使用 Amazon S3 VPC 终端节点实现 AppStream 2.0 功能

当您在堆栈上启用应用程序设置持久性或主文件夹时， AppStream 2.0 将使用VPC您为队列指定的来提供对亚马逊简单存储服务 (Amazon S3) 存储桶的访问权限。对于 Elastic 队列， AppStream 2.0 将使用访问包含分配给队列应用程序块的应用程序的 Amazon S3 存储桶。VPC要启用 AppStream 2.0 访问您的私有 S3 终端节点，请将以下自定义策略附加到您的 Amazon S3 VPC 终端节点。有关私有 Amazon S3 终端节点的更多信息，请参阅VPC《亚马逊VPC用户指南》中的 Amazon S3 终端节点和终端节点。

{
"Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Allow-AppStream-to-access-S3-buckets",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:sts::account-id-without-hyphens:assumed-role/AmazonAppStreamServiceAccess/AppStream2.0"
            },
            "Action": [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:GetObjectVersion",
                "s3:DeleteObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::appstream2-36fb080bb8-*",
                "arn:aws:s3:::appstream-app-settings-*",
                "arn:aws:s3:::appstream-logs-*"
            ]
        },
        {
            "Sid": "Allow-AppStream-ElasticFleetstoRetrieveObjects",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket-with-application-or-app-block-objects/*",
            "Condition": {
                "StringEquals": {
                    "aws:PrincipalServiceName": "appstream.amazonaws.com"
                }
            }
        }
    ]
}