翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
説明: このポリシーは、Elastic Beanstalk 環境のマネージドアップデートを実行するために使用される AWS Elastic Beanstalk サービスロールを対象としています。このポリシーは他のユーザーやロールには適用しないでください。このポリシーは、AutoScaling、EC2、ECS、Elastic Load Balancing、CloudFormation など、さまざまな AWS サービスにわたってリソースを作成および管理するための幅広いアクセス許可を付与します。このポリシーでは、それらのサービスで使用可能なすべての IAM ロールを渡すことも許可されます。
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
は AWS マネージドポリシーです。
このポリシーを使用すると
ユーザー、グループおよびロールに AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
をアタッチできます。
ポリシーの詳細
-
タイプ: AWS マネージドポリシー
-
作成日時: 2021 年 3 月 3 日 22:18 UTC
-
編集日時: 2023 年 3 月 23 日 23:15 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
ポリシーのバージョン
ポリシーのバージョン: v6 (デフォルト)
ポリシーのデフォルトバージョンは、ポリシーのアクセス許可を定義するバージョンです。ポリシーを適用したユーザーまたはロールが AWS リソースへのアクセスをリクエストすると、AWS はポリシーのデフォルトバージョンを確認し、リクエストを許可するかどうかを判断します。
JSON ポリシードキュメント
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "ElasticBeanstalkPermissions",
"Effect" : "Allow",
"Action" : [
"elasticbeanstalk:*"
],
"Resource" : "*"
},
{
"Sid" : "AllowPassRoleToElasticBeanstalkAndDownstreamServices",
"Effect" : "Allow",
"Action" : "iam:PassRole",
"Resource" : "arn:aws:iam::*:role/*",
"Condition" : {
"StringEquals" : {
"iam:PassedToService" : [
"elasticbeanstalk.amazonaws.com",
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn",
"autoscaling.amazonaws.com",
"elasticloadbalancing.amazonaws.com",
"ecs.amazonaws.com",
"cloudformation.amazonaws.com"
]
}
}
},
{
"Sid" : "ReadOnlyPermissions",
"Effect" : "Allow",
"Action" : [
"autoscaling:DescribeAccountLimits",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeLoadBalancers",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribeScalingActivities",
"autoscaling:DescribeScheduledActions",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSubnets",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeVpcs",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"logs:DescribeLogGroups",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeOrderableDBInstanceOptions",
"sns:ListSubscriptionsByTopic"
],
"Resource" : [
"*"
]
},
{
"Sid" : "EC2BroadOperationPermissions",
"Effect" : "Allow",
"Action" : [
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateLaunchTemplate",
"ec2:CreateLaunchTemplateVersion",
"ec2:CreateSecurityGroup",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteLaunchTemplateVersions",
"ec2:DeleteSecurityGroup",
"ec2:DisassociateAddress",
"ec2:ReleaseAddress",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Resource" : "*"
},
{
"Sid" : "EC2RunInstancesOperationPermissions",
"Effect" : "Allow",
"Action" : "ec2:RunInstances",
"Resource" : "*",
"Condition" : {
"ArnLike" : {
"ec2:LaunchTemplate" : "arn:aws:ec2:*:*:launch-template/*"
}
}
},
{
"Sid" : "EC2TerminateInstancesOperationPermissions",
"Effect" : "Allow",
"Action" : [
"ec2:TerminateInstances"
],
"Resource" : "arn:aws:ec2:*:*:instance/*",
"Condition" : {
"StringLike" : {
"ec2:ResourceTag/aws:cloudformation:stack-id" : [
"arn:aws:cloudformation:*:*:stack/awseb-e-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
]
}
}
},
{
"Sid" : "ECSBroadOperationPermissions",
"Effect" : "Allow",
"Action" : [
"ecs:CreateCluster",
"ecs:DescribeClusters",
"ecs:RegisterTaskDefinition"
],
"Resource" : "*"
},
{
"Sid" : "ECSDeleteClusterOperationPermissions",
"Effect" : "Allow",
"Action" : "ecs:DeleteCluster",
"Resource" : "arn:aws:ecs:*:*:cluster/awseb-*"
},
{
"Sid" : "ASGOperationPermissions",
"Effect" : "Allow",
"Action" : [
"autoscaling:AttachInstances",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:CreateOrUpdateTags",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeleteScheduledAction",
"autoscaling:DetachInstances",
"autoscaling:DeletePolicy",
"autoscaling:PutScalingPolicy",
"autoscaling:PutScheduledUpdateGroupAction",
"autoscaling:PutNotificationConfiguration",
"autoscaling:ResumeProcesses",
"autoscaling:SetDesiredCapacity",
"autoscaling:SuspendProcesses",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup"
],
"Resource" : [
"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*",
"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*",
"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*",
"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*"
]
},
{
"Sid" : "CFNOperationPermissions",
"Effect" : "Allow",
"Action" : [
"cloudformation:*"
],
"Resource" : [
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
]
},
{
"Sid" : "ELBOperationPermissions",
"Effect" : "Allow",
"Action" : [
"elasticloadbalancing:AddTags",
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:RegisterTargets"
],
"Resource" : [
"arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*",
"arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*"
]
},
{
"Sid" : "CWLogsOperationPermissions",
"Effect" : "Allow",
"Action" : [
"logs:CreateLogGroup",
"logs:DeleteLogGroup",
"logs:PutRetentionPolicy"
],
"Resource" : "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*"
},
{
"Sid" : "S3ObjectOperationPermissions",
"Effect" : "Allow",
"Action" : [
"s3:DeleteObject",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl"
],
"Resource" : "arn:aws:s3:::elasticbeanstalk-*/*"
},
{
"Sid" : "S3BucketOperationPermissions",
"Effect" : "Allow",
"Action" : [
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:ListBucket",
"s3:PutBucketPolicy"
],
"Resource" : "arn:aws:s3:::elasticbeanstalk-*"
},
{
"Sid" : "SNSOperationPermissions",
"Effect" : "Allow",
"Action" : [
"sns:CreateTopic",
"sns:GetTopicAttributes",
"sns:SetTopicAttributes",
"sns:Subscribe"
],
"Resource" : "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*"
},
{
"Sid" : "SQSOperationPermissions",
"Effect" : "Allow",
"Action" : [
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
"Resource" : [
"arn:aws:sqs:*:*:awseb-e-*",
"arn:aws:sqs:*:*:eb-*"
]
},
{
"Sid" : "CWPutMetricAlarmOperationPermissions",
"Effect" : "Allow",
"Action" : [
"cloudwatch:PutMetricAlarm"
],
"Resource" : [
"arn:aws:cloudwatch:*:*:alarm:awseb-*",
"arn:aws:cloudwatch:*:*:alarm:eb-*"
]
},
{
"Sid" : "AllowECSTagResource",
"Effect" : "Allow",
"Action" : [
"ecs:TagResource"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"ecs:CreateAction" : [
"CreateCluster",
"RegisterTaskDefinition"
]
}
}
}
]
}