本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# AmazonVPCNetworkAccessAnalyzerFullAccessPolicy
**描述**:提供描述 AWS 资源、运行 Network Access Analyzer 以及在 Network Insights 访问范围和网络见解访问范围分析上创建或删除标签的权限。
`AmazonVPCNetworkAccessAnalyzerFullAccessPolicy` 是一项 [AWS 托管式策略](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies)。
## 使用此策略
您可以将 `AmazonVPCNetworkAccessAnalyzerFullAccessPolicy` 附加到您的用户、组和角色。
## 策略详细信息
+ **类型**: AWS 托管策略
+ **创建时间**:2023 年 6 月 15 日 22:56 UTC
+ **编辑时间:**2024 年 5 月 15 日 21:40 UTC
+ **ARN**: `arn:aws:iam::aws:policy/AmazonVPCNetworkAccessAnalyzerFullAccessPolicy`
## 策略版本
**策略版本:**v3(默认)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时, AWS 会检查策略的默认版本以确定是否允许该请求。
## JSON 策略文档
```
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "DirectconnectPermissions",
"Effect" : "Allow",
"Action" : [
"directconnect:DescribeConnections",
"directconnect:DescribeDirectConnectGatewayAssociations",
"directconnect:DescribeDirectConnectGatewayAttachments",
"directconnect:DescribeDirectConnectGateways",
"directconnect:DescribeVirtualGateways",
"directconnect:DescribeVirtualInterfaces"
],
"Resource" : "*"
},
{
"Sid" : "EC2Permissions",
"Effect" : "Allow",
"Action" : [
"ec2:CreateNetworkInsightsAccessScope",
"ec2:DeleteNetworkInsightsAccessScope",
"ec2:DeleteNetworkInsightsAccessScopeAnalysis",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCustomerGateways",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeManagedPrefixLists",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInsightsAccessScopeAnalyses",
"ec2:DescribeNetworkInsightsAccessScopes",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTransitGatewayAttachments",
"ec2:DescribeTransitGatewayConnects",
"ec2:DescribeTransitGatewayPeeringAttachments",
"ec2:DescribeTransitGatewayRouteTables",
"ec2:DescribeTransitGateways",
"ec2:DescribeTransitGatewayVpcAttachments",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServiceConfigurations",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:GetManagedPrefixListEntries",
"ec2:GetNetworkInsightsAccessScopeAnalysisFindings",
"ec2:GetNetworkInsightsAccessScopeContent",
"ec2:GetTransitGatewayRouteTablePropagations",
"ec2:SearchTransitGatewayRoutes",
"ec2:StartNetworkInsightsAccessScopeAnalysis"
],
"Resource" : "*"
},
{
"Sid" : "EC2TagsPermissions",
"Effect" : "Allow",
"Action" : [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Resource" : [
"arn:*:ec2:*:*:network-insights-access-scope/*",
"arn:*:ec2:*:*:network-insights-access-scope-analysis/*"
]
},
{
"Sid" : "ElasticloadbalancingPermissions",
"Effect" : "Allow",
"Action" : [
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth"
],
"Resource" : "*"
},
{
"Sid" : "GlobalacceleratorPermissions",
"Effect" : "Allow",
"Action" : [
"globalaccelerator:ListAccelerators",
"globalaccelerator:ListCustomRoutingAccelerators",
"globalaccelerator:ListCustomRoutingEndpointGroups",
"globalaccelerator:ListCustomRoutingListeners",
"globalaccelerator:ListCustomRoutingPortMappings",
"globalaccelerator:ListEndpointGroups",
"globalaccelerator:ListListeners"
],
"Resource" : "*"
},
{
"Sid" : "NetworkFirewallPermissions",
"Effect" : "Allow",
"Action" : [
"network-firewall:DescribeFirewall",
"network-firewall:DescribeFirewallPolicy",
"network-firewall:DescribeResourcePolicy",
"network-firewall:DescribeRuleGroup",
"network-firewall:ListFirewallPolicies",
"network-firewall:ListFirewalls",
"network-firewall:ListRuleGroups"
],
"Resource" : "*"
},
{
"Sid" : "ResourceGroupsPermissions",
"Effect" : "Allow",
"Action" : [
"resource-groups:ListGroupResources"
],
"Resource" : "*"
},
{
"Sid" : "TagsPermissions",
"Effect" : "Allow",
"Action" : [
"tag:GetResources"
],
"Resource" : "*"
},
{
"Sid" : "TirosPermissions",
"Effect" : "Allow",
"Action" : [
"tiros:CreateQuery",
"tiros:GetQueryAnswer"
],
"Resource" : "*"
}
]
}
```
## 了解详情
+ [在 IAM 身份中心使用 AWS 托管策略创建权限集](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtocreatepermissionset.html)
+ [添加和删除 IAM 身份权限](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html)
+ [了解 IAM policy 版本控制](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies_managed-versioning.html)
+ [开始使用 AWS 托管策略,转向最低权限权限](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html#bp-use-aws-defined-policies)