# Actions, resources, and condition keys for AWS Storage Gateway
<a name="list_awsstoragegateway"></a>

AWS Storage Gateway (service prefix: `storagegateway`) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:
+ Learn how to [configure this service](https://docs.aws.amazon.com/storagegateway/latest/userguide/).
+ View a list of the [API operations available for this service](https://docs.aws.amazon.com/storagegateway/latest/APIReference/).
+ Learn how to secure this service and its resources by [using IAM](https://docs.aws.amazon.com/storagegateway/latest/userguide/UsingIAMWithStorageGateway.html) permission policies.

**Topics**
+ [Actions defined by AWS Storage Gateway](#awsstoragegateway-actions-as-permissions)
+ [Resource types defined by AWS Storage Gateway](#awsstoragegateway-resources-for-iam-policies)
+ [Condition keys for AWS Storage Gateway](#awsstoragegateway-policy-keys)

## Actions defined by AWS Storage Gateway
<a name="awsstoragegateway-actions-as-permissions"></a>

You can specify the following actions in the `Action` element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.

The **Access level** column of the Actions table describes how the action is classified (List, Read, Permissions management, or Tagging). This classification can help you understand the level of access that an action grants when you use it in a policy. For more information about access levels, see [Access levels in policy summaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html).

The **Resource types** column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("\*") to which the policy applies in the `Resource` element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (\*). If you limit resource access with the `Resource` element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types.

The **Condition keys** column of the Actions table includes keys that you can specify in a policy statement's `Condition` element. For more information on the condition keys that are associated with resources for the service, see the **Condition keys** column of the Resource types table.

The **Dependent actions** column of the Actions table shows additional permissions that may be required to successfully call an action. These permissions may be needed in addition to the permission for the action itself. When an action specifies dependent actions, those dependencies may apply to additional resources defined for that action, not only the first resource listed in the table.

**Note**  
Resource condition keys are listed in the [Resource types](#awsstoragegateway-resources-for-iam-policies) table. You can find a link to the resource type that applies to an action in the **Resource types (\*required)** column of the Actions table. The resource type in the Resource types table includes the **Condition keys** column, which are the resource condition keys that apply to an action in the Actions table.

For details about the columns in the following table, see [Actions table](reference_policies_actions-resources-contextkeys.html#actions_table).


