Die vorliegende Übersetzung wurde maschinell erstellt. Im Falle eines Konflikts oder eines Widerspruchs zwischen dieser übersetzten Fassung und der englischen Fassung (einschließlich infolge von Verzögerungen bei der Übersetzung) ist die englische Fassung maßgeblich.
# AWSRefactoringToolkitFullAccess
**Beschreibung**: Diese Richtlinie gewährt die Erlaubnis zur Nutzung von AWS Diensten mit der AWS Toolkit for .NET Refactoring-Erweiterung für Microsoft Visual Studio. Sie soll an ein lokales Profil angehängt werden. AWS Die Richtlinie ermöglicht das Hochladen von Anwendungsartefakten und das Herunterladen der resultierenden Artefakte von Amazon S3. Es ermöglicht das Erstellen von Anwendungen in einem Container-Image mithilfe AWS CodeBuild und Speichern und Abrufen der Images aus Amazon Elastic Container Registry (Amazon ECR). Und es ermöglicht die Bereitstellung der Anwendung für Container-Services AWS wie Amazon Elastic Container Service (Amazon ECS), die optionale Erstellung von VPC-Ressourcen, die optionale Verbindung zu vorhandener Infrastruktur wie AWS Directory Service und andere verwandte Dienste.
`AWSRefactoringToolkitFullAccess`ist eine [AWS verwaltete Richtlinie](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies).
## Diese Richtlinie wird verwendet
Sie können `AWSRefactoringToolkitFullAccess` an Ihre Benutzer, Gruppen und Rollen anfügen.
## Details zur Richtlinie
+ **Typ**: AWS verwaltete Richtlinie
+ **Erstellungszeit**: 25. Oktober 2022, 16:41 UTC
+ **Bearbeitete Zeit:** 12. Februar 2026, 17:57 UTC
+ **ARN**: `arn:aws:iam::aws:policy/AWSRefactoringToolkitFullAccess`
## Version der Richtlinie
**Richtlinienversion:** v8 (Standard)
Die Standardversion der Richtlinie ist die Version, die die Berechtigungen für die Richtlinie definiert. Wenn ein Benutzer oder eine Rolle mit der Richtlinie eine Anfrage zum Zugriff auf eine AWS Ressource stellt, AWS überprüft er die Standardversion der Richtlinie, um festzustellen, ob die Anfrage zulässig ist.
## JSON-Richtliniendokument
```
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : [
"a2c:GetContainerizationJobDetails",
"a2c:GetDeploymentJobDetails",
"a2c:StartContainerizationJob",
"a2c:StartDeploymentJob"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"cloudformation:CreateChangeSet",
"cloudformation:CreateStack",
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStackEvents",
"cloudformation:ExecuteChangeSet",
"cloudformation:UpdateStack",
"cloudformation:TagResource",
"cloudformation:UntagResource"
],
"Resource" : [
"arn:*:cloudformation:*:*:stack/a2c-app-*",
"arn:*:cloudformation:*:*:stack/a2c-build-*",
"arn:*:cloudformation:*:*:stack/application-transformation-app-*"
]
},
{
"Effect" : "Allow",
"Action" : [
"codebuild:CreateProject",
"codebuild:UpdateProject"
],
"Resource" : "arn:aws:codebuild:*:*:project/*",
"Condition" : {
"Null" : {
"aws:RequestTag/a2c-generated" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"codebuild:StartBuild"
],
"Resource" : "arn:aws:codebuild:*:*:project/*"
},
{
"Effect" : "Allow",
"Action" : [
"ec2:CreateSecurityGroup"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"ec2:CreateInternetGateway",
"ec2:CreateKeyPair",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSubnet",
"ec2:CreateVpc",
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:RequestTag/a2c-generated" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ec2:CreateInternetGateway",
"ec2:CreateKeyPair",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSubnet",
"ec2:CreateVpc",
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:RequestTag/application-transformation" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ec2:CreateTags"
],
"Resource" : "arn:aws:ec2:*:*:security-group/*",
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : [
"application-transformation.amazonaws.com"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ec2:CreateTags"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"ec2:CreateAction" : [
"AuthorizeSecurityGroupIngress",
"CreateInternetGateway",
"CreateKeyPair",
"CreateRoute",
"CreateRouteTable",
"CreateSubnet",
"CreateVpc"
]
},
"Null" : {
"aws:RequestTag/application-transformation" : "false"
},
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : [
"application-transformation.amazonaws.com"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ec2:AssociateRouteTable",
"ec2:AttachInternetGateway",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DeleteTags",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:RevokeSecurityGroupIngress",
"ec2:CreateSubnet",
"ec2:CreateRoute",
"ec2:CreateRouteTable"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:ResourceTag/a2c-generated" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ec2:AssociateRouteTable",
"ec2:AttachInternetGateway",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DeleteTags",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:RevokeSecurityGroupIngress",
"ec2:CreateSubnet",
"ec2:CreateRoute",
"ec2:CreateRouteTable"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:ResourceTag/application-transformation" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecr:CreateRepository",
"ecr:TagResource"
],
"Resource" : "arn:*:ecr:*:*:repository/*",
"Condition" : {
"Null" : {
"aws:RequestTag/a2c-generated" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecr:CreateRepository",
"ecr:TagResource"
],
"Resource" : "arn:*:ecr:*:*:repository/*",
"Condition" : {
"Null" : {
"aws:RequestTag/application-transformation" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecr:GetLifecyclePolicy",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:ListTagsForResource",
"ecr:TagResource",
"ecr:UntagResource"
],
"Resource" : "arn:*:ecr:*:*:repository/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/a2c-generated" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecr:GetLifecyclePolicy",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:ListTagsForResource",
"ecr:TagResource",
"ecr:UntagResource"
],
"Resource" : "arn:*:ecr:*:*:repository/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/application-transformation" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecs:CreateCluster",
"ecs:CreateService",
"ecs:RegisterTaskDefinition",
"ecs:TagResource"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:RequestTag/a2c-generated" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecs:CreateCluster",
"ecs:CreateService",
