本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWSCloudTrail_FullAccess
描述:提供對的完整存取權 AWS CloudTrail。
AWSCloudTrail_FullAccess是AWS 受管理的策略。
使用此政策
您可以附加AWSCloudTrail_FullAccess至您的使用者、群組和角色。
政策詳情
-
類型: AWS 受管理的策略
-
創建時間:2020 年 10 月 8 日, 23:41 世界標準時間
-
編輯時間:2021 年 2 月 22 日,世界標準時間 19:01
-
ARN:
arn:aws:iam::aws:policy/AWSCloudTrail_FullAccess
政策版本
策略版本:v3(預設值)
原則的預設版本是定義原則權限的版本。當具有策略的使用者或角色發出要求以存取 AWS 資源時,請 AWS 檢查原則的預設版本,以決定是否允許該要求。
政策文件
{ "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : [ "sns:AddPermission", "sns:CreateTopic", "sns:SetTopicAttributes", "sns:GetTopicAttributes" ], "Resource" : [ "arn:aws:sns:*:*:aws-cloudtrail-logs*" ] }, { "Effect" : "Allow", "Action" : [ "sns:ListTopics" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "s3:CreateBucket", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock" ], "Resource" : [ "arn:aws:s3:::aws-cloudtrail-logs*" ] }, { "Effect" : "Allow", "Action" : [ "s3:ListAllMyBuckets", "s3:GetBucketLocation", "s3:GetBucketPolicy" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : "cloudtrail:*", "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup" ], "Resource" : [ "arn:aws:logs:*:*:log-group:aws-cloudtrail-logs*" ] }, { "Effect" : "Allow", "Action" : [ "iam:ListRoles", "iam:GetRolePolicy", "iam:GetUser" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : "*", "Condition" : { "StringEquals" : { "iam:PassedToService" : "cloudtrail.amazonaws.com" } } }, { "Effect" : "Allow", "Action" : [ "kms:CreateKey", "kms:CreateAlias", "kms:ListKeys", "kms:ListAliases" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "lambda:ListFunctions" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "dynamodb:ListGlobalTables", "dynamodb:ListTables" ], "Resource" : "*" } ] }
進一步了解
