SystemAdministrator - AWS 受管政策

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

SystemAdministrator

描述:授予應用程式和開發作業所需資源所需的完整存取權限。

SystemAdministratorAWS 受管理的策略

使用此政策

您可以附加SystemAdministrator至您的使用者、群組和角色。

政策詳情

  • 類型:Job 職能政策

  • 創建時間:二零一六年十一月十日, 17:23 世界標準時

  • 編輯時間:2020 年 8 月 24 日,世界標準時間 20:05

  • ARN: arn:aws:iam::aws:policy/job-function/SystemAdministrator

政策版本

策略版本:v6(預設值)

原則的預設版本是定義原則權限的版本。當具有策略的使用者或角色發出要求以存取 AWS 資源時,請 AWS 檢查原則的預設版本,以決定是否允許該要求。

政策文件

{ "Statement" : [ { "Action" : [ "acm:Describe*", "acm:Get*", "acm:List*", "acm:Request*", "acm:Resend*", "autoscaling:*", "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudtrail:ListPublicKeys", "cloudtrail:ListTags", "cloudtrail:LookupEvents", "cloudtrail:StartLogging", "cloudtrail:StopLogging", "cloudwatch:*", "codecommit:BatchGetRepositories", "codecommit:CreateBranch", "codecommit:CreateRepository", "codecommit:Get*", "codecommit:GitPull", "codecommit:GitPush", "codecommit:List*", "codecommit:Put*", "codecommit:Test*", "codecommit:Update*", "codedeploy:*", "codepipeline:*", "config:*", "ds:*", "ec2:Allocate*", "ec2:AssignPrivateIpAddresses*", "ec2:Associate*", "ec2:Allocate*", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachVpnGateway", "ec2:Bundle*", "ec2:Cancel*", "ec2:Copy*", "ec2:CreateCustomerGateway", "ec2:CreateDhcpOptions", "ec2:CreateFlowLogs", "ec2:CreateImage", "ec2:CreateInstanceExportTask", "ec2:CreateInternetGateway", "ec2:CreateKeyPair", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:CreateNatGateway", "ec2:CreateNetworkInterface", "ec2:CreatePlacementGroup", "ec2:CreateReservedInstancesListing", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSnapshot", "ec2:CreateSpotDatafeedSubscription", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVolume", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpnConnection", "ec2:CreateVpnConnectionRoute", "ec2:CreateVpnGateway", "ec2:DeleteFlowLogs", "ec2:DeleteKeyPair", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:DeleteNatGateway", "ec2:DeleteNetworkInterface", "ec2:DeletePlacementGroup", "ec2:DeleteSnapshot", "ec2:DeleteSpotDatafeedSubscription", "ec2:DeleteSubnet", "ec2:DeleteTags", "ec2:DeleteVpc", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpnConnection", "ec2:DeleteVpnConnectionRoute", "ec2:DeleteVpnGateway", "ec2:DeregisterImage", "ec2:Describe*", "ec2:DetachInternetGateway", "ec2:DetachNetworkInterface", "ec2:DetachVpnGateway", "ec2:DisableVgwRoutePropagation", "ec2:DisableVpcClassicLinkDnsSupport", "ec2:DisassociateAddress", "ec2:DisassociateRouteTable", "ec2:EnableVgwRoutePropagation", "ec2:EnableVolumeIO", "ec2:EnableVpcClassicLinkDnsSupport", "ec2:GetConsoleOutput", "ec2:GetHostReservationPurchasePreview", "ec2:GetLaunchTemplateData", "ec2:GetPasswordData", "ec2:Import*", "ec2:Modify*", "ec2:MonitorInstances", "ec2:MoveAddressToVpc", "ec2:Purchase*", "ec2:RegisterImage", "ec2:Release*", "ec2:Replace*", "ec2:ReportInstanceStatus", "ec2:Request*", "ec2:Reset*", "ec2:RestoreAddressToClassic", "ec2:RunScheduledInstances", "ec2:UnassignPrivateIpAddresses", "ec2:UnmonitorInstances", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "elasticloadbalancing:*", "events:*", "iam:GetAccount*", "iam:GetContextKeys*", "iam:GetCredentialReport", "iam:ListAccountAliases", "iam:ListGroups", "iam:ListOpenIDConnectProviders", "iam:ListPolicies", "iam:ListPoliciesGrantingServiceAccess", "iam:ListRoles", "iam:ListSAMLProviders", "iam:ListServerCertificates", "iam:Simulate*", "iam:UpdateServerCertificate", "iam:UpdateSigningCertificate", "kinesis:ListStreams", "kinesis:PutRecord", "kms:CreateAlias", "kms:CreateKey", "kms:DeleteAlias", "kms:Describe*", "kms:GenerateRandom", "kms:Get*", "kms:List*", "kms:Encrypt", "kms:ReEncrypt*", "lambda:Create*", "lambda:Delete*", "lambda:Get*", "lambda:InvokeFunction", "lambda:List*", "lambda:PublishVersion", "lambda:Update*", "logs:*", "rds:Describe*", "rds:ListTagsForResource", "route53:*", "route53domains:*", "ses:*", "sns:*", "sqs:*", "trustedadvisor:*" ], "Effect" : "Allow", "Resource" : "*" }, { "Action" : [ "ec2:AcceptVpcPeeringConnection", "ec2:AttachClassicLinkVpc", "ec2:AttachVolume", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateVpcPeeringConnection", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteInternetGateway", "ec2:DeleteNetworkAcl*", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteVolume", "ec2:DeleteVpcPeeringConnection", "ec2:DetachClassicLinkVpc", "ec2:DetachVolume", "ec2:DisableVpcClassicLink", "ec2:EnableVpcClassicLink", "ec2:GetConsoleScreenshot", "ec2:RebootInstances", "ec2:RejectVpcPeeringConnection", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Effect" : "Allow", "Resource" : [ "*" ] }, { "Action" : "s3:*", "Effect" : "Allow", "Resource" : [ "*" ] }, { "Action" : [ "iam:GetAccessKeyLastUsed", "iam:GetGroup*", "iam:GetInstanceProfile", "iam:GetLoginProfile", "iam:GetOpenIDConnectProvider", "iam:GetPolicy*", "iam:GetRole*", "iam:GetSAMLProvider", "iam:GetSSHPublicKey", "iam:GetServerCertificate", "iam:GetServiceLastAccessed*", "iam:GetUser*", "iam:ListAccessKeys", "iam:ListAttached*", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroupsForUser", "iam:ListInstanceProfiles*", "iam:ListMFADevices", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:ListSSHPublicKeys", "iam:ListSigningCertificates", "iam:ListUserPolicies", "iam:Upload*" ], "Effect" : "Allow", "Resource" : [ "*" ] }, { "Action" : [ "iam:GetRole", "iam:ListRoles", "iam:PassRole" ], "Effect" : "Allow", "Resource" : [ "arn:aws:iam::*:role/rds-monitoring-role", "arn:aws:iam::*:role/ec2-sysadmin-*", "arn:aws:iam::*:role/ecr-sysadmin-*", "arn:aws:iam::*:role/lambda-sysadmin-*" ] } ], "Version" : "2012-10-17" }

進一步了解