2025-12-06
54 new actions, 3 new resources, 2 new conditions
Additions
Actions
-
AssociateSecurityProfiles
-
Description:
Grants permission to associate security profiles with an AI agent in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: instance
Required: Yes
Name: security-profile
Required: Yes
Name: ai-agent
Required: No
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
AssociateWorkspace
-
Description:
Grants permission to associate a workspace with a user or routing profile in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: workspace
Required: Yes
Name: routing-profile
Required: No
Name: user
Required: No
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
BatchCreateDataTableValue
-
Description:
Grants permission to batch create values in a data table in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
connect:ExpressionValue
connect:PrimaryAttribute/${PrimaryAttribute}
-
BatchDeleteDataTableValue
-
Description:
Grants permission to batch delete values in a data table in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
connect:PrimaryAttribute/${PrimaryAttribute}
-
BatchDescribeDataTableValue
-
Description:
Grants permission to batch describe values in a data table in an Amazon Connect instance
-
Access:
Read
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
connect:PrimaryAttribute/${PrimaryAttribute}
-
BatchUpdateDataTableValue
-
Description:
Grants permission to batch update values in a data table in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
connect:ExpressionValue
connect:PrimaryAttribute/${PrimaryAttribute}
-
CreateContactFlowModuleAlias
-
Description:
Grants permission to create an alias of a flow module version in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: contact-flow-module
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
CreateContactFlowModuleVersion
-
Description:
Grants permission to create a version of a flow module in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: contact-flow-module
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
CreateDataTable
-
Description:
Grants permission to create a dataTable in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
CreateDataTableAttribute
-
Description:
Grants permission to create an attribute for a data table in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
CreateWorkspace
-
Description:
Grants permission to create a workspace in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: workspace
Required: Yes
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
connect:InstanceId
-
CreateWorkspacePage
-
Description:
Grants permission to create a workspace page in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: workspace
Required: Yes
Name: aws-managed-view
Required: No
Name: customer-managed-view
Required: No
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
DeleteContactFlowModuleAlias
-
Description:
Grants permission to delete an alias of a flow module version in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: contact-flow-module
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
DeleteContactFlowModuleVersion
-
Description:
Grants permission to delete a version of a flow module in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: contact-flow-module
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
DeleteDataTable
-
Description:
Grants permission to delete a data table in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
DeleteDataTableAttribute
-
Description:
Grants permission to delete an attribute of a data table in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
DeleteWorkspace
-
Description:
Grants permission to delete a workspace in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: workspace
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
DeleteWorkspaceMedia
-
Description:
Grants permission to delete workspace media in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: workspace
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
DeleteWorkspacePage
-
Description:
Grants permission to delete a workspace page in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: workspace
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
DescribeContactFlowModuleAlias
-
Description:
Grants permission to describe an alias of a flow module version in an Amazon Connect instance
-
Access:
Read
-
Resources:
Name: contact-flow-module
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
DescribeDataTable
-
Description:
Grants permission to describe a data table in an Amazon Connect instance
-
Access:
Read
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
DescribeDataTableAttribute
-
Description:
Grants permission to describe an attribute of a data table in an Amazon Connect instance
-
Access:
Read
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
DescribeWorkspace
-
Description:
Grants permission to describe a workspace in an Amazon Connect instance
-
Access:
Read
-
Resources:
Name: workspace
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
DisassociateSecurityProfiles
-
Description:
Grants permission to disassociate security profiles with an AI agent in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: instance
Required: Yes
Name: security-profile
Required: Yes
Name: ai-agent
Required: No
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
DisassociateWorkspace
-
Description:
Grants permission to disassociate a workspace from a user or routing profile in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: workspace
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
EvaluateDataTableValues
-
Description:
Grants permission to evaluate values in a data table in an Amazon Connect instance
-
Access:
Read
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
connect:PrimaryAttribute/${PrimaryAttribute}
-
ImportWorkspaceMedia
-
Description:
Grants permission to import workspace media in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: workspace
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
ListContactFlowModuleAliases
-
Description:
Grants permission to list the aliases of a flow module in an Amazon Connect instance
-
Access:
List
-
Resources:
Name: contact-flow-module
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
ListContactFlowModuleVersions
-
Description:
Grants permission to list all the versions of a flow module in an Amazon Connect instance
