本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
DataSyncAPI 許可:動作和資源
建立AWS Identity and Access Management (IAM) 政策時,本頁面可協助您了解AWS DataSync API 操作之間的關係、您可以授予執行許可的相應動作,以及您可以授予許可的AWS資源。
一般而言,以下是新增DataSync權限至原則的方式:
-
指定元
Action素中的動作。該值包括datasync:前綴和 API 操作名稱。例如:datasync:CreateTask。 -
指定與
Resource元素中動作相關的AWS資源。
您也可以在DataSync原則中使用AWS條件索引鍵。如需AWS金鑰的完整清單,請參閱 IAM 使用者指南中的可用的金鑰。
如需DataSync資源的清單及其 Amazon 資源名稱 (ARN) 格式,請參閱DataSync 資源和操作。
DataSyncAPI 操作和相應的操作
- AddStorageSystem
-
動作:
datasync:AddStorageSystem資源:無
動作:
-
kms:Decrypt -
iam:CreateServiceLinkedRole
資源:
*動作:
secretsmanager:CreateSecret資源:
arn:aws:secretsmanager:region:account-id:secret:datasync!* -
- CancelTaskExecution
-
動作:
datasync:CancelTaskExecution資源:
arn:aws:datasync:region:account-id:task/task-id/execution/exec-id - CreateAgent
-
動作:
datasync:CreateAgent資源:無
- CreateLocationEfs
-
動作:
datasync:CreateLocationEfs資源:無
- CreateLocationFsxLustre
-
動作:
datasync:CreateLocationFsxLustre資源:無
- CreateLocationFsxOntap
-
動作:
datasync:CreateLocationFsxOntap資源:無
- CreateLocationFsxOpenZfs
-
動作:
datasync:CreateLocationFsxOpenZfs資源:無
- CreateLocationFsxWindows
-
動作:
datasync:CreateLocationFsxWindows資源:無
- CreateLocationHdfs
-
動作:
dataSync:CreateLocationHdfs資源:
arn:aws:datasync:region:account-id:agent/agent-id - CreateLocationNfs
-
動作:
datasync:CreateLocationNfs資源:
arn:aws:datasync:region:account-id:agent/agent-id - CreateLocationObjectStorage
-
動作:
dataSync:CreateLocationObjectStorage資源:
arn:aws:datasync:region:account-id:agent/agent-id - CreateLocationS3
-
動作:
datasync:CreateLocationS3資源:
arn:aws:datasync:(僅適用於 Outposts 上的 Amazon S3)region:account-id:agent/agent-id - CreateLocationSmb
-
動作:
datasync:CreateLocationSmb資源:
arn:aws:datasync:region:account-id:agent/agent-id - CreateTask
-
動作:
datasync:CreateTask資源:
-
arn:aws:datasync:region:account-id:location/source-location-id -
arn:aws:datasync:region:account-id:location/destination-location-id
-
- DeleteAgent
-
動作:
datasync:DeleteAgent資源:
arn:aws:datasync:region:account-id:agent/agent-id - DeleteLocation
-
動作:
datasync:DeleteLocation資源:
arn:aws:datasync:region:account-id:location/location-id - DeleteTask
-
動作:
datasync:DeleteTask資源:
arn:aws:datasync:region:account-id:task/task-id - DescribeAgent
-
動作:
datasync:DescribeAgent資源:
arn:aws:datasync:region:account-id:agent/agent-id - DescribeDiscoveryJob
-
動作:
datasync:DescribeDiscoveryJob資源:
arn:aws:datasync:region:account-id:system/storage-system-id/job/discovery-job-id - DescribeLocationEfs
-
動作:
datasync:DescribeLocationEfs資源:
arn:aws:datasync:region:account-id:location/location-id - DescribeLocationFsxLustre
-
動作:
datasync:DescribeLocationFsxLustre資源:
arn:aws:datasync:region:account-id:location/location-id - DescribeLocationFsxOntap
-
動作:
datasync:DescribeLocationFsxOntap資源:
arn:aws:datasync:region:account-id:location/location-id - DescribeLocationFsxOpenZfs
-
動作:
datasync:DescribeLocationFsxOpenZfs資源:
arn:aws:datasync:region:account-id:location/location-id - DescribeLocationFsxWindows
-
動作:
datasync:DescribeLocationFsxWindows資源:
arn:aws:datasync:region:account-id:location/location-id - DescribeLocationHdfs
-
動作:
datasync:DescribeLocationHdfs資源:
arn:aws:datasync:region:account-id:location/location-id - DescribeLocationNfs
-
動作:
datasync:DescribeLocationNfs資源:
arn:aws:datasync:region:account-id:location/location-id - DescribeLocationObjectStorage
-
動作:
datasync:DescribeLocationObjectStorage資源:
arn:aws:datasync:region:account-id:location/location-id - DescribeLocationS3
-
動作:
datasync:DescribeLocationS3資源:
arn:aws:datasync:region:account-id:location/location-id - DescribeLocationSmb
-
動作:
datasync:DescribeLocationSmb資源:
arn:aws:datasync:region:account-id:location/location-id - DescribeStorageSystem
-
動作:
datasync:DescribeStorageSystem資源:
arn:aws:datasync:region:account-id:system/storage-system-id動作:
secretsmanager:DescribeSecret資源:
arn:aws:secretsmanager:region:account-id:secret:datasync!* - DescribeStorageSystemResourceMetrics
-
動作:
datasync:DescribeStorageSystemResourceMetrics資源:
arn:aws:datasync:region:account-id:system/storage-system-id/job/discovery-job-id - DescribeStorageSystemResources
-
動作:
datasync:DescribeStorageSystemResources資源:
arn:aws:datasync:region:account-id:system/storage-system-id/job/discovery-job-id - DescribeTask
-
動作:
datasync:DescribeTask資源:
arn:aws:datasync:region:account-id:task/task-id - DescribeTaskExecution
-
動作:
datasync:DescribeTaskExecution資源:
arn:aws:datasync:region:account-id:task/task-id/execution/exec-id - GenerateRecommendations
-
動作:
datasync:GenerateRecommendations資源:
arn:aws:datasync:region:account-id:system/storage-system-id/job/discovery-job-id - ListAgents
-
動作:
datasync:ListAgents資源:無
- ListDiscoveryJobs
-
動作:
datasync:ListDiscoveryJobs資源:
arn:aws:datasync:region:account-id:system/storage-system-id - ListLocations
-
動作:
datasync:ListLocations資源:無
- ListTagsForResource
-
動作:
datasync:ListTagsForResource資源:
-
arn:aws:datasync:region:account-id:agent/agent-id -
arn:aws:datasync:region:account-id:task/task-id -
arn:aws:datasync:region:account-id:location/location-id
-
- ListTaskExecutions
-
動作:
datasync:ListTaskExecutions資源:
arn:aws:datasync:region:account-id:task/task-id - ListTasks
-
動作:
datasync:ListTasks資源:無
- RemoveStorageSystem
-
動作:
datasync:RemoveStorageSystem資源:
arn:aws:datasync:region:account-id:system/storage-system-id動作:
secretsmanager:DeleteSecret資源:
arn:aws:secretsmanager:region:account-id:secret:datasync!* - StartDiscoveryJob
-
動作:
datasync:StartDiscoveryJob資源:
arn:aws:datasync:region:account-id:system/storage-system-id - StopDiscoveryJob
-
動作:
datasync:StopDiscoveryJob資源:
arn:aws:datasync:region:account-id:system/storage-system-id/job/discovery-job-id - StartTaskExecution
-
動作:
datasync:StartTaskExecution資源:
arn:aws:datasync:region:account-id:task/task-id - TagResource
-
動作:
datasync:TagResource資源:
-
arn:aws:datasync:region:account-id:agent/agent-id -
arn:aws:datasync:region:account-id:task/task-id -
arn:aws:datasync:region:account-id:location/location-id
-
- UntagResource
-
動作:
datasync:UntagResource資源:
-
arn:aws:datasync:region:account-id:agent/agent-id -
arn:aws:datasync:region:account-id:task/task-id -
arn:aws:datasync:region:account-id:location/location-id
-
- UpdateAgent
-
動作:
datasync:UpdateAgent資源:
arn:aws:datasync:region:account-id:agent/agent-id - UpdateDiscoveryJob
-
動作:
datasync:UpdateDiscoveryJob資源:
arn:aws:datasync:region:account-id:system/storage-system-id/job/discovery-job-id - UpdateLocationHdfs
-
動作:
datasync:UpdateLocationHdfs資源:
-
arn:aws:datasync:region:account-id:agent/agent-id -
arn:aws:datasync:region:account-id:location/location-id
-
- UpdateLocationNfs
-
動作:
datasync:UpdateLocationNfs資源:
arn:aws:datasync:region:account-id:location/location-id - UpdateLocationObjectStorage
-
動作:
datasync:UpdateLocationObjectStorage資源:
-
arn:aws:datasync:region:account-id:agent/agent-id -
arn:aws:datasync:region:account-id:location/location-id
-
- UpdateLocationSmb
-
動作:
datasync:UpdateLocationSmb資源:
-
arn:aws:datasync:region:account-id:agent/agent-id -
arn:aws:datasync:region:account-id:location/location-id
-
- UpdateStorageSystem
-
動作:
datasync:UpdateStorageSystem資源:
-
arn:aws:datasync:region:account-id:agent/agent-id -
arn:aws:datasync:region:account-id:system/storage-system-id
-
- UpdateTask
-
動作:
datasync:UpdateTask資源:
arn:aws:datasync:region:account-id:task/task-id - UpdateTaskExecution
-
動作:
datasync:UpdateTaskExecution資源:
arn:aws:datasync:region:account-id:task/task-id/execution/exec-id
