기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
AmazonDataZoneFullAccess
설명:를 통해 Amazon DataZone 에 대한 전체 액세스 권한 AWS Management Console 과 필요한 관련 서비스에 대한 제한된 액세스를 제공합니다.
AmazonDataZoneFullAccess은(는) AWS 관리형 정책입니다.
이 정책 사용
사용자, 그룹 및 역할에 AmazonDataZoneFullAccess를 연결할 수 있습니다.
정책 세부 정보
-
유형: AWS 관리형 정책
-
생성 시간: 2023년 9월 22일, 20:06 UTC
-
편집된 시간: 2024년 11월 21일, 20:36 UTC
-
ARN:
arn:aws:iam::aws:policy/AmazonDataZoneFullAccess
정책 버전
정책 버전: v5 (기본값)
정책의 기본 버전은 정책에 대한 권한을 정의하는 버전입니다. 정책이 있는 사용자 또는 역할이 AWS 리소스에 대한 액세스를 요청하는 경우는 정책의 기본 버전을 AWS 확인하여 요청을 허용할지 여부를 결정합니다.
JSON 정책 문서
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "AmazonDataZoneStatement",
"Effect" : "Allow",
"Action" : [
"datazone:*"
],
"Resource" : [
"*"
]
},
{
"Sid" : "ReadOnlyStatement",
"Effect" : "Allow",
"Action" : [
"kms:DescribeKey",
"kms:ListAliases",
"iam:ListRoles",
"sso:DescribeRegisteredRegions",
"s3:ListAllMyBuckets",
"redshift:DescribeClusters",
"redshift-serverless:ListWorkgroups",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"secretsmanager:ListSecrets",
"iam:ListUsers",
"glue:GetDatabases",
"codeconnections:ListConnections",
"codeconnections:ListTagsForResource",
"codewhisperer:ListProfiles",
"bedrock:ListInferenceProfiles",
"bedrock:ListFoundationModels",
"bedrock:ListTagsForResource",
"aoss:ListSecurityPolicies"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BucketReadOnlyStatement",
"Effect" : "Allow",
"Action" : [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource" : "arn:aws:s3:::*"
},
{
"Sid" : "CreateBucketStatement",
"Effect" : "Allow",
"Action" : [
"s3:CreateBucket"
],
"Resource" : [
"arn:aws:s3:::amazon-datazone*",
"arn:aws:s3:::amazon-sagemaker*"
]
},
{
"Sid" : "ConfigureBucketStatement",
"Effect" : "Allow",
"Action" : [
"s3:PutBucketCORS",
"s3:PutBucketPolicy",
"s3:PutBucketVersioning"
],
"Resource" : [
"arn:aws:s3:::amazon-sagemaker*"
],
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "RamCreateResourceStatement",
"Effect" : "Allow",
"Action" : [
"ram:CreateResourceShare"
],
"Resource" : "*",
"Condition" : {
"StringEqualsIfExists" : {
"ram:RequestedResourceType" : "datazone:Domain"
}
}
},
{
"Sid" : "RamResourceStatement",
"Effect" : "Allow",
"Action" : [
"ram:DeleteResourceShare",
"ram:AssociateResourceShare",
"ram:DisassociateResourceShare",
"ram:RejectResourceShareInvitation"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"ram:ResourceShareName" : [
"DataZone*"
]
}
}
},
{
"Sid" : "RamResourceReadOnlyStatement",
"Effect" : "Allow",
"Action" : [
"ram:GetResourceShares",
"ram:GetResourceShareInvitations",
"ram:GetResourceShareAssociations",
"ram:ListResourceSharePermissions"
],
"Resource" : "*"
},
{
"Sid" : "IAMPassRoleStatement",
"Effect" : "Allow",
"Action" : "iam:PassRole",
"Resource" : [
"arn:aws:iam::*:role/AmazonDataZone*",
"arn:aws:iam::*:role/service-role/AmazonDataZone*",
"arn:aws:iam::*:role/service-role/AmazonSageMaker*"
],
"Condition" : {
"StringEquals" : {
"iam:passedToService" : "datazone.amazonaws.com"
}
}
},
{
"Sid" : "IAMGetPolicyStatement",
"Effect" : "Allow",
"Action" : "iam:GetPolicy",
"Resource" : [
"arn:aws:iam::*:policy/service-role/AmazonDataZoneRedshiftAccessPolicy*"
]
},
{
"Sid" : "DataZoneTagOnCreateDomainProjectTags",
"Effect" : "Allow",
"Action" : [
"secretsmanager:TagResource"
],
"Resource" : "arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*",
"Condition" : {
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"AmazonDataZoneDomain",
"AmazonDataZoneProject"
]
},
"StringLike" : {
"aws:RequestTag/AmazonDataZoneDomain" : "dzd_*",
"aws:ResourceTag/AmazonDataZoneDomain" : "dzd_*"
}
}
},
{
"Sid" : "DataZoneTagOnCreate",
"Effect" : "Allow",
"Action" : [
"secretsmanager:TagResource"
],
