Skip to main content

IAM Permissions to use Amplify Video

These are built on top of the existing IAM recommendations found on the Amplify site here.

Live#

Expand
{    "Version": "2012-10-17",    "Statement": [        {            "Sid": "VisualEditor0",            "Effect": "Allow",            "Action": [                "cloudformation:CreateStack",                "cloudformation:CreateStackSet",                "cloudformation:DeleteStack",                "cloudformation:DeleteStackSet",                "cloudformation:DescribeStackEvents",                "cloudformation:DescribeStackResource",                "cloudformation:DescribeStackResources",                "cloudformation:DescribeStackSet",                "cloudformation:DescribeStackSetOperation",                "cloudformation:DescribeStacks",                "cloudformation:UpdateStack",                "cloudformation:UpdateStackSet",                "cloudfront:CreateCloudFrontOriginAccessIdentity",                "cloudfront:CreateDistribution",                "cloudfront:DeleteCloudFrontOriginAccessIdentity",                "cloudfront:DeleteDistribution",                "cloudfront:GetCloudFrontOriginAccessIdentity",                "cloudfront:GetCloudFrontOriginAccessIdentityConfig",                "cloudfront:GetDistribution",                "cloudfront:GetDistributionConfig",                "cloudfront:TagResource",                "cloudfront:UntagResource",                "cloudfront:UpdateCloudFrontOriginAccessIdentity",                "cloudfront:UpdateDistribution",                "events:DeleteRule",                "events:DescribeRule",                "events:PutRule",                "events:PutTargets",                "events:RemoveTargets",                "iam:CreateRole",                "iam:DeleteRole",                "iam:DeleteRolePolicy",                "iam:GetRole",                "iam:GetUser",                "iam:PassRole",                "iam:PutRolePolicy",                "iam:UpdateRole",                "lambda:AddPermission",                "lambda:CreateFunction",                "lambda:DeleteFunction",                "lambda:GetFunction",                "lambda:GetFunctionConfiguration",                "lambda:InvokeAsync",                "lambda:InvokeFunction",                "lambda:RemovePermission",                "lambda:UpdateFunctionCode",                "lambda:UpdateFunctionConfiguration",                "s3:*",                "amplify:*",                "medialive:*",                "mediastore:*",                "mediapackage:*"            ],            "Resource": "*"        }    ]}

Video-on-Demand#

Expand
{    "Version": "2012-10-17",    "Statement": [        {            "Sid": "VisualEditor0",            "Effect": "Allow",            "Action": [                "appsync:*",                "cloudformation:CreateStack",                "cloudformation:CreateStackSet",                "cloudformation:DeleteStack",                "cloudformation:DeleteStackSet",                "cloudformation:DescribeStackEvents",                "cloudformation:DescribeStackResource",                "cloudformation:DescribeStackResources",                "cloudformation:DescribeStackSet",                "cloudformation:DescribeStackSetOperation",                "cloudformation:DescribeStacks",                "cloudformation:UpdateStack",                "cloudformation:UpdateStackSet",                "cloudfront:CreateCloudFrontOriginAccessIdentity",                "cloudfront:CreateDistribution",                "cloudfront:DeleteCloudFrontOriginAccessIdentity",                "cloudfront:DeleteDistribution",                "cloudfront:GetCloudFrontOriginAccessIdentity",                "cloudfront:GetCloudFrontOriginAccessIdentityConfig",                "cloudfront:GetDistribution",                "cloudfront:GetDistributionConfig",                "cloudfront:TagResource",                "cloudfront:UntagResource",                "cloudfront:UpdateCloudFrontOriginAccessIdentity",                "cloudfront:UpdateDistribution",                "cognito-identity:CreateIdentityPool",                "cognito-identity:DeleteIdentityPool",                "cognito-identity:DescribeIdentity",                "cognito-identity:DescribeIdentityPool",                "cognito-identity:SetIdentityPoolRoles",                "cognito-identity:UpdateIdentityPool",                "cognito-idp:CreateUserPool",                "cognito-idp:CreateUserPoolClient",                "cognito-idp:DeleteUserPool",                "cognito-idp:DeleteUserPoolClient",                "cognito-idp:DescribeUserPool",                "cognito-idp:UpdateUserPool",                "cognito-idp:UpdateUserPoolClient",                "dynamodb:CreateTable",                "dynamodb:DeleteItem",                "dynamodb:DeleteTable",                "dynamodb:DescribeTable",                "dynamodb:PutItem",                "dynamodb:UpdateItem",                "dynamodb:UpdateTable",                "events:DeleteRule",                "events:DescribeRule",                "events:PutRule",                "events:PutTargets",                "events:RemoveTargets",                "iam:CreateRole",                "iam:DeleteRole",                "iam:DeleteRolePolicy",                "iam:GetRole",                "iam:GetUser",                "iam:PassRole",                "iam:PutRolePolicy",                "iam:UpdateRole",                "lambda:AddPermission",                "lambda:CreateFunction",                "lambda:DeleteFunction",                "lambda:GetFunction",                "lambda:GetFunctionConfiguration",                "lambda:InvokeAsync",                "lambda:InvokeFunction",                "lambda:RemovePermission",                "lambda:UpdateFunctionCode",                "lambda:UpdateFunctionConfiguration",                "s3:*",                "amplify:*",                "mediaconvert:*",                "secretsmanager:*",            ],            "Resource": "*"        }    ]}