Which actions are considered high-privilege in Critical Activity Logs for AWS?
| Service Name | High-Privilege Actions |
|---|---|
| AWS Comprehend | DeleteDocumentClassifier DeleteEndpoint DeleteEntityRecognizer DeleteResourcePolicy StopDominantLanguageDetectionJob StopEntitiesDetectionJob StopEventsDetectionJob StopKeyPhrasesDetectionJob StopPiiEntitiesDetectionJob StopSentimentDetectionJob StopTrainingDocumentClassifier StopTrainingEntityRecognizer UntagResource |
| AWS EFS Service | DeleteAccessPoint DeleteFileSystem DeleteFileSystemPolicy DeleteMountTarget DeleteReplicationConfiguration DeleteTags UntagResource |
| AWS Glue Service | BatchDeleteConnection BatchDeletePartition BatchDeleteTable BatchDeleteTableVersion BatchStopJobRun DeleteBlueprint DeleteClassifier DeleteColumnStatisticsForPartition DeleteColumnStatisticsForTable DeleteConnection DeleteCrawler DeleteDatabase DeleteDevEndpoint DeleteJob DeleteMLTransform DeletePartition DeletePartitionIndex DeleteRegistry DeleteResourcePolicy DeleteSchema DeleteSchemaVersions DeleteSecurityConfiguration DeleteSession DeleteTable DeleteTableVersion DeleteTrigger DeleteUserDefinedFunction DeleteWorkflow RemoveSchemaVersionMetadata StopCrawler StopCrawlerSchedule StopSession StopTrigger StopWorkflowRun UntagResource |
| AWS IoT Things Graph | AssociateEntityToThing DeleteFlowTemplate DeleteNamespace DeleteSystemInstance DeleteSystemTemplate UntagResource |
| AWS SageMaker Evidently | DeleteExperiment DeleteFeature DeleteLaunch DeleteProject StopExperiment StopLaunch |
| AWS Savings Plans | DeleteQueuedSavingsPlan UntagResource |
| AWS SSM Service | AssociateOpsItemRelatedItem DeleteActivation DeleteAssociation DeleteDocument DeleteInventory DeleteMaintenanceWindow DeleteOpsMetadata DeleteParameter DeleteParameters DeletePatchBaseline DeleteResourceDataSync DisassociateOpsItemRelatedItem RemoveTagsFromResource StopAutomationExecution TerminateSession |
| AWS Single Sign-On | AssociateDirectory AssociateProfile DeleteAccountAssignment DeleteApplicationInstance DeleteApplicationInstanceCertificate DeleteInlinePolicyFromPermissionSet DeleteInstanceAccessControlAttributeConfiguration DeleteManagedApplicationInstance DeletePermissionSet DeletePermissionsPolicy DeleteProfile DisassociateDirectory DisassociateProfile UntagResource |
| AWS IoT Core | AssociateTargetsWithJob CloseTunnel DeleteAccountAuditConfiguration DeleteAuditSuppression DeleteAuthorizer DeleteBillingGroup DeleteCACertificate DeleteCertificate DeleteCustomMetric DeleteDimension DeleteDomainConfiguration DeleteDynamicThingGroup DeleteFleetMetric DeleteJob DeleteJobExecution DeleteJobTemplate DeleteMitigationAction DeleteOTAUpdate DeletePolicy DeletePolicyVersion DeleteProvisioningTemplate DeleteProvisioningTemplateVersion DeleteRegistrationCode DeleteRoleAlias DeleteScheduledAudit DeleteSecurityProfile DeleteStream DeleteThing DeleteThingGroup DeleteThingShadow DeleteThingType DeleteTopicRule DeleteTopicRuleDestination DeleteV2LoggingLevel DisableTopicRule RemoveThingFromBillingGroup RemoveThingFromThingGroup StopThingRegistrationTask UntagResource |
| AWS MGH | AssociateCreatedArtifact AssociateDiscoveredResource DeleteProgressUpdateStream DisassociateCreatedArtifact DisassociateDiscoveredResource |
| AWS Fault Injection Simulator | DeleteExperimentTemplate StopExperiment UntagResource |
| AWS Lambda Service | DeleteAlias DeleteCodeSigningConfig DeleteEventSourceMapping DeleteFunction DeleteFunctionCodeSigningConfig DeleteFunctionConcurrency DeleteFunctionEventInvokeConfig DeleteLayerVersion DeleteProvisionedConcurrencyConfig DisableReplication RemoveLayerVersionPermission RemovePermission UntagResource |
| AWS Application Migration Service | BatchDeleteSnapshotRequestForMgn DeleteJob DeleteReplicationConfigurationTemplate DeleteSourceServer DeleteVcenterClient TerminateTargetInstances UntagResource |
| AWS Data Exchange | DeleteAsset DeleteDataSet DeleteEventAction DeleteRevision UntagResource |
| AWS Machine Learning | DeleteBatchPrediction DeleteDataSource DeleteEvaluation DeleteMLModel DeleteRealtimeEndpoint DeleteTags |
| AWS Audit Manager | AssociateAssessmentReportEvidenceFolder BatchAssociateAssessmentReportEvidence BatchDeleteDelegationByAssessment BatchDisassociateAssessmentReportEvidence DeleteAssessment DeleteAssessmentFramework DeleteAssessmentFrameworkShare DeleteAssessmentReport DeleteControl DisassociateAssessmentReportEvidenceFolder UntagResource |
| AWS GuardDuty | DeleteDetector DeleteFilter DeleteIPSet DeleteInvitations DeleteMembers DeletePublishingDestination DeleteThreatIntelSet DisableOrganizationAdminAccount DisassociateFromMasterAccount DisassociateMembers StopMonitoringMembers UntagResource |
| AWS EventBridge Service | DeleteApiDestination DeleteArchive DeleteConnection DeleteEventBus DeletePartnerEventSource DeleteRule DisableRule RemovePermission RemoveTargets UntagResource |
| AWS Lex | DeleteBot DeleteBotAlias DeleteBotChannel DeleteBotLocale DeleteBotVersion DeleteCustomVocabulary DeleteExport DeleteImport DeleteIntent DeleteResourcePolicy DeleteSession DeleteSlot DeleteSlotType DeleteUtterances SearchAssociatedTranscripts UntagResource DeleteBot DeleteBotAlias DeleteBotChannelAssociation DeleteBotVersion DeleteIntent DeleteIntentVersion DeleteSession DeleteSlotType DeleteSlotTypeVersion DeleteUtterances UntagResource |
| AWS Proton | DeleteAccountRoles DeleteEnvironment DeleteEnvironmentAccountConnection DeleteEnvironmentTemplate DeleteEnvironmentTemplateMajorVersion DeleteEnvironmentTemplateMinorVersion DeleteEnvironmentTemplateVersion DeleteRepository DeleteService DeleteServiceTemplate DeleteServiceTemplateMajorVersion DeleteServiceTemplateMinorVersion DeleteServiceTemplateVersion DeleteTemplateSyncConfig UntagResource |
| AWS Resource Access Manager | AssociateResourceShare AssociateResourceSharePermission DeleteResourceShare DisassociateResourceShare DisassociateResourceSharePermission UntagResource |
| AWS MediaConnect | DeleteFlow RemoveFlowMediaStream RemoveFlowOutput RemoveFlowSource RemoveFlowVpcInterface RevokeFlowEntitlement StopFlow UntagResource |
| AWS S3 Service | BypassGovernanceRetention DeleteAccessPoint DeleteAccessPointForObjectLambda DeleteAccessPointPolicy DeleteAccessPointPolicyForObjectLambda DeleteBucket DeleteBucketPolicy DeleteBucketWebsite DeleteJobTagging DeleteMultiRegionAccessPoint DeleteObject DeleteObjectTagging DeleteObjectVersion DeleteObjectVersionTagging DeleteStorageLensConfiguration DeleteStorageLensConfigurationTagging ReplicateDelete |
