As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.
AWSRefactoringToolkitFullAccess
Descrição: esta política concede permissão para usar serviços da AWS com a extensão AWS Toolkit for .NET Refactoring para Microsoft Visual Studio. Ele deve ser anexado a um AWS perfil local. A política permite o upload de artefatos do aplicativo e o download dos artefatos resultantes do Amazon S3. Ele permite criar aplicativos em uma imagem de contêiner usando o AWS CodeBuild e armazenar e recuperar imagens do Amazon Elastic Container Registry (Amazon ECR). Além disso, permite a implantação do aplicativo em serviços de contêineres na AWS, como o Amazon Elastic Container Service (Amazon ECS), a criação opcional de recursos de VPC, a conexão opcional à infraestrutura existente, como o Directory AWS Service, e outros serviços relacionados.
AWSRefactoringToolkitFullAccess é uma política gerenciada pelo AWS.
Utilização desta política
Você pode vincular a AWSRefactoringToolkitFullAccess aos seus usuários, grupos e perfis.
Detalhes desta política
-
Tipo: política gerenciada pela AWS
-
Hora da criação: 25 de outubro de 2022, 16:41 UTC
-
Hora da edição: 25 de março de 2024, 18:43 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSRefactoringToolkitFullAccess
Versão da política
Versão da política: v5 (padrão)
A versão padrão da política é aquela que define as permissões desta política. Quando um usuário ou perfil com esta política faz uma solicitação para acessar um atributo da AWS, a AWS verifica a versão padrão da política para determinar se concederá a permissão solicitada.
Documento da política JSON
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "App2ContainerAccess",
"Effect" : "Allow",
"Action" : [
"a2c:GetContainerizationJobDetails",
"a2c:GetDeploymentJobDetails",
"a2c:StartContainerizationJob",
"a2c:StartDeploymentJob"
],
"Resource" : "*"
},
{
"Sid" : "CloudformationExecutionAccess",
"Effect" : "Allow",
"Action" : [
"cloudformation:CreateChangeSet",
"cloudformation:CreateStack",
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStackEvents",
"cloudformation:ExecuteChangeSet",
"cloudformation:UpdateStack",
"cloudformation:TagResource",
"cloudformation:UntagResource"
],
"Resource" : [
"arn:*:cloudformation:*:*:stack/a2c-app-*",
"arn:*:cloudformation:*:*:stack/a2c-build-*",
"arn:*:cloudformation:*:*:stack/application-transformation-app-*"
]
},
{
"Sid" : "CodeBuildCreateAccess",
"Effect" : "Allow",
"Action" : [
"codebuild:CreateProject",
"codebuild:UpdateProject"
],
"Resource" : "arn:aws:codebuild:*:*:project/*",
"Condition" : {
"Null" : {
"aws:RequestTag/a2c-generated" : "false"
}
}
},
{
"Sid" : "CodeBuildExecutionAccess",
"Effect" : "Allow",
"Action" : [
"codebuild:StartBuild"
],
"Resource" : "arn:aws:codebuild:*:*:project/*"
},
{
"Sid" : "CreateSecurityGroupAccess",
"Effect" : "Allow",
"Action" : [
"ec2:CreateSecurityGroup"
],
"Resource" : "*"
},
{
"Sid" : "Ec2CreateAccess",
"Effect" : "Allow",
"Action" : [
"ec2:CreateInternetGateway",
"ec2:CreateKeyPair",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:RequestTag/a2c-generated" : "false"
}
}
},
{
"Sid" : "Ec2CreateAccessATS",
"Effect" : "Allow",
"Action" : [
"ec2:CreateInternetGateway",
"ec2:CreateKeyPair",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:RequestTag/application-transformation" : "false"
}
}
},
{
"Sid" : "Ec2ModifyAccess",
"Effect" : "Allow",
"Action" : [
"ec2:AssociateRouteTable",
"ec2:AttachInternetGateway",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DeleteTags",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:RevokeSecurityGroupIngress",
"ec2:CreateSubnet",
"ec2:CreateRoute",
"ec2:CreateRouteTable"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:ResourceTag/a2c-generated" : "false"
}
}
},
{
"Sid" : "Ec2ModifyAccessATS",
"Effect" : "Allow",
"Action" : [
"ec2:AssociateRouteTable",
"ec2:AttachInternetGateway",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DeleteTags",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:RevokeSecurityGroupIngress",
"ec2:CreateSubnet",
"ec2:CreateRoute",
