API Permissions: Actions, Permissions, and Resources Reference - Amazon Kinesis Data Analytics for SQL Applications Developer Guide
GetApplicationState
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

For new projects, we recommend that you use the new Managed Service for Apache Flink Studio over Kinesis Data Analytics for SQL Applications. Managed Service for Apache Flink Studio combines ease of use with advanced analytical capabilities, enabling you to build sophisticated stream processing applications in minutes.

API Permissions: Actions, Permissions, and Resources Reference

When you are setting up Access Control and writing a permissions policy that you can attach to an IAM identity (identity-based policies), you can use the following table as a reference. The table lists each API operation, the corresponding actions for which you can grant permissions to perform the action, and the Amazon resource for which you can grant the permissions. You specify the actions in the policy's Action field, and you specify the resource value in the policy's Resource field.

You can use Amazon-wide condition keys in your policies to express conditions. For a complete list of Amazon-wide keys, see Available Keys in the IAM User Guide.

Note

To specify an action, use the kinesisanalytics prefix followed by the API operation name (for example, kinesisanalytics:AddApplicationInput).

If you see an expand arrow () in the upper-right corner of the table, you can open the table in a new window. To close the window, choose the close button (X) in the lower-right corner.

API and Required Permissions for Actions
API Operations Required Permissions (API Actions) Resources

AddApplicationInput

kinesisanalytics:AddApplicationInput

arn:aws:kinesisanalytics: region:accountId:application/application-name

AddApplicationOutput

kinesisanalytics:AddApplicationOutput

arn:aws:kinesisanalytics: region:accountId:application/application-name

AddApplicationReferenceDataSource

kinesisanalytics:AddApplicationReferenceDataSource

arn:aws:kinesisanalytics: region:accountId:application/application-name

CreateApplication

kinesisanalytics:CreateApplication

arn:aws:kinesisanalytics: region:accountId:application/application-name

DeleteApplication

kinesisanalytics:DeleteApplication

arn:aws:kinesisanalytics: region:accountId:application/application-name

DeleteApplicationOutput

kinesisanalytics:DeleteApplicationOutput

arn:aws:kinesisanalytics: region:accountId:application/application-name

DeleteApplicationReferenceDataSource

kinesisanalytics:DeleteApplicationReferenceDataSource

arn:aws:kinesisanalytics: region:accountId:application/application-name

DescribeApplication

kinesisanalytics:DescribeApplication

arn:aws:kinesisanalytics: region:accountId:application/application-name

DiscoverInputSchema

kinesisanalytics:DiscoverInputSchema

*

ListApplications

kinesisanalytics:ListApplications

*

StartApplication

kinesisanalytics:StartApplication

arn:aws:kinesisanalytics: region:accountId:application/application-name

StopApplication

kinesisanalytics:StopApplication

arn:aws:kinesisanalytics: region:accountId:application/application-name

UpdateApplication

kinesisanalytics:UpdateApplication

arn:aws:kinesisanalytics: region:accountId:application/application-name

Access or sample data in the console

kinesisanalytics:GetApplicationState

arn:aws:kinesisanalytics: region:accountId:application/application-name

GetApplicationState

The console uses an internal method called GetApplicationState to sample or access application data. Your service application needs to have permissions for the internal kinesisanalytics:GetApplicationState API to sample or access application data through the Amazon Web Services Management Console.