支持强制执行的服务和资源类型

以下服务和资源类型支持使用标签策略强制执行：

服务名称	资源类型	JSON 语法
Amazon API Gateway	API 密钥域名 REST API 操作阶段	`"apigateway:apikeys"` `"apigateway:domainnames"` `"apigateway:restapis"` `"apigateway:restapis/stages"`
AWS Amplify	组件主题	`"amplifyuibuilder:app/environment/components"` `"amplifyuibuilder:app/environment/themes"`
AWS AppConfig	应用程序配置文件部署部署策略环境	`"appconfig:application"` `"appconfig:application/configurationprofile"` `"appconfig:application/environment/deployment"` `"appconfig:deploymentstrategy"` `"appconfig:application/environment"`
AWS App Mesh	全部网关路由 Mesh 路线虚拟网关虚拟节点虚拟路由器虚拟服务	`"appmesh:*"` `"appmesh:mesh/virtualGateway/gatewayRoute"` `"appmesh:mesh"` `"appmesh:mesh/virtualRouter/route"` `"appmesh:mesh/virtualGateway"` `"appmesh:mesh/virtualNode"` `"appmesh:mesh/virtualRouter"` `"appmesh:mesh/virtualService"`
Amazon Athena	全部工作组	`"athena:*"` `"athena:workgroup"`
AWS Audit Manager	评测评估框架控件	`"auditmanager:assessment`" `"auditmanager:assessmentFramework`" `"auditmanager:control`"
AWS Backup	备份计划文件库 Gateway Hyper Visor VM	`"backup:backup-plan"` `"backup:backup-vault"` `"backup-gateway:gateway"` `"backup-gateway:hypervisor"` `"backup-gateway:vm"`
AWS Batch	作业作业定义作业队列	`"batch:job"` `"batch:job-definition"` `"batch:job-queue"`
AWS BugBust	事件	`"bugbust:event"`
AWS Certificate Manager	全部证书 Private Certificate Authority	`"acm:*"` `"acm:certificate"` `"acm-pca:certificate-authority"`
Amazon Chime	应用程序实例频道媒体管线会议 SIP 媒体应用程序用户应用程序实例语音连接器	`"chime:app-instance"` `"chime:app-instance/channel"` `"chime:media-pipeline"` `"chime:meeting"` `"chime:sma"` `"chime:app-instance/user"` `"chime:vc"`
AWS Clean Rooms	协作已配置的表成员资格已配置的表关联	`"cleanrooms:collaboration"` `"cleanrooms:configuredtable"` `"cleanrooms:membership"` `"cleanrooms:membership/configuredtableassociation"`
AWS Cloud9	环境	`"cloud9:environment"`
Amazon CloudFront	全部分配串流分配	`"cloudfront:*"` `"cloudfront:distribution"` `"cloudfront:streaming-distribution"`
AWS CloudTrail	全部试用	`"cloudtrail:*"` `"cloudtrail:trail"`
Amazon CloudWatch	全部警报 Contributor Insights 规则指标流	`"cloudwatch:*"` `"cloudwatch:alarm"` `"cloudwatch:insight-rule"` `"cloudwatch:metric-stream"`
Amazon CloudWatch Internet Monitor	监控	`"internetmonitor:monitor"`
Amazon CloudWatch Logs	目标位置日志组	`"logs:destination"` `"logs:log-group"`
Amazon CloudWatch Observability Access Manager	链接 sink	`"oam:link"` `"oam:sink"`
AWS CodeBuild	全部项目	`"codebuild:*"` `"codebuild:project"`
Amazon CodeCatalyst	连接	`"codecatalyst:connections"`
AWS CodeCommit	全部存储库	`"codecommit:*"` `"codecommit:repository"`
AWS CodePipeline	全部操作类型管道 Webhook	`"codepipeline:*"` `"codepipeline:actiontype"` `"codepipeline:pipeline"` `"codepipeline:webhook"`
Amazon Cognito Identity	全部身份池	`"cognito-identity:*"` `"cognito-identity:identitypool"`
Amazon Cognito 用户群体	全部用户群体	`"cognito-idp:*"` `"cognito-idp:userpool"`
