翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
AWSDeepLensServiceRolePolicy
説明: AWS DeepLens に AWS のサービス、DeepLens と IoT、S3 、GreenGrass、AWS Lambda などの依存関係に必要なリソースとロールへのアクセスを付与します。
AWSDeepLensServiceRolePolicy は AWS マネージドポリシーです。
このポリシーを使用すると
ユーザー、グループおよびロールに AWSDeepLensServiceRolePolicy をアタッチできます。
ポリシーの詳細
-
タイプ: サービスロールポリシー
-
作成日時: 2017 年 11 月 29 日 15:46 UTC
-
編集日時: 2019 年 9 月 25 日 19:25 UTC
-
ARN:
arn:aws:iam::aws:policy/service-role/AWSDeepLensServiceRolePolicy
ポリシーのバージョン
ポリシーのバージョン: v6 (デフォルト)
ポリシーのデフォルトバージョンは、ポリシーのアクセス許可を定義するバージョンです。ポリシーを適用したユーザーまたはロールが AWS リソースへのアクセスをリクエストすると、AWS はポリシーのデフォルトバージョンを確認し、リクエストを許可するかどうかを判断します。
JSON ポリシードキュメント
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "DeepLensIoTThingAccess",
"Effect" : "Allow",
"Action" : [
"iot:CreateThing",
"iot:DeleteThing",
"iot:DeleteThingShadow",
"iot:DescribeThing",
"iot:GetThingShadow",
"iot:UpdateThing",
"iot:UpdateThingShadow"
],
"Resource" : [
"arn:aws:iot:*:*:thing/deeplens*"
]
},
{
"Sid" : "DeepLensIoTCertificateAccess",
"Effect" : "Allow",
"Action" : [
"iot:AttachThingPrincipal",
"iot:DetachThingPrincipal",
"iot:UpdateCertificate",
"iot:DeleteCertificate",
"iot:DetachPrincipalPolicy"
],
"Resource" : [
"arn:aws:iot:*:*:thing/deeplens*",
"arn:aws:iot:*:*:cert/*"
]
},
{
"Sid" : "DeepLensIoTCreateCertificateAndPolicyAccess",
"Effect" : "Allow",
"Action" : [
"iot:CreateKeysAndCertificate",
"iot:CreatePolicy",
"iot:CreatePolicyVersion"
],
"Resource" : [
"*"
]
},
{
"Sid" : "DeepLensIoTAttachCertificatePolicyAccess",
"Effect" : "Allow",
"Action" : [
"iot:AttachPrincipalPolicy"
],
"Resource" : [
"arn:aws:iot:*:*:policy/deeplens*",
"arn:aws:iot:*:*:cert/*"
]
},
{
"Sid" : "DeepLensIoTDataAccess",
"Effect" : "Allow",
"Action" : [
"iot:GetThingShadow",
"iot:UpdateThingShadow"
],
"Resource" : [
"arn:aws:iot:*:*:thing/deeplens*"
]
},
{
"Sid" : "DeepLensIoTEndpointAccess",
"Effect" : "Allow",
"Action" : [
"iot:DescribeEndpoint"
],
"Resource" : [
"*"
]
},
{
"Sid" : "DeepLensAccess",
"Effect" : "Allow",
"Action" : [
"deeplens:*"
],
"Resource" : [
"*"
]
},
{
"Sid" : "DeepLensS3ObjectAccess",
"Effect" : "Allow",
"Action" : [
"s3:GetObject"
],
"Resource" : [
"arn:aws:s3:::deeplens*"
]
},
{
"Sid" : "DeepLensS3Buckets",
"Effect" : "Allow",
"Action" : [
"s3:DeleteBucket",
"s3:ListBucket"
],
"Resource" : [
"arn:aws:s3:::deeplens*"
]
},
{
"Sid" : "DeepLensCreateS3Buckets",
"Effect" : "Allow",
"Action" : [
"s3:CreateBucket"
],
"Resource" : [
"*"
]
},
{
"Sid" : "DeepLensIAMPassRoleAccess",
"Effect" : "Allow",
"Action" : [
"iam:PassRole"
],
"Resource" : [
"*"
],
"Condition" : {
"StringEquals" : {
"iam:PassedToService" : [
"greengrass.amazonaws.com",
"sagemaker.amazonaws.com"
]
}
}
},
{
"Sid" : "DeepLensIAMLambdaPassRoleAccess",
"Effect" : "Allow",
"Action" : [
"iam:PassRole"
],
"Resource" : [
"arn:aws:iam::*:role/AWSDeepLens*",
"arn:aws:iam::*:role/service-role/AWSDeepLens*"
],
"Condition" : {
"StringEqualsIfExists" : {
"iam:PassedToService" : "lambda.amazonaws.com"
}
}
},
{
"Sid" : "DeepLensGreenGrassAccess",
"Effect" : "Allow",
"Action" : [
"greengrass:AssociateRoleToGroup",
"greengrass:AssociateServiceRoleToAccount",
"greengrass:CreateResourceDefinition",
"greengrass:CreateResourceDefinitionVersion",
"greengrass:CreateCoreDefinition",
"greengrass:CreateCoreDefinitionVersion",
"greengrass:CreateDeployment",
"greengrass:CreateFunctionDefinition",
"greengrass:CreateFunctionDefinitionVersion",
"greengrass:CreateGroup",
"greengrass:CreateGroupCertificateAuthority",
