AmazonDataZoneRedshiftGlueProvisioningPolicy - AWS Política gerenciada

As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.

AmazonDataZoneRedshiftGlueProvisioningPolicy

Descrição: DataZone A Amazon é um serviço de gerenciamento de dados que permite catalogar, descobrir, controlar, compartilhar e analisar seus dados. Com a Amazon DataZone, você pode compartilhar e acessar seus dados entre contas e regiões suportadas. A Amazon DataZone simplifica sua experiência em vários AWS serviços, incluindo, mas não se limitando a, Amazon Redshift, Amazon Athena, AWS Glue e Lake Formation. AWS

AmazonDataZoneRedshiftGlueProvisioningPolicy é uma política gerenciada pelo AWS.

Utilização desta política

Você pode vincular a AmazonDataZoneRedshiftGlueProvisioningPolicy aos seus usuários, grupos e perfis.

Detalhes desta política

  • Tipo: política AWS gerenciada

  • Hora da criação: 22 de setembro de 2023, 20:19 UTC

  • Hora da edição: 23 de outubro de 2024, 18:29 UTC

  • ARN: arn:aws:iam::aws:policy/AmazonDataZoneRedshiftGlueProvisioningPolicy

Versão da política

Versão da política: v4 (padrão)

A versão padrão da política é aquela que define as permissões desta política. Quando um usuário ou função da política faz uma solicitação para acessar um AWS recurso, AWS verifica a versão padrão da política para determinar se a solicitação deve ser permitida.

