本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWSThinkboxAWSPortalAdminPolicy
描述:此政策會授予 AWS Thinkbox 的截止日期軟體對 AWS Portal 管理所需的多項 AWS 服務的完整存取權。這包括在數種 EC2 資源類型上建立任意標籤的存取權。
AWSThinkboxAWSPortalAdminPolicy 是AWS 受管政策。
使用此政策
您可以AWSThinkboxAWSPortalAdminPolicy連接至您的使用者、群組和角色。
政策詳細資訊
-
類型: AWS 受管政策
-
建立時間:2020 年 5 月 27 日 19:41 UTC
-
編輯時間:2024 年 11 月 12 日 19:22 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSThinkboxAWSPortalAdminPolicy
政策版本
政策版本:v9 (預設值)
政策的預設版本是定義政策許可的版本。當具有 政策的使用者或角色提出存取 AWS 資源的請求時, 會 AWS 檢查政策的預設版本,以決定是否允許請求。
JSON 政策文件
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "AWSThinkboxAWSPortal1",
"Effect" : "Allow",
"Action" : [
"ec2:AttachInternetGateway",
"ec2:AssociateAddress",
"ec2:AssociateRouteTable",
"ec2:AllocateAddress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateFleet",
"ec2:CreateLaunchTemplate",
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreatePlacementGroup",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeAddresses",
"ec2:DescribeFleets",
"ec2:DescribeFleetHistory",
"ec2:DescribeFleetInstances",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeRouteTables",
"ec2:DescribeNatGateways",
"ec2:DescribeTags",
"ec2:DescribeKeyPairs",
"ec2:DescribePlacementGroups",
"ec2:DescribeInstanceTypeOfferings",
"ec2:DescribeRegions",
"ec2:DescribeSpotFleetRequestHistory",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotFleetInstances",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeSpotPriceHistory",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints",
"ec2:GetConsoleOutput",
"ec2:ImportKeyPair",
"ec2:ReleaseAddress",
"ec2:RequestSpotFleet",
"ec2:CancelSpotFleetRequests",
"ec2:DisassociateAddress",
"ec2:DeleteFleets",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteVpc",
"ec2:DeletePlacementGroup",
"ec2:DeleteVpcEndpoints",
"ec2:DeleteInternetGateway",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupIngress",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DisassociateRouteTable",
"ec2:DeleteSubnet",
"ec2:DeleteNatGateway",
"ec2:DetachInternetGateway",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyFleet",
"ec2:ModifySpotFleetRequest",
"ec2:ModifyVpcAttribute"
],
"Resource" : "*"
},
{
"Sid" : "AWSThinkboxAWSPortal2",
"Effect" : "Allow",
"Action" : "ec2:RunInstances",
"Resource" : [
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:*:launch-template/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:placement-group/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*::image/*"
]
},
{
"Sid" : "AWSThinkboxAWSPortal3",
"Effect" : "Allow",
"Action" : "ec2:RunInstances",
"Resource" : "arn:aws:ec2:*:*:instance/*",
"Condition" : {
"ArnLike" : {
"ec2:InstanceProfile" : "arn:aws:iam::*:instance-profile/AWSPortal*"
}
}
},
{
"Sid" : "AWSThinkboxAWSPortal4",
"Effect" : "Allow",
"Action" : "ec2:TerminateInstances",
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"ec2:ResourceTag/aws:cloudformation:logical-id" : "ReverseForwarder"
}
}
},
{
"Sid" : "AWSThinkboxAWSPortal5",
"Effect" : "Allow",
"Action" : "ec2:TerminateInstances",
"Resource" : "*",
"Condition" : {
"Null" : {
"ec2:ResourceTag/aws:ec2spot:fleet-request-id" : false
}
}
},
{
"Sid" : "AWSThinkboxAWSPortal6",
"Effect" : "Allow",
"Action" : "ec2:TerminateInstances",
"Resource" : "*",
"Condition" : {
"ArnLike" : {
"ec2:PlacementGroup" : "arn:aws:ec2:*:*:placement-group/*DeadlinePlacementGroup*"
}
}
},
{
"Sid" : "AWSThinkboxAWSPortal7",
"Effect" : "Allow",
"Action" : [
"ec2:CreateTags"
],
"Resource" : "arn:aws:ec2:*:*:instance/*",
"Condition" : {
"ArnLike" : {
"ec2:PlacementGroup" : "arn:aws:ec2:*:*:placement-group/*DeadlinePlacementGroup*"
}
}
},
{
"Sid" : "AWSThinkboxAWSPortal8",
"Effect" : "Allow",
"Action" : [
"ec2:CreateTags"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"ec2:CreateAction" : "RunInstances"
}
}
},
{
"Sid" : "AWSThinkboxAWSPortal9",
"Effect" : "Allow",
"Action" : [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Resource" : [
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:internet-gateway/*",
"arn:aws:ec2:*:*:route-table/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:vpc/*",
"arn:aws:ec2:*:*:natgateway/*",
"arn:aws:ec2:*:*:elastic-ip/*"
]
},
{
"Sid" : "AWSThinkboxAWSPortal10",
"Effect" : "Allow",
"Action" : [
"iam:GetUser"
],
"Resource" : "*"
},
{
