API Token permissions

Stax API permissions using API Tokens

Article Tags
On This Page
See also

API Tokens provide programmatic access to the Stax API and cannot be used to log into the Stax console. The below table provides a a list of permissions for each Stax role used to manage the access level of your API Token.

KeyDescription
tickUser can perform this action
crossUser cannot perform this action

ActionsRootAdminUserReadonlyDescription
accounts:CreateAccountticktickcrosscrossAllows the token to create an Account
accounts:CreateAccountTypeticktickcrosscrossAllows the token to create an Account Type
accounts:DeleteAccountTypeticktickcrosscrossAllows the token to delete an Account Type
accounts:DiscoverAccountsticktickcrosscrossAllows the token to discover AWS Accounts associated with the Organization
accounts:OnboardAccountsticktickcrosscrossAllows the token to onboard AWS Accounts associated with the Organization
accounts:ReadAccountTypesticktickticktickAllows the token to view Account Types
accounts:ReadAccountsticktickticktickAllows the token to view Accounts
accounts:UpdateAccountticktickcrosscrossAllows the token to update an Account name, description and tags
accounts:UpdateAccountTypeticktickcrosscrossAllows the token to update an Account Type
accounts:UpdateAccountTypeAccessticktickcrosscrossAllows the token to add an AWS role to an Account Type
account:UpdateAccountTypeMembersticktickcrosscrossAllows the token to move accounts between Account Types
account:UpdatePoliciesticktickcrosscrossAllows the token to add or remove Policies from an Account Type
alias:CheckAliasAvailabilitytickticktickAllows token to check if a Customer Alias is already in use
networking:CreateCIDRExclusionticktickcrosscrossAllows the token to create a CIDR Exclusion
networking:CreateCIDRRangeticktickcrosscrossAllows the token to create a CIDR Range
networking:CreateDnsResolverticktickcrosscrossAllows the token to create a DNS Resolver
networking:CreateDnsRuleticktickcrosscrossAllows the token to create a DNS Rule
networking:CreateDxAssociationticktickcrosscrossAllows the token to create a DX Association between a Stax Networking Hub or Stax VPC and a Stax DX Gateway
networking:CreateDxResourceticktickcrosscrossAllows the token to create a DX Resource, a DX Gateway and/or DX Vif
networking:CreateHubticktickcrosscrossAllows the token to create a Networking Hub
networking:CreateVPCtickticktickcrossAllows the token to create a VPC
networking:CreateVpnConnectiontickticktickcrossAllows the token to create a VPN Connection between a Stax Networking Hub or Stax VPC and a Stax VPN Customer Gateway
networking:CreateVpnCustomerGatewaytickticktickcrossAllows the token to create a VPN Customer Gateway
networking:DeleteCIDRExclusionticktickcrosscrossAllows the token to delete a CIDR Exclusion
networking:DeleteCIDRRangeticktickcrosscrossAllows the token to delete a CIDR Range
networking:DeleteDnsResolverticktickcrosscrossAllows the token to delete a DNS Resolver within a Stax Networking Hub
networking:DeleteDnsRuleticktickcrosscrossAllows the token to delete a DNS Rule
networking:DeleteDxAssociationticktickcrosscrossAllows the token to delete a DX Association
networking:DeleteDxGatewayticktickcrosscrossAllows the token to delete a DX Gateway
networking:DeleteDxVifticktickcrosscrossAllows the token to delete a DX Vif
networking:DeleteHubticktickcrosscrossAllows the token to delete a Networking Hub
networking:DeleteVPCtickticktickcrossAllows the token to delete a VPC
networking:DeleteVpnConnectiontickticktickcrossAllows the token to delete a VPN Connection with a Stax VPN Customer Gateway
networking:DeleteVpnCustomerGatewaytickticktickcrossAllows the token to delete a Stax VPN Customer Gateway
networking:ReadCIDRExclusionsticktickticktickAllows the token to view CIDR Exclusions
networking:ReadCIDRRangeticktickticktickAllows the token to view CIDR Ranges
networking:ReadDnsResolversticktickticktickAllows the token to view DNS Resolvers for a Stax Networking Hub
networking:ReadDnsRulesticktickticktickAllows the token to view DNS Rules for Stax DNS Resolvers
networking:ReadDxAssociationsticktickticktickAllows the token to view DX Associations
networking:ReadDxConnectionsticktickticktickAllows the token to view DX Connections within Accounts
networking:ReadDxResourcesticktickticktickAllows the token to view DX Gateways
