기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
관리자가 아닌 사용자에게 모든 MSK Connect 기능에 대한 전체 액세스 권한을 부여하려면 사용자의 IAM 역할에 다음과 같은 정책을 연결하세요.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kafkaconnect:*", "ec2:CreateNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/kafkaconnect.amazonaws.com/AWSServiceRoleForKafkaConnect*", "Condition": { "StringLike": { "iam:AWSServiceName": "kafkaconnect.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:AttachRolePolicy", "iam:PutRolePolicy" ], "Resource": "arn:aws:iam::*:role/aws-service-role/kafkaconnect.amazonaws.com/AWSServiceRoleForKafkaConnect*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery*", "Condition": { "StringLike": { "iam:AWSServiceName": "delivery.logs.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "s3:PutBucketPolicy", "s3:GetBucketPolicy" ], "Resource": "ARN of the Amazon S3 bucket to which you want MSK Connect to deliver logs" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "ARN of the service execution role" }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "ARN of the Amazon S3 object that corresponds to the custom plugin that you want to use for creating connectors" }, { "Effect": "Allow", "Action": "firehose:TagDeliveryStream", "Resource": "ARN of the Firehose delivery stream to which you want MSK Connect to deliver logs" } ] }
