本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWSElasticDisasterRecoveryConsoleFullAccess
描述:此政策提供 AWS Elastic Disaster Recovery (DRS) 所有公有 APIs 的完整存取權,以及讀取 KMS 金鑰、 License Manager、Resource Groups、Elastic Load Balancing、IAM 和 EC2 資訊的許可。將此政策連接至您的 IAM 使用者或角色。
AWSElasticDisasterRecoveryConsoleFullAccess 是AWS 受管政策。
使用此政策
您可以AWSElasticDisasterRecoveryConsoleFullAccess連接到您的使用者、群組和角色。
政策詳細資訊
-
類型: AWS 受管政策
-
建立時間:2021 年 11 月 17 日 10:46 UTC
-
編輯時間:2025 年 1 月 12 日 07:52 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryConsoleFullAccess
政策版本
政策版本: v6 (預設)
政策的預設版本是定義政策許可的版本。當具有 政策的使用者或角色提出存取 AWS 資源的請求時, 會 AWS 檢查政策的預設版本,以決定是否允許請求。
JSON 政策文件
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "ConsoleFullAccess1",
"Effect" : "Allow",
"Action" : [
"drs:*"
],
"Resource" : "*"
},
{
"Sid" : "ConsoleFullAccess2",
"Effect" : "Allow",
"Action" : [
"kms:ListAliases",
"kms:DescribeKey"
],
"Resource" : "*"
},
{
"Sid" : "ConsoleFullAccess3",
"Effect" : "Allow",
"Action" : [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstanceTypeOfferings",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:GetEbsEncryptionByDefault",
"ec2:GetEbsDefaultKmsKeyId",
"ec2:DescribeKeyPairs",
"ec2:DescribeCapacityReservations",
"ec2:DescribeHosts"
],
"Resource" : "*"
},
{
"Sid" : "ConsoleFullAccess4",
"Effect" : "Allow",
"Action" : "license-manager:ListLicenseConfigurations",
"Resource" : "*"
},
{
"Sid" : "ConsoleFullAccess5",
"Effect" : "Allow",
"Action" : "resource-groups:ListGroups",
"Resource" : "*"
},
{
"Sid" : "ConsoleFullAccess6",
"Effect" : "Allow",
"Action" : "elasticloadbalancing:DescribeLoadBalancers",
"Resource" : "*"
},
{
"Sid" : "ConsoleFullAccess7",
"Effect" : "Allow",
"Action" : [
"iam:ListInstanceProfiles",
"iam:ListRoles"
],
"Resource" : "*"
},
{
"Sid" : "ConsoleFullAccess8",
"Effect" : "Allow",
"Action" : "iam:PassRole",
"Resource" : [
"arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryConversionServerRole",
"arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceRole"
],
"Condition" : {
"StringEquals" : {
"iam:PassedToService" : "ec2.amazonaws.com"
}
}
},
{
"Sid" : "ConsoleFullAccess9",
"Effect" : "Allow",
"Action" : [
"ec2:DeleteSnapshot"
],
"Resource" : "arn:aws:ec2:*:*:snapshot/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/AWSElasticDisasterRecoveryManaged" : "false"
},
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess10",
"Effect" : "Allow",
"Action" : [
"ec2:CreateLaunchTemplateVersion",
"ec2:ModifyLaunchTemplate",
"ec2:DeleteLaunchTemplateVersions",
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Resource" : "arn:aws:ec2:*:*:launch-template/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/AWSElasticDisasterRecoveryManaged" : "false"
}
}
},
{
"Sid" : "ConsoleFullAccess11",
"Effect" : "Allow",
"Action" : [
"ec2:CreateLaunchTemplate"
],
"Resource" : "arn:aws:ec2:*:*:launch-template/*",
"Condition" : {
"Null" : {
"aws:RequestTag/AWSElasticDisasterRecoveryManaged" : "false"
}
}
},
{
"Sid" : "ConsoleFullAccess12",
"Effect" : "Allow",
"Action" : [
"ec2:DeleteVolume"
],
"Resource" : "arn:aws:ec2:*:*:volume/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/AWSElasticDisasterRecoveryManaged" : "false"
},
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess13",
"Effect" : "Allow",
"Action" : [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:ModifyInstanceAttribute",
"ec2:GetConsoleOutput",
"ec2:GetConsoleScreenshot"
],
"Resource" : "arn:aws:ec2:*:*:instance/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/AWSElasticDisasterRecoveryManaged" : "false"
},
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess14",
"Effect" : "Allow",
"Action" : [
"ec2:RevokeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress"
],
"Resource" : "arn:aws:ec2:*:*:security-group/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/AWSElasticDisasterRecoveryManaged" : "false"
},
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess15",
