Octroi NeptuneConsoleFullAccess à l'aide de politiques AWS gérées - Amazon Neptune

Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.

Octroi NeptuneConsoleFullAccess à l'aide de politiques AWS gérées

La politique NeptuneConsoleFullAccessgérée ci-dessous accorde un accès complet à toutes les actions et ressources de Neptune à des fins administratives, mais pas à des fins d'accès aux données. Il inclut également des autorisations supplémentaires pour simplifier l'accès à Neptune depuis la console, notamment des autorisations limitées et des autorisations IAM Amazon EC2 (VPC).

Note

Cette politique a été mise à jour le 29-11-2023 afin d’inclure les autorisations nécessaires pour interagir avec les graphes de Neptune Analytics.

Cette politique a été mise à jour le 21-07-2022 afin d’inclure des autorisations pour les actions de base de données globales.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowNeptuneCreate", "Effect": "Allow", "Action": [ "rds:CreateDBCluster", "rds:CreateDBInstance" ], "Resource": [ "arn:aws:rds:*:*:*" ], "Condition": { "StringEquals": { "rds:DatabaseEngine": [ "graphdb", "neptune" ] } } }, { "Sid": "AllowManagementPermissionsForRDS", "Action": [ "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Sid": "AllowOtherDepedentPermissions", "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:AllocateAddress", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AssociateRouteTable", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateVpcCidrBlock", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkInterface", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpoint", "ec2:DescribeAccountAttributes", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeNatGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "iam:ListRoles", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Sid": "AllowPassRoleForNeptune", "Action": "iam:PassRole", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "iam:passedToService": "rds.amazonaws.com" } } }, { "Sid": "AllowCreateSLRForNeptune", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", "Condition": { "StringLike": { "iam:AWSServiceName": "rds.amazonaws.com" } } }, { "Sid": "AllowManagementPermissionsForNeptuneAnalytics", "Effect": "Allow", "Action": [ "neptune-graph:CreateGraph", "neptune-graph:DeleteGraph", "neptune-graph:GetGraph", "neptune-graph:ListGraphs", "neptune-graph:UpdateGraph", "neptune-graph:ResetGraph", "neptune-graph:CreateGraphSnapshot", "neptune-graph:DeleteGraphSnapshot", "neptune-graph:GetGraphSnapshot", "neptune-graph:ListGraphSnapshots", "neptune-graph:RestoreGraphFromSnapshot", "neptune-graph:CreatePrivateGraphEndpoint", "neptune-graph:GetPrivateGraphEndpoint", "neptune-graph:ListPrivateGraphEndpoints", "neptune-graph:DeletePrivateGraphEndpoint", "neptune-graph:CreateGraphUsingImportTask", "neptune-graph:GetImportTask", "neptune-graph:ListImportTasks", "neptune-graph:CancelImportTask" ], "Resource": [ "arn:aws:neptune-graph:*:*:*" ] }, { "Sid": "AllowPassRoleForNeptuneAnalytics", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:passedToService": "neptune-graph.amazonaws.com" } } }, { "Sid": "AllowCreateSLRForNeptuneAnalytics", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/neptune-graph.amazonaws.com/AWSServiceRoleForNeptuneGraph", "Condition": { "StringLike": { "iam:AWSServiceName": "neptune-graph.amazonaws.com" } } } ] }