内联策略 - AWS re: Post 私有化
re: Post Private 的只读权限完全访问 re: Post Private

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

内联策略

内联策略是您创建和管理的策略。您可以将内联策略直接嵌入到用户、群组或角色中。以下策略示例说明如何分配权限以执行 AWS re: Post Private 操作。有关内联策略的一般信息,请参阅 A WS IAM 用户指南中的管理 IAM 策略。您可以使用 AWS Management Console、 AWS Command Line Interface (AWS CLI) 或 AWS Identity and Access Management API 来创建和嵌入内联策略。

re: Post Private 的只读权限

以下策略向用户授予 IAM 身份中心和 re: Post 私有控制台的读取权限。此策略允许用户执行只读的 re: Post Private 操作。

JSON
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "organizations:DescribeOrganization",
                "organizations:DescribeAccount",
                
                "sso:DescribeRegisteredRegions",
                "sso:ListDirectoryAssociations",
                "sso:GetSSOStatus",
                "sso:GetManagedApplicationInstance",
                "sso:ListProfiles",
                "sso:GetProfile",
                "sso:ListProfileAssociations",
                
                "sso-directory:DescribeDirectory",
                "sso-directory:SearchUsers",
                "sso-directory:SearchGroups",
                
                "repostspace:GetSpace",
                "repostspace:ListSpaces",
                "repostspace:ListTagsForResource"
            ],
            "Resource": "*"
        }
    ]
}

完全访问 re: Post Private

以下策略向用户授予 IAM 身份中心和 re: Post 私有控制台的完全访问权限。此政策允许用户执行所有 re: Post Private 操作。

JSON

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "organizations:DescribeOrganization",
                "organizations:DescribeAccount",
                
                "sso:DescribeRegisteredRegions",
                "sso:ListDirectoryAssociations",
                "sso:GetSSOStatus",
                "sso:GetManagedApplicationInstance",
                "sso:ListProfiles",
                "sso:GetProfile",
                "sso:ListProfileAssociations",
                
                "sso:CreateManagedApplicationInstance",
                "sso:DeleteManagedApplicationInstance",
                "sso:AssociateProfile",
                "sso:DisassociateProfile",
                
                "sso-directory:DescribeDirectory",
                "sso-directory:SearchUsers",
                "sso-directory:SearchGroups",

                "kms:ListAliases",
                "kms:DescribeKey",
                "kms:CreateGrant",
                "kms:RetireGrant",
                
                "repostspace:*"
            ],
            "Resource": "*"
        }
    ]
}