activities
latest
false
- Overview
- Active Directory
- Release Notes
- About the Active Directory activity package
- Project Compatibility
- Active Directory Scope
- Get Object Distinguished Name
- Get Object Properties
- Get Objects by Filter
- Get Objects by LDAP Filter
- Is Object Member of Group
- Move Object
- Rename Object
- Update Object Properties
- Add Computer To Group
- Computer Exists
- Create Computer
- Delete Computer
- Get Computer Status
- Get Computers in Group
- Join Computer to Domain
- Remove Computer From Group
- Set Computer Status
- Unjoin Computer From Domain
- Add Group To Group
- Create Group
- Delete Group
- Group Exists
- Remove Group From Group
- Add User To Group
- Change User Password
- Create User
- Delete User
- Force Password Change
- Get Password Expiration Date
- Get User Expiration Date
- Get User Groups
- Get User Status
- Get Users in Group
- Remove User From Group
- Set User Expiration Date
- Set User Status
- User Exists
- Validate User Credentials
- Create Organizational Unit
- Delete Organizational Unit
- Active Directory APIs
- Active Directory how-to guides
- Amazon Web Services
- Release Notes
- About the Amazon Web Services activity package
- Project Compatibility
- Permissions List
- Amazon Web Services Scope
- Configure Robot
- Create Instance
- Create Instance From Launch Template
- Get Instance by ID
- Get Instance List
- Reboot Instance
- Start Instance
- Stop Instance
- Terminate Instance
- Attach Volume To Instance
- Create Instance Snapshots
- Create Volume
- Create Volume Snapshot
- Delete Snapshot
- Delete Volume
- Detach Volume From Instance
- Get Instance Volumes
- Get Snapshot
- Get Volume
- Get Volume List
- Add User To Group
- Create Group
- Delete Group
- For Each Group
- Get Group
- Remove User From Group
- Update Group
- Add/Remove Inline Policy
- Attach/Detach Managed Policy
- Create Managed Policy
- Delete Managed Policy
- For Each Managed Policy
- Get IAM Identities Attached to a Managed Policy
- Get IAM Identity Inline Policies
- Get IAM Identity Managed Polices
- Get Managed Policy
- Update Managed Policy
- Add Role to Instance Profile
- Create Role
- Delete Role
- For Each Role
- Get Role
- Remove Role From Instance Profile
- Update Role
- Change User Password
- Create User
- Delete User
- For Each User
- For Each User Group
- For Each User in Group
- Get User
- Update User
- Configure Logging for Bucket
- Configure Public Access to Bucket
- Create Bucket
- Delete Bucket
- Delete Bucket Policy
- Empty Bucket
- Get Bucket
- Get Bucket List
- Get Bucket Policy
- Set Bucket Policy
- Update Bucket Properties
- Copy Object
- Delete Multiple Objects
- Delete Single Object
- Download Object to File
- For Each Object in Bucket
- Get Object
- Get Object ACL
- Set Object ACL
- Upload Object From File
- Upload Objects From Folder
- Run Power Shell Command
- Amazon Web Services APIs
- Amazon Web Services how-to guides
- Amazon WorkSpaces
- Azure
- Release Notes
- About the Azure activity package
- Project Compatibility
- Append to Blob
- Attach VM Data Disk
- Azure Scope
- Configure Robot
- Copy Blob
- Create Blob Container
- Create IP Configuration
- Create Network Interface
- Create NSG
- Create Resource Group
- Create Security Rule
- Create Storage Account
- Create Tables
- Create VM
- Delete Blob
- Delete Blob Container
- Delete IP Configuration
- Delete Network Interface
- Delete NSG
- Delete Resource Group
