翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
AmazonDevOpsGuruServiceRolePolicy
説明: Amazon DevOpsGuru がリソースにアクセスする際に必要となるサービスリンクロール。
AmazonDevOpsGuruServiceRolePolicy は AWS マネージドポリシーです。
このポリシーを使用すると
このポリシーは、ユーザーに代わってサービスがアクションを実行することを許可する、サービスリンクロールにアタッチされます。ユーザー、グループおよびロールにこのポリシーはアタッチできません。
ポリシーの詳細
-
タイプ: サービスリンクロールポリシー
-
作成日時: 2020 年 12 月 1 日 10:24 UTC
-
編集日時: 2023 年 1 月 10 日 14:36 UTC
-
ARN:
arn:aws:iam::aws:policy/aws-service-role/AmazonDevOpsGuruServiceRolePolicy
ポリシーのバージョン
ポリシーのバージョン: v9 (デフォルト)
ポリシーのデフォルトバージョンは、ポリシーのアクセス許可を定義するバージョンです。ポリシーを適用したユーザーまたはロールが AWS リソースへのアクセスをリクエストすると、AWS はポリシーのデフォルトバージョンを確認し、リクエストを許可するかどうかを判断します。
JSON ポリシードキュメント
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : [
"autoscaling:DescribeAutoScalingGroups",
"cloudtrail:LookupEvents",
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"cloudwatch:DescribeAnomalyDetectors",
"cloudwatch:DescribeAlarms",
"cloudwatch:ListDashboards",
"cloudwatch:GetDashboard",
"cloudformation:GetTemplate",
"cloudformation:ListStacks",
"cloudformation:ListStackResources",
"cloudformation:DescribeStacks",
"cloudformation:ListImports",
"codedeploy:BatchGetDeployments",
"codedeploy:GetDeploymentGroup",
"codedeploy:ListDeployments",
"config:DescribeConfigurationRecorderStatus",
"config:GetResourceConfigHistory",
"events:ListRuleNamesByTarget",
"xray:GetServiceGraph",
"organizations:ListRoots",
"organizations:ListChildren",
"organizations:ListDelegatedAdministrators",
"pi:GetResourceMetrics",
"tag:GetResources",
"lambda:GetFunction",
"lambda:GetFunctionConcurrency",
"lambda:GetAccountSettings",
"lambda:ListProvisionedConcurrencyConfigs",
"lambda:ListAliases",
"lambda:ListEventSourceMappings",
"lambda:GetPolicy",
"ec2:DescribeSubnets",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingPolicies",
"sqs:GetQueueAttributes",
"kinesis:DescribeStream",
"kinesis:DescribeLimits",
"dynamodb:DescribeTable",
"dynamodb:DescribeLimits",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeStream",
"dynamodb:ListStreams",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"rds:DescribeDBInstances",
"rds:DescribeDBClusters",
"rds:DescribeOptionGroups",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBInstanceAutomatedBackups",
"rds:DescribeAccountAttributes",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"s3:GetBucketNotification",
"s3:GetBucketPolicy",
"s3:GetBucketPublicAccessBlock",
"s3:GetBucketTagging",
"s3:GetBucketWebsite",
"s3:GetIntelligentTieringConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetReplicationConfiguration",
"s3:ListAllMyBuckets",
"s3:ListStorageLensConfigurations",
"servicequotas:GetServiceQuota",
"servicequotas:ListRequestedServiceQuotaChangeHistory",
"servicequotas:ListServiceQuotas"
],
"Resource" : "*"
},
{
"Sid" : "AllowPutTargetsOnASpecificRule",
"Effect" : "Allow",
"Action" : [
"events:PutTargets",
"events:PutRule"
],
"Resource" : "arn:aws:events:*:*:rule/DevOps-Guru-managed-*"
},
{
"Sid" : "AllowCreateOpsItem",
"Effect" : "Allow",
"Action" : [
"ssm:CreateOpsItem"
],
"Resource" : "*"
},
{
"Sid" : "AllowAddTagsToOpsItem",
"Effect" : "Allow",
"Action" : [
"ssm:AddTagsToResource"
],
"Resource" : "arn:aws:ssm:*:*:opsitem/*"
},
{
"Sid" : "AllowAccessOpsItem",
"Effect" : "Allow",
"Action" : [
"ssm:GetOpsItem",
"ssm:UpdateOpsItem"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/DevOps-GuruInsightSsmOpsItemRelated" : "true"
}
}
},
{
"Sid" : "AllowCreateManagedRule",
"Effect" : "Allow",
"Action" : "events:PutRule",
"Resource" : "arn:aws:events:*:*:rule/DevOpsGuruManagedRule*"
},
{
"Sid" : "AllowAccessManagedRule",
"Effect" : "Allow",
"Action" : [
"events:DescribeRule",
"events:ListTargetsByRule"
],
"Resource" : "arn:aws:events:*:*:rule/DevOpsGuruManagedRule*"
},
{
"Sid" : "AllowOtherOperationsOnManagedRule",
"Effect" : "Allow",
"Action" : [
"events:DeleteRule",
"events:EnableRule",
"events:DisableRule",
"events:PutTargets",
"events:RemoveTargets"
],
"Resource" : "arn:aws:events:*:*:rule/DevOpsGuruManagedRule*",
"Condition" : {
"StringEquals" : {
"events:ManagedBy" : "devops-guru.amazonaws.com"
}
}
},
{
"Sid" : "AllowTagBasedFilterLogEvents",
"Effect" : "Allow",
"Action" : [
"logs:FilterLogEvents"
],
"Resource" : "arn:aws:logs:*:*:log-group:*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/DevOps-Guru-Analysis" : "true"
}
}
},
{
"Sid" : "AllowAPIGatewayGetIntegrations",
"Effect" : "Allow",
"Action" : "apigateway:GET",
"Resource" : [
"arn:aws:apigateway:*::/restapis/??????????",
"arn:aws:apigateway:*::/restapis/*/resources",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration"
]
}
]
}詳細はこちら
