Actions, resources, and condition keys for Amazon Lookout for Vision
Amazon Lookout for Vision (service prefix: lookoutvision) provides the following
service-specific operations, resources, actions, and condition keys for use in IAM permission
policies.
References:
-
Learn how to configure this service.
-
View a list of the API operations available for this service.
-
Learn how to secure this service and its resources by using IAM permission policies.
-
View the programmatic service authorization reference
for this service.
Topics
Actions defined by Amazon Lookout for Vision
You can specify the following actions in the Action element of an IAM
policy statement. Use policies to grant permissions to perform an operation in AWS. When
you use an action in a policy, you usually allow or deny access to the API operation or CLI
command with the same name. However, in some cases, a single action controls access to more
than one operation. Alternatively, some operations require several different actions.
| Actions | Description | Resource types (*required) | Condition keys | Access level |
|---|---|---|---|---|
Grants permission to create a dataset manifest |
Write |
|||
Grants permission to create a new anomaly detection model |
Write |
|||
Grants permission to create a new project |
Write |
|||
Grants permission to delete a dataset |
Write |
|||
Grants permission to delete a model and all associated assets |
Write |
|||
Grants permission to permanently remove a project |
Write |
|||
Grants permission to show detailed information about dataset manifest |
Read |
|||
Grants permission to show detailed information about a model |
Read |
|||
Grants permission to show detailed information about a model packaging job |
Read |
|||
Grants permission to show detailed information about a project |
Read |
|||
Grants permission to invoke detection of anomalies |
Write |
|||
Grants permission to list the contents of dataset manifest |
Read |
|||
Grants permission to list all model packaging jobs associated with a project |
List |
|||
Grants permission to list all models associated with a project |
List |
|||
Grants permission to list all projects |
List |
|||
Grants permission to list tags for a resource |
Read |
|||
Grants permission to start anomaly detection model |
Write |
|||
Grants permission to start a model packaging job |
Write |
|||
Grants permission to stop anomaly detection model |
Write |
|||
Grants permission to tag a resource with given key value pairs |
Tagging, Write |
|||
Grants permission to remove the tag with the given key from a resource |
Tagging, Write |
|||
Grants permission to update a training or test dataset manifest |
Write |
Permission-only actions for Amazon Lookout for Vision
The following actions are defined by Amazon Lookout for Vision but are not directly invocable through any API operation. They can only be used in IAM policy statements to grant or deny permissions.
| Actions | Description | Resource types (*required) | Condition keys | Access level |
|---|---|---|---|---|
Grants permission to provides state information about a running anomaly detection job |
Read |
|||
Grants permission to list all anomaly detection jobs |
List |
|||
Grants permission to start bulk detection of anomalies for a set of images stored in an S3 bucket |
Write |
Resource types defined by Amazon Lookout for Vision
The following resource types are defined by this service and can be used in the
Resource element of IAM permission policy statements.
| Resource types | ARN | Condition keys |
|---|---|---|
arn:${Partition}:lookoutvision:${Region}:${Account}:model/${ProjectName}/${ModelVersion} |
||
arn:${Partition}:lookoutvision:${Region}:${Account}:project/${ProjectName} |
Condition keys for Amazon Lookout for Vision
Amazon Lookout for Vision defines the following condition keys that can be used in the
Condition element of an IAM policy.
| Condition keys | Description | Type |
|---|---|---|
Filters access by the tags that are passed in the request |
String |
|
Filters access by the tags associated with the resource |
String |
|
Filters access by the tag keys that are passed in the request |
ArrayOfString |