- Delete Rows
- Delete Secret
- Delete Security Rule
- Delete Storage Account
- Delete Table
- Delete VM
- Detach VM Data Disk
- Download Blob To File
- For Each Blob Container
- For Each Blob in Container
- For Each Network Interface
- For Each NSG
- For Each Row In Table
- For Each Security Alert
- Get Blob
- Get Blob Container
- Get Blob Containers List
- Get Blob List
- Get Disk
- Get Disk List
- Get RDP Files
- Get Resource Group
- Get Resource Group List
- Get Row
- Get Rows By Filter
- Get Secrets
- Get Storage Account
- Get Storage Account Key
- Get Storage Account List
- Get Network Interface
- Get NSG
- Get NSG Network Interface List
- Get Security Alert
- Get Security Rule
- Get Security Rule List
- Get Table
- Get Table List
- Get VM
- Get VM Custom Image
- Get VM Custom Image List
- Get VM Disk List
- Get VM Image By Publisher
- Get VM List
- Get VM NSG List
- Get VM Network Interface List
- Insert Rows
- Regenerate Storage Account Key
- Restart VM
- Run Script In VM
- Set Blob Tier
- Set Security Alert State
- Shutdown VM
- Start VM
- Stop VM
- Upload Blob From File
- Azure APIs
- Azure how-to guides
- Azure Active Directory
- Release Notes
- About the Azure Active Directory activities
- Project Compatibility
- List All Groups in Group
- List All Records
- Lists Lifecycle Policy
- List Users
- List Groups
- GetGroupMembersDelta
- Get User Roles
- List All Groups Of A User
- List Users in Role
- List Users in Group
- List Owners of a Group
- List Directory Roles
- List Direct Reports
- User Added to the Group
- User Removed from the Group
- Add Group to Lifecycle Policy
- Add Member To Group
- Add Member To Role
- Add Owner To Group
- Assign License
- Azure AD Application Scope
- Azure AD Delegated Scope
- Create Assigned Group
- Create Lifecycle Policy
- Create User
- Delete Group
- Delete Lifecycle Policy
- Delete User
- For Each Direct Report
- For Each Group
- For Each Group in Group
- For Each Lifecycle Policy
- For Each Parent Group
- For Each Role
- For Each User
- For Each User Group
- For Each User In Group
- For Each User in Group Owners
- For Each User in Role
- For Each User Role
- Get Group By Id
- Get Group by Name
- Get Manager
- Get User
- Group Exists
- Is Group in Lifecycle Policy
- Is Member In Role
- Is Member of Group
- Is Owner Of Group
- Remove Group From Lifecycle Policy
- Remove License
- Remove Member From Group
- Remove Member From Role
- Remove Owner From Group
- Reset Password
- Set Manager
- Update Group
- Update Lifecycle Policy
- Update User
- User Exists
- Azure Active Directory APIs
- Azure Active Directory how-to guides
- Azure Windows Virtual Desktop
- Release Notes
- About the Azure Windows Virtual Desktop activity package
- Project Compatibility
- Windows Virtual Desktop Scope
- Create Host Pool
- Add Virtual Machine to Host Pool
- Update Host Pool
- Get Host Pool
- Delete Host Pool
- For Each Host Pool
- Get Session Host
- For Each Session Host
- Update Session Host
- Delete Session Host
- For Each User Session
- Disconnect User Session
- Delete User Session
- Send Message to User Session
- Get Application Group
- For Each Application Group
- Assign Users and Groups to Application Group
- Remove Users and Groups From Application Group
- Create Workspace
- Update Workspace
- Get Workspace
- For Each Workspace
- Delete Workspace
- Azure Windows Virtual Desktop APIs
- Citrix
- Release Notes
- About the Citrix activity package
