本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
创建策略
以下 CloudTrail 示例显示了调用PutPolicy操作的结果。
{
"eventVersion":"1.08",
"userIdentity":{
},
"invokedBy":"agent
"
},
"eventTime":"2021-02-26T21:25:36Z",
"eventSource":"acm-pca.amazonaws.com",
"eventName":"PutPolicy",
"awsRegion":"region
",
"sourceIPAddress":"xx.xx.xx.xx
",
"userAgent":"agent
",
"requestParameters":{
"resourceArn":"arn:aws
:acm-pca:us-east-1
:111122223333
:certificate-authority/11223344-1234-1122-2233-112233445566
",
"policy":"{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"01234567-89ab-cdef-0123-456789abcdef
4-external-principals\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"account
\"},\"Action\":\"acm-pca:IssueCertificate\",\"Resource\":\"arn:aws
:acm-pca:us-east-1
:111122223333
:certificate-authority/11223344-1234-1122-2233-112233445566
\",\"Condition\":{\"StringEquals\":{\"acm-pca:TemplateArn\":\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\"}}},{\"Sid\":\"01234567-89ab-cdef-0123-456789abcdef
-external-principals\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"account
\"},\"Action\":[\"acm-pca:DescribeCertificateAuthority\",\"acm-pca:GetCertificate\",\"acm-pca:GetCertificateAuthorityCertificate\",\"acm-pca:ListPermissions\",\"acm-pca:ListTags\"],\"Resource\":\"arn:aws
:acm-pca:us-east-1
:111122223333
:certificate-authority/11223344-1234-1122-2233-112233445566
\"}]}"
},
"responseElements":null,
"requestID":"01234567-89ab-cdef-0123-456789abcdef
",
"eventID":"01234567-89ab-cdef-0123-456789abcdef
",
"readOnly":false,
"eventType":"AwsApiCall",
"managementEvent":true,
"eventCategory":"Management",
"recipientAccountId":"account
"
}