本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
使用 IAM 條件金鑰
您可以使用 IAM 條件金鑰,根據特定的報告類別和系列,提供對 AWS Artifact 報告的精細存取。
下列範例政策顯示您可以根據特定報告類別和系列指派給 IAM 使用者的許可。
範例 管理AWS報告讀取存取權限的範例原則
AWS Artifact報告由 IAM 資源表示。report
下列政策授予讀取該Certifications and Attestations類別下所有AWS Artifact報告的權限。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport" ], "Resource": "*", "Condition": { "StringEquals": { "artifact:ReportCategory": "Certifications and Attestations" } } } ] }
下列原則可讓您授與讀取SOC系列下所有AWS Artifact報告的權限。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports" ], "Resource": "*" },{ "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "artifact:ReportSeries": "SOC", "artifact:ReportCategory": "Certifications and Attestations" } } } ] }
下列原則可讓您授與讀取所有AWS Artifact報告的權限,但Certifications and Attestations類別下的報告除外。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport" ], "Resource": "*", "Condition": { "StringEquals": { "artifact:ReportSeries": "SOC", "artifact:ReportCategory": "Certifications and Attestations" } } } ] }
