기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
MSK Connect의 IAM 정책 예제
관리자가 아닌 사용자에게 모든 MSK Connect 기능에 대한 전체 액세스 권한을 부여하려면 사용자의 IAM 역할에 다음과 같은 정책을 연결하세요.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kafkaconnect:*", "ec2:CreateNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/kafkaconnect.amazonaws.com/AWSServiceRoleForKafkaConnect*", "Condition": { "StringLike": { "iam:AWSServiceName": "kafkaconnect.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:AttachRolePolicy", "iam:PutRolePolicy" ], "Resource": "arn:aws:iam::*:role/aws-service-role/kafkaconnect.amazonaws.com/AWSServiceRoleForKafkaConnect*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery*", "Condition": { "StringLike": { "iam:AWSServiceName": "delivery.logs.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "s3:PutBucketPolicy", "s3:GetBucketPolicy" ], "Resource": "ARN of the Amazon S3 bucket to which you want MSK Connect to deliver logs" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "ARN of the service execution role" }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "ARN of the Amazon S3 object that corresponds to the custom plugin that you want to use for creating connectors" }, { "Effect": "Allow", "Action": "firehose:TagDeliveryStream", "Resource": "ARN of the Firehose delivery stream to which you want MSK Connect to deliver logs" } ] }
