本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
的範例IAM政策 AWS Artifact
您可以建立許可政策,將許可授予IAM使用者。您可以授予使用者 AWS Artifact 報告存取權,以及代表單一帳戶或組織接受和下載協議的能力。
下列範例政策顯示您可以根據IAM使用者所需的存取層級,將其指派給使用者的許可。
範例 透過精細許可管理 AWS 報告的政策範例
提示
您應該考慮使用 AWSArtifactReportsReadOnlyAccess 受管政策,而不是定義自己的政策。
下列政策授予許可,以透過精細的許可下載所有 AWS 報告。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports", "artifact:GetReportMetadata", "artifact:GetReport", "artifact:GetTermForReport" ], "Resource": "*" } ] }
下列政策僅授予透過精細許可下載 PCI、 AWS SOC和 ISO報告的許可。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports", "artifact:GetReportMetadata", "artifact:GetReport", "artifact:GetTermForReport" ], "Resource": "*", "Condition": { "StringEquals": { "artifact:ReportSeries": [ "SOC", "PCI", "ISO" ], "artifact:ReportCategory": [ "Certifications And Attestations" ] } } } ] }
範例 管理第三方報告的政策範例
提示
您應該考慮使用 AWSArtifactReportsReadOnlyAccess 受管政策,而不是定義自己的政策。
第三方報告由IAM資源 表示report。
下列政策授予所有第三方報告功能的許可。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports", "artifact:GetReportMetadata", "artifact:GetReport", "artifact:GetTermForReport" ], "Resource": "*" } ] }
下列政策授予許可,以下載第三方報告。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetTermForReport" ], "Resource": "*" } ] }
下列政策授予許可,以列出第三方報告。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReport" ], "Resource": "*" } ] }
下列政策授予許可,以檢視第三方報告所有版本的詳細資訊。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:GetReportMetadata" ], "Resource": [ "arn:aws:artifact:us-east-1::report/report-jRVRFP8HxUN5zpPh:*" ] } ] }
下列政策授予許可,以檢視特定版本的第三方報告詳細資訊。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:GetReportMetadata" ], "Resource": [ "arn:aws:artifact:us-east-1::report/report-jRVRFP8HxUN5zpPh:1" ] } ] }
範例 管理協議的政策範例
下列政策授予許可,以下載所有協議。IAM 使用者也必須擁有此許可才能接受協議。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:DownloadAgreement" ], "Resource": [ "*" ] } ] }
下列政策授予許可以接受協議。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:AcceptAgreement", "artifact:DownloadAgreement" ], "Resource": [ "*" ] } ] }
下列政策授予終止協議的許可。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:TerminateAgreement" ], "Resource": [ "*" ] } ] }
下列政策授予管理單一帳戶協議的許可。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:AcceptAgreement", "artifact:DownloadAgreement", "artifact:TerminateAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/*" ] } ] }
範例 要與 整合的政策範例 AWS Organizations
下列政策授予許可,以建立 AWS Artifact 用於與 整合IAM的角色 AWS Organizations。您組織的管理帳戶必須具有這些許可,才能開始使用組織協議。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:ListRoles", "Resource": "arn:aws:iam::*:role/*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact" } ] }
下列政策授予許可,以授予使用 的 AWS Artifact 許可 AWS Organizations。您組織的管理帳戶必須具有這些許可,才能開始使用組織協議。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "organizations:EnableAWSServiceAccess", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization" ], "Resource": "*" } ] }
範例 管理帳戶協議管理政策範例
下列政策授予許可,以管理 管理帳戶的協議。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:AcceptAgreement", "artifact:DownloadAgreement", "artifact:TerminateAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/*" ] }, { "Effect": "Allow", "Action": "iam:ListRoles", "Resource": "arn:aws:iam::*:role/*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact" }, { "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "organizations:EnableAWSServiceAccess", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization" ], "Resource": "*" } ] }
範例 管理組織協議的政策範例
下列政策授予管理組織協議的許可。具有必要許可的其他使用者必須設定組織協議。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:AcceptAgreement", "artifact:DownloadAgreement", "artifact:TerminateAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/*" ] }, { "Effect": "Allow", "Action": [ "organizations:DescribeOrganization" ], "Resource": "*" } ] }
下列政策授予檢視組織協議的許可。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:DownloadAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/*" ] }, { "Effect": "Allow", "Action": [ "organizations:DescribeOrganization" ], "Resource": "*" } ] }
範例 管理通知的政策範例
下列政策授予使用 AWS Artifact 通知的完整許可。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:GetAccountSettings", "artifact:PutAccountSettings", "notifications:AssociateChannel", "notifications:CreateEventRule", "notifications:CreateNotificationConfiguration", "notifications:DeleteEventRule", "notifications:DeleteNotificationConfiguration", "notifications:DisassociateChannel", "notifications:GetEventRule", "notifications:GetNotificationConfiguration", "notifications:ListChannels", "notifications:ListEventRules", "notifications:ListNotificationConfigurations", "notifications:ListNotificationHubs", "notifications:ListTagsForResource", "notifications:TagResource", "notifications:UntagResource", "notifications:UpdateEventRule", "notifications:UpdateNotificationConfiguration", "notifications-contacts:CreateEmailContact", "notifications-contacts:DeleteEmailContact", "notifications-contacts:GetEmailContact", "notifications-contacts:ListEmailContacts", "notifications-contacts:SendActivationCode" ], "Resource": [ "*" ] } ] }
下列政策授予許可,以列出所有組態。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:GetAccountSettings", "notifications:ListChannels", "notifications:ListEventRules", "notifications:ListNotificationConfigurations", "notifications:ListNotificationHubs", "notifications-contacts:GetEmailContact" ], "Resource": [ "*" ] } ] }
下列政策授予建立組態的許可。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:GetAccountSettings", "artifact:PutAccountSettings", "notifications-contacts:CreateEmailContact", "notifications-contacts:SendActivationCode", "notifications:AssociateChannel", "notifications:CreateEventRule", "notifications:CreateNotificationConfiguration", "notifications:ListEventRules", "notifications:ListNotificationHubs", "notifications:TagResource", "notifications-contacts:ListEmailContacts" ], "Resource": [ "*" ] } ] }
下列政策授予編輯組態的許可。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:GetAccountSettings", "artifact:PutAccountSettings", "notifications:AssociateChannel", "notifications:DisassociateChannel", "notifications:GetNotificationConfiguration", "notifications:ListChannels", "notifications:ListEventRules", "notifications:ListTagsForResource", "notifications:TagResource", "notifications:UntagResource", "notifications:UpdateEventRule", "notifications:UpdateNotificationConfiguration", "notifications-contacts:GetEmailContact", "notifications-contacts:ListEmailContacts" ], "Resource": [ "*" ] } ] }
下列政策授予刪除組態的許可。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "notifications:DeleteNotificationConfiguration", "notifications:ListEventRules" ], "Resource": [ "*" ] } ] }
下列政策授予檢視組態詳細資訊的許可。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "notifications:GetNotificationConfiguration", "notifications:ListChannels", "notifications:ListEventRules", "notifications:ListTagsForResource", "notifications-contacts:GetEmailContact" ], "Resource": [ "*" ] } ] }
下列政策授予註冊或取消註冊通知中樞的許可。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "notifications:DeregisterNotificationHub", "notifications:RegisterNotificationHub" ], "Resource": [ "*" ] } ] }