"Resource" : "arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*",
"Condition" : {
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"AmazonDataZoneDomain"
]
},
"StringLike" : {
"aws:RequestTag/AmazonDataZoneDomain" : "dzd_*",
"aws:ResourceTag/AmazonDataZoneDomain" : "dzd_*"
}
}
},
{
"Sid" : "CreateSecretStatement",
"Effect" : "Allow",
"Action" : [
"secretsmanager:CreateSecret"
],
"Resource" : "arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*",
"Condition" : {
"StringLike" : {
"aws:RequestTag/AmazonDataZoneDomain" : "dzd_*"
}
}
},
{
"Sid" : "ConnectionStatement",
"Effect" : "Allow",
"Action" : [
"codeconnections:GetConnection"
],
"Resource" : [
"arn:aws:codeconnections:*:*:connection/*"
]
},
{
"Sid" : "TagCodeConnectionsStatement",
"Effect" : "Allow",
"Action" : [
"codeconnections:TagResource"
],
"Resource" : [
"arn:aws:codeconnections:*:*:connection/*"
],
"Condition" : {
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"for-use-with-all-datazone-projects"
]
},
"StringEquals" : {
"aws:RequestTag/for-use-with-all-datazone-projects" : "true"
}
}
},
{
"Sid" : "UntagCodeConnectionsStatement",
"Effect" : "Allow",
"Action" : [
"codeconnections:UntagResource"
],
"Resource" : [
"arn:aws:codeconnections:*:*:connection/*"
],
"Condition" : {
"ForAllValues:StringEquals" : {
"aws:TagKeys" : "for-use-with-all-datazone-projects"
}
}
},
{
"Sid" : "SSMParameterStatement",
"Effect" : "Allow",
"Action" : [
"ssm:GetParameter",
"ssm:GetParametersByPath",
"ssm:PutParameter",
"ssm:DeleteParameter"
],
"Resource" : [
"arn:aws:ssm:*:*:parameter/amazon/datazone/q*",
"arn:aws:ssm:*:*:parameter/amazon/datazone/genAI*",
"arn:aws:ssm:*:*:parameter/amazon/datazone/profiles*"
]
},
{
"Sid" : "UseKMSKeyPermissionsStatement",
"Effect" : "Allow",
"Action" : [
"kms:Decrypt"
],
"Resource" : [
"*"
],
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/EnableKeyForAmazonDataZone" : "true"
},
"Null" : {
"aws:ResourceTag/EnableKeyForAmazonDataZone" : "false"
},
"StringLike" : {
"kms:ViaService" : "ssm.*.amazonaws.com"
}
}
},
{
"Sid" : "SecurityPolicyStatement",
"Effect" : "Allow",
"Action" : [
"aoss:GetSecurityPolicy",
"aoss:CreateSecurityPolicy"
],
"Resource" : [
"*"
],
"Condition" : {
"StringLike" : {
"aoss:collection" : "genai-studio-*"
}
}
},
{
"Sid" : "GetFoundationModelStatement",
"Effect" : "Allow",
"Action" : [
"bedrock:GetFoundationModel",
"bedrock:GetFoundationModelAvailability"
],
"Resource" : [
"arn:aws:bedrock:*::foundation-model/*"
]
},
{
"Sid" : "GetInferenceProfileStatement",
"Effect" : "Allow",
"Action" : [
"bedrock:GetInferenceProfile"
],
"Resource" : [
"arn:aws:bedrock:*:*:inference-profile/*",
"arn:aws:bedrock:*:*:application-inference-profile/*"
]
},
{
"Sid" : "ApplicationInferenceProfileStatement",
"Effect" : "Allow",
"Action" : [
"bedrock:CreateInferenceProfile"
],
"Resource" : [
"arn:aws:bedrock:*:*:application-inference-profile/*"
],
"Condition" : {
"Null" : {
"aws:RequestTag/AmazonDataZoneProject" : "true",
"aws:RequestTag/AmazonDataZoneDomain" : "false"
}
}
},
{
"Sid" : "TagApplicationInferenceProfileStatement",
"Effect" : "Allow",
"Action" : [
"bedrock:TagResource"
],
"Resource" : [
"arn:aws:bedrock:*:*:application-inference-profile/*"
],
"Condition" : {
"Null" : {
"aws:ResourceTag/AmazonDataZoneProject" : "true",
"aws:RequestTag/AmazonDataZoneProject" : "true",
"aws:ResourceTag/AmazonDataZoneDomain" : "false",
"aws:RequestTag/AmazonDataZoneDomain" : "false"
}
}
},
{
"Sid" : "DeleteApplicationInferenceProfileStatement",
"Effect" : "Allow",
"Action" : [
"bedrock:DeleteInferenceProfile"
],
"Resource" : [
"arn:aws:bedrock:*:*:application-inference-profile/*"
],
"Condition" : {
"Null" : {
"aws:ResourceTag/AmazonDataZoneProject" : "true",
"aws:ResourceTag/AmazonDataZoneDomain" : "false"
}
}
}
]
}자세히 알아보기
