關於 AmazonBraketJobsExecutionPolicy 政策 - Amazon Braket

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

關於 AmazonBraketJobsExecutionPolicy 政策

AmazonBraketJobsExecutionPolicy政策授予 Amazon Braket Hybrid Jobs 中使用的執行角色許可,如下所示:

  • 從 Amazon Elastic Container Registry 下載容器 - 讀取和下載用於 Amazon Braket Hybrid Jobs 功能的容器映像的許可。容器必須符合「arn:aws:ecr:*:*:repository/amazon-braket*」格式。

  • 建立日誌群組和日誌事件和查詢日誌群組,以維護帳戶的使用日誌檔案 – 建立、儲存和檢視帳戶中 Amazon Braket 使用量的記錄資訊。查詢混合任務日誌群組上的指標。包含適當的 Braket 路徑,並允許放置日誌資料。在 中放置指標資料 CloudWatch。

  • 將資料儲存在 Amazon S3 儲存貯體 – 列出您帳戶中的 S3 儲存貯體、將物件放入帳戶中以其名稱開頭的 amazon-braket- 的任何儲存貯體,並從中取得物件。這些許可是 Braket 將包含已處理量子任務結果的檔案放入儲存貯體中,並從儲存貯體中擷取這些結果所需的許可。

  • 傳遞IAM角色 – 將IAM角色傳遞至 CreateJob API。 角色必須符合 arn:aws:iam::* 格式:role/service-role/AmazonBraketJobsExecutionRole*.

	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": [
				"s3:GetObject",
				"s3:PutObject",
				"s3:ListBucket",
				"s3:CreateBucket",
				"s3:PutBucketPublicAccessBlock",
				"s3:PutBucketPolicy"
			],
			"Resource": "arn:aws:s3:::amazon-braket-*"
		},
		{
			"Effect": "Allow",
			"Action": [
				"ecr:GetDownloadUrlForLayer",
				"ecr:BatchGetImage",
				"ecr:BatchCheckLayerAvailability"
			],
			"Resource": "arn:aws:ecr:*:*:repository/amazon-braket*"
		},
		{
			"Effect": "Allow",
			"Action": [
				"ecr:GetAuthorizationToken"
			],
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": [
				"braket:CancelJob",
				"braket:CancelQuantumTask",
				"braket:CreateJob",
				"braket:CreateQuantumTask",
				"braket:GetDevice",
				"braket:GetJob",
				"braket:GetQuantumTask",
				"braket:SearchDevices",
				"braket:SearchJobs",
				"braket:SearchQuantumTasks",
				"braket:ListTagsForResource",
				"braket:TagResource",
				"braket:UntagResource"
			],
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": [
				"iam:PassRole"
			],
			"Resource": "arn:aws:iam::*:role/service-role/AmazonBraketJobsExecutionRole*",
			"Condition": {
				"StringLike": {
					"iam:PassedToService": [
						"braket.amazonaws.com"
					]
				}
			}
		},
		{
			"Effect": "Allow",
			"Action": [
				"iam:ListRoles"
			],
			"Resource": "arn:aws:iam::*:role/*"
		},
		{
			"Effect": "Allow",
			"Action": [
				"logs:GetQueryResults"
			],
			"Resource": [
				"arn:aws:logs:*:*:log-group:*"
			]
		},
		{
			"Effect": "Allow",
			"Action": [
				"logs:PutLogEvents",
				"logs:CreateLogStream",
				"logs:CreateLogGroup",
				"logs:GetLogEvents",
				"logs:DescribeLogStreams",
				"logs:StartQuery",
				"logs:StopQuery"
			],
			"Resource": "arn:aws:logs:*:*:log-group:/aws/braket*"
		},
		{
			"Effect": "Allow",
			"Action": "cloudwatch:PutMetricData",
			"Resource": "*",
			"Condition": {
				"StringEquals": {
					"cloudwatch:namespace": "/aws/braket"
				}
			}
		}
	]
}