payment-cryptography

46 actions in the payment-cryptography service. Select an action to see its access level, resource ARNs, condition keys, and a copy-paste IAM policy.

payment-cryptography:AddKeyReplicationRegions

Write

Grants permission to add replication regions to an existing AWS Payment Cryptography key

payment-cryptography:AssociateMpaTeam

Write

Grants permission to associate an MPA approval team with a payment cryptography action

payment-cryptography:CreateAlias

Write

Grants permission to create a user-friendly name for a Key

payment-cryptography:CreateKey

Write

Grants permission to create a unique customer managed key in the caller's AWS account and region

payment-cryptography:DecryptData

Write

Grants permission to decrypt ciphertext data to plaintext using symmetric, asymmetric or DUKPT data encryption key

payment-cryptography:DeleteAlias

Write

Grants permission to delete the specified alias

payment-cryptography:DeleteKey

Write

Grants permission to schedule the deletion of a Key

payment-cryptography:DeleteResourcePolicy

Permissions management

Grants permission to delete the resource-based policy attached to a key

payment-cryptography:DisableDefaultKeyReplicationRegions

Write

Grants permission to disable default key replication regions for account-level replication

payment-cryptography:DisassociateMpaTeam

Write

Grants permission to disassociate an MPA approval team from a payment cryptography action

payment-cryptography:EnableDefaultKeyReplicationRegions

Write

Grants permission to enable default key replication regions for account-level replication

payment-cryptography:EncryptData

Write

Grants permission to encrypt plaintext data to ciphertext using symmetric, asymmetric or DUKPT data encryption key

payment-cryptography:ExportKey

Write

Grants permission to export a key from the service

payment-cryptography:GenerateAs2805KekValidation

Write

Grants permission to generate a KekValidationRequest or a KekValidationResponse for node-to-node initialization between payment processing nodes using Australian Standard 2805 (AS2805)

payment-cryptography:GenerateCardValidationData

Write

Grants permission to generate card-related data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) or Card Security Codes (CSC) that check the validity of a magnetic stripe card

payment-cryptography:GenerateMac

Write

Grants permission to generate a MAC (Message Authentication Code) cryptogram

payment-cryptography:GenerateMacEmvPinChange

Write

Grants permission to generate a MAC (Message Authentication Code) cryptogram

payment-cryptography:GeneratePinData

Write

Grants permission to generate pin-related data such as PIN, PIN Verification Value (PVV), PIN Block and PIN Offset during new card issuance or card re-issuance

payment-cryptography:GetAlias

Read

Grants permission to return the keyArn associated with an aliasName

payment-cryptography:GetCertificateSigningRequest

Read

Grants permission to return the Certificate Signing Request for a public key from a key of class PUBLIC_KEY

payment-cryptography:GetDefaultKeyReplicationRegions

Read

Grants permission to retrieve the default key replication regions configured at the account level

payment-cryptography:GetKey

Read

Grants permission to return the detailed information about the specified key

payment-cryptography:GetMpaTeamAssociation

Read

Grants permission to retrieve information about an MPA approval team association for a payment cryptography action

payment-cryptography:GetParametersForExport

Read

Grants permission to get the export token and the signing key certificate to initiate a TR-34 key export

payment-cryptography:GetParametersForImport

Read

Grants permission to get the import token and the wrapping key certificate to initiate a TR-34 key import

payment-cryptography:GetPublicKeyCertificate

Read

Grants permission to return the public key from a key of class PUBLIC_KEY

payment-cryptography:GetResourcePolicy

Read

Grants permission to retrieve the resource-based policy attached to a key

payment-cryptography:ImportKey

Write

Grants permission to imports keys and public key certificates

payment-cryptography:ListAliases

List

Grants permission to return a list of aliases created for all keys in the caller's AWS account and Region

payment-cryptography:ListKeys

List

Grants permission to return a list of keys created in the caller's AWS account and Region

payment-cryptography:ListTagsForResource

Read

Grants permission to return a list of tags created in the caller's AWS account and Region

payment-cryptography:PutResourcePolicy

Permissions management

Grants permission to attach or replace a resource-based policy on a key

payment-cryptography:ReEncryptData

Write

Grants permission to re-encrypt ciphertext using DUKPT, Symmetric and Asymmetric Data Encryption Keys

payment-cryptography:RemoveKeyReplicationRegions

Write

Grants permission to remove replication regions from an existing AWS Payment Cryptography key

payment-cryptography:RestoreKey

Write

Grants permission to cancel a scheduled key deletion if at any point during the waiting period a Key needs to be revived

payment-cryptography:StartKeyUsage

Write

Grants permission to enable a disabled Key

payment-cryptography:StopKeyUsage

Write

Grants permission to disable an enabled Key

payment-cryptography:TagResource

Tagging

Grants permission to add or overwrites one or more tags for the specified resource

payment-cryptography:TranslateKeyMaterial

Write

Grants permission to translate wrapping key type for a wrapped key

payment-cryptography:TranslatePinData

Write

Grants permission to translate encrypted PIN block from and to ISO 9564 formats 0,1,3,4

payment-cryptography:UntagResource

Tagging

Grants permission to remove the specified tag or tags from the specified resource

payment-cryptography:UpdateAlias

Write

Grants permission to change the key to which an alias is assigned, or unassign it from its current key

payment-cryptography:VerifyAuthRequestCryptogram

Write

Grants permission to verify Authorization Request Cryptogram (ARQC) for a EMV chip payment card authorization

payment-cryptography:VerifyCardValidationData

Write

Grants permission to verify card-related validation data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) and Card Security Codes (CSC)

payment-cryptography:VerifyMac

Write

Grants permission to verify MAC (Message Authentication Code) of input data against a provided MAC

payment-cryptography:VerifyPinData

Write

Grants permission to verify pin-related data such as PIN and PIN Offset using algorithms including VISA PVV and IBM3624