ds:DescribeClientAuthenticationSettings

Read

ds:DescribeClientAuthenticationSettings is a Read access-level action in the ds service. Grants permission to retrieve information about the type of client authentication for the specified directory, if the type is specified. If no type is specified, information about all client authentication types that are supported for the specified directory is retrieved. Currently, only SmartCard is supported

Resource types

ARNs that ds:DescribeClientAuthenticationSettings can be scoped to in an IAM policy.

arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}
directory

Condition keys

Keys you can use in the Condition block of a policy that grants ds:DescribeClientAuthenticationSettings.

aws:ResourceTag/${TagKey} String

Filters access by the AWS DS Resource being acted upon

Example IAM policy

A minimal policy that allows ds:DescribeClientAuthenticationSettings. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowDsDescribeClientAuthenticationSettings",
      "Effect": "Allow",
      "Action": "ds:DescribeClientAuthenticationSettings",
      "Resource": "*"
    }
  ]
}

Related actions in ds

View all ds actions →