DataSyncAPI 权限:操作和资源 - AWS DataSync

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

DataSyncAPI 权限:操作和资源

在创建AWS Identity and Access Management (IAM) 策略时,此页面可以帮助您了解AWS DataSync API 操作、您可授予执行权限的对应操作以及您可授予权限的AWS资源。

通常,以下是向策略添加DataSync权限的方式:

  • Action元素中指定操作。该值包括前datasync:缀和 API 操作名称。例如,datasync:CreateTask

  • Resource元素中指定与操作相关的AWS资源。

您也可以在DataSync策略中使用AWS条件密钥。有关AWS键的完整列表,请参阅《IAM 用户指南》中的可用键

有关DataSync资源及其Amazon 资源名称 (ARN) 格式的列表DataSync 资源和操作

DataSyncAPI 操作和相应的操作

AddStorageSystem

操作:datasync:AddStorageSystem

资源:

操作:

  • kms:Decrypt

  • iam:CreateServiceLinkedRole

资源: *

操作:secretsmanager:CreateSecret

资源: arn:aws:secretsmanager:region:account-id:secret:datasync!*

CancelTaskExecution

操作:datasync:CancelTaskExecution

资源: arn:aws:datasync:region:account-id:task/task-id/execution/exec-id

CreateAgent

操作:datasync:CreateAgent

资源:

CreateLocationEfs

操作:datasync:CreateLocationEfs

资源:

CreateLocationFsxLustre

操作:datasync:CreateLocationFsxLustre

资源:

CreateLocationFsxOntap

操作:datasync:CreateLocationFsxOntap

资源:

CreateLocationFsxOpenZfs

操作:datasync:CreateLocationFsxOpenZfs

资源:

CreateLocationFsxWindows

操作:datasync:CreateLocationFsxWindows

资源:

CreateLocationHdfs

操作:dataSync:CreateLocationHdfs

资源: arn:aws:datasync:region:account-id:agent/agent-id

CreateLocationNfs

操作:datasync:CreateLocationNfs

资源: arn:aws:datasync:region:account-id:agent/agent-id

CreateLocationObjectStorage

操作:dataSync:CreateLocationObjectStorage

资源: arn:aws:datasync:region:account-id:agent/agent-id

CreateLocationS3

操作:datasync:CreateLocationS3

资源:arn:aws:datasync:region:account-id:agent/agent-id(仅适用于Outposts 基地上的Amazon S3)

CreateLocationSmb

操作:datasync:CreateLocationSmb

资源: arn:aws:datasync:region:account-id:agent/agent-id

CreateTask

操作:datasync:CreateTask

资源:

  • arn:aws:datasync:region:account-id:location/source-location-id

  • arn:aws:datasync:region:account-id:location/destination-location-id

DeleteAgent

操作:datasync:DeleteAgent

资源: arn:aws:datasync:region:account-id:agent/agent-id

DeleteLocation

操作:datasync:DeleteLocation

资源: arn:aws:datasync:region:account-id:location/location-id

DeleteTask

操作:datasync:DeleteTask

资源: arn:aws:datasync:region:account-id:task/task-id

DescribeAgent

操作:datasync:DescribeAgent

资源: arn:aws:datasync:region:account-id:agent/agent-id

DescribeDiscoveryJob

操作:datasync:DescribeDiscoveryJob

资源: arn:aws:datasync:region:account-id:system/storage-system-id/job/discovery-job-id

DescribeLocationEfs

操作:datasync:DescribeLocationEfs

资源: arn:aws:datasync:region:account-id:location/location-id

DescribeLocationFsxLustre

操作:datasync:DescribeLocationFsxLustre

资源: arn:aws:datasync:region:account-id:location/location-id

DescribeLocationFsxOntap

操作:datasync:DescribeLocationFsxOntap

资源: arn:aws:datasync:region:account-id:location/location-id

DescribeLocationFsxOpenZfs

操作:datasync:DescribeLocationFsxOpenZfs

资源: arn:aws:datasync:region:account-id:location/location-id

DescribeLocationFsxWindows

操作:datasync:DescribeLocationFsxWindows

资源:arn:aws:datasync:region:account-id:location/location-id

DescribeLocationHdfs

操作:datasync:DescribeLocationHdfs

资源: arn:aws:datasync:region:account-id:location/location-id

DescribeLocationNfs

操作:datasync:DescribeLocationNfs

资源: arn:aws:datasync:region:account-id:location/location-id

DescribeLocationObjectStorage

操作:datasync:DescribeLocationObjectStorage

资源: arn:aws:datasync:region:account-id:location/location-id

DescribeLocationS3

操作:datasync:DescribeLocationS3

资源: arn:aws:datasync:region:account-id:location/location-id

DescribeLocationSmb

操作:datasync:DescribeLocationSmb

资源: arn:aws:datasync:region:account-id:location/location-id

DescribeStorageSystem

操作:datasync:DescribeStorageSystem

资源: arn:aws:datasync:region:account-id:system/storage-system-id

操作:secretsmanager:DescribeSecret

资源: arn:aws:secretsmanager:region:account-id:secret:datasync!*

DescribeStorageSystemResourceMetrics

操作:datasync:DescribeStorageSystemResourceMetrics

资源: arn:aws:datasync:region:account-id:system/storage-system-id/job/discovery-job-id