Amazon Comprehend	全部文档分类器实体识别程序	`"comprehend:*"` `"comprehend:document-classifier"` `"comprehend:entity-recognizer"`
AWS Config	全部聚合授权 Config 聚合器 Config 规则	`"config:*"` `"config:aggregation-authorization"` `"config:config-aggregator"` `"config:config-rule"`
Amazon CodeGuru Reviewer	关联	`"codeguru-reviewer:association"`
Amazon CodeGuru 安全防御工具	扫描	`"codeguru-security:scans"`
CodeConnections	Connection Host	`"codestar-connections:connection"` `"codestar-connections:host"`
Amazon Connect	接洽流程集成关联队列 Quick Connect 路由配置文件用户	`"connect:instance/contact-flow"` `"connect:instance/integration-association"` `"connect:instance/queue"` `"connect:instance/transfer-destination"` `"connect:instance/routing-profile"` `"connect:instance/agent"`
Amazon Connect Wisdom	Assistant 关联内容知识库会话	`"wisdom:assistant"` `"wisdom:association"` `"wisdom:content"` `"wisdom:knowledge-base"` `"wisdom:session"`
AWS Database Migration Service	全部终端节点 ES Rep Subgrp 任务	`"dms:*"` `"dms:endpoint"` `"dms:es"` `"dms:rep"` `"dms:subgrp"` `"dms:task"`
Amazon Data Lifecycle Manager	Policy	`"dlm:policy"`
AWS Diode	Mapping	`"diode-messaging:mapping"`
AWS Direct Connect	全部 Dxcon Dxlag Dxvif	`"directconnect:*"` `"directconnect:dxcon"` `"directconnect:dxlag"` `"directconnect:dxvif"`
Amazon DynamoDB	全部表	`"dynamodb:*"` `"dynamodb:table"`
Amazon EC2	容量预留容量预留实例集运营商网关	`"ec2:capacity-reservation"` `"ec2:capacity-reservation-fleet"` `"ec2:carrier-gateway"`
	Client VPN 端点 CoIP 池客户网关	`"ec2:client-vpn-endpoint"` `"ec2:coip-pool"` `"ec2:customer-gateway"`
	专属主机 DHCP 选项仅出口 Internet 网关	`"ec2:dedicated-host"` `"ec2:dhcp-options"` `"ec2:egress-only-internet-gateway"`
	弹性 IP 事件窗口导出映像任务导出实例任务实例集	`"ec2:elastic-ip"` `"ec2:instance-event-window"` `"ec2:export-image-task"` `"ec2:export-instance-task"` `"ec2:fleet"`
	FPGA 映像主机预留图像	`"ec2:fpga-image"` `"ec2:host-reservation"` `"ec2:image"`
	导入映像任务导入快照任务实例互联网网关 IP 地址管理器	`"ec2:import-image-task"` `"ec2:import-snapshot-task"` `"ec2:instance"` `"ec2:internet-gateway"` `"ec2:ipam"`
	IP 地址管理器池 IP 地址管理器范围 IPv4 池	`"ec2:ipam-pool"` `"ec2:ipam-scope"` `"ec2:ipv4pool-ec2"`
	密钥对启动模板本地网关路由表	`"ec2:key-pair"` `"ec2:launch-template"` `"ec2:local-gateway-route-table"`
	本地网关路由表虚拟接口组关联本地网关路由表 VPC 关联 NAT 网关	`"ec2:local-gateway-route-table-virtual-interface-group-association"` `"ec2:local-gateway-route-table-vpc-association"` `"ec2:natgateway"`
	网络 ACL 网络接口 Network Insights 访问范围	`"ec2:network-acl"` `"ec2:network-interface"` `"ec2:network-insights-access-scope"`
	Network Insights 访问范围分析 Network Insights 分析 Network Insights 路径	`"ec2:network-insights-access-scope-analysis"` `"ec2:network-insights-analysis"` `"ec2:network-insights-path"`
	置放群组前缀列表替换根卷任务	`"ec2:placement-group"` `"ec2:prefix-list"` `"ec2:replace-root-volume-task"`
	预留实例路由表安全组	`"ec2:reserved-instances"` `"ec2:route-table"` `"ec2:security-group"`
