本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
Amazon GuardDuty 的示例 SCP
阻止用户禁用 GuardDuty 或修改其配置
此 SCP 阻止任何受影响账户中的用户或角色直接以命令形式或通过控制台禁用 GuardDuty 或更改其配置。它有效地允许对 GuardDuty 信息和资源进行只读访问。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "guardduty:AcceptInvitation", "guardduty:ArchiveFindings", "guardduty:CreateDetector", "guardduty:CreateFilter", "guardduty:CreateIPSet", "guardduty:CreateMembers", "guardduty:CreatePublishingDestination", "guardduty:CreateSampleFindings", "guardduty:CreateThreatIntelSet", "guardduty:DeclineInvitations", "guardduty:DeleteDetector", "guardduty:DeleteFilter", "guardduty:DeleteInvitations", "guardduty:DeleteIPSet", "guardduty:DeleteMembers", "guardduty:DeletePublishingDestination", "guardduty:DeleteThreatIntelSet", "guardduty:DisassociateFromMasterAccount", "guardduty:DisassociateMembers", "guardduty:InviteMembers", "guardduty:StartMonitoringMembers", "guardduty:StopMonitoringMembers", "guardduty:TagResource", "guardduty:UnarchiveFindings", "guardduty:UntagResource", "guardduty:UpdateDetector", "guardduty:UpdateFilter", "guardduty:UpdateFindingsFeedback", "guardduty:UpdateIPSet", "guardduty:UpdatePublishingDestination", "guardduty:UpdateThreatIntelSet" ], "Resource": "*" } ] }