本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
使用 IAM 条件键
使用 IAM 条件键,您可以根据特定的报告类别和系列提供对 AWS Artifact 上报告的精细访问权限。
以下示例策略演示了您可以根据特定的报告类别和系列向 IAM 用户分配的权限。
例 管理 AWS 报告读取访问权限的策略示例
AWS Artifact 报告由 IAM 资源 report 表示。
以下策略将授予读取 Certifications and Attestations 类别下所有 AWS Artifact 报告的权限。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport" ], "Resource": "*", "Condition": { "StringEquals": { "artifact:ReportCategory": "Certifications and Attestations" } } } ] }
以下策略让您可以授予读取 SOC 系列下所有 AWS Artifact 报告的权限。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports" ], "Resource": "*" },{ "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "artifact:ReportSeries": "SOC", "artifact:ReportCategory": "Certifications and Attestations" } } } ] }
以下策略让您可以授予读取所有 AWS Artifact 报告,但 Certifications and Attestations 类别下的报告除外的权限。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport" ], "Resource": "*", "Condition": { "StringEquals": { "artifact:ReportSeries": "SOC", "artifact:ReportCategory": "Certifications and Attestations" } } } ] }