"ecs:RegisterTaskDefinition",
"ecs:TagResource"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:RequestTag/application-transformation" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecs:UpdateService",
"ecs:TagResource",
"ecs:UntagResource"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:ResourceTag/a2c-generated" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecs:UpdateService",
"ecs:TagResource",
"ecs:UntagResource"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:ResourceTag/application-transformation" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecs:DescribeTaskDefinition"
],
"Resource" : "*",
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : "cloudformation.amazonaws.com"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecs:ExecuteCommand"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"ecs:container-name" : "a2c-sidecar"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecs:ExecuteCommand"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"ecs:container-name" : "application-transformation-sidecar"
}
}
},
{
"Effect" : "Allow",
"Action" : "iam:CreateServiceLinkedRole",
"Resource" : "arn:aws:iam::*:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS",
"Condition" : {
"StringLike" : {
"iam:AWSServiceName" : "ecs.amazonaws.com"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"logs:CreateLogGroup",
"logs:TagResource"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:/aws/codebuild/*:*",
"arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*",
"arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*"
],
"Condition" : {
"Null" : {
"aws:RequestTag/a2c-generated" : "false"
},
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"a2c-generated"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"logs:CreateLogGroup",
"logs:TagResource"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*",
"arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*"
],
"Condition" : {
"Null" : {
"aws:RequestTag/application-transformation" : "false"
},
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"application-transformation"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"logs:GetLogEvents"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:/aws/codebuild/*:*",
"arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*",
"arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*"
],
"Condition" : {
"Null" : {
"aws:ResourceTag/a2c-generated" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"logs:GetLogEvents"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*",
"arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*"
],
"Condition" : {
"Null" : {
"aws:ResourceTag/application-transformation" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ssm:AddTagsToResource",
"ssm:GetParameters",
"ssm:PutParameter",
"ssm:RemoveTagsFromResource"
],
"Resource" : "arn:aws:ssm:*:*:parameter/a2c-generated-check-ecs-slr-*"
},
{
"Effect" : "Allow",
"Action" : [
"ssm:DescribeSessions",
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource" : [
"arn:aws:s3:::*/refactoringtoolkit*",
"arn:aws:s3:::*/a2c-generated*",
"arn:aws:s3:::*/application-transformation*"
]
},
{
"Effect" : "Allow",
"Action" : [
"s3:ListBucket"
],
"Resource" : "arn:aws:s3:::*",
"Condition" : {
"StringLike" : {
"s3:prefix" : [
"application-transformation",
"refactoringtoolkit"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"cloudformation:DescribeStacks",
"cloudformation:ListStacks",
"clouddirectory:ListDirectories",
"codebuild:BatchGetProjects",
"codebuild:BatchGetBuilds",
"ds:DescribeDirectories",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeInternetGateways",
"ec2:DescribeKeyPairs",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"ecr:DescribeImages",
"ecr:DescribeRepositories",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:ListTagsForResource",
"ecs:ListTasks",
"iam:ListRoles",
"s3:GetBucketLocation",
"s3:GetBucketVersioning",
"s3:ListAllMyBuckets",
"secretsmanager:ListSecrets"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : "iam:GetRole",
"Resource" : "arn:aws:iam::*:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS"
},
{
"Effect" : "Allow",
"Action" : [
"s3:GetObject"
],
"Resource" : [
"arn:aws:s3:::aws.portingassistant.dotnet.datastore",
"arn:aws:s3:::aws.portingassistant.dotnet.datastore/*"
]
},
{
"Effect" : "Allow",
"Action" : [
"application-transformation:StartPortingCompatibilityAssessment",
"application-transformation:GetPortingCompatibilityAssessment",
"application-transformation:StartPortingRecommendationAssessment",
"application-transformation:GetPortingRecommendationAssessment",
"application-transformation:PutLogData",
"application-transformation:PutMetricData",
"application-transformation:StartContainerization",
"application-transformation:GetContainerization",
"application-transformation:StartDeployment",
"application-transformation:GetDeployment"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"kms:Decrypt",
"kms:Encrypt",
"kms:DescribeKey",
"kms:GenerateDataKey"
],
"Resource" : "arn:aws:kms:*::*",
"Condition" : {
"ForAnyValue:StringLike" : {
"kms:ResourceAliases" : "alias/application-transformation*"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecr:InitiateLayerUpload",
"ecr:PutImage",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer"
],
"Resource" : "arn:*:ecr:*:*:repository/*",
"Condition" : {
"Null" : {
"ecr:ResourceTag/application-transformation" : "false"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ecr:GetAuthorizationToken"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"kms:CreateGrant"
],
"Resource" : "arn:aws:kms:*::*",
"Condition" : {
"Bool" : {
"kms:GrantIsForAWSResource" : true
},
"ForAnyValue:StringLike" : {
"kms:ResourceAliases" : "alias/application-transformation*"
}
}
}
]
}
```
## Weitere Informationen
+ [Erstellen Sie einen Berechtigungssatz mithilfe AWS verwalteter Richtlinien im IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtocreatepermissionset.html)
+ [Hinzufügen und Entfernen von IAM-Identitätsberechtigungen](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html)
+ [Verstehen Sie die Versionierung von IAM-Richtlinien](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies_managed-versioning.html)
+ [Beginnen Sie mit AWS verwalteten Richtlinien und wechseln Sie zu Berechtigungen mit den geringsten Rechten](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html#bp-use-aws-defined-policies)