Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
AWSRefactoringToolkitFullAccess
Descrizione: questo criterio concede l'autorizzazione a utilizzare i AWS servizi con l'estensione AWS Toolkit for .NET Refactoring per Microsoft Visual Studio. È destinato a essere collegato a un profilo locale. AWS La policy consente di caricare artefatti dell'applicazione e scaricare gli artefatti risultanti da Amazon S3. Consente di creare applicazioni in un'immagine del contenitore utilizzando, archiviando AWS CodeBuild e recuperando le immagini da Amazon Elastic Container Registry (Amazon ECR). Inoltre, consente l'implementazione dell'applicazione su servizi container AWS come Amazon Elastic Container Service (Amazon ECS), la creazione opzionale di risorse VPC, la connessione opzionale all'infrastruttura esistente come Directory AWS Service e altri servizi correlati.
AWSRefactoringToolkitFullAccessè una politica AWS gestita.
Utilizzo di questa politica
Puoi collegarti AWSRefactoringToolkitFullAccess ai tuoi utenti, gruppi e ruoli.
Dettagli della politica
-
Tipo: politica AWS gestita
-
Ora di creazione: 25 ottobre 2022, 16:41 UTC
-
Ora modificata: 25 marzo 2024, 18:43 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSRefactoringToolkitFullAccess
Versione della politica
Versione della politica: v5 (predefinita)
La versione predefinita della politica è la versione che definisce le autorizzazioni per la politica. Quando un utente o un ruolo con la politica effettua una richiesta di accesso a una AWS risorsa, AWS controlla la versione predefinita della politica per determinare se consentire la richiesta.
Documento di policy JSON
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "App2ContainerAccess", "Effect" : "Allow", "Action" : [ "a2c:GetContainerizationJobDetails", "a2c:GetDeploymentJobDetails", "a2c:StartContainerizationJob", "a2c:StartDeploymentJob" ], "Resource" : "*" }, { "Sid" : "CloudformationExecutionAccess", "Effect" : "Allow", "Action" : [ "cloudformation:CreateChangeSet", "cloudformation:CreateStack", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStackEvents", "cloudformation:ExecuteChangeSet", "cloudformation:UpdateStack", "cloudformation:TagResource", "cloudformation:UntagResource" ], "Resource" : [ "arn:*:cloudformation:*:*:stack/a2c-app-*", "arn:*:cloudformation:*:*:stack/a2c-build-*", "arn:*:cloudformation:*:*:stack/application-transformation-app-*" ] }, { "Sid" : "CodeBuildCreateAccess", "Effect" : "Allow", "Action" : [ "codebuild:CreateProject", "codebuild:UpdateProject" ], "Resource" : "arn:aws:codebuild:*:*:project/*", "Condition" : { "Null" : { "aws:RequestTag/a2c-generated" : "false" } } }, { "Sid" : "CodeBuildExecutionAccess", "Effect" : "Allow", "Action" : [ "codebuild:StartBuild" ], "Resource" : "arn:aws:codebuild:*:*:project/*" }, { "Sid" : "CreateSecurityGroupAccess", "Effect" : "Allow", "Action" : [ "ec2:CreateSecurityGroup" ], "Resource" : "*" }, { "Sid" : "Ec2CreateAccess", "Effect" : "Allow", "Action" : [ "ec2:CreateInternetGateway", "ec2:CreateKeyPair", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:AuthorizeSecurityGroupIngress" ], "Resource" : "*", "Condition" : { "Null" : { "aws:RequestTag/a2c-generated" : "false" } } }, { "Sid" : "Ec2CreateAccessATS", "Effect" : "Allow", "Action" : [ "ec2:CreateInternetGateway", "ec2:CreateKeyPair", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:AuthorizeSecurityGroupIngress" ], "Resource" : "*", "Condition" : { "Null" : { "aws:RequestTag/application-transformation" : "false" } } }, { "Sid" : "Ec2ModifyAccess", "Effect" : "Allow", "Action" : [ "ec2:AssociateRouteTable", "ec2:AttachInternetGateway", "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteTags", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:RevokeSecurityGroupIngress", "ec2:CreateSubnet", "ec2:CreateRoute", "ec2:CreateRouteTable" ], "Resource" : "*", "Condition" : { "Null" : { "aws:ResourceTag/a2c-generated" : "false" } } }, { "Sid" : "Ec2ModifyAccessATS", "Effect" : "Allow", "Action" : [ "ec2:AssociateRouteTable", "ec2:AttachInternetGateway", "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteTags", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:RevokeSecurityGroupIngress", "ec2:CreateSubnet", "ec2:CreateRoute", "ec2:CreateRouteTable" ], "Resource" : "*", "Condition" : { "Null" : { "aws:ResourceTag/application-transformation" : "false" } } }, { "Sid" : "EcrCreateAccess", "Effect" : "Allow", "Action" : [ "ecr:CreateRepository", "ecr:TagResource" ], "Resource" : "arn:*:ecr:*:*:repository/*", "Condition" : { "Null" : { "aws:RequestTag/a2c-generated" : "false" } } }, { "Sid" : "EcrCreateAccessATS", "Effect" : "Allow", "Action" : [ "ecr:CreateRepository", "ecr:TagResource" ], "Resource" : "arn:*:ecr:*:*:repository/*", "Condition" : { "Null" : { "aws:RequestTag/application-transformation" : "false" } } }, { "Sid" : "EcrModifyAccess", "Effect" : "Allow", "Action" : [ "ecr:GetLifecyclePolicy", "ecr:GetRepositoryPolicy", "ecr:ListImages", "ecr:ListTagsForResource", "ecr:TagResource", "ecr:UntagResource" ], "Resource" : "arn:*:ecr:*:*:repository/*", "Condition" : { "Null" : { "aws:ResourceTag/a2c-generated" : "false" } } }, { "Sid" : "EcrModifyAccessATS", "Effect" : "Allow", "Action" : [ "ecr:GetLifecyclePolicy", "ecr:GetRepositoryPolicy", "ecr:ListImages", "ecr:ListTagsForResource", "ecr:TagResource", "ecr:UntagResource" ], "Resource" : "arn:*:ecr:*:*:repository/*", "Condition" : { "Null" : { "aws:ResourceTag/application-transformation" : "false" } } }, { "Sid" : "EcsCreateAccess", "Effect" : "Allow", "Action" : [ "ecs:CreateCluster", "ecs:CreateService", "ecs:RegisterTaskDefinition", "ecs:TagResource" ], "Resource" : "*", "Condition" : { "Null" : { "aws:RequestTag/a2c-generated" : "false" } } }, { "Sid" : "EcsCreateAccessATS", "Effect" : "Allow", "Action" : [ "ecs:CreateCluster", "ecs:CreateService", "ecs:RegisterTaskDefinition", "ecs:TagResource" ], "Resource" : "*", "Condition" : { "Null" : { "aws:RequestTag/application-transformation" : "false" } } }, { "Sid" : "EcsModifyAccess", "Effect" : "Allow", "Action" : [ "ecs:UpdateService", "ecs:TagResource", "ecs:UntagResource" ], "Resource" : "*", "Condition" : { "Null" : { "aws:ResourceTag/a2c-generated" : "false" } } }, { "Sid" : "EcsModifyAccessATS", "Effect" : "Allow", "Action" : [ "ecs:UpdateService", "ecs:TagResource", "ecs:UntagResource" ], "Resource" : "*", "Condition" : { "Null" : { "aws:ResourceTag/application-transformation" : "false" } } }, { "Sid" : "EcsReadTaskDefinitionAccess", "Effect" : "Allow", "Action" : [ "ecs:DescribeTaskDefinition" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : "cloudformation.amazonaws.com" } } }, { "Sid" : "EcsExecuteCommandInSidecar", "Effect" : "Allow", "Action" : [ "ecs:ExecuteCommand" ], "Resource" : "*", "Condition" : { "StringLike" : { "ecs:container-name" : "a2c-sidecar" } } }, { "Sid" : "EcsExecuteCommandInSidecarATS", "Effect" : "Allow", "Action" : [ "ecs:ExecuteCommand" ], "Resource" : "*", "Condition" : { "StringLike" : { "ecs:container-name" : "application-transformation-sidecar" } } }, { "Sid" : "CreateEcsServiceLinkedRoleAccess", "Effect" : "Allow", "Action" : "iam:CreateServiceLinkedRole", "Resource" : "arn:aws:iam::*:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", "Condition" : { "StringLike" : { "iam:AWSServiceName" : "ecs.amazonaws.com" } } }, { "Sid" : "CloudwatchCreateAccess", "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup", "logs:TagResource" ], "Resource" : [ "arn:aws:logs:*:*:log-group:/aws/codebuild/*:*", "arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*", "arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*" ], "Condition" : { "Null" : { "aws:RequestTag/a2c-generated" : "false" }, "ForAllValues:StringEquals" : { "aws:TagKeys" : [ "a2c-generated" ] } } }, { "Sid" : "CloudwatchCreateAccessATS", "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup", "logs:TagResource" ], "Resource" : [ "arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*", "arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*" ], "Condition" : { "Null" : { "aws:RequestTag/application-transformation" : "false" }, "ForAllValues:StringEquals" : { "aws:TagKeys" : [ "application-transformation" ] } } }, { "Sid" : "CloudwatchGetAccess", "Effect" : "Allow", "Action" : [ "logs:GetLogEvents" ], "Resource" : [ "arn:aws:logs:*:*:log-group:/aws/codebuild/*:*", "arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*", "arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*" ], "Condition" : { "Null" : { "aws:ResourceTag/a2c-generated" : "false" } } }, { "Sid" : "CloudwatchGetAccessATS", "Effect" : "Allow", "Action" : [ "logs:GetLogEvents" ], "Resource" : [ "arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*", "arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*" ], "Condition" : { "Null" : { "aws:ResourceTag/application-transformation" : "false" } } }, { "Sid" : "SsmParameterAccess", "Effect" : "Allow", "Action" : [ "ssm:AddTagsToResource", "ssm:GetParameters", "ssm:PutParameter", "ssm:RemoveTagsFromResource" ], "Resource" : "arn:aws:ssm:*:*:parameter/a2c-generated-check-ecs-slr-*" }, { "Sid" : "SsmMessagesAccess", "Effect" : "Allow", "Action" : [ "ssm:DescribeSessions", "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Resource" : "*" }, { "Sid" : "S3ObjectAccess", "Effect" : "Allow", "Action" : [ "s3:DeleteObject", "s3:GetObject", "s3:PutObject" ], "Resource" : [ "arn:aws:s3:::*/refactoringtoolkit*", "arn:aws:s3:::*/a2c-generated*", "arn:aws:s3:::*/application-transformation*" ] }, { "Sid" : "S3ListAccess", "Effect" : "Allow", "Action" : [ "s3:ListBucket" ], "Resource" : "arn:aws:s3:::*", "Condition" : { "StringLike" : { "s3:prefix" : [ "application-transformation", "refactoringtoolkit" ] } } }, { "Sid" : "ReadOnlyAccess", "Effect" : "Allow", "Action" : [ "cloudformation:DescribeStacks", "cloudformation:ListStacks", "clouddirectory:ListDirectories", "codebuild:BatchGetProjects", "codebuild:BatchGetBuilds", "ds:DescribeDirectories", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInternetGateways", "ec2:DescribeKeyPairs", "ec2:DescribeNetworkInterfaces", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeRegions", "ecr:DescribeImages", "ecr:DescribeRepositories", "ecs:DescribeClusters", "ecs:DescribeServices", "ecs:DescribeTasks", "ecs:ListTagsForResource", "ecs:ListTasks", "iam:ListRoles", "s3:GetBucketLocation", "s3:GetBucketVersioning", "s3:ListAllMyBuckets", "secretsmanager:ListSecrets" ], "Resource" : "*" }, { "Sid" : "GetECSSLR", "Effect" : "Allow", "Action" : "iam:GetRole", "Resource" : "arn:aws:iam::*:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS" }, { "Sid" : "PortingAssistantFullAccess", "Effect" : "Allow", "Action" : [ "s3:GetObject" ], "Resource" : [ "arn:aws:s3:::aws.portingassistant.dotnet.datastore", "arn:aws:s3:::aws.portingassistant.dotnet.datastore/*" ] }, { "Sid" : "ApplicationTransformationAccess", "Effect" : "Allow", "Action" : [ "application-transformation:StartPortingCompatibilityAssessment", "application-transformation:GetPortingCompatibilityAssessment", "application-transformation:StartPortingRecommendationAssessment", "application-transformation:GetPortingRecommendationAssessment", "application-transformation:PutLogData", "application-transformation:PutMetricData", "application-transformation:StartContainerization", "application-transformation:GetContainerization", "application-transformation:StartDeployment", "application-transformation:GetDeployment" ], "Resource" : "*" }, { "Sid" : "KmsAccess", "Effect" : "Allow", "Action" : [ "kms:Decrypt", "kms:Encrypt", "kms:DescribeKey", "kms:GenerateDataKey" ], "Resource" : "arn:aws:kms:*::*", "Condition" : { "ForAnyValue:StringLike" : { "kms:ResourceAliases" : "alias/application-transformation*" } } }, { "Sid" : "EcrPushAccess", "Effect" : "Allow", "Action" : [ "ecr:InitiateLayerUpload", "ecr:PutImage", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer" ], "Resource" : "arn:*:ecr:*:*:repository/*", "Condition" : { "Null" : { "ecr:ResourceTag/application-transformation" : "false" } } }, { "Sid" : "EcrAuthAccess", "Effect" : "Allow", "Action" : [ "ecr:GetAuthorizationToken" ], "Resource" : "*" }, { "Sid" : "KmsCreateGrantAccess", "Effect" : "Allow", "Action" : [ "kms:CreateGrant" ], "Resource" : "arn:aws:kms:*::*", "Condition" : { "Bool" : { "kms:GrantIsForAWSResource" : true }, "ForAnyValue:StringLike" : { "kms:ResourceAliases" : "alias/application-transformation*" } } } ] }
Ulteriori informazioni
