AWS Amazon DocumentDB 的 受管政策 - Amazon DocumentDB

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

AWS Amazon DocumentDB 的 受管政策

若要將許可新增至使用者、群組和角色,使用 AWS 受管政策比自行撰寫政策更容易。建立IAM客戶受管政策需要時間和專業知識,為您的團隊提供他們所需的許可。若要快速開始使用,您可以使用我們的 AWS 受管政策。這些政策涵蓋常見的使用案例,可在您的帳戶中使用 AWS 。如需 AWS 受管政策的詳細資訊,請參閱 AWS Identity and Access Management 使用者指南中的受AWS 管政策

AWS 服務會維護和更新 AWS 受管政策。您無法變更 AWS 受管政策中的許可。服務偶爾會將其他許可新增至 AWS 受管政策,以支援新功能。此類型的更新會影響已連接政策的所有身分識別 (使用者、群組和角色)。啟動新功能或新操作可用時,服務最有可能更新 AWS 受管政策。服務不會從 AWS 受管政策中移除許可,因此政策更新不會破壞您現有的許可。

此外, AWS 支援跨多個 服務之任務函數的受管政策。例如, ViewOnlyAccess AWS 受管政策提供對許多 AWS 服務和資源的唯讀存取。當服務啟動新功能時, 會為新操作和資源 AWS 新增唯讀許可。如需任務函數政策的清單和描述,請參閱 AWS Identity and Access Management 使用者指南 中的AWS 任務函數的受管政策

下列 AWS 受管政策,您可以連接到帳戶中的使用者,其專屬於 Amazon DocumentDB :

AmazonDocDBFullAccess

此政策會授予管理許可,允許主體完整存取所有 Amazon DocumentDB 動作。此政策中的許可分組如下:

  • Amazon DocumentDB 許可允許所有 Amazon DocumentDB 動作。

  • 需要此政策中的某些 Amazon EC2許可,才能驗證API請求中的傳遞資源。這是為了確保 Amazon DocumentDB 能夠成功地將 資源與叢集搭配使用。本政策中的其餘 Amazon EC2許可允許 Amazon DocumentDB 建立所需的 AWS 資源,讓您可連線至叢集。

  • Amazon DocumentDB 許可會在API呼叫期間使用,以驗證請求中的傳遞資源。Amazon DocumentDB 需要這些金鑰,才能搭配 Amazon DocumentDB 叢集使用傳遞的金鑰。

  • Amazon DocumentDB 需要 CloudWatch 日誌,才能確保日誌交付目的地可連線,且適用於代理程式日誌。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBCluster", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBInstance", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", "Condition": { "StringLike": { "iam:AWS ServiceName": "rds.amazonaws.com" } } } ] }

AmazonDocDBReadOnlyAccess

此政策授予唯讀許可,允許使用者檢視 Amazon DocumentDB 中的資訊。附加此政策的主體無法進行任何更新或刪除退出的資源,也無法建立新的 Amazon DocumentDB 資源。例如,具有這些許可的主體可以檢視與其帳戶相關聯的叢集和組態清單,但無法變更任何叢集的組態或設定。此政策中的許可分組如下:

  • Amazon DocumentDB 許可可讓您列出 Amazon DocumentDB 資源、加以描述,以及取得有關這些資源的資訊。

  • Amazon EC2許可用於描述與叢集ENIs相關聯的 Amazon VPC、子網路、安全群組和 。

  • Amazon DocumentDB 許可用於描述與叢集相關聯的金鑰。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSubnetGroups", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DownloadDBLogFilePortion", "rds:ListTagsForResource" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "kms:ListKeys", "kms:ListRetirableGrants", "kms:ListAliases", "kms:ListKeyPolicies" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Effect": "Allow", "Resource": [ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", "arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*" ] } ] }

AmazonDocDBConsoleFullAccess

授予完整存取權,以使用 管理 Amazon DocumentDB 資源 AWS Management Console ,如下所示:

  • 允許所有 Amazon DocumentDB Amazon DocumentDB 和 Amazon DocumentDB 叢集動作的 Amazon DocumentDB 許可。

  • 需要此政策中的某些 Amazon EC2許可,才能驗證API請求中的傳遞資源。這是為了確保 Amazon DocumentDB 能夠成功地使用 資源來佈建和維護叢集。本政策中的其餘 Amazon EC2許可允許 Amazon DocumentDB 建立所需的 AWS 資源,以便您能夠連線到叢集,例如 VPCEndpoint。

  • AWS KMS 許可會在API呼叫 期間使用 AWS KMS ,以驗證請求中的傳遞資源。Amazon DocumentDB 需要使用它們,才能使用傳遞的金鑰,透過 Amazon DocumentDB 彈性叢集來加密和解密靜態資料。