| AWS SageMaker Service | AssociateTrialComponent DeleteAction DeleteAlgorithm DeleteApp DeleteAppImageConfig DeleteArtifact DeleteAssociation DeleteCodeRepository DeleteContext DeleteDataQualityJobDefinition DeleteDeviceFleet DeleteDomain DeleteEndpoint DeleteEndpointConfig DeleteExperiment DeleteFeatureGroup DeleteFlowDefinition DeleteHumanLoop DeleteHumanTaskUi DeleteImage DeleteImageVersion DeleteLineageGroupPolicy DeleteModel DeleteModelBiasJobDefinition DeleteModelExplainabilityJobDefinition DeleteModelPackage DeleteModelPackageGroup DeleteModelPackageGroupPolicy DeleteModelQualityJobDefinition DeleteMonitoringSchedule DeleteNotebookInstance DeleteNotebookInstanceLifecycleConfig DeletePipeline DeleteProject DeleteRecord DeleteTags DeleteTrial DeleteTrialComponent DeleteUserProfile DeleteWorkforce DeleteWorkteam DisableSagemakerServicecatalogPortfolio DisassociateTrialComponent StopAutoMLJob StopCompilationJob StopEdgePackagingJob StopHumanLoop StopHyperParameterTuningJob StopInferenceRecommendationsJob StopLabelingJob StopMonitoringSchedule StopNotebookInstance StopPipelineExecution StopProcessingJob StopTrainingJob StopTransformJob |
| AWS Lake Formation | BatchRevokePermissions DeleteDataCellsFilter DeleteLFTag DeleteObjectsOnCancel RemoveLFTagsFromResource RevokePermissions |
| AWS Prometheus Service | DeleteAlertManagerDefinition DeleteAlertManagerSilence DeleteRuleGroupsNamespace DeleteWorkspace UntagResource |
| AWS Mobile Hub | DeleteProject DeleteProjectSnapshot |
| AWS Global Accelerator | DeleteAccelerator DeleteCustomRoutingAccelerator DeleteCustomRoutingEndpointGroup DeleteCustomRoutingListener DeleteEndpointGroup DeleteListener RemoveCustomRoutingEndpoints UntagResource WithdrawByoipCidr |
| AWS Pinpoint Profiles | DeleteDomain DeleteIntegration DeleteProfile DeleteProfileKey DeleteProfileObject DeleteProfileObjectType UntagResource |
| AWS Serverless Application Repository Service | DeleteApplication |
| AWS Forecast | DeleteDataset DeleteDatasetGroup DeleteDatasetImportJob DeleteExplainability DeleteExplainabilityExport DeleteForecast DeleteForecastExportJob DeletePredictor DeletePredictorBacktestExportJob DeleteResourceTree StopResource UntagResource |
| AWS Cloud Directory | DeleteDirectory DeleteFacet DeleteObject DeleteSchema DeleteTypedLinkFacet DisableDirectory RemoveFacetFromObject UntagResource |
| AWS MediaTailor | DeleteChannel DeleteChannelPolicy DeletePlaybackConfiguration DeleteProgram DeleteSourceLocation DeleteVodSource StopChannel UntagResource |
| AWS Route53 Service | AssociateVPCWithHostedZone DeleteHealthCheck DeleteHostedZone DeleteKeySigningKey DeleteQueryLoggingConfig DeleteReusableDelegationSet DeleteTrafficPolicy DeleteTrafficPolicyInstance DeleteVPCAssociationAuthorization DisableHostedZoneDNSSEC DisassociateVPCFromHostedZone |
| AWS SimpleDB | BatchDeleteAttributes DeleteAttributes DeleteDomain |
| AWS Elemental MediaPackage | DeleteChannel DeleteOriginEndpoint UntagResource |
| AWS Keyspaces (for Apache Cassandra) | UntagResource |
| AWS Resilience Hub | DeleteApp DeleteAppAssessment DeleteRecommendationTemplate DeleteResiliencyPolicy RemoveDraftAppVersionResourceMappings UntagResource |
| AWS Athena Service | DeleteDataCatalog DeleteNamedQuery DeletePreparedStatement DeleteWorkGroup StopQueryExecution UntagResource |
| AWS Marketplace | AssociateProductsWithPrivateMarketplace DisassociateProductsFromPrivateMarketplace |
| AWS Pinpoint | DeleteAdmChannel DeleteApnsChannel DeleteApnsSandboxChannel DeleteApnsVoipChannel DeleteApnsVoipSandboxChannel DeleteApp DeleteBaiduChannel DeleteCampaign DeleteEmailChannel DeleteEmailTemplate DeleteEndpoint DeleteEventStream DeleteGcmChannel DeleteJourney DeletePushTemplate DeleteRecommenderConfiguration DeleteSegment DeleteSmsChannel DeleteSmsTemplate DeleteUserEndpoints DeleteVoiceChannel DeleteVoiceTemplate RemoveAttributes UntagResource |
| AWS Auto Scaling Plans | DeleteScalingPlan |
| AWS Cost and Usage Report | DeleteReportDefinition |
| AWS Route 53 Domains | DeleteDomain DeleteTagsForDomain DisableDomainAutoRenew DisableDomainTransferLock |
| AWS OpsWorks | AssociateElasticIp DeleteApp DeleteInstance DeleteLayer DeleteStack DeleteUserProfile DisassociateElasticIp RebootInstance StopInstance StopStack UntagResource |
| AWS FreeRTOS | DeleteSoftwareConfiguration |
| AWS CodeDeploy | DeleteApplication DeleteDeploymentConfig DeleteDeploymentGroup DeleteGitHubAccountToken DeleteResourcesByExternalId RemoveTagsFromOnPremisesInstances StopDeployment UntagResource |
| AWS IAM Service | DeleteAccessKey DeleteAccountAlias DeleteAccountPasswordPolicy DeleteGroup DeleteGroupPolicy DeleteInstanceProfile DeleteLoginProfile DeleteOpenIDConnectProvider DeletePolicy DeletePolicyVersion DeleteRole DeleteRolePermissionsBoundary DeleteRolePolicy DeleteSAMLProvider DeleteSSHPublicKey DeleteServerCertificate DeleteServiceLinkedRole DeleteServiceSpecificCredential DeleteSigningCertificate DeleteUser DeleteUserPermissionsBoundary DeleteUserPolicy DeleteVirtualMFADevice RemoveClientIDFromOpenIDConnectProvider RemoveRoleFromInstanceProfile RemoveUserFromGroup UntagInstanceProfile UntagMFADevice UntagOpenIDConnectProvider UntagPolicy UntagRole UntagSAMLProvider UntagServerCertificate UntagUser |
| AWS Route 53 Resolver | AssociateFirewallRuleGroup AssociateResolverEndpointIpAddress AssociateResolverQueryLogConfig AssociateResolverRule DeleteFirewallDomainList DeleteFirewallRule DeleteFirewallRuleGroup DeleteResolverEndpoint DeleteResolverQueryLogConfig DeleteResolverRule DisassociateFirewallRuleGroup DisassociateResolverEndpointIpAddress DisassociateResolverQueryLogConfig DisassociateResolverRule UntagResource |
| AWS WorkMail | AssociateDelegateToResource AssociateMemberToGroup DeleteAccessControlRule DeleteAlias DeleteEmailMonitoringConfiguration DeleteGroup DeleteInboundMailFlowRule DeleteMailDomain DeleteMailDomain DeleteMobileDevice DeleteMobileDeviceAccessOverride DeleteMobileDeviceAccessRule DeleteOrganization DeleteOutboundMailFlowRule DeleteResource DeleteRetentionPolicy DeleteSmtpGateway DeleteUser DisableMailGroups DisableMailUsers DisassociateDelegateFromResource DisassociateMemberFromGroup RemoveMembersFromGroup UntagResource |
| AWS Route 53 Recovery Readiness | DeleteCell DeleteCrossAccountAuthorization DeleteReadinessCheck DeleteRecoveryGroup DeleteResourceSet UntagResource |
| AWS CodeBuild Service | BatchDeleteBuilds DeleteBuildBatch DeleteOAuthToken DeleteProject DeleteReport DeleteReportGroup DeleteResourcePolicy DeleteResourcePolicy DeleteWebhook StopBuild StopBuildBatch |
| AWS IoT Analytics | DeleteChannel DeleteDataset DeleteDatasetContent DeleteDatastore DeletePipeline UntagResource |
