AWS 大型机现代化服务（托管运行时环境体验）不再向新客户开放。有关类似于 AWS 大型机现代化服务（托管运行时环境体验）的功能，请浏览 AWS 大型机现代化服务（自我管理体验）。现有客户可以继续正常使用该服务。有关更多信息，请参阅[AWS 大型机现代化可用性变更](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html)。

本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# AWS 大型机现代化 API 权限：操作、资源和条件参考
<a name="UsingWithM2_IAM_ResourcePermissions"></a>

在编写您可附加到 IAM 身份的权限策略（基于身份的策略）时，可以使用下表作为参考。此表中包括以下内容：
+ 每个 AWS 大型机现代化 API 操作。
+ 您可授予执行该操作的权限的对应操作。
+ 您可以为其授予权限的 AWS 资源。

 您在策略的 `Action` 字段中指定操作，并在策略的 `Resource` 字段中指定资源值。

您可以在 AWS 大型机现代化策略中使用 AWS 全局条件键来表达条件。有关 AWS 密钥的完整列表，请参阅 *IAM 用户指南*中的[可用全局条件密钥](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#AvailableKeys)。

**注意**  
要指定操作，请在 API 操作名称之前使用 `m2:` 前缀（例如，`m2:CreateApplication`）。


**AWS 大型机现代化 API 和操作所需的权限**  

| AWS 大型机现代化 API 操作 | 所需权限（API 操作） | 资源 | 
| --- | --- | --- | 
|  [CancelBatchJobExecution](https://docs.aws.amazon.com/m2/latest/APIReference/API_CancelBatchJobExecution.html)  |  | 应用程序 | 
| [CreateApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateApplication.html)  | `iam:PassRole`<br />`kms:DescribeKey`<br />`kms:CreateGrant`<br />`s3:GetObject`<br />`s3:ListBucket ` | 应用程序 | 
| [CreateDataSetImportTask](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateDataSetImportTask.html)  | `s3:GetObject` | 应用程序 | 
| [CreateDataSetExportTask](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateDataSetExportTask.html) | `kms:DescribeKey`<br />`s3:PutObject` | 应用程序 | 
| [CreateDeployment](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateDeployment.html)  | `elasticloadbalancing:AddTags`<br />`elasticloadbalancing:CreateListener`<br />`elasticloadbalancing:CreateTargetGroup`<br />`elasticloadbalancing:RegisterTargets`<br />`elasticloadbalancing:DeleteListener`<br />`elasticloadbalancing:DeleteTargetGroup`<br />`elasticloadbalancing:DeregisterTargets`<br />`elasticloadbalancing:DeleteLoadBalancer`<br />`logs:CreateLogDelivery`<br />`logs:GetLogDelivery`<br />`logs:UpdateLogDelivery`<br />`logs:DeleteLogDelivery`<br />`logs:ListLogDeliveries`<br />`logs:PutResourcePolicy`<br />`logs:DescribeResourcePolicies`<br />`logs:DescribeLogGroups` | 应用程序 | 
|  [CreateEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateEnvironment.html)  | `ec2:CreateNetworkInterface`<br />`ec2:CreateNetworkInterfacePermission`<br />`ec2:DescribeNetworkInterfaces`<br />`ec2:DescribeSecurityGroups`<br />`ec2:DescribeSubnets`<br />`ec2:DescribeVpcAttribute`<br />`ec2:DescribeVpcs`<br />`ec2:ModifyNetworkInterfaceAttribute`<br />`elasticfilesystem:DescribeMountTargets`<br />`elasticloadbalancing:AddTags`<br />`elasticloadbalancing:CreateLoadBalancer`<br />`elasticloadbalancing:DeleteLoadBalancer`<br />`kms:DescribeKey`<br />`kms:CreateGrant`<br />`fsx:DescribeFileSystems`<br />`iam:CreateServiceLinkedRole` | 环境 | 
|  [DeleteApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_DeleteApplication.html)  | `elasticloadbalancing:DeleteListener`<br />`elasticloadbalancing:DeleteTargetGroup`<br />`logs:DeleteLogDelivery` | 应用程序 | 
|  [DeleteApplicationFromEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_DeleteApplicationFromEnvironment.html)  | `elasticloadbalancing:DeleteListener`<br />`elasticloadbalancing:DeleteTargetGroup` | 应用程序<br />环境 | 
|  [DeleteEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_DeleteEnvironment.html)  | `elasticloadbalancing:DeleteLoadBalancer` | 环境 | 
|  [GetApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetApplication.html)  |   | 应用程序 | 
| [GetApplicationVersion](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetApplicationVersion.html)  |  | 应用程序 | 
|  [GetBatchJobExecution](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetBatchJobExecution.html)  |   | 应用程序 | 
|  [GetDataSetDetails](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetDataSetDetails.html)  |   | 应用程序 | 
|  [GetDataSetImportTask](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetDataSetImportTask.html)  |   | 应用程序 | 
| [GetDataSetExportTask](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetDataSetExportTask.html) |  | 应用程序 | 
|  [GetDeployment](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetDeployment.html)  |   | 应用程序 | 
|  [GetEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetEnvironment.html)  |   | 环境 | 
| [ListApplications](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListApplications.html)  |  | \* | 
|  [ListApplicationVersions](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListApplicationVersions.html)  |   | \* | 
|  [ListBatchJobDefinitions](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListBatchJobDefinitions.html)  |   | \* | 
|  [ListBatchJobExecutions](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListBatchJobExecutions.html)  | `` | \* | 
|  [ListDataSetImportHistory](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListDataSetImportHistory.html)  |   | \* | 
| [ListDataSetExportHistory](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListDataSetExportHistory.html) |  | \* | 
|  [ListDataSets](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListDataSets.html)  |   | \* | 
| [ListDeployments](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListDeployments.html)  |  | \* | 
|  [ListEngineVersions](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListEngineVersions.html)  |   | \* | 
| [ListEnvironments](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListEnvironments.html)  |  | \* | 
|  [ListTagsForResource](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListTagsForResource.html)  |  | \* | 
|  [StartApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_StartApplication.html)  |  | 应用程序 | 
|  [StartBatchJob](https://docs.aws.amazon.com/m2/latest/APIReference/API_StartBatchJob.html)  |   | 应用程序 | 
|  [StopApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_StopApplication.html)  |   | 应用程序 | 
|  [TagResource](https://docs.aws.amazon.com/m2/latest/APIReference/API_TagResource.html)  |   | \* | 
|  [UntagResource](https://docs.aws.amazon.com/m2/latest/APIReference/API_UntagResource.html)  |   | \* | 
|  [UpdateApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_UpdateApplication.html)  | `s3:GetObject`<br />`s3:ListBucket` | 应用程序 | 
|  [UpdateEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_UpdateEnvironment.html)  | `kms:DescribeKey` | 环境 |