  • Amazon DocumentDB 需要這些 CloudWatch 日誌,才能確保日誌交付目的地可連線,且適用於稽核和分析日誌。

  • 需要 Secrets Manager 許可才能驗證指定的秘密,並使用它為 Amazon DocumentDB 彈性叢集設定管理員使用者。

  • Amazon DocumentDB 叢集管理動作需要 Amazon RDS許可。對於某些管理功能,Amazon DocumentDB 使用與 Amazon 共用的操作技術RDS。

  • SNS 許可允許主體發佈 Amazon Simple Notification Service (AmazonSNS) 訂閱和主題,以及發佈 Amazon SNS 訊息。

  • IAM 建立指標和日誌發佈所需的服務連結角色時,需要 許可。

{ "Version": "2012-10-17", "Statement": [ { "Sid": "DocdbSids", "Effect": "Allow", "Action": [ "docdb-elastic:CreateCluster", "docdb-elastic:UpdateCluster", "docdb-elastic:GetCluster", "docdb-elastic:DeleteCluster", "docdb-elastic:ListClusters", "docdb-elastic:CreateClusterSnapshot", "docdb-elastic:GetClusterSnapshot", "docdb-elastic:DeleteClusterSnapshot", "docdb-elastic:ListClusterSnapshots", "docdb-elastic:RestoreClusterFromSnapshot", "docdb-elastic:TagResource", "docdb-elastic:UntagResource", "docdb-elastic:ListTagsForResource", "docdb-elastic:CopyClusterSnapshot", "docdb-elastic:StartCluster", "docdb-elastic:StopCluster", "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBCluster", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBInstance", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:CreateGlobalCluster", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DeleteGlobalCluster", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeGlobalClusters", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:ModifyGlobalCluster", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveFromGlobalCluster", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime" ], "Resource": [ "*" ] }, { "Sid": "DependencySids", "Effect": "Allow", "Action": [ "iam:GetRole", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:AllocateAddress", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AssociateRouteTable", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateVpcCidrBlock", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkInterface", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeNatGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "kms:DescribeKey", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Resource": [ "*" ] }, { "Sid": "DocdbSLRSid", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", "Condition": { "StringLike": { "iam:AWSServiceName": "rds.amazonaws.com" } } }, { "Sid": "DocdbElasticSLRSid", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/docdb-elastic.amazonaws.com/AWSServiceRoleForDocDB-Elastic", "Condition": { "StringLike": { "iam:AWSServiceName": "docdb-elastic.amazonaws.com" } } } ] }

AmazonDocDBElasticReadOnlyAccess

此政策授予唯讀許可,允許使用者在 Amazon DocumentDB 中檢視彈性叢集資訊。附加此政策的主體無法進行任何更新或刪除退出的資源,也無法建立新的 Amazon DocumentDB 資源。例如,具有這些許可的主體可以檢視與其帳戶相關聯的叢集和組態清單,但無法變更任何叢集的組態或設定。此政策中的許可分組如下:

  • Amazon DocumentDB 彈性叢集許可可讓您列出 Amazon DocumentDB 彈性叢集資源、描述這些資源,並取得相關資訊。

  • CloudWatch 許可用於驗證服務指標。

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "docdb-elastic:ListClusters", "docdb-elastic:GetCluster", "docdb-elastic:ListClusterSnapshots", "docdb-elastic:GetClusterSnapshot", "docdb-elastic:ListTagsForResource" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics" ], "Resource": "*" } ] }

AmazonDocDBElasticFullAccess

此政策授予管理許可,允許主體完整存取 Amazon DocumentDB 彈性叢集的所有 Amazon DocumentDB 動作。

此政策在 條件下使用 AWS 標籤 (https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html) 來限制資源的存取。如果您使用的是秘密,則必須使用標籤金鑰DocDBElasticFullAccess和標籤值來標記。如果您使用客戶受管金鑰,則必須使用標籤金鑰DocDBElasticFullAccess和標籤值來標記。

此政策中的許可分組如下:

  • Amazon DocumentDB 彈性叢集許可允許所有 Amazon DocumentDB 動作。

  • 需要此政策中的某些 Amazon EC2許可,才能驗證API請求中的傳遞資源。這是為了確保 Amazon DocumentDB 能夠成功地使用 資源來佈建和維護叢集。本政策中的其餘 Amazon EC2許可允許 Amazon DocumentDB 建立所需的 AWS 資源,以便您能夠像VPC端點一樣連線到叢集。