"Sid" : "AWSThinkboxAWSPortal11",
"Effect" : "Allow",
"Action" : [
"iam:GetInstanceProfile"
],
"Resource" : [
"arn:aws:iam::*:instance-profile/AWSPortal*"
]
},
{
"Sid" : "AWSThinkboxAWSPortal12",
"Effect" : "Allow",
"Action" : [
"iam:GetPolicy",
"iam:ListEntitiesForPolicy",
"iam:ListPolicyVersions"
],
"Resource" : [
"arn:aws:iam::*:policy/AWSPortal*"
]
},
{
"Sid" : "AWSThinkboxAWSPortal13",
"Effect" : "Allow",
"Action" : [
"iam:GetRole",
"iam:GetRolePolicy"
],
"Resource" : [
"arn:aws:iam::*:role/AWSPortal*",
"arn:aws:iam::*:role/DeadlineSpot*"
]
},
{
"Sid" : "AWSThinkboxAWSPortal14",
"Effect" : "Allow",
"Action" : [
"iam:PassRole"
],
"Resource" : [
"arn:aws:iam::*:role/AWSPortal*",
"arn:aws:iam::*:role/DeadlineSpot*"
],
"Condition" : {
"StringEquals" : {
"iam:PassedToService" : [
"ec2.amazonaws.com",
"ec2fleet.amazonaws.com",
"spot.amazonaws.com",
"spotfleet.amazonaws.com",
"cloudformation.amazonaws.com"
]
}
}
},
{
"Sid" : "AWSThinkboxAWSPortal15",
"Effect" : "Allow",
"Action" : "iam:CreateServiceLinkedRole",
"Resource" : "arn:aws:iam::*:role/aws-service-role/*",
"Condition" : {
"StringEquals" : {
"iam:AWSServiceName" : [
"ec2fleet.amazonaws.com",
"spot.amazonaws.com",
"spotfleet.amazonaws.com"
]
}
}
},
{
"Sid" : "AWSThinkboxAWSPortal16",
"Effect" : "Allow",
"Action" : [
"s3:CreateBucket",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketVersioning",
"s3:PutBucketAcl",
"s3:PutBucketCORS",
"s3:PutBucketVersioning",
"s3:GetBucketAcl",
"s3:GetObject",
"s3:PutBucketLogging",
"s3:PutBucketTagging",
"s3:PutObject",
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:PutEncryptionConfiguration",
"s3:PutLifecycleConfiguration",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:DeleteBucketPolicy",
"s3:DeleteObjectVersion"
],
"Resource" : [
"arn:aws:s3::*:awsportal*",
"arn:aws:s3::*:stack*",
"arn:aws:s3::*:aws-portal-cache*",
"arn:aws:s3::*:logs-for-aws-portal-cache*",
"arn:aws:s3::*:logs-for-stack*"
]
},
{
"Sid" : "AWSThinkboxAWSPortal17",
"Effect" : "Allow",
"Action" : [
"s3:PutBucketPolicy"
],
"Resource" : [
"arn:aws:s3::*:logs-for-aws-portal-cache*"
]
},
{
"Sid" : "AWSThinkboxAWSPortal18",
"Effect" : "Allow",
"Action" : [
"s3:PutBucketOwnershipControls"
],
"Resource" : [
"arn:aws:s3::*:logs-for-stack*"
]
},
{
"Sid" : "AWSThinkboxAWSPortal19",
"Effect" : "Allow",
"Action" : [
"s3:ListAllMyBuckets"
],
"Resource" : "*"
},
{
"Sid" : "AWSThinkboxAWSPortal20",
"Effect" : "Allow",
"Action" : [
"dynamodb:Scan"
],
"Resource" : "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*"
},
{
"Sid" : "AWSThinkboxAWSPortal21",
"Effect" : "Allow",
"Action" : [
"cloudformation:CreateStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResources",
"cloudformation:DeleteStack",
"cloudformation:DeleteChangeSet",
"cloudformation:ListStackResources",
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:UpdateTerminationProtection",
"cloudformation:TagResource",
"cloudformation:UntagResource"
],
"Resource" : [
"arn:aws:cloudformation:*:*:stack/stack*/*",
"arn:aws:cloudformation:*:*:stack/Deadline*/*"
]
},
{
"Sid" : "AWSThinkboxAWSPortal22",
"Effect" : "Allow",
"Action" : [
"cloudformation:EstimateTemplateCost",
"cloudformation:DescribeStacks",
"cloudformation:ListStacks"
],
"Resource" : "*"
},
{
"Sid" : "AWSThinkboxAWSPortal23",
"Effect" : "Allow",
"Action" : [
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"logs:PutRetentionPolicy",
"logs:DeleteRetentionPolicy"
],
"Resource" : "arn:aws:logs:*:*:log-group:/thinkbox*"
},
{
"Sid" : "AWSThinkboxAWSPortal24",
"Effect" : "Allow",
"Action" : [
"logs:DescribeLogGroups",
"logs:CreateLogGroup"
],
"Resource" : "*"
},
{
"Sid" : "AWSThinkboxAWSPortal25",
"Effect" : "Allow",
"Action" : [
"kms:Encrypt",
"kms:GenerateDataKey"
],
"Resource" : [
"*"
],
"Condition" : {
"StringLike" : {
"kms:ViaService" : [
"s3.*.amazonaws.com",
"secretsmanager.*.amazonaws.com"
]
}
}
},
{
"Sid" : "AWSThinkboxAWSPortal26",
"Effect" : "Allow",
"Action" : [
"secretsmanager:CreateSecret"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"secretsmanager:Name" : [
"rcs-tls-pw*"
]
}
}
},
{
"Sid" : "AWSThinkboxAWSPortal27",
"Effect" : "Allow",
"Action" : [
"secretsmanager:DeleteSecret",
"secretsmanager:UpdateSecret",
"secretsmanager:DescribeSecret",
"secretsmanager:TagResource"
],
"Resource" : "arn:aws:secretsmanager:*:*:secret:rcs-tls-pw*"
}
]
}進一步了解
