Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
Agar pengguna dapat mengakses fitur perpesanan Amazon Chime SDK, Anda harus menentukan peran dan kebijakan IAM untuk memberikan kredensil kepada pengguna saat mereka masuk. Kebijakan IAM mendefinisikan sumber daya yang dapat diakses pengguna.
Contoh di bagian ini memberikan kebijakan dasar yang dapat Anda sesuaikan dengan kebutuhan Anda. Untuk informasi selengkapnya tentang cara kerja kebijakan, lihatMelakukan panggilan SDK dari layanan back-end untuk perpesanan Amazon Chime SDK.
Contoh ini menunjukkan kebijakan untuk pengembang yang membangun aplikasi menggunakan pesan Amazon Chime SDK.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"chime:CreateAppInstance",
"chime:DescribeAppInstance",
"chime:ListAppInstances",
"chime:UpdateAppInstance",
"chime:DeleteAppInstance",
"chime:CreateAppInstanceUser",
"chime:DeleteAppInstanceUser",
"chime:ListAppInstanceUsers",
"chime:UpdateAppInstanceUser",
"chime:DescribeAppInstanceUser",
"chime:CreateAppInstanceAdmin",
"chime:DescribeAppInstanceAdmin",
"chime:ListAppInstanceAdmins",
"chime:DeleteAppInstanceAdmin",
"chime:PutAppInstanceRetentionSettings",
"chime:GetAppInstanceRetentionSettings",
"chime:PutAppInstanceStreamingConfigurations",
"chime:GetAppInstanceStreamingConfigurations",
"chime:DeleteAppInstanceStreamingConfigurations",
"chime:TagResource",
"chime:UntagResource",
"chime:ListTagsForResource"
"chime:CreateChannelFlow",
"chime:UpdateChannelFlow",
"chime:DescribeChannelFlow",
"chime:DeleteChannelFlow",
"chime:ListChannelFlows",
"chime:ListChannelsAssociatedWithChannelFlow",
"chime:ChannelFlowCallback",
],
"Effect": "Allow",
"Resource": "*"
}
]
}Contoh ini menunjukkan kebijakan yang memungkinkan pengguna mengakses tindakan pengguna Amazon Chime SDK.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "chime:GetMessagingSessionEndpoint",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"chime:CreateChannel",
"chime:DescribeChannel",
"chime:DeleteChannel",
"chime:UpdateChannel",
"chime:ListChannels",
"chime:Listsubchannels",
"chime:ListChannelMembershipsForAppInstanceUser",
"chime:DescribeChannelMembershipForAppInstanceUser",
"chime:ListChannelsModeratedByAppInstanceUser",
"chime:DescribeChannelModeratedByAppInstanceUser",
"chime:UpdateChannelReadMarker",
"chime:CreateChannelModerator",
"chime:DescribeChannelModerator",
"chime:ListChannelModerators",
"chime:DeleteChannelModerator",
"chime:SendChannelMessage",
"chime:GetChannelMessage",
"chime:DeleteChannelMessage",
"chime:UpdateChannelMessage",
"chime:RedactChannelMessage",
"chime:ListChannelMessages",
"chime:CreateChannelMembership",
"chime:DescribeChannelMembership",
"chime:DeleteChannelMembership",
"chime:ListChannelMemberships",
"chime:CreateChannelBan",
"chime:DeleteChannelBan",
"chime:ListChannelBans",
"chime:DescribeChannelBan",
"chime:Connect"
"chime:AssociateChannelFlow",
"chime:DisassociateChannelFlow",
"chime:GetChannelMessageStatus"
],
"Effect": "Allow",
"Resource": [
"arn:aws:chime:region:{aws_account_id}:app-instance/{app_instance_id}/user/{app_instance_user_id}",
"arn:aws:chime:region:{aws_account_id}:app-instance/{app_instance_id}/channel/*"
]
}
]
}Contoh ini menunjukkan kebijakan yang memberi pengguna akses minimal ke tindakan pengguna Amazon Chime SDK.
{ "Version": "2012-10-17", "Statement": [ { "Action": "chime:GetMessagingSessionEndpoint", "Effect": "Allow", "Resource": "*" }, { "Action": [ "chime:ListChannels", "chime:DescribeChannel", "chime:ListChannelMembershipsForAppInstanceUser", "chime:DescribeChannelMembershipForAppInstanceUser", "chime:ListChannelsModeratedByAppInstanceUser", "chime:DescribeChannelModeratedByAppInstanceUser", "chime:SendChannelMessage", "chime:GetChannelMessage", "chime:ListChannelMessages", "chime:Connect" ], "Effect": "Allow", "Resource": [ "arn:aws:chime:region:{aws_account_id}:app-instance/{app_instance_id}/user/{app_instance_user_id}", "arn:aws:chime:region:{aws_account_id}:app-instance/{app_instance_id}/channel/*" ] } ] }
Contoh ini menunjukkan kebijakan untuk membuat WebSocket koneksi untuk fileAppInstanceUser. Untuk informasi selengkapnya tentang WebSocket koneksi, lihatMenggunakan WebSockets untuk menerima pesan di perpesanan Amazon Chime SDK.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"chime:Connect"
],
"Resource": [
"arn:aws:chime:region:{aws_account_id}:app-instance/{app_instance_id}/user/{app_instance_user_id}"
]
}
]
}