223 actions in the bedrock-agentcore service. Select an action to see its access level, resource ARNs, condition keys, and a copy-paste IAM policy.
Grants permission to configure vended telemetry for a resource
Grants permission to evaluate Cedar policies for authorization requests
Grants permission to create one or more memory records
Grants permission to delete one or more memory records
Grants permission to update one or more memory records
Grants permission to retrieve access token with OAuth2 for 3LO flow to access external resource
Grants permission to connect to a browser automation stream
Grants permission to connect to a browser live view stream
Grants permission to create an A/B test
Grants permission to create a new agent runtime
Grants permission to create a new agent runtime endpoint
Grants permission to create a new API Key Credential Provider
Grants permission to create a new custom browser
Grants permission to create a new browser profile
Grants permission to create a new custom code interpreter
Grants permission to create a new configuration bundle
Grants permission to create a new evaluator
Grants permission to create an Event
Grants permission to create a new gateway
Grants permission to create a new rule in an existing gateway
Grants permission to create a new target in an existing gateway
Grants permission to create a new harness
Grants permission to create a new harness endpoint
Grants permission to create a Memory resource
Grants permission to create a new Credential Provider to access external resources with OAuth2 protocol
Grants permission to create a new online evaluation configuration
Grants permission to create a new payment connector under a payment manager
Grants permission to create a new Payment Credential Provider
Grants permission to create a new payment instrument
Grants permission to create a new payment manager
Grants permission to create a new payment session
Grants permission to create a new policy within a policy engine
Grants permission to create a new policy engine
Grants permission to create a new registry
Grants permission to create a new registry record
Grants permission to create a new Workload Identity
Grants permission to delete an A/B test
Grants permission to delete an agent runtime
Grants permission to delete an agent runtime endpoint
Grants permission to delete a registered API Key Credential Provider
Grants permission to delete a batch evaluation
Grants permission to delete a custom browser
Grants permission to delete a browser profile
Grants permission to delete a custom code interpreter
Grants permission to delete a configuration bundle
Grants permission to delete an evaluator
Grants permission to delete an Event
Grants permission to delete an existing gateway
Grants permission to delete an existing gateway rule
Grants permission to delete an existing gateway target
Grants permission to delete a harness
Grants permission to delete a harness endpoint
Grants permission to delete a Memory resource
Grants permission to delete a Memory Record
Grants permission to delete a registered OAuth2 Credential Provider
Grants permission to delete an online evaluation configuration
Grants permission to delete a payment connector
Grants permission to delete a registered Payment Credential Provider
Grants permission to delete a payment instrument
Grants permission to delete a payment manager
Grants permission to delete a payment session
Grants permission to delete a policy
Grants permission to delete a policy engine
Grants permission to delete a recommendation
Grants permission to delete an existing registry
Grants permission to delete an existing registry record
Grants permission to delete the resource-based policy for a Bedrock resource
Grants permission to delete a registered Workload Identity
Grants permission to run an evaluation using an evaluator
Grants permission to associate an AWS WAF Web ACL with an AgentCore Gateway
Grants permission to remove the AWS WAF Web ACL association from an AgentCore Gateway
Grants permission to retrieve the AWS WAF Web ACL ARN currently associated with an AgentCore Gateway
Grants permission to list AgentCore Gateways associated with an AWS WAF Web ACL
Grants permission to get details of an A/B test
Grants permission to retrieve an agent card for A2A
Grants permission to get details of an agent runtime
Grants permission to get details of an agent runtime endpoint
Grants permission to fetch a registered API Key Credential Provider by its name
Grants permission to get details of a batch evaluation
Grants permission to get details of a browser
Grants permission to get details of a browser profile
Grants permission to get details of a browser session
Grants permission to get details of a code interpreter
Grants permission to get details of a code interpreter session
Grants permission to get details of a configuration bundle
Grants permission to get a specific version of a configuration bundle
Grants permission to get details of an evaluator
Grants permission to fetch an Event
Grants permission to retrieve an existing gateway
Grants permission to retrieve an existing gateway rule
Grants permission to retrieve an existing gateway target
Grants permission to get details of a harness
Grants permission to get details of a harness endpoint
Grants permission to fetch details for a Memory resource
Grants permission to fetch a Memory Record
Grants permission to fetch a registered OAuth2 Credential Provider by its name
Grants permission to get details of an online evaluation configuration
Grants permission to retrieve details of a payment connector
Grants permission to fetch a registered Payment Credential Provider by its name
Grants permission to retrieve details of a payment instrument
Grants permission to retrieve the balance of a payment instrument
Grants permission to retrieve details of a payment manager
Grants permission to retrieve details of a payment session
Grants permission to retrieve a policy
Grants permission to retrieve a policy engine
Grants permission to retrieve a summary of a policy engine
Grants permission to retrieve status and results of a policy generation request
Grants permission to retrieve a summary of a policy generation request
Grants permission to retrieve a summary of a policy
Grants permission to get details of a recommendation
Grants permission to retrieve an existing registry
Grants permission to retrieve an existing registry record
Grants permission to retrieve an API Key associated with an Api Key Credential Provider
