使用 Amazon S3 VPC 端端點提供 AppStream 2.0 功能

當您在堆疊上啟用應用程式設定持續性或主資料夾時， AppStream 2.0 會使用您為叢集指定的 VPC 來提供對 Amazon Simple Storage Service (Amazon S3) 貯體的存取權。對於彈性叢集， AppStream 2.0 將使用 VPC 存取 Amazon S3 儲存貯體，其中包含指派給叢集應用程式區塊的應用程式。若要啟用對私有 S3 端點的 AppStream 2.0 存取，請將以下自訂政策附加到 Amazon S3 的 VPC 端點。如需有關私有 Amazon S3 端點的詳細資訊，請參閱《Amazon VPC 使用者指南》中的 VPC 端點和 Amazon S3 的端點。

{
"Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Allow-AppStream-to-access-S3-buckets",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:sts::account-id-without-hyphens:assumed-role/AmazonAppStreamServiceAccess/AppStream2.0"
            },
            "Action": [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:GetObjectVersion",
                "s3:DeleteObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::appstream2-36fb080bb8-*",
                "arn:aws:s3:::appstream-app-settings-*",
                "arn:aws:s3:::appstream-logs-*"
            ]
        },
        {
            "Sid": "Allow-AppStream-ElasticFleetstoRetrieveObjects",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket-with-application-or-app-block-objects/*",
            "Condition": {
                "StringEquals": {
                    "aws:PrincipalServiceName": "appstream.amazonaws.com"
                }
            }
        }
    ]
}