管理
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-Instance](#awsiamidentitycenter-Instance) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:** kms:Decrypt
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-PermissionSet](#awsiamidentitycenter-PermissionSet) / **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) / **相依動作:**
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許更新應用程式執行個體的描述檔
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許更新目前 SSO 執行個體的組態
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample](https://docs.aws.amazon.com/singlesignon/latest/userguide/iam-auth-access-using-id-policies.html#policyexample) **
- **描述:** 准許在目標帳戶中更新聯合信任
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:** kms:Decrypt
- ** [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateTrustedTokenIssuer.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_UpdateTrustedTokenIssuer.html) **
- **描述:** 准許更新執行個體的受信任字符發行者
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awsiamidentitycenter-TrustedTokenIssuer](#awsiamidentitycenter-TrustedTokenIssuer)
- **條件索引鍵:** [#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion)
- **相依動作:** kms:Decrypt
## IAM Identity Center AWS 定義的資源類型
此服務會定義下列資源類型,並可用在 IAM 許可政策陳述式的 `Resource` 元素中。[動作表格](#awsiamidentitycenter-actions-as-permissions)中的每個動作都代表可使用該動作指定的資源類型。資源類型也能定義您可以在政策中包含哪些條件索引鍵。這些索引鍵都會顯示在「資源類型」資料表的最後一欄。如需下表各欄的詳細資訊,請參閱[資源類型資料表](reference_policies_actions-resources-contextkeys.html#resources_table)。
****
| 資源類型 | ARN | 條件索引鍵 |
| --- | --- | --- |
| [https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetsconcept.html](https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetsconcept.html) | arn:${Partition}:sso:::permissionSet/${InstanceId}/${PermissionSetId} | [#awsiamidentitycenter-aws_ResourceTag___TagKey_](#awsiamidentitycenter-aws_ResourceTag___TagKey_)
[#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) |
| [https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html) | arn:${Partition}:sso:::account/${AccountId} | |
| [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_InstanceMetadata.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_InstanceMetadata.html) | arn:${Partition}:sso:::instance/${InstanceId} | [#awsiamidentitycenter-aws_ResourceTag___TagKey_](#awsiamidentitycenter-aws_ResourceTag___TagKey_)
[#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) |
| [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_Application.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_Application.html) | arn:${Partition}:sso::${AccountId}:application/${InstanceId}/${ApplicationId} | [#awsiamidentitycenter-aws_ResourceTag___TagKey_](#awsiamidentitycenter-aws_ResourceTag___TagKey_)
[#awsiamidentitycenter-sso_ApplicationAccount](#awsiamidentitycenter-sso_ApplicationAccount)
[#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) |
| [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_TrustedTokenIssuerMetadata.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_TrustedTokenIssuerMetadata.html) | arn:${Partition}:sso::${AccountId}:trustedTokenIssuer/${InstanceId}/${TrustedTokenIssuerId} | [#awsiamidentitycenter-aws_ResourceTag___TagKey_](#awsiamidentitycenter-aws_ResourceTag___TagKey_)
[#awsiamidentitycenter-sso_PrimaryRegion](#awsiamidentitycenter-sso_PrimaryRegion) |
| [https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ApplicationProvider.html](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ApplicationProvider.html) | arn:${Partition}:sso::aws:applicationProvider/${ApplicationProviderId} | |
## IAM Identity Center AWS 的條件索引鍵
AWS IAM Identity Center 定義下列條件索引鍵,可用於 IAM 政策的 `Condition`元素。您可以使用這些索引鍵來縮小套用政策陳述式的條件。如需下表各欄的詳細資訊,請參閱[條件索引鍵表](reference_policies_actions-resources-contextkeys.html#context_keys_table)。
若要檢視所有 服務可用的全域條件索引鍵,請參閱[AWS 全域條件內容索引鍵](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html)。
****
| 條件索引鍵 | 描述 | 類型 |
| --- | --- | --- |
| [https://docs.aws.amazon.com/singlesignon/latest/userguide/tagging.html](https://docs.aws.amazon.com/singlesignon/latest/userguide/tagging.html) | 依要求中傳遞的標籤來篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/singlesignon/latest/userguide/tagging.html](https://docs.aws.amazon.com/singlesignon/latest/userguide/tagging.html) | 依與資源關聯的標籤來篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/singlesignon/latest/userguide/tagging.html](https://docs.aws.amazon.com/singlesignon/latest/userguide/tagging.html) | 依要求中傳遞的標籤索引鍵來篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/singlesignon/latest/userguide/API_Application.html](https://docs.aws.amazon.com/singlesignon/latest/userguide/API_Application.html) | 依 IAM Identity Center 應用程式的 ARN 篩選存取權 | ARN |
| [https://docs.aws.amazon.com/singlesignon/latest/userguide/API_InstanceMetadata.html](https://docs.aws.amazon.com/singlesignon/latest/userguide/API_InstanceMetadata.html) | 依 IAM Identity Center 執行個體的 ARN 篩選存取權 | ARN |
| [https://docs.aws.amazon.com/singlesignon/latest/userguide/API_Application.html](https://docs.aws.amazon.com/singlesignon/latest/userguide/API_Application.html) | 依建立應用程式的 帳戶篩選存取權。客戶受管 SAML 應用程式不支援此條件金鑰 | String |
| [https://docs.aws.amazon.com/singlesignon/latest/userguide/API_InstanceMetadata.html](https://docs.aws.amazon.com/singlesignon/latest/userguide/API_InstanceMetadata.html) | 依 IAM Identity Center 執行個體的主要區域篩選存取權 | String |