針對 AppStream 2.0 功能使用 Amazon S3 VPC端點

當您在堆疊上啟用應用程式設定持續性或主資料夾時， AppStream 2.0 會使用VPC您為機群指定的 來提供對 Amazon Simple Storage Service (Amazon S3) 儲存貯體的存取。對於彈性機群， AppStream 2.0 將使用 VPC存取 Amazon S3 儲存貯體，其中包含指派給機群應用程式區塊的應用程式。若要啟用私有 S3 端點的 AppStream 2.0 存取，請將下列自訂政策連接至 Amazon S3 的VPC端點。如需私有 Amazon S3 端點的詳細資訊，請參閱《Amazon VPC 使用者指南》中的 Amazon S3 的VPC端點和端點。

{
"Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Allow-AppStream-to-access-S3-buckets",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:sts::account-id-without-hyphens:assumed-role/AmazonAppStreamServiceAccess/AppStream2.0"
            },
            "Action": [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:GetObjectVersion",
                "s3:DeleteObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::appstream2-36fb080bb8-*",
                "arn:aws:s3:::appstream-app-settings-*",
                "arn:aws:s3:::appstream-logs-*"
            ]
        },
        {
            "Sid": "Allow-AppStream-ElasticFleetstoRetrieveObjects",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket-with-application-or-app-block-objects/*",
            "Condition": {
                "StringEquals": {
                    "aws:PrincipalServiceName": "appstream.amazonaws.com"
                }
            }
        }
    ]
}