翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
AmazonEKSLoadBalancingPolicy
説明: クラスターの負荷分散リソースを管理するアクセス許可を付与する EKS クラスターロールにアタッチされたポリシー。
AmazonEKSLoadBalancingPolicy は AWS マネージドポリシーです。
このポリシーを使用すると
ユーザー、グループおよびロールに AmazonEKSLoadBalancingPolicy をアタッチできます。
ポリシーの詳細
-
タイプ: AWS 管理ポリシー
-
作成日時: 2024 年 10 月 30 日 20:18 UTC
-
編集日時: 2025 年 1 月 9 日 22:37 UTC
-
ARN:
arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy
ポリシーのバージョン
ポリシーのバージョン: v2 (デフォルト)
ポリシーのデフォルトバージョンは、ポリシーのアクセス許可を定義するバージョンです。ポリシーを持つユーザーまたはロールが AWS リソースへのアクセスをリクエストすると、 はポリシーのデフォルトバージョン AWS をチェックして、リクエストを許可するかどうかを決定します。
JSON ポリシードキュメント
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : [
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateRule",
"ec2:CreateSecurityGroup"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:RequestTag/eks:eks-cluster-name" : "${aws:PrincipalTag/eks:eks-cluster-name}"
},
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"eks:eks-cluster-name",
"ingress.eks.amazonaws.com/stack",
"ingress.eks.amazonaws.com/resource",
"service.eks.amazonaws.com/stack",
"service.eks.amazonaws.com/resource"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ec2:CreateSecurityGroup"
],
"Resource" : "arn:aws:ec2:*:*:vpc/*"
},
{
"Effect" : "Allow",
"Action" : [
"elasticloadbalancing:RegisterTargets"
],
"Resource" : "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/eks:eks-cluster-name" : "${aws:PrincipalTag/eks:eks-cluster-name}"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource" : "arn:aws:ec2:*:*:security-group-rule/*",
"Condition" : {
"StringEquals" : {
"aws:RequestTag/eks:eks-cluster-name" : "${aws:PrincipalTag/eks:eks-cluster-name}"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:RevokeSecurityGroupIngress"
],
"Resource" : "arn:aws:ec2:*:*:security-group/*",
"Condition" : {
"StringLike" : {
"aws:ResourceTag/Name" : "eks-cluster-sg*"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:RevokeSecurityGroupIngress"
],
"Resource" : "arn:aws:ec2:*:*:security-group/*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/eks:eks-cluster-name" : "${aws:PrincipalTag/eks:eks-cluster-name}"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"elasticloadbalancing:AddTags"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"elasticloadbalancing:CreateAction" : [
"CreateLoadBalancer",
"CreateTargetGroup",
"CreateListener",
"CreateRule"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"ec2:CreateTags"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"ec2:CreateAction" : [
"CreateSecurityGroup",
"AuthorizeSecurityGroupIngress"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:SetIpAddressType",
"elasticloadbalancing:SetSecurityGroups",
"elasticloadbalancing:SetSubnets",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:ModifyTargetGroupAttributes",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:AddListenerCertificates",
"elasticloadbalancing:ModifyListenerAttributes",
"elasticloadbalancing:RemoveListenerCertificates",
"elasticloadbalancing:ModifyRule"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/eks:eks-cluster-name" : "${aws:PrincipalTag/eks:eks-cluster-name}"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"wafv2:AssociateWebACL",
"wafv2:DisassociateWebACL"
],
"Resource" : [
"arn:aws:wafv2:*:*:*/webacl/*/*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
]
},
{
"Effect" : "Allow",
"Action" : [
"shield:CreateProtection"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:RequestTag/eks:eks-cluster-name" : "${aws:PrincipalTag/eks:eks-cluster-name}"
},
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"eks:eks-cluster-name",
"ingress.eks.amazonaws.com/stack",
"ingress.eks.amazonaws.com/resource",
"service.eks.amazonaws.com/stack",
"service.eks.amazonaws.com/resource"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"shield:DeleteProtection"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/eks:eks-cluster-name" : "${aws:PrincipalTag/eks:eks-cluster-name}"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"shield:TagResource"
],
"Resource" : "arn:aws:shield::*:protection/*",
"Condition" : {
"StringEquals" : {
"aws:RequestTag/eks:eks-cluster-name" : "${aws:PrincipalTag/eks:eks-cluster-name}"
},
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"eks:eks-cluster-name",
"ingress.eks.amazonaws.com/stack",
"ingress.eks.amazonaws.com/resource",
"service.eks.amazonaws.com/stack",
"service.eks.amazonaws.com/resource"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"cognito-idp:DescribeUserPoolClient",
"acm:ListCertificates",
"acm:DescribeCertificate",
"wafv2:GetWebACL",
"wafv2:GetWebACLForResource",
"elasticloadbalancing:SetWebAcl",
"elasticloadbalancing:DescribeTargetGroups"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeRouteTables",
"ec2:DescribeCoipPools",
"ec2:GetCoipPoolUsage",
"ec2:GetSecurityGroupsForVpc",
"ec2:DescribeVpcPeeringConnections"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"iam:CreateServiceLinkedRole"
],
"Resource" : "arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing",
"Condition" : {
"StringEquals" : {
"iam:AWSServiceName" : "elasticloadbalancing.amazonaws.com"
}
}
}
]
}詳細
