本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWSApplicationMigrationFullAccess
說明:此原則提供 AWS 應用程式移轉服務 (MGN) 之所有公用 API 的權限,以及讀取 KMS 金鑰資訊的權限。將此政策附加到 IAM 使用者或角色。
AWSApplicationMigrationFullAccess是AWS 受管理的策略。
使用此政策
您可以附加AWSApplicationMigrationFullAccess至您的使用者、群組和角色。
政策詳情
-
類型: AWS 受管理的策略
-
創建時間:4 月 7 日, 06:56 世界標準時間
-
編輯時間:世界標準時間 2024 年 5 月 19 日上午 8 時 30 分
-
ARN:
arn:aws:iam::aws:policy/AWSApplicationMigrationFullAccess
政策版本
策略版本:v8(預設值)
原則的預設版本是定義原則權限的版本。當具有策略的使用者或角色發出要求以存取 AWS 資源時,請 AWS 檢查原則的預設版本,以決定是否允許該要求。
政策文件
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "VisualEditor0", "Effect" : "Allow", "Action" : [ "mgn:*" ], "Resource" : "*" }, { "Sid" : "VisualEditor1", "Effect" : "Allow", "Action" : [ "kms:ListAliases", "kms:DescribeKey" ], "Resource" : "*" }, { "Sid" : "VisualEditor2", "Effect" : "Allow", "Action" : [ "ec2:DescribeKeyPairs", "ec2:DescribeTags", "ec2:DescribeNetworkInterfaces", "ec2:DescribePlacementGroups", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:GetEbsEncryptionByDefault", "ec2:GetEbsDefaultKmsKeyId" ], "Resource" : "*" }, { "Sid" : "VisualEditor3", "Effect" : "Allow", "Action" : "license-manager:ListLicenseConfigurations", "Resource" : "*" }, { "Sid" : "VisualEditor4", "Effect" : "Allow", "Action" : "elasticloadbalancing:DescribeLoadBalancers", "Resource" : "*" }, { "Sid" : "VisualEditor5", "Effect" : "Allow", "Action" : "iam:ListInstanceProfiles", "Resource" : "*" }, { "Sid" : "VisualEditor6", "Effect" : "Allow", "Action" : "iam:PassRole", "Resource" : [ "arn:aws:iam::*:role/service-role/AWSApplicationMigrationLaunchInstanceWithSsmRole", "arn:aws:iam::*:role/service-role/AWSApplicationMigrationLaunchInstanceWithDrsRole" ], "Condition" : { "StringEquals" : { "iam:PassedToService" : "ec2.amazonaws.com" }, "Bool" : { "aws:ViaAWSService" : "true" } } }, { "Sid" : "VisualEditor7", "Effect" : "Allow", "Action" : [ "drs:DescribeSourceServers" ], "Resource" : "*" }, { "Sid" : "VisualEditor8", "Effect" : "Allow", "Action" : [ "ssm:SendCommand" ], "Resource" : [ "arn:aws:ec2:*:*:instance/*" ], "Condition" : { "Bool" : { "aws:ViaAWSService" : "true" }, "Null" : { "aws:ResourceTag/AWSApplicationMigrationServiceManaged" : "false" } } }, { "Sid" : "VisualEditor9", "Effect" : "Allow", "Action" : [ "ssm:ListCommandInvocations" ], "Resource" : "*" }, { "Sid" : "VisualEditor10", "Effect" : "Allow", "Action" : [ "ssm:DescribeInstanceInformation", "ssm:GetCommandInvocation" ], "Resource" : "*", "Condition" : { "Bool" : { "aws:ViaAWSService" : "true" } } }, { "Sid" : "VisualEditor11", "Effect" : "Allow", "Action" : [ "ssm:DescribeDocument", "ssm:SendCommand" ], "Resource" : [ "arn:aws:ssm:*:*:document/AWSDisasterRecovery-InstallDRAgentOnInstance", "arn:aws:ssm:*:*:document/AWSMigration-*" ], "Condition" : { "Bool" : { "aws:ViaAWSService" : "true" } } }, { "Sid" : "VisualEditor12", "Effect" : "Allow", "Action" : [ "drs:DisconnectSourceServer" ], "Resource" : "arn:aws:drs:*:*:source-server/*", "Condition" : { "Bool" : { "aws:ViaAWSService" : "true" }, "Null" : { "aws:ResourceTag/AWSApplicationMigrationServiceConfiguredDR" : "false" } } }, { "Sid" : "VisualEditor13", "Effect" : "Allow", "Action" : [ "ssm:GetParameter", "ssm:PutParameter" ], "Resource" : "arn:aws:ssm:*:*:parameter/ManagedByAWSApplicationMigrationService-*" }, { "Sid" : "VisualEditor14", "Effect" : "Allow", "Action" : [ "servicequotas:GetServiceQuota" ], "Resource" : "*" }, { "Sid" : "VisualEditor15", "Effect" : "Allow", "Action" : [ "ssm:GetAutomationExecution" ], "Resource" : "arn:aws:ssm:*:*:automation-execution/*" }, { "Sid" : "VisualEditor16", "Effect" : "Allow", "Action" : [ "ssm:GetDocument" ], "Resource" : [ "arn:aws:ssm:*:*:document/AWSDisasterRecovery-InstallDRAgentOnInstance", "arn:aws:ssm:*:*:document/AWSMigration-*" ] }, { "Sid" : "VisualEditor17", "Effect" : "Allow", "Action" : [ "ssm:GetParameters" ], "Resource" : "arn:aws:ssm:*:*:parameter/ManagedByAWSApplicationMigrationService-*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : "ssm.amazonaws.com" } } }, { "Sid" : "VisualEditor18", "Effect" : "Allow", "Action" : [ "ssm:StartAutomationExecution" ], "Resource" : "arn:aws:ssm:*:*:automation-definition/AWSMigration-*:$DEFAULT", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : "mgn.amazonaws.com" } } }, { "Sid" : "VisualEditor19", "Effect" : "Allow", "Action" : "ssm:ListCommands", "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : "ssm.amazonaws.com" } } }, { "Sid" : "VisualEditor20", "Effect" : "Allow", "Action" : [ "ssm:DescribeParameters" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "mgn.amazonaws.com" ] } } } ] }
進一步了解
