View a markdown version of this page

Actions, resources, and condition keys for AWS Security Incident Response - Service Authorization Reference

Actions, resources, and condition keys for AWS Security Incident Response

AWS Security Incident Response (service prefix: security-ir) provides the following service-specific operations, resources, actions, and condition keys for use in IAM permission policies.

References:

API operations defined by AWS Security Incident Response

The following table maps API operations to the IAM actions they authorize. Only condition keys that have static values for the given API and action are listed; for the full set of condition keys supported by each action, see the Actions table.

Operation IAM action Condition key Possible value(s) Access level

BatchGetMemberAccountDetails

security-ir:BatchGetMemberAccountDetails

Read

CancelMembership

security-ir:CancelMembership

Write

CloseCase

security-ir:CloseCase

Write

CreateCase

security-ir:CreateCase

Write

security-ir:TagResource

Tagging, Write

CreateCaseComment

security-ir:CreateCaseComment

Write

CreateMembership

security-ir:CreateMembership

Write

security-ir:TagResource

Tagging, Write

GetCase

security-ir:GetCase

Read

GetCaseAttachmentDownloadUrl

security-ir:GetCaseAttachmentDownloadUrl

Read

GetCaseAttachmentUploadUrl

security-ir:GetCaseAttachmentUploadUrl

Write

GetMembership

security-ir:GetMembership

Read

ListCaseEdits

security-ir:ListCaseEdits

Read

ListCases

security-ir:ListCases

List

ListComments

security-ir:ListComments

Read

ListInvestigations

security-ir:ListInvestigations

Read

ListMemberships

security-ir:ListMemberships

List

ListTagsForResource

security-ir:ListTagsForResource

Read

SendFeedback

security-ir:SendFeedback

Write

TagResource

security-ir:TagResource

Tagging, Write

UntagResource

security-ir:UntagResource

Tagging, Write

UpdateCase

security-ir:UpdateCase

Write

UpdateCaseComment

security-ir:UpdateCaseComment

Write

UpdateCaseStatus

security-ir:UpdateCaseStatus

Write

UpdateMembership

security-ir:UpdateMembership

Write

UpdateResolverType

security-ir:UpdateResolverType

Write

Actions defined by AWS Security Incident Response

You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.

Actions Description Resource types (*required) Condition keys Access level

BatchGetMemberAccountDetails

Grants permission to get member account details in batch

membership*

aws:ResourceTag/${TagKey}

Read

CancelMembership

Grants permission to cancel a membership

membership*

aws:ResourceTag/${TagKey}

Write

CloseCase

Grants permission to close a case

case*

aws:ResourceTag/${TagKey}

Write

CreateCase

Grants permission to create a case

case*

aws:RequestTag/${TagKey}

aws:ResourceTag/${TagKey}

aws:TagKeys

Write

CreateCaseComment

Grants permission to create a case comment

case*

aws:ResourceTag/${TagKey}

Write

CreateMembership

Grants permission to create a membership

membership*

aws:RequestTag/${TagKey}

aws:ResourceTag/${TagKey}

aws:TagKeys

Write

GetCase

Grants permission to get a case

case*

aws:ResourceTag/${TagKey}

Read

GetCaseAttachmentDownloadUrl

Grants permission to get a case attachment download URL

case*

aws:ResourceTag/${TagKey}

Read

GetCaseAttachmentUploadUrl

Grants permission to get a case attachment upload URL

case*

aws:ResourceTag/${TagKey}

Write

GetMembership

Grants permission to get a membership

membership*

aws:ResourceTag/${TagKey}

Read

ListCaseEdits

Grants permission to list case edits

case*

aws:ResourceTag/${TagKey}

Read

ListCases

Grants permission to list cases

List

ListComments

Grants permission to list case comments

case*

aws:ResourceTag/${TagKey}

Read

ListInvestigations

Grants permission to list investigations for a case

case*

aws:ResourceTag/${TagKey}

Read

ListMemberships

Grants permission to list memberships

List

ListTagsForResource

Grants permission to list the tags attached to the specified resource

case

aws:ResourceTag/${TagKey}

aws:TagKeys

Read

membership

aws:ResourceTag/${TagKey}

aws:TagKeys

SendFeedback

Grants permission to send feedback for investigation results

case*

aws:ResourceTag/${TagKey}

Write

TagResource

Grants permission to add tags to the specified resource

case

aws:RequestTag/${TagKey}

aws:ResourceTag/${TagKey}

aws:TagKeys

Tagging, Write

membership

aws:RequestTag/${TagKey}

aws:ResourceTag/${TagKey}

aws:TagKeys

UntagResource

Grants permission to remove tags from the specified resource

case

aws:ResourceTag/${TagKey}

aws:TagKeys

Tagging, Write

membership

aws:ResourceTag/${TagKey}

aws:TagKeys

UpdateCase

Grants permission to update a case

case*

aws:ResourceTag/${TagKey}

Write

UpdateCaseComment

Grants permission to update a case comment

case*

aws:ResourceTag/${TagKey}

Write

UpdateCaseStatus

Grants permission to update a case status

case*

aws:ResourceTag/${TagKey}

Write

UpdateMembership

Grants permission to update memberships

membership*

aws:ResourceTag/${TagKey}

Write

UpdateResolverType

Grants permission to update case resolver type

case*

aws:ResourceTag/${TagKey}

Write

Resource types defined by AWS Security Incident Response

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements.

Resource types ARN Condition keys

case

arn:${Partition}:security-ir:${Region}:${Account}:case/${CaseId}

aws:ResourceTag/${TagKey}

membership

arn:${Partition}:security-ir:${Region}:${Account}:membership/${MembershipId}

aws:ResourceTag/${TagKey}

Condition keys for AWS Security Incident Response

AWS Security Incident Response defines the following condition keys that can be used in the Condition element of an IAM policy.

Condition keys Description Type

aws:RequestTag/${TagKey}

Filters access by the tags that are passed in the request

String

aws:ResourceTag/${TagKey}

Filters access by the tags associated with the resource

String

aws:TagKeys

Filters access by the tag keys that are passed in the request

ArrayOfString