本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
ROSASharedVPCEndpointPolicy
描述:允许红帽 OpenShift 服务 AWS (ROSA) 安装程序配置 VPC 端点和安全组。打算在共享 VPC 上使用。
ROSASharedVPCEndpointPolicy 是一项 AWS 托管式策略。
使用此策略
您可以将 ROSASharedVPCEndpointPolicy 附加到您的用户、组和角色。
策略详细信息
-
类型: AWS 托管策略
-
创建时间:世界标准时间 2025 年 8 月 11 日 17:19
-
编辑时间:世界标准时间 2025 年 8 月 11 日 17:19
-
ARN:
arn:aws:iam::aws:policy/ROSASharedVPCEndpointPolicy
策略版本
策略版本:v1(默认)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时, AWS 会检查策略的默认版本以确定是否允许该请求。
JSON 策略文档
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "ReadPermissions", "Effect" : "Allow", "Action" : [ "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups" ], "Resource" : "*" }, { "Sid" : "CreateSecurityGroups", "Effect" : "Allow", "Action" : [ "ec2:CreateSecurityGroup" ], "Resource" : [ "arn:aws:ec2:*:*:security-group*/*" ], "Condition" : { "StringEquals" : { "aws:RequestTag/red-hat-managed" : "true" } } }, { "Sid" : "DeleteSecurityGroup", "Effect" : "Allow", "Action" : [ "ec2:DeleteSecurityGroup" ], "Resource" : [ "arn:aws:ec2:*:*:security-group*/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/red-hat-managed" : "true" } } }, { "Sid" : "SecurityGroupIngressEgress", "Effect" : "Allow", "Action" : [ "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress" ], "Resource" : [ "arn:aws:ec2:*:*:security-group*/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/red-hat-managed" : "true" } } }, { "Sid" : "CreateSecurityGroupsVPCNoCondition", "Effect" : "Allow", "Action" : [ "ec2:CreateSecurityGroup" ], "Resource" : [ "arn:aws:ec2:*:*:vpc/*" ] }, { "Sid" : "VPCEndpointWithCondition", "Effect" : "Allow", "Action" : [ "ec2:CreateVpcEndpoint" ], "Resource" : [ "arn:aws:ec2:*:*:vpc-endpoint/*" ], "Condition" : { "StringEquals" : { "aws:RequestTag/red-hat-managed" : "true" } } }, { "Sid" : "VPCEndpointResourceTagCondition", "Effect" : "Allow", "Action" : [ "ec2:CreateVpcEndpoint" ], "Resource" : [ "arn:aws:ec2:*:*:security-group*/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/red-hat-managed" : "true" } } }, { "Sid" : "VPCEndpointNoCondition", "Effect" : "Allow", "Action" : [ "ec2:CreateVpcEndpoint" ], "Resource" : [ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:route-table/*" ] }, { "Sid" : "ManageVPCEndpointWithCondition", "Effect" : "Allow", "Action" : [ "ec2:ModifyVpcEndpoint", "ec2:DeleteVpcEndpoints" ], "Resource" : [ "arn:aws:ec2:*:*:vpc-endpoint/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/red-hat-managed" : "true" } } }, { "Sid" : "ModifyVPCEndpoingNoCondition", "Effect" : "Allow", "Action" : [ "ec2:ModifyVpcEndpoint" ], "Resource" : [ "arn:aws:ec2:*:*:subnet/*" ] }, { "Sid" : "CreateTagsRestrictedActions", "Effect" : "Allow", "Action" : [ "ec2:CreateTags" ], "Resource" : [ "arn:aws:ec2:*:*:vpc-endpoint/*", "arn:aws:ec2:*:*:security-group/*" ], "Condition" : { "StringEquals" : { "ec2:CreateAction" : [ "CreateVpcEndpoint", "CreateSecurityGroup" ] } } } ] }
了解更多信息
