Actions, resources, and condition keys for Amazon Message Delivery Service
Amazon Message Delivery Service (service prefix: ec2messages) provides the following
service-specific operations, resources, actions, and condition keys for use in IAM permission
policies.
References:
-
Learn how to configure this service.
-
View a list of the API operations available for this service.
-
Learn how to secure this service and its resources by using IAM permission policies.
-
View the programmatic service authorization reference
for this service.
Topics
Actions defined by Amazon Message Delivery Service
You can specify the following actions in the Action element of an IAM
policy statement. Use policies to grant permissions to perform an operation in Amazon. When
you use an action in a policy, you usually allow or deny access to the API operation or CLI
command with the same name. However, in some cases, a single action controls access to more
than one operation. Alternatively, some operations require several different actions.
| Actions | Description | Resource types (*required) | Condition keys | Access level |
|---|---|---|---|---|
Grants permission to acknowledge a message, ensuring it will not be delivered again |
Write |
|||
Grants permission to delete a message |
Write |
|||
Grants permission to fail a message, signifying the message could not be processed successfully, ensuring it cannot be replied to or delivered again |
Write |
|||
Grants permission to route traffic to the correct endpoint based on the given destination for the messages |
Read |
|||
Grants permission to deliver messages to clients/instances using long polling |
Read |
|||
Grants permission to send replies from clients/instances to upstream service |
Write |
Resource types defined by Amazon Message Delivery Service
Amazon Message Delivery Service does not support specifying a resource ARN in the
Resource element of an IAM policy statement.
Condition keys for Amazon Message Delivery Service
Amazon Message Delivery Service defines the following condition keys that can be used in the
Condition element of an IAM policy.
| Condition keys | Description | Type |
|---|---|---|
Filters access by the ARN of the instance from which the request originated |
ARN |
|
Filters access by verifying the Amazon Resource Name (ARN) of the Amazon Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile |
ARN |