- Project Compatibility
- Citrix Scope
- Get Server List
- Get Storage Repositories
- Add Tag to VM
- Add VM to Folder
- Remove Tag From VM
- Remove VM From Folder
- Delete All VM Snapshots
- Delete VM Snapshot
- Get VM Snapshot List
- Revert VM to Snapshot
- Take VM Snapshot
- Create VM From Template
- Delete VM
- Get Template List
- Get VM by UUID
- Get VM List
- Power Off VM
- Power On VM
- Rename VM
- Restart VM
- Resume VM
- Suspend VM
- Citrix APIs
- Citrix activities how-to guides
- Desktop triggers
- Exchange Server
- Google Cloud
- Release Notes
- About the Google Cloud activity package
- Project Compatibility
- Google Cloud Scope
- Create Bucket
- Update Bucket Properties
- Get Bucket
- For Each Bucket
- Delete Bucket
- Get Object
- Delete Object
- Copy Object
- Upload Object From File
- Download Object to File
- For Each Object in Bucket
- Create Instance
- Create Instance From Template
- Get Instance
- For Each Instance
- Start Instance
- Stop Instance
- Reset Instance
- Delete Instance
- Configure Robot
- Run Script on Instance
- Get Project
- For Each Project
- Create Role
- Delete Role
- For Each Grantable Role
- For Each Role
- Get Role
- Undelete Role
- Update Role
- Get IAM Policy
- Set IAM Policy
- Get Secret Data
- Google Cloud APIs
- Google Cloud how-to guides
- Hyper V
- NetIQ eDirectory
- Release Notes
- About the NetIQ eDirectory activity package
- Project Compatibility
- NetIQ EDirectory Scope
- Add Object To Group
- Delete Object
- Get Object Distinguished Name
- Get Object Properties
- Get Objects by Filter
- Get Objects by LDAP Filter
- Is Object Member of Group
- Move Object
- Remove Object From Group
- Rename Object
- Update Object Properties
- Add Computer To Group
- Computer Exists
- Delete Computer
- Create Computer
- Get Computer Status
- Remove Computer From Group
- Set Computer Status
- Add Group To Group
- Create Group
- Delete Group
- Get Computers in Group
- Get Users in Group
- Group Exists
- Remove Group From Group
- Create Organizational Unit
- Delete Organizational Unit
- Add User To Group
- Change User Password
- Create User
- Delete User
- Force Password Change
- Get Password Expiration Date
- Get User Expiration Date
- Get User Groups
- Get User Status
- Remove User From Group
- Set User Expiration Date
- Set User Status
- User Exists
- Validate User Credentials
- NetIQ eDirectory APIs
- System Center
- VMWare
- Release Notes
- About the VMware activity package
- Project Compatibility
- VMware Scope
- Get Datastore
- Get Datastore List
- Get Host
- Get Host List
- Delete All VM Snapshots
- Delete VM Snapshot
- Get VM Snapshot List
- Revert VM to Snapshot
- Take VM Snapshot
- Configure Robot
- Create VM From Template
- Convert Template to VM
- Convert VM to Template
- Customize VM
- Delete VM
- Get VM
- Get VM List
- Power Off VM
- Suspend VM
- Run Program in VM
- Restart VM
- Rename VM
- Power On VM
- Move VM To Folder
- Migrate VM
- Get Template List
- Export OVF Template
- Deploy OVF Template
- Assign Tag to VM
- Remove Tag From VM
- Assign Tag to Folder
- Remove Tag From Folder
- Create Folder
- Get Folder
- Rename Folder
- Move Folder
- Delete Folder
- Mount Tools Installer
- Unmount Tools Installer
- Upgrade Tools
- VMWare activities how-to guides
IT Automation activities
Last updated May 18, 2026
The following table includes a list of all Amazon Web Services activities, their available operations and associated permissions.
