本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AwsGlueDataBrewFullAccessPolicy
描述:提供 DataBrew 透過 AWS Glue 的完整存取權 AWS Management Console。還提供對相關服務(例如 S3,KMS,Glue)的選擇訪問權限。
AwsGlueDataBrewFullAccessPolicy是AWS 受管理的策略。
使用此政策
您可以附加AwsGlueDataBrewFullAccessPolicy至您的使用者、群組和角色。
政策詳情
-
類型: AWS 受管理的策略
-
創建時間:二零二零年十一月十一日, 16:51 世界標準
-
編輯時間:2022 年 2 月 4 日,世界標準時間下午 18:28
-
ARN:
arn:aws:iam::aws:policy/AwsGlueDataBrewFullAccessPolicy
政策版本
策略版本:v8(預設值)
原則的預設版本是定義原則權限的版本。當具有策略的使用者或角色發出要求以存取 AWS 資源時,請 AWS 檢查原則的預設版本,以決定是否允許該要求。
政策文件
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : [
"databrew:CreateDataset",
"databrew:DescribeDataset",
"databrew:ListDatasets",
"databrew:UpdateDataset",
"databrew:DeleteDataset",
"databrew:CreateProject",
"databrew:DescribeProject",
"databrew:ListProjects",
"databrew:StartProjectSession",
"databrew:SendProjectSessionAction",
"databrew:UpdateProject",
"databrew:DeleteProject",
"databrew:CreateRecipe",
"databrew:DescribeRecipe",
"databrew:ListRecipes",
"databrew:ListRecipeVersions",
"databrew:PublishRecipe",
"databrew:UpdateRecipe",
"databrew:BatchDeleteRecipeVersion",
"databrew:DeleteRecipeVersion",
"databrew:CreateRecipeJob",
"databrew:CreateProfileJob",
"databrew:DescribeJob",
"databrew:DescribeJobRun",
"databrew:ListJobRuns",
"databrew:ListJobs",
"databrew:StartJobRun",
"databrew:StopJobRun",
"databrew:UpdateProfileJob",
"databrew:UpdateRecipeJob",
"databrew:DeleteJob",
"databrew:CreateSchedule",
"databrew:DescribeSchedule",
"databrew:ListSchedules",
"databrew:UpdateSchedule",
"databrew:DeleteSchedule",
"databrew:CreateRuleset",
"databrew:DeleteRuleset",
"databrew:DescribeRuleset",
"databrew:ListRulesets",
"databrew:UpdateRuleset",
"databrew:ListTagsForResource",
"databrew:TagResource",
"databrew:UntagResource"
],
"Resource" : [
"*"
]
},
{
"Effect" : "Allow",
"Action" : [
"appflow:DescribeFlow",
"appflow:DescribeFlowExecutionRecords",
"appflow:ListFlows",
"glue:GetConnection",
"glue:GetConnections",
"glue:GetDatabases",
"glue:GetPartitions",
"glue:GetTable",
"glue:GetTables",
"glue:GetDataCatalogEncryptionSettings",
"dataexchange:ListDataSets",
"dataexchange:ListDataSetRevisions",
"dataexchange:ListRevisionAssets",
"dataexchange:CreateJob",
"dataexchange:StartJob",
"dataexchange:GetJob",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"kms:DescribeKey",
"kms:ListKeys",
"kms:ListAliases",
"redshift:DescribeClusters",
"redshift:DescribeClusterSubnetGroups",
"redshift-data:DescribeStatement",
"redshift-data:ListDatabases",
"redshift-data:ListSchemas",
"redshift-data:ListTables",
"s3:ListAllMyBuckets",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:GetLifecycleConfiguration",
"secretsmanager:ListSecrets",
"secretsmanager:DescribeSecret",
"sts:GetCallerIdentity",
"cloudtrail:LookupEvents",
"iam:ListRoles",
"iam:GetRole"
],
"Resource" : [
"*"
]
},
{
"Effect" : "Allow",
"Action" : [
"glue:CreateConnection"
],
"Resource" : [
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:connection/AwsGlueDataBrew-*"
]
},
{
"Effect" : "Allow",
"Action" : [
"glue:GetDatabases"
],
"Resource" : [
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/*"
]
},
{
"Effect" : "Allow",
"Action" : [
"glue:CreateTable"
],
"Resource" : [
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/*",
"arn:aws:glue:*:*:table/*/awsgluedatabrew*"
]
},
{
"Effect" : "Allow",
"Action" : [
"s3:ListBucket",
"s3:GetObject"
],
"Resource" : [
"arn:aws:s3:::databrew-public-datasets-*"
]
},
{
"Effect" : "Allow",
"Action" : [
"kms:GenerateDataKey"
],
"Resource" : [
"*"
],
"Condition" : {
"StringLike" : {
"kms:ViaService" : "s3.*.amazonaws.com"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"secretsmanager:CreateSecret"
],
"Resource" : "arn:aws:secretsmanager:*:*:secret:AwsGlueDataBrew-*"
},
{
"Effect" : "Allow",
"Action" : [
"kms:GenerateRandom"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"secretsmanager:GetSecretValue"
],
"Resource" : "arn:aws:secretsmanager:*:*:secret:databrew!default-*",
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : [
"databrew.amazonaws.com"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"secretsmanager:CreateSecret"
],
"Resource" : "arn:aws:secretsmanager:*:*:secret:databrew!default-*",
"Condition" : {
"StringLike" : {
"secretsmanager:Name" : "databrew!default"
},
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : [
"databrew.amazonaws.com"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"iam:PassRole"
],
"Resource" : "arn:aws:iam::*:role/*",
"Condition" : {
"StringEquals" : {
"iam:PassedToService" : [
"databrew.amazonaws.com"
]
}
}
}
]
}進一步了解