| AWS Connect | AssociateApprovedOrigin AssociateBot AssociateCustomerProfilesDomain AssociateDefaultVocabulary AssociateInstanceStorageConfig AssociateLambdaFunction AssociateLexBot AssociateQueueQuickConnects AssociateRoutingProfileQueues AssociateSecurityKey DeleteContactFlow DeleteContactFlowModule DeleteHoursOfOperation DeleteInstance DeleteIntegrationAssociation DeleteQuickConnect DeleteSecurityProfile DeleteUseCase DeleteUser DeleteUserHierarchyGroup DeleteVocabulary DisassociateApprovedOrigin DisassociateBot DisassociateCustomerProfilesDomain DisassociateInstanceStorageConfig DisassociateLambdaFunction DisassociateLexBot DisassociateQueueQuickConnects DisassociateRoutingProfileQueues DisassociateSecurityKey StopContact StopContactRecording SuspendContactRecording UntagResource |
| AWS SES Service | DeleteConfigurationSet DeleteConfigurationSetEventDestination DeleteDedicatedIpPool DeleteEmailIdentity UntagResource DeleteConfigurationSet DeleteConfigurationSetEventDestination DeleteContact DeleteContactList DeleteCustomVerificationEmailTemplate DeleteDedicatedIpPool DeleteEmailIdentity DeleteEmailIdentityPolicy DeleteEmailTemplate DeleteSuppressedDestination UntagResource DeleteConfigurationSet DeleteConfigurationSetEventDestination DeleteConfigurationSetTrackingOptions DeleteCustomVerificationEmailTemplate DeleteIdentity DeleteIdentityPolicy DeleteReceiptFilter DeleteReceiptRule DeleteReceiptRuleSet DeleteTemplate DeleteVerifiedEmailAddress |
| AWS Cost Explorer | DeleteAnomalyMonitor DeleteAnomalySubscription DeleteCostCategoryDefinition DeleteNotificationSubscription DeleteReport |
| AWS Amplify Backend | DeleteBackend DeleteBackendAPI DeleteBackendAuth DeleteToken RemoveAllBackends RemoveBackendConfig |
| AWS CloudWatch Synthetics | DeleteCanary StopCanary UntagResource |
| AWS Elastic Inference | UntagResource |
| AWS Application Cost Profiler | DeleteReportDefinition |
| AWS Refactor Spaces | DeleteApplication DeleteEnvironment DeleteResourcePolicy DeleteRoute DeleteService UntagResource |
| AWS DeepLens | AssociateServiceRoleToAccount DeleteModel DeleteProject RemoveProject |
| SQL Workbench | AssociateConnectionWithChart AssociateConnectionWithTab AssociateQueryWithTab BatchDeleteFolder DeleteChart DeleteConnection DeleteSavedQuery DeleteTab UntagResource |
| AWS Inspector 2 | AssociateMember DeleteFilter Disable DisableDelegatedAdminAccount DisassociateMember UntagResource |
| AWS Single Sign-On Directory | DeleteBearerToken DeleteExternalIdPCertificate DeleteExternalIdPConfigurationForDirectory DeleteGroup DeleteMfaDeviceForUser DeleteProvisioningTenant DeleteUser DisableExternalIdPConfigurationForDirectory DisableUser RemoveMemberFromGroup |
| AWS AppFlow | DeleteConnectorProfile DeleteConnectorProfile DeleteFlow StopFlow UntagResource |
| AWS Config Service | DeleteAggregationAuthorization DeleteConfigRule DeleteConfigurationAggregator DeleteConfigurationRecorder DeleteConformancePack DeleteDeliveryChannel DeleteEvaluationResults DeleteOrganizationConfigRule DeleteOrganizationConformancePack DeletePendingAggregationRequest DeleteRemediationConfiguration DeleteRemediationExceptions DeleteResourceConfig DeleteRetentionConfiguration DeleteStoredQuery StopConfigurationRecorder UntagResource |
| AWS RDS Service | DeleteCustomAvailabilityZone DeleteCustomDBEngineVersion DeleteDBCluster DeleteDBClusterEndpoint DeleteDBClusterParameterGroup DeleteDBClusterSnapshot DeleteDBInstance DeleteDBInstanceAutomatedBackup DeleteDBParameterGroup DeleteDBProxy DeleteDBProxyEndpoint DeleteDBSecurityGroup DeleteDBSnapshot DeleteDBSubnetGroup DeleteEventSubscription DeleteGlobalCluster DeleteInstallationMedia DeleteOptionGroup RebootDBCluster RebootDBInstance RemoveFromGlobalCluster RemoveRoleFromDBCluster RemoveRoleFromDBInstance RemoveSourceIdentifierFromSubscription RemoveTagsFromResource RevokeDBSecurityGroupIngress StopActivityStream StopDBCluster StopDBInstance StopDBInstanceAutomatedBackupsReplication |
| AWS Simple Workflow Service | CountClosedWorkflowExecutions TerminateWorkflowExecution UntagResource |
| AWS Macie | AssociateMemberAccount AssociateS3Resources DisassociateMemberAccount DisassociateS3Resources DeleteCustomDataIdentifier DeleteFindingsFilter DeleteInvitations DeleteMember DisableMacie DisableOrganizationAdminAccount DisassociateFromAdministratorAccount DisassociateFromMasterAccount DisassociateMember UntagResource |
| AWS AppSync | AssociateApi DeleteApiCache DeleteApiKey DeleteDataSource DeleteDomainName DeleteFunction DeleteGraphqlApi DeleteResolver DeleteType DisassociateApi UntagResource |
| AWS ACM Service | DeleteCertificate RemoveTagsFromCertificate |
| AWS Systems Manager Incidents | DeleteIncidentRecord DeleteReplicationSet DeleteResourcePolicy DeleteResponsePlan DeleteTimelineEvent UntagResource |
| AWS X-Ray | DeleteGroup DeleteSamplingRule UntagResource |
| AWS RUM (Real User Monitoring) | DeleteAppMonitor UntagResource |
| AWS CloudFront Service | AssociateAlias DeleteCachePolicy DeleteCloudFrontOriginAccessIdentity DeleteDistribution DeleteFieldLevelEncryptionConfig DeleteFieldLevelEncryptionProfile DeleteFunction DeleteKeyGroup DeleteMonitoringSubscription DeleteOriginRequestPolicy DeletePublicKey DeleteRealtimeLogConfig DeleteResponseHeadersPolicy DeleteStreamingDistribution UntagResource |
| AWS EKS Service | AssociateEncryptionConfig AssociateIdentityProviderConfig DeleteAddon DeleteCluster DeleteFargateProfile DeleteNodegroup DisassociateIdentityProviderConfig UntagResource |
| AWS Firewall Manager | AssociateAdminAccount DeleteAppsList DeleteNotificationChannel DeletePolicy DeleteProtocolsList DisassociateAdminAccount UntagResource |
| AWS Kinesis Service | DeleteStream DisableEnhancedMonitoring RemoveTagsFromStream StopStreamEncryption |
| AWS Directory Service | DeleteConditionalForwarder DeleteDirectory DeleteLogSubscription DeleteSnapshot DeleteTrust DisableClientAuthentication DisableLDAPS DisableRadius DisableSso RemoveIpRoutes RemoveRegion RemoveTagsFromResource |
| AWS IoT SiteWise | AssociateAssets AssociateTimeSeriesToAssetProperty BatchAssociateProjectAssets BatchDisassociateProjectAssets DeleteAccessPolicy DeleteAsset DeleteAssetModel DeleteDashboard DeleteGateway DeletePortal DeleteProject DeleteTimeSeries DisassociateAssets DisassociateTimeSeriesFromAssetProperty UntagResource |
| AWS CodeStar Notifications | DeleteNotificationRule DeleteTarget UntagResource |
| AWS Fraud Detector | DeleteBatchImportJob DeleteBatchPredictionJob DeleteDetector DeleteDetectorVersion DeleteEntityType DeleteEvent DeleteEventType DeleteEventsByEventType DeleteExternalModel DeleteLabel DeleteModel DeleteModelVersion DeleteOutcome DeleteRule DeleteVariable UntagResource |
