Actions, resources, and condition keys for AWS FinOps Agent
AWS FinOps Agent (service prefix: finops-agent) provides the following
service-specific operations, resources, actions, and condition keys for use in IAM permission
policies.
References:
-
Learn how to configure this service.
-
View a list of the API operations available for this service.
-
Learn how to secure this service and its resources by using IAM permission policies.
-
View the programmatic service authorization reference
for this service.
Topics
Actions defined by AWS FinOps Agent
AWS FinOps Agent has no API operations that can be used in the
Actions element of an IAM policy statement.
Permission-only actions for AWS FinOps Agent
The following actions are defined by AWS FinOps Agent but are not directly invocable through any API operation. They can only be used in IAM policy statements to grant or deny permissions.
| Actions | Description | Resource types (*required) | Condition keys | Access level |
|---|---|---|---|---|
Grants permission to accept a pending approval request from the agent |
Write |
|||
Grants permission to cancel a task |
Write |
|||
Grants permission to cancel an in-progress conversation turn |
Write |
|||
Grants permission to create a new FinOps Agent workspace |
Write |
|||
Grants permission to create a reusable automation |
Write |
|||
Grants permission to create a connection |
Write |
|||
Grants permission to create a new conversation with the FinOps Agent |
Write |
|||
Grants permission to create a document |
Write |
|||
Grants permission to create a third-party integration |
Write |
|||
Grants permission to create a one-time login session for the FinOps Agent web application |
Write |
|||
Grants permission to create a task |
Write |
|||
Grants permission to create a new turn in a conversation |
Write |
|||
Grants permission to delete a FinOps Agent workspace |
Write |
|||
Grants permission to delete an artifact and its content |
Write |
|||
Grants permission to delete an automation |
Write |
|||
Grants permission to delete a connection |
Write |
|||
Grants permission to delete a document |
Write |
|||
Grants permission to delete a third-party integration |
Write |
|||
Grants permission to view details of a pending approval request from the agent |
Read |
|||
Grants permission to view details of a FinOps Agent workspace |
Read |
|||
Grants permission to download artifact content |
Read |
|||
Grants permission to view artifact metadata |
Read |
|||
Grants permission to view details of an automation |
Read |
|||
Grants permission to view details of a connection |
Read |
|||
Grants permission to download document content |
Read |
|||
Grants permission to view document metadata |
Read |
|||
Grants permission to view details of a third-party integration |
Read |
|||
Grants permission to view details of a task |
Read |
|||
Grants permission to view details of a conversation turn |
Read |
|||
Grants permission to list all FinOps Agent workspaces in the account |
List |
|||
Grants permission to list artifacts |
List |
|||
Grants permission to list automations |
List |
|||
Grants permission to list connections |
List |
|||
Grants permission to list conversations |
List |
|||
Grants permission to list documents |
List |
|||
Grants permission to list third-party integrations |
List |
|||
Grants permission to list records for real-time agent activity display |
List |
|||
Grants permission to list tasks |
List |
|||
Grants permission to list turns in a conversation |
List |
|||
Grants permission to reject a pending approval request from the agent |
Write |
|||
Grants permission to restore an archived document |
Write |
|||
Grants permission to submit feedback on agent responses |
Write |
|||
Grants permission to update a FinOps Agent workspace configuration |
Write |
|||
Grants permission to update an automation |
Write |
|||
Grants permission to update a connection |
Write |
|||
Grants permission to update a document's content and metadata |
Write |
Resource types defined by AWS FinOps Agent
AWS FinOps Agent does not support specifying a resource ARN in the
Resource element of an IAM policy statement.
Condition keys for AWS FinOps Agent
AWS FinOps Agent has no service-specific condition keys that can be used in the
Condition element of policy statements.