翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
AWS Artifact 契約のきめ細かなアクセス許可への移行
注記
このページの内容は commercial AWS Regions にのみ適用され、現在は適用されません AWS GovCloud (US) Regions。
AWS Artifact では、契約にきめ細かなアクセス許可を使用できるようになりました。これらのきめ細かなアクセス許可により、お客様は、非開示契約の表示と受諾、契約の受諾と終了などの機能へのアクセスをきめ細かく制御できます。
きめ細かなアクセス許可を使用して契約にアクセスするには、AWSArtifactAgreementsReadOnlyAccess または AWSArtifactAgreementsFullAccess 管理ポリシーを使用するか、以下の推奨事項に従ってアクセス許可を更新できます。以前にきめ細かなアクセス許可の使用をオプトアウトしたことがある場合は、契約コンソールで利用可能な「AWS Artifact 契約のきめ細かなアクセス許可へのオプトイン」リンクを使用してオプトインする必要があります。
新しいアクセス許可の更新に問題がある場合は、コンソールで利用可能な「AWS Artifact 契約のきめ細かなアクセス許可のオプトアウト」リンクから、古いアクセス許可を持つ契約にアクセスできます。
重要
レガシー IAM アクションは 2025 年 3 月 3 日に廃止artifact:DownloadAgreementされます。2025 年 3 月 3 日以降、このアクションを含む IAM ポリシーは Policy Editor で警告を表示します。
新しい権限への移行
レガシー IAM アクションDownloadAgreement」は、承諾されていない契約をダウンロードするためのGetAgreement」アクションと、承諾された契約をダウンロードするためのGetCustomerAgreement」アクションに置き換えられました。さらに、非開示契約 (NDAs。これらの詳細なアクションを活用し、契約を表示および実行する機能を維持するには、ユーザーはレガシーアクセス許可を含む既存のポリシーを、きめ細かなアクセス許可を含むポリシーに置き換える必要があります。
アカウントレベルで契約をダウンロードするためのアクセス許可を移行する
従来のポリシー:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:DownloadAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/*" ] } ] }
きめ細かい権限を持つ新しいポリシー:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ListAgreementsActions", "Effect": "Allow", "Action": [ "artifact:ListAgreements", "artifact:ListCustomerAgreements" ], "Resource": "*" }, { "Sid": "GetAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetCustomerAgreement", "artifact:GetAgreement", "artifact:GetNdaForAgreement", "artifact:AcceptNdaForAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/*" ] } ] }
アカウントレベルで契約をダウンロード、受諾、終了するためのリソース固有以外のアクセス許可を移行する
従来のポリシー:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:AcceptAgreement", "artifact:DownloadAgreement", "artifact:TerminateAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/*" ] } ] }
きめ細かい権限を持つ新しいポリシー:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ListAgreementActions", "Effect": "Allow", "Action": [ "artifact:ListAgreements", "artifact:ListCustomerAgreements" ], "Resource": "*" }, { "Sid": "AWSAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetAgreement", "artifact:AcceptNdaForAgreement", "artifact:GetNdaForAgreement", "artifact:AcceptAgreement" ], "Resource": "arn:aws:artifact:::agreement/*" }, { "Sid": "CustomerAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetCustomerAgreement", "artifact:TerminateAgreement" ], "Resource": "arn:aws:artifact::*:customer-agreement/*" } ] }
組織レベルで契約をダウンロード、受諾、終了するためのリソース固有以外のアクセス許可を移行する
従来のポリシー:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:AcceptAgreement", "artifact:DownloadAgreement", "artifact:TerminateAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/*" ] }, { "Effect": "Allow", "Action": "iam:ListRoles", "Resource": "arn:aws:iam:::role/*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam:::role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact" }, { "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "organizations:EnableAWSServiceAccess", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization" ], "Resource": "*" } ] }
きめ細かい権限を持つ新しいポリシー:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ListAgreementActions", "Effect": "Allow", "Action": [ "artifact:ListAgreements", "artifact:ListCustomerAgreements" ], "Resource": "*" }, { "Sid": "AWSAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetAgreement", "artifact:AcceptNdaForAgreement", "artifact:GetNdaForAgreement", "artifact:AcceptAgreement" ], "Resource": "arn:aws:artifact:::agreement/*" }, { "Sid": "CustomerAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetCustomerAgreement", "artifact:TerminateAgreement" ], "Resource": "arn:aws:artifact::*:customer-agreement/*" }, { "Sid": "CreateServiceLinkedRoleForOrganizationsIntegration", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "artifact.amazonaws.com" ] } } }, { "Sid": "GetRoleToCheckForRoleExistence", "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact" }, { "Sid": "EnableServiceTrust", "Effect": "Allow", "Action": [ "organizations:EnableAWSServiceAccess", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganization" ], "Resource": "*" } ] }
アカウントレベルで契約をダウンロード、受諾、終了するためのリソース固有のアクセス許可を移行する
