API Token permissions
Stax API permissions using API Tokens
Article Tags
On This Page
See alsoAPI Tokens provide programmatic access to the Stax API and cannot be used to log into the Stax console. The below table provides a a list of permissions for each Stax role used to manage the access level of your API Token.
Key | Description |
---|---|
User can perform this action | |
User cannot perform this action |
Actions | Root | Admin | User | Readonly | Description |
---|---|---|---|---|---|
accounts:CreateAccount | Allows the token to create an Account | ||||
accounts:CreateAccountType | Allows the token to create an Account Type | ||||
accounts:DeleteAccountType | Allows the token to delete an Account Type | ||||
accounts:DiscoverAccounts | Allows the token to discover AWS Accounts associated with the Organization | ||||
accounts:OnboardAccounts | Allows the token to onboard AWS Accounts associated with the Organization | ||||
accounts:ReadAccountTypes | Allows the token to view Account Types | ||||
accounts:ReadAccounts | Allows the token to view Accounts | ||||
accounts:UpdateAccount | Allows the token to update an Account name, description and tags | ||||
accounts:UpdateAccountType | Allows the token to update an Account Type | ||||
accounts:UpdateAccountTypeAccess | Allows the token to add an AWS role to an Account Type | ||||
account:UpdateAccountTypeMembers | Allows the token to move accounts between Account Types | ||||
account:UpdatePolicies | Allows the token to add or remove Policies from an Account Type | ||||
alias:CheckAliasAvailability | Allows token to check if a Customer Alias is already in use | ||||
networking:CreateCIDRExclusion | Allows the token to create a CIDR Exclusion | ||||
networking:CreateCIDRRange | Allows the token to create a CIDR Range | ||||
networking:CreateDnsResolver | Allows the token to create a DNS Resolver | ||||
networking:CreateDnsRule | Allows the token to create a DNS Rule | ||||
networking:CreateDxAssociation | Allows the token to create a DX Association between a Stax Networking Hub or Stax VPC and a Stax DX Gateway | ||||
networking:CreateDxResource | Allows the token to create a DX Resource, a DX Gateway and/or DX Vif | ||||
networking:CreateHub | Allows the token to create a Networking Hub | ||||
networking:CreateVPC | Allows the token to create a VPC | ||||
networking:CreateVpnConnection | Allows the token to create a VPN Connection between a Stax Networking Hub or Stax VPC and a Stax VPN Customer Gateway | ||||
networking:CreateVpnCustomerGateway | Allows the token to create a VPN Customer Gateway | ||||
networking:DeleteCIDRExclusion | Allows the token to delete a CIDR Exclusion | ||||
networking:DeleteCIDRRange | Allows the token to delete a CIDR Range | ||||
networking:DeleteDnsResolver | Allows the token to delete a DNS Resolver within a Stax Networking Hub | ||||
networking:DeleteDnsRule | Allows the token to delete a DNS Rule | ||||
networking:DeleteDxAssociation | Allows the token to delete a DX Association | ||||
networking:DeleteDxGateway | Allows the token to delete a DX Gateway | ||||
networking:DeleteDxVif | Allows the token to delete a DX Vif | ||||
networking:DeleteHub | Allows the token to delete a Networking Hub | ||||
networking:DeleteVPC | Allows the token to delete a VPC | ||||
networking:DeleteVpnConnection | Allows the token to delete a VPN Connection with a Stax VPN Customer Gateway | ||||
networking:DeleteVpnCustomerGateway | Allows the token to delete a Stax VPN Customer Gateway | ||||
networking:ReadCIDRExclusions | Allows the token to view CIDR Exclusions | ||||
networking:ReadCIDRRange | Allows the token to view CIDR Ranges | ||||
networking:ReadDnsResolvers | Allows the token to view DNS Resolvers for a Stax Networking Hub | ||||
networking:ReadDnsRules | Allows the token to view DNS Rules for Stax DNS Resolvers | ||||
networking:ReadDxAssociations | Allows the token to view DX Associations | ||||
networking:ReadDxConnections | Allows the token to view DX Connections within Accounts | ||||
