本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWSThinkboxAWSPortalAdminPolicy
描述:此政策會授予 AWS Thinkbox 的截止日期軟體對 AWS Portal 管理所需的多項 AWS 服務的完整存取權。這包括在數種 EC2 資源類型上建立任意標籤的存取權。
AWSThinkboxAWSPortalAdminPolicy 是AWS 受管政策。
使用此政策
您可以AWSThinkboxAWSPortalAdminPolicy連接至您的使用者、群組和角色。
政策詳細資訊
-
類型: AWS 受管政策
-
建立時間:2020 年 5 月 27 日 19:41 UTC
-
編輯時間:2024 年 11 月 12 日 19:22 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSThinkboxAWSPortalAdminPolicy
政策版本
政策版本:v9 (預設值)
政策的預設版本是定義政策許可的版本。當具有 政策的使用者或角色提出存取 AWS 資源的請求時, 會 AWS 檢查政策的預設版本,以決定是否允許請求。
JSON 政策文件
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AWSThinkboxAWSPortal1", "Effect" : "Allow", "Action" : [ "ec2:AttachInternetGateway", "ec2:AssociateAddress", "ec2:AssociateRouteTable", "ec2:AllocateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateFleet", "ec2:CreateLaunchTemplate", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreatePlacementGroup", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:DescribeAvailabilityZones", "ec2:DescribeAddresses", "ec2:DescribeFleets", "ec2:DescribeFleetHistory", "ec2:DescribeFleetInstances", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeLaunchTemplates", "ec2:DescribeRouteTables", "ec2:DescribeNatGateways", "ec2:DescribeTags", "ec2:DescribeKeyPairs", "ec2:DescribePlacementGroups", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeRegions", "ec2:DescribeSpotFleetRequestHistory", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:GetConsoleOutput", "ec2:ImportKeyPair", "ec2:ReleaseAddress", "ec2:RequestSpotFleet", "ec2:CancelSpotFleetRequests", "ec2:DisassociateAddress", "ec2:DeleteFleets", "ec2:DeleteLaunchTemplate", "ec2:DeleteVpc", "ec2:DeletePlacementGroup", "ec2:DeleteVpcEndpoints", "ec2:DeleteInternetGateway", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupIngress", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DisassociateRouteTable", "ec2:DeleteSubnet", "ec2:DeleteNatGateway", "ec2:DetachInternetGateway", "ec2:ModifyInstanceAttribute", "ec2:ModifyFleet", "ec2:ModifySpotFleetRequest", "ec2:ModifyVpcAttribute" ], "Resource" : "*" }, { "Sid" : "AWSThinkboxAWSPortal2", "Effect" : "Allow", "Action" : "ec2:RunInstances", "Resource" : [ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:launch-template/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:placement-group/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*::image/*" ] }, { "Sid" : "AWSThinkboxAWSPortal3", "Effect" : "Allow", "Action" : "ec2:RunInstances", "Resource" : "arn:aws:ec2:*:*:instance/*", "Condition" : { "ArnLike" : { "ec2:InstanceProfile" : "arn:aws:iam::*:instance-profile/AWSPortal*" } } }, { "Sid" : "AWSThinkboxAWSPortal4", "Effect" : "Allow", "Action" : "ec2:TerminateInstances", "Resource" : "*", "Condition" : { "StringEquals" : { "ec2:ResourceTag/aws:cloudformation:logical-id" : "ReverseForwarder" } } }, { "Sid" : "AWSThinkboxAWSPortal5", "Effect" : "Allow", "Action" : "ec2:TerminateInstances", "Resource" : "*", "Condition" : { "Null" : { "ec2:ResourceTag/aws:ec2spot:fleet-request-id" : false } } }, { "Sid" : "AWSThinkboxAWSPortal6", "Effect" : "Allow", "Action" : "ec2:TerminateInstances", "Resource" : "*", "Condition" : { "ArnLike" : { "ec2:PlacementGroup" : "arn:aws:ec2:*:*:placement-group/*DeadlinePlacementGroup*" } } }, { "Sid" : "AWSThinkboxAWSPortal7", "Effect" : "Allow", "Action" : [ "ec2:CreateTags" ], "Resource" : "arn:aws:ec2:*:*:instance/*", "Condition" : { "ArnLike" : { "ec2:PlacementGroup" : "arn:aws:ec2:*:*:placement-group/*DeadlinePlacementGroup*" } } }, { "Sid" : "AWSThinkboxAWSPortal8", "Effect" : "Allow", "Action" : [ "ec2:CreateTags" ], "Resource" : "*", "Condition" : { "StringLike" : { "ec2:CreateAction" : "RunInstances" } } }, { "Sid" : "AWSThinkboxAWSPortal9", "Effect" : "Allow", "Action" : [ "ec2:CreateTags", "ec2:DeleteTags" ], "Resource" : [ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:internet-gateway/*", "arn:aws:ec2:*:*:route-table/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:natgateway/*", "arn:aws:ec2:*:*:elastic-ip/*" ] }, { "Sid" : "AWSThinkboxAWSPortal10", "Effect" : "Allow", "Action" : [ "iam:GetUser" ], "Resource" : "*" }, { "Sid" : "AWSThinkboxAWSPortal11", "Effect" : "Allow", "Action" : [ "iam:GetInstanceProfile" ], "Resource" : [ "arn:aws:iam::*:instance-profile/AWSPortal*" ] }, { "Sid" : "AWSThinkboxAWSPortal12", "Effect" : "Allow", "Action" : [ "iam:GetPolicy", "iam:ListEntitiesForPolicy", "iam:ListPolicyVersions" ], "Resource" : [ "arn:aws:iam::*:policy/AWSPortal*" ] }, { "Sid" : "AWSThinkboxAWSPortal13", "Effect" : "Allow", "Action" : [ "iam:GetRole", "iam:GetRolePolicy" ], "Resource" : [ "arn:aws:iam::*:role/AWSPortal*", "arn:aws:iam::*:role/DeadlineSpot*" ] }, { "Sid" : "AWSThinkboxAWSPortal14", "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : [ "arn:aws:iam::*:role/AWSPortal*", "arn:aws:iam::*:role/DeadlineSpot*" ], "Condition" : { "StringEquals" : { "iam:PassedToService" : [ "ec2.amazonaws.com", "ec2fleet.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com", "cloudformation.amazonaws.com" ] } } }, { "Sid" : "AWSThinkboxAWSPortal15", "Effect" : "Allow", "Action" : "iam:CreateServiceLinkedRole", "Resource" : "arn:aws:iam::*:role/aws-service-role/*", "Condition" : { "StringEquals" : { "iam:AWSServiceName" : [ "ec2fleet.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com" ] } } }, { "Sid" : "AWSThinkboxAWSPortal16", "Effect" : "Allow", "Action" : [ "s3:CreateBucket", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketVersioning", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketVersioning", "s3:GetBucketAcl", "s3:GetObject", "s3:PutBucketLogging", "s3:PutBucketTagging", "s3:PutObject", "s3:ListBucket", "s3:ListBucketVersions", "s3:PutEncryptionConfiguration", "s3:PutLifecycleConfiguration", "s3:DeleteBucket", "s3:DeleteObject", "s3:DeleteBucketPolicy", "s3:DeleteObjectVersion" ], "Resource" : [ "arn:aws:s3::*:awsportal*", "arn:aws:s3::*:stack*", "arn:aws:s3::*:aws-portal-cache*", "arn:aws:s3::*:logs-for-aws-portal-cache*", "arn:aws:s3::*:logs-for-stack*" ] }, { "Sid" : "AWSThinkboxAWSPortal17", "Effect" : "Allow", "Action" : [ "s3:PutBucketPolicy" ], "Resource" : [ "arn:aws:s3::*:logs-for-aws-portal-cache*" ] }, { "Sid" : "AWSThinkboxAWSPortal18", "Effect" : "Allow", "Action" : [ "s3:PutBucketOwnershipControls" ], "Resource" : [ "arn:aws:s3::*:logs-for-stack*" ] }, { "Sid" : "AWSThinkboxAWSPortal19", "Effect" : "Allow", "Action" : [ "s3:ListAllMyBuckets" ], "Resource" : "*" }, { "Sid" : "AWSThinkboxAWSPortal20", "Effect" : "Allow", "Action" : [ "dynamodb:Scan" ], "Resource" : "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" }, { "Sid" : "AWSThinkboxAWSPortal21", "Effect" : "Allow", "Action" : [ "cloudformation:CreateStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:DeleteStack", "cloudformation:DeleteChangeSet", "cloudformation:ListStackResources", "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:UpdateTerminationProtection", "cloudformation:TagResource", "cloudformation:UntagResource" ], "Resource" : [ "arn:aws:cloudformation:*:*:stack/stack*/*", "arn:aws:cloudformation:*:*:stack/Deadline*/*" ] }, { "Sid" : "AWSThinkboxAWSPortal22", "Effect" : "Allow", "Action" : [ "cloudformation:EstimateTemplateCost", "cloudformation:DescribeStacks", "cloudformation:ListStacks" ], "Resource" : "*" }, { "Sid" : "AWSThinkboxAWSPortal23", "Effect" : "Allow", "Action" : [ "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy" ], "Resource" : "arn:aws:logs:*:*:log-group:/thinkbox*" }, { "Sid" : "AWSThinkboxAWSPortal24", "Effect" : "Allow", "Action" : [ "logs:DescribeLogGroups", "logs:CreateLogGroup" ], "Resource" : "*" }, { "Sid" : "AWSThinkboxAWSPortal25", "Effect" : "Allow", "Action" : [ "kms:Encrypt", "kms:GenerateDataKey" ], "Resource" : [ "*" ], "Condition" : { "StringLike" : { "kms:ViaService" : [ "s3.*.amazonaws.com", "secretsmanager.*.amazonaws.com" ] } } }, { "Sid" : "AWSThinkboxAWSPortal26", "Effect" : "Allow", "Action" : [ "secretsmanager:CreateSecret" ], "Resource" : "*", "Condition" : { "StringLike" : { "secretsmanager:Name" : [ "rcs-tls-pw*" ] } } }, { "Sid" : "AWSThinkboxAWSPortal27", "Effect" : "Allow", "Action" : [ "secretsmanager:DeleteSecret", "secretsmanager:UpdateSecret", "secretsmanager:DescribeSecret", "secretsmanager:TagResource" ], "Resource" : "arn:aws:secretsmanager:*:*:secret:rcs-tls-pw*" } ] }
進一步了解