"ec2:CreateRouteTable"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:ResourceTag/application-transformation" : "false"
}
}
},
{
"Sid" : "EcrCreateAccess",
"Effect" : "Allow",
"Action" : [
"ecr:CreateRepository",
"ecr:TagResource"
],
"Resource" : "arn:*:ecr:*:*:repository/*",
"Condition" : {
"Null" : {
"aws:RequestTag/a2c-generated" : "false"
}
}
},
{
"Sid" : "EcrCreateAccessATS",
"Effect" : "Allow",
"Action" : [
"ecr:CreateRepository",
"ecr:TagResource"
],
"Resource" : "arn:*:ecr:*:*:repository/*",
"Condition" : {
"Null" : {
"aws:RequestTag/application-transformation" : "false"
}
}
},
{
"Sid" : "EcrModifyAccess",
"Effect" : "Allow",
"Action" : [
"ecr:GetLifecyclePolicy",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:ListTagsForResource",
"ecr:TagResource",
"ecr:UntagResource"
],
"Resource" : "arn:*:ecr:*:*:repository/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/a2c-generated" : "false"
}
}
},
{
"Sid" : "EcrModifyAccessATS",
"Effect" : "Allow",
"Action" : [
"ecr:GetLifecyclePolicy",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:ListTagsForResource",
"ecr:TagResource",
"ecr:UntagResource"
],
"Resource" : "arn:*:ecr:*:*:repository/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/application-transformation" : "false"
}
}
},
{
"Sid" : "EcsCreateAccess",
"Effect" : "Allow",
"Action" : [
"ecs:CreateCluster",
"ecs:CreateService",
"ecs:RegisterTaskDefinition",
"ecs:TagResource"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:RequestTag/a2c-generated" : "false"
}
}
},
{
"Sid" : "EcsCreateAccessATS",
"Effect" : "Allow",
"Action" : [
"ecs:CreateCluster",
"ecs:CreateService",
"ecs:RegisterTaskDefinition",
"ecs:TagResource"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:RequestTag/application-transformation" : "false"
}
}
},
{
"Sid" : "EcsModifyAccess",
"Effect" : "Allow",
"Action" : [
"ecs:UpdateService",
"ecs:TagResource",
"ecs:UntagResource"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:ResourceTag/a2c-generated" : "false"
}
}
},
{
"Sid" : "EcsModifyAccessATS",
"Effect" : "Allow",
"Action" : [
"ecs:UpdateService",
"ecs:TagResource",
"ecs:UntagResource"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:ResourceTag/application-transformation" : "false"
}
}
},
{
"Sid" : "EcsReadTaskDefinitionAccess",
"Effect" : "Allow",
"Action" : [
"ecs:DescribeTaskDefinition"
],
"Resource" : "*",
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : "cloudformation.amazonaws.com"
}
}
},
{
"Sid" : "EcsExecuteCommandInSidecar",
"Effect" : "Allow",
"Action" : [
"ecs:ExecuteCommand"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"ecs:container-name" : "a2c-sidecar"
}
}
},
{
"Sid" : "EcsExecuteCommandInSidecarATS",
"Effect" : "Allow",
"Action" : [
"ecs:ExecuteCommand"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"ecs:container-name" : "application-transformation-sidecar"
}
}
},
{
"Sid" : "CreateEcsServiceLinkedRoleAccess",
"Effect" : "Allow",
"Action" : "iam:CreateServiceLinkedRole",
"Resource" : "arn:aws:iam::*:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS",
"Condition" : {
"StringLike" : {
"iam:AWSServiceName" : "ecs.amazonaws.com"
}
}
},
{
"Sid" : "CloudwatchCreateAccess",
"Effect" : "Allow",
"Action" : [
"logs:CreateLogGroup",
"logs:TagResource"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:/aws/codebuild/*:*",
"arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*",
"arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*"
],
"Condition" : {
"Null" : {
"aws:RequestTag/a2c-generated" : "false"
},
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"a2c-generated"
]
}
}
},
{
"Sid" : "CloudwatchCreateAccessATS",
"Effect" : "Allow",
"Action" : [
"logs:CreateLogGroup",
"logs:TagResource"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*",
"arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*"
],
"Condition" : {
"Null" : {
"aws:RequestTag/application-transformation" : "false"
},
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"application-transformation"
]
}
}
},
{
"Sid" : "CloudwatchGetAccess",
"Effect" : "Allow",
"Action" : [
"logs:GetLogEvents"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:/aws/codebuild/*:*",
"arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*",
"arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*"
],
"Condition" : {
"Null" : {
"aws:ResourceTag/a2c-generated" : "false"
}
}
},
{
"Sid" : "CloudwatchGetAccessATS",
"Effect" : "Allow",
"Action" : [
"logs:GetLogEvents"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*",
"arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*"
],
"Condition" : {
"Null" : {
"aws:ResourceTag/application-transformation" : "false"
}
}
},
{
"Sid" : "SsmParameterAccess",
"Effect" : "Allow",
"Action" : [
"ssm:AddTagsToResource",
"ssm:GetParameters",
"ssm:PutParameter",
"ssm:RemoveTagsFromResource"
],
"Resource" : "arn:aws:ssm:*:*:parameter/a2c-generated-check-ecs-slr-*"
},
{
"Sid" : "SsmMessagesAccess",
"Effect" : "Allow",
"Action" : [
"ssm:DescribeSessions",
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource" : "*"
},
{
"Sid" : "S3ObjectAccess",
"Effect" : "Allow",
"Action" : [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource" : [
"arn:aws:s3:::*/refactoringtoolkit*",
"arn:aws:s3:::*/a2c-generated*",
"arn:aws:s3:::*/application-transformation*"
]
},
{
"Sid" : "S3ListAccess",
"Effect" : "Allow",
"Action" : [
"s3:ListBucket"
],
"Resource" : "arn:aws:s3:::*",
"Condition" : {
"StringLike" : {
"s3:prefix" : [
"application-transformation",
"refactoringtoolkit"
]
}
}
},
{
"Sid" : "ReadOnlyAccess",
"Effect" : "Allow",
"Action" : [
"cloudformation:DescribeStacks",
"cloudformation:ListStacks",
"clouddirectory:ListDirectories",
"codebuild:BatchGetProjects",
"codebuild:BatchGetBuilds",
"ds:DescribeDirectories",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeInternetGateways",
"ec2:DescribeKeyPairs",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"ecr:DescribeImages",
"ecr:DescribeRepositories",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTasks",
"ecs:ListTagsForResource",
"ecs:ListTasks",
"iam:ListRoles",
"s3:GetBucketLocation",
"s3:GetBucketVersioning",
"s3:ListAllMyBuckets",
"secretsmanager:ListSecrets"
],
"Resource" : "*"
},
{
"Sid" : "GetECSSLR",
"Effect" : "Allow",
"Action" : "iam:GetRole",
"Resource" : "arn:aws:iam::*:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS"
},
{
"Sid" : "PortingAssistantFullAccess",
"Effect" : "Allow",
"Action" : [
"s3:GetObject"
],
"Resource" : [
"arn:aws:s3:::aws.portingassistant.dotnet.datastore",
"arn:aws:s3:::aws.portingassistant.dotnet.datastore/*"
]
},
{
"Sid" : "ApplicationTransformationAccess",
"Effect" : "Allow",
"Action" : [
"application-transformation:StartPortingCompatibilityAssessment",
"application-transformation:GetPortingCompatibilityAssessment",
"application-transformation:StartPortingRecommendationAssessment",
"application-transformation:GetPortingRecommendationAssessment",
"application-transformation:PutLogData",
"application-transformation:PutMetricData",
"application-transformation:StartContainerization",
"application-transformation:GetContainerization",
"application-transformation:StartDeployment",
"application-transformation:GetDeployment"
],
"Resource" : "*"
},
{
"Sid" : "KmsAccess",
"Effect" : "Allow",
"Action" : [
"kms:Decrypt",
"kms:Encrypt",
"kms:DescribeKey",
"kms:GenerateDataKey"
],
"Resource" : "arn:aws:kms:*::*",
"Condition" : {
"ForAnyValue:StringLike" : {
"kms:ResourceAliases" : "alias/application-transformation*"
}
}
},
{
"Sid" : "EcrPushAccess",
"Effect" : "Allow",
"Action" : [
"ecr:InitiateLayerUpload",
"ecr:PutImage",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer"
],
"Resource" : "arn:*:ecr:*:*:repository/*",
"Condition" : {
"Null" : {
"ecr:ResourceTag/application-transformation" : "false"
}
}
},
{
"Sid" : "EcrAuthAccess",
"Effect" : "Allow",
"Action" : [
"ecr:GetAuthorizationToken"
],
"Resource" : "*"
},
{
"Sid" : "KmsCreateGrantAccess",
"Effect" : "Allow",
"Action" : [
"kms:CreateGrant"
],
"Resource" : "arn:aws:kms:*::*",
"Condition" : {
"Bool" : {
"kms:GrantIsForAWSResource" : true
},
"ForAnyValue:StringLike" : {
"kms:ResourceAliases" : "alias/application-transformation*"
}
}
}
]
}Saiba mais
