ds:DescribeClientAuthenticationSettings is a Read access-level action in the ds service. Grants permission to retrieve information about the type of client authentication for the specified directory, if the type is specified. If no type is specified, information about all client authentication types that are supported for the specified directory is retrieved. Currently, only SmartCard is supported
ARNs that ds:DescribeClientAuthenticationSettings can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants ds:DescribeClientAuthenticationSettings.
Filters access by the AWS DS Resource being acted upon
A minimal policy that allows ds:DescribeClientAuthenticationSettings. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowDsDescribeClientAuthenticationSettings",
"Effect": "Allow",
"Action": "ds:DescribeClientAuthenticationSettings",
"Resource": "*"
}
]
}