本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
遷移至AWS成品協議的精細許可
AWS 偽影現在可讓客戶針對協議使用精細的許可。透過這些精細的許可,客戶可以精細控制提供對檢視和接受不公開協議等功能的存取,以及接受和終止協議。
若要透過精細許可存取協議,您可以利用 AWSArtifactAgreementsReadOnlyAccess或 AWSArtifactAgreementsFullAccess 受管政策,或依照下列建議更新您的許可。如果您先前已選擇不使用精細許可,您應該使用協議主控台中可用的「加入AWS成品協議的精細許可」連結來選擇加入。
如果更新新許可時發生問題,您可以選擇透過主控台中提供的「選擇不接收AWS成品協議的精細許可」連結來存取具有舊許可的協議。
遷移至新許可
舊版IAM動作 "DownloadAgreement" 已由「GetAgreement」動作取代,以下載未接受的協議,並已由「GetCustomerAgreement」動作取代,以下載已接受的協議。此外,已推出更精細的動作來控制檢視和接受不公開協議的存取 (NDAs)。若要利用這些精細動作並維持檢視和執行協議的能力,使用者必須將包含舊版許可的現有政策取代為包含精細許可的政策。
在帳戶層級遷移下載協議的許可
舊版政策:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:DownloadAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/*" ] } ] }
具有精細許可的新政策:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ListAgreementsActions", "Effect": "Allow", "Action": [ "artifact:ListAgreements", "artifact:ListCustomerAgreements" ], "Resource": "*" }, { "Sid": "GetAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetCustomerAgreement", "artifact:GetAgreement", "artifact:GetNdaForAgreement", "artifact:AcceptNdaForAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/*" ] } ] }
遷移非資源特定許可,以在帳戶層級下載、接受和終止協議
舊版政策:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:AcceptAgreement", "artifact:DownloadAgreement", "artifact:TerminateAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/*" ] } ] }
具有精細許可的新政策:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ListAgreementActions", "Effect": "Allow", "Action": [ "artifact:ListAgreements", "artifact:ListCustomerAgreements" ], "Resource": "*" }, { "Sid": "AWSAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetAgreement", "artifact:AcceptNdaForAgreement", "artifact:GetNdaForAgreement", "artifact:AcceptAgreement" ], "Resource": "arn:aws:artifact:::agreement/*" }, { "Sid": "CustomerAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetCustomerAgreement", "artifact:TerminateAgreement" ], "Resource": "arn:aws:artifact::*:customer-agreement/*" } ] }
遷移非資源特定許可,以在組織層級下載、接受和終止協議
舊版政策:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:AcceptAgreement", "artifact:DownloadAgreement", "artifact:TerminateAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/*" ] }, { "Effect": "Allow", "Action": "iam:ListRoles", "Resource": "arn:aws:iam:::role/*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam:::role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact" }, { "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "organizations:EnableAWSServiceAccess", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization" ], "Resource": "*" } ] }
具有精細許可的新政策:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ListAgreementActions", "Effect": "Allow", "Action": [ "artifact:ListAgreements", "artifact:ListCustomerAgreements" ], "Resource": "*" }, { "Sid": "AWSAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetAgreement", "artifact:AcceptNdaForAgreement", "artifact:GetNdaForAgreement", "artifact:AcceptAgreement" ], "Resource": "arn:aws:artifact:::agreement/*" }, { "Sid": "CustomerAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetCustomerAgreement", "artifact:TerminateAgreement" ], "Resource": "arn:aws:artifact::*:customer-agreement/*" }, { "Sid": "CreateServiceLinkedRoleForOrganizationsIntegration", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "artifact.amazonaws.com" ] } } }, { "Sid": "GetRoleToCheckForRoleExistence", "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact" }, { "Sid": "EnableServiceTrust", "Effect": "Allow", "Action": [ "organizations:EnableAWSServiceAccess", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganization" ], "Resource": "*" } ] }
遷移資源特定許可,以在帳戶層級下載、接受和終止協議
舊版政策:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:AcceptAgreement", "artifact:DownloadAgreement" ], "Resource": [ "arn:aws:artifact:::agreement/AWS Business Associate Addendum" ] }, { "Effect": "Allow", "Action": [ "artifact:TerminateAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*" ] } ] }
具有精細許可的新政策:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ListAgreementActions", "Effect": "Allow", "Action": [ "artifact:ListAgreements", "artifact:ListCustomerAgreements" ], "Resource": "*" }, { "Sid": "AWSAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetAgreement", "artifact:AcceptNdaForAgreement", "artifact:GetNdaForAgreement", "artifact:AcceptAgreement" ], "Resource": "arn:aws:artifact:::agreement/agreement-9c1kBcYznTkcpRIm" }, { "Sid": "CustomerAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetCustomerAgreement", "artifact:TerminateAgreement" ], "Resource": "arn:aws:artifact::*:customer-agreement/*" } ] }
遷移資源特定許可,以在組織層級下載、接受和終止協議
舊版政策:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:AcceptAgreement", "artifact:DownloadAgreement", "artifact:TerminateAgreement" ], "Resource": [ "arn:aws:artifact::*:customer-agreement/*", "arn:aws:artifact:::agreement/AWS Organizations Business Associate Addendum" ] }, { "Effect": "Allow", "Action": "iam:ListRoles", "Resource": "arn:aws:iam:::role/*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam:::role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact" }, { "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "organizations:EnableAWSServiceAccess", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization" ], "Resource": "*" } ] }
具有精細許可的新政策:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ListAgreementActions", "Effect": "Allow", "Action": [ "artifact:ListAgreements", "artifact:ListCustomerAgreements" ], "Resource": "*" }, { "Sid": "AWSAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetAgreement", "artifact:AcceptNdaForAgreement", "artifact:GetNdaForAgreement", "artifact:AcceptAgreement" ], "Resource": "arn:aws:artifact:::agreement/agreement-y03aUwMAEorHtqjv" }, { "Sid": "CustomerAgreementActions", "Effect": "Allow", "Action": [ "artifact:GetCustomerAgreement", "artifact:TerminateAgreement" ], "Resource": "arn:aws:artifact::*:customer-agreement/*" }, { "Sid": "CreateServiceLinkedRoleForOrganizationsIntegration", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "artifact.amazonaws.com" ] } } }, { "Sid": "GetRoleToCheckForRoleExistence", "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact" }, { "Sid": "EnableServiceTrust", "Effect": "Allow", "Action": [ "organizations:EnableAWSServiceAccess", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganization" ], "Resource": "*" } ] }
協議的舊版至精細資源映射
協議ARN的 已更新,以取得精細許可。任何先前對舊版協議資源ARN的參考,都應該以新的 取代。以下是傳統資源與精細資源之間的協議ARN映射。
| 協議名稱 | ARN 舊版許可的成品 | ARN 精細許可的成品 |
|---|---|---|
|
AWS 商業夥伴增補合約 |
arn:aws:artifact::agreement/AWS商業夥伴增補合約 |
arn:aws:artifact::agreement/agreement-9c1kBcYznTkcpRIm |
|
AWS 紐西蘭公告資料外洩附錄 |
arn:aws:artifact::agreement/AWS New Zealand Notifiable Data Breach 增補合約 |
arn:aws:artifact::agreement/agreement-3YRq9rGUIu72r7Gt |
|
AWS 澳洲公告資料外洩增補合約 |
arn:aws:artifact::agreement/AWS Australia Notifiable Data Breach 增補合約 |
arn:aws:artifact::agreement/agreement-sbLSDe8bitmAXNr9 |
|
AWS SEC 規則 17a-4 增補合約 |
arn:aws:artifact::agreement/AWS SEC規則 17a-4 增補合約 |
arn:aws:artifact::agreement/agreement-bexgr7sjvXAW4Gxu |
|
AWS SEC 規則 18a-6 增補合約 |
arn:aws:artifact::agreement/AWS SEC規則 18a-6 增補合約 |
arn:aws:artifact::agreement/agreement-HZTdNwJuqOKLReXC |
|
AWS Organizations 商業夥伴增補合約 |
arn:aws:artifact::agreement/AWS Organizations 商業夥伴增補合約 |
arn:aws:artifact::agreement/agreement-y03aUwMAEorHtqjv |
|
AWS Organizations Australia Notifiable Data Breach 增補合約 |
arn:aws:artifact::agreement/AWS Organizations Australia Notifiable Data Breach 增補合約 |
arn:aws:artifact::agreement/agreement-YpDMFXTePE7kEg4b |
|
AWS Organizations New Zealand Notifiable Data Breach 增補合約 |
arn:aws:artifact::agreement/AWS Organizations New Zealand Notifiable Data Breach 增補合約 |
arn:aws:artifact::agreement/agreement-uojEjr3vOnvrhV52 |