| AWS WorkLink | AssociateDomain AssociateWebsiteAuthorizationProvider AssociateWebsiteCertificateAuthority DeleteFleet DisassociateDomain DisassociateWebsiteAuthorizationProvider DisassociateWebsiteCertificateAuthority RevokeDomainAccess UntagResource |
| AWS CodeStar Connections | DeleteConnection DeleteHost UntagResource |
| AWS WorkSpaces | AssociateConnectionAlias AssociateIpGroups DeleteConnectionAlias DeleteIpGroup DeleteTags DeleteWorkspaceBundle DeleteWorkspaceImage DisassociateConnectionAlias DisassociateIpGroups RebootWorkspaces RevokeIpRules StopWorkspaces TerminateWorkspaces |
| AWS Lookout for Vision | DeleteDataset DeleteModel DeleteProject StopModel UntagResource |
| AWS Chime | AssociateChannelFlow AssociatePhoneNumberWithUser AssociatePhoneNumbersWithVoiceConnector AssociatePhoneNumbersWithVoiceConnectorGroup AssociateSigninDelegateGroupsWithAccount BatchDeletePhoneNumber BatchSuspendUser BatchUnsuspendUser DeleteAccount DeleteAccountOpenIdConfig DeleteApiKey DeleteAppInstance DeleteAppInstanceAdmin DeleteAppInstanceStreamingConfigurations DeleteAppInstanceUser DeleteAttendee DeleteCDRBucket DeleteChannel DeleteChannelBan DeleteChannelFlow DeleteChannelMembership DeleteChannelMessage DeleteChannelModerator DeleteDelegate DeleteDomain DeleteEventsConfiguration DeleteGroups DeleteMediaCapturePipeline DeleteMeeting DeletePhoneNumber DeleteProxySession DeleteRoom DeleteRoomMembership DeleteSipMediaApplication DeleteSipRule DeleteVoiceConnector DeleteVoiceConnectorEmergencyCallingConfiguration DeleteVoiceConnectorGroup DeleteVoiceConnectorOrigination DeleteVoiceConnectorProxy DeleteVoiceConnectorStreamingConfiguration DeleteVoiceConnectorTermination DeleteVoiceConnectorTerminationCredentials DisassociateChannelFlow DisassociatePhoneNumberFromUser DisassociatePhoneNumbersFromVoiceConnector DisassociatePhoneNumbersFromVoiceConnectorGroup DisassociateSigninDelegateGroupsFromAccount StopMeetingTranscription SuspendUsers UntagAttendee UntagMeeting UntagResource |
| AWS ElastiCache | BatchStopUpdateAction DeleteCacheCluster DeleteCacheParameterGroup DeleteCacheSecurityGroup DeleteCacheSubnetGroup DeleteGlobalReplicationGroup DeleteReplicationGroup DeleteSnapshot DeleteUser DeleteUserGroup DisassociateGlobalReplicationGroup RebootCacheCluster RemoveTagsFromResource RevokeCacheSecurityGroupIngress |
| AWS IoT Wireless | AssociateAwsAccountWithPartnerAccount AssociateMulticastGroupWithFuotaTask AssociateWirelessDeviceWithFuotaTask AssociateWirelessDeviceWithMulticastGroup AssociateWirelessDeviceWithThing AssociateWirelessGatewayWithCertificate AssociateWirelessGatewayWithThing DeleteDestination DeleteDeviceProfile DeleteFuotaTask DeleteMulticastGroup DeleteQueuedMessages DeleteServiceProfile DeleteWirelessDevice DeleteWirelessGateway DeleteWirelessGatewayTask DeleteWirelessGatewayTaskDefinition DisassociateAwsAccountFromPartnerAccount DisassociateMulticastGroupFromFuotaTask DisassociateWirelessDeviceFromFuotaTask DisassociateWirelessDeviceFromMulticastGroup DisassociateWirelessDeviceFromThing DisassociateWirelessGatewayFromCertificate DisassociateWirelessGatewayFromThing StartBulkAssociateWirelessDeviceWithMulticastGroup StartBulkDisassociateWirelessDeviceFromMulticastGroup UntagResource |
| AWS Firehose Service | DeleteDeliveryStream StopDeliveryStreamEncryption UntagDeliveryStream |
| AWS Mechanical Turk | AssociateQualificationWithWorker DeleteHIT DeleteQualificationType DeleteWorkerBlock DisassociateQualificationFromWorker |
| AWS StorageGateway Service | AssociateFileSystem BypassGovernanceRetention DeleteAutomaticTapeCreationPolicy DeleteBandwidthRateLimit DeleteChapCredentials DeleteFileShare DeleteGateway DeleteSnapshotSchedule DeleteTape DeleteTapeArchive DeleteTapePool DeleteVolume DisableGateway DisassociateFileSystem RemoveTagsFromResource |
| AWS EMR | DeleteEditor DeleteRepository DeleteSecurityConfiguration DeleteStudio DeleteStudioSessionMapping RemoveAutoScalingPolicy RemoveAutoTerminationPolicy RemoveTags StopEditor StopNotebookExecution TerminateJobFlows |
| AWS Batch | DeleteComputeEnvironment DeleteJobQueue DeleteSchedulingPolicy TerminateJob UntagResource |
| AWS Connect Campaigns | DeleteCampaign StopCampaign UntagResource |
| AWS IoT Events | high_privilege_actions BatchDisableAlarm DeleteAlarmModel DeleteDetectorModel DeleteInput UntagResource |
| AWS CloudTrail Service | DeleteEventDataStore DeleteTrail RemoveTags StopLogging |
| AWS DynamoDB Service | DeleteBackup DeleteItem DeleteTable DeleteTableReplica DisableKinesisStreamingDestination PartiQLDelete UntagResource |
| AWS OpenSearch Service | AssociatePackage DeleteDomain DeleteElasticsearchDomain DeleteElasticsearchServiceRole DeleteInboundConnection DeleteInboundCrossClusterSearchConnection DeleteOutboundConnection DeleteOutboundCrossClusterSearchConnection DeletePackage ESHttpDelete RemoveTags |
| AWS DeepRacer | AdminListAssociatedResources AdminListAssociatedUsers DeleteLeaderboard DeleteModel RemoveLeaderboardAccessPermission StopEvaluation StopTrainingReinforcementLearningModel UntagResource |
| AWS Voice ID | DeleteDomain DeleteFraudster DeleteSpeaker UntagResource |
| AWS EMR on EKS | DeleteManagedEndpoint DeleteVirtualCluster UntagResource |
| AWS Budgets | DeleteBudgetAction |
| AWS EventBridge Schema Registry | DeleteDiscoverer DeleteRegistry DeleteResourcePolicy DeleteSchema DeleteSchemaVersion StopDiscoverer UntagResource |
| AWS Network Manager | AssociateConnectPeer AssociateCustomerGateway AssociateLink AssociateTransitGatewayConnectPeer DeleteAttachment DeleteConnectPeer DeleteConnection DeleteCoreNetwork DeleteCoreNetworkPolicyVersion DeleteDevice DeleteGlobalNetwork DeleteLink DeleteResourcePolicy DeleteSite DisassociateConnectPeer DisassociateCustomerGateway DisassociateLink DisassociateTransitGatewayConnectPeer UntagResource |
| AWS Cognito Identity | DeleteIdentities DeleteIdentityPool UntagResource |
| AWS Polly | DeleteLexicon |
| AWS AppConfig | DeleteApplication DeleteConfigurationProfile DeleteDeploymentStrategy DeleteEnvironment DeleteHostedConfigurationVersion StopDeployment UntagResource |
| AWS App Runner | AssociateCustomDomain DeleteAutoScalingConfiguration DeleteConnection DeleteService DisassociateCustomDomain UntagResource |
| AWS License Manager | DeleteGrant DeleteLicense DeleteLicenseConfiguration DeleteLicenseManagerReportGenerator DeleteToken UntagResource |
| AWS Alexa for Business Service | AssociateContactWithAddressBook AssociateDeviceWithNetworkProfile AssociateDeviceWithRoom AssociateSkillGroupWithRoom AssociateSkillWithSkillGroup AssociateSkillWithUsers DeleteAddressBook DeleteBusinessReportSchedule DeleteConferenceProvider DeleteContact DeleteDevice DeleteDeviceUsageData DeleteGatewayGroup DeleteNetworkProfile DeleteProfile DeleteRoom DeleteRoomSkillParameter DeleteSkillAuthorization DeleteSkillGroup DeleteUser DisassociateContactFromAddressBook DisassociateDeviceFromRoom DisassociateSkillFromSkillGroup DisassociateSkillFromUsers DisassociateSkillGroupFromRoom RevokeInvitation UntagResource |