EC2 Activities
| Activity | Operations | Permissions |
|---|---|---|
| AWSConfigureRobot | GetDocumentAsync CreateDocumentAsync CreateAssociationAsync SendCommandAsync DeleteDocumentAsync | ssm:GetDocument ssm:CreateDocument ssm:CreateAssociation ssm:SendCommand ssm:DeleteDocument ssm:ListAssociations |
| AWSCreateInstance | RunInstancesAsync CreateTagsAsync DescribeInstancesAsync DescribeInstanceAttributeAsync DescribeImagesAsync | ec2:RunInstances ec2:CreateTags ec2:DescribeInstances ec2:DescribeInstanceAttribute ec2:DescribeImages |
| AWSCreateInstanceFromTemplate | RunInstancesAsync CreateTagsAsync DescribeInstancesAsync DescribeInstanceAttributeAsync DescribeImagesAsync | ec2:RunInstances ec2:CreateTags ec2:DescribeInstances ec2:DescribeInstanceAttribute ec2:DescribeImages |
| AWSGetInstance | DescribeInstancesAsync DescribeInstanceAttributeAsync DescribeImagesAsync | ec2:DescribeInstances ec2:DescribeInstanceAttribute ec2:DescribeImages |
| AWSGetInstanceList | DescribeInstancesAsync DescribeInstanceAttributeAsync DescribeImagesAsync | ec2:DescribeInstances ec2:DescribeInstanceAttribute ec2:DescribeImages |
| AWSRebootInstance | RebootInstancesAsync DescribeInstancesAsync DescribeInstanceAttributeAsync DescribeImagesAsync | ec2:RebootInstances ec2:DescribeInstances ec2:DescribeInstanceAttribute ec2:DescribeImages |
| AWSRunPowerShellCommand | GetDocumentAsync CreateDocumentAsync CreateAssociationAsync SendCommandAsync DeleteDocumentAsync DescribeInstancesAsync DescribeInstanceAttributeAsync DescribeImagesAsync | ssm:GetDocument ssm:CreateDocument ssm:CreateAssociation ssm:SendCommand ssm:DeleteDocument ec2:DescribeInstances ec2:DescribeInstanceAttribute ec2:DescribeImages ssm:ListAssociations |
| AWSStartInstance | StartInstancesAsync DescribeInstancesAsync DescribeInstanceAttributeAsync DescribeImagesAsync | ec2:StartInstances ec2:DescribeInstances ec2:DescribeInstanceAttribute ec2:DescribeImages |
| AWSStopInstance | StopInstancesAsync DescribeInstancesAsync DescribeInstanceAttributeAsync DescribeImagesAsync | ec2:StopInstances ec2:DescribeInstances ec2:DescribeInstanceAttribute ec2:DescribeImages |
| AWSTerminateInstance | TerminateInstancesAsync DescribeInstancesAsync DescribeInstanceAttributeAsync DescribeImagesAsync | ec2:TerminateInstances ec2:DescribeInstances ec2:DescribeInstanceAttribute ec2:DescribeImages |
S3 Buckets Activities
| Activity | Operations | Permissions |
|---|---|---|
| AWSConfigureLoggingBucket | GetACLAsync PutACLAsync PutBucketLoggingAsync | s3:GetBucketAcl s3:PutBucketAcl s3:PutBucketLogging |
| AWSConfigurePublicAccessBucket | PutPublicAccessBlockAsync | s3:PutBucketPublicAccessBlock |
| AWSCreateBucket | DoesS3BucketExistV2Async PutBucketAsync PutBucketVersioningAsync DeleteBucketEncryptionAsync PutBucketEncryptionAsync PutBucketTaggingAsync PutPublicAccessBlockAsync ListBucketsAsync GetBucketLocationAsync GetBucketTaggingAsync GetBucketVersioningAsync GetACLAsync GetBucketLoggingAsync GetObjectLockConfigurationAsync GetPublicAccessBlockAsync GetBucketEncryptionAsync DeleteS3BucketWithObjectsAsync | s3:GetBucketAcl s3:CreateBucket s3:PutBucketObjectLockConfiguration s3:PutBucketVersioning s3:PutEncryptionConfiguration s3:PutEncryptionConfiguration s3:PutBucketTagging s3:PutBucketPublicAccessBlock s3:ListBucket s3:GetBucketLocation s3:GetBucketTagging s3:GetBucketVersioning s3:GetBucketAcl s3:GetBucketLogging s3:GetBucketObjectLockConfiguration s3:GetBucketPublicAccessBlock s3:GetEncryptionConfiguration s3:DeleteBucket s3:DeleteObject |
