Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
# Autentikasi dan otorisasi API untuk Amazon MQ
Amazon MQ menggunakan penandatanganan AWS permintaan standar untuk otentikasi API. Untuk informasi selengkapnya, lihat [Menandatangani Permintaan API AWS](https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) di *Referensi Umum AWS*.
**catatan**
Saat ini, Amazon MQ tidak mendukung autentikasi IAM menggunakan izin berbasis sumber daya atau kebijakan berbasis sumber daya.
Untuk mengizinkan AWS pengguna untuk bekerja dengan broker, konfigurasi, dan pengguna, Anda harus mengedit izin kebijakan IAM Anda.
**Topics**
+ [Izin IAM yang Diperlukan untuk Membuat Broker Amazon MQ](#security-permissions-required-to-create-broker)
+ [Referensi izin REST API Amazon MQ](#security-api-permissions-reference)
+ [Referensi izin tambahan Amazon MQ](#security-amq-additional-permissions)
+ [Izin tingkat sumber daya untuk tindakan API Amazon MQ](#security-supported-iam-actions-resources)
## Izin IAM yang Diperlukan untuk Membuat Broker Amazon MQ
Untuk membuat broker, Anda harus menggunakan kebijakan IAM `AmazonMQFullAccess` atau termasuk izin EC2 berikut dalam kebijakan IAM.
Kebijakan kustom berikut ini terdiri dari dua pernyataan (satu bersyarat) yang memberikan izin untuk memanipulasi sumber daya yang diperlukan Amazon MQ untuk membuat broker ActiveMQ.
**penting**
Tindakan `ec2:CreateNetworkInterface` diperlukan untuk mengizinkan Amazon MQ membuat antarmuka jaringan elastis (ENI) di akun Anda atas nama Anda.
Tindakan `ec2:CreateNetworkInterfacePermission` mengotorisasi Amazon MQ untuk melampirkan ENI ke broker ActiveMQ.
Kunci syarat `ec2:AuthorizedService` memastikan bahwa izin ENI dapat diberikan hanya untuk akun layanan Amazon MQ.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [{
"Action": [
"mq:*",
"[ec2:CreateNetworkInterface](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html)",
"[ec2:DeleteNetworkInterface](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteNetworkInterface.html)",
"[ec2:DetachNetworkInterface](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DetachNetworkInterface.html)",
"[ec2:DescribeInternetGateways](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInternetGateways.html)",
"[ec2:DescribeNetworkInterfaces](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInterfaces.html)",
"[ec2:DescribeRouteTables](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html)",
"[ec2:DescribeSecurityGroups](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)",
"[ec2:DescribeSubnets](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html)",
"[ec2:DescribeVpcs](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html)"
],
"Effect": "Allow",
"Resource": "*"
},{
"Action": [
"[ec2:CreateNetworkInterfacePermission](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterfacePermission.html)",
"[ec2:DeleteNetworkInterfacePermission](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteNetworkInterfacePermission.html)",
"[ec2:DescribeNetworkInterfacePermissions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInterfacePermissions.html)"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"[ec2:AuthorizedService](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonec2.html#amazonec2-ec2_AuthorizedService)": "mq.amazonaws.com"
}
}
}]
}
```
------
Untuk informasi lebih lanjut, lihat [Langkah 2: buat pengguna dan dapatkan AWS kredensialnya](amazon-mq-setting-up.md#create-iam-user) dan [Jangan Pernah Memodifikasi atau Menghapus Antarmuka Jaringan Elastis Amazon MQ](best-practices-activemq.md#never-modify-delete-elastic-network-interface).
## Referensi izin REST API Amazon MQ
Tabel berikut mencantumkan Amazon MQ REST APIs dan izin IAM yang sesuai.
**Amazon MQ REST APIs dan Izin yang Diperlukan**
| Amazon MQ REST APIs | Izin yang Diperlukan |
| --- | --- |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-brokers.html#CreateBroker](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-brokers.html#CreateBroker) | mq:CreateBroker |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configurations.html#CreateConfiguration](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configurations.html#CreateConfiguration) | mq:CreateConfiguration |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/tags-resource-arn.html#CreateTags](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/tags-resource-arn.html#CreateTags) | mq:CreateTags |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-user.html#CreateUser](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-user.html#CreateUser) | mq:CreateUser |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker.html#DeleteBroker](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker.html#DeleteBroker) | mq:DeleteBroker |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-user.html#DeleteUser](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-user.html#DeleteUser) | mq:DeleteUser |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker.html#DescribeBroker](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker.html#DescribeBroker) | mq:DescribeBroker |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration.html#DescribeConfiguration](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration.html#DescribeConfiguration) | mq:DescribeConfiguration |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration-revision.html#DescribeConfigurationRevision](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration-revision.html#DescribeConfigurationRevision) | mq:DescribeConfigurationRevision |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/brokers-broker-id-users-username.html#DescribeUser](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/brokers-broker-id-users-username.html#DescribeUser) | mq:DescribeUser |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-brokers.html#ListBrokers](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-brokers.html#ListBrokers) | mq:ListBrokers |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration-revisions.html#rest-api-configuration-revisions-methods-get](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration-revisions.html#rest-api-configuration-revisions-methods-get) | mq:ListConfigurationRevisions |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configurations.html#ListConfigurations](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configurations.html#ListConfigurations) | mq:ListConfigurations |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/tags-resource-arn.html#ListTags](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/tags-resource-arn.html#ListTags) | mq:ListTags |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-users.html#ListUsers](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-users.html#ListUsers) | mq:ListUsers |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker-reboot.html#RebootBroker](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker-reboot.html#RebootBroker) | mq:RebootBroker |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker.html#UpdateBroker](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker.html#UpdateBroker) | mq:UpdateBroker |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration.html#UpdateConfiguration](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration.html#UpdateConfiguration) | mq:UpdateConfiguration |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-user.html#UpdateUser](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-user.html#UpdateUser) | mq:UpdateUser |
## Referensi izin tambahan Amazon MQ
Tabel berikut mencantumkan API Amazon MQ dan izin IAM tambahan yang diperlukan untuk fitur tertentu, seperti OAuth otentikasi 2.0.