従来のポリシー:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:AcceptAgreement", "artifact:DownloadAgreement" ], "Resource": [ "arn:aws:artifact:::agreement/AWS Business Associate Addendum" ] }, { "Effect": "Allow", "Action": [ "artifact:TerminateAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*" ] } ] }
きめ細かい権限を持つ新しいポリシー:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ListAgreementActions", "Effect": "Allow", "Action": [ "artifact:ListAgreements", "artifact:ListCustomerAgreements" ], "Resource": "*" }, { "Sid": "AWSAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetAgreement", "artifact:AcceptNdaForAgreement", "artifact:GetNdaForAgreement", "artifact:AcceptAgreement" ], "Resource": "arn:aws:artifact:::agreement/agreement-9c1kBcYznTkcpRIm" }, { "Sid": "CustomerAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetCustomerAgreement", "artifact:TerminateAgreement" ], "Resource": "arn:aws:artifact::*:customer-agreement/*" } ] }
組織レベルで契約をダウンロード、受諾、終了するためのリソース固有のアクセス許可を移行する
従来のポリシー:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:AcceptAgreement", "artifact:DownloadAgreement", "artifact:TerminateAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/AWS Organizations Business Associate Addendum" ] }, { "Effect": "Allow", "Action": "iam:ListRoles", "Resource": "arn:aws:iam:::role/*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam:::role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact" }, { "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "organizations:EnableAWSServiceAccess", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization" ], "Resource": "*" } ] }
きめ細かい権限を持つ新しいポリシー:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ListAgreementActions", "Effect": "Allow", "Action": [ "artifact:ListAgreements", "artifact:ListCustomerAgreements" ], "Resource": "*" }, { "Sid": "AWSAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetAgreement", "artifact:AcceptNdaForAgreement", "artifact:GetNdaForAgreement", "artifact:AcceptAgreement" ], "Resource": "arn:aws:artifact:::agreement/agreement-y03aUwMAEorHtqjv" }, { "Sid": "CustomerAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetCustomerAgreement", "artifact:TerminateAgreement" ], "Resource": "arn:aws:artifact::*:customer-agreement/*" }, { "Sid": "CreateServiceLinkedRoleForOrganizationsIntegration", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "artifact.amazonaws.com" ] } } }, { "Sid": "GetRoleToCheckForRoleExistence", "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact" }, { "Sid": "EnableServiceTrust", "Effect": "Allow", "Action": [ "organizations:EnableAWSServiceAccess", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganization" ], "Resource": "*" } ] }
契約のレガシーからきめ細かなリソースマッピング
契約 ARN の は、きめ細かなアクセス許可のために更新されました。レガシー契約リソースへの以前の参照は、新しい ARN に置き換える必要があります。以下は、レガシーリソースときめ細かなリソース間の契約 ARN マッピングです。
| 契約名 | レガシーアクセス許可のアーティファクト ARN | きめ細かなアクセス許可のアーティファクト ARN |
|---|---|---|
|
AWS Business Associate Addendum |
arn:aws:artifact:::agreement/AWS Business Associate Addendum |
arn:aws:artifact:::agreement/agreement-9c1kBcYznTkcpRIm |
|
AWS ニュージーランドの通知可能なデータ侵害に関する追加契約 |
arn:aws:artifact:::agreement/AWS New Zealand 通知可能なデータ侵害に関する付録 |
arn:aws:artifact:::agreement/agreement-3YRq9rGUIu72r7Gt |
|
AWS オーストラリア通知可能データ侵害に関する付録 |
arn:aws:artifact:::agreement/AWS Australian Notifiable Data Breach Addendum |
arn:aws:artifact:::agreement/agreement-sbLSDe8bitmAXNr9 |
|
AWS SEC ルール 17a-4 付録 |
arn:aws:artifact:::agreement/AWS SEC Rule 17a-4 Addendum |
arn:aws:artifact:::agreement/agreement-bexgr7sjvXAW4Gxu |
|
AWS SEC ルール 18a-6 付録 |
arn:aws:artifact:::agreement/AWS SEC ルール 18a-6 付録 |
arn:aws:artifact:::agreement/agreement-HZTdNwJuqOKLReXC |
|
AWS Organizations 事業提携契約 |
arn:aws:artifact:::agreement/AWS Organizations Business Associate Addendum |
arn:aws:artifact:::agreement/agreement-y03aUwMAEorHtqjv |
|
AWS Organizations オーストラリア通知可能データ侵害に関する付録 |
arn:aws:artifact:::agreement/AWS Organizations Australian Notifiable Data Breach Addendum |
arn:aws:artifact:::agreement/agreement-YpDMFXTePE7kEg4b |
|
AWS Organizations ニュージーランドの通知可能なデータ侵害に関する付録 |
arn:aws:artifact:::agreement/AWS Organizations ニュージーランドの通知可能なデータ侵害に関する付録 |
arn:aws:artifact:::agreement/agreement-uojEjr3vOnvrhV52 |
