移行ツールのカスタムポリシー - AWS Migration Hub
ロールポリシー信頼ポリシー

移行ツールのカスタムポリシー

これは、AWS Migration Hub API または CLI を使用する場合に、統合パートナーまたは開発者が使用するロールの例です。

統合パートナーロールポリシー


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "mgh:CreateProgressUpdateStream"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:mgh:us-west-2:account_num:progressUpdateStream/vendor_name"
        },
        {
            "Action": [
                "mgh:AssociateCreatedArtifact",
                "mgh:DescribeMigrationTask",
                "mgh:DisassociateCreatedArtifact",
                "mgh:ImportMigrationTask",
                "mgh:ListCreatedArtifacts",
                "mgh:NotifyMigrationTaskState",
                "mgh:PutResourceAttributes",
                "mgh:NotifyApplicationState",
                "mgh:DescribeApplicationState",
                "mgh:AssociateDiscoveredResource",
                "mgh:DisassociateDiscoveredResource",
                "mgh:ListDiscoveredResources"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:mgh:us-west-2:account_num:progressUpdateStream/vendor_name/*"
        },
        {
            "Action": [
                "mgh:ListMigrationTasks"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

統合パートナーポリシーの信頼ポリシー


{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::vendor_account_num:root"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}