本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS 受管理的政策 AWS Data Exchange
受 AWS 管理的策略是由建立和管理的獨立策略 AWS。 AWS 受管理的策略旨在為許多常見使用案例提供權限,以便您可以開始將權限指派給使用者、群組和角色。
請記住, AWS 受管理的政策可能不會為您的特定使用案例授與最低權限權限,因為這些權限可供所有 AWS 客戶使用。我們建議您定義使用案例專屬的客戶管理政策,以便進一步減少許可。
您無法變更受 AWS 管理策略中定義的權限。如果 AWS 更新 AWS 受管理原則中定義的權限,則此更新會影響附加原則的所有主體識別 (使用者、群組和角色)。 AWS 當新的啟動或新 AWS 服務 的 API 操作可用於現有服務時,最有可能更新 AWS 受管理策略。
如需詳細資訊,請參閱《IAM 使用者指南》中的 AWS 受管政策。
AWS 受管理的策略:AWSDataExchangeFullAccess
您可將 AWSDataExchangeFullAccess 政策連接到 IAM 身分。
此原則會授與管理權限,允許使用 AWS Data Exchange 和 SDK 進行完整存取 AWS Management Console 和 AWS Marketplace 動作。它還提供對 Amazon S3 的選擇存取 AWS Key Management Service ,並視需要充分利用 AWS Data Exchange。
許可詳細資訊
此政策包含以下許可:
-
AWS Data Exchange— 允許主參與者完全存取 AWS Data Exchange。這包括提供數據產品和訂閱它們。 -
AWS Marketplace— 允許主參與者存取以提 AWS Marketplace 供產品、訂閱產品及管理產品協定。這是提供或訂閱數據產品所必需的。 -
Amazon S3— 允許主體從 Amazon 簡單儲存服務取得 AWS Data Exchange 相關物件 (包括資料產品檔案),並將 AWS Data Exchange 相關檔案上傳到 Amazon S3。這對於提供和訂閱數據產品是必需的。 -
Amazon Redshift— 允許主體檢視用於匯入之 Amazon Redshift AWS Data Exchange 的資料庫,並授權他們。這是提供 Amazon Redshift 數據產品所必需的。 -
Amazon API Gateway— 允許校長從亞馬遜 API 網關獲取 Amazon API Gateway API,並上傳 API。這是提供 Amazon API Gateway 資料集的必要條件。 -
AWS KMS— 允許存取清單和描述中的金鑰 AWS Key Management Service。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DataExchangeActions", "Effect": "Allow", "Action": [ "dataexchange:*" ], "Resource": "*" }, { "Sid": "S3GetActionConditionalResourceAndADX", "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::*aws-data-exchange*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Sid": "S3GetActionConditionalTagAndADX", "Effect": "Allow", "Action": "s3:GetObject", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "s3:ExistingObjectTag/AWSDataExchange": "true" }, "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Sid": "S3WriteActions", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": "arn:aws:s3:::*aws-data-exchange*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Sid": "S3ReadActions", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Sid": "AWSMarketplaceProviderActions", "Effect": "Allow", "Action": [ "aws-marketplace:DescribeEntity", "aws-marketplace:ListEntities", "aws-marketplace:StartChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:GetAgreementApprovalRequest", "aws-marketplace:ListAgreementApprovalRequests", "aws-marketplace:AcceptAgreementApprovalRequest", "aws-marketplace:RejectAgreementApprovalRequest", "aws-marketplace:UpdateAgreementApprovalRequest", "aws-marketplace:SearchAgreements", "aws-marketplace:GetAgreementTerms", "aws-marketplace:TagResource", "aws-marketplace:UntagResource", "aws-marketplace:ListTagsForResource" ], "Resource": "*" }, { "Sid": "AWSMarketplaceSubscriberActions", "Effect": "Allow", "Action": [ "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe", "aws-marketplace:ViewSubscriptions", "aws-marketplace:GetAgreementRequest", "aws-marketplace:ListAgreementRequests", "aws-marketplace:CancelAgreementRequest", "aws-marketplace:ListPrivateListings", "aws-marketplace:DescribeAgreement" ], "Resource": "*" }, { "Sid": "KMSActions", "Effect": "Allow", "Action": [ "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys" ], "Resource": "*" }, { "Sid": "RedshiftConditionalActions", "Effect": "Allow", "Action": [ "redshift:AuthorizeDataShare" ], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "redshift:ConsumerIdentifier": "ADX" } } }, { "Sid": "RedshiftActions", "Effect": "Allow", "Action": [ "redshift:DescribeDataSharesForProducer", "redshift:DescribeDataShares" ], "Resource": "*" }, { "Sid": "APIGatewayActions", "Effect": "Allow", "Action": [ "apigateway:GET" ], "Resource": "*" } ] }
AWS 受管理的策略:AWSDataExchangeProviderFullAccess
您可將 AWSDataExchangeProviderFullAccess 政策連接到 IAM 身分。
此原則會授與參與者權限,以提供資料提供者使用 AWS Data Exchange 和 SDK 的存取權 AWS Management Console 和 AWS Marketplace 動作。它還提供對 Amazon S3 的選擇存取 AWS Key Management Service ,並視需要充分利用 AWS Data Exchange。
許可詳細資訊
此政策包含以下許可:
-
AWS Data Exchange— 允許主參與者完整存取,以便在上 AWS Data Exchange提供資料產品。主參與者可以在 AWS Data Exchange上建立、更新及移除產品。 -
AWS Marketplace— 允許主參與者存取以提 AWS Marketplace 供和訂閱資料產品,以及管理訂閱驗證請求。這是提供數據產品所必需的。 -
Amazon S3— 允許主體從 Amazon 簡單儲存服務取得 AWS Data Exchange 相關物件 (包括資料產品檔案),並將 AWS Data Exchange 相關檔案上傳到 Amazon S3。這是提供數據產品所必需的。 -
Amazon API Gateway— 允許校長從亞馬遜 API 網關獲取 Amazon API Gateway API,並上傳 API。這是提供 Amazon API Gateway API 資料集的必要條件。 -
Amazon Redshift— 允許主體檢視用於匯入之 Amazon Redshift AWS Data Exchange 的資料庫,並授權他們。這是提供 Amazon Redshift 數據產品所必需的。 -
AWS KMS— 允許訪問,以 AWS Key Management Service 便可以使用密鑰對數據進行加密和訪問。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dataexchange:CreateDataSet", "dataexchange:CreateRevision", "dataexchange:CreateAsset", "dataexchange:Get*", "dataexchange:Update*", "dataexchange:List*", "dataexchange:Delete*", "dataexchange:TagResource", "dataexchange:UntagResource", "dataexchange:PublishDataSet", "dataexchange:SendApiAsset", "dataexchange:RevokeRevision", "dataexchange:SendDataSetNotification", "tag:GetTagKeys", "tag:GetTagValues" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "dataexchange:CreateJob", "dataexchange:StartJob", "dataexchange:CancelJob" ], "Resource": "*", "Condition": { "StringEquals": { "dataexchange:JobType": [ "IMPORT_ASSETS_FROM_S3", "IMPORT_ASSET_FROM_SIGNED_URL", "EXPORT_ASSETS_TO_S3", "EXPORT_ASSET_TO_SIGNED_URL", "IMPORT_ASSET_FROM_API_GATEWAY_API", "IMPORT_ASSETS_FROM_REDSHIFT_DATA_SHARES" ] } } }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::*aws-data-exchange*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "s3:ExistingObjectTag/AWSDataExchange": "true" }, "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": "arn:aws:s3:::*aws-data-exchange*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "aws-marketplace:DescribeEntity", "aws-marketplace:ListEntities", "aws-marketplace:DescribeChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:StartChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:GetAgreementApprovalRequest", "aws-marketplace:ListAgreementApprovalRequests", "aws-marketplace:AcceptAgreementApprovalRequest", "aws-marketplace:RejectAgreementApprovalRequest", "aws-marketplace:UpdateAgreementApprovalRequest", "aws-marketplace:SearchAgreements", "aws-marketplace:GetAgreementTerms", "aws-marketpalce:DescribeAgreement" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "aws-marketplace:TagResource", "aws-marketplace:UntagResource", "aws-marketplace:ListTagsForResource" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys" ], "Resource": "*" }, { "Effect": "Allow", "Action": ["redshift:AuthorizeDataShare"], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "redshift:ConsumerIdentifier": "ADX" } } }, { "Effect": "Allow", "Action": [ "redshift:DescribeDataSharesForProducer", "redshift:DescribeDataShares" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "apigateway:GET", ], "Resource": "*" } ] }
AWS 受管理的策略:AWSDataExchangeReadOnly
您可將 AWSDataExchangeReadOnly 政策連接到 IAM 身分。
此原則會授與唯讀權限,允許使用 AWS Data Exchange 和 SDK 進 AWS Marketplace 行唯讀存取 AWS Management Console 和動作。
許可詳細資訊
此政策包含以下許可:
-
AWS Data Exchange— 允許主參與者對 AWS Data Exchange 產品進行唯讀存取。這包括提供和訂閱的數據產品。 -
AWS Marketplace— 允許主參與者 AWS Marketplace 對所提供和已訂閱產品進行唯讀存取。這是檢視資料產品所必需的。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DataExchangeReadOnlyActions", "Effect": "Allow", "Action": [ "dataexchange:GetAsset", "dataexchange:GetDataSet", "dataexchange:GetEventAction", "dataexchange:GetJob", "dataexchange:GetRevision", "dataexchange:ListDataSetRevisions", "dataexchange:ListDataSets", "dataexchange:ListEventActions", "dataexchange:ListJobs", "dataexchange:ListRevisionAssets", "dataexchange:ListTagsForResource" ], "Resource": "*" }, { "Sid": "AWSMarketplaceReadOnlyActions", "Effect": "Allow", "Action": [ "aws-marketplace:ViewSubscriptions", "aws-marketplace:GetAgreementRequest", "aws-marketplace:ListAgreementRequests", "aws-marketplace:GetAgreementApprovalRequest", "aws-marketplace:ListAgreementApprovalRequests", "aws-marketplace:DescribeEntity", "aws-marketplace:ListEntities", "aws-marketplace:DescribeChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:SearchAgreements", "aws-marketplace:GetAgreementTerms", "aws-marketplace:ListPrivateListings", "aws-marketplace:ListTagsForResource" ], "Resource": "*" } ] }
AWS
受管政策:AWSDataExchangeSubscriberFullAccess
您可將 AWSDataExchangeSubscriberFullAccess 政策連接到 IAM 身分。
此原則會授與參與者權限,這些權限允許資料訂閱者使用 AWS Data Exchange 和 SDK 存取 AWS Management Console 和 AWS Marketplace 動作。它還提供對 Amazon S3 的選擇存取 AWS Key Management Service ,並視需要充分利用 AWS Data Exchange。
許可詳細資訊
此政策包含以下許可:
-
AWS Data Exchange— 允許主參與者完整存取的訂閱者功能。 AWS Data Exchange這包括訂閱和存取資料產品。 -
AWS Marketplace— 允許主參與者存取 AWS Marketplace 以檢視和訂閱產品。這是訂閱資料產品的必要條件。 -
Amazon S3— 允許主體從 Amazon 簡單儲存服務檢視和取得 AWS Data Exchange 相關物件 (包括資料產品檔案)。這是訪問訂閱的數據產品所必需的。 -