| API REST Amazon MQ | Izin | Deskripsi |
| --- | --- | --- |
| [UpdateBroker](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/brokers-broker-id.html#UpdateBroker) | mq:UpdateBrokerAccessConfiguration | Anda memerlukan izin ini untuk memperbarui opsi otentikasi dan otorisasi dalam konfigurasi broker terkait. Untuk informasi selengkapnya, lihat [OAuth 2.0 otentikasi dan otorisasi untuk Amazon MQ untuk RabbitMQ](oauth-for-amq-for-rabbitmq.md). |
## Izin tingkat sumber daya untuk tindakan API Amazon MQ
Istilah *izin tingkat sumber daya* mengacu pada kemampuan untuk menentukan sumber daya yang boleh digunakan pengguna untuk melakukan tindakan. Amazon MQ memiliki dukungan parsial untuk izin tingkat sumber daya. Untuk tindakan Amazon MQ tertentu, Anda dapat mengontrol kapan pengguna diizinkan untuk menggunakan tindakan tersebut berdasarkan ketentuan yang harus dipenuhi, atau sumber daya tertentu yang diizinkan untuk digunakan oleh pengguna.
Tabel berikut menjelaskan tindakan Amazon MQ API yang saat ini mendukung izin tingkat sumber daya, serta kunci sumber daya, sumber daya, dan kondisi yang didukung untuk setiap tindakan. ARNs
**penting**
Jika tindakan API Amazon MQ tidak tercantum dalam tabel ini, artinya izin tingkat sumber daya tidak didukung. Jika tindakan API Amazon MQ tidak mendukung izin tingkat sumber daya, Anda dapat memberikan pengguna izin untuk menggunakan tindakan, tetapi Anda harus menentukan wildcard \$1 untuk elemen sumber daya pernyataan kebijakan.
| Tindakan API | Jenis Sumber Daya (\$1wajib) |
| --- | --- |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configurations.html#CreateConfiguration](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configurations.html#CreateConfiguration) | [konfigurasi\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/tags-resource-arn.html#CreateTags](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/tags-resource-arn.html#CreateTags) | [broker](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies), [konfigurasi](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-user.html#CreateUser](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-user.html#CreateUser) | [pialang\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker.html#DeleteBroker](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker.html#DeleteBroker) | [pialang\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-user.html#DeleteUser](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-user.html#DeleteUser) | [pialang\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker.html#DescribeBroker](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker.html#DescribeBroker) | [pialang\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration.html#DescribeConfiguration](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration.html#DescribeConfiguration) | [konfigurasi\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration-revision.html#DescribeConfigurationRevision](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration-revision.html#DescribeConfigurationRevision) | [konfigurasi\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/brokers-broker-id-users-username.html#DescribeUser](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/brokers-broker-id-users-username.html#DescribeUser) | [pialang\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration-revisions.html#ListConfigurationRevisions](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration-revisions.html#ListConfigurationRevisions) | [konfigurasi\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration-revisions.html#ListConfigurationRevisions](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration-revisions.html#ListConfigurationRevisions) | [konfigurasi\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/tags-resource-arn.html#ListTags](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/tags-resource-arn.html#ListTags) | [broker](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies), [konfigurasi](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-users.html#ListUsers](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-users.html#ListUsers) | [pialang\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker-reboot.html#RebootBroker](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker-reboot.html#RebootBroker) | [pialang\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker.html#UpdateBroker](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-broker.html#UpdateBroker) | [pialang\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration.html#UpdateConfiguration](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-configuration.html#UpdateConfiguration) | [konfigurasi\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |
| [https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-user.html#UpdateUser](https://docs.aws.amazon.com/amazon-mq/latest/api-reference/rest-api-user.html#UpdateUser) | [pialang\$1](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonmq.html#amazonmq-resources-for-iam-policies) |