AWS Data Exchange API 許可:動作和資源參考 - AWS Data Exchange 使用者指南

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

AWS Data Exchange API 許可:動作和資源參考

當您設定存取控制和撰寫可附加至 AWS Identity and Access Management (IAM) 身分 (身分型政策) 的許可政策時,請使用下表做為參考。資料表會列出每個 AWS Data Exchange API操作、您可以授予執行動作許可的動作,以及您可以授予許可 AWS 的資源。您可以在政策的 Action 欄位中指定動作。您在政策的 Resource 欄位中指定資源值。

注意

若要指定動作,請使用dataexchange:字首,後面加上API操作名稱 (例如 dataexchange:CreateDataSet)。

AWS Data Exchange API 和動作的必要許可
AWS Data Exchange API 操作 必要許可 (API 動作) 資源 條件
CreateDataSet dataexchange:CreateDataSet N/A

aws:TagKeys

aws:RequestTag
GetDataSet dataexchange:GetDataSet 資料集 aws:RequestTag
UpdateDataSet dataexchange:UpdateDataSet 資料集 aws:RequestTag
PublishDataSet dataexchange:PublishDataSet 資料集 aws:RequestTag
DeleteDataSet dataexchange:DeleteDataSet 資料集 aws:RequestTag
ListDataSets dataexchange:ListDataSets N/A N/A
CreateRevision dataexchange:CreateRevision 資料集

aws:TagKeys

aws:RequestTag
GetRevision dataexchange:GetRevision

修訂

 aws:RequestTag
DeleteRevision dataexchange:DeleteRevision

修訂

 aws:RequestTag
ListDataSetRevisions dataexchange:ListDataSetRevisions 資料集 aws:RequestTag
ListRevisionAssets dataexchange:ListRevisionAssets

修訂

 aws:RequestTag
CreateEventAction dataexchange:CreateEventAction N/A N/A
UpdateEventAction dataexchange:UpdateEventAction

EventAction

 N/A
GetEventAction dataexchange:GetEventAction

EventAction

 N/A
ListEventActions dataexchange:ListEventActions N/A N/A
DeleteEventAction dataexchange:DeleteEventAction

EventAction

 N/A
CreateJob dataexchange:CreateJob N/A dataexchange:JobType
GetJob dataexchange:GetJob 任務 dataexchange:JobType
StartJob** dataexchange:StartJob 任務 dataexchange:JobType
CancelJob dataexchange:CancelJob 任務 dataexchange:JobType
ListJobs dataexchange:ListJobs N/A N/A
ListTagsForResource dataexchange:ListTagsForResource

修訂

 aws:RequestTag
TagResource dataexchange:TagResource

修訂

aws:TagKeys

aws:RequestTag
UnTagResource dataexchange:UnTagResource

修訂

aws:TagKeys

aws:RequestTag
UpdateRevision dataexchange:UpdateRevision

修訂

 aws:RequestTag
DeleteAsset dataexchange:DeleteAsset

資產

 N/A
GetAsset dataexchange:GetAsset

資產

 N/A
UpdateAsset dataexchange:UpdateAsset

資產

 N/A
SendApiAsset dataexchange:SendApiAsset

資產

 N/A

** 根據您啟動的任務類型,可能需要其他IAM許可。如需任務類型和相關聯的其他IAM許可, AWS Data Exchange 請參閱下表。如需任務的詳細資訊,請參閱中的任務 AWS Data Exchange

注意

目前,下列 不支援 SendApiAsset操作SDKs:

  • AWS SDK for .NET

  • AWS SDK for C++

  • SDK 適用於 Java 2.x

AWS Data Exchange 的任務類型許可 StartJob
任務類型 所需的其他IAM許可
IMPORT_ASSETS_FROM_S3 dataexchange:CreateAsset
IMPORT_ASSET_FROM_SIGNED_URL dataexchange:CreateAsset
IMPORT_ASSETS_FROM_API_GATEWAY_API dataexchange:CreateAsset
IMPORT_ASSETS_FROM_REDSHIFT_DATA_SHARES dataexchange:CreateAsset, redshift:AuthorizeDataShare
EXPORT_ASSETS_TO_S3 dataexchange:GetAsset
EXPORT_ASSETS_TO_SIGNED_URL dataexchange:GetAsset
EXPORT_REVISIONS_TO_S3 dataexchange:GetRevision dataexchange:GetDataSet
注意

dataexchange:GetDataSet 只有在您使用 DataSet.Name作為EXPORT_REVISIONS_TO_S3任務類型的動態參考時才需要 IAM許可。