networking:ReadDxResources | Allows the token to view DX Gateways | ||||
networking:ReadDxVifStatus | Allows the token to view DX Vifs | ||||
networking:ReadHubs | Allows the token to view Networking Hubs | ||||
networking:ReadVPCs | Allows the token to view VPCs | ||||
networking:ReadVpnConnection | Allows the token to view VPN Connections | ||||
networking:ReadVpnConnectionStatus | Allows the token to view the connectivity status of VPN Tunnels for VPN Connections | ||||
networking:ReadVpnCustomerGateways | Allows the token to view VPN Customer Gateways | ||||
networking:UpdateCIDRExclusion | Allows the token to update a CIDR Exclusion | ||||
networking:UpdateCIDRRange | Allows the token to update a CIDR Range | ||||
networking:UpdateDnsResolver | Allows the token to update a DNS Resolver | ||||
networking:UpdateDnsRule | Allows the token to update a DNS Rule | ||||
networking:UpdateDxAssociation | Allows the token to update a DX Association | ||||
networking:UpdateDxVif | Allows the token to update a DX Vif | ||||
networking:UpdateHub | Allows the token to update a Networking Hub | ||||
networking:UpdateVPC | Allows the token to update a VPC | ||||
networking:UpdateVpnConnection | Allows the token to update a VPN Connection | ||||
networking:UpdateVpnCustomerGateway | Allows the token to update a VPN Customer Gateway | ||||
organisations:AttachPolicy | Allows the token to attach a Policy to an Organization | ||||
organisations:CreatePolicy | Allows the token to create a Policy | ||||
organisations:DeletePolicy | Allows the token to delete a Policy | ||||
organisations:DetachPolicy | Allows the token to detach a Policy from an Organization | ||||
organisations:ReadOrganisation | Allows the token to view their Organization details | ||||
organisations:ReadPolicies | Allows the token to view Policies | ||||
organisations:UpdatePolicy | Allows the token to update a Policy | ||||
tasks:ReadTasks | Allows the token to view the status of a task | ||||
tasks:ReadTasksbyStatus | Allows the token to view tasks by status | ||||
teams:CreateAPIToken | Allows the token to create an API Token | ||||
teams:CreateGroup | Allows the token to create a Group | ||||
teams:CreateUser | Allows the token to invite a new team member | ||||
teams:DeleteAPIToken | Allows the token to delete an API Token | ||||
teams:DeleteGroup | Allows the token to delete a Group | ||||
teams:DeleteUser | Allows the token to delete a team member | ||||
teams:ReadAPITokens | Allows the token to view API Tokens | ||||
teams:ReadGroups | Allows the token to view Groups | ||||
teams:ReadUsers | Allows the token to view all team members | ||||
teams:UpdateAPITokens | Allows the token to update an API Token | ||||
teams:UpdateGroup | Allows the token to update a Group | ||||
teams:UpdateGroupMembers | Allows the token to add a Group member | ||||
teams:UpdateUser | Allows the token to update a team member's details or deactivate/activate them | ||||
teams:UpdateUserPassword | Allows the token to request a password reset | ||||
workloads:CreateCatalogueItem | Allows the token to create a Workload Catalogue Item | ||||
workloads:CreateCatalogueVersion | Allows the token to create a Workload Catalogue Version within a Workload Catalogue Item | ||||
workloads:CreateWorkload | Allows the token to deploy a Workload | ||||
workloads:DeleteCatalogueItem | Allows the token to delete a Workload Catalogue Item | ||||
workloads:DeleteCatalogueVersion | Allows the token to delete a Workload Catalogue Version | ||||
workloads:DeleteWorkload | Allows the token to deactivate a Workload | ||||
workloads:ReadCatalogueItems | Allows the token to view the Workload Catalogue | ||||
workloads:ReadCatalogueManifest | Allows the token to view a Workload Catalogue Manifest | ||||
workloads:ReadCatalogueTemplate | Allows the token to view the Workload Cloudformation Template | ||||
workloads:ReadWorkloads | Allows the token to view a active Workloads | ||||
workloads:UpdateWorkload | Allows the token to update an active Workload |