| AWSDeleteBucket | GetBucketVersioningAsync ListVersionsAsync ListObjectsV2Async DeleteObjectsAsync DeleteBucketAsync | s3:GetBucketVersioning s3:ListBucketVersions s3:ListBucket s3:DeleteObjectVersion s3:DeleteBucket s3:ListAllMyBuckets |
| AWSDeleteBucketPolicy | DeleteBucketPolicyAsync | s3:DeleteBucketPolicy |
| AWSEmptyBucket | GetBucketVersioningAsync ListVersionsAsync ListObjectsV2Async DeleteObjectsAsync | s3:GetBucketVersioning s3:ListBucketVersions s3:ListBucket s3:DeleteObjectVersion |
| AWSGetBucket | DoesS3BucketExistV2Async ListBucketsAsync GetBucketLocationAsync GetBucketTaggingAsync GetACLAsync GetBucketVersioningAsync GetBucketLoggingAsync GetObjectLockConfigurationAsync GetPublicAccessBlockAsync GetBucketEncryptionAsync | s3:GetBucketAcl (optional) s3:ListBucket s3:GetBucketLocation s3:GetBucketTagging s3:GetBucketAcl s3:GetBucketVersioning s3:GetBucketLogging s3:GetBucketObjectLockConfiguration s3:GetBucketPublicAccessBlock s3:GetEncryptionConfiguration |
| AWSGetBucketList | ListBucketsAsync GetBucketLocationAsync GetBucketTaggingAsync DoesS3BucketExistV2Async | s3:ListBucket s3:GetBucketLocation s3:GetBucketTagging s3:GetBucketAcl |
| AWSGetBucketPolicy | GetBucketPolicyAsync | s3:GetBucketPolicy |
| AWSSetBucketPolicy | PutBucketPolicyAsync | s3:PutBucketPolicy |
| AWSUpdateBucket | DoesS3BucketExistV2Async PutBucketVersioningAsync DeleteBucketEncryptionAsync PutBucketEncryptionAsync PutBucketTaggingAsync PutPublicAccessBlockAsync | s3:GetBucketAcl s3:PutBucketVersioning s3:PutEncryptionConfiguration s3:PutEncryptionConfiguration s3:PutBucketTagging s3:PutBucketPublicAccessBlock |
S3 Objects Activities
| Activity | Operations | Permissions |
|---|---|---|
| AWSCopyObject | GetBucketLocationAsync CopyObjectAsync | s3:GetBucketLocation s3:GetObject s3:PutObject |
| AWSDeleteMultipleObjects | DeleteObjectsAsync | s3:DeleteObjectVersion s3:GetObject |
| AWSDeleteSingleObject | DeleteObjectsAsync | s3:DeleteObjectVersion s3:GetObject |
| AWSDownloadSingleObject | GetObjectAsync | s3:GetObject |
| AWSForEachObject | ListObjectsV2Async GetObjectMetadataAsync GetBucketLocationAsync GetObjectTaggingAsync ListVersionsAsync | s3:ListBucket s3:GetObject s3:ListBucketVersions s3:GetBucketLocation s3:GetObjectTagging s3:ListBucketVersions |
| AWSGetObject | GetObjectMetadataAsync GetBucketLocationAsync GetObjectTaggingAsync ListVersionsAsync | s3:ListBucketVersions s3:GetBucketLocation s3:GetObjectTagging s3:GetObjectVersionTagging1 s3:ListBucketVersions s3:GetObject |
| AWSGetObjectACL | GetACLAsync | s3:GetObjectAcl s3:GetObject |
| AWSSetObjectACL | GetACLAsync PutACLAsync | s3:GetObjectAcl s3:PutObjectAcl s3:GetObject |
| AWSUploadMultipleObjects | UploadDirectoryAsync | s3:PutObject s3:ListBucketMultipartUploads s3:ListMultipartUploadParts s3:AbortMultipartUpload s3:GetObject |
| AWSUploadSingleObject | UploadAsync GetObjectMetadataAsync GetBucketLocationAsync GetObjectTaggingAsync ListVersionsAsync GetACLAsync PutACLAsync | s3:GetObject s3:PutObject s3:PutObjectTagging s3:PutObjectVersionTagging s3:ListBucketVersions s3:GetBucketLocation s3:GetEncryptionConfiguration s3:GetObjectTagging s3:GetObjectVersionTagging s3:GetObjectAcl s3:PutObjectAcl s3:ListBucketMultipartUploads s3:ListMultipartUploadParts s3:AbortMultipartUpload |