	快照竞价型实例集请求竞价型实例请求子网	`"ec2:snapshot"` `"ec2:spot-fleet-request"` `"ec2:spot-instances-request"` `"ec2:subnet"`
	子网 CIDR 预留流量镜像筛选流量镜像会话	`"ec2:subnet-cidr-reservation"` `"ec2:traffic-mirror-filter"` `"ec2:traffic-mirror-session"`
	流量镜像目标 Transit Gateway 中转网关连接	`"ec2:traffic-mirror-target"` `"ec2:transit-gateway"` `"ec2:transit-gateway-attachment"`
	中转网关对等连接中转网关组播域中转网关策略表	`"ec2:transit-gateway-connect-peer"` `"ec2:transit-gateway-multicast-domain"` `"ec2:transit-gateway-policy-table"`
	中转网关路由表中转网关路由表公告 Verified Access 端点 Verified Access 组	`"ec2:transit-gateway-route-table"` `"ec2:transit-gateway-route-table-announcement"` `"ec2:verified-access-endpoint"` `"ec2:verified-access-group"`
	Verified Access 实例 Verified Access 可信提供商 Volume	`"ec2:verified-access-instance"` `"ec2:verified-access-trust-provider"` `"ec2:volume"`
	VPC 流日志 VPC VPC 端点	`"ec2:vpc-flow-log"` `"ec2:vpc"` `"ec2:vpc-endpoint"`
	VPC 终端节点服务 VPC 对等连接 VPN 连接 VPN 网关	`"ec2:vpc-endpoint-service"` `"ec2:vpc-peering-connection"` `"ec2:vpn-connection"` `"ec2:vpn-gateway"`
Amazon EC2 回收站	规则	`"rbin:rule"`
AWS Elastic Beanstalk	应用程序应用程序版本配置模板平台	`"elasticbeanstalk:application"` `"elasticbeanstalk:applicationversion"` `"elasticbeanstalk:configurationtemplate"` `"elasticbeanstalk:platform"`
Amazon Elastic Container Registry	存储库	`"ecr:repository"`
Amazon Elastic Container Service	容量提供程序集群服务任务定义任务集	`"ecs:capacity-provider"` `"ecs:cluster"` `"ecs:service"` `"ecs:task-definition"` `"ecs:task-set"`
Amazon Elastic File System	全部文件系统	`"elasticfilesystem:*"` `"elasticfilesystem:file-system"`
Amazon Elastic Inference	Accelerator	`"elastic-inference:elastic-inference-accelerator"`
Amazon Elastic Kubernetes Service	集群	`"eks:cluster"`
Amazon Elastic Search	域	`"es:domain"`
Amazon EMR	集群 Editor	`"elasticmapreduce:cluster"` `"elasticmapreduce:editor"`
Amazon EMR Serverless	应用程序	`"emr-serverless:applications"`
AWS Entity Resolution	匹配流程架构映射	`"entityresolution:matchingworkflow"` `"entityresolution:schemamapping"`
Amazon ElastiCache	集群	`"elasticache:cluster"`
Amazon EventBridge	全部事件总线规则	`"events:*"` `"events:event-bus"` `"events:rule"`
Amazon EventBridge Pipes	竖线	`"pipes:pipe"`
Amazon EventBridge 调度器	计划组	`"scheduler:schedule-group"`
Amazon Fraud Detector	探测器探测器版本模型规则 Variable	`"frauddetector:detector"` `"frauddetector:detector-version"` `"frauddetector:model"` `"frauddetector:rule"` `"frauddetector:variable"`
Amazon Global Accelerator	Accelerator	`"globalaccelerator:accelerator"`
Elastic Load Balancing	全部 Listener 侦听器规则负载均衡器目标组	`"elasticloadbalancing:*"` `"elasticloadbalancing:listener"` `"elasticloadbalancing:listener-rule"` `"elasticloadbalancing:loadbalancer"` `"elasticloadbalancing:targetgroup"`
Amazon FSx	全部备份文件系统	`"fsx:*"` `"fsx:backup"` `"fsx:file-system"`
Amazon GuardDuty	探测器筛选条件 IP 集威胁情报集	`"guardduty:detector"` `"guardduty:detector/filter"` `"guardduty:detector/ipset"` `"guardduty:detector/threatintelset"`
AWS HealthLake	数据存储	`"healthlake:datastore"`
AWS HealthOmics	注释存储注释存储版本参考存储参考运行运行组序列存储读取集变体存储工作流	`"omics:annotationStore"` `"omics:annotationStore/version"` `"omics:referenceStore"` `"omics:referenceStore/reference"` `"omics:run"` `"omics:runGroup"` `"omics:sequenceStore"` `"omics:sequenceStore/readSet"` `"omics:variantStore"` `"omics:workflow"`
Amazon Inspector	筛选条件	`"inspector2:filter"`
AWS Identity and Access Management	实例配置文件 MFA OIDC 提供商 Policy SAML 提供商服务器证书	`"iam:instance-profile"` `"iam:mfa"` `"iam:oidc-provider"` `"iam:policy"` `"iam:saml-provider"` `"iam:server-certificate"`
AWS IoT Analytics	全部频道数据集数据存储管道	`"iotanalytics:*"` `"iotanalytics:channel"` `"iotanalytics:dataset"` `"iotanalytics:datastore"` `"iotanalytics:pipeline"`
AWS IoT Events	全部探测器模型输入	`"iotevents:*"` `"iotevents:detectorModel"` `"iotevents:input"`
AWS IoT Fleet Hub	应用程序	`"iotfleethub:application"`
AWS IoT SiteWise	资产资产模型	`"iotsitewise:asset"` "`iotsitewise:asset-model`"
AWS IoT Greengrass	批量部署连接器定义内核定义设备定义功能定义记录器定义资源定义订阅定义	`"greengrass:bulk"` `"greengrass:connectorsDefinition"` `"greengrass:coresDefinition"` `"greengrass:devicesDefinition"` `"greengrass:functionsDefinition"` `"greengrass:loggersDefinition"` `"greengrass:resourcesDefinition"` `"greengrass:subscriptionsDefinition"`
AWS Key Management Service	全部键	`"kms:*"` `"kms:key"`
Amazon Kinesis	全部应用程序	`"kinesisanalytics:*"` `"kinesisanalytics:application"`
Amazon Data Firehose	全部传输流	`"firehose:*"` `"firehose:deliverystream"`
AWS Lambda	全部函数	`"lambda:*"` `"lambda:function"`
Amazon Macie	自定义数据标识符	`"macie2:custom-data-identifier"`
Amazon MediaStore	容器	`"mediastore:container"`
Amazon MQ	代理配置	`"mq:broker"` `"mq:configuration"`
Amazon Network Firewall	防火墙防火墙策略有状态规则组无状态规则组	`"network-firewall:firewall"` `"network-firewall:firewall-policy"` `"network-firewall:stateful-rulegroup"` `"network-firewall:stateless-rulegroup"`
Amazon OpenSearch Serverless	集合	`"aoss:collection"`
AWS Organizations	帐户组织部门 Policy 根	`"organizations:account"` `"organizations:ou"` `"organizations:policy"` `"organizations:root"`
Amazon Pinpoint SMS Voice V2	配置集退订列表电话号码池发件人 ID	`"sms-voice:configuration-set"` `"sms-voice:opt-out-list"` `"sms-voice:phone-number"` `"sms-voice:pool"` `"sms-voice:sender-id"`
Amazon RDS	集群参数组集群端点事件订阅数据库选项组数据库参数组数据库代理数据库代理端点预留数据库实例数据库安全组 DB subnet group（数据库子网组）目标组	`"rds:cluster-pg"` `"rds:cluster-endpoint"` `"rds:es"` `"rds:og"` `"rds:pg"` `"rds:db-proxy"` `"rds:db-proxy-endpoint"` `"rds:ri"` `"rds:secgrp"` `"rds:subgrp"` `"rds:target-group"`
Amazon Redshift	全部集群数据库组数据库名称数据库用户事件订阅 HSM 客户端证书 HSM 配置参数组快照快照复制授权快照计划子网组	`"redshift:*"` `"redshift:cluster"` `"redshift:dbgroup"` `"redshift:dbname"` `"redshift:dbuser"` `"redshift:eventsubscription"` `"redshift:hsmclientcertificate"` `"redshift:hsmconfiguration"` `"redshift:parametergroup"` `"redshift:snapshot"` `"redshift:snapshotcopygrant"` `"redshift:snapshotschedule"` `"redshift:subnetgroup"`
Amazon Redshift Serverless	命名空间工作组	`"redshift-serverless:namespace"` `"redshift-serverless:workgroup"`
AWS Resource Access Manager	全部资源共享	`"ram:*"` `"ram:resource-share"`
AWS Resource Groups	全部组	`"resource-groups:*"` `"resource-groups:group"`
Amazon Route 53	托管区域	`"route53:hostedzone"`
Amazon Route 53 Resolver	全部解析程序终端节点解析程序规则	`"route53resolver:*"` `"route53resolver:resolver-endpoint"` `"route53resolver:resolver-rule"`
Amazon S3	存储桶 Storage Lens Storage Lens 组	`"s3:bucket"` `"s3:storage-lens"` `"s3:storage-lens-group"`
Amazon SageMaker	App Image Config Artifact 上下文训练作业处理任务模型包组人工任务 UI 模型包操作管道试验流定义项目	`"sagemaker:app-image-config"` `"sagemaker:artifact"` `"sagemaker:context"` `"sagemaker:training-job"` `"sagemaker:processing-job "` `"sagemaker:model-package-group"` `"sagemaker:human-task-ui"` `"sagemaker:model-package"` `"sagemaker:action"` `"sagemaker:pipeline"` `"sagemaker:experiment"` `"sagemaker:flow-definition"` `"sagemaker:project"`
AWS Secrets Manager	全部密钥	`"secretsmanager:*"` `"secretsmanager:secret"`
AWS Security Lake	数据湖订阅者	`"securitylake:data-lake"` `"securitylake:subscriber"`
AWS Service Catalog	应用程序属性组产品组合产品	`"servicecatalog:applications"` "`servicecatalog:attribute-groups`" "`catalog:portfolio`" "`catalog:product`"
Amazon Simple Notification Service（SNS）	主题	`"sns:topic"`
Amazon Simple Queue Service (SQS)	队列	`"sqs:queue"`
Amazon States Language	全部活动状态机	`"states:*"` "`states:activity`" "`states:stateMachine`"
AWS Step Functions	活动	`"states:activity"`
AWS Storage Gateway	全部 Gateway 共享磁带 Volume	`"storagegateway:*"` `"storagegateway:gateway"` `"storagegateway:share"` `"storagegateway:tape"` `"storagegateway:gateway/volume"`
AWS Systems Manager	关联自动化执行文档维护时段托管实例操作项目补丁基准会话联系人	`"ssm:association"` `"ssm:automation-execution"` `"ssm:document"` `"ssm:maintenancewindow"` `"ssm:managed-instance"` `"ssm:opsitem"` `"ssm:patchbaseline"` `"ssm:session"` `"ssm-contacts:contact"`
Amazon Textract	适配器版本	`"textract:adapters"` `"textract:adapters/versions"`
AWS Transfer Family	Server 用户工作流	`"transfer:server"` `"transfer:user"` `"transfer:workflow"`
Amazon Well-Architected	工作负载	`"wellarchitected:workload"`
AWS Wickr	网络	`"wickr:network"`
Amazon WorkSpaces	全部连接别名目录 WorkSpace WorkSpaces 服务包 WorkSpaces 映像 WorkSpaces IP 组	`"workspaces:*"` `"workspaces:connectionalias"` `"workspaces:directory"` `"workspaces:workspace"` `"workspaces:workspacebundle"` `"workspaces:workspaceimage"` `"workspaces:workspaceipgroup"`
Amazon WorkLink	实例集	`"worklink:fleet"`

Javascript 在您的浏览器中被禁用或不可用。

要使用 Amazon Web Services 文档，必须启用 Javascript。请参阅浏览器的帮助页面以了解相关说明。

文档惯例

生成组织级的合规性报告

标签策略语法和示例