本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWSResilienceHubAsssessmentExecutionPolicy
說明: AWS Resilience Hub 服務角色的政策,允許存取其他 AWS 服務以執行評估。
AWSResilienceHubAsssessmentExecutionPolicy 是 AWS 受管政策 。
使用此政策
您可以AWSResilienceHubAsssessmentExecutionPolicy連接至使用者、群組和角色。
政策詳細資訊
-
類型: AWS 受管政策
-
建立時間:2023 年 6 月 27 日 12:32 UTC
-
編輯時間:2024 年 9 月 17 日 13:08 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSResilienceHubAsssessmentExecutionPolicy
政策版本
政策版本:v6 (預設值)
政策的預設版本是定義政策許可的版本。當具有 政策的使用者或角色提出存取 AWS 資源的請求時, 會 AWS 檢查政策的預設版本,以決定是否允許請求。
JSON 政策文件
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AWSResilienceHubFullResourceStatement", "Effect" : "Allow", "Action" : [ "application-autoscaling:DescribeScalableTargets", "autoscaling:DescribeAutoScalingGroups", "backup:DescribeBackupVault", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:ListBackupPlans", "backup:ListBackupSelections", "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "cloudformation:ValidateTemplate", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "datasync:DescribeTask", "datasync:ListLocations", "datasync:ListTasks", "devops-guru:ListMonitoredResources", "dlm:GetLifecyclePolicies", "dlm:GetLifecyclePolicy", "docdb-elastic:GetCluster", "docdb-elastic:GetClusterSnapshot", "docdb-elastic:ListClusterSnapshots", "docdb-elastic:ListTagsForResource", "drs:DescribeJobs", "drs:DescribeSourceServers", "drs:GetReplicationConfiguration", "ds:DescribeDirectories", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:ListGlobalTables", "dynamodb:ListTagsOfResource", "ec2:DescribeAvailabilityZones", "ec2:DescribeFastSnapshotRestores", "ec2:DescribeFleets", "ec2:DescribeHosts", "ec2:DescribeInstances", "ec2:DescribeNatGateways", "ec2:DescribePlacementGroups", "ec2:DescribeRegions", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVolumes", "ec2:DescribeVpcEndpoints", "ecr:DescribeRegistry", "ecs:DescribeCapacityProviders", "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:ListContainerInstances", "ecs:ListServices", "eks:DescribeCluster", "eks:DescribeFargateProfile", "eks:DescribeNodegroup", "eks:ListFargateProfiles", "eks:ListNodegroups", "elasticache:DescribeCacheClusters", "elasticache:DescribeGlobalReplicationGroups", "elasticache:DescribeReplicationGroups", "elasticache:DescribeSnapshots", "elasticache:DescribeServerlessCaches", "elasticache:DescribeServerlessCacheSnapshots", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeReplicationConfigurations", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "fis:GetExperimentTemplate", "fis:ListExperimentTemplates", "fis:ListExperiments", "fsx:DescribeFileSystems", "lambda:GetFunctionConcurrency", "lambda:GetFunctionConfiguration", "lambda:ListAliases", "lambda:ListEventSourceMappings", "lambda:ListFunctionEventInvokeConfigs", "lambda:ListVersionsByFunction", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeDBInstances", "rds:DescribeDBProxies", "rds:DescribeDBProxyTargets", "rds:DescribeDBSnapshots", "rds:DescribeGlobalClusters", "rds:ListTagsForResource", "resource-groups:GetGroup", "resource-groups:ListGroupResources", "route53-recovery-control-config:ListClusters", "route53-recovery-control-config:ListControlPanels", "route53-recovery-control-config:ListRoutingControls", "route53-recovery-readiness:GetReadinessCheckStatus", "route53-recovery-readiness:GetResourceSet", "route53-recovery-readiness:ListReadinessChecks", "route53:GetHealthCheck", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListResourceRecordSets", "route53resolver:ListResolverEndpoints", "route53resolver:ListResolverEndpointIpAddresses", "s3:ListBucket", "servicecatalog:GetApplication", "servicecatalog:ListAssociatedResources", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "ssm:DescribeAutomationExecutions", "states:DescribeStateMachine", "states:ListStateMachineVersions", "states:ListStateMachineAliases", "tag:GetResources" ], "Resource" : "*" }, { "Sid" : "AWSResilienceHubApiGatewayStatement", "Effect" : "Allow", "Action" : [ "apigateway:GET" ], "Resource" : [ "arn:aws:apigateway:*::/apis/*", "arn:aws:apigateway:*::/restapis/*", "arn:aws:apigateway:*::/usageplans" ] }, { "Sid" : "AWSResilienceHubS3ArtifactStatement", "Effect" : "Allow", "Action" : [ "s3:CreateBucket", "s3:PutObject", "s3:GetObject" ], "Resource" : "arn:aws:s3:::aws-resilience-hub-artifacts-*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "AWSResilienceHubS3AccessStatement", "Effect" : "Allow", "Action" : [ "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketPolicyStatus", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetMultiRegionAccessPointRoutes", "s3:GetReplicationConfiguration", "s3:ListAllMyBuckets", "s3:ListMultiRegionAccessPoints" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "AWSResilienceHubCloudWatchStatement", "Effect" : "Allow", "Action" : [ "cloudwatch:PutMetricData" ], "Resource" : "*", "Condition" : { "StringEquals" : { "cloudwatch:namespace" : "ResilienceHub" } } }, { "Sid" : "AWSResilienceHubSSMStatement", "Effect" : "Allow", "Action" : [ "ssm:GetParametersByPath" ], "Resource" : "arn:aws:ssm:*:*:parameter/ResilienceHub/*" } ] }
進一步了解