| AWS Certificate Manager Private Certificate Authority | DeleteCertificateAuthority DeletePermission DeletePolicy RevokeCertificate UntagCertificateAuthority |
| AWS StepFunctions Service | DeleteActivity DeleteStateMachine StopExecution UntagResource |
| AWS Connect Wisdom | DeleteAssistant DeleteAssistantAssociation DeleteContent DeleteKnowledgeBase RemoveKnowledgeBaseTemplateUri UntagResource |
| EC2 Messages | DeleteMessage |
| AWS IoT Greengrass | AssociateServiceRoleToAccount BatchAssociateClientDeviceWithCoreDevice BatchDisassociateClientDeviceFromCoreDevice DeleteComponent DeleteCoreDevice DisassociateServiceRoleFromAccount UntagResource AssociateRoleToGroup AssociateServiceRoleToAccount DeleteConnectorDefinition DeleteCoreDefinition DeleteDeviceDefinition DeleteFunctionDefinition DeleteGroup DeleteLoggerDefinition DeleteResourceDefinition DeleteSubscriptionDefinition DisassociateRoleFromGroup DisassociateServiceRoleFromAccount StopBulkDeployment UntagResource |
| AWS Redshift Service | AssociateDataShareConsumer BatchDeleteClusterSnapshots DeleteAuthenticationProfile DeleteCluster DeleteClusterParameterGroup DeleteClusterSecurityGroup DeleteClusterSnapshot DeleteClusterSubnetGroup DeleteEventSubscription DeleteHsmClientCertificate DeleteHsmConfiguration DeleteSavedQueries DeleteScheduledAction DeleteSnapshotCopyGrant DeleteSnapshotSchedule DeleteTags DeleteUsageLimit DisableLogging DisableSnapshotCopy DisassociateDataShareConsumer RebootCluster RevokeClusterSecurityGroupIngress RevokeSnapshotAccess |
| AWS WorkDocs | DeleteComment DeleteCustomMetadata DeleteDocument DeleteFolder DeleteFolderContents DeleteInstance DeleteLabels DeleteNotificationSubscription DeleteUser RemoveAllResourcePermissions RemoveResourcePermission |
| AWS Comprehend Medical | StopEntitiesDetectionV2Job StopICD10CMInferenceJob StopPHIDetectionJob StopRxNormInferenceJob |
| AWS DeepComposer | AssociateCoupon DeleteComposition DeleteModel UntagResource |
| AWS Managed Blockchain | DeleteMember DeleteNode UntagResource |
| AWS WAF | DeleteByteMatchSet DeleteGeoMatchSet DeleteIPSet DeleteLoggingConfiguration DeletePermissionPolicy DeleteRateBasedRule DeleteRegexMatchSet DeleteRegexPatternSet DeleteRule DeleteRuleGroup DeleteSizeConstraintSet DeleteSqlInjectionMatchSet DeleteWebACL DeleteXssMatchSet UntagResource |
| AWS AppStream | AssociateApplicationFleet AssociateApplicationToEntitlement AssociateFleet BatchAssociateUserStack BatchDisassociateUserStack DeleteAppBlock DeleteApplication DeleteDirectoryConfig DeleteEntitlement DeleteFleet DeleteImage DeleteImageBuilder DeleteImagePermissions DeleteStack DeleteUsageReportSubscription DeleteUser DisableUser DisassociateApplicationFleet DisassociateApplicationFromEntitlement DisassociateFleet StopFleet StopImageBuilder UntagResource |
| AWS QuickSight | DeleteAccountCustomization DeleteAnalysis DeleteCustomPermissions DeleteDashboard DeleteDataSet DeleteDataSource DeleteEmailCustomizationTemplate DeleteFolder DeleteFolderMembership DeleteGroup DeleteGroupMembership DeleteIAMPolicyAssignment DeleteNamespace DeleteTemplate DeleteTemplateAlias DeleteTheme DeleteThemeAlias DeleteUser DeleteUserByPrincipalId DeleteVPCConnection UntagResource |
| AWS WAFv2 | AssociateWebACL DeleteFirewallManagerRuleGroups DeleteIPSet DeleteLoggingConfiguration DeletePermissionPolicy DeleteRegexPatternSet DeleteRuleGroup DeleteWebACL DisassociateFirewallManager DisassociateWebACL UntagResource |
| AWS Data Lifecycle Manager | DeleteLifecyclePolicy UntagResource |
| AWS Well-Architected Tool | AssociateLenses DeleteLens DeleteLensShare DeleteWorkload DeleteWorkloadShare DisassociateLenses UntagResource |
| AWS Kendra | BatchDeleteDocument DeleteDataSource DeleteFaq DeleteIndex DeletePrincipalMapping DeleteQuerySuggestionsBlockList DeleteThesaurus StopDataSourceSyncJob UntagResource |
| AWS Interactive Video Service | DeleteChannel DeletePlaybackKeyPair DeleteRecordingConfiguration DeleteStreamKey StopStream UntagResource |
| AWS Lightsail | CloseInstancePublicPorts DeleteAlarm DeleteAutoSnapshot DeleteBucket DeleteBucketAccessKey DeleteCertificate DeleteContactMethod DeleteContainerImage DeleteContainerService DeleteDisk DeleteDiskSnapshot DeleteDistribution DeleteDomain DeleteDomainEntry DeleteInstance DeleteInstanceSnapshot DeleteKeyPair DeleteKnownHostKeys DeleteLoadBalancer DeleteLoadBalancerTlsCertificate DeleteRelationalDatabase DeleteRelationalDatabaseSnapshot DisableAddOn RebootInstance RebootRelationalDatabase StopInstance StopRelationalDatabase UntagResource |
| AWS Cognito Sync | DeleteDataset |
| AWS CloudSearch | DeleteAnalysisScheme DeleteDomain DeleteExpression DeleteIndexField DeleteSuggester RemoveTags |
| AWS Elastic Transcoder | DeletePipeline DeletePreset |
| AWS IoT FleetWise | AssociateVehicle DeleteCampaign DeleteDecoderManifest DeleteFleet DeleteModelManifest DeleteSignalCatalog DeleteVehicle DisassociateVehicle |
| AWS Backup Service | DeleteBackupPlan DeleteBackupSelection DeleteBackupVault DeleteBackupVaultAccessPolicy DeleteBackupVaultLockConfiguration DeleteBackupVaultNotifications DeleteFramework DeleteRecoveryPoint DeleteReportPlan DisassociateRecoveryPoint StopBackupJob UntagResource |
| AWS DataBrew | BatchDeleteRecipeVersion DeleteDataset DeleteJob DeleteProject DeleteRecipeVersion DeleteRuleset DeleteSchedule StopJobRun UntagResource |
| AWS Braket | UntagResource |
| AWS Database Migration Service | DeleteCertificate DeleteConnection DeleteEndpoint DeleteEventSubscription DeleteReplicationInstance DeleteReplicationSubnetGroup DeleteReplicationTask DeleteReplicationTaskAssessmentRun RebootReplicationInstance RemoveTagsFromResource StopReplicationTask |
| AWS Network Firewall | AssociateFirewallPolicy AssociateSubnets DeleteFirewall DeleteFirewallPolicy DeleteResourcePolicy DeleteRuleGroup DisassociateSubnets UntagResource UpdateFirewallDeleteProtection |
| AWS Artifact | TerminateAgreement |
| AWS Systems Manager Contacts | AssociateContact DeleteContact DeleteContactChannel DeleteContactPolicy StopEngagement UntagResource |
| AWS Transcribe | DeleteCallAnalyticsCategory DeleteCallAnalyticsJob DeleteLanguageModel DeleteMedicalTranscriptionJob DeleteMedicalVocabulary DeleteTranscriptionJob DeleteVocabulary DeleteVocabularyFilter |
| AWS Elemental MediaPackage VOD | DeleteAsset DeletePackagingConfiguration DeletePackagingGroup UntagResource |
