大量作業先決條 - AWS IoT SiteWise
IAM權限

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

大量作業先決條

本節說明大量作業先決條件,包括 AWS Identity and Access Management (IAM) AWS 服務 與本機電腦之間交換資源的權限。開始大量作業之前,請完成下列先決條件:

  • 建立 Amazon S3 儲存貯體來存放資源。如需使用 Amazon S3 的詳細資訊,請參閱什麼是 Amazon S3?

IAM權限

若要執行大量操作,您必須建立具有允許 Amazon S3 和本機電腦之間交換 AWS 資源的 AWS Identity and Access Management (IAM) 政策。 AWS IoT SiteWise如需有關建立IAM原則的詳細資訊,請參閱建立IAM原則

若要執行批次處理作業,您需要下列原則。

此原則允許存取批次 AWS IoT SiteWise API處理作業的必要動作:

{
    "Sid": "SiteWiseApiAccess",
    "Effect": "Allow",
    "Action": [
        "iotsitewise:CreateAsset",
        "iotsitewise:CreateAssetModel",
        "iotsitewise:UpdateAsset",
        "iotsitewise:UpdateAssetModel",
        "iotsitewise:UpdateAssetProperty",
        "iotsitewise:ListAssets",
        "iotsitewise:ListAssetModels",
        "iotsitewise:ListAssetProperties",
        "iotsitewise:ListAssetModelProperties",
        "iotsitewise:ListAssociatedAssets",
        "iotsitewise:DescribeAsset",
        "iotsitewise:DescribeAssetModel",
        "iotsitewise:DescribeAssetProperty",
        "iotsitewise:AssociateAssets",
        "iotsitewise:DisassociateAssets",
        "iotsitewise:AssociateTimeSeriesToAssetProperty",
        "iotsitewise:DisassociateTimeSeriesFromAssetProperty",
        "iotsitewise:BatchPutAssetPropertyValue",
        "iotsitewise:BatchGetAssetPropertyValue",
        "iotsitewise:TagResource",
        "iotsitewise:UntagResource",
        "iotsitewise:ListTagsForResource",
        "iotsitewise:CreateAssetModelCompositeModel",
        "iotsitewise:UpdateAssetModelCompositeModel",
        "iotsitewise:DescribeAssetModelCompositeModel",
        "iotsitewise:DeleteAssetModelCompositeModel",
        "iotsitewise:ListAssetModelCompositeModels",
        "iotsitewise:ListCompositionRelationships",
        "iotsitewise:DescribeAssetCompositeModel"
    ],
    "Resource": "*"
}

此原則允許存取 AWS IoT TwinMaker API您用來處理大量作業的作業:

{
    "Sid": "MetadataTransferJobApiAccess",
    "Effect": "Allow",
    "Action": [
        "iottwinmaker:CreateMetadataTransferJob",
        "iottwinmaker:CancelMetadataTransferJob",
        "iottwinmaker:GetMetadataTransferJob",
        "iottwinmaker:ListMetadataTransferJobs"
    ],
    "Resource": "*"
}

此政策提供 Amazon S3 儲存貯體的存取權,以便傳輸大量操作的中繼資料。

For a specific Amazon S3 bucket

如果您使用一個特定值區來處理大量作業中繼資料,則此原則會提供該值區的存取權:

{
    "Effect": "Allow",
    "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:AbortMultipartUpload",
        "s3:ListBucketMultipartUploads",
        "s3:ListMultipartUploadParts"
    ],
    "Resource": [
        "arn:aws:s3:::bucket name",
        "arn:aws:s3:::bucket name/*"
    ]
}
To allow any Amazon S3 bucket

如果您將使用許多不同的值區來處理大量作業中繼資料,則此原則會提供任何值區的存取權:

{
    "Effect": "Allow",
    "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:AbortMultipartUpload",
        "s3:ListBucketMultipartUploads",
        "s3:ListMultipartUploadParts"
    ],
    "Resource": "*"
}

如需有關疑難排解匯入和匯出作業的資訊,請參閱疑難排解大量匯入和匯出