-
Access:
List
-
Resources:
Name: contact-flow-module
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
ListDataTableAttributes
-
Description:
Grants permission to list attributes of a data table in an Amazon Connect instance
-
Access:
List
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
ListDataTablePrimaryValues
-
Description:
Grants permission to list primary values in a data table in an Amazon Connect instance
-
Access:
List
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
connect:PrimaryAttribute/${PrimaryAttribute}
-
ListDataTableValues
-
Description:
Grants permission to list values in a data table in an Amazon Connect instance
-
Access:
List
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
connect:PrimaryAttribute/${PrimaryAttribute}
-
ListDataTables
-
Description:
Grants permission to list data tables in an Amazon Connect instance
-
Access:
List
-
Resources:
Name: instance
Required: Yes
-
Conditions:
connect:InstanceId
-
ListEntitySecurityProfiles
-
Description:
Grants permission to list security profiles associated with an entity in an Amazon Connect instance
-
Access:
List
-
Resources:
Name: instance
Required: Yes
Name: ai-agent
Required: No
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
ListSecurityProfileFlowModules
-
Description:
Grants permission to list flow modules associated with a security profile in an Amazon Connect instance
-
Access:
List
-
Resources:
Name: instance
Required: Yes
Name: security-profile
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
ListWorkspaceMedia
-
Description:
Grants permission to list workspace media in an Amazon Connect instance
-
Access:
List
-
Resources:
Name: workspace
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
ListWorkspacePages
-
Description:
Grants permission to list workspace pages in an Amazon Connect instance
-
Access:
List
-
Resources:
Name: workspace
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
ListWorkspaces
-
Description:
Grants permission to list workspaces in an Amazon Connect instance
-
Access:
List
-
Resources:
Name: instance
Required: Yes
-
Conditions:
connect:InstanceId
-
SearchContactEvaluations
-
Description:
Grants permission to search evaluation resources in an Amazon Connect instance
-
Access:
Read
-
Resources:
Name: instance
Required: Yes
-
Conditions:
connect:InstanceId
connect:SearchTag/${TagKey}
-
Dependents:
connect:DescribeContactEvaluation
-
SearchDataTables
-
Description:
Grants permission to search data tables in an Amazon Connect instance
-
Access:
Read
-
Resources:
Name: instance
Required: Yes
-
Conditions:
connect:InstanceId
connect:SearchTag/${TagKey}
-
Dependents:
connect:DescribeDataTable
-
SearchEvaluationForms
-
Description:
Grants permission to search evaluation forms resources in an Amazon Connect instance
-
Access:
Read
-
Resources:
Name: instance
Required: Yes
-
Conditions:
connect:InstanceId
connect:SearchTag/${TagKey}
-
Dependents:
connect:DescribeEvaluationForm
-
SearchViews
-
Description:
Grants permission to search views in an Amazon Connect instance
-
Access:
Read
-
Resources:
Name: instance
Required: Yes
-
Conditions:
connect:InstanceId
connect:SearchTag/${TagKey}
-
Dependents:
connect:DescribeView
-
SearchWorkspaceAssociations
-
Description:
Grants permission to search workspace associations in an Amazon Connect instance
-
Access:
Read
-
Resources:
Name: workspace
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
SearchWorkspaces
-
Description:
Grants permission to search workspaces in an Amazon Connect instance
-
Access:
Read
-
Resources:
Name: instance
Required: Yes
-
Conditions:
connect:InstanceId
connect:SearchTag/${TagKey}
-
Dependents:
connect:DescribeWorkspace
-
StartContactMediaProcessing
-
Description:
Grants permission to start message processing on an ongoing contact
-
Access:
Write
-
Resources:
Name: contact
Required: Yes
Name: instance
Required: Yes
-
Conditions:
connect:InstanceId
-
StopContactMediaProcessing
-
Description:
Grants permission to stop message processing on an ongoing contact
-
Access:
Write
-
Resources:
Name: contact
Required: Yes
Name: instance
Required: Yes
-
Conditions:
connect:InstanceId
-
UpdateContactFlowModuleAlias
-
Description:
Grants permission to update an alias of a flow module version in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: contact-flow-module
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
UpdateDataTableAttribute
-
Description:
Grants permission to update an attribute of a data table in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
UpdateDataTableMetadata
-
Description:
Grants permission to update metadata of a data table in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
UpdateDataTablePrimaryValues
-
Description:
Grants permission to update primary values in a data table in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: data-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
connect:PrimaryAttribute/${PrimaryAttribute}
-
UpdateWorkspaceMetadata
-
Description:
Grants permission to update workspace metadata in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: workspace
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
UpdateWorkspacePage
-
Description:
Grants permission to update a workspace page in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: workspace
Required: Yes
Name: aws-managed-view
Required: No
Name: customer-managed-view
Required: No
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
UpdateWorkspaceTheme
-
Description:
Grants permission to update workspace theme in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: workspace
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
-
UpdateWorkspaceVisibility
-
Description:
Grants permission to update workspace visibility in an Amazon Connect instance
-
Access:
Write
-
Resources:
Name: workspace
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
connect:InstanceId
Resources
-
data-table
-
Arn:
arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/data-table/${DataTableId}
-
Conditions:
aws:ResourceTag/${TagKey}
-
ai-agent
-
Arn:
arn:${Partition}:wisdom:${Region}:${Account}:ai-agent/${AssistantId}/${AIAgentId}:${Version}
-
workspace
-
Arn:
arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/workspace/${WorkspaceId}
-
Conditions:
aws:ResourceTag/${TagKey}