Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
AWSQuickSetupDeploymentRolePolicy
Descrizione: fornisce le autorizzazioni per AWS Systems Manager Quick Setup per distribuire più tipi di configurazione. Questi tipi di configurazione creano ruoli e automazioni IAM che configurano i servizi e le funzionalità di Amazon Web Services usati di frequente secondo le best practice consigliate.
AWSQuickSetupDeploymentRolePolicyè una politica AWS gestita.
Utilizzo di questa politica
Puoi collegarti AWSQuickSetupDeploymentRolePolicy ai tuoi utenti, gruppi e ruoli.
Dettagli della politica
-
Tipo: politica AWS gestita
-
Ora di creazione: 26 giugno 2024, 09:55 UTC
-
Ora modificata: 26 giugno 2024, 09:55 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSQuickSetupDeploymentRolePolicy
Versione della politica
Versione della politica: v1 (predefinita)
La versione predefinita della politica è la versione che definisce le autorizzazioni per la politica. Quando un utente o un ruolo con la politica effettua una richiesta di accesso a una AWS risorsa, AWS controlla la versione predefinita della politica per determinare se consentire la richiesta.
Documento di policy JSON
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "CfnRead", "Effect" : "Allow", "Action" : [ "cloudformation:DescribeStacks", "cloudformation:DescribeStackDriftDetectionStatus", "cloudformation:ListStacks" ], "Resource" : [ "*" ] }, { "Sid" : "CfnManage", "Effect" : "Allow", "Action" : [ "cloudformation:CreateStack", "cloudformation:UpdateStack", "cloudformation:DeleteStack", "cloudformation:CreateChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStackResourceDrifts", "cloudformation:DetectStackDrift", "cloudformation:DetectStackResourceDrift" ], "Resource" : [ "arn:aws:cloudformation:*:*:stack/StackSet-AWS-QuickSetup-*" ] }, { "Sid" : "RGroupsGet", "Effect" : "Allow", "Action" : [ "resource-groups:GetGroupQuery" ], "Resource" : [ "*" ] }, { "Sid" : "CPacksRead", "Effect" : "Allow", "Action" : [ "config:DescribeConformancePacks", "config:DescribeConformancePackStatus" ], "Resource" : "*" }, { "Sid" : "OpsPacksManage", "Effect" : "Allow", "Action" : [ "config:PutConformancePack", "config:DeleteConformancePack" ], "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "cloudformation.amazonaws.com" ] } }, "Resource" : "arn:aws:config:*:*:conformance-pack/AWS-QuickSetup-*" }, { "Sid" : "QSDocsManage", "Effect" : "Allow", "Action" : [ "ssm:CreateDocument", "ssm:UpdateDocument", "ssm:UpdateDocumentDefaultVersion", "ssm:DeleteDocument", "ssm:AddTagsToResource", "ssm:RemoveTagsFromResource", "ssm:ListTagsForResource" ], "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "cloudformation.amazonaws.com" ] } }, "Resource" : [ "arn:aws:ssm:*:*:document/AWSQuickSetup-*", "arn:aws:ssm:*:*:document/AWSOperationsPack-*", "arn:aws:ssm:*:*:document/AWSOperationsPackInstance-*" ] }, { "Sid" : "QSDocsRead", "Effect" : "Allow", "Action" : [ "ssm:GetDocument" ], "Resource" : [ "arn:aws:ssm:*:*:document/AWSQuickSetup-*", "arn:aws:ssm:*:*:document/AWSOperationsPack*", "arn:aws:ssm:*::document/AWSConformancePacks-*", "arn:aws:ssm:*::document/AWSEC2-UpdateLaunchAgent", "arn:aws:ssm:*::document/AWS-ConfigureAWSPackage", "arn:aws:ssm:*::document/AWS-EnableExplorer", "arn:aws:ssm:*::document/AWS-GatherSoftwareInventory", "arn:aws:ssm:*::document/AWS-RunPatchBaselineAssociation", "arn:aws:ssm:*::document/AWS-UpdateSSMAgent" ] }, { "Sid" : "QSAssociationsManage", "Effect" : "Allow", "Action" : [ "ssm:CreateAssociation", "ssm:UpdateAssociation", "ssm:DeleteAssociation", "ssm:DescribeAssociation" ], "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "cloudformation.amazonaws.com" ] } }, "Resource" : [ "arn:aws:ssm:*:*:document/AWSQuickSetup-*", "arn:aws:ssm:*:*:document/AWSOperationsPack*", "arn:aws:ssm:*::document/AWSEC2-UpdateLaunchAgent", "arn:aws:ssm:*::document/AWS-ConfigureAWSPackage", "arn:aws:ssm:*::document/AWS-EnableExplorer", "arn:aws:ssm:*::document/AWS-GatherSoftwareInventory", "arn:aws:ssm:*::document/AWS-RunPatchBaselineAssociation", "arn:aws:ssm:*::document/AWS-UpdateSSMAgent", "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:managed-instance/*", "arn:aws:ssm:*:*:association/*" ] }, { "Sid" : "EventRulesManage", "Effect" : "Allow", "Action" : [ "events:DescribeRule", "events:PutRule", "events:DeleteRule", "events:ListTargetsByRule", "events:PutTargets", "events:RemoveTargets" ], "Resource" : [ "arn:aws:events:*:*:rule/*QuickSetup-*" ] }, { "Sid" : "CPacksSLRCreate", "Effect" : "Allow", "Action" : [ "iam:CreateServiceLinkedRole" ], "Resource" : [ "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" ], "Condition" : { "StringEquals" : { "iam:AWSServiceName" : "config-conforms.amazonaws.com" } } }, { "Sid" : "SSMSLRCreate", "Effect" : "Allow", "Action" : [ "iam:CreateServiceLinkedRole" ], "Resource" : [ "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM" ], "Condition" : { "StringEquals" : { "iam:AWSServiceName" : "ssm.amazonaws.com" } } }, { "Sid" : "QSConfigRoleManage", "Effect" : "Allow", "Action" : [ "iam:CreateRole", "iam:GetRole", "iam:UpdateRole", "iam:DeleteRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:ListRoleTags", "iam:TagRole", "iam:UntagRole" ], "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "cloudformation.amazonaws.com" ] } }, "Resource" : [ "arn:aws:iam::*:role/AWS-QuickSetup-*", "arn:aws:iam::*:role/AWSOperationsPack-*" ] }, { "Sid" : "QSConfigRolePass", "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : [ "arn:aws:iam::*:role/AWS-QuickSetup-*", "arn:aws:iam::*:role/AWSOperationsPack-*" ], "Condition" : { "StringEquals" : { "iam:PassedToService" : [ "ssm.amazonaws.com", "events.amazonaws.com" ] } } }, { "Sid" : "DocDescribe", "Effect" : "Allow", "Action" : [ "ssm:DescribeDocument" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "cloudformation.amazonaws.com" ] } } }, { "Sid" : "LegacyDocClean", "Effect" : "Allow", "Action" : [ "ssm:DeleteDocument" ], "Resource" : "*", "Condition" : { "StringLike" : { "aws:ResourceTag/QuickSetupID" : "*" } } }, { "Sid" : "LegacyIAMClean", "Effect" : "Allow", "Action" : [ "iam:DeleteRole", "iam:DeleteRolePolicy" ], "Resource" : "arn:aws:iam::*:role/*QuickSetup-*", "Condition" : { "StringLike" : { "aws:ResourceTag/QuickSetupID" : "*" } } }, { "Sid" : "QSConfigRoleBounded", "Effect" : "Allow", "Action" : [ "iam:DeleteRolePolicy", "iam:PutRolePolicy", "iam:PutRolePermissionsBoundary" ], "Condition" : { "StringEquals" : { "iam:PermissionsBoundary" : [ "arn:aws:iam::aws:policy/AWSQuickSetupCFGCPacksPermissionsBoundary", "arn:aws:iam::aws:policy/AWSQuickSetupCFGRecordingPermissionsBoundary", "arn:aws:iam::aws:policy/AWSQuickSetupDevOpsGuruPermissionsBoundary", "arn:aws:iam::aws:policy/AWSQuickSetupDistributorPermissionsBoundary", "arn:aws:iam::aws:policy/AWSQuickSetupSchedulerPermissionsBoundary", "arn:aws:iam::aws:policy/AWSQuickSetupSSMHostMgmtPermissionsBoundary" ] }, "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "cloudformation.amazonaws.com" ] } }, "Resource" : [ "arn:aws:iam::*:role/AWS-QuickSetup-*", "arn:aws:iam::*:role/AWSOperationsPack-*" ] }, { "Sid" : "QSConfigRoleManagedPolicies", "Effect" : "Allow", "Action" : [ "iam:AttachRolePolicy", "iam:DetachRolePolicy" ], "Condition" : { "ArnEquals" : { "iam:PolicyARN" : [ "arn:aws:iam::aws:policy/AWSSystemsManagerEnableExplorerExecutionPolicy", "arn:aws:iam::aws:policy/AWSSystemsManagerEnableConfigRecordingExecutionPolicy" ] }, "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "cloudformation.amazonaws.com" ] } }, "Resource" : [ "arn:aws:iam::*:role/AWS-QuickSetup-*", "arn:aws:iam::*:role/AWSOperationsPack-*" ] } ] }
Ulteriori informazioni
