本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWSQuickSetupCFGCPacksPermissionsBoundary
描述: AWSQuick安装CFGCPacksPermissionsBoundary 策略定义了由快速设置创建的 IAM 角色所允许的权限列表。快速安装使用通过此策略创建的角色来部署 AWS Config 一致性包。
AWSQuickSetupCFGCPacksPermissionsBoundary 是一项 AWS 托管式策略。
使用此策略
您可以将 AWSQuickSetupCFGCPacksPermissionsBoundary 附加到您的用户、组和角色。
策略详细信息
-
类型: AWS 托管策略
-
创建时间:2024 年 6 月 26 日 09:52 UTC
-
编辑时间:2024 年 6 月 26 日 09:52 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSQuickSetupCFGCPacksPermissionsBoundary
策略版本
策略版本:v1 (默认值)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时, AWS 会检查策略的默认版本以确定是否允许该请求。
JSON 策略文档
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "ConfigurationRoleGetPermissions",
"Effect" : "Allow",
"Action" : [
"iam:GetRole"
],
"Resource" : [
"arn:aws:iam::*:role/AWS-QuickSetup-CFGCPacks*"
]
},
{
"Sid" : "ConfigurationRolePassToSSMPermissions",
"Effect" : "Allow",
"Action" : [
"iam:PassRole"
],
"Resource" : [
"arn:aws:iam::*:role/AWS-QuickSetup-CFGCPacks*"
],
"Condition" : {
"StringEquals" : {
"iam:PassedToService" : [
"ssm.amazonaws.com"
]
}
}
},
{
"Sid" : "PutCPackPermissions",
"Effect" : "Allow",
"Action" : [
"config:PutConformancePack"
],
"Resource" : [
"arn:aws:config:*:*:conformance-pack/AWS-QuickSetup-*"
],
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : [
"${aws:PrincipalAccount}"
]
}
}
},
{
"Sid" : "DescribeCPacksPermissions",
"Effect" : "Allow",
"Action" : [
"config:DescribeConformancePackStatus"
],
"Resource" : "*"
},
{
"Sid" : "ConformancePacksSLRCreatePermissions",
"Effect" : "Allow",
"Action" : [
"iam:CreateServiceLinkedRole"
],
"Resource" : [
"arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms"
],
"Condition" : {
"StringEquals" : {
"iam:AWSServiceName" : "config-conforms.amazonaws.com"
}
}
},
{
"Sid" : "SystemsManagerSLRCreatePermissions",
"Effect" : "Allow",
"Action" : [
"iam:CreateServiceLinkedRole"
],
"Resource" : [
"arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM"
],
"Condition" : {
"StringEquals" : {
"iam:AWSServiceName" : "ssm.amazonaws.com"
}
}
},
{
"Sid" : "EnableExplorerReadOnlyPermissions",
"Effect" : "Allow",
"Action" : [
"iam:ListRoles",
"config:DescribeConfigurationRecorders",
"compute-optimizer:GetEnrollmentStatus",
"support:DescribeTrustedAdvisorChecks"
],
"Resource" : "*"
},
{
"Sid" : "ServiceSettingsForExplorerUpdatePermissions",
"Effect" : "Allow",
"Action" : [
"ssm:UpdateServiceSetting",
"ssm:GetServiceSetting"
],
"Resource" : [
"arn:aws:ssm:*:*:servicesetting/ssm/opsitem/ssm-patchmanager",
"arn:aws:ssm:*:*:servicesetting/ssm/opsitem/EC2",
"arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ExplorerOnboarded",
"arn:aws:ssm:*:*:servicesetting/ssm/opsdata/Association",
"arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ComputeOptimizer",
"arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ConfigCompliance",
"arn:aws:ssm:*:*:servicesetting/ssm/opsdata/OpsData-TrustedAdvisor",
"arn:aws:ssm:*:*:servicesetting/ssm/opsdata/SupportCenterCase"
]
}
]
}了解更多信息
