Policy: AWSDirectoryServiceFullAccess ARN: arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess Allowed Actions Actions Services ds:* ds ec2:AuthorizeSecurityGroupEgress ec2 ec2:AuthorizeSecurityGroupIngress ec2 ec2:CreateNetworkInterface ec2 ec2:CreateSecurityGroup ec2 ec2:CreateTags ec2 ec2:DeleteNetworkInterface ec2 ec2:DeleteSecurityGroup ec2 ec2:DeleteTags ec2 ec2:DescribeNetworkInterfaces ec2 ec2:DescribeSecurityGroups ec2 ec2:DescribeSubnets ec2 ec2:DescribeVpcs ec2 ec2:RevokeSecurityGroupEgress ec2 ec2:RevokeSecurityGroupIngress ec2 iam:ListRoles iam organizations:DescribeAccount organizations organizations:DescribeOrganization organizations organizations:DisableAWSServiceAccess organizations organizations:EnableAWSServiceAccess organizations organizations:ListAWSServiceAccessForOrganization organizations organizations:ListAccounts organizations organizations:ListAccountsForParent organizations organizations:ListOrganizationalUnitsForParent organizations organizations:ListRoots organizations sns:CreateTopic sns sns:DeleteTopic sns sns:GetTopicAttributes sns sns:ListSubscriptions sns sns:ListSubscriptionsByTopic sns sns:ListTopics sns sns:SetTopicAttributes sns sns:Subscribe sns sns:Unsubscribe sns