1 Required only if IncludeVersionsInfo is set to True.
IAM Group Activities
| Activity | Operations | Permissions |
|---|---|---|
| AWSAddUserToGroup | AddUserToGroupAsync | iam:AddUserToGroup |
| AWSCreateGroup | CreateGroupAsync | iam:CreateGroup |
| AWSDeleteGroup | DeleteGroupAsync GetGroupAsync RemoveUserFromGroupAsync ListGroupPoliciesAsync DeleteGroupPolicyAsync ListAttachedGroupPoliciesAsync DetachGroupPolicyAsync | iam:DeleteGroup iam:GetGroup iam:RemoveUserFromGroup iam:ListGroupPolicies iam:DeleteGroupPolicy iam:ListAttachedGroupPolicies iam:DetachGroupPolicy |
| AWSForEachGroup | ListGroupsAsync | iam:ListGroups |
| AWSGetGroup | GetGroupAsync | iam:GetGroup |
| AWSRemoveUserFromGroup | RemoveUserFromGroupAsync | iam:RemoveUserFromGroup |
| AWSUpdateGroup | UpdateGroupAsync GetGroupAsync | iam:UpdateGroup iam:GetGroup |
IAM Policy Activities
| Activity | Operations | Permissions |
|---|---|---|
| AWSAddRemoveInlinePolicy | PutGroupPolicyAsync DeleteGroupPolicyAsync PutRolePolicyAsync DeleteRolePolicyAsync PutUserPolicyAsync DeleteUserPolicyAsync | iam:PutGroupPolicy iam:DeleteGroupPolicy iam:PutRolePolicy iam:DeleteRolePolicy iam:PutUserPolicy iam:DeleteUserPolicy |
| AWSAttachDetachManagedPolicy | AttachGroupPolicyAsync DetachGroupPolicyAsync AttachRolePolicyAsync DetachRolePolicyAsync AttachUserPolicyAsync DetachUserPolicyAsync | iam:AttachGroupPolicy iam:DetachGroupPolicy iam:AttachRolePolicy iam:DetachRolePolicy iam:AttachUserPolicy iam:DetachUserPolicy |
| AWSCreateManagedPolicy | CreatePolicyAsync GetPolicyAsync ListPolicyVersionsAsync GetPolicyVersionAsync | iam:CreatePolicy iam:GetPolicy iam:ListPolicyVersions iam:GetPolicyVersion |
| AWSDeleteManagedPolicy | ListEntitiesForPolicyAsync DetachGroupPolicyAsync DetachRolePolicyAsync DetachUserPolicyAsync ListPolicyVersionsAsync GetPolicyVersionAsync DeletePolicyVersionAsync DeletePolicyAsync | iam:ListEntitiesForPolicy iam:DetachGroupPolicy iam:DetachRolePolicy iam:DetachUserPolicy iam:ListPolicyVersions iam:GetPolicyVersion iam:DeletePolicyVersion iam:DeletePolicy |
| AWSForEachManagedPolicy | ListPoliciesAsync ListPolicyTagsAsync ListPolicyVersionsAsync GetPolicyVersionAsync | iam:ListPolicies iam:ListPolicyTags iam: ListPolicyVersions iam;GetPolicyVersion |
| AWSGetIAMIdentityInlinePolicies | ListGroupPoliciesAsync GetGroupPolicyAsync ListRolePoliciesAsync GetRolePolicyAsync ListUserPoliciesAsync GetUserPolicyAsync | iam:ListGroupPolicies iam:GetGroupPolicy iam:ListRolePolicies iam:GetRolePolicy iam:ListUserPolicies iam:GetUSerPolicy |
| AWSGetIAMIdentityManagedPolicies | ListAttachedGroupPoliciesAsync ListAttachedRolePoliciesAsync ListAttachedUserPoliciesAsync | iam:ListAttachedGroupPolicies iam:ListAttachedRolePolicies iam:ListAttachedUserPolicies |
| AWSGetIdentitiesAttachedToPolicy | ListEntitiesForPolicyAsync | iam:ListEntitiesForPolicy |
| AWSGetManagedPolicy | GetPolicyAsync ListPolicyVersionsAsync GetPolicyVersionAsync | iam:GetPolicy iam:ListPolicyVersions iam:GetPolicyVersion |
| AWSUpdateManagedPolicy | UntagPolicyAsync TagPolicyAsync CreatePolicyVersionAsync SetDefaultPolicyVersionAsync DeletePolicyVersionAsync GetPolicyAsync ListPolicyVersionsAsync GetPolicyVersionAsync | iam:UntagPolicy iam:TagPolicy iam:CreatePolicyVersion iam:SetDefaultPolicyVersion iam:DeletePolicyVersion iam:GetPolicy iam:ListPolicyVersions iam:GetPolicyVersion |