  • AWS KMS Amazon DocumentDB 需要 許可,才能使用傳遞的金鑰來加密和解密 Amazon DocumentDB 彈性叢集中的靜態資料。

    注意

    客戶受管金鑰必須具有具有金鑰DocDBElasticFullAccess和標籤值的標籤。

  • SecretsManager 需要 許可才能驗證指定的秘密,並使用它來設定 Amazon DocumentDB 彈性叢集的管理使用者。

    注意

    使用的秘密必須具有具有金鑰DocDBElasticFullAccess和標籤值的標籤。

  • IAM 建立指標和日誌發佈所需的服務連結角色時,需要 許可。

{ "Version": "2012-10-17", "Statement": [ { "Sid": "DocdbElasticSid", "Effect": "Allow", "Action": [ "docdb-elastic:CreateCluster", "docdb-elastic:UpdateCluster", "docdb-elastic:GetCluster", "docdb-elastic:DeleteCluster", "docdb-elastic:ListClusters", "docdb-elastic:CreateClusterSnapshot", "docdb-elastic:GetClusterSnapshot", "docdb-elastic:DeleteClusterSnapshot", "docdb-elastic:ListClusterSnapshots", "docdb-elastic:RestoreClusterFromSnapshot", "docdb-elastic:TagResource", "docdb-elastic:UntagResource", "docdb-elastic:ListTagsForResource", "docdb-elastic:CopyClusterSnapshot", "docdb-elastic:StartCluster", "docdb-elastic:StopCluster" ], "Resource": [ "*" ] }, { "Sid": "EC2Sid", "Effect": "Allow", "Action": [ "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "ec2:DeleteVpcEndpoints", "ec2:ModifyVpcEndpoint", "ec2:DescribeVpcAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeAvailabilityZones", "secretsmanager:ListSecrets" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "aws:CalledViaFirst": "docdb-elastic.amazonaws.com" } } }, { "Sid": "KMSSid", "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "StringLike": { "kms:ViaService": [ "docdb-elastic.*.amazonaws.com" ], "aws:ResourceTag/DocDBElasticFullAccess": "*" } } }, { "Sid": "KMSGrantSid", "Effect": "Allow", "Action": [ "kms:CreateGrant" ], "Resource": "*", "Condition": { "StringLike": { "aws:ResourceTag/DocDBElasticFullAccess": "*", "kms:ViaService": [ "docdb-elastic.*.amazonaws.com" ] }, "Bool": { "kms:GrantIsForAWSResource": true } } }, { "Sid": "SecretManagerSid", "Effect": "Allow", "Action": [ "secretsmanager:ListSecretVersionIds", "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:GetResourcePolicy" ], "Resource": "*", "Condition": { "StringLike": { "secretsmanager:ResourceTag/DocDBElasticFullAccess": "*" }, "StringEquals": { "aws:CalledViaFirst": "docdb-elastic.amazonaws.com" } } }, { "Sid": "CloudwatchSid", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics" ], "Resource": [ "*" ] }, { "Sid": "SLRSid", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/docdb-elastic.amazonaws.com/AWSServiceRoleForDocDB-Elastic", "Condition": { "StringLike": { "iam:AWSServiceName": "docdb-elastic.amazonaws.com" } } } ] }

AmazonDoc資料庫-ElasticServiceRolePolicy

您無法AmazonDocDBElasticServiceRolePolicy連接至 AWS Identity and Access Management 實體。此政策會連接至服務連結角色,讓 Amazon DocumentDB 代表您執行動作。如需詳細資訊,請參閱彈性叢集中的服務連結角色

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData" ], "Resource": "*", "Condition": { "StringEquals": { "cloudwatch:namespace": [ "AWS/DocDB-Elastic" ] } } } ] }

受 AWS 管政策的 Amazon DocumentDB 更新

變更 描述 日期
AmazonDocDBElasticFullAccessAmazonDocDBConsoleFullAccess - 變更 已更新政策以新增開始/停止叢集和複製叢集快照動作。 2/21/2024
AmazonDocDBElasticReadOnlyAccessAmazonDocDBElasticFullAccess - 變更 已更新政策以新增cloudwatch:GetMetricData動作。 6/21/2023
AmazonDocDBElasticReadOnlyAccess – 新政策 Amazon DocumentDB 彈性叢集的新受管政策 6/8/2023
AmazonDocDBElasticFullAccess – 新政策 Amazon DocumentDB 彈性叢集的新受管政策 6/5/2023
AmazonDoc資料庫-ElasticServiceRolePolicy – 新政策 Amazon DocumentDB 會為 Amazon DocumentDB 彈性叢集建立新的 AWS ServiceRoleForDoc資料庫彈性服務連結角色 11/30/2022
AmazonDocDBConsoleFullAccess - 變更 已更新政策以新增 Amazon DocumentDB 全域和彈性叢集許可 11/30/2022
AmazonDocDBConsoleFullAccessAmazonDocDBFullAccessAmazonDocDBReadOnlyAccess - 新政策 服務啟動 1/19/2017