****  


- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ActivateGateway.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ActivateGateway.html) **
  - **Description:** Grants permission to activate the gateway you previously deployed on your host
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys) 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AddCache.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AddCache.html) **
  - **Description:** Grants permission to configure one or more gateway local disks as cache for a cached-volume gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AddTagsToResource.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AddTagsToResource.html) **
  - **Description:** Grants permission to add one or more tags to the specified resource
  - **Access level:** Tagging
  - **Resource types (\*required):**  [#awsstoragegateway-cache-report](#awsstoragegateway-cache-report)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-fs-association](#awsstoragegateway-fs-association)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-share](#awsstoragegateway-share)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tape](#awsstoragegateway-tape)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tapepool](#awsstoragegateway-tapepool)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AddUploadBuffer.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AddUploadBuffer.html) **
  - **Description:** Grants permission to configure one or more gateway local disks as upload buffer for a specified gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AddWorkingStorage.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AddWorkingStorage.html) **
  - **Description:** Grants permission to configure one or more gateway local disks as working storage for a gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AssignTapePool.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AssignTapePool.html) **
  - **Description:** Grants permission to move a tape to the target pool specified
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-tape](#awsstoragegateway-tape)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tapepool](#awsstoragegateway-tapepool)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AssociateFileSystem.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AssociateFileSystem.html) **
  - **Description:** Grants permission to associate an Amazon FSx file system with the Amazon FSx file gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:**  ds:DescribeDirectories <br /> ec2:DescribeNetworkInterfaces <br /> fsx:DescribeFileSystems <br /> iam:CreateServiceLinkedRole <br /> logs:CreateLogDelivery <br /> logs:GetLogDelivery <br /> logs:ListLogDeliveries <br /> logs:UpdateLogDelivery 
  - **Resource types (\*required):**  / **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AttachVolume.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_AttachVolume.html) **
  - **Description:** Grants permission to connect a volume to an iSCSI connection and then attaches the volume to the specified gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/userguide/CreatingCustomTapePool.html#TapeRetentionLock](https://docs.aws.amazon.com/storagegateway/latest/userguide/CreatingCustomTapePool.html#TapeRetentionLock) **
  - **Description:** Grants permission to allow the governance retention lock on a pool to be bypassed
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-tapepool](#awsstoragegateway-tapepool) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CancelArchival.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CancelArchival.html) **
  - **Description:** Grants permission to cancel archiving of a virtual tape to the virtual tape shelf (VTS) after the archiving process is initiated
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tape](#awsstoragegateway-tape)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CancelCacheReport.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CancelCacheReport.html) **
  - **Description:** Grants permission to cancel a cache report
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-cache-report](#awsstoragegateway-cache-report) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CancelRetrieval.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CancelRetrieval.html) **
  - **Description:** Grants permission to cancel retrieval of a virtual tape from the virtual tape shelf (VTS) to a gateway after the retrieval process is initiated
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tape](#awsstoragegateway-tape)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateCachediSCSIVolume.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateCachediSCSIVolume.html) **
  - **Description:** Grants permission to create a cached volume on a specified cached gateway. This operation is supported only for the gateway-cached volume architecture
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateNFSFileShare.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateNFSFileShare.html) **
  - **Description:** Grants permission to create a NFS file share on an existing file gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateSMBFileShare.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateSMBFileShare.html) **
  - **Description:** Grants permission to create a SMB file share on an existing file gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateSnapshot.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateSnapshot.html) **
  - **Description:** Grants permission to initiate a snapshot of a volume
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateSnapshotFromVolumeRecoveryPoint.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateSnapshotFromVolumeRecoveryPoint.html) **
  - **Description:** Grants permission to initiate a snapshot of a gateway from a volume recovery point
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateStorediSCSIVolume.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateStorediSCSIVolume.html) **
  - **Description:** Grants permission to create a volume on a specified gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateTapePool.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateTapePool.html) **
  - **Description:** Grants permission to create a tape pool
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys) 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateTapeWithBarcode.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateTapeWithBarcode.html) **
  - **Description:** Grants permission to create a virtual tape by using your own barcode
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tapepool](#awsstoragegateway-tapepool)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateTapes.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateTapes.html) **
  - **Description:** Grants permission to create one or more virtual tapes. You write data to the virtual tapes and then archive the tapes
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tapepool](#awsstoragegateway-tapepool)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteAutomaticTapeCreationPolicy.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteAutomaticTapeCreationPolicy.html) **
  - **Description:** Grants permission to delete the automatic tape creation policy configured on a gateway-VTL
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteBandwidthRateLimit.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteBandwidthRateLimit.html) **
  - **Description:** Grants permission to delete the bandwidth rate limits of a gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteCacheReport.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteCacheReport.html) **
