View a markdown version of this page

Actions, resources, and condition keys for AWS PrivateLink - Service Authorization Reference

Actions, resources, and condition keys for AWS PrivateLink

AWS PrivateLink (service prefix: vpce) provides the following service-specific operations, resources, actions, and condition keys for use in IAM permission policies.

References:

Actions defined by AWS PrivateLink

AWS PrivateLink has no API operations that can be used in the Actions element of an IAM policy statement.

Permission-only actions for AWS PrivateLink

The following actions are defined by AWS PrivateLink but are not directly invocable through any API operation. They can only be used in IAM policy statements to grant or deny permissions.

Actions Description Resource types (*required) Condition keys Access level

AllowMultiRegion

Grants permission to manage multi-region VPC endpoints and VPC endpoint service configurations

vpc-endpoint

Write

vpc-endpoint-service

Resource types defined by AWS PrivateLink

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements.

Resource types ARN Condition keys

vpc-endpoint

arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint/${VpcEndpointId}

vpc-endpoint-service

arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint-service/${VpcEndpointServiceId}

Condition keys for AWS PrivateLink

AWS PrivateLink has no service-specific condition keys that can be used in the Condition element of policy statements.