Actions, resources, and condition keys for AWS PrivateLink
AWS PrivateLink (service prefix: vpce) provides the following
service-specific operations, resources, actions, and condition keys for use in IAM permission
policies.
References:
-
Learn how to configure this service.
-
View a list of the API operations available for this service.
-
Learn how to secure this service and its resources by using IAM permission policies.
-
View the programmatic service authorization reference
for this service.
Topics
Actions defined by AWS PrivateLink
AWS PrivateLink has no API operations that can be used in the
Actions element of an IAM policy statement.
Permission-only actions for AWS PrivateLink
The following actions are defined by AWS PrivateLink but are not directly invocable through any API operation. They can only be used in IAM policy statements to grant or deny permissions.
| Actions | Description | Resource types (*required) | Condition keys | Access level |
|---|---|---|---|---|
Grants permission to manage multi-region VPC endpoints and VPC endpoint service configurations |
Write |
|||
Resource types defined by AWS PrivateLink
The following resource types are defined by this service and can be used in the
Resource element of IAM permission policy statements.
| Resource types | ARN | Condition keys |
|---|---|---|
arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint/${VpcEndpointId} |
||
arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint-service/${VpcEndpointServiceId} |
Condition keys for AWS PrivateLink
AWS PrivateLink has no service-specific condition keys that can be used in the
Condition element of policy statements.