本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
以下NeptuneGraphReadOnlyAccess
此策略包括以下权限:
对于 Amazon EC2 — 检索有关 VPCs子网、安全组和可用区域的信息。
用于 AWS KMS-检索有关 KMS 密钥和别名的信息。
对于 CloudWatch-检索有关 CloudWatch 指标的信息。
对于 CloudWatch 日志-检索有关 CloudWatch 日志流和事件的信息。
注意
该策略已于 2023 年 11 月 29 日发布。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowReadOnlyPermissionsForNeptuneGraph",
"Effect": "Allow",
"Action": [
"neptune-graph:Get*",
"neptune-graph:List*",
"neptune-graph:Read*"
],
"Resource": "*"
},
{
"Sid": "AllowReadOnlyPermissionsForEC2",
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcAttribute",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
},
{
"Sid": "AllowReadOnlyPermissionsForKMS",
"Effect": "Allow",
"Action": [
"kms:ListKeys",
"kms:ListAliases"
],
"Resource": "*"
},
{
"Sid": "AllowReadOnlyPermissionsForCloudwatch",
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics"
],
"Resource": "*"
},
{
"Sid": "AllowReadOnlyPermissionsForLogs",
"Effect": "Allow",
"Action": [
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*"
]
}
]
}