| AWS Device Farm | DeleteDevicePool DeleteInstanceProfile DeleteNetworkProfile DeleteProject DeleteRemoteAccessSession DeleteRun DeleteTestGridProject DeleteUpload DeleteVPCEConfiguration StopJob StopRemoteAccessSession StopRun UntagResource |
| AWS Ground Station | DeleteConfig DeleteDataflowEndpointGroup DeleteMissionProfile UntagResource |
| AWS DevOps Guru | RemoveNotificationChannel |
| AWS Signer | RemoveProfilePermission RevokeSignature RevokeSigningProfile UntagResource |
| AWS ResourceGroups Service | DeleteGroup Untag |
| AWS Honeycode | BatchDeleteTableRows |
| AWS Amplify UI Builder | DeleteComponent DeleteTheme UntagResource |
| AWS WorkSpaces Web | AssociateBrowserSettings AssociateNetworkSettings AssociateTrustStore AssociateUserSettings DeleteBrowserSettings DeleteIdentityProvider DeleteNetworkSettings DeletePortal DeleteTrustStore DeleteUserSettings DisassociateBrowserSettings DisassociateNetworkSettings DisassociateTrustStore DisassociateUserSettings UntagResource |
| AWS ECR Public | high_privilege_actions BatchDeleteImage DeleteRepository DeleteRepositoryPolicy UntagResource |
| AWS Snow Device Management | UntagResource |
| AWS APIGateway Service | DELETE DELETE RemoveCertificateFromDomain |
| AWS MSK (Managed Streaming for Apache Kafka) | DeleteGroup DeleteTopic |
| AWS Elemental Activations | UntagResource |
| AWS Managed Grafana | AssociateLicense DeleteWorkspace DisassociateLicense |
| AWS App Mesh | DeleteGatewayRoute DeleteMesh DeleteRoute DeleteVirtualGateway DeleteVirtualNode DeleteVirtualRouter DeleteVirtualService UntagResource |
| AWS DBQMS | DeleteFavoriteQueries DeleteQueryHistory DeleteTab |
| AWS MSK Service | BatchAssociateScramSecret BatchDisassociateScramSecret DeleteCluster DeleteConfiguration RebootBroker UntagResource |
| AWS CodeGuru Reviewer | AssociateRepository DisassociateRepository UnTagResource |
| AWS MemoryDB for Redis | DeleteAcl DeleteCluster DeleteParameterGroup DeleteSnapshot DeleteSubnetGroup DeleteUser UntagResource |
| AWS SMS Voice | DeleteConfigurationSet DeleteConfigurationSetEventDestination |
| AWS CloudWatch Service | DeleteAlarms DeleteAnomalyDetector DeleteDashboards DeleteInsightRules DeleteMetricStream DisableAlarmActions DisableInsightRules StopMetricStreams UntagResource |
| AWS AutoScaling Service | BatchDeleteScheduledAction DeleteAutoScalingGroup DeleteLaunchConfiguration DeleteLifecycleHook DeleteNotificationConfiguration DeletePolicy DeleteScheduledAction DeleteTags DeleteWarmPool DisableMetricsCollection SuspendProcesses TerminateInstanceInAutoScalingGroup |
| AWS Shield | AssociateDRTLogBucket AssociateDRTRole AssociateHealthCheck AssociateProactiveEngagementDetails DeleteProtection DeleteProtectionGroup DeleteSubscription DisableApplicationLayerAutomaticResponse DisableProactiveEngagement DisassociateDRTLogBucket DisassociateDRTRole DisassociateHealthCheck UntagResource |
| AWS IoT TwinMaker | DeleteComponentType DeleteEntity DeleteScene DeleteWorkspace UntagResource |
| AWS SecretsManager Service | DeleteResourcePolicy DeleteSecret RemoveRegionsFromReplication StopReplicationToReplica UntagResource |
| Application Auto Scaling | DeleteScalingPolicy DeleteScheduledAction |
| AWS FSx Service | AssociateFileGateway AssociateFileSystemAliases DeleteBackup DeleteDataRepositoryAssociation DeleteFileSystem DeleteSnapshot DeleteStorageVirtualMachine DeleteVolume DisassociateFileGateway DisassociateFileSystemAliases UntagResource |
| AWS Amplify | DeleteApp DeleteBackendEnvironment DeleteBranch DeleteDomainAssociation DeleteJob DeleteWebHook StopJob UntagResource |
| AWS App Mesh Preview | DeleteGatewayRoute DeleteMesh DeleteRoute DeleteVirtualGateway DeleteVirtualNode DeleteVirtualRouter DeleteVirtualService |
| AWS Kinesis Video Streams | DeleteSignalingChannel DeleteStream UntagResource UntagStream |
| AWS Migration Hub Strategy | StopAssessment |
| AWS Elemental MediaLive | BatchDelete BatchStop DeleteChannel DeleteInput DeleteInputSecurityGroup DeleteMultiplex DeleteMultiplexProgram DeleteReservation DeleteSchedule DeleteTags StopChannel StopMultiplex |
| AWS CloudShell | DeleteEnvironment StopEnvironment |
| AWS Location Service | AssociateTrackerConsumer BatchDeleteDevicePositionHistory BatchDeleteGeofence DeleteGeofenceCollection DeleteMap DeletePlaceIndex DeleteRouteCalculator DeleteTracker DisassociateTrackerConsumer UntagResource |
| AWS KMS Service | DeleteAlias DeleteCustomKeyStore DeleteImportedKeyMaterial DisableKey DisableKeyRotation RevokeGrant UntagResource |
| AWS CloudHSM | DeleteBackup DeleteCluster DeleteHapg DeleteHsm DeleteLunaClient RemoveTagsFromResource UntagResource |
| AWS EC2 Service | AssociateAddress AssociateClientVpnTargetNetwork AssociateDhcpOptions AssociateEnclaveCertificateIamRole AssociateIamInstanceProfile AssociateInstanceEventWindow AssociateRouteTable AssociateSubnetCidrBlock AssociateTransitGatewayMulticastDomain AssociateTransitGatewayRouteTable AssociateTrunkInterface AssociateVpcCidrBlock DeleteCarrierGateway DeleteClientVpnEndpoint DeleteClientVpnRoute DeleteCustomerGateway DeleteDhcpOptions DeleteEgressOnlyInternetGateway DeleteFleets DeleteFlowLogs DeleteFpgaImage DeleteInstanceEventWindow DeleteInternetGateway DeleteIpam DeleteIpamPool DeleteIpamScope DeleteKeyPair DeleteLaunchTemplate DeleteLaunchTemplateVersions DeleteLocalGatewayRoute DeleteLocalGatewayRouteTableVpcAssociation DeleteManagedPrefixList DeleteNatGateway DeleteNetworkAcl DeleteNetworkAclEntry DeleteNetworkInsightsAccessScope DeleteNetworkInsightsAccessScopeAnalysis DeleteNetworkInsightsAnalysis DeleteNetworkInsightsPath DeleteNetworkInterface DeleteNetworkInterfacePermission DeletePlacementGroup DeletePublicIpv4Pool DeleteQueuedReservedInstances DeleteRoute DeleteRouteTable DeleteSecurityGroup DeleteSnapshot DeleteSpotDatafeedSubscription DeleteSubnet DeleteSubnetCidrReservation DeleteTags DeleteTrafficMirrorFilter DeleteTrafficMirrorFilterRule DeleteTrafficMirrorSession DeleteTrafficMirrorTarget DeleteTransitGateway DeleteTransitGatewayConnect DeleteTransitGatewayConnectPeer DeleteTransitGatewayMulticastDomain DeleteTransitGatewayPeeringAttachment DeleteTransitGatewayPrefixListReference DeleteTransitGatewayRoute DeleteTransitGatewayRouteTable DeleteTransitGatewayVpcAttachment DeleteVolume DeleteVpc DeleteVpcEndpointConnectionNotifications DeleteVpcEndpointServiceConfigurations DeleteVpcEndpoints DeleteVpcPeeringConnection DeleteVpnConnection DeleteVpnConnectionRoute DeleteVpnGateway DisableEbsEncryptionByDefault DisableFastLaunch DisableFastSnapshotRestores DisableImageDeprecation DisableIpamOrganizationAdminAccount DisableSerialConsoleAccess DisableTransitGatewayRouteTablePropagation DisableVgwRoutePropagation DisableVpcClassicLink DisableVpcClassicLinkDnsSupport DisassociateAddress DisassociateClientVpnTargetNetwork DisassociateEnclaveCertificateIamRole DisassociateIamInstanceProfile DisassociateInstanceEventWindow DisassociateRouteTable DisassociateSubnetCidrBlock DisassociateTransitGatewayMulticastDomain DisassociateTransitGatewayRouteTable DisassociateTrunkInterface DisassociateVpcCidrBlock RebootInstances RevokeClientVpnIngress RevokeSecurityGroupEgress RevokeSecurityGroupIngress StopInstances TerminateClientVpnConnections TerminateInstances WithdrawByoipCidr |
