Learn more about Amazon Resource Groups authorization and access control - Amazon Resource Groups
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Learn more about Amazon Resource Groups authorization and access control

Resource Groups supports the following.

  • Action-based policies. For example, you can create a policy that allows users to perform ListGroups operations, but no others.

  • Resource-level permissions. Resource Groups supports using ARNs to specify individual resources in the policy.

  • Authorization based on tags. Resource Groups supports using resource tags in the condition of a policy. For example, you can create a policy that allows Resource Groups users full access to a group that you have tagged.

  • Temporary credentials. Users can assume a role with a policy that allows Amazon Resource Groups operations.

Resource Groups doesn't support resource-based policies.

For more information about how Resource Groups and Tag Editor integrate with Amazon Identity and Access Management (IAM), see the following topics in the Amazon Identity and Access Management User Guide.