Pilih preferensi cookie Anda

Kami menggunakan cookie penting serta alat serupa yang diperlukan untuk menyediakan situs dan layanan. Kami menggunakan cookie performa untuk mengumpulkan statistik anonim sehingga kami dapat memahami cara pelanggan menggunakan situs dan melakukan perbaikan. Cookie penting tidak dapat dinonaktifkan, tetapi Anda dapat mengklik “Kustom” atau “Tolak” untuk menolak cookie performa.

Jika Anda setuju, AWS dan pihak ketiga yang disetujui juga akan menggunakan cookie untuk menyediakan fitur situs yang berguna, mengingat preferensi Anda, dan menampilkan konten yang relevan, termasuk iklan yang relevan. Untuk menerima atau menolak semua cookie yang tidak penting, klik “Terima” atau “Tolak”. Untuk membuat pilihan yang lebih detail, klik “Kustomisasi”.

AWSServiceRoleForImageBuilder - AWS Kebijakan Terkelola

Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

AWSServiceRoleForImageBuilder

Deskripsi: Memungkinkan EC2 ImageBuilder untuk memanggil AWS layanan atas nama Anda.

AWSServiceRoleForImageBuilderadalah kebijakan yang AWS dikelola.

Menggunakan kebijakan ini

Kebijakan ini dilampirkan pada peran terkait layanan yang memungkinkan layanan melakukan tindakan atas nama Anda. Anda tidak dapat melampirkan kebijakan ini ke pengguna, grup, atau peran Anda.

Rincian kebijakan

  • Jenis: Kebijakan peran terkait layanan

  • Waktu pembuatan: 29 November 2019, 22:02 UTC

  • Waktu yang telah diedit: 26 Desember 2024, 23:52 UTC

  • ARN: arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder

Versi kebijakan

Versi kebijakan: v20 (default)

Versi default kebijakan adalah versi yang menentukan izin untuk kebijakan tersebut. Saat pengguna atau peran dengan kebijakan membuat permintaan untuk mengakses AWS sumber daya, AWS periksa versi default kebijakan untuk menentukan apakah akan mengizinkan permintaan tersebut.