IAM Role Activities
| Activity | Operations | Permissions |
|---|---|---|
| AWSAddRoleToInstanceProfile | AddRoleToInstanceProfileAsync GetInstanceProfileAsync RemoveRoleFromInstanceProfileAsync | iam:AddRoleToInstanceProfile iam:GetInstanceProfile iam:RemoveRoleFromInstanceProfile |
| AWSRemoveRoleFromInstanceProfile | RemoveRoleFromInstanceProfileAsync | iam:RemoveRoleFromInstanceProfile |
| AWSCreateRole | CreateRoleAsync GetRoleAsync | iam:CreateRole iam:GetRole |
| AWSDeleteRole | DeleteRoleAsync ListInstanceProfilesForRoleAsync RemoveRoleFromInstanceProfileAsync ListRolePoliciesAsync DeleteRolePolicyAsync ListAttachedRolePoliciesAsync DetachRolePolicyAsync GetInstanceProfileAsync DeleteInstanceProfileAsync | iam:DeleteRole iam:ListInstanceProfilesForRole iam:RemoveRoleFromInstanceProfile iam:ListRolePolicies iam:DeleteRolePolicy iam:ListAttachedRolePolicies iam:DetachRolePolicy iam:GetInstanceProfile iam:DeleteInstanceProfile |
| AWSGetRole | GetRoleAsync | iam:GetRole |
| AWSUpdateRole | UpdateRoleAsync DeleteRolePermissionsBoundaryAsync PutRolePermissionsBoundaryAsync UntagRoleAsync TagRoleAsync GetRoleAsync | iam:UpdateRole iam:DeleteRolePermissionsBoundary iam:PutRolePermissionsBoundary iam:UntagRole iam:TagRole iam:GetRole |
| AWSForEachRole | ListRolesAsync ListRoleTagsAsync | iam:ListRoles iam:ListRoleTags |
IAM User Activities
| Activity | Operations | Permissions |
|---|---|---|
| AWSChangeUserPassword | UpdateLoginProfileAsync AttachUserPolicyAsync | iam:UpdateLoginProfile iam:AttachUserPolicy |
| AWSCreateUser | CreateUserAsync CreateLoginProfileAsync AttachUserPolicyAsync CreateAccessKeyAsync | iam:CreateUser iam:CreateLoginProfile iam:AttachUserPolicy iam:CreateAccessKey |
| AWSGetUser | GetUserAsync | iam:GetUser |
| AWSDeleteUser | DeleteUserAsync DeleteLoginProfileAsync ListAccessKeysAsync DeleteAccessKeyAsync ListSigningCertificatesAsync DeleteSigningCertificateAsync ListSSHPublicKeysAsync DeleteSSHPublicKeyAsync ListServiceSpecificCredentialsAsync DeleteServiceSpecificCredentialAsync ListVirtualMFADevicesAsync DeactivateMFADeviceAsync DeleteVirtualMFADeviceAsync ListUserPoliciesAsync DeleteUserPolicyAsync ListAttachedUserPoliciesAsync DetachUserPolicyAsync ListGroupsForUserAsync RemoveUserFromGroupAsync | iam:DeleteUser iam:DeleteLoginProfile iam:ListAccessKeys iam:DeleteAccessKey iam:ListSigningCertificates iam:DeleteSigningCertificate iam:ListSSHPublicKeys iam:DeleteSSHPublicKey iam:ListServiceSpecificCredentials iam:DeleteServiceSpecificCredential iam:ListVirtualMFADevices iam:DeactivateMFADevice iam:DeleteVirtualMFADevice iam:ListUserPolicies iam:DeleteUserPolicy iam:ListAttachedUserPolicies iam:DetachUserPolicy iam:ListGroupsForUser iam:RemoveUserFromGroup |
| AWSUpdateUser | UpdateUserAsync DeleteUserPermissionsBoundaryAsync PutUserPermissionsBoundaryAsync UntagUserAsync TagUserAsync GetUserAsync | iam:UpdateUser iam:DeleteUserPermissionsBoundary iam:PutUserPermissionsBoundary iam:UntagUser iam:TagUser iam:GetUser |
| AWSForEachUser | ListUsersAsync ListUserTagsAsync | iam:ListUsers iam:ListUserTags |
| AWSForEachUserGroup | ListGroupsForUserAsync | iam:ListGroupsForUser |
| AWSForEachUserInGroup | GetGroupAsync ListUserTagsAsync | iam:GetGroup iam:ListUserTags |