As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.
AWSElasticDisasterRecoveryLaunchActionsPolicy
Descrição: esta política permite que você use o Amazon SSM e os serviços adicionais necessários para executar ações de pós-lançamento no AWS Elastic Disaster Recovery (AWS DRS). Anexe essa política aos seus perfis ou usuários do IAM.
AWSElasticDisasterRecoveryLaunchActionsPolicy é uma política gerenciada pelo AWS.
Utilização desta política
Você pode vincular a AWSElasticDisasterRecoveryLaunchActionsPolicy aos seus usuários, grupos e perfis.
Detalhes desta política
-
Tipo: política gerenciada pela AWS
-
Hora da criação: 13 de setembro de 2023, 7:38 UTC
-
Hora da edição: 19 de maio de 2024, 7:29 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryLaunchActionsPolicy
Versão da política
Versão da política: v3 (padrão)
A versão padrão da política é aquela que define as permissões desta política. Quando um usuário ou perfil com esta política faz uma solicitação para acessar um atributo da AWS, a AWS verifica a versão padrão da política para determinar se concederá a permissão solicitada.
Documento da política JSON
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "LaunchActionsPolicy1",
"Effect" : "Allow",
"Action" : [
"ssm:DescribeInstanceInformation",
"ssm:DescribeParameters"
],
"Resource" : [
"*"
],
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : [
"drs.amazonaws.com"
]
}
}
},
{
"Sid" : "LaunchActionsPolicy2",
"Effect" : "Allow",
"Action" : [
"ssm:SendCommand",
"ssm:StartAutomationExecution"
],
"Resource" : [
"arn:aws:ssm:*:*:document/*",
"arn:aws:ssm:*:*:automation-definition/*:*"
],
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : [
"drs.amazonaws.com"
]
},
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "LaunchActionsPolicy3",
"Effect" : "Allow",
"Action" : [
"ssm:SendCommand",
"ssm:StartAutomationExecution"
],
"Resource" : [
"arn:aws:ssm:*::document/AWS-*",
"arn:aws:ssm:*::document/AWSCodeDeployAgent-*",
"arn:aws:ssm:*::document/AWSConfigRemediation-*",
"arn:aws:ssm:*::document/AWSConformancePacks-*",
"arn:aws:ssm:*::document/AWSDisasterRecovery-*",
"arn:aws:ssm:*::document/AWSDistroOTel-*",
"arn:aws:ssm:*::document/AWSDocs-*",
"arn:aws:ssm:*::document/AWSEC2-*",
"arn:aws:ssm:*::document/AWSEC2Launch-*",
"arn:aws:ssm:*::document/AWSFIS-*",
"arn:aws:ssm:*::document/AWSFleetManager-*",
"arn:aws:ssm:*::document/AWSIncidents-*",
"arn:aws:ssm:*::document/AWSKinesisTap-*",
"arn:aws:ssm:*::document/AWSMigration-*",
"arn:aws:ssm:*::document/AWSNVMe-*",
"arn:aws:ssm:*::document/AWSNitroEnclavesWindows-*",
"arn:aws:ssm:*::document/AWSObservabilityExporter-*",
"arn:aws:ssm:*::document/AWSPVDriver-*",
"arn:aws:ssm:*::document/AWSQuickSetupType-*",
"arn:aws:ssm:*::document/AWSQuickStarts-*",
"arn:aws:ssm:*::document/AWSRefactorSpaces-*",
"arn:aws:ssm:*::document/AWSResilienceHub-*",
"arn:aws:ssm:*::document/AWSSAP-*",
"arn:aws:ssm:*::document/AWSSAPTools-*",
"arn:aws:ssm:*::document/AWSSQLServer-*",
"arn:aws:ssm:*::document/AWSSSO-*",
"arn:aws:ssm:*::document/AWSSupport-*",
"arn:aws:ssm:*::document/AWSSystemsManagerSAP-*",
"arn:aws:ssm:*::document/AmazonCloudWatch-*",
"arn:aws:ssm:*::document/AmazonCloudWatchAgent-*",
"arn:aws:ssm:*::document/AmazonECS-*",
"arn:aws:ssm:*::document/AmazonEFSUtils-*",
"arn:aws:ssm:*::document/AmazonEKS-*",
"arn:aws:ssm:*::document/AmazonInspector-*",
"arn:aws:ssm:*::document/AmazonInspector2-*",
"arn:aws:ssm:*::document/AmazonInternal-*",
"arn:aws:ssm:*::document/AwsEnaNetworkDriver-*",
"arn:aws:ssm:*::document/AwsVssComponents-*",
"arn:aws:ssm:*::automation-definition/AWS-*:*",
"arn:aws:ssm:*::automation-definition/AWSCodeDeployAgent-*:*",
"arn:aws:ssm:*::automation-definition/AWSConfigRemediation-*:*",
"arn:aws:ssm:*::automation-definition/AWSConformancePacks-*:*",
"arn:aws:ssm:*::automation-definition/AWSDisasterRecovery-*:*",
"arn:aws:ssm:*::automation-definition/AWSDistroOTel-*:*",
"arn:aws:ssm:*::automation-definition/AWSDocs-*:*",
"arn:aws:ssm:*::automation-definition/AWSEC2-*:*",
"arn:aws:ssm:*::automation-definition/AWSEC2Launch-*:*",
"arn:aws:ssm:*::automation-definition/AWSFIS-*:*",
"arn:aws:ssm:*::automation-definition/AWSFleetManager-*:*",
"arn:aws:ssm:*::automation-definition/AWSIncidents-*:*",
"arn:aws:ssm:*::automation-definition/AWSKinesisTap-*:*",
"arn:aws:ssm:*::automation-definition/AWSMigration-*:*",
"arn:aws:ssm:*::automation-definition/AWSNVMe-*:*",
"arn:aws:ssm:*::automation-definition/AWSNitroEnclavesWindows-*:*",
"arn:aws:ssm:*::automation-definition/AWSObservabilityExporter-*:*",
"arn:aws:ssm:*::automation-definition/AWSPVDriver-*:*",
"arn:aws:ssm:*::automation-definition/AWSQuickSetupType-*:*",
"arn:aws:ssm:*::automation-definition/AWSQuickStarts-*:*",
"arn:aws:ssm:*::automation-definition/AWSRefactorSpaces-*:*",
"arn:aws:ssm:*::automation-definition/AWSResilienceHub-*:*",
"arn:aws:ssm:*::automation-definition/AWSSAP-*:*",
"arn:aws:ssm:*::automation-definition/AWSSAPTools-*:*",
"arn:aws:ssm:*::automation-definition/AWSSQLServer-*:*",
"arn:aws:ssm:*::automation-definition/AWSSSO-*:*",
"arn:aws:ssm:*::automation-definition/AWSSupport-*:*",
"arn:aws:ssm:*::automation-definition/AWSSystemsManagerSAP-*:*",
"arn:aws:ssm:*::automation-definition/AmazonCloudWatch-*:*",
"arn:aws:ssm:*::automation-definition/AmazonCloudWatchAgent-*:*",
"arn:aws:ssm:*::automation-definition/AmazonECS-*:*",
"arn:aws:ssm:*::automation-definition/AmazonEFSUtils-*:*",
"arn:aws:ssm:*::automation-definition/AmazonEKS-*:*",
"arn:aws:ssm:*::automation-definition/AmazonInspector-*:*",
"arn:aws:ssm:*::automation-definition/AmazonInspector2-*:*",
"arn:aws:ssm:*::automation-definition/AmazonInternal-*:*",
"arn:aws:ssm:*::automation-definition/AwsEnaNetworkDriver-*:*",
"arn:aws:ssm:*::automation-definition/AwsVssComponents-*:*"
],
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : [
"drs.amazonaws.com"
]
}
}
},
{
"Sid" : "LaunchActionsPolicy4",
"Effect" : "Allow",
"Action" : [
"ssm:SendCommand"
],
"Resource" : [
"arn:aws:ec2:*:*:instance/*"
],
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : [
"drs.amazonaws.com"
]
},
"Null" : {
"aws:ResourceTag/AWSElasticDisasterRecoveryManaged" : "false"
}
}
},
{
"Sid" : "LaunchActionsPolicy5",
"Effect" : "Allow",
"Action" : [
"ssm:SendCommand"
],
"Resource" : [
"arn:aws:ec2:*:*:instance/*"
],
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/AWSDRS" : "AllowLaunchingIntoThisInstance"
},
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : [
"drs.amazonaws.com"
]
}
}
},
{
"Sid" : "LaunchActionsPolicy6",
"Effect" : "Allow",
"Action" : [
"ssm:ListDocuments",
"ssm:ListCommandInvocations"
],
"Resource" : "*"
},
{
"Sid" : "LaunchActionsPolicy7",
"Effect" : "Allow",
"Action" : [
"ssm:ListDocumentVersions",
"ssm:GetDocument",
"ssm:DescribeDocument"
],
"Resource" : "arn:aws:ssm:*:*:document/*"
},
{
"Sid" : "LaunchActionsPolicy8",
"Effect" : "Allow",
"Action" : [
"ssm:GetAutomationExecution"
],
"Resource" : "arn:aws:ssm:*:*:automation-execution/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/AWSElasticDisasterRecoveryManaged" : "false"
}
}
},
{
"Sid" : "LaunchActionsPolicy9",
"Effect" : "Allow",
"Action" : [
"ssm:GetParameters"
],
"Resource" : "arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecoveryService-*",
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : "ssm.amazonaws.com"
}
}
},
{
"Sid" : "LaunchActionsPolicy10",
"Effect" : "Allow",
"Action" : [
"ssm:GetParameter",
"ssm:PutParameter"
],
"Resource" : "arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecoveryService-*",
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "LaunchActionsPolicy11",
"Effect" : "Allow",
"Action" : "iam:PassRole",
"Resource" : [
"arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceWithLaunchActionsRole"
],
"Condition" : {
"StringEquals" : {
"iam:PassedToService" : "ec2.amazonaws.com"
},
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : "drs.amazonaws.com"
}
}
}
]
}Saiba mais
