AWS Mainframe Modernization Service (受管執行期環境體驗) 不再向新客戶開放。對於與 AWS Mainframe Modernization Service (受管執行期環境體驗) 類似的功能,探索 AWS Mainframe Modernization Service (自我管理體驗)。現有客戶可以繼續正常使用該服務。如需詳細資訊,請參閱[AWS 大型主機現代化可用性變更](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html)。
本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# AWS Mainframe Modernization API 許可:動作、資源和條件參考
當您撰寫可連接到 IAM 身分的許可政策 (以身分為基礎的政策) 時,您可以使用下表做為參考。資料表包含下列項目:
+ 每個 AWS 大型主機現代化 API 操作。
+ 您可以授予執行動作許可的對應動作。
+ 您可以授予許可 AWS 的資源。
您要在政策的 `Action` 欄位中指定動作,並在政策的 `Resource` 欄位中指定資源值。
您可以在 AWS 大型主機現代化政策中使用 AWS 全域條件金鑰來表達條件。如需 AWS 金鑰的完整清單,請參閱《*IAM 使用者指南*》中的[可用全域條件金鑰](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#AvailableKeys)。
**注意**
若要指定動作,請使用後接 API 操作名稱的 `m2:` 字首 (例如,`m2:CreateApplication`)。
**AWS Mainframe Modernization API 和動作的必要許可**
| AWS 大型主機現代化 API 操作 | 所需許可 (API 動作) | Resources |
| --- | --- | --- |
| [CancelBatchJobExecution](https://docs.aws.amazon.com/m2/latest/APIReference/API_CancelBatchJobExecution.html) | | 應用程式 |
| [CreateApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateApplication.html) | `iam:PassRole`
`kms:DescribeKey`
`kms:CreateGrant`
`s3:GetObject`
`s3:ListBucket ` | 應用程式 |
| [CreateDataSetImportTask](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateDataSetImportTask.html) | `s3:GetObject` | 應用程式 |
| [CreateDataSetExportTask](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateDataSetExportTask.html) | `kms:DescribeKey`
`s3:PutObject` | 應用程式 |
| [CreateDeployment](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateDeployment.html) | `elasticloadbalancing:AddTags`
`elasticloadbalancing:CreateListener`
`elasticloadbalancing:CreateTargetGroup`
`elasticloadbalancing:RegisterTargets`
`elasticloadbalancing:DeleteListener`
`elasticloadbalancing:DeleteTargetGroup`
`elasticloadbalancing:DeregisterTargets`
`elasticloadbalancing:DeleteLoadBalancer`
`logs:CreateLogDelivery`
`logs:GetLogDelivery`
`logs:UpdateLogDelivery`
`logs:DeleteLogDelivery`
`logs:ListLogDeliveries`
`logs:PutResourcePolicy`
`logs:DescribeResourcePolicies`
`logs:DescribeLogGroups` | 應用程式 |
| [CreateEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateEnvironment.html) | `ec2:CreateNetworkInterface`
`ec2:CreateNetworkInterfacePermission`
`ec2:DescribeNetworkInterfaces`
`ec2:DescribeSecurityGroups`
`ec2:DescribeSubnets`
`ec2:DescribeVpcAttribute`
`ec2:DescribeVpcs`
`ec2:ModifyNetworkInterfaceAttribute`
`elasticfilesystem:DescribeMountTargets`
`elasticloadbalancing:AddTags`
`elasticloadbalancing:CreateLoadBalancer`
`elasticloadbalancing:DeleteLoadBalancer`
`kms:DescribeKey`
`kms:CreateGrant`
`fsx:DescribeFileSystems`
`iam:CreateServiceLinkedRole` | Environment |
| [DeleteApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_DeleteApplication.html) | `elasticloadbalancing:DeleteListener`
`elasticloadbalancing:DeleteTargetGroup`
`logs:DeleteLogDelivery` | 應用程式 |
| [DeleteApplicationFromEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_DeleteApplicationFromEnvironment.html) | `elasticloadbalancing:DeleteListener`
`elasticloadbalancing:DeleteTargetGroup` | 應用程式
Environment |
| [DeleteEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_DeleteEnvironment.html) | `elasticloadbalancing:DeleteLoadBalancer` | Environment |
| [GetApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetApplication.html) | | 應用程式 |
| [GetApplicationVersion](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetApplicationVersion.html) | | 應用程式 |
| [GetBatchJobExecution](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetBatchJobExecution.html) | | 應用程式 |
| [GetDataSetDetails](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetDataSetDetails.html) | | 應用程式 |
| [GetDataSetImportTask](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetDataSetImportTask.html) | | 應用程式 |
| [GetDataSetExportTask](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetDataSetExportTask.html) | | 應用程式 |
| [GetDeployment](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetDeployment.html) | | 應用程式 |
| [GetEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetEnvironment.html) | | Environment |
| [ListApplications](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListApplications.html) | | \* |
| [ListApplicationVersions](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListApplicationVersions.html) | | \* |
| [ListBatchJobDefinitions](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListBatchJobDefinitions.html) | | \* |
| [ListBatchJobExecutions](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListBatchJobExecutions.html) | `` | \* |
| [ListDataSetImportHistory](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListDataSetImportHistory.html) | | \* |
| [ListDataSetExportHistory](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListDataSetExportHistory.html) | | \* |
| [ListDataSets](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListDataSets.html) | | \* |
| [ListDeployments](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListDeployments.html) | | \* |
| [ListEngineVersions](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListEngineVersions.html) | | \* |
| [ListEnvironments](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListEnvironments.html) | | \* |
| [ListTagsForResource](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListTagsForResource.html) | | \* |
| [StartApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_StartApplication.html) | | 應用程式 |
| [StartBatchJob](https://docs.aws.amazon.com/m2/latest/APIReference/API_StartBatchJob.html) | | 應用程式 |
| [StopApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_StopApplication.html) | | 應用程式 |
| [TagResource](https://docs.aws.amazon.com/m2/latest/APIReference/API_TagResource.html) | | \* |
| [UntagResource](https://docs.aws.amazon.com/m2/latest/APIReference/API_UntagResource.html) | | \* |
| [UpdateApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_UpdateApplication.html) | `s3:GetObject`
`s3:ListBucket` | 應用程式 |
| [UpdateEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_UpdateEnvironment.html) | `kms:DescribeKey` | Environment |