AWS 大型机现代化服务（托管运行时环境体验）不再向新客户开放。有关类似于 AWS 大型机现代化服务（托管运行时环境体验）的功能，请浏览 AWS 大型机现代化服务（自我管理体验）。现有客户可以继续正常使用该服务。有关更多信息，请参阅[AWS 大型机现代化可用性变更](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html)。

本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# AWS 大型机现代化 API 权限：操作、资源和条件参考
<a name="UsingWithM2_IAM_ResourcePermissions"></a>

在编写您可附加到 IAM 身份的权限策略（基于身份的策略）时，可以使用下表作为参考。此表中包括以下内容：
+ 每个 AWS 大型机现代化 API 操作。
+ 您可授予执行该操作的权限的对应操作。
+ 您可以为其授予权限的 AWS 资源。

 您在策略的 `Action` 字段中指定操作，并在策略的 `Resource` 字段中指定资源值。

您可以在 AWS 大型机现代化策略中使用 AWS 全局条件键来表达条件。有关 AWS 密钥的完整列表，请参阅 *IAM 用户指南*中的[可用全局条件密钥](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#AvailableKeys)。

**注意**  
要指定操作，请在 API 操作名称之前使用 `m2:` 前缀（例如，`m2:CreateApplication`）。


**AWS 大型机现代化 API 和操作所需的权限**  

| AWS 大型机现代化 API 操作 | 所需权限（API 操作） | 资源 | 
| --- | --- | --- | 
|  [CancelBatchJobExecution](https://docs.aws.amazon.com/m2/latest/APIReference/API_CancelBatchJobExecution.html)  |  |  应用程序  | 
| [CreateApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateApplication.html)  |  `iam:PassRole` `kms:DescribeKey` `kms:CreateGrant` `s3:GetObject` `s3:ListBucket `  |  应用程序  | 
| [CreateDataSetImportTask](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateDataSetImportTask.html)  |  `s3:GetObject` |  应用程序  | 
| [CreateDataSetExportTask](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateDataSetExportTask.html) |  `kms:DescribeKey` `s3:PutObject`  |  应用程序  | 
| [CreateDeployment](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateDeployment.html)  |  `elasticloadbalancing:AddTags` `elasticloadbalancing:CreateListener` `elasticloadbalancing:CreateTargetGroup` `elasticloadbalancing:RegisterTargets` `elasticloadbalancing:DeleteListener` `elasticloadbalancing:DeleteTargetGroup` `elasticloadbalancing:DeregisterTargets` `elasticloadbalancing:DeleteLoadBalancer` `logs:CreateLogDelivery` `logs:GetLogDelivery` `logs:UpdateLogDelivery` `logs:DeleteLogDelivery` `logs:ListLogDeliveries` `logs:PutResourcePolicy` `logs:DescribeResourcePolicies` `logs:DescribeLogGroups`  | 应用程序 | 
|   [CreateEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateEnvironment.html)   |  `ec2:CreateNetworkInterface` `ec2:CreateNetworkInterfacePermission` `ec2:DescribeNetworkInterfaces` `ec2:DescribeSecurityGroups` `ec2:DescribeSubnets` `ec2:DescribeVpcAttribute` `ec2:DescribeVpcs` `ec2:ModifyNetworkInterfaceAttribute` `elasticfilesystem:DescribeMountTargets` `elasticloadbalancing:AddTags` `elasticloadbalancing:CreateLoadBalancer` `elasticloadbalancing:DeleteLoadBalancer` `kms:DescribeKey` `kms:CreateGrant` `fsx:DescribeFileSystems` `iam:CreateServiceLinkedRole`  |  环境  | 
|   [DeleteApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_DeleteApplication.html)   |  `elasticloadbalancing:DeleteListener` `elasticloadbalancing:DeleteTargetGroup` `logs:DeleteLogDelivery`  |  应用程序  | 
|   [DeleteApplicationFromEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_DeleteApplicationFromEnvironment.html)   |  `elasticloadbalancing:DeleteListener` `elasticloadbalancing:DeleteTargetGroup`  |  应用程序 环境  | 
|   [DeleteEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_DeleteEnvironment.html)   |  `elasticloadbalancing:DeleteLoadBalancer`  |  环境  | 
|   [GetApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetApplication.html)   |   |  应用程序  | 
| [GetApplicationVersion](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetApplicationVersion.html)  |  | 应用程序 | 
|   [GetBatchJobExecution](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetBatchJobExecution.html)   |   |  应用程序  | 
|   [GetDataSetDetails](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetDataSetDetails.html)   |   |  应用程序  | 
|   [GetDataSetImportTask](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetDataSetImportTask.html)   |   |  应用程序  | 
| [GetDataSetExportTask](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetDataSetExportTask.html) |  |  应用程序  | 
|   [GetDeployment](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetDeployment.html)   |   |  应用程序  | 
|   [GetEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_GetEnvironment.html)   |   |  环境  | 
| [ListApplications](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListApplications.html)  |  | \$1 | 
|   [ListApplicationVersions](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListApplicationVersions.html)   |   |  \$1  | 
|   [ListBatchJobDefinitions](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListBatchJobDefinitions.html)   |   |  \$1  | 
|   [ListBatchJobExecutions](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListBatchJobExecutions.html)   |  ``  |  \$1  | 
|   [ListDataSetImportHistory](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListDataSetImportHistory.html)   |   |  \$1  | 
| [ListDataSetExportHistory](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListDataSetExportHistory.html) |  |  \$1  | 
|   [ListDataSets](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListDataSets.html)   |   |  \$1  | 
| [ListDeployments](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListDeployments.html)  |  | \$1 | 
|   [ListEngineVersions](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListEngineVersions.html)   |   |  \$1  | 
| [ListEnvironments](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListEnvironments.html)  |  | \$1 | 
|   [ListTagsForResource](https://docs.aws.amazon.com/m2/latest/APIReference/API_ListTagsForResource.html)   |    |  \$1  | 
|   [StartApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_StartApplication.html)   |    |  应用程序  | 
|   [StartBatchJob](https://docs.aws.amazon.com/m2/latest/APIReference/API_StartBatchJob.html)   |   |  应用程序  | 
|   [StopApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_StopApplication.html)   |   |  应用程序  | 
|   [TagResource](https://docs.aws.amazon.com/m2/latest/APIReference/API_TagResource.html)   |   |  \$1  | 
|   [UntagResource](https://docs.aws.amazon.com/m2/latest/APIReference/API_UntagResource.html)   |   |  \$1  | 
|   [UpdateApplication](https://docs.aws.amazon.com/m2/latest/APIReference/API_UpdateApplication.html)   |  `s3:GetObject` `s3:ListBucket`  |  应用程序  | 
|   [UpdateEnvironment](https://docs.aws.amazon.com/m2/latest/APIReference/API_UpdateEnvironment.html)   |  `kms:DescribeKey`  |  环境  |