Documento da política JSON

{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AmazonDataZonePermissionsToCreateEnvironmentRole", "Effect" : "Allow", "Action" : [ "iam:CreateRole", "iam:DetachRolePolicy", "iam:DeleteRolePolicy", "iam:AttachRolePolicy", "iam:PutRolePolicy" ], "Resource" : "arn:aws:iam::*:role/datazone*", "Condition" : { "StringEquals" : { "iam:PermissionsBoundary" : "arn:aws:iam::aws:policy/AmazonDataZoneEnvironmentRolePermissionsBoundary", "aws:CalledViaFirst" : [ "cloudformation.amazonaws.com" ] } } }, { "Sid" : "IamPassRolePermissions", "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : [ "arn:aws:iam::*:role/datazone*" ], "Condition" : { "StringEquals" : { "iam:PassedToService" : [ "glue.amazonaws.com", "lakeformation.amazonaws.com" ], "aws:CalledViaFirst" : [ "cloudformation.amazonaws.com" ] } } }, { "Sid" : "AmazonDataZonePermissionsToManageCreatedEnvironmentRole", "Effect" : "Allow", "Action" : [ "iam:DeleteRole", "iam:GetRole" ], "Resource" : "arn:aws:iam::*:role/datazone*", "Condition" : { "StringEquals" : { "aws:CalledViaFirst" : [ "cloudformation.amazonaws.com" ] } } }, { "Sid" : "AmazonDataZoneCFStackCreationForEnvironments", "Effect" : "Allow", "Action" : [ "cloudformation:CreateStack", "cloudformation:TagResource" ], "Resource" : [ "arn:aws:cloudformation:*:*:stack/DataZone*" ], "Condition" : { "ForAnyValue:StringLike" : { "aws:TagKeys" : "AmazonDataZoneEnvironment" }, "Null" : { "aws:ResourceTag/AmazonDataZoneEnvironment" : "false" } } }, { "Sid" : "AmazonDataZoneCFStackManagementForEnvironments", "Effect" : "Allow", "Action" : [ "cloudformation:DeleteStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents" ], "Resource" : [ "arn:aws:cloudformation:*:*:stack/DataZone*" ] }, { "Sid" : "AmazonDataZoneEnvironmentParameterValidation", "Effect" : "Allow", "Action" : [ "lakeformation:GetDataLakeSettings", "lakeformation:PutDataLakeSettings", "lakeformation:RevokePermissions", "lakeformation:ListPermissions", "glue:CreateDatabase", "glue:GetDatabase", "athena:GetWorkGroup", "logs:DescribeLogGroups", "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup", "redshift:DescribeClusters", "secretsmanager:ListSecrets" ], "Resource" : "*" }, { "Sid" : "AmazonDataZoneEnvironmentLakeFormationPermissions", "Effect" : "Allow", "Action" : [ "lakeformation:RegisterResource", "lakeformation:DeregisterResource", "lakeformation:GrantPermissions", "lakeformation:ListResources" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:CalledViaFirst" : [ "cloudformation.amazonaws.com" ] } } }, { "Sid" : "AmazonDataZoneEnvironmentGlueDeletePermissions", "Effect" : "Allow", "Action" : [ "glue:DeleteDatabase" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:CalledViaFirst" : [ "cloudformation.amazonaws.com" ] } } }, { "Sid" : "AmazonDataZoneEnvironmentAthenaDeletePermissions", "Effect" : "Allow", "Action" : [ "athena:DeleteWorkGroup" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:CalledViaFirst" : [ "cloudformation.amazonaws.com" ] } } }, { "Sid" : "AmazonDataZoneEnvironmentAthenaResourceCreation", "Effect" : "Allow", "Action" : [ "athena:CreateWorkGroup", "athena:TagResource", "iam:TagRole", "iam:TagPolicy", "logs:TagLogGroup" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringLike" : { "aws:TagKeys" : "AmazonDataZoneEnvironment" }, "Null" : { "aws:ResourceTag/AmazonDataZoneEnvironment" : "false" }, "StringEquals" : { "aws:CalledViaFirst" : [ "cloudformation.amazonaws.com" ] } } }, { "Sid" : "AmazonDataZoneEnvironmentLogGroupCreation", "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup", "logs:DeleteLogGroup" ], "Resource" : "arn:aws:logs:*:*:log-group:datazone-*", "Condition" : { "ForAnyValue:StringLike" : { "aws:TagKeys" : "AmazonDataZoneEnvironment" }, "Null" : { "aws:ResourceTag/AmazonDataZoneEnvironment" : "false" }, "StringEquals" : { "aws:CalledViaFirst" : [ "cloudformation.amazonaws.com" ] } } }, { "Sid" : "AmazonDataZoneEnvironmentLogGroupManagement", "Action" : [ "logs:PutRetentionPolicy" ], "Resource" : "arn:aws:logs:*:*:log-group:datazone-*", "Effect" : "Allow", "Condition" : { "StringEquals" : { "aws:CalledViaFirst" : [ "cloudformation.amazonaws.com" ] } } }, { "Sid" : "AmazonDataZoneEnvironmentIAMPolicyManagement", "Effect" : "Allow", "Action" : [ "iam:DeletePolicy", "iam:CreatePolicy", "iam:GetPolicy", "iam:ListPolicyVersions", "iam:DeletePolicyVersion" ], "Resource" : [ "arn:aws:iam::*:policy/datazone*" ], "Condition" : { "StringEquals" : { "aws:CalledViaFirst" : [ "cloudformation.amazonaws.com" ] } } }, { "Sid" : "AmazonDataZoneEnvironmentS3ValidationPermissions", "Effect" : "Allow", "Action" : [ "s3:ListAllMyBuckets", "s3:ListBucket" ], "Resource" : "arn:aws:s3:::*" }, { "Sid" : "AmazonDataZoneEnvironmentKMSDecryptPermissions", "Effect" : "Allow", "Action" : [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource" : "*", "Condition" : { "Null" : { "aws:ResourceTag/AmazonDataZoneEnvironment" : "false" } } }, { "Sid" : "PermissionsToTagAmazonDataZoneEnvironmentGlueResources", "Effect" : "Allow", "Action" : [ "glue:TagResource" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringLike" : { "aws:TagKeys" : "AmazonDataZoneEnvironment" }, "Null" : { "aws:RequestTag/AmazonDataZoneEnvironment" : "false" } } }, { "Sid" : "PermissionsToGetAmazonDataZoneEnvironmentBlueprintTemplates", "Effect" : "Allow", "Action" : "s3:GetObject", "Resource" : "*", "Condition" : { "StringNotEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" }, "StringEquals" : { "aws:CalledViaFirst" : [ "cloudformation.amazonaws.com" ] } } }, { "Sid" : "RedshiftDataPermissions", "Effect" : "Allow", "Action" : [ "redshift-data:ListSchemas", "redshift-data:ExecuteStatement" ], "Resource" : [ "arn:aws:redshift-serverless:*:*:workgroup/*", "arn:aws:redshift:*:*:cluster:*" ] }, { "Sid" : "DescribeStatementPermissions", "Effect" : "Allow", "Action" : [ "redshift-data:DescribeStatement" ], "Resource" : "*" }, { "Sid" : "GetSecretValuePermissions", "Effect" : "Allow", "Action" : [ "secretsmanager:GetSecretValue" ], "Resource" : "*", "Condition" : { "StringLike" : { "secretsmanager:ResourceTag/AmazonDataZoneDomain" : "dzd*" } } } ] }

Saiba mais