| AWS Data Pipeline | DeletePipeline RemoveTags |
| AWS Simple Notification Service | DeleteApp DeleteAppLaunchConfiguration DeleteAppReplicationConfiguration DeleteAppValidationConfiguration DeleteReplicationJob DeleteServerCatalog DisassociateConnector StopAppReplication TerminateApp |
| AWS Monitron | AssociateProjectAdminUser DeleteProject DisassociateProjectAdminUser UntagResource |
| AWS CloudFormation Service | DeleteChangeSet DeleteStack DeleteStackInstances DeleteStackSet StopStackSetOperation UntagResource DeleteResource |
| AWS Rbin | DeleteRule UntagResource |
| AWS SNS Chatbot | DeleteChimeWebhookConfiguration DeleteSlackChannelConfiguration DeleteSlackWorkspaceAuthorization |
| AWS Health | DisableHealthServiceAccessForOrganization |
| AWS Outposts | DeleteOutpost DeleteSite UntagResource |
| AWS GameLift | DeleteAlias DeleteBuild DeleteFleet DeleteFleetLocations DeleteGameServerGroup DeleteGameSessionQueue DeleteMatchmakingConfiguration DeleteMatchmakingRuleSet DeleteScalingPolicy DeleteScript DeleteVpcPeeringAuthorization DeleteVpcPeeringConnection StopFleetActions StopGameSessionPlacement StopMatchmaking SuspendGameServerGroup UntagResource |
| AWS IoT Fleet Hub | DeleteApplication UntagResource |
| AWS Route 53 Recovery Control Config | DeleteCluster DeleteControlPanel DeleteRoutingControl DeleteSafetyRule UntagResource |
| AWS OpsWorks Configuration Management | AssociateNode DeleteBackup DeleteServer DisassociateNode UntagResource |
| AWS Timestream Service | DeleteDatabase DeleteScheduledQuery DeleteTable UntagResource |
| AWS IoT RoboRunner | DeleteAction DeleteActionTemplate DeleteActionTemplateDependency DeleteActivity DeleteActivityDependency DeleteDestination DeleteDestinationRelationship DeleteSite DeleteTask DeleteTaskDependency DeleteWorker DeleteWorkerFleet |
| AWS Discovery | AssociateConfigurationItemsToApplication BatchDeleteImportData DeleteApplications DeleteTags DisassociateConfigurationItemsFromApplication StopContinuousExport StopDataCollectionByAgentIds |
| AWS CodeCommit Service | AssociateApprovalRuleTemplateWithRepository BatchAssociateApprovalRuleTemplateWithRepositories BatchDisassociateApprovalRuleTemplateFromRepositories DeleteApprovalRuleTemplate DeleteBranch DeleteCommentContent DeleteFile DeletePullRequestApprovalRule DeleteRepository DisassociateApprovalRuleTemplateFromRepository UntagResource |
| AWS CodeGuru Profiler | DeleteProfilingGroup RemoveNotificationChannel RemovePermission UntagResource |
| AWS IoT Device Advisor | DeleteSuiteDefinition StopSuiteRun UntagResource |
| AWS SNS Service | DeleteEndpoint DeletePlatformApplication DeleteSMSSandboxPhoneNumber DeleteTopic RemovePermission UntagResource |
| AWS Cognito Identity Provider | AdminDeleteUser AdminDeleteUserAttributes AdminDisableProviderForUser AdminDisableUser AdminRemoveUserFromGroup AssociateSoftwareToken DeleteGroup DeleteIdentityProvider DeleteResourceServer DeleteUser DeleteUserAttributes DeleteUserPool DeleteUserPoolClient DeleteUserPoolDomain RevokeToken StopUserImportJob UntagResource |
| AWS Elastic Beanstalk | AssociateEnvironmentOperationsRole DeleteApplication DeleteApplicationVersion DeleteConfigurationTemplate DeleteEnvironmentConfiguration DeletePlatformVersion DisassociateEnvironmentOperationsRole RemoveTags TerminateEnvironment |
| AWS CloudWatch Application Insights | DeleteApplication DeleteComponent DeleteLogPattern UntagResource |
| AWS ELB Service | DeleteListener DeleteLoadBalancer DeleteRule DeleteTargetGroup RemoveListenerCertificates RemoveTags DeleteLoadBalancer DeleteLoadBalancerListeners DeleteLoadBalancerPolicy DisableAvailabilityZonesForLoadBalancer RemoveTags |
| AWS Lookout for Equipment | DeleteDataset DeleteInferenceScheduler DeleteModel StopInferenceScheduler UntagResource |
| AWS Lookout for Metrics | DeleteAlert DeleteAnomalyDetector UntagResource |
| AWS Translate | DeleteParallelData DeleteTerminology StopTextTranslationJob |
| AWS WAF Regional | AssociateWebACL DeleteByteMatchSet DeleteGeoMatchSet DeleteIPSet DeleteLoggingConfiguration DeletePermissionPolicy DeleteRateBasedRule DeleteRegexMatchSet DeleteRegexPatternSet DeleteRule DeleteRuleGroup DeleteSizeConstraintSet DeleteSqlInjectionMatchSet DeleteWebACL DeleteXssMatchSet DisassociateWebACL UntagResource |
| AWS ECS Service | DeleteAccountSetting DeleteAttributes DeleteCapacityProvider DeleteCluster DeleteService DeleteTaskSet StopTask UntagResource |
| AWS ECR Service | BatchDeleteImage DeleteLifecyclePolicy DeletePullThroughCacheRule DeleteRegistryPolicy DeleteRepository DeleteRepositoryPolicy UntagResource |
| AWS DynamoDB Accelerator (DAX) | DeleteCluster DeleteItem DeleteParameterGroup DeleteSubnetGroup RebootNode UntagResource |
| AWS Resource Groups Tagging API | UntagResources |
| AWS CloudWatch Logs Service | AssociateKmsKey DeleteDestination DeleteLogDelivery DeleteLogGroup DeleteLogStream DeleteMetricFilter DeleteQueryDefinition DeleteResourcePolicy DeleteRetentionPolicy DeleteSubscriptionFilter DisassociateKmsKey StopQuery UntagLogGroup |
| AWS Backup Gateway Service | AssociateGatewayToServer DeleteGateway DeleteHypervisor DisassociateGatewayFromServer UntagResource |
| AWS Service Catalog | AssociateAttributeGroup AssociateBudgetWithResource AssociatePrincipalWithPortfolio AssociateProductWithPortfolio AssociateResource AssociateServiceActionWithProvisioningArtifact AssociateTagOptionWithResource BatchAssociateServiceActionWithProvisioningArtifact BatchDisassociateServiceActionFromProvisioningArtifact DeleteApplication DeleteAttributeGroup DeleteConstraint DeletePortfolio DeletePortfolioShare DeleteProduct DeleteProvisionedProductPlan DeleteProvisioningArtifact DeleteServiceAction DeleteTagOption DisableAWSOrganizationsAccess DisassociateAttributeGroup DisassociateBudgetFromResource DisassociatePrincipalFromPortfolio DisassociateProductFromPortfolio DisassociateResource DisassociateServiceActionFromProvisioningArtifact DisassociateTagOptionFromResource TerminateProvisionedProduct UntagResource |
