本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS Amazon DocumentDB 的受管政策
若要新增使用者、群組和角色的權限,使用 AWS 受管理的原則比自己撰寫原則更容易。建立 IAM 客戶受管政策需要時間和專業知識,而受管政策可為您的團隊提供其所需的許可。若要快速開始使用,您可以使用我們的 AWS 受管政策。這些政策涵蓋常見使用案例,並可在您的 AWS 帳戶中使用。如需有關 AWS 受管理策略的詳細資訊,請參閱 AWS Identity and Access AWS Management 使用指南中的受管理策略。
AWS 服務會維護和更新 AWS 受管理的策略。您無法變更 AWS 受管理原則中的權限。服務有時會將其他權限新增至受 AWS 管理的策略,以支援新功能。此類型的更新會影響已連接政策的所有身分識別 (使用者、群組和角色)。當新功能啟動或新作業可用時,服務最有可能更新 AWS 受管理的策略。服務不會從 AWS 受管理的政策移除權限,因此政策更新不會破壞您現有的權限。
此外,還 AWS 支援跨多個服務之工作職能的受管理原則。例如,ViewOnlyAccess AWS 受管理的原則會提供許多 AWS 服務和資源的唯讀存取權。當服務啟動新功能時,會為新作業和資源新 AWS 增唯讀權限。如需工作功能原則的清單與說明,請參閱《AWS Identity and Access AWS Management 使用者指南》中的工作職能受管理原則。
下列 AWS 受管政策 (您可以附加到帳戶中的使用者) 專屬於 Amazon DocumentDB:
AmazonDoc資料庫 FullAccess— 授予根 AWS 帳戶所有 Amazon DocumentDB 源的完整存取權。
AmazonDoc資料庫 ReadOnlyAccess— 授與根 AWS 帳戶的所有 Amazon DocumentDB 源的唯讀存取權。
AmazonDoc資料庫 ConsoleFullAccess— 使用授予管理 Amazon DocumentDB 和 Amazon DocumentDB 彈性叢集資源的完整存取權。 AWS Management Console
AmazonDoc資料庫 ElasticReadOnlyAccess— 授與根 AWS 帳戶的所有 Amazon DocumentDB 彈性叢集資源的唯讀存取權。
AmazonDoc資料庫 ElasticFullAccess— 授與根 AWS 帳戶的所有 Amazon DocumentDB 彈性叢集資源的完整存取權。
AmazonDoc資料庫 FullAccess
此政策授予管理許可,允許主體完整存取所有 Amazon DocumentDB 動作。此政策中的許可分組如下:
Amazon DocumentDB 許可允許所有 Amazon DocumentDB 操作。
此政策中的某些 Amazon EC2 許可需要驗證 API 請求中傳遞的資源。這是為了確保 Amazon DocumentDB 能夠成功地將資源與叢集搭配使用。此政策中的其餘 Amazon EC2 許可允許 Amazon DocumentDB 建立所需的 AWS 資源,讓您能夠連線到叢集。
在 API 呼叫期間會使用 Amazon DocumentDB 許可,以驗證請求中傳遞的資源。他們需要 Amazon DocumentDB 能夠使用傳遞的密鑰與 Amazon DocumentDB 集群。
Amazon DocumentDB 需要 CloudWatch 日誌才能確保日誌傳遞目的地可連接,並且對於代理日誌使用有效。
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBCluster", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBInstance", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", "Condition": { "StringLike": { "iam:AWS ServiceName": "rds.amazonaws.com" } } } ] }
AmazonDoc資料庫 ReadOnlyAccess
此政策授予唯讀許可,允許使用者檢視 Amazon DocumentDB 中的資訊。附加此政策的主體無法進行任何更新或刪除現有資源,也無法建立新的 Amazon DocumentDB 資源。例如,具有這些許可的主體可以檢視與其帳戶相關聯的叢集和組態清單,但無法變更任何叢集的組態或設定。此政策中的許可分組如下:
Amazon DocumentDB 許可允許您列出 Amazon DocumentDB 資源,描述它們,並獲取有關它們的信息。
Amazon EC2 許可用來描述與叢集關聯的 Amazon VPC、子網路、安全群組和 ENI。
Amazon DocumentDB 權限是用來描述與叢集相關聯的金鑰。
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSubnetGroups", