本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWSAuditManagerAdministratorAccess
描述:提供管理存取權,以啟用或停用 AWS Audit Manager、更新設定以及管理評量、控制項和架構
AWSAuditManagerAdministratorAccess是AWS 受管理的策略。
使用此政策
您可以附加AWSAuditManagerAdministratorAccess至您的使用者、群組和角色。
政策詳情
-
類型: AWS 受管理的策略
-
創建時間:2020 年十二月十一日, 世界標準時間 20:02
-
編輯時間:2024 年 5 月 15 日, 世界標準時間 23:46
-
ARN:
arn:aws:iam::aws:policy/AWSAuditManagerAdministratorAccess
政策版本
策略版本:v3(預設值)
原則的預設版本是定義原則權限的版本。當具有策略的使用者或角色發出要求以存取 AWS 資源時,請 AWS 檢查原則的預設版本,以決定是否允許該要求。
政策文件
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AuditManagerAccess", "Effect" : "Allow", "Action" : [ "auditmanager:*" ], "Resource" : "*" }, { "Sid" : "OrganizationsAccess", "Effect" : "Allow", "Action" : [ "organizations:ListAccountsForParent", "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:ListParents", "organizations:ListChildren" ], "Resource" : "*" }, { "Sid" : "AllowOnlyAuditManagerIntegration", "Effect" : "Allow", "Action" : [ "organizations:RegisterDelegatedAdministrator", "organizations:DeregisterDelegatedAdministrator", "organizations:EnableAWSServiceAccess" ], "Resource" : "*", "Condition" : { "StringLikeIfExists" : { "organizations:ServicePrincipal" : [ "auditmanager.amazonaws.com" ] } } }, { "Sid" : "IAMAccess", "Effect" : "Allow", "Action" : [ "iam:GetUser", "iam:ListUsers", "iam:ListRoles" ], "Resource" : "*" }, { "Sid" : "IAMAccessCreateSLR", "Effect" : "Allow", "Action" : "iam:CreateServiceLinkedRole", "Resource" : "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*", "Condition" : { "StringLike" : { "iam:AWSServiceName" : "auditmanager.amazonaws.com" } } }, { "Sid" : "IAMAccessManageSLR", "Effect" : "Allow", "Action" : [ "iam:DeleteServiceLinkedRole", "iam:UpdateRoleDescription", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource" : "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*" }, { "Sid" : "S3Access", "Effect" : "Allow", "Action" : [ "s3:ListAllMyBuckets" ], "Resource" : "*" }, { "Sid" : "KmsAccess", "Effect" : "Allow", "Action" : [ "kms:DescribeKey", "kms:ListKeys", "kms:ListAliases" ], "Resource" : "*" }, { "Sid" : "KmsCreateGrantAccess", "Effect" : "Allow", "Action" : [ "kms:CreateGrant" ], "Resource" : "*", "Condition" : { "Bool" : { "kms:GrantIsForAWSResource" : "true" }, "StringLike" : { "kms:ViaService" : "auditmanager.*.amazonaws.com" } } }, { "Sid" : "SNSAccess", "Effect" : "Allow", "Action" : [ "sns:ListTopics" ], "Resource" : "*" }, { "Sid" : "CreateEventsAccess", "Effect" : "Allow", "Action" : [ "events:PutRule" ], "Resource" : "*", "Condition" : { "StringEquals" : { "events:detail-type" : "Security Hub Findings - Imported" }, "ForAllValues:StringEquals" : { "events:source" : [ "aws.securityhub" ] } } }, { "Sid" : "EventsAccess", "Effect" : "Allow", "Action" : [ "events:DeleteRule", "events:DescribeRule", "events:EnableRule", "events:DisableRule", "events:ListTargetsByRule", "events:PutTargets", "events:RemoveTargets" ], "Resource" : "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver" }, { "Sid" : "TagAccess", "Effect" : "Allow", "Action" : [ "tag:GetResources" ], "Resource" : "*" }, { "Sid" : "ControlCatalogAccess", "Effect" : "Allow", "Action" : [ "controlcatalog:ListCommonControls", "controlcatalog:ListDomains", "controlcatalog:ListObjectives" ], "Resource" : "*" } ] }
進一步了解
