Actions, resources, and condition keys for Alexa for Business
This page is moving to a new location on November 16, 2020. Please update your bookmark to use the new page at https://docs.aws.amazon.com/service-authorization/latest/reference/list_alexaforbusiness.html .
Alexa for Business (service prefix:
a4b
) provides the following service-specific resources, actions, and condition context
keys for use in IAM permission policies.
References:
-
View a list of the API operations available for this service .
Topics
Actions defined by Alexa for Business
You can specify the following actions in the
Action
element of an IAM policy statement. Use policies to grant permissions to perform
an operation in AWS. When you use an action in a policy, you usually allow or
deny access to the API operation or CLI command with the same name. However,
in some cases, a single action controls access to more than one operation. Alternatively,
some operations require several different actions.
The
Resource types
column indicates whether each action supports resource-level permissions. If
there is no value for this column, you must specify all resources ("*") in the
Resource
element of your policy statement. If the column includes a resource type, then
you can specify an ARN of that type in a statement with that action. Required
resources are indicated in the table with an asterisk (*). If you specify a resource-level
permission ARN in a statement using this action, then it must be of this type.
Some actions support multiple resource types. If the resource type is optional (not
indicated as required), then you can choose to use one but not the other.
For details about the columns in the following table, see The actions table .
| Actions | Description | Access level | Resource types (*required) | Condition keys | Dependent actions |
|---|---|---|---|---|---|
| ApproveSkill | Associates a skill with the organization under the customer's AWS account. If a skill is private, the user implicitly accepts access to this skill during enablement. | Write | |||
| AssociateContactWithAddressBook | Associates a contact with a given address book. | Write | |||
| AssociateDeviceWithRoom | Associates device with given room. | Write | |||
| AssociateSkillGroupWithRoom | Associates the skill group with given room. SkillGroup ARN and Room ARN must be specified. | Write | |||
| AssociateSkillWithSkillGroup | Associates a skill with a skill group. | Write | |||
| AssociateSkillWithUsers | Makes a private skill available for enrolled users to enable on their devices. | Write | |||
| CompleteRegistration [permission only] | Completes the operation of registering an Alexa device. | Write | |||
| CreateAddressBook | Creates an address book with the specified details. | Write | |||
| CreateBusinessReportSchedule | Creates a recurring schedule for usage reports to deliver to the specified S3 location with a specified daily or weekly interval. | Write | |||
| CreateConferenceProvider | Adds a new conference provider under the user's AWS account. | Write | |||
| CreateContact | Creates a contact with the specified details. | Write | |||
| CreateProfile | Creates a new profile. | Write | |||
| CreateRoom | Create room with the specified details. | Write | |||
| CreateSkillGroup | Creates a skill group with given name and description. | Write | |||
| CreateUser | Creates a user. | Write | |||
| DeleteAddressBook | Deletes an address book by the address book ARN. | Write | |||
| DeleteBusinessReportSchedule | Deletes the recurring report delivery schedule with the specified schedule ARN. | Write | |||
| DeleteConferenceProvider | Deletes a conference provider. | Write | |||
| DeleteContact | Deletes a contact by the contact ARN. | Write | |||
| DeleteDevice | Removes a device from Alexa For Business. | Write | |||
| DeleteProfile | Delete profile by profile ARN. | Write | |||
| DeleteRoom | Delete room. | Write | |||
| DeleteRoomSkillParameter | Delete a parameter from a skill and room. | Write | |||
| DeleteSkillAuthorization | Unlinks a third-party account from a skill. | Write | |||
| DeleteSkillGroup | Deletes skill group with skill group ARN. Skillgroup ARN must be specified. | Write | |||
| DeleteUser | Delete a user. | Write | |||
| DisassociateContactFromAddressBook | Disassociates a contact from a given address book. | Write | |||
| DisassociateDeviceFromRoom | Disassociates device from its current room. | Write | |||
| DisassociateSkillFromSkillGroup | Disassociates a skill from a skill group. | Write | |||
| DisassociateSkillFromUsers | Makes a private skill unavailable for enrolled users and prevents them from enabling it on their devices. | Write | |||
| DisassociateSkillGroupFromRoom | Disassociates the skill group from given room. SkillGroup ARN and Room ARN must be specified. | Write | |||
| ForgetSmartHomeAppliances | Forgets smart home appliances associated to a room. | Write | |||
| GetAddressBook | Gets the address book details by the address book ARN. | Read | |||
| GetConferencePreference | Retrieves the existing conference preferences. | Read | |||
| GetConferenceProvider | Gets details about a specific conference provider. | Read | |||
| GetContact | Gets the contact details by the contact ARN. | Read | |||
| GetDevice | Get device details. | Read | |||
| GetNetworkProfile | Gets the network profile details by the network profile ARN. | Read | |||
| GetProfile | Gets profile when provided with Profile ARN. | Read | |||
| GetRoom | Get room details. | Read | |||
| GetRoomSkillParameter | Get an existing parameter that has been set for a skill and room. | Read | |||
| GetSkillGroup | Gets skill group details with skill group ARN. Skillgroup ARN must be specified. | Read | |||
| ListBusinessReportSchedules | Lists the details of the schedules that a user configured. | List | |||
| ListConferenceProviders | Lists conference providers under a specific AWS account. | List | |||
