46 actions in the payment-cryptography service. Select an action to see its access level, resource ARNs, condition keys, and a copy-paste IAM policy.
Grants permission to add replication regions to an existing AWS Payment Cryptography key
Grants permission to associate an MPA approval team with a payment cryptography action
Grants permission to create a user-friendly name for a Key
Grants permission to create a unique customer managed key in the caller's AWS account and region
Grants permission to decrypt ciphertext data to plaintext using symmetric, asymmetric or DUKPT data encryption key
Grants permission to delete the specified alias
Grants permission to schedule the deletion of a Key
Grants permission to delete the resource-based policy attached to a key
Grants permission to disable default key replication regions for account-level replication
Grants permission to disassociate an MPA approval team from a payment cryptography action
Grants permission to enable default key replication regions for account-level replication
Grants permission to encrypt plaintext data to ciphertext using symmetric, asymmetric or DUKPT data encryption key
Grants permission to export a key from the service
Grants permission to generate a KekValidationRequest or a KekValidationResponse for node-to-node initialization between payment processing nodes using Australian Standard 2805 (AS2805)
Grants permission to generate card-related data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) or Card Security Codes (CSC) that check the validity of a magnetic stripe card
Grants permission to generate a MAC (Message Authentication Code) cryptogram
Grants permission to generate a MAC (Message Authentication Code) cryptogram
Grants permission to generate pin-related data such as PIN, PIN Verification Value (PVV), PIN Block and PIN Offset during new card issuance or card re-issuance
Grants permission to return the keyArn associated with an aliasName
Grants permission to return the Certificate Signing Request for a public key from a key of class PUBLIC_KEY
Grants permission to retrieve the default key replication regions configured at the account level
Grants permission to return the detailed information about the specified key
Grants permission to retrieve information about an MPA approval team association for a payment cryptography action
Grants permission to get the export token and the signing key certificate to initiate a TR-34 key export
Grants permission to get the import token and the wrapping key certificate to initiate a TR-34 key import
Grants permission to return the public key from a key of class PUBLIC_KEY
Grants permission to retrieve the resource-based policy attached to a key
Grants permission to imports keys and public key certificates
Grants permission to return a list of aliases created for all keys in the caller's AWS account and Region
Grants permission to return a list of keys created in the caller's AWS account and Region
Grants permission to return a list of tags created in the caller's AWS account and Region
Grants permission to attach or replace a resource-based policy on a key
Grants permission to re-encrypt ciphertext using DUKPT, Symmetric and Asymmetric Data Encryption Keys
Grants permission to remove replication regions from an existing AWS Payment Cryptography key
Grants permission to cancel a scheduled key deletion if at any point during the waiting period a Key needs to be revived
Grants permission to enable a disabled Key
Grants permission to disable an enabled Key
Grants permission to add or overwrites one or more tags for the specified resource
Grants permission to translate wrapping key type for a wrapped key
Grants permission to translate encrypted PIN block from and to ISO 9564 formats 0,1,3,4
Grants permission to remove the specified tag or tags from the specified resource
Grants permission to change the key to which an alias is assigned, or unassign it from its current key
Grants permission to verify Authorization Request Cryptogram (ARQC) for a EMV chip payment card authorization
Grants permission to verify card-related validation data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) and Card Security Codes (CSC)
Grants permission to verify MAC (Message Authentication Code) of input data against a provided MAC
Grants permission to verify pin-related data such as PIN and PIN Offset using algorithms including VISA PVV and IBM3624