AWS KMS— 允許訪問 AWS Key Management Service 訪問已使用密鑰加密的數據。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DataExchangeReadOnlyActions", "Effect": "Allow", "Action": [ "dataexchange:Get*", "dataexchange:List*" ], "Resource": "*" }, { "Sid": "DataExchangeExportActions", "Effect": "Allow", "Action": [ "dataexchange:CreateJob", "dataexchange:StartJob", "dataexchange:CancelJob" ], "Resource": "*", "Condition": { "StringEquals": { "dataexchange:JobType": [ "EXPORT_ASSETS_TO_S3", "EXPORT_ASSET_TO_SIGNED_URL", "EXPORT_REVISIONS_TO_S3" ] } } }, { "Sid": "DataExchangeEventActionActions", "Effect": "Allow", "Action": [ "dataexchange:CreateEventAction", "dataexchange:UpdateEventAction", "dataexchange:DeleteEventAction", "dataexchange:SendApiAsset" ], "Resource": "*" }, { "Sid": "S3GetActionConditionalResourceAndADX", "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::*aws-data-exchange*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Sid": "S3ReadActions", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Sid": "AWSMarketplaceSubscriberActions", "Effect": "Allow", "Action": [ "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe", "aws-marketplace:ViewSubscriptions", "aws-marketplace:GetAgreementRequest", "aws-marketplace:ListAgreementRequests", "aws-marketplace:CancelAgreementRequest", "aws-marketplace:ListPrivateListings" ], "Resource": "*" }, { "Sid": "KMSActions", "Effect": "Allow", "Action": [ "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys" ], "Resource": "*" } ] }
AWS Data ExchangeAWS 受管理策略的更新
下表提供 AWS Data Exchange 自此服務開始追蹤這些變更之後, AWS 受管理原則的更新詳細資訊。如需有關此頁面變更的自動警示 (以及本使用者指南的任何其他變更),請訂閱的文件歷史記錄 AWS Data Exchange頁面上的 RSS 摘要。
| 變更 | 描述 | 日期 |
|---|---|---|
已新增陳述式 ID,讓政策更容易閱讀並新增動作:aws-marketplace:ListTagsForResource和aws-marketplace:ListPrivateListings。 |
2024年7月1日 |
|
| AWSDataExchangeFullAccess | 移除動作:aws-marketplace:GetPrivateListing |
2024年5月22 日 |
| AWSDataExchangeSubscriberFullAccess | 已新增陳述式 ID,讓政策更容易閱讀,並新增動作:aws-marketplace:ListPrivateListings。 |
2024 年 4 月 30 日 |
| AWSDataExchangeFullAccess | 已新增陳述式 ID,讓政策更易於閱讀,並新增動作:aws-marketplace:TagResourceaws-marketplace:UntagResourceaws-marketplace:ListTagsForResource、aws-marketplace:ListPrivateListings、aws-marketplace:GetPrivateListing、、和aws-marketplace:DescribeAgreement。 |
2024 年 4 月 30 日 |
已新增dataexchange:SendDataSetNotification傳送資料集通知的新權限。 |
2024年3月5日 | |
|
AWSDataExchangeSubscriberFullAccess、 AWSDataExchangeReadOnly AWSDataExchangeProviderFullAccess、和 AWSDataExchangeFullAccess-現有策略的更新 |
新增所有受管理政策的精細動作。新增的新動作包括 |
2023 年 7 月 31 日 |
|
AWSDataExchangeProviderFullAccess – 更新現有政策 |
已新增 |
2022 年 3 月 15 日 |
|
AWSDataExchangeProviderFullAccess和 AWSDataExchangeFullAccess— 更新現有政策 |
已新增 |
2021 年 12 月 3 日 |
| AWSDataExchangeProviderFullAccess和 AWSDataExchangeSubscriberFullAccess— 更新現有政策 |
已新增 |
2021 年 11 月 29 日 |
|
AWSDataExchangeProviderFullAccess和 AWSDataExchangeFullAccess— 更新現有政策 |
已新增 |
2021 年 11 月 1 日 |
|
AWSDataExchangeSubscriberFullAccess – 更新現有政策 |
新增 |
2021 年 9 月 30 日 |
|
AWSDataExchangeProviderFullAccess和 AWSDataExchangeFullAccess— 更新現有政策 |
已新增 |
2021 年 5 月 25 日 |
|
AWSDataExchangeReadOnly AWSDataExchangeProviderFullAccess、和 AWSDataExchangeFullAccess— 現有策略的更新 |
已新增 |
2021 年 5 月 12 日 |
|
AWS Data Exchange 開始追蹤變更 |
AWS Data Exchange 開始追蹤其 AWS 受管理策略的變更。 |
2021 年 4 月 20 日 |
