本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # AWS Data Exchange API 权限:操作和资源参考 在设置[访问控制](access-control.md)和编写可附加到 AWS Identity and Access Management (IAM) 身份的权限策略(基于身份的策略)时,请使用下表作为参考。该表列出了每个 AWS Data Exchange API 操作、您可以为其授予执行该操作的权限的操作以及您可以为其授予权限的 AWS 资源。请在策略的 `Action` 字段中指定这些操作。您在策略的 `Resource` 字段中指定资源值。 **注意** 要指定操作,请在 API 操作名称之前使用 `dataexchange:` 前缀(例如,`dataexchange:CreateDataSet`)。 **AWS Data Exchange API 和操作所需的权限** | AWS Data Exchange API 操作 | 所需权限(API 操作) | 资源 | Conditions | | --- | --- | --- | --- | | CreateDataSet | dataexchange:CreateDataSet | 不适用 | `aws:TagKeys` `aws:RequestTag` | | GetDataSet | dataexchange:GetDataSet | 数据集 | aws:RequestTag | | UpdateDataSet | dataexchange:UpdateDataSet | 数据集 | aws:RequestTag | | PublishDataSet | dataexchange:PublishDataSet | 数据集 | aws:RequestTag | | DeleteDataSet | dataexchange:DeleteDataSet | 数据集 | aws:RequestTag | | ListDataSets | dataexchange:ListDataSets | 不适用 | 不适用 | | CreateRevision | dataexchange:CreateRevision | 数据集 | `aws:TagKeys` `aws:RequestTag` | | GetRevision | dataexchange:GetRevision | 修订 | aws:RequestTag | | DeleteRevision | dataexchange:DeleteRevision | 修订 | aws:RequestTag | | ListDataSetRevisions | dataexchange:ListDataSetRevisions | 数据集 | aws:RequestTag | | ListRevisionAssets | dataexchange:ListRevisionAssets | 修订 | aws:RequestTag | | CreateEventAction | dataexchange:CreateEventAction | 不适用 | 不适用 | | UpdateEventAction | dataexchange:UpdateEventAction | EventAction | 不适用 | | GetEventAction | dataexchange:GetEventAction | EventAction | 不适用 | | ListEventActions | dataexchange:ListEventActions | 不适用 | 不适用 | | DeleteEventAction | dataexchange:DeleteEventAction | EventAction | 不适用 | | CreateJob | dataexchange:CreateJob | 不适用 | dataexchange:JobType | | GetJob | dataexchange:GetJob | 作业 | dataexchange:JobType | | StartJob\$1\$1 | dataexchange:StartJob | 任务 | dataexchange:JobType | | CancelJob | dataexchange:CancelJob | 任务 | dataexchange:JobType | | ListJobs | dataexchange:ListJobs | 不适用 | 不适用 | | ListTagsForResource | dataexchange:ListTagsForResource | 修订 | aws:RequestTag | | TagResource | dataexchange:TagResource | 修订 | `aws:TagKeys` `aws:RequestTag` | | UnTagResource | dataexchange:UnTagResource | 修订 | `aws:TagKeys` `aws:RequestTag` | | UpdateRevision | dataexchange:UpdateRevision | 修订 | aws:RequestTag | | DeleteAsset | dataexchange:DeleteAsset | 资产 | 不适用 | | GetAsset | dataexchange:GetAsset | 资产 | 不适用 | | UpdateAsset | dataexchange:UpdateAsset | 资产 | 不适用 | | SendApiAsset | dataexchange:SendApiAsset | 资产 | 不适用 | **\$1\$1** 可能需要其他 IAM 权限,具体取决于您开始的作业类型。有关 AWS Data Exchange 作业类型和相关的其他 IAM 权限,请参阅下表。有关作业的更多信息,请参阅[中的职位 AWS Data Exchange](jobs.md)。 **注意** 目前,以下各项不支持该`SendApiAsset`操作 SDKs: 适用于 .NET 的 SDK 适用于 C\$1\$1 的 AWS SDK 适用于 Java 的 SDK 2.x **AWS Data Exchange 的作业类型权限 `StartJob`** | 作业类型 | 所需的其他 IAM 权限 | | --- | --- | | IMPORT\$1ASSETS\$1FROM\$1S3 | dataexchange:CreateAsset | | IMPORT\$1ASSET\$1FROM\$1SIGNED\$1URL | dataexchange:CreateAsset | | IMPORT\$1ASSETS\$1FROM\$1API\$1GATEWAY\$1API | dataexchange:CreateAsset | | IMPORT\$1ASSETS\$1FROM\$1REDSHIFT\$1DATA\$1SHARES | dataexchange:CreateAsset, redshift:AuthorizeDataShare | | EXPORT\$1ASSETS\$1TO\$1S3 | dataexchange:GetAsset | | EXPORT\$1ASSETS\$1TO\$1SIGNED\$1URL | dataexchange:GetAsset | | EXPORT\$1REVISIONS\$1TO\$1S3 | dataexchange:GetRevision dataexchange:GetDataSet 仅当您使用 `DataSet.Name` 作为 `EXPORT_REVISIONS_TO_S3` 作业类型的动态参考时,才需要 `dataexchange:GetDataSet` IAM 权限。 | 通过使用通配符,您可以将数据集操作的范围限定为修订或资产级别,如以下示例所示。 ``` arn:aws:dataexchange:us-east-1:123456789012:data-sets/99EXAMPLE23c7c272897cf1EXAMPLE7a/revisions/*/assets/* ``` 有些 AWS Data Exchange 操作只能在 AWS Data Exchange 控制台上执行。这些操作与 AWS Marketplace 功能集成。这些操作需要下表所示的 AWS Marketplace 权限。 **AWS Data Exchange 仅适用于订阅者的控制台操作** | 控制台操作 | IAM 权限 | | --- | --- | | 订阅产品 | `aws-marketplace:Subscribe` `aws-marketplace:CreateAgreementRequest` `aws-marketplace:AcceptAgreementRequest` | | 发送订阅验证请求 | `aws-marketplace:Subscribe` `aws-marketplace:CreateAgreementRequest` `aws-marketplace:AcceptAgreementRequest` | | 启用订阅自动续订 | `aws-marketplace:Subscribe` `aws-marketplace:CreateAgreementRequest` `aws-marketplace:AcceptAgreementRequest` | | 查看订阅的自动续订状态 | `aws-marketplace:ListEntitlementDetails` `aws-marketplace:ViewSubscriptions` `aws-marketplace:GetAgreementTerms` | | 禁用订阅自动续订 | `aws-marketplace:Subscribe` `aws-marketplace:CreateAgreementRequest` `aws-marketplace:AcceptAgreementRequest` | | 列出有效订阅 | `aws-marketplace:ViewSubscriptions` `aws-marketplace:SearchAgreements` `aws-marketplace:GetAgreementTerms` | | 查看订阅 | `aws-marketplace:ViewSubscriptions` `aws-marketplace:SearchAgreements` `aws-marketplace:GetAgreementTerms` `aws-marketplace:DescribeAgreement` | | 列出订阅验证请求 | `aws-marketplace:ListAgreementRequests` | | 查看订阅验证请求 | `aws-marketplace:GetAgreementRequest` | | 取消订阅验证请求 | `aws-marketplace:CancelAgreementRequest` | | 查看针对该账户的所有优惠 | `aws-marketplace:ListPrivateListings` | | 查看特定优惠的详细信息 | `aws-marketplace:GetPrivateListing` | **AWS Data Exchange 提供商仅限控制台的操作** | 控制台操作 | IAM 权限 | | --- | --- | | 标记产品 | `aws-marketplace:TagResource` `aws-marketplace:UntagResource` `aws-marketplace:ListTagsForResource` | | 标记优惠 | `aws-marketplace:TagResource` `aws-marketplace:UntagResource` `aws-marketplace:ListTagsForResource` | | 发布产品 | `aws-marketplace:StartChangeSet` `aws-marketplace:DescribeChangeSet` `dataexchange:PublishDataSet` | | 取消发布产品 | `aws-marketplace:StartChangeSet` `aws-marketplace:DescribeChangeSet` | | 编辑产品 | `aws-marketplace:StartChangeSet` `aws-marketplace:DescribeChangeSet` | | 创建自定义优惠 | `aws-marketplace:StartChangeSet` `aws-marketplace:DescribeChangeSet` | | 编辑自定义优惠 | `aws-marketplace:StartChangeSet` `aws-marketplace:DescribeChangeSet` | | 查看产品详细信息 | `aws-marketplace:DescribeEntity` `aws-marketplace:ListEntities` | | 查看产品的自定义优惠 | aws-marketplace:DescribeEntity | | 查看产品控制面板 | `aws-marketplace:ListEntities` `aws-marketplace:DescribeEntity` | | 列出已发布数据集或修订的产品 | `aws-marketplace:ListEntities` `aws-marketplace:DescribeEntity` | | 列出订阅验证请求 | `aws-marketplace:ListAgreementApprovalRequests` `aws-marketplace:GetAgreementApprovalRequest` | | 批准订阅验证请求 | `aws-marketplace:AcceptAgreementApprovalRequest` | | 拒绝订阅验证请求 | `aws-marketplace:RejectAgreementApprovalRequest` | | 从订阅验证请求中删除信息 | `aws-marketplace:UpdateAgreementApprovalRequest` | | 查看订阅详细信息 | `aws-marketplace:SearchAgreements` `aws-marketplace:GetAgreementTerms` |