您可以透過使用萬用字元,將資料集動作範圍調整為修訂或資產層級,如下列範例所示。

arn:aws:dataexchange:us-east-1:123456789012:data-sets/99EXAMPLE23c7c272897cf1EXAMPLE7a/revisions/*/assets/*

某些 AWS Data Exchange 動作只能在 AWS Data Exchange 主控台上執行。這些動作與 AWS Marketplace 功能整合。這些動作需要下表所示的 AWS Marketplace 許可。

AWS Data Exchange 訂閱者的主控台專用動作
主控台動作 IAM 許可
訂閱產品

aws-marketplace:Subscribe

aws-marketplace:CreateAgreementRequest

aws-marketplace:AcceptAgreementRequest
傳送訂閱驗證請求

aws-marketplace:Subscribe

aws-marketplace:CreateAgreementRequest

aws-marketplace:AcceptAgreementRequest
啟用訂閱自動續約

aws-marketplace:Subscribe

aws-marketplace:CreateAgreementRequest

aws-marketplace:AcceptAgreementRequest
檢視訂閱的自動續約狀態

aws-marketplace:ListEntitlementDetails

aws-marketplace:ViewSubscriptions

aws-marketplace:GetAgreementTerms
停用訂閱自動續約

aws-marketplace:Subscribe

aws-marketplace:CreateAgreementRequest

aws-marketplace:AcceptAgreementRequest
列出作用中訂閱

aws-marketplace:ViewSubscriptions

aws-marketplace:SearchAgreements

aws-marketplace:GetAgreementTerms
檢視訂閱

aws-marketplace:ViewSubscriptions

aws-marketplace:SearchAgreements

aws-marketplace:GetAgreementTerms

aws-marketplace:DescribeAgreement
列出訂閱驗證請求

aws-marketplace:ListAgreementRequests
檢視訂閱驗證請求

aws-marketplace:GetAgreementRequest
取消訂閱驗證請求

aws-marketplace:CancelAgreementRequest
檢視所有以帳戶為目標的優惠

aws-marketplace:ListPrivateListings
檢視特定優惠的詳細資訊

aws-marketplace:GetPrivateListing
AWS Data Exchange 提供者的主控台限定動作
主控台動作 IAM 許可
標籤產品

aws-marketplace:TagResource

aws-marketplace:UntagResource

aws-marketplace:ListTagsForResource
標籤優惠

aws-marketplace:TagResource

aws-marketplace:UntagResource

aws-marketplace:ListTagsForResource
發佈產品

aws-marketplace:StartChangeSet

aws-marketplace:DescribeChangeSet

dataexchange:PublishDataSet
取消發佈產品

aws-marketplace:StartChangeSet

aws-marketplace:DescribeChangeSet
編輯產品

aws-marketplace:StartChangeSet

aws-marketplace:DescribeChangeSet
建立自訂優惠

aws-marketplace:StartChangeSet

aws-marketplace:DescribeChangeSet
編輯自訂優惠

aws-marketplace:StartChangeSet

aws-marketplace:DescribeChangeSet
檢視產品詳細資訊

aws-marketplace:DescribeEntity

aws-marketplace:ListEntities
檢視產品的自訂優惠 aws-marketplace:DescribeEntity
檢視產品儀表板

aws-marketplace:ListEntities

aws-marketplace:DescribeEntity
列出已發佈資料集或修訂版本的產品

aws-marketplace:ListEntities

aws-marketplace:DescribeEntity
列出訂閱驗證請求

aws-marketplace:ListAgreementApprovalRequests

aws-marketplace:GetAgreementApprovalRequest
核准訂閱驗證請求

aws-marketplace:AcceptAgreementApprovalRequest
拒絕訂閱驗證請求

aws-marketplace:RejectAgreementApprovalRequest
從訂閱驗證請求中刪除資訊

aws-marketplace:UpdateAgreementApprovalRequest
檢視訂閱詳細資訊

aws-marketplace:SearchAgreements

aws-marketplace:GetAgreementTerms