移轉至精細的權限 - AWS Artifact

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

移轉至精細的權限

AWS Artifact 現在可讓客戶使用精細的許可。透過這些精細的權限,客戶可以精細控制提供功能的存取權,例如接受條款和下載報告。

若要透過精細的權限存取報表,客戶應該利用AWSArtifactReportsReadOnlyAccess 受管政策或依照下列建議更新其權限。然後,客戶應該使用主控台中提供的新 AWS 報告頁面連結來選擇加入。

如果更新至新權限發生問題,使用者可以選擇透過使用主控台中可用的舊報告頁面連結來存取具有舊權限的報告。

移轉至新權限

移轉非資源特定權限

使用者需要將包含舊版權限的現有原則取代為包含精細權限的原則

舊版政策:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:Get" ], "Resource": [ "arn:aws:artifact:::report-package/*" ] } ] }

具有精細權限的新政策:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports", "artifact:GetReportMetadata", "artifact:GetReport", "artifact:GetTermForReport" ], "Resource": "*" } ] }

移轉資源特定權限

使用者必須將包含舊版權限的現有原則取代為包含精細權限的原則。報表資源萬用字元權限已被條件索引鍵取代。

舊版政策:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:Get" ], "Resource": [ "arn:aws:artifact:::report-package/Certifications and Attestations/SOC/*", "arn:aws:artifact:::report-package/Certifications and Attestations/PCI/*", "arn:aws:artifact:::report-package/Certifications and Attestations/ISO/*" ] } ] }

具有精細權限和條件金鑰的新原則。

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "artifact:GetReportMetadata", "artifact:GetReport", "artifact:GetTermForReport" ], "Resource": "*", "Condition": { "StringEquals": { "artifact:ReportSeries": [ "SOC", "PCI", "ISO" ], "artifact:ReportCategory": [ "Certifications and Attestations" ] } } } ] }