signin:CreateOAuth2Token is a Read access-level action in the signin service. Grants permission to exchange an authorization code for OAuth 2.0 access token and refresh token that can be used to access AWS services from developer tools and applications
ARNs that signin:CreateOAuth2Token can be scoped to in an IAM policy.
No condition keys are documented for this action.
A minimal policy that allows signin:CreateOAuth2Token. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSigninCreateOAuth2Token",
"Effect": "Allow",
"Action": "signin:CreateOAuth2Token",
"Resource": "*"
}
]
}