bedrock:TagResource
Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.
Policies (any)
10
Allow (Action)
10
Deny (Action)
0
NotAction
1
Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).
Action reference
SAR-style (unofficial)Service: Amazon Bedrock
Access level
TaggingDescription
Grants permission to Tag a Bedrock resource
Resource types
- agent
- agent-alias
- application-inference-profile
- async-invoke
- automated-reasoning-policy
- automated-reasoning-policy-version
- blueprint
- blueprint-optimization-invocation
- custom-model
- custom-model-deployment
- data-automation-invocation-job
- data-automation-project
- evaluation-job
- flow
- flow-alias
- guardrail
- imported-model
- knowledge-base
- model-copy-job
- model-customization-job
- model-evaluation-job
- model-import-job
- model-invocation-job
- prompt
- prompt-router
- prompt-version
- provisioned-model
- session
Allow (Action)
- AmazonBedrockLimitedAccess
- AmazonBedrockStudioPermissionsBoundary
- AmazonDataZoneBedrockModelConsumptionPolicy
- AmazonDataZoneBedrockModelManagementPolicy
- AmazonDataZoneFullAccess
- AmazonSageMakerCanvasAIServicesAccess
- SageMakerStudioFullAccess
- SageMakerStudioProjectProvisioningRolePolicy
- SageMakerStudioProjectUserRolePermissionsBoundary
- SageMakerStudioProjectUserRolePolicy
Deny (Action)
None
Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.
Definitions bundle generated 4/7/2026, 3:29:24 AM