  - **Description:** Grants permission to delete the metadata associated with a cache report
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-cache-report](#awsstoragegateway-cache-report) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteChapCredentials.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteChapCredentials.html) **
  - **Description:** Grants permission to delete Challenge-Handshake Authentication Protocol (CHAP) credentials for a specified iSCSI target and initiator pair
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-target](#awsstoragegateway-target) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteFileShare.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteFileShare.html) **
  - **Description:** Grants permission to delete a file share from a file gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-share](#awsstoragegateway-share) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteGateway.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteGateway.html) **
  - **Description:** Grants permission to delete a gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteSnapshotSchedule.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteSnapshotSchedule.html) **
  - **Description:** Grants permission to delete a snapshot of a volume
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteTape.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteTape.html) **
  - **Description:** Grants permission to delete the specified virtual tape
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tape](#awsstoragegateway-tape)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteTapeArchive.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteTapeArchive.html) **
  - **Description:** Grants permission to delete the specified virtual tape from the virtual tape shelf (VTS)
  - **Access level:** Write
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteTapePool.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteTapePool.html) **
  - **Description:** Grants permission to delete the specified tape pool
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-tapepool](#awsstoragegateway-tapepool) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteVolume.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DeleteVolume.html) **
  - **Description:** Grants permission to delete the specified gateway volume that you previously created using the CreateCachediSCSIVolume or CreateStorediSCSIVolume API
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeAvailabilityMonitorTest.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeAvailabilityMonitorTest.html) **
  - **Description:** Grants permission to get the information about the most recent high availability monitoring test that was performed on the gateway
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeBandwidthRateLimit.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeBandwidthRateLimit.html) **
  - **Description:** Grants permission to get the bandwidth rate limits of a gateway
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeBandwidthRateLimitSchedule.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeBandwidthRateLimitSchedule.html) **
  - **Description:** Grants permission to get the bandwidth rate limit schedule of a gateway
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeCache.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeCache.html) **
  - **Description:** Grants permission to get information about the cache of a gateway. This operation is supported only for the gateway-cached volume architecture
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeCacheReport.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeCacheReport.html) **
  - **Description:** Grants permission to get a description of a cache report
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-cache-report](#awsstoragegateway-cache-report) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeCachediSCSIVolumes.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeCachediSCSIVolumes.html) **
  - **Description:** Grants permission to get a description of the gateway volumes specified in the request. This operation is supported only for the gateway-cached volume architecture
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeChapCredentials.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeChapCredentials.html) **
  - **Description:** Grants permission to get an array of Challenge-Handshake Authentication Protocol (CHAP) credentials information for a specified iSCSI target, one for each target-initiator pair
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-target](#awsstoragegateway-target) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeFileSystemAssociations.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeFileSystemAssociations.html) **
  - **Description:** Grants permission to get a description for one or more file system associations
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-fs-association](#awsstoragegateway-fs-association) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeGatewayInformation.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeGatewayInformation.html) **
  - **Description:** Grants permission to get metadata about a gateway such as its name, network interfaces, configured time zone, and the state (whether the gateway is running or not)
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeMaintenanceStartTime.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeMaintenanceStartTime.html) **
  - **Description:** Grants permission to get your gateway's weekly maintenance start time including the day and time of the week
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeNFSFileShares.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeNFSFileShares.html) **
  - **Description:** Grants permission to get a description for one or more file shares from a file gateway
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-share](#awsstoragegateway-share) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeSMBFileShares.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeSMBFileShares.html) **
  - **Description:** Grants permission to get a description for one or more file shares from a file gateway
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-share](#awsstoragegateway-share) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeSMBSettings.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeSMBSettings.html) **
  - **Description:** Grants permission to get a description of a Server Message Block (SMB) file share settings from a file gateway
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeSnapshotSchedule.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeSnapshotSchedule.html) **
  - **Description:** Grants permission to describe the snapshot schedule for the specified gateway volume
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeStorediSCSIVolumes.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeStorediSCSIVolumes.html) **
  - **Description:** Grants permission to get the description of the gateway volumes specified in the request
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeTapeArchives.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeTapeArchives.html) **
  - **Description:** Grants permission to get a description of specified virtual tapes in the virtual tape shelf (VTS)
  - **Access level:** Read
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeTapeRecoveryPoints.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeTapeRecoveryPoints.html) **
  - **Description:** Grants permission to get a list of virtual tape recovery points that are available for the specified gateway-VTL
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeTapes.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeTapes.html) **
  - **Description:** Grants permission to get a description of the specified Amazon Resource Name (ARN) of virtual tapes
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeUploadBuffer.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeUploadBuffer.html) **
  - **Description:** Grants permission to get information about the upload buffer of a gateway
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeVTLDevices.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeVTLDevices.html) **
  - **Description:** Grants permission to get a description of virtual tape library (VTL) devices for the specified gateway
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeWorkingStorage.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DescribeWorkingStorage.html) **
  - **Description:** Grants permission to get information about the working storage of a gateway
  - **Access level:** Read
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DetachVolume.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DetachVolume.html) **
  - **Description:** Grants permission to disconnect a volume from an iSCSI connection and then detaches the volume from the specified gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DisableGateway.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DisableGateway.html) **
  - **Description:** Grants permission to disable a gateway when the gateway is no longer functioning
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DisassociateFileSystem.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_DisassociateFileSystem.html) **
  - **Description:** Grants permission to disassociate an Amazon FSx file system from an Amazon FSx file gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-fs-association](#awsstoragegateway-fs-association) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_EvictFilesFailingUpload.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_EvictFilesFailingUpload.html) **
  - **Description:** Grants permission to clean a share's cache of file entries that are failing upload to Amazon S3
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-share](#awsstoragegateway-share) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_JoinDomain.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_JoinDomain.html) **
  - **Description:** Grants permission to enable you to join an Active Directory Domain
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListAutomaticTapeCreationPolicies.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListAutomaticTapeCreationPolicies.html) **
  - **Description:** Grants permission to list the automatic tape creation policies configured on the specified gateway-VTL or all gateway-VTLs owned by your AWS account
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListCacheReports.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListCacheReports.html) **
  - **Description:** Grants permission to get a list of the cache reports owned by your AWS account
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListFileShares.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListFileShares.html) **
  - **Description:** Grants permission to get a list of the file shares for a specific file gateway, or the list of file shares owned by your AWS account
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListFileSystemAssociations.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListFileSystemAssociations.html) **
  - **Description:** Grants permission to get a list of the file system associations for the specified gateway
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListGateways.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListGateways.html) **
  - **Description:** Grants permission to list gateways owned by an AWS account in a region specified in the request. The returned list is ordered by gateway Amazon Resource Name (ARN)
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListLocalDisks.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListLocalDisks.html) **
  - **Description:** Grants permission to get a list of the gateway's local disks
  - **Access level:** List
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListTagsForResource.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListTagsForResource.html) **
  - **Description:** Grants permission to get the tags that have been added to the specified resource
  - **Access level:** List
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-share](#awsstoragegateway-share)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tape](#awsstoragegateway-tape)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListTapePools.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListTapePools.html) **
  - **Description:** Grants permission to list tape pools owned by your AWS account
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListTapes.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListTapes.html) **
  - **Description:** Grants permission to list virtual tapes in your virtual tape library (VTL) and your virtual tape shelf (VTS)
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListVolumeInitiators.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListVolumeInitiators.html) **
  - **Description:** Grants permission to list iSCSI initiators that are connected to a volume
  - **Access level:** List
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListVolumeRecoveryPoints.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListVolumeRecoveryPoints.html) **
  - **Description:** Grants permission to list the recovery points for a specified gateway
  - **Access level:** List
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListVolumes.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListVolumes.html) **
  - **Description:** Grants permission to list the iSCSI stored volumes of a gateway
  - **Access level:** List
  - **Resource types (\*required):** 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_NotifyWhenUploaded.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_NotifyWhenUploaded.html) **
  - **Description:** Grants permission to send you a notification through CloudWatch Events when all files written to your NFS file share have been uploaded to Amazon S3
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-share](#awsstoragegateway-share) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_RefreshCache.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_RefreshCache.html) **
  - **Description:** Grants permission to refresh the cache for the specified file share
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-share](#awsstoragegateway-share) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_RemoveTagsFromResource.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_RemoveTagsFromResource.html) **
  - **Description:** Grants permission to remove one or more tags from the specified resource
  - **Access level:** Tagging
  - **Resource types (\*required):**  [#awsstoragegateway-cache-report](#awsstoragegateway-cache-report)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-fs-association](#awsstoragegateway-fs-association)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-share](#awsstoragegateway-share)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tape](#awsstoragegateway-tape)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tapepool](#awsstoragegateway-tapepool)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ResetCache.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ResetCache.html) **
