本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWS 托管策略
托管策略是基于身份的独立策略,您可以将其附加到账户 AWS 中的多个用户、群组和角色。您可以使用 AWS 托管策略来控制账单中的访问权限。
AWS 托管策略是由创建和管理的独立策略 AWS。 AWS 托管策略旨在为许多常见用例提供权限。 AWS 与必须自己编写策略相比,托管策略使您可以更轻松地为用户、组和角色分配适当的权限。
您无法更改 AWS 托管策略中定义的权限。 AWS 偶尔会更新 AWS 托管策略中定义的权限。当发生此情况时,更新会影响策略附加到的所有委托人实体(用户、组和角色)。
计费为常见用例提供了多种 AWS 托管策略。
主题
AWSPurchaseOrdersServiceRolePolicy
此托管式策略将授予对账单与成本管理控制台和采购订单控制台的完全访问权限。此策略允许用户查看、创建、更新和删除账户的采购订单。
{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "account:GetAccountInformation", "account:GetContactInformation", "aws-portal:*Billing", "consolidatedbilling:GetAccountBillingRole", "invoicing:GetInvoicePDF", "payments:GetPaymentInstrument", "payments:ListPaymentPreferences", "purchase-orders:AddPurchaseOrder", "purchase-orders:DeletePurchaseOrder", "purchase-orders:GetPurchaseOrder", "purchase-orders:ListPurchaseOrderInvoices", "purchase-orders:ListPurchaseOrders", "purchase-orders:ListTagsForResource", "purchase-orders:ModifyPurchaseOrders", "purchase-orders:TagResource", "purchase-orders:UntagResource", "purchase-orders:UpdatePurchaseOrder", "purchase-orders:UpdatePurchaseOrderStatus", "purchase-orders:ViewPurchaseOrders", "tax:ListTaxRegistrations" ], "Resource":"*" } ] }
AWSBillingReadOnlyAccess
此托管策略授予用户对 AWS Billing and Cost Management 控制台中功能的只读访问权限。
权限详细信息
该策略包含以下权限:
account— 检索有关其 AWS 账户的信息。aws-portal— 向用户授予对 Billing and Cost Management 控制台页面的总体查看权限。billing— 检索对 AWS 账单信息的全面访问权限,例如账单偏好、有效合同、已应用的积分或折扣、IAM偏好、记录在案的卖家以及账单报告列表。budgets— 检索有关为该 AWS Budgets 功能设置的操作的信息。ce— 检索成本和使用情况信息、标签和维度值以查看 Cost Explorer 功能。 AWSconsolidatedbilling— 使用整合账单功能检索角色和有关 AWS 账户 配置的详细信息。cur— 检索有关其 AWS 成本和使用情况报告 数据的信息。freetier— 检索有关 AWS Free Tier 警报和使用偏好的信息。invoicing— 检索有关其发票首选项的信息。payments— 检索融资、付款状态和支付工具信息。purchase-orders— 检索与其采购订单相关的发票信息。sustainability— 根据碳足迹的 AWS 使用情况检索碳足迹信息。tax— 从税务设置中检索已注册的税务信息。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "account:GetAccountInformation", "aws-portal:ViewBilling", "billing:GetBillingData", "billing:GetBillingDetails", "billing:GetBillingNotifications", "billing:GetBillingPreferences", "billing:GetContractInformation", "billing:GetCredits", "billing:GetIAMAccessPreference", "billing:GetSellerOfRecord", "billing:ListBillingViews", "budgets:DescribeBudgetActionsForBudget", "budgets:DescribeBudgetAction", "budgets:DescribeBudgetActionsForAccount", "budgets:DescribeBudgetActionHistories", "budgets:ViewBudget", "ce:DescribeCostCategoryDefinition", "ce:GetCostAndUsage", "ce:GetDimensionValues", "ce:GetTags", "ce:ListCostCategoryDefinitions", "ce:ListCostAllocationTags", "ce:ListCostAllocationTagBackfillHistory", "ce:ListTagsForResource", "consolidatedbilling:GetAccountBillingRole", "consolidatedbilling:ListLinkedAccounts", "cur:DescribeReportDefinitions", "cur:GetClassicReport", "cur:GetClassicReportPreferences", "cur:GetUsageReport", "freetier:GetFreeTierAlertPreference", "freetier:GetFreeTierUsage", "invoicing:GetInvoiceEmailDeliveryPreferences", "invoicing:GetInvoicePDF", "invoicing:ListInvoiceSummaries", "payments:GetFinancingApplication", "payments:GetFinancingLine", "payments:GetFinancingLineWithdrawal", "payments:GetFinancingOption", "payments:GetPaymentInstrument", "payments:GetPaymentStatus", "payments:ListFinancingApplications", "payments:ListFinancingLines", "payments:ListFinancingLineWithdrawals", "payments:ListPaymentInstruments", "payments:ListPaymentPreferences", "payments:ListPaymentProgramOptions", "payments:ListPaymentProgramStatus", "payments:ListTagsForResource", "purchase-orders:GetPurchaseOrder", "purchase-orders:ListPurchaseOrderInvoices", "purchase-orders:ListPurchaseOrders", "purchase-orders:ListTagsForResource", "purchase-orders:ViewPurchaseOrders", "sustainability:GetCarbonFootprintSummary", "tax:GetTaxInheritance", "tax:GetTaxRegistrationDocument", "tax:ListTaxRegistrations" ], "Resource": "*" } ] }
Billing
此托管策略授予用户查看和编辑 AWS Billing and Cost Management 控制台的权限。这包括查看账户使用量、修改预算和付款方式。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "account:GetAccountInformation", "aws-portal:*Billing", "aws-portal:*PaymentMethods", "aws-portal:*Usage", "billing:GetBillingData", "billing:GetBillingDetails", "billing:GetBillingNotifications", "billing:GetBillingPreferences", "billing:GetContractInformation", "billing:GetCredits", "billing:GetIAMAccessPreference", "billing:GetSellerOfRecord", "billing:ListBillingViews", "billing:PutContractInformation", "billing:RedeemCredits", "billing:UpdateBillingPreferences", "billing:UpdateIAMAccessPreference", "budgets:CreateBudgetAction", "budgets:DeleteBudgetAction", "budgets:DescribeBudgetActionsForBudget", "budgets:DescribeBudgetAction", "budgets:DescribeBudgetActionsForAccount", "budgets:DescribeBudgetActionHistories", "budgets:ExecuteBudgetAction", "budgets:ModifyBudget", "budgets:UpdateBudgetAction", "budgets:ViewBudget", "ce:CreateNotificationSubscription", "ce:CreateReport", "ce:CreateCostCategoryDefinition", "ce:DeleteNotificationSubscription", "ce:DeleteCostCategoryDefinition", "ce:DescribeCostCategoryDefinition", "ce:DeleteReport", "ce:GetCostAndUsage", "ce:GetDimensionValues", "ce:GetTags", "ce:ListCostAllocationTags", "ce:ListCostAllocationTagBackfillHistory", "ce:ListCostCategoryDefinitions", "ce:ListTagsForResource", "ce:StartCostAllocationTagBackfill", "ce:UpdateCostAllocationTagsStatus", "ce:UpdateNotificationSubscription", "ce:TagResource", "ce:UpdatePreferences", "ce:UpdateReport", "ce:UntagResource", "ce:UpdateCostCategoryDefinition", "consolidatedbilling:GetAccountBillingRole", "consolidatedbilling:ListLinkedAccounts", "cur:DeleteReportDefinition", "cur:DescribeReportDefinitions", "cur:GetClassicReport", "cur:GetClassicReportPreferences", "cur:GetUsageReport", "cur:ModifyReportDefinition", "cur:PutClassicReportPreferences", "cur:PutReportDefinition", "cur:ValidateReportDestination", "freetier:GetFreeTierAlertPreference", "freetier:GetFreeTierUsage", "freetier:PutFreeTierAlertPreference", "invoicing:GetInvoiceEmailDeliveryPreferences", "invoicing:GetInvoicePDF", "invoicing:ListInvoiceSummaries", "invoicing:PutInvoiceEmailDeliveryPreferences", "payments:CreateFinancingApplication", "payments:CreatePaymentInstrument", "payments:DeletePaymentInstrument", "payments:GetFinancingApplication", "payments:GetFinancingLine", "payments:GetFinancingLineWithdrawal", "payments:GetFinancingOption", "payments:GetPaymentInstrument", "payments:GetPaymentStatus", "payments:ListFinancingApplications", "payments:ListFinancingLines", "payments:ListFinancingLineWithdrawals", "payments:ListPaymentInstruments", "payments:ListPaymentPreferences", "payments:ListPaymentProgramOptions", "payments:ListPaymentProgramStatus", "payments:ListTagsForResource", "payments:MakePayment", "payments:TagResource", "payments:UntagResource", "payments:UpdateFinancingApplication", "payments:UpdatePaymentInstrument", "payments:UpdatePaymentPreferences", "pricing:DescribeServices", "purchase-orders:AddPurchaseOrder", "purchase-orders:DeletePurchaseOrder", "purchase-orders:GetPurchaseOrder", "purchase-orders:ListPurchaseOrderInvoices", "purchase-orders:ListPurchaseOrders", "purchase-orders:ListTagsForResource", "purchase-orders:ModifyPurchaseOrders", "purchase-orders:TagResource", "purchase-orders:UntagResource", "purchase-orders:UpdatePurchaseOrder", "purchase-orders:UpdatePurchaseOrderStatus", "purchase-orders:ViewPurchaseOrders", "support:AddAttachmentsToSet", "support:CreateCase", "sustainability:GetCarbonFootprintSummary", "tax:BatchPutTaxRegistration", "tax:DeleteTaxRegistration", "tax:GetExemptions", "tax:GetTaxInheritance", "tax:GetTaxInterview", "tax:GetTaxRegistration", "tax:GetTaxRegistrationDocument", "tax:ListTaxRegistrations", "tax:PutTaxInheritance", "tax:PutTaxInterview", "tax:PutTaxRegistration", "tax:UpdateExemptions" ], "Resource": "*" } ] }
AWSAccountActivityAccess
此托管式策略授予用户查看账户活动页面的权限。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "account:GetRegionOptStatus", "account:GetAccountInformation", "account:GetAlternateContact", "account:GetChallengeQuestions", "account:GetContactInformation", "account:ListRegions", "aws-portal:ViewBilling", "billing:GetIAMAccessPreference", "billing:GetSellerOfRecord", "payments:ListPaymentPreferences" ], "Resource": "*" } ] }
AWSPriceListServiceFullAccess
此托管策略授予用户对 AWS 价目表服务的完全访问权限。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AWSPriceListServiceFullAccess", "Effect": "Allow", "Action": [ "pricing:*" ], "Resource": "*" } ] }
AWS 账单托 AWS 管政策的更新
查看自该服务开始跟踪这些变更以来 AWS 账单 AWS 托管政策更新的详细信息。要获得有关此页面变更的自动提醒,请订阅 “ AWS 账单文档历史记录” 页面上的订阅RSS源。
| 更改 | 描述 | 日期 |
|---|---|---|
账单和 AWSBillingReadOnlyAccess— 更新现有政策 |
我们在中添加了以下付款权限
我们在中添加了以下付款权限
|
2024年11月12日 |
|
我们添加了 AWS 价目表服务 |
2024 年 7 月 2 日 |
|
|
账单和 AWSBillingReadOnlyAccess— 更新现有政策 |
我们为
我们为
|
2024 年 5 月 31 日 |
|
账单和 AWSBillingReadOnlyAccess— 更新现有政策 |
我们为
我们为
|
2024 年 3 月 25 日 |
| 账单和 AWSBillingReadOnlyAccess— 更新现有政策 |
我们为
我们为
|
2023 年 7 月 26 日 |
|
AWSPurchaseOrdersServiceRolePolicy、账单和 AWSBillingReadOnlyAccess— 更新现有政策 |
我们为
我们为
|
2023 年 7 月 17 日 |
|
AWSPurchaseOrdersServiceRolePolicy、账单和 AWSBillingReadOnlyAccess— 更新现有政策 AWSAccountActivityAccess— 为 AWS 账单记录了新的 AWS 托管政策 |
在所有策略中添加了更新的操作集。 | 2023 年 3 月 6 日 |
|
AWSPurchaseOrdersServiceRolePolicy – 更新到现有策略 |
AWS 账单删除了不必要的权限。 |
2021 年 11 月 18 日 |
|
AWS 账单已开始跟踪变更 |
AWS Billing 已开始跟踪其 AWS 托管政策的变更。 |
2021 年 11 月 18 日 |