| AWS Elastic Disaster Recovery | AssociateFailbackClientToRecoveryInstanceForDrs BatchDeleteSnapshotRequestForDrs DeleteJob DeleteRecoveryInstance DeleteReplicationConfigurationTemplate DeleteSourceServer StopFailback TerminateRecoveryInstances UntagResource |
| AWS Message Queue | DeleteBroker DeleteTags DeleteUser RebootBroker |
| AWS Control Tower | DisableGuardrail |
| AWS Nimble Studio | DeleteLaunchProfile DeleteLaunchProfileMember DeleteStreamingImage DeleteStreamingSession DeleteStudio DeleteStudioComponent DeleteStudioMember StopStreamingSession UntagResource |
| AWS Managed Workflows for Apache Airflow | DeleteEnvironment UntagResource |
| AWS S3 Object Lambda | DeleteObject DeleteObjectTagging DeleteObjectVersion DeleteObjectVersionTagging |
| AWS Personalize | DeleteCampaign DeleteDataset DeleteDatasetGroup DeleteEventTracker DeleteFilter DeleteRecommender DeleteSchema DeleteSolution StopSolutionVersionCreation |
| AWS Cloud9 | DeleteEnvironment DeleteEnvironmentMembership UntagResource |
| AWS Elemental Appliances and Software | UntagResource |
| AWS Detective | DeleteGraph DeleteMembers DisableOrganizationAdminAccount DisassociateMembership UntagResource |
| AWS Transfer for SFTP | DeleteAccess DeleteServer DeleteSshPublicKey DeleteUser DeleteWorkflow StopServer UntagResource |
| AWS Panorama | DeleteApp DeleteAppVersion DeleteDataSource DeleteDevice DeleteModel DeletePackage RemoveApplicationInstance UntagResource |
| AWS IAM Access Analyzer | DeleteAnalyzer DeleteArchiveRule UntagResource |
| AWS App Integrations | DeleteDataIntegration DeleteDataIntegrationAssociation DeleteEventIntegration DeleteEventIntegrationAssociation UntagResource |
| AWS FinSpace | DeleteEnvironment UntagResource |
| AWS SageMaker Ground Truth Labeling | AssociatePatchToManifestJob |
| AWS S3 on Outposts | DeleteAccessPoint DeleteAccessPointPolicy DeleteBucket DeleteBucketPolicy DeleteEndpoint DeleteObject DeleteObjectTagging |
| AWS Elemental MediaStore | DeleteContainer DeleteContainerPolicy DeleteCorsPolicy DeleteLifecyclePolicy DeleteMetricPolicy DeleteObject StopAccessLogging UntagResource |
| AWS BugBust | UntagResource |
| AWS HealthLake | DeleteFHIRDatastore DeleteResource UntagResource |
| AWS IoT 1-Click | AssociateDeviceWithPlacement DeletePlacement DeleteProject DisassociateDeviceFromPlacement UntagResource |
| AWS MSK Connect | DeleteConnector |
| AWS CodePipeline | DeleteCustomActionType DeletePipeline DeleteWebhook DisableStageTransition StopPipelineExecution UntagResource |
| AWS Security Hub | BatchDisableStandards DeleteActionTarget DeleteFindingAggregator DeleteInsight DeleteInvitations DeleteMembers DisableImportFindingsForProduct DisableOrganizationAdminAccount DisableSecurityHub DisassociateFromAdministratorAccount DisassociateFromMasterAccount DisassociateMembers UntagResource |
| AWS EC2 Image Builder | DeleteComponent DeleteContainerRecipe DeleteDistributionConfiguration DeleteImage DeleteImagePipeline DeleteImageRecipe DeleteInfrastructureConfiguration UntagResource |
| AWS SQS Service | DeleteMessage DeleteQueue RemovePermission UntagQueue |
| AWS ServiceDiscovery Service | DeleteNamespace DeleteService UntagResource |
| AWS Compute Optimizer | DeleteRecommendationPreferences |
| AWS Glacier | DeleteArchive DeleteVault DeleteVaultAccessPolicy DeleteVaultNotifications RemoveTagsFromVault |
| AWS Rekognition | DeleteCollection DeleteDataset DeleteFaces DeleteProject DeleteProjectVersion DeleteStreamProcessor StopProjectVersion StopStreamProcessor UntagResource |
| AWS Launch Wizard | DeleteApp |
| AWS Elemental MediaConvert | AssociateCertificate DeleteJobTemplate DeletePolicy DeletePreset DeleteQueue DisassociateCertificate UntagResource |
| AWS ServiceQuotas Service | AssociateServiceQuotaTemplate DeleteServiceQuotaIncreaseRequestFromTemplate DisassociateServiceQuotaTemplate UntagResource |
| AWS Inspector | DeleteAssessmentRun DeleteAssessmentTarget DeleteAssessmentTemplate RemoveAttributesFromFindings StopAssessmentRun |
| AWS RoboMaker | BatchDeleteWorlds DeleteFleet DeleteRobot DeleteRobotApplication DeleteSimulationApplication DeleteWorldTemplate UntagResource |
| AWS Quantum Ledger Database | DeleteLedger PartiQLDelete UntagResource |
| AWS CodeStar | AssociateTeamMember DeleteExtendedAccess DeleteProject DeleteUserProfile DisassociateTeamMember UntagProject |
| AWS CodeArtifact | AssociateExternalConnection AssociateWithDownstreamRepository DeleteDomain DeleteDomainPermissionsPolicy DeletePackageVersions DeleteRepository DeleteRepositoryPermissionsPolicy DisassociateExternalConnection UntagResource |
| AWS Direct Connect | AssociateConnectionWithLag AssociateHostedConnection AssociateMacSecKey AssociateVirtualInterface DeleteBGPPeer DeleteConnection DeleteDirectConnectGateway DeleteDirectConnectGatewayAssociation DeleteDirectConnectGatewayAssociationProposal DeleteInterconnect DeleteLag DeleteVirtualInterface DisassociateConnectionFromLag DisassociateMacSecKey StopBgpFailoverTest UntagResource |
| AWS DataSync | DeleteAgent DeleteLocation DeleteTask UntagResource |
| AWS Organizations | DeleteOrganization DeleteOrganizationalUnit DeletePolicy DisableAWSServiceAccess DisablePolicyType RemoveAccountFromOrganization UntagResource |
| AWS Kinesis Analytics | DeleteApplication DeleteApplicationCloudWatchLoggingOption DeleteApplicationInputProcessingConfiguration DeleteApplicationOutput DeleteApplicationReferenceDataSource DeleteApplicationSnapshot DeleteApplicationVpcConfiguration StopApplication UntagResource DeleteApplication DeleteApplicationOutput DeleteApplicationReferenceDataSource StopApplication UntagResource |
| AWS Account | DeleteAlternateContact DisableRegion |
Why are the actions considered high privilege?
Reasons for actions marked as high-privilege:
- Data Loss: Deletion actions cause irreversible loss of critical models, endpoints, or policies.
- Operational Disruption: Prematurely stopping jobs wastes resources and disrupts workflows.
- Security Impact: Removing policies or tags weakens access control, governance, and monitoring.
- Resource Investment: Training classifiers or recognizers involves significant time, effort, and cost.
How to Manage these Actions? Any Recommended Best Practices?
- Audit These Actions Regularly: Ensure these actions are logged in AWS CloudTrail and reviewed periodically.
- Restrict Permissions: Use the principle of least privilege, granting access to these actions only to trusted, high-level users or service roles.
- Enable Multi-Factor Authentication (MFA): Require MFA for users with permissions to perform these actions.
- Use Resource Policies: Set resource-based policies to add an extra layer of control.
- Tag Governance: Maintain a tagging strategy and monitor untagging actions.
Related Topics