  - **Description:** Grants permission to reset all cache disks that have encountered a error and makes the disks available for reconfiguration as cache storage
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_RetrieveTapeArchive.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_RetrieveTapeArchive.html) **
  - **Description:** Grants permission to retrieve an archived virtual tape from the virtual tape shelf (VTS) to a gateway-VTL
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tape](#awsstoragegateway-tape)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_RetrieveTapeRecoveryPoint.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_RetrieveTapeRecoveryPoint.html) **
  - **Description:** Grants permission to retrieve the recovery point for the specified virtual tape
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tape](#awsstoragegateway-tape)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_SetLocalConsolePassword.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_SetLocalConsolePassword.html) **
  - **Description:** Grants permission to set the password for your VM local console
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_SetSMBGuestPassword.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_SetSMBGuestPassword.html) **
  - **Description:** Grants permission to set the password for SMB Guest user
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ShutdownGateway.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ShutdownGateway.html) **
  - **Description:** Grants permission to shut down a gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_StartAvailabilityMonitorTest.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_StartAvailabilityMonitorTest.html) **
  - **Description:** Grants permission to start a test that verifies that the specified gateway is configured for High Availability monitoring in your host environment
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_StartCacheReport.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_StartCacheReport.html) **
  - **Description:** Grants permission to start a cache report for an existing file share
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-share](#awsstoragegateway-share)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_StartGateway.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_StartGateway.html) **
  - **Description:** Grants permission to start a gateway that you previously shut down
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateAutomaticTapeCreationPolicy.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateAutomaticTapeCreationPolicy.html) **
  - **Description:** Grants permission to update the automatic tape creation policy configured on a gateway-VTL
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  [#awsstoragegateway-tapepool](#awsstoragegateway-tapepool)  / **Condition keys:**  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateBandwidthRateLimit.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateBandwidthRateLimit.html) **
  - **Description:** Grants permission to update the bandwidth rate limits of a gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateBandwidthRateLimitSchedule.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateBandwidthRateLimitSchedule.html) **
  - **Description:** Grants permission to update the bandwidth rate limit schedule of a gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateChapCredentials.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateChapCredentials.html) **
  - **Description:** Grants permission to update the Challenge-Handshake Authentication Protocol (CHAP) credentials for a specified iSCSI target
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-target](#awsstoragegateway-target) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateFileSystemAssociation.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateFileSystemAssociation.html) **
  - **Description:** Grants permission to update a file system association
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-fs-association](#awsstoragegateway-fs-association) 
  - **Condition keys:** 
  - **Dependent actions:**  logs:CreateLogDelivery <br /> logs:DeleteLogDelivery <br /> logs:GetLogDelivery <br /> logs:ListLogDeliveries <br /> logs:UpdateLogDelivery 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateGatewayInformation.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateGatewayInformation.html) **
  - **Description:** Grants permission to update a gateway's metadata, which includes the gateway's name and time zone
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateGatewaySoftwareNow.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateGatewaySoftwareNow.html) **
  - **Description:** Grants permission to update the gateway virtual machine (VM) software
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateMaintenanceStartTime.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateMaintenanceStartTime.html) **
  - **Description:** Grants permission to update a gateway's weekly maintenance start time information, including day and time of the week. The maintenance time is the time in your gateway's time zone
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateNFSFileShare.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateNFSFileShare.html) **
  - **Description:** Grants permission to update a NFS file share
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-share](#awsstoragegateway-share) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateSMBFileShare.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateSMBFileShare.html) **
  - **Description:** Grants permission to update a SMB file share
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-share](#awsstoragegateway-share) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateSMBFileShareVisibility.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateSMBFileShareVisibility.html) **
  - **Description:** Grants permission to update whether the shares on a gateway are visible in a net view or browse list
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateSMBLocalGroups.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateSMBLocalGroups.html) **
  - **Description:** Grants permission to update the list of Active Directory users and groups that have special permissions for SMB file shares on the gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateSMBSecurityStrategy.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateSMBSecurityStrategy.html) **
  - **Description:** Grants permission to update the SMB security strategy on a file gateway
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-gateway](#awsstoragegateway-gateway) 
  - **Condition keys:** 
  - **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateSnapshotSchedule.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateSnapshotSchedule.html) **
  - **Description:** Grants permission to update a snapshot schedule configured for a gateway volume
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-volume](#awsstoragegateway-volume)  / **Condition keys:**  / **Dependent actions:** 
  - **Resource types (\*required):**  / **Condition keys:**  [#awsstoragegateway-aws_RequestTag___TagKey_](#awsstoragegateway-aws_RequestTag___TagKey_) <br /> [#awsstoragegateway-aws_TagKeys](#awsstoragegateway-aws_TagKeys)  / **Dependent actions:** 

