AWS Managed Policies Explorer

Home About

AWS Managed Policies. A maze of twisty passages all alike. Explore them here. If it looks like a button, it's clickable. Always up to date.

Service: Amazon CloudFront

Short Name:

cloudfront

ARN Format:arn:aws:cloudfront:${Region}:${Account}:${ResourceType}/${ResourceId}

ARN Regex:^arn:aws:cloudfront:.+:[0-9]+:.+

CloudFrontFullAccess

…

AWSConfigRole

Action	Reference	Description
cloudfront:ListCachePolicies	Docs	Grants permission to list all cache policies that have been created in CloudFront for this account
cloudfront:ListCloudFrontOriginAccessIdentities	Docs	Grants permission to list your CloudFront origin access identities
cloudfront:ListConflictingAliases	Docs	Grants permission to list all aliases that conflict with the given alias in CloudFront
cloudfront:ListContinuousDeploymentPolicies	Docs	Grants permission to list all continuous-deployment policies in the account
cloudfront:ListDistributions	Docs	Grants permission to list the distributions associated with your AWS account
cloudfront:ListDistributionsByCachePolicyId	Docs	Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified cache policy
cloudfront:ListDistributionsByKeyGroup	Docs	Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified key group
cloudfront:ListDistributionsByLambdaFunction	Docs	Grants permission to list the distributions associated a Lambda function
cloudfront:ListDistributionsByOriginRequestPolicyId	Docs	Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified origin request policy
cloudfront:ListDistributionsByRealtimeLogConfig	Docs	Grants permission to get a list of distributions that have a cache behavior thatâs associated with the specified real-time log configuration
cloudfront:ListDistributionsByResponseHeadersPolicyId	Docs	Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified response headers policy
cloudfront:ListDistributionsByWebACLId	Docs	Grants permission to list the distributions associated with your AWS account with given AWS WAF web ACL
cloudfront:ListFieldLevelEncryptionConfigs	Docs	Grants permission to list all field-level encryption configurations that have been created in CloudFront for this account
cloudfront:ListFieldLevelEncryptionProfiles	Docs	Grants permission to list all field-level encryption profiles that have been created in CloudFront for this account
cloudfront:ListFunctions	Docs	Grants permission to get a list of CloudFront functions
cloudfront:ListInvalidations	Docs	Grants permission to list your invalidation batches
cloudfront:ListKeyGroups	Docs	Grants permission to list all key groups that have been created in CloudFront for this account
cloudfront:ListKeyValueStores	Docs	Grants permission to get a list of CloudFront KeyValueStores
cloudfront:ListOriginAccessControls	Docs	Grants permission to list all origin access controls in the account
cloudfront:ListOriginRequestPolicies	Docs	Grants permission to list all origin request policies that have been created in CloudFront for this account
cloudfront:ListPublicKeys	Docs	Grants permission to list all public keys that have been added to CloudFront for this account
cloudfront:ListRateCards	Docs	Grants permission to list CloudFront rate cards for the account
cloudfront:ListRealtimeLogConfigs	Docs	Grants permission to get a list of real-time log configurations
cloudfront:ListResponseHeadersPolicies	Docs	Grants permission to list all response headers policies that have been created in CloudFront for this account
cloudfront:ListSavingsPlans	Docs	Grants permission to list savings plans in the account
cloudfront:ListStreamingDistributions	Docs	Grants permission to list your RTMP distributions
cloudfront:ListUsages	Docs	Grants permission to list CloudFront usage
cloudfront:DescribeFunction	Docs	Grants permission to get a CloudFront function summary
cloudfront:DescribeKeyValueStore	Docs	Grants permission to get a CloudFront KeyValueStore summary
cloudfront:GetCachePolicy	Docs	Grants permission to get the cache policy
cloudfront:GetCachePolicyConfig	Docs	Grants permission to get the cache policy configuration
cloudfront:GetCloudFrontOriginAccessIdentity	Docs	Grants permission to get the information about a CloudFront origin access identity
cloudfront:GetCloudFrontOriginAccessIdentityConfig	Docs	Grants permission to get the configuration information about a Cloudfront origin access identity
cloudfront:GetContinuousDeploymentPolicy	Docs	Grants permission to get the continuous-deployment policy
cloudfront:GetContinuousDeploymentPolicyConfig	Docs	Grants permission to get the continuous-deployment policy configuration
cloudfront:GetDistribution	Docs	Grants permission to get the information about a web distribution
cloudfront:GetDistributionConfig	Docs	Grants permission to get the configuration information about a distribution
cloudfront:GetFieldLevelEncryption	Docs	Grants permission to get the field-level encryption configuration information
cloudfront:GetFieldLevelEncryptionConfig	Docs	Grants permission to get the field-level encryption configuration information
cloudfront:GetFieldLevelEncryptionProfile	Docs	Grants permission to get the field-level encryption configuration information
cloudfront:GetFieldLevelEncryptionProfileConfig	Docs	Grants permission to get the field-level encryption profile configuration information
cloudfront:GetFunction	Docs	Grants permission to get a CloudFront function's code
cloudfront:GetInvalidation	Docs	Grants permission to get the information about an invalidation
cloudfront:GetKeyGroup	Docs	Grants permission to get a key group
cloudfront:GetKeyGroupConfig	Docs	Grants permission to get a key group configuration
cloudfront:GetMonitoringSubscription	Docs	Grants permission to get information about whether additional CloudWatch metrics are enabled for the specified CloudFront distribution
cloudfront:GetOriginAccessControl	Docs	Grants permission to get the origin access control
cloudfront:GetOriginAccessControlConfig	Docs	Grants permission to get the origin access control configuration
cloudfront:GetOriginRequestPolicy	Docs	Grants permission to get the origin request policy
cloudfront:GetOriginRequestPolicyConfig	Docs	Grants permission to get the origin request policy configuration
cloudfront:GetPublicKey	Docs	Grants permission to get the public key information
cloudfront:GetPublicKeyConfig	Docs	Grants permission to get the public key configuration information
cloudfront:GetRealtimeLogConfig	Docs	Grants permission to get a real-time log configuration
cloudfront:GetResponseHeadersPolicy	Docs	Grants permission to get the response headers policy
cloudfront:GetResponseHeadersPolicyConfig	Docs	Grants permission to get the response headers policy configuration
cloudfront:GetSavingsPlan	Docs	Grants permission to get a savings plan
cloudfront:GetStreamingDistribution	Docs	Grants permission to get the information about an RTMP distribution
cloudfront:GetStreamingDistributionConfig	Docs	Grants permission to get the configuration information about a streaming distribution
cloudfront:ListTagsForResource	Docs	Grants permission to list tags for a CloudFront resource
cloudfront:TagResource	Docs	Grants permission to add tags to a CloudFront resource
cloudfront:UntagResource	Docs	Grants permission to remove tags from a CloudFront resource
cloudfront:AssociateAlias	Docs	Grants permission to associate an alias to a CloudFront distribution
cloudfront:CopyDistribution	Docs	Grants permission to copy an existing distribution and create a new web distribution
cloudfront:CreateCachePolicy	Docs	Grants permission to add a new cache policy to CloudFront
cloudfront:CreateCloudFrontOriginAccessIdentity	Docs	Grants permission to create a new CloudFront origin access identity
cloudfront:CreateContinuousDeploymentPolicy	Docs	Grants permission to add a new continuous-deployment policy to CloudFront
cloudfront:CreateDistribution	Docs	Grants permission to create a new web distribution
cloudfront:CreateFieldLevelEncryptionConfig	Docs	Grants permission to create a new field-level encryption configuration
cloudfront:CreateFieldLevelEncryptionProfile	Docs	Grants permission to create a field-level encryption profile
cloudfront:CreateFunction	Docs	Grants permission to create a CloudFront function
cloudfront:CreateInvalidation	Docs	Grants permission to create a new invalidation batch request
cloudfront:CreateKeyGroup	Docs	Grants permission to add a new key group to CloudFront
cloudfront:CreateKeyValueStore	Docs	Grants permission to create a CloudFront KeyValueStore
cloudfront:CreateMonitoringSubscription	Docs	Grants permission to enable additional CloudWatch metrics for the specified CloudFront distribution. The additional metrics incur an additional cost
cloudfront:CreateOriginAccessControl	Docs	Grants permission to create a new origin access control
cloudfront:CreateOriginRequestPolicy	Docs	Grants permission to add a new origin request policy to CloudFront
cloudfront:CreatePublicKey	Docs	Grants permission to add a new public key to CloudFront
cloudfront:CreateRealtimeLogConfig	Docs	Grants permission to create a real-time log configuration
cloudfront:CreateResponseHeadersPolicy	Docs	Grants permission to add a new response headers policy to CloudFront
cloudfront:CreateSavingsPlan	Docs	Grants permission to create a new savings plan
cloudfront:CreateStreamingDistribution	Docs	Grants permission to create a new RTMP distribution
cloudfront:CreateStreamingDistributionWithTags	Docs	Grants permission to create a new RTMP distribution with tags
cloudfront:DeleteCachePolicy	Docs	Grants permission to delete a cache policy
cloudfront:DeleteCloudFrontOriginAccessIdentity	Docs	Grants permission to delete a CloudFront origin access identity
cloudfront:DeleteContinuousDeploymentPolicy	Docs	Grants permission to delete a continuous-deployment policy
cloudfront:DeleteDistribution	Docs	Grants permission to delete a web distribution
cloudfront:DeleteFieldLevelEncryptionConfig	Docs	Grants permission to delete a field-level encryption configuration
cloudfront:DeleteFieldLevelEncryptionProfile	Docs	Grants permission to delete a field-level encryption profile
cloudfront:DeleteFunction	Docs	Grants permission to delete a CloudFront function
cloudfront:DeleteKeyGroup	Docs	Grants permission to delete a key group
cloudfront:DeleteKeyValueStore	Docs	Grants permission to delete a CloudFront KeyValueStore
cloudfront:DeleteMonitoringSubscription	Docs	Grants permission to disable additional CloudWatch metrics for the specified CloudFront distribution
cloudfront:DeleteOriginAccessControl	Docs	Grants permission to delete an origin access control
cloudfront:DeleteOriginRequestPolicy	Docs	Grants permission to delete an origin request policy
cloudfront:DeletePublicKey	Docs	Grants permission to delete a public key from CloudFront
cloudfront:DeleteRealtimeLogConfig	Docs	Grants permission to delete a real-time log configuration
cloudfront:DeleteResponseHeadersPolicy	Docs	Grants permission to delete a response headers policy
cloudfront:DeleteStreamingDistribution	Docs	Grants permission to delete an RTMP distribution
cloudfront:PublishFunction	Docs	Grants permission to publish a CloudFront function
cloudfront:TestFunction	Docs	Grants permission to test a CloudFront function
cloudfront:UpdateCachePolicy	Docs	Grants permission to update a cache policy
cloudfront:UpdateCloudFrontOriginAccessIdentity	Docs	Grants permission to set the configuration for a CloudFront origin access identity
cloudfront:UpdateContinuousDeploymentPolicy	Docs	Grants permission to update a continuous-deployment policy
cloudfront:UpdateDistribution	Docs	Grants permission to update the configuration for a web distribution
cloudfront:UpdateFieldLevelEncryptionConfig	Docs	Grants permission to update a field-level encryption configuration
cloudfront:UpdateFieldLevelEncryptionProfile	Docs	Grants permission to update a field-level encryption profile
cloudfront:UpdateFunction	Docs	Grants permission to update a CloudFront function
cloudfront:UpdateKeyGroup	Docs	Grants permission to update a key group
cloudfront:UpdateKeyValueStore	Docs	Grants permission to update a CloudFront KeyValueStore
cloudfront:UpdateOriginAccessControl	Docs	Grants permission to update an origin access control
cloudfront:UpdateOriginRequestPolicy	Docs	Grants permission to update an origin request policy
cloudfront:UpdatePublicKey	Docs	Grants permission to update public key information
cloudfront:UpdateRealtimeLogConfig	Docs	Grants permission to update a real-time log configuration
cloudfront:UpdateResponseHeadersPolicy	Docs	Grants permission to update a response headers policy
cloudfront:UpdateSavingsPlan	Docs	Grants permission to update a savings plan
cloudfront:UpdateStreamingDistribution	Docs	Grants permission to update the configuration for an RTMP distribution

aws:RequestTag/${TagKey}aws:ResourceTag/${TagKey}aws:TagKeys