signin

13 actions in the signin service. Select an action to see its access level, resource ARNs, condition keys, and a copy-paste IAM policy.

signin:Authenticate

Read

Grants permission to authenticate to the AWS Management Console

signin:AuthorizeOAuth2Access

Read

Grants permission to authenticate through a browser and obtain an OAuth 2.0 authorization code for credential exchange

signin:CreateAccount

Write

Grants permission to create an AWS account through the AWS Management Console sign-up flow

signin:CreateOAuth2Token

Read

Grants permission to exchange an authorization code for OAuth 2.0 access token and refresh token that can be used to access AWS services from developer tools and applications

signin:CreateTrustedIdentityPropagationApplicationForConsole

Write

Grants permission to create an Identity Center application that represents the AWS Management Console on an Identity Center organization instance

signin:DeleteConsoleAuthorizationConfiguration

Write

Grants permission to disable console authorization configuration for an AWS account or organization

signin:DeleteResourcePermissionStatement

Write

Grants permission to remove a permission statement from the account's SignIn Resource Based Policy

signin:GetConsoleAuthorizationConfiguration

Read

Grants permission to retrieve console authorization configuration for an AWS account or organization

signin:GetResourcePolicy

Read

Grants permission to retrieve SignIn Resource Based Policy document that is attached with your account

signin:ListResourcePermissionStatements

List

Grants permission to list the SignIn Resource Based Policy statements in your account

signin:ListTrustedIdentityPropagationApplicationsForConsole

List

Grants permission to list all Identity Center applications that represent the AWS Management Console

signin:PutConsoleAuthorizationConfiguration

Write

Grants permission to enable console authorization configuration for an AWS account or organization

signin:PutResourcePermissionStatement

Write

Grants permission to create a permission statement in the account's SignIn resource-based policy