- **  [https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateVTLDeviceType.html](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_UpdateVTLDeviceType.html) **
  - **Description:** Grants permission to update the type of medium changer in a gateway-VTL
  - **Access level:** Write
  - **Resource types (\*required):**  [#awsstoragegateway-device](#awsstoragegateway-device) 
  - **Condition keys:** 
  - **Dependent actions:** 



## Resource types defined by AWS Storage Gateway
<a name="awsstoragegateway-resources-for-iam-policies"></a>

The following resource types are defined by this service and can be used in the `Resource` element of IAM permission policy statements. Each action in the [Actions table](#awsstoragegateway-actions-as-permissions) identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the Resource types table. For details about the columns in the following table, see [Resource types table](reference_policies_actions-resources-contextkeys.html#resources_table).


****  

| Resource types | ARN | Condition keys | 
| --- | --- | --- | 
|   [https://docs.aws.amazon.com/filegateway/latest/files3/cache-report.html](https://docs.aws.amazon.com/filegateway/latest/files3/cache-report.html)  |  arn:${Partition}:storagegateway:${Region}:${Account}:share/${ShareId}/cache-report/${CacheReportId}  |  [#awsstoragegateway-aws_ResourceTag___TagKey_](#awsstoragegateway-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/storagegateway/latest/userguide/resource_vtl-devices.html](https://docs.aws.amazon.com/storagegateway/latest/userguide/resource_vtl-devices.html)  |  arn:${Partition}:storagegateway:${Region}:${Account}:gateway/${GatewayId}/device/${Vtldevice}  |  | 
|   [https://docs.aws.amazon.com/filegateway/latest/filefsxw/attach-fsxw-filesystem.html](https://docs.aws.amazon.com/filegateway/latest/filefsxw/attach-fsxw-filesystem.html)  |  arn:${Partition}:storagegateway:${Region}:${Account}:fs-association/${FsaId}  |  [#awsstoragegateway-aws_ResourceTag___TagKey_](#awsstoragegateway-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html](https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html)  |  arn:${Partition}:storagegateway:${Region}:${Account}:gateway/${GatewayId}  |  [#awsstoragegateway-aws_ResourceTag___TagKey_](#awsstoragegateway-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/storagegateway/latest/userguide/GettingStartedCreateFileShare.html](https://docs.aws.amazon.com/storagegateway/latest/userguide/GettingStartedCreateFileShare.html)  |  arn:${Partition}:storagegateway:${Region}:${Account}:share/${ShareId}  |  [#awsstoragegateway-aws_ResourceTag___TagKey_](#awsstoragegateway-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html#storage-gateway-vtl-concepts](https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html#storage-gateway-vtl-concepts)  |  arn:${Partition}:storagegateway:${Region}:${Account}:tape/${TapeBarcode}  |  [#awsstoragegateway-aws_ResourceTag___TagKey_](#awsstoragegateway-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/storagegateway/latest/userguide/CreatingCustomTapePool.html](https://docs.aws.amazon.com/storagegateway/latest/userguide/CreatingCustomTapePool.html)  |  arn:${Partition}:storagegateway:${Region}:${Account}:tapepool/${PoolId}  |  [#awsstoragegateway-aws_ResourceTag___TagKey_](#awsstoragegateway-aws_ResourceTag___TagKey_)  | 
|   [https://docs.aws.amazon.com/storagegateway/latest/userguide/GettingStartedCreateVolumes.html](https://docs.aws.amazon.com/storagegateway/latest/userguide/GettingStartedCreateVolumes.html)  |  arn:${Partition}:storagegateway:${Region}:${Account}:gateway/${GatewayId}/target/${IscsiTarget}  |  | 
|   [https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html#volume-gateway-concepts](https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html#volume-gateway-concepts)  |  arn:${Partition}:storagegateway:${Region}:${Account}:gateway/${GatewayId}/volume/${VolumeId}  |  [#awsstoragegateway-aws_ResourceTag___TagKey_](#awsstoragegateway-aws_ResourceTag___TagKey_)  | 

## Condition keys for AWS Storage Gateway
<a name="awsstoragegateway-policy-keys"></a>

AWS Storage Gateway defines the following condition keys that can be used in the `Condition` element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see [Condition keys table](reference_policies_actions-resources-contextkeys.html#context_keys_table).

To view the global condition keys that are available to all services, see [AWS global condition context keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html).


****  

| Condition keys | Description | Type | 
| --- | --- | --- | 
|   [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag)  | Filters access by the allowed set of values for each of the tags | String | 
|   [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag)  | Filters access by tag-value associated with the resource | String | 
|   [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys)  | Filters access by the presence of mandatory tags in the request | ArrayOfString |