Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
Contoh IAM peran
Agar pengguna dapat mengakses fitur SDK pesan Amazon Chime, Anda harus menentukan IAM peran dan kebijakan untuk memberikan kredensi kepada pengguna saat mereka masuk. IAMKebijakan ini mendefinisikan sumber daya yang dapat diakses pengguna.
Contoh di bagian ini memberikan kebijakan dasar yang dapat Anda sesuaikan dengan kebutuhan Anda. Untuk informasi selengkapnya tentang cara kerja kebijakan, lihatMelakukan SDK panggilan dari layanan back-end.
Contoh ini menunjukkan kebijakan untuk pengembang yang membangun aplikasi menggunakan pesan Amazon ChimeSDK.
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "chime:CreateAppInstance", "chime:DescribeAppInstance", "chime:ListAppInstances", "chime:UpdateAppInstance", "chime:DeleteAppInstance", "chime:CreateAppInstanceUser", "chime:DeleteAppInstanceUser", "chime:ListAppInstanceUsers", "chime:UpdateAppInstanceUser", "chime:DescribeAppInstanceUser", "chime:CreateAppInstanceAdmin", "chime:DescribeAppInstanceAdmin", "chime:ListAppInstanceAdmins", "chime:DeleteAppInstanceAdmin", "chime:PutAppInstanceRetentionSettings", "chime:GetAppInstanceRetentionSettings", "chime:PutAppInstanceStreamingConfigurations", "chime:GetAppInstanceStreamingConfigurations", "chime:DeleteAppInstanceStreamingConfigurations", "chime:TagResource", "chime:UntagResource", "chime:ListTagsForResource" "chime:CreateChannelFlow", "chime:UpdateChannelFlow", "chime:DescribeChannelFlow", "chime:DeleteChannelFlow", "chime:ListChannelFlows", "chime:ListChannelsAssociatedWithChannelFlow", "chime:ChannelFlowCallback", ], "Effect": "Allow", "Resource": "*" } ] }
Contoh ini menunjukkan kebijakan yang memungkinkan pengguna mengakses tindakan SDK pengguna Amazon Chime.
{ "Version": "2012-10-17", "Statement": [ { "Action": "chime:GetMessagingSessionEndpoint", "Effect": "Allow", "Resource": "*" }, { "Action": [ "chime:CreateChannel", "chime:DescribeChannel", "chime:DeleteChannel", "chime:UpdateChannel", "chime:ListChannels", "chime:Listsubchannels", "chime:ListChannelMembershipsForAppInstanceUser", "chime:DescribeChannelMembershipForAppInstanceUser", "chime:ListChannelsModeratedByAppInstanceUser", "chime:DescribeChannelModeratedByAppInstanceUser", "chime:UpdateChannelReadMarker", "chime:CreateChannelModerator", "chime:DescribeChannelModerator", "chime:ListChannelModerators", "chime:DeleteChannelModerator", "chime:SendChannelMessage", "chime:GetChannelMessage", "chime:DeleteChannelMessage", "chime:UpdateChannelMessage", "chime:RedactChannelMessage", "chime:ListChannelMessages", "chime:CreateChannelMembership", "chime:DescribeChannelMembership", "chime:DeleteChannelMembership", "chime:ListChannelMemberships", "chime:CreateChannelBan", "chime:DeleteChannelBan", "chime:ListChannelBans", "chime:DescribeChannelBan", "chime:Connect" "chime:AssociateChannelFlow", "chime:DisassociateChannelFlow", "chime:GetChannelMessageStatus" ], "Effect": "Allow", "Resource": [ "arn:aws:chime:region:{aws_account_id}:app-instance/{app_instance_id}/user/{app_instance_user_id}", "arn:aws:chime:region:{aws_account_id}:app-instance/{app_instance_id}/channel/*" ] } ] }
Contoh ini menunjukkan kebijakan yang memberi pengguna akses minimal ke tindakan SDK pengguna Amazon Chime.
{ "Version": "2012-10-17", "Statement": [ { "Action": "chime:GetMessagingSessionEndpoint", "Effect": "Allow", "Resource": "*" }, { "Action": [ "chime:ListChannels", "chime:DescribeChannel", "chime:ListChannelMembershipsForAppInstanceUser", "chime:DescribeChannelMembershipForAppInstanceUser", "chime:ListChannelsModeratedByAppInstanceUser", "chime:DescribeChannelModeratedByAppInstanceUser", "chime:SendChannelMessage", "chime:GetChannelMessage", "chime:ListChannelMessages", "chime:Connect" ], "Effect": "Allow", "Resource": [ "arn:aws:chime:region:{aws_account_id}:app-instance/{app_instance_id}/user/{app_instance_user_id}", "arn:aws:chime:region:{aws_account_id}:app-instance/{app_instance_id}/channel/*" ] } ] }
Contoh ini menunjukkan kebijakan untuk membuat WebSocket koneksi untuk fileAppInstanceUser. Untuk informasi selengkapnya tentang WebSocket koneksi, lihatMenggunakan WebSockets untuk menerima pesan.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "chime:Connect" ], "Resource": [ "arn:aws:chime:region:{aws_account_id}:app-instance/{app_instance_id}/user/{app_instance_user_id}" ] } ] }