| ListDeviceEvents | Lists the device event history, including device connection status, for up to 30 days. | List | |||
| ListSkills | Lists skills. | List | |||
| ListSkillsStoreCategories | Lists all categories in the Alexa skill store. | List | |||
| ListSkillsStoreSkillsByCategory | Lists all skills in the Alexa skill store by category. | List | |||
| ListSmartHomeAppliances | Lists all of the smart home appliances associated with a room. | List | |||
| ListTags | Lists all tags on a resource. | Read | |||
| PutConferencePreference | Sets the conference preferences on a specific conference provider at the account level. | Write | |||
| PutDeviceSetupEvents [permission only] | Publishes Alexa device setup events. | Write | |||
| PutRoomSkillParameter | Put a room specific parameter for a skill. | Write | |||
| PutSkillAuthorization | Links a user's account to a third-party skill provider. If this API operation is called by an assumed IAM role, the skill being linked must be a private skill. Also, the skill must be owned by the AWS account that assumed the IAM role. | Write | |||
| RegisterAVSDevice | Registers an Alexa-enabled device built by an Original Equipment Manufacturer (OEM) using Alexa Voice Service (AVS). | Write | |||
| RegisterDevice [permission only] | Registers an Alexa device. | Write | |||
| RejectSkill | Disassociates a skill from the organization under a user's AWS account. If the skill is a private skill, it moves to an AcceptStatus of PENDING. | Write | |||
| ResolveRoom | Returns resolved room information. | Read | |||
| RevokeInvitation | Revoke an invitation. | Write | |||
| SearchAddressBooks | Searches address books and lists the ones that meet a set of filter and sort criteria. | List | |||
| SearchContacts | Searches contacts and lists the ones that meet a set of filter and sort criteria. | List | |||
| SearchDevices | Search for devices. | List | |||
| SearchNetworkProfiles | Searches network profiles and lists the ones that meet a set of filter and sort criteria. | List | |||
| SearchProfiles | Search for profiles. | List | |||
| SearchRooms | Search for rooms. | List | |||
| SearchSkillGroups | Search for skill groups. | List | |||
| SearchUsers | Search for users. | List | |||
| SendInvitation | Send an invitation to a user. | Write | |||
| StartDeviceSync | Restore the device and its account to its known, default settings by clearing all information and settings set by its previous users. | Write | |||
| StartSmartHomeApplianceDiscovery | Initiates the discovery of any smart home appliances associated with the room. | Read | |||
| TagResource | Adds metadata tags to a resource. | Tagging | |||
| UntagResource | Removes metadata tags from a resource. | Tagging | |||
| UpdateAddressBook | Updates address book details by the address book ARN. | Write | |||
| UpdateBusinessReportSchedule | Updates the configuration of the report delivery schedule with the specified schedule ARN. | Write | |||
| UpdateConferenceProvider | Updates an existing conference provider's settings. | Write | |||
| UpdateContact | Updates the contact details by the contact ARN. | Write | |||
| UpdateDevice | Updates device name. | Write | |||
| UpdateProfile | Updates an existing profile. | Write | |||
| UpdateRoom | Update room details. | Write | |||
| UpdateSkillGroup | Updates skill group details with skill group ARN. Skillgroup ARN must be specified. | Write |
Resource types defined by Alexa for Business
The following resource types are defined by this service and can be used in the
Resource
element of IAM permission policy statements. Each action in the
Actions table
identifies the resource types that can be specified with that action. A resource
type can also define which condition keys you can include in a policy. These
keys are displayed in the last column of the table. For details about the columns
in the following table, see
The resource types table
.
| Resource types | ARN | Condition keys |
|---|---|---|
| profile |
arn:$
{
Partition}:a4b:$
{
Region}:$
{
Account}:profile/$
{
Resource_id}
|
|
| room |
arn:$
{
Partition}:a4b:$
{
Region}:$
{
Account}:room/$
{
Resource_id}
|
|
| device |
arn:$
{
Partition}:a4b:$
{
Region}:$
{
Account}:device/$
{
Resource_id}
|
|
| skillgroup |
arn:$
{
Partition}:a4b:$
{
Region}:$
{
Account}:skill-group/$
{
Resource_id}
|
|
| user |
arn:$
{
Partition}:a4b:$
{
Region}:$
{
Account}:user/$
{
Resource_id}
|
|
| addressbook |
arn:$
{
Partition}:a4b:$
{
Region}:$
{
Account}:address-book/$
{
Resource_id}
|
|
| conferenceprovider |
arn:$
{
Partition}:a4b:$
{
Region}:$
{
Account}:conference-provider/$
{
Resource_id}
|
|
| contact |
arn:$
{
Partition}:a4b:$
{
Region}:$
{
Account}:contact/$
{
Resource_id}
|
|
| schedule |
arn:$
{
Partition}:a4b:$
{
Region}:$
{
Account}:schedule/$
{
Resource_id}
|
|
| networkprofile |
arn:$
{
Partition}:a4b:$
{
Region}:$
{
Account}:network-profile/$
{
Resource_id}
|
Condition keys for Alexa for Business
Alexa for Business defines the following condition keys that can be used in the
Condition
element of an IAM policy. You can use these keys to further refine the conditions
under which the policy statement applies. For details about the columns in the
following table, see
The condition keys table
.
To view the global condition keys that are available to all services, see Available global condition keys .
| Condition keys | Description | Type |
|---|---|---|
| a4b:amazonId | Filters actions based on the Amazon Id in the request | String |
| a4b:filters_deviceType | Filters actions based on the device type in the request | String |
| aws:RequestTag/${TagKey} | Filters actions based on the allowed set of values for each of the tags | String |
| aws:ResourceTag/${TagKey} | Filters actions based on tag-value assoicated with the resource | String |
| aws:TagKeys | Filters actions based on the presence of mandatory tags in the request | String |
