本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AdministratorAccess-AWSElasticBeanstalk
描述:授予账户管理权限。明确允许开发人员和管理员直接访问管理 AWS Elastic Beanstalk 应用程序所需的资源
AdministratorAccess-AWSElasticBeanstalk
是一项 AWS 托管式策略。
使用此策略
您可以将 AdministratorAccess-AWSElasticBeanstalk
附加到您的用户、组和角色。
策略详细信息
-
类型:AWS 托管策略
-
创建时间:2021 年 1 月 22 日 19:36 UTC
-
编辑时间:2023 年 3 月 23 日 23:45 UTC
-
ARN:
arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk
策略版本
策略版本:v3(默认)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时,AWS 会检查策略的默认版本以确定是否允许该请求。
JSON 策略文档
{ "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : [ "acm:Describe*", "acm:List*", "autoscaling:Describe*", "cloudformation:Describe*", "cloudformation:Estimate*", "cloudformation:Get*", "cloudformation:List*", "cloudformation:Validate*", "cloudtrail:LookupEvents", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "codecommit:Get*", "codecommit:UploadArchive", "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroup*", "ec2:CreateLaunchTemplate*", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteLaunchTemplate*", "ec2:DeleteSecurityGroup", "ec2:DeleteTags", "ec2:Describe*", "ec2:DisassociateAddress", "ec2:ReleaseAddress", "ec2:RevokeSecurityGroup*", "ecs:CreateCluster", "ecs:DeRegisterTaskDefinition", "ecs:Describe*", "ecs:List*", "ecs:RegisterTaskDefinition", "elasticbeanstalk:*", "elasticloadbalancing:Describe*", "iam:GetRole", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfiles", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListServerCertificates", "logs:Describe*", "rds:Describe*", "s3:ListAllMyBuckets", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sqs:ListQueues" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "autoscaling:*" ], "Resource" : [ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" ] }, { "Effect" : "Allow", "Action" : [ "cloudformation:CancelUpdateStack", "cloudformation:ContinueUpdateRollback", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:GetTemplate", "cloudformation:ListStackResources", "cloudformation:SignalResource", "cloudformation:TagResource", "cloudformation:UntagResource", "cloudformation:UpdateStack" ], "Resource" : [ "arn:aws:cloudformation:*:*:stack/awseb-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] }, { "Effect" : "Allow", "Action" : [ "cloudwatch:DeleteAlarms", "cloudwatch:PutMetricAlarm" ], "Resource" : [ "arn:aws:cloudwatch:*:*:alarm:awseb-*", "arn:aws:cloudwatch:*:*:alarm:eb-*" ] }, { "Effect" : "Allow", "Action" : [ "codebuild:BatchGetBuilds", "codebuild:CreateProject", "codebuild:DeleteProject", "codebuild:StartBuild" ], "Resource" : "arn:aws:codebuild:*:*:project/Elastic-Beanstalk-*" }, { "Effect" : "Allow", "Action" : [ "dynamodb:CreateTable", "dynamodb:DeleteTable", "dynamodb:DescribeTable", "dynamodb:TagResource" ], "Resource" : [ "arn:aws:dynamodb:*:*:table/awseb-e-*", "arn:aws:dynamodb:*:*:table/eb-*" ] }, { "Effect" : "Allow", "Action" : [ "ec2:RebootInstances", "ec2:TerminateInstances" ], "Resource" : "arn:aws:ec2:*:*:instance/*", "Condition" : { "StringLike" : { "ec2:ResourceTag/aws:cloudformation:stack-id" : [ "arn:aws:cloudformation:*:*:stack/awseb-e-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] } } }, { "Effect" : "Allow", "Action" : "ec2:RunInstances", "Resource" : "*", "Condition" : { "ArnLike" : { "ec2:LaunchTemplate" : "arn:aws:ec2:*:*:launch-template/*" } } }, { "Effect" : "Allow", "Action" : [ "ecs:DeleteCluster" ], "Resource" : "arn:aws:ecs:*:*:cluster/awseb-*" }, { "Effect" : "Allow", "Action" : [ "elasticloadbalancing:*Rule", "elasticloadbalancing:*Tags", "elasticloadbalancing:SetRulePriorities", "elasticloadbalancing:SetSecurityGroups" ], "Resource" : [ "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*/*" ] }, { "Effect" : "Allow", "Action" : [ "elasticloadbalancing:*" ], "Resource" : [ "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*", "arn:aws:elasticloadbalancing:*:*:listener/awseb-*", "arn:aws:elasticloadbalancing:*:*:listener/eb-*", "arn:aws:elasticloadbalancing:*:*:listener/*/awseb-*/*/*", "arn:aws:elasticloadbalancing:*:*:listener/*/eb-*/*/*", "arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*", "arn:aws:elasticloadbalancing:*:*:listener-rule/app/eb-*/*/*/*" ] }, { "Effect" : "Allow", "Action" : [ "iam:AddRoleToInstanceProfile", "iam:CreateInstanceProfile", "iam:CreateRole" ], "Resource" : [ "arn:aws:iam::*:role/aws-elasticbeanstalk*", "arn:aws:iam::*:instance-profile/aws-elasticbeanstalk*" ] }, { "Effect" : "Allow", "Action" : [ "iam:AttachRolePolicy" ], "Resource" : "arn:aws:iam::*:role/aws-elasticbeanstalk*", "Condition" : { "StringLike" : { "iam:PolicyArn" : [ "arn:aws:iam::aws:policy/AWSElasticBeanstalk*", "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalk*" ] } } }, { "Effect" : "Allow", "Action" : "iam:PassRole", "Resource" : "arn:aws:iam::*:role/*", "Condition" : { "StringEquals" : { "iam:PassedToService" : [ "elasticbeanstalk.amazonaws.com", "ec2.amazonaws.com", "ec2.amazonaws.com.rproxy.goskope.com.cn", "autoscaling.amazonaws.com", "elasticloadbalancing.amazonaws.com", "ecs.amazonaws.com", "cloudformation.amazonaws.com" ] } } }, { "Effect" : "Allow", "Action" : [ "iam:CreateServiceLinkedRole" ], "Resource" : [ "arn:aws:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling*", "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*", "arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing*", "arn:aws:iam::*:role/aws-service-role/managedupdates.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*", "arn:aws:iam::*:role/aws-service-role/maintenance.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*" ], "Condition" : { "StringLike" : { "iam:AWSServiceName" : [ "autoscaling.amazonaws.com", "elasticbeanstalk.amazonaws.com", "elasticloadbalancing.amazonaws.com", "managedupdates.elasticbeanstalk.amazonaws.com", "maintenance.elasticbeanstalk.amazonaws.com" ] } } }, { "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:PutRetentionPolicy" ], "Resource" : "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*" }, { "Effect" : "Allow", "Action" : [ "rds:*DBSubnetGroup", "rds:AuthorizeDBSecurityGroupIngress", "rds:CreateDBInstance", "rds:CreateDBSecurityGroup", "rds:DeleteDBInstance", "rds:DeleteDBSecurityGroup", "rds:ModifyDBInstance", "rds:RestoreDBInstanceFromDBSnapshot" ], "Resource" : [ "arn:aws:rds:*:*:db:*", "arn:aws:rds:*:*:secgrp:awseb-e-*", "arn:aws:rds:*:*:secgrp:eb-*", "arn:aws:rds:*:*:snapshot:*", "arn:aws:rds:*:*:subgrp:awseb-e-*", "arn:aws:rds:*:*:subgrp:eb-*" ] }, { "Effect" : "Allow", "Action" : [ "s3:Delete*", "s3:Get*", "s3:Put*" ], "Resource" : "arn:aws:s3:::elasticbeanstalk-*/*" }, { "Effect" : "Allow", "Action" : [ "s3:CreateBucket", "s3:GetBucket*", "s3:ListBucket", "s3:PutBucketPolicy" ], "Resource" : "arn:aws:s3:::elasticbeanstalk-*" }, { "Effect" : "Allow", "Action" : [ "sns:CreateTopic", "sns:DeleteTopic", "sns:GetTopicAttributes", "sns:Publish", "sns:SetTopicAttributes", "sns:Subscribe", "sns:Unsubscribe" ], "Resource" : "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*" }, { "Effect" : "Allow", "Action" : [ "sqs:*QueueAttributes", "sqs:CreateQueue", "sqs:DeleteQueue", "sqs:SendMessage", "sqs:TagQueue" ], "Resource" : [ "arn:aws:sqs:*:*:awseb-e-*", "arn:aws:sqs:*:*:eb-*" ] }, { "Effect" : "Allow", "Action" : [ "ecs:TagResource" ], "Resource" : "*", "Condition" : { "StringEquals" : { "ecs:CreateAction" : [ "CreateCluster", "RegisterTaskDefinition" ] } } } ] }