"Effect" : "Allow",
"Action" : [
"ec2:CreateVolume"
],
"Resource" : "arn:aws:ec2:*:*:volume/*",
"Condition" : {
"Null" : {
"aws:RequestTag/AWSElasticDisasterRecoveryManaged" : "false"
},
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess16",
"Effect" : "Allow",
"Action" : "ec2:CreateSecurityGroup",
"Resource" : "arn:aws:ec2:*:*:vpc/*"
},
{
"Sid" : "ConsoleFullAccess17",
"Effect" : "Allow",
"Action" : [
"ec2:CreateSecurityGroup"
],
"Resource" : "arn:aws:ec2:*:*:security-group/*",
"Condition" : {
"Null" : {
"aws:RequestTag/AWSElasticDisasterRecoveryManaged" : "false"
},
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess18",
"Effect" : "Allow",
"Action" : [
"ec2:CreateSnapshot"
],
"Resource" : "arn:aws:ec2:*:*:volume/*",
"Condition" : {
"Null" : {
"ec2:ResourceTag/AWSElasticDisasterRecoveryManaged" : "false"
},
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess19",
"Effect" : "Allow",
"Action" : [
"ec2:CreateSnapshot"
],
"Resource" : "arn:aws:ec2:*:*:snapshot/*",
"Condition" : {
"Null" : {
"aws:RequestTag/AWSElasticDisasterRecoveryManaged" : "false"
},
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess20",
"Effect" : "Allow",
"Action" : [
"ec2:DetachVolume",
"ec2:AttachVolume"
],
"Resource" : "arn:aws:ec2:*:*:instance/*",
"Condition" : {
"Null" : {
"ec2:ResourceTag/AWSElasticDisasterRecoveryManaged" : "false"
},
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess21",
"Effect" : "Allow",
"Action" : [
"ec2:DetachVolume",
"ec2:AttachVolume",
"ec2:StartInstances",
"ec2:GetConsoleOutput",
"ec2:GetConsoleScreenshot"
],
"Resource" : "arn:aws:ec2:*:*:instance/*",
"Condition" : {
"StringEquals" : {
"ec2:ResourceTag/AWSDRS" : "AllowLaunchingIntoThisInstance"
},
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : [
"drs.amazonaws.com"
]
}
}
},
{
"Sid" : "ConsoleFullAccess22",
"Effect" : "Allow",
"Action" : [
"ec2:AttachVolume"
],
"Resource" : "arn:aws:ec2:*:*:volume/*",
"Condition" : {
"Null" : {
"ec2:ResourceTag/AWSElasticDisasterRecoveryManaged" : "false"
},
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess23",
"Effect" : "Allow",
"Action" : [
"ec2:DetachVolume"
],
"Resource" : "arn:aws:ec2:*:*:volume/*",
"Condition" : {
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess24",
"Effect" : "Allow",
"Action" : [
"ec2:RunInstances"
],
"Resource" : "arn:aws:ec2:*:*:instance/*",
"Condition" : {
"Null" : {
"aws:RequestTag/AWSElasticDisasterRecoveryManaged" : "false"
},
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess25",
"Effect" : "Allow",
"Action" : [
"ec2:RunInstances"
],
"Resource" : [
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:image/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:launch-template/*"
],
"Condition" : {
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess26",
"Effect" : "Allow",
"Action" : "ec2:CreateTags",
"Resource" : [
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:snapshot/*",
"arn:aws:ec2:*:*:instance/*"
],
"Condition" : {
"StringEquals" : {
"ec2:CreateAction" : [
"CreateSecurityGroup",
"CreateVolume",
"CreateSnapshot",
"RunInstances"
]
},
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
},
{
"Sid" : "ConsoleFullAccess27",
"Effect" : "Allow",
"Action" : "ec2:CreateTags",
"Resource" : "arn:aws:ec2:*:*:launch-template/*",
"Condition" : {
"StringEquals" : {
"ec2:CreateAction" : [
"CreateLaunchTemplate"
]
}
}
},
{
"Sid" : "ConsoleFullAccess28",
"Effect" : "Allow",
"Action" : [
"cloudformation:DescribeStacks",
"cloudformation:ListStacks"
],
"Resource" : "*"
},
{
"Sid" : "ConsoleFullAccess29",
"Effect" : "Allow",
"Action" : [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource" : "*"
},
{
"Sid" : "ConsoleFullAccess30",
"Effect" : "Allow",
"Action" : [
"ec2:CreateVolume"
],
"Resource" : "arn:aws:ec2:*:*:snapshot/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/AWSElasticDisasterRecoveryManaged" : "false"
},
"Bool" : {
"aws:ViaAWSService" : "true"
}
}
}
]
}進一步了解