DescribeStorageSystemResources

操作:datasync:DescribeStorageSystemResources

资源: arn:aws:datasync:region:account-id:system/storage-system-id/job/discovery-job-id

DescribeTask

操作:datasync:DescribeTask

资源: arn:aws:datasync:region:account-id:task/task-id

DescribeTaskExecution

操作:datasync:DescribeTaskExecution

资源: arn:aws:datasync:region:account-id:task/task-id/execution/exec-id

GenerateRecommendations

操作:datasync:GenerateRecommendations

资源: arn:aws:datasync:region:account-id:system/storage-system-id/job/discovery-job-id

ListAgents

操作:datasync:ListAgents

资源:

ListDiscoveryJobs

操作:datasync:ListDiscoveryJobs

资源: arn:aws:datasync:region:account-id:system/storage-system-id

ListLocations

操作:datasync:ListLocations

资源:

ListTagsForResource

操作:datasync:ListTagsForResource

资源:

  • arn:aws:datasync:region:account-id:agent/agent-id

  • arn:aws:datasync:region:account-id:task/task-id

  • arn:aws:datasync:region:account-id:location/location-id

ListTaskExecutions

操作:datasync:ListTaskExecutions

资源: arn:aws:datasync:region:account-id:task/task-id

ListTasks

操作:datasync:ListTasks

资源:

RemoveStorageSystem

操作:datasync:RemoveStorageSystem

资源: arn:aws:datasync:region:account-id:system/storage-system-id

操作:secretsmanager:DeleteSecret

资源: arn:aws:secretsmanager:region:account-id:secret:datasync!*

StartDiscoveryJob

操作:datasync:StartDiscoveryJob

资源: arn:aws:datasync:region:account-id:system/storage-system-id

StopDiscoveryJob

操作:datasync:StopDiscoveryJob

资源: arn:aws:datasync:region:account-id:system/storage-system-id/job/discovery-job-id

StartTaskExecution

操作:datasync:StartTaskExecution

资源: arn:aws:datasync:region:account-id:task/task-id

TagResource

操作:datasync:TagResource

资源:

  • arn:aws:datasync:region:account-id:agent/agent-id

  • arn:aws:datasync:region:account-id:task/task-id

  • arn:aws:datasync:region:account-id:location/location-id

UntagResource

操作:datasync:UntagResource

资源:

  • arn:aws:datasync:region:account-id:agent/agent-id

  • arn:aws:datasync:region:account-id:task/task-id

  • arn:aws:datasync:region:account-id:location/location-id

UpdateAgent

操作:datasync:UpdateAgent

资源: arn:aws:datasync:region:account-id:agent/agent-id

UpdateDiscoveryJob

操作:datasync:UpdateDiscoveryJob

资源: arn:aws:datasync:region:account-id:system/storage-system-id/job/discovery-job-id

UpdateLocationHdfs

操作:datasync:UpdateLocationHdfs

资源:

  • arn:aws:datasync:region:account-id:agent/agent-id

  • arn:aws:datasync:region:account-id:location/location-id

UpdateLocationNfs

操作:datasync:UpdateLocationNfs

资源: arn:aws:datasync:region:account-id:location/location-id

UpdateLocationObjectStorage

操作:datasync:UpdateLocationObjectStorage

资源:

  • arn:aws:datasync:region:account-id:agent/agent-id

  • arn:aws:datasync:region:account-id:location/location-id

UpdateLocationSmb

操作:datasync:UpdateLocationSmb

资源:

  • arn:aws:datasync:region:account-id:agent/agent-id

  • arn:aws:datasync:region:account-id:location/location-id

UpdateStorageSystem

操作:datasync:UpdateStorageSystem

资源:

  • arn:aws:datasync:region:account-id:agent/agent-id

  • arn:aws:datasync:region:account-id:system/storage-system-id

UpdateTask

操作:datasync:UpdateTask

资源: arn:aws:datasync:region:account-id:task/task-id

UpdateTaskExecution

操作:datasync:UpdateTaskExecution

资源: arn:aws:datasync:region:account-id:task/task-id/execution/exec-id