Grants permission to retrieve access token with OAuth2 2LO or 3LO flow to access external resource
Grants permission to retrieve a payment authentication token associated with a Payment Credential Provider
Grants permission to retrieve the resource-based policy for a Bedrock resource
Grants permission to fetch the current configuration of the TokenVault, including encryption settings
Grants permission to retrieve an Workload access token for agentic workloads not acting on behalf of a user
Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with JWT token
Grants permission to retrieve an Workload access token for agentic workloads acting on behalf of user with User Id
Grants permission to fetch details for a specific Workload identity, including its name and allowed OAuth2 return URLs
Grants permission to invoke an agent runtime endpoint
Grants permission to invoke commands on an agent runtime endpoint
Grants permission to invoke a command shell on an agent runtime endpoint over a web socket stream
Grants permission to invoke an agent runtime endpoint with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header
Grants permission to invoke an agent runtime endpoint with WebSocket stream
Grants permission to invoke an agent runtime endpoint with WebSocket stream and with X-Amzn-Bedrock-AgentCore-Runtime-User-Id header
Grants permission to invoke a code interpreter session
Grants permission to invoke a gateway
Grants permission to invoke a harness
Grants permission to invoke an MCP operation against an existing registry
Grants permission to invoke a web search target
Grants permission to list A/B tests
Grants permission to list Actors
Grants permission to list agent runtime endpoints
Grants permission to list agent runtimes
Grants permission to list agent runtime versions
Grants permission to list all API Key Credential Providers in the Token Vault
Grants permission to list batch evaluations
Grants permission to list browser profiles
Grants permission to list browsers
Grants permission to list browser sessions
Grants permission to list code interpreters
Grants permission to list code interpreter sessions
Grants permission to list configuration bundles
Grants permission to list versions of a configuration bundle
Grants permission to list evaluators
Grants permission to list events
Grants permission to list existing gateway rules
Grants permission to list existing gateways
Grants permission to list existing gateway targets
Grants permission to list harness endpoints
Grants permission to list harnesses
Grants permission to list memory resources
Grants permission to list extraction jobs for this memory
Grants permission to list memory records
Grants permission to list all OAuth2 Credential Providers in the Token Vault
Grants permission to list online evaluation configurations
Grants permission to list payment connectors under a payment manager
Grants permission to list all Payment Credential Providers in the Token Vault
Grants permission to list payment instruments
Grants permission to list payment managers
Grants permission to list payment sessions
Grants permission to list policies within a policy engine
Grants permission to list policy engines
Grants permission to list policy engine summaries
Grants permission to list generated policy assets from a generation request
Grants permission to list policy generation requests
Grants permission to list policy generation summaries
Grants permission to list policy summaries within a policy engine
Grants permission to list recommendations
Grants permission to list existing registries
Grants permission to list existing registry records in a registry
Grants permission to list sessions
Grants permission to list tags for a Bedrock-AgentCore resource
Grants permission to list all Workload Identities in the caller's AWS account
Grants permission to create or modify wildcard policies that apply to gateway resources
Grants permission to create or modify policies that apply to specific gateway resources
Grants permission to perform partial evaluation of Cedar policies to authorize a caller to list tools they are allowed to call
Grants permission to process a payment transaction
Grants permission to create or update the resource-based policy for a Bedrock resource
Grants permission to retrieve memory records through sematic query
Grants permission to save a browser session profile
Grants permission to search for registry records
Grants permission to associate a Customer Managed Key (CMK) or a Service Managed Key with a specific TokenVault
Grants permission to start a batch evaluation
Grants permission to start a new browser session
Grants permission to start a new code interpreter session
Grants permission to start memory extraction job
Grants permission to start an AI-powered policy generation request
Grants permission to start a recommendation
Grants permission to stop a batch evaluation
Grants permission to stop a browser session
Grants permission to stop a code interpreter session
Grants permission to stop a runtime session
Grants permission to submit a registry record for approval
Grants permission to enable search on gateways
Grants permission to Tag a Bedrock-AgentCore resource
Grants permission to Untag a Bedrock-AgentCore resource
Grants permission to update an A/B test
Grants permission to update an agent runtime
Grants permission to update an agent runtime endpoint
Grants permission to update an existing API Key Credential Provider
Grants permission to update the status of browser session stream
Grants permission to update a configuration bundle
Grants permission to update an evaluator
Grants permission to update an existing gateway
Grants permission to update an existing gateway rule
Grants permission to update an existing gateway target
Grants permission to update a harness
Grants permission to update harness endpoint
Grants permission to update a Memory resource
Grants permission to update an existing OAuth2 Credential Provider
Grants permission to update an online evaluation configuration
Grants permission to update an existing payment connector
Grants permission to update an existing Payment Credential Provider
Grants permission to update an existing payment manager
Grants permission to update an existing policy
Grants permission to update a policy engine
Grants permission to update an existing registry
Grants permission to update an existing registry record
Grants permission to update the status of a registry record
Grants permission to update the metadata of an existing Workload Identity