"greengrass:CreateGroupVersion",
"greengrass:CreateLoggerDefinition",
"greengrass:CreateLoggerDefinitionVersion",
"greengrass:CreateSubscriptionDefinition",
"greengrass:CreateSubscriptionDefinitionVersion",
"greengrass:DeleteCoreDefinition",
"greengrass:DeleteFunctionDefinition",
"greengrass:DeleteGroup",
"greengrass:DeleteLoggerDefinition",
"greengrass:DeleteSubscriptionDefinition",
"greengrass:DisassociateRoleFromGroup",
"greengrass:DisassociateServiceRoleFromAccount",
"greengrass:GetAssociatedRole",
"greengrass:GetConnectivityInfo",
"greengrass:GetCoreDefinition",
"greengrass:GetCoreDefinitionVersion",
"greengrass:GetDeploymentStatus",
"greengrass:GetDeviceDefinition",
"greengrass:GetDeviceDefinitionVersion",
"greengrass:GetFunctionDefinition",
"greengrass:GetFunctionDefinitionVersion",
"greengrass:GetGroup",
"greengrass:GetGroupCertificateAuthority",
"greengrass:GetGroupCertificateConfiguration",
"greengrass:GetGroupVersion",
"greengrass:GetLoggerDefinition",
"greengrass:GetLoggerDefinitionVersion",
"greengrass:GetResourceDefinition",
"greengrass:GetServiceRoleForAccount",
"greengrass:GetSubscriptionDefinition",
"greengrass:GetSubscriptionDefinitionVersion",
"greengrass:ListCoreDefinitionVersions",
"greengrass:ListCoreDefinitions",
"greengrass:ListDeployments",
"greengrass:ListDeviceDefinitionVersions",
"greengrass:ListDeviceDefinitions",
"greengrass:ListFunctionDefinitionVersions",
"greengrass:ListFunctionDefinitions",
"greengrass:ListGroupCertificateAuthorities",
"greengrass:ListGroupVersions",
"greengrass:ListGroups",
"greengrass:ListLoggerDefinitionVersions",
"greengrass:ListLoggerDefinitions",
"greengrass:ListSubscriptionDefinitionVersions",
"greengrass:ListSubscriptionDefinitions",
"greengrass:ResetDeployments",
"greengrass:UpdateConnectivityInfo",
"greengrass:UpdateCoreDefinition",
"greengrass:UpdateDeviceDefinition",
"greengrass:UpdateFunctionDefinition",
"greengrass:UpdateGroup",
"greengrass:UpdateGroupCertificateConfiguration",
"greengrass:UpdateLoggerDefinition",
"greengrass:UpdateSubscriptionDefinition",
"greengrass:UpdateResourceDefinition"
],
"Resource" : [
"*"
]
},
{
"Sid" : "DeepLensLambdaAdminFunctionAccess",
"Effect" : "Allow",
"Action" : [
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:ListFunctions",
"lambda:ListVersionsByFunction",
"lambda:PublishVersion",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration"
],
"Resource" : [
"arn:aws:lambda:*:*:function:deeplens*"
]
},
{
"Sid" : "DeepLensLambdaUsersFunctionAccess",
"Effect" : "Allow",
"Action" : [
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:ListFunctions",
"lambda:ListVersionsByFunction"
],
"Resource" : [
"arn:aws:lambda:*:*:function:*"
]
},
{
"Sid" : "DeepLensSageMakerWriteAccess",
"Effect" : "Allow",
"Action" : [
"sagemaker:CreateTrainingJob",
"sagemaker:DescribeTrainingJob",
"sagemaker:StopTrainingJob"
],
"Resource" : [
"arn:aws:sagemaker:*:*:training-job/deeplens*"
]
},
{
"Sid" : "DeepLensSageMakerReadAccess",
"Effect" : "Allow",
"Action" : [
"sagemaker:DescribeTrainingJob"
],
"Resource" : [
"arn:aws:sagemaker:*:*:training-job/*"
]
},
{
"Sid" : "DeepLensKinesisVideoStreamAccess",
"Effect" : "Allow",
"Action" : [
"kinesisvideo:CreateStream",
"kinesisvideo:DescribeStream",
"kinesisvideo:DeleteStream"
],
"Resource" : [
"arn:aws:kinesisvideo:*:*:stream/deeplens*/*"
]
},
{
"Sid" : "DeepLensKinesisVideoEndpointAccess",
"Effect" : "Allow",
"Action" : [
"kinesisvideo:GetDataEndpoint"
],
"Resource" : [
"*"
]
}
]
}詳細はこちら
