本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWSResilienceHubAsssessmentExecutionPolicy
描述: AWS Resilience Hub 服務角色的政策,允許存取其他 AWS 服務以執行評估。
AWSResilienceHubAsssessmentExecutionPolicy 是AWS 受管政策。
使用此政策
您可以將 AWSResilienceHubAsssessmentExecutionPolicy連接到您的使用者、群組和角色。
政策詳細資訊
-
類型: AWS 受管政策
-
建立時間:2023 年 6 月 27 日 12:32 UTC
-
編輯時間:2024 年 12 月 16 日 14:40 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSResilienceHubAsssessmentExecutionPolicy
政策版本
政策版本:v7 (預設值)
政策的預設版本是定義政策許可的版本。當具有 政策的使用者或角色提出存取 AWS 資源的請求時, 會 AWS 檢查政策的預設版本,以決定是否允許請求。
JSON 政策文件
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "AWSResilienceHubFullResourceStatement",
"Effect" : "Allow",
"Action" : [
"application-autoscaling:DescribeScalableTargets",
"autoscaling:DescribeAutoScalingGroups",
"backup:DescribeBackupVault",
"backup:GetBackupPlan",
"backup:GetBackupSelection",
"backup:ListBackupPlans",
"backup:ListBackupSelections",
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources",
"cloudformation:ValidateTemplate",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"datasync:DescribeTask",
"datasync:ListLocations",
"datasync:ListTasks",
"devops-guru:ListMonitoredResources",
"dlm:GetLifecyclePolicies",
"dlm:GetLifecyclePolicy",
"docdb-elastic:GetCluster",
"docdb-elastic:GetClusterSnapshot",
"docdb-elastic:ListClusterSnapshots",
"docdb-elastic:ListTagsForResource",
"drs:DescribeJobs",
"drs:DescribeSourceServers",
"drs:GetReplicationConfiguration",
"ds:DescribeDirectories",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeGlobalTable",
"dynamodb:DescribeLimits",
"dynamodb:DescribeTable",
"dynamodb:ListGlobalTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeFastSnapshotRestores",
"ec2:DescribeFleets",
"ec2:DescribeHosts",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribePlacementGroups",
"ec2:DescribeRegions",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVpcEndpoints",
"ecr:DescribeRegistry",
"ecs:DescribeCapacityProviders",
"ecs:DescribeClusters",
"ecs:DescribeContainerInstances",
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:ListContainerInstances",
"ecs:ListServices",
"eks:DescribeCluster",
"eks:DescribeFargateProfile",
"eks:DescribeNodegroup",
"eks:ListFargateProfiles",
"eks:ListNodegroups",
"elasticache:DescribeCacheClusters",
"elasticache:DescribeGlobalReplicationGroups",
"elasticache:DescribeReplicationGroups",
"elasticache:DescribeSnapshots",
"elasticache:DescribeServerlessCaches",
"elasticache:DescribeServerlessCacheSnapshots",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeLifecycleConfiguration",
"elasticfilesystem:DescribeMountTargets",
"elasticfilesystem:DescribeReplicationConfigurations",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"fis:GetExperiment",
"fis:GetExperimentTemplate",
"fis:ListExperimentTemplates",
"fis:ListExperiments",
"fis:ListExperimentResolvedTargets",
"fsx:DescribeFileSystems",
"lambda:GetFunctionConcurrency",
"lambda:GetFunctionConfiguration",
"lambda:ListAliases",
"lambda:ListEventSourceMappings",
"lambda:ListFunctionEventInvokeConfigs",
"lambda:ListVersionsByFunction",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBInstanceAutomatedBackups",
"rds:DescribeDBInstances",
"rds:DescribeDBProxies",
"rds:DescribeDBProxyTargets",
"rds:DescribeDBSnapshots",
"rds:DescribeGlobalClusters",
"rds:ListTagsForResource",
"resource-groups:GetGroup",
"resource-groups:ListGroupResources",
"route53-recovery-control-config:ListClusters",
"route53-recovery-control-config:ListControlPanels",
"route53-recovery-control-config:ListRoutingControls",
"route53-recovery-readiness:GetReadinessCheckStatus",
"route53-recovery-readiness:GetResourceSet",
"route53-recovery-readiness:ListReadinessChecks",
"route53:GetHealthCheck",
"route53:ListHealthChecks",
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"route53resolver:ListResolverEndpoints",
"route53resolver:ListResolverEndpointIpAddresses",
"s3:ListBucket",
"servicecatalog:GetApplication",
"servicecatalog:ListAssociatedResources",
"sns:GetSubscriptionAttributes",
"sns:GetTopicAttributes",
"sns:ListSubscriptionsByTopic",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"ssm:DescribeAutomationExecutions",
"states:DescribeStateMachine",
"states:ListStateMachineVersions",
"states:ListStateMachineAliases",
"tag:GetResources"
],
"Resource" : "*"
},
{
"Sid" : "AWSResilienceHubApiGatewayStatement",
"Effect" : "Allow",
"Action" : [
"apigateway:GET"
],
"Resource" : [
"arn:aws:apigateway:*::/apis/*",
"arn:aws:apigateway:*::/restapis/*",
"arn:aws:apigateway:*::/usageplans"
]
},
{
"Sid" : "AWSResilienceHubS3ArtifactStatement",
"Effect" : "Allow",
"Action" : [
"s3:CreateBucket",
"s3:PutObject",
"s3:GetObject"
],
"Resource" : "arn:aws:s3:::aws-resilience-hub-artifacts-*",
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "AWSResilienceHubS3AccessStatement",
"Effect" : "Allow",
"Action" : [
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketPolicyStatus",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetMultiRegionAccessPointRoutes",
"s3:GetReplicationConfiguration",
"s3:ListAllMyBuckets",
"s3:ListMultiRegionAccessPoints"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "AWSResilienceHubCloudWatchStatement",
"Effect" : "Allow",
"Action" : [
"cloudwatch:PutMetricData"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"cloudwatch:namespace" : "ResilienceHub"
}
}
},
{
"Sid" : "AWSResilienceHubSSMStatement",
"Effect" : "Allow",
"Action" : [
"ssm:GetParametersByPath"
],
"Resource" : "arn:aws:ssm:*:*:parameter/ResilienceHub/*"
}
]
}進一步了解