networking:ReadDxVifStatusticktickticktickAllows the token to view DX Vifs
networking:ReadHubsticktickticktickAllows the token to view Networking Hubs
networking:ReadVPCsticktickticktickAllows the token to view VPCs
networking:ReadVpnConnectiontickticktickcrossAllows the token to view VPN Connections
networking:ReadVpnConnectionStatustickticktickcrossAllows the token to view the connectivity status of VPN Tunnels for VPN Connections
networking:ReadVpnCustomerGatewaystickticktickcrossAllows the token to view VPN Customer Gateways
networking:UpdateCIDRExclusionticktickcrosscrossAllows the token to update a CIDR Exclusion
networking:UpdateCIDRRangeticktickcrosscrossAllows the token to update a CIDR Range
networking:UpdateDnsResolverticktickcrosscrossAllows the token to update a DNS Resolver
networking:UpdateDnsRuleticktickcrosscrossAllows the token to update a DNS Rule
networking:UpdateDxAssociationticktickcrosscrossAllows the token to update a DX Association
networking:UpdateDxVifticktickcrosscrossAllows the token to update a DX Vif
networking:UpdateHubticktickcrosscrossAllows the token to update a Networking Hub
networking:UpdateVPCtickticktickcrossAllows the token to update a VPC
networking:UpdateVpnConnectionticktickcrosscrossAllows the token to update a VPN Connection
networking:UpdateVpnCustomerGatewayticktickcrosscrossAllows the token to update a VPN Customer Gateway
organisations:AttachPolicyticktickcrosscrossAllows the token to attach a Policy to an Organisation
organisations:CreatePolicyticktickcrosscrossAllows the token to create a Policy
organisations:DeletePolicyticktickcrosscrossAllows the token to delete a Policy
organisations:DetachPolicyticktickcrosscrossAllows the token to detach a Policy from an Organisation
organisations:ReadOrganisationticktickticktickAllows the token to view their Organisation details
organisations:ReadPoliciesticktickticktickAllows the token to view Policies
organisations:UpdatePolicyticktickcrosscrossAllows the token to update a Policy
tasks:ReadTaskstickticktickAllows the token to view the status of a task
tasks:ReadTasksbyStatustickticktickAllows the token to view tasks by status
teams:CreateAPITokenticktickcrosscrossAllows the token to create an API Token
teams:CreateGroupticktickcrosscrossAllows the token to create a Group
teams:CreateUserticktickcrosscrossAllows the token to invite a new team member
teams:DeleteAPITokenticktickcrosscrossAllows the token to delete an API Token
teams:DeleteGroupticktickcrosscrossAllows the token to delete a Group
teams:DeleteUserticktickcrosscrossAllows the token to delete a team member
teams:ReadAPITokensticktickticktickAllows the token to view API Tokens
teams:ReadGroupsticktickticktickAllows the token to view Groups
teams:ReadUsersticktickticktickAllows the token to view all team members
teams:UpdateAPITokensticktickcrosscrossAllows the token to update an API Token
teams:UpdateGroupticktickcrosscrossAllows the token to update a Group
teams:UpdateGroupMembersticktickcrosscrossAllows the token to add a Group member
teams:UpdateUserticktickcrosscrossAllows the token to update a team member's details or deactivate/activate them
teams:UpdateUserPasswordtickticktickcrossAllows the token to request a password reset
workloads:CreateCatalogueItemticktickcrosscrossAllows the token to create a Workload Catalogue Item
workloads:CreateCatalogueVersionticktickcrosscrossAllows the token to create a Workload Catalogue Version within a Workload Catalogue Item
workloads:CreateWorkloadtickticktickcrossAllows the token to deploy a Workload
workloads:DeleteCatalogueItemticktickcrosscrossAllows the token to delete a Workload Catalogue Item
workloads:DeleteCatalogueVersionticktickcrosscrossAllows the token to delete a Workload Catalogue Version
workloads:DeleteWorkloadtickticktickcrossAllows the token to deactivate a Workload
workloads:ReadCatalogueItemsticktickticktickAllows the token to view the Workload Catalogue
workloads:ReadCatalogueManifestticktickticktickAllows the token to view a Workload Catalogue Manifest
workloads:ReadCatalogueTemplateticktickticktickAllows the token to view the Workload Cloudformation Template
workloads:ReadWorkloadsticktickticktickAllows the token to view a active Workloads
workloads:UpdateWorkloadtickticktickcrossAllows the token to update an active Workload

See also