Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
AWSAuditManagerAdministratorAccess
Deskripsi: Menyediakan akses administratif untuk mengaktifkan atau menonaktifkan AWS Audit Manager, memperbarui pengaturan, dan mengelola penilaian, kontrol, dan kerangka kerja
AWSAuditManagerAdministratorAccess
adalah kebijakan yang AWS dikelola.
Menggunakan kebijakan ini
Anda dapat melampirkan AWSAuditManagerAdministratorAccess
ke pengguna, grup, dan peran Anda.
Rincian kebijakan
-
Jenis: kebijakan AWS terkelola
-
Waktu pembuatan: 11 Desember 2020, 20:02 UTC
-
Waktu yang telah diedit: 15 Mei 2024, 23:46 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSAuditManagerAdministratorAccess
Versi kebijakan
Versi kebijakan: v3 (default)
Versi default kebijakan adalah versi yang menentukan izin untuk kebijakan tersebut. Saat pengguna atau peran dengan kebijakan membuat permintaan untuk mengakses AWS sumber daya, AWS periksa versi default kebijakan untuk menentukan apakah akan mengizinkan permintaan tersebut.
Dokumen kebijakan JSON
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AuditManagerAccess", "Effect" : "Allow", "Action" : [ "auditmanager:*" ], "Resource" : "*" }, { "Sid" : "OrganizationsAccess", "Effect" : "Allow", "Action" : [ "organizations:ListAccountsForParent", "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:ListParents", "organizations:ListChildren" ], "Resource" : "*" }, { "Sid" : "AllowOnlyAuditManagerIntegration", "Effect" : "Allow", "Action" : [ "organizations:RegisterDelegatedAdministrator", "organizations:DeregisterDelegatedAdministrator", "organizations:EnableAWSServiceAccess" ], "Resource" : "*", "Condition" : { "StringLikeIfExists" : { "organizations:ServicePrincipal" : [ "auditmanager.amazonaws.com" ] } } }, { "Sid" : "IAMAccess", "Effect" : "Allow", "Action" : [ "iam:GetUser", "iam:ListUsers", "iam:ListRoles" ], "Resource" : "*" }, { "Sid" : "IAMAccessCreateSLR", "Effect" : "Allow", "Action" : "iam:CreateServiceLinkedRole", "Resource" : "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*", "Condition" : { "StringLike" : { "iam:AWSServiceName" : "auditmanager.amazonaws.com" } } }, { "Sid" : "IAMAccessManageSLR", "Effect" : "Allow", "Action" : [ "iam:DeleteServiceLinkedRole", "iam:UpdateRoleDescription", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource" : "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*" }, { "Sid" : "S3Access", "Effect" : "Allow", "Action" : [ "s3:ListAllMyBuckets" ], "Resource" : "*" }, { "Sid" : "KmsAccess", "Effect" : "Allow", "Action" : [ "kms:DescribeKey", "kms:ListKeys", "kms:ListAliases" ], "Resource" : "*" }, { "Sid" : "KmsCreateGrantAccess", "Effect" : "Allow", "Action" : [ "kms:CreateGrant" ], "Resource" : "*", "Condition" : { "Bool" : { "kms:GrantIsForAWSResource" : "true" }, "StringLike" : { "kms:ViaService" : "auditmanager.*.amazonaws.com" } } }, { "Sid" : "SNSAccess", "Effect" : "Allow", "Action" : [ "sns:ListTopics" ], "Resource" : "*" }, { "Sid" : "CreateEventsAccess", "Effect" : "Allow", "Action" : [ "events:PutRule" ], "Resource" : "*", "Condition" : { "StringEquals" : { "events:detail-type" : "Security Hub Findings - Imported" }, "ForAllValues:StringEquals" : { "events:source" : [ "aws.securityhub" ] } } }, { "Sid" : "EventsAccess", "Effect" : "Allow", "Action" : [ "events:DeleteRule", "events:DescribeRule", "events:EnableRule", "events:DisableRule", "events:ListTargetsByRule", "events:PutTargets", "events:RemoveTargets" ], "Resource" : "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver" }, { "Sid" : "TagAccess", "Effect" : "Allow", "Action" : [ "tag:GetResources" ], "Resource" : "*" }, { "Sid" : "ControlCatalogAccess", "Effect" : "Allow", "Action" : [ "controlcatalog:ListCommonControls", "controlcatalog:ListDomains", "controlcatalog:ListObjectives" ], "Resource" : "*" } ] }