Dokumen kebijakan JSON

{ "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : "ec2:RegisterImage", "Resource" : [ "arn:aws:ec2:*::image/*" ], "Condition" : { "StringEquals" : { "aws:RequestTag/CreatedBy" : "EC2 Image Builder" } } }, { "Effect" : "Allow", "Action" : "ec2:RegisterImage", "Resource" : [ "arn:aws:ec2:*::snapshot/*" ], "Condition" : { "StringEquals" : { "ec2:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Effect" : "Allow", "Action" : [ "ec2:RunInstances" ], "Resource" : [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:launch-template/*", "arn:aws:license-manager:*:*:license-configuration:*" ] }, { "Effect" : "Allow", "Action" : [ "ec2:RunInstances" ], "Resource" : [ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:instance/*" ], "Condition" : { "StringEquals" : { "aws:RequestTag/CreatedBy" : [ "EC2 Image Builder", "EC2 Fast Launch" ] } } }, { "Effect" : "Allow", "Action" : "iam:PassRole", "Resource" : "*", "Condition" : { "StringEquals" : { "iam:PassedToService" : [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn", "vmie.amazonaws.com" ] } } }, { "Effect" : "Allow", "Action" : [ "ec2:StopInstances", "ec2:StartInstances", "ec2:TerminateInstances" ], "Resource" : "*", "Condition" : { "StringEquals" : { "ec2:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Effect" : "Allow", "Action" : [ "ec2:CopyImage", "ec2:CreateImage", "ec2:CreateLaunchTemplate", "ec2:DeregisterImage", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeInstanceTypes", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:ModifyImageAttribute", "ec2:DescribeImportImageTasks", "ec2:DescribeExportImageTasks", "ec2:DescribeSnapshots", "ec2:DescribeHosts" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "ec2:ModifySnapshotAttribute" ], "Resource" : "arn:aws:ec2:*::snapshot/*", "Condition" : { "StringEquals" : { "ec2:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Effect" : "Allow", "Action" : [ "ec2:CreateTags" ], "Resource" : "*", "Condition" : { "StringEquals" : { "ec2:CreateAction" : [ "RunInstances", "CreateImage" ], "aws:RequestTag/CreatedBy" : [ "EC2 Image Builder", "EC2 Fast Launch" ] } } }, { "Effect" : "Allow", "Action" : [ "ec2:CreateTags" ], "Resource" : [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:export-image-task/*" ] }, { "Effect" : "Allow", "Action" : [ "ec2:CreateTags" ], "Resource" : [ "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:launch-template/*" ], "Condition" : { "StringEquals" : { "aws:RequestTag/CreatedBy" : [ "EC2 Image Builder", "EC2 Fast Launch" ] } } }, { "Effect" : "Allow", "Action" : [ "license-manager:UpdateLicenseSpecificationsForResource" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "sns:Publish" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "ssm:ListCommands", "ssm:ListCommandInvocations", "ssm:AddTagsToResource", "ssm:DescribeInstanceInformation", "ssm:GetAutomationExecution", "ssm:StopAutomationExecution", "ssm:ListInventoryEntries", "ssm:SendAutomationSignal", "ssm:DescribeInstanceAssociationsStatus", "ssm:DescribeAssociationExecutions", "ssm:GetCommandInvocation" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : "ssm:SendCommand", "Resource" : [ "arn:aws:ssm:*:*:document/AWS-RunPowerShellScript", "arn:aws:ssm:*:*:document/AWS-RunShellScript", "arn:aws:ssm:*:*:document/AWSEC2-RunSysprep", "arn:aws:s3:::*" ] }, { "Effect" : "Allow", "Action" : [ "ssm:SendCommand" ], "Resource" : [ "arn:aws:ec2:*:*:instance/*" ], "Condition" : { "StringEquals" : { "ssm:resourceTag/CreatedBy" : [ "EC2 Image Builder" ] } } }, { "Effect" : "Allow", "Action" : "ssm:StartAutomationExecution", "Resource" : "arn:aws:ssm:*:*:automation-definition/ImageBuilder*" }, { "Effect" : "Allow", "Action" : [ "ssm:CreateAssociation", "ssm:DeleteAssociation" ], "Resource" : [ "arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory", "arn:aws:ssm:*:*:association/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Effect" : "Allow", "Action" : [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:GenerateDataKeyWithoutPlaintext" ], "Resource" : "*", "Condition" : { "ForAllValues:StringEquals" : { "kms:EncryptionContextKeys" : [ "aws:ebs:id" ] }, "StringLike" : { "kms:ViaService" : [ "ec2.*.amazonaws.com" ] } } }, { "Effect" : "Allow", "Action" : [ "kms:DescribeKey" ], "Resource" : "*", "Condition" : { "StringLike" : { "kms:ViaService" : [ "ec2.*.amazonaws.com" ] } } }, { "Effect" : "Allow", "Action" : "kms:CreateGrant", "Resource" : "*", "Condition" : { "Bool" : { "kms:GrantIsForAWSResource" : true }, "StringLike" : { "kms:ViaService" : [ "ec2.*.amazonaws.com" ] } } }, { "Effect" : "Allow", "Action" : "sts:AssumeRole", "Resource" : "arn:aws:iam::*:role/EC2ImageBuilderDistributionCrossAccountRole" }, { "Effect" : "Allow", "Action" : [ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Resource" : "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" }, { "Effect" : "Allow", "Action" : [ "ec2:CreateLaunchTemplateVersion", "ec2:DescribeLaunchTemplates", "ec2:ModifyLaunchTemplate", "ec2:DescribeLaunchTemplateVersions" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "ec2:ExportImage" ], "Resource" : "arn:aws:ec2:*::image/*", "Condition" : { "StringEquals" : { "ec2:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Effect" : "Allow", "Action" : [ "ec2:ExportImage" ], "Resource" : "arn:aws:ec2:*:*:export-image-task/*" }, { "Effect" : "Allow", "Action" : [ "ec2:CancelExportTask" ], "Resource" : "arn:aws:ec2:*:*:export-image-task/*", "Condition" : { "StringEquals" : { "ec2:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Effect" : "Allow", "Action" : "iam:CreateServiceLinkedRole", "Resource" : "*", "Condition" : { "StringEquals" : { "iam:AWSServiceName" : [ "ssm.amazonaws.com", "ec2fastlaunch.amazonaws.com" ] } } }, { "Effect" : "Allow", "Action" : [ "ec2:EnableFastLaunch" ], "Resource" : [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:launch-template/*" ], "Condition" : { "StringEquals" : { "ec2:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Effect" : "Allow", "Action" : [ "inspector2:ListCoverage", "inspector2:ListFindings" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "ecr:CreateRepository" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:RequestTag/CreatedBy" : "EC2 Image Builder" } } }, { "Effect" : "Allow", "Action" : [ "ecr:TagResource" ], "Resource" : "arn:aws:ecr:*:*:repository/image-builder-*", "Condition" : { "StringEquals" : { "aws:RequestTag/CreatedBy" : "EC2 Image Builder" } } }, { "Effect" : "Allow", "Action" : [ "ecr:BatchDeleteImage" ], "Resource" : "arn:aws:ecr:*:*:repository/image-builder-*", "Condition" : { "StringEquals" : { "ecr:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Effect" : "Allow", "Action" : [ "events:DeleteRule", "events:DescribeRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets" ], "Resource" : [ "arn:aws:events:*:*:rule/ImageBuilder-*" ] } ] }

Pelajari selengkapnya

PrivasiSyarat situsPreferensi cookie
© 2025, Amazon Web Services, Inc. atau afiliasinya. Semua hak dilindungi undang-undang.