本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWSServiceCatalogAdminFullAccess
描述:提供对服务目录管理功能的完全访问权限
AWSServiceCatalogAdminFullAccess 是一项 AWS 托管式策略。
使用此策略
您可以将 AWSServiceCatalogAdminFullAccess 附加到您的用户、组和角色。
策略详细信息
-
类型:AWS 托管策略
-
创建时间:2018 年 2 月 15 日 17:19 UTC
-
编辑时间:2023 年 4 月 13 日 18:43 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSServiceCatalogAdminFullAccess
策略版本
策略版本:v8(默认)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时,AWS 会检查策略的默认版本以确定是否允许该请求。
JSON 策略文档
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:SetStackPolicy",
"cloudformation:UpdateStack",
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:ListChangeSets",
"cloudformation:DeleteChangeSet",
"cloudformation:ListStackResources",
"cloudformation:TagResource",
"cloudformation:CreateStackSet",
"cloudformation:CreateStackInstances",
"cloudformation:UpdateStackSet",
"cloudformation:UpdateStackInstances",
"cloudformation:DeleteStackSet",
"cloudformation:DeleteStackInstances",
"cloudformation:DescribeStackSet",
"cloudformation:DescribeStackInstance",
"cloudformation:DescribeStackSetOperation",
"cloudformation:ListStackInstances",
"cloudformation:ListStackSetOperations",
"cloudformation:ListStackSetOperationResults"
],
"Resource" : [
"arn:aws:cloudformation:*:*:stack/SC-*",
"arn:aws:cloudformation:*:*:stack/StackSet-SC-*",
"arn:aws:cloudformation:*:*:changeSet/SC-*",
"arn:aws:cloudformation:*:*:stackset/SC-*"
]
},
{
"Effect" : "Allow",
"Action" : [
"cloudformation:CreateUploadBucket",
"cloudformation:GetTemplateSummary",
"cloudformation:ValidateTemplate",
"iam:GetGroup",
"iam:GetRole",
"iam:GetUser",
"iam:ListGroups",
"iam:ListRoles",
"iam:ListUsers",
"servicecatalog:Get*",
"servicecatalog:Scan*",
"servicecatalog:Search*",
"servicecatalog:List*",
"servicecatalog:TagResource",
"servicecatalog:UntagResource",
"servicecatalog:SyncResource",
"ssm:DescribeDocument",
"ssm:GetAutomationExecution",
"ssm:ListDocuments",
"ssm:ListDocumentVersions",
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"servicecatalog:Accept*",
"servicecatalog:Associate*",
"servicecatalog:Batch*",
"servicecatalog:Copy*",
"servicecatalog:Create*",
"servicecatalog:Delete*",
"servicecatalog:Describe*",
"servicecatalog:Disable*",
"servicecatalog:Disassociate*",
"servicecatalog:Enable*",
"servicecatalog:Execute*",
"servicecatalog:Import*",
"servicecatalog:Provision*",
"servicecatalog:Put*",
"servicecatalog:Reject*",
"servicecatalog:Terminate*",
"servicecatalog:Update*"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : "iam:PassRole",
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"iam:PassedToService" : "servicecatalog.amazonaws.com"
}
}
},
{
"Effect" : "Allow",
"Action" : "iam:CreateServiceLinkedRole",
"Resource" : "arn:aws:iam::*:role/aws-service-role/orgsdatasync.servicecatalog.amazonaws.com/AWSServiceRoleForServiceCatalogOrgsDataSync",
"Condition" : {
"StringEquals" : {
"iam:AWSServiceName" : "orgsdatasync.servicecatalog.amazonaws.com"
}
}
}
]
}了解更多信息
