本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# 範例：預防 WorkSpaces 應用程式機群機器角色跨服務混淆代理人
<a name="example-fleet-machine"></a>

**Example `aws:SourceAccount` 條件式：**    
****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "appstream.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "aws:SourceAccount": "{{your AWS 帳戶 ID}}"
                }
            }
        }
    ]
}
```

**Example `aws:SourceArn` 條件式：**  
如果您想要針對多個機群使用一個 IAM 角色，我們建議您使用`aws:SourceArn`全域內容條件金鑰搭配萬用字元 (\*)，以符合多個 WorkSpaces 應用程式機群資源。  
****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "appstream.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "ArnLike": {
                "aws:SourceArn": "arn:aws:appstream:{{us-east-1}}:{{111122223333}}:fleet/{{your-fleet-name}}"
                }
            }
        }
    ]
}
```