"AddUserToGroup" - Adds the specified IAM user to the specified group.
"AttachGroupPolicy" - Attaches the specified managed policy to the specified IAM group.
"AttachRolePolicy" - Attaches the specified managed policy to the specified IAM role.
"AttachUserPolicy" - Attaches the specified managed policy to the specified IAM user.
"ChangePassword" - Changes the password of the IAM user that is requesting this operation.
"CreateAccessKey" - Creates a new AWS secret access key and corresponding AWS access key ID for the specified IAM user.
"CreateAccountAlias" - Creates an alias for your Amazon Web Services account.
"CreateGroup" - Creates a new AWS IAM group.
"CreateLoginProfile" - Creates a password for the specified IAM user, allowing the user to access AWS services through the AWS Management Console.
"CreateOpenIDConnectProvider" - Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).
"CreatePolicy" - Creates a new managed policy for your AWS account.
"CreatePolicyVersion" - Creates a new version of the specified managed policy.
"CreateRole" - Creates a new IAM role for your AWS account.
"CreateSAMLProvider" - Creates an IAM resource that describes an identity provider (IdP) that supports SAML version 2.0.
"CreateServiceLinkedRole" - Creates an IAM role that is linked to a specific AWS service.
"CreateServiceSpecificCredential" - Generates a set of credentials (i.e. a user name and a password) that can be used to access the AWS service specified in the request.
"CreateUser" - Creates a new IAM user for your AWS account.
"CreateVirtualMFADevice" - Creates a new virtual MFA device for your AWS account.
"DeactivateMFADevice" - Deactivates the specified MFA device and removes it from its associated IAM user.
"DeleteAccessKey" - Deletes the access key pair associated with the specified IAM user.
"DeleteAccountAlias" - Deletes the specified AWS account alias.
"DeleteAccountPasswordPolicy" - Deletes the password policy for your AWS account.
"DeleteGroup" - Deletes the specified AWS IAM group.
"DeleteGroupPolicy" - Deletes the specified inline policy that is embedded within the specified IAM group.
"DeleteLoginProfile" - Deletes the password for the specified IAM user, which terminates the IAM user's ability to access AWS services using the AWS Management Console.
"DeleteOpenIDConnectProvider" - Deletes an OpenID Connect identity provider (IdP) resource object in AWS IAM.
"DeletePolicy" - Deletes the specified managed access policy.
"DeletePolicyVersion" - Deletes the specified version from the specified managed access policy.
"DeleteRole" - Deletes the specified IAM role.
"DeleteRolePermissionsBoundary" - Deletes the permissions boundary for the specified IAM role.
"DeleteRolePolicy" - Deletes the specified inline policy that is embedded within the specified IAM role.
"DeleteSAMLProvider" - Deletes a SAML provider resource in AWS IAM.
"DeleteServerCertificate" - Deletes the specified server certificate.
"DeleteServiceLinkedRole" - Submits a service-linked role deletion request and returns a DeletionTaskId ID, which you can use to check the status of the deletion request.
"DeleteServiceSpecificCredential" - Deletes the specified service-specific credential.
"DeleteSigningCertificate" - Deletes a signing certificate associated with the specified IAM user.
"DeleteSSHPublicKey" - Deletes the specified SSH public key.
"DeleteUser" - Deletes the specified AWS IAM user.
"DeleteUserPermissionsBoundary" - Deletes the permissions boundary for the specified IAM user.
"DeleteUserPolicy" - Deletes the specified inline policy that is embedded within the specified IAM user.
"DeleteVirtualMFADevice" - Deletes a virtual Multi-factor authentication (MFA) device.
"DetachGroupPolicy" - Removes the specified managed policy from the specified IAM group.
"DetachRolePolicy" - Removes the specified managed access policy from the specified role.
"DetachUserPolicy" - Removes the specified managed policy from the specified user.
"EnableMFADevice" - Enables the specified MFA device and associates it with the specified IAM user.
"PutGroupPolicy" - Adds or updates an inline policy document that is embedded within the specified IAM group.
"PutRolePermissionsBoundary" - Adds or updates the policy that is specified as the IAM role's permissions boundary.
"PutRolePolicy" - Adds or updates an inline policy document that is embedded within the specified IAM role.
"PutUserPermissionsBoundary" - Adds or updates the policy that is specified as the IAM user's permissions boundary.
"PutUserPolicy" - Adds or updates an inline policy document that is embedded within the specified IAM user.
"RemoveClientIDFromOpenIDConnectProvider" - Removes the specified client ID from the list of client IDs registered for the specified IAM OpenID Connect (OIDC) provider resource object.
"RemoveUserFromGroup" - Removes the specified IAM user from the specified group.
"ResetServiceSpecificCredential" - Resets the password for an AWS service-specific credential.
"SetDefaultPolicyVersion" - Sets the specified version of the specified policy as the policy's default version.
"UpdateAccessKey" - Changes the status of the specified access key from Active to Inactive, or vice versa.
"UpdateAccountPasswordPolicy" - Updates the password policy settings for your AWS account.
"UpdateAssumeRolePolicy" - Updates the policy that allows an IAM entity permission to assume an IAM role.
"UpdateGroup" - Updates the name and/or the path of the specified IAM group.
"UpdateLoginProfile" - Changes the password for the specified AWS IAM user.
"UpdateOpenIDConnectProviderThumbprint" - Replaces the existing set of server certificate thumbprints associated with an OpenID Connect (OIDC) provider resource object with a new set of thumbprints.
"UpdateRole" - Updates the description or maximum session duration setting of an IAM role.
"UpdateSAMLProvider" - Updates the metadata document for an existing SAML provider resource object.
"UpdateServerCertificate" - Updates the name and/or the path of the specified server certificate stored within AWS IAM.
"UpdateServiceSpecificCredential" - Sets the status of a service-specific credential to Active or Inactive.
"UpdateSigningCertificate" - Changes the status of the specified user signing certificate from Active to Disabled, or vice versa.
"UpdateSSHPublicKey" - Sets the status of an IAM user's SSH public key to Active or Inactive.
"UpdateUser" - Updates the name and/or the path of the specified AWS IAM user.
"UploadServerCertificate" - Uploads a server certificate entity for your AWS account.
"UploadSigningCertificate" - Uploads an X.509 signing certificate and associates it with the specified AWS IAM user.
"UploadSSHPublicKey" - Uploads an SSH public key and associates it with the specified AWS IAM user.
Amazon IAM enables you to control which users have permission to access various services and resources within your Amazon Web Services account and the type of actions they can perform. Therefore, Cloud Conformity strongly recommends that you avoid as much as possible to provide your non-privileged IAM users the permission to change the Identity and Access Management (IAM) service configuration.
The communication channels required for sending RTMA notifications can be configured in your Cloud Conformity account. The list of supported communication channels that you can use to receive configuration change alerts for Amazon IAM service are SMS, Email, PagerDuty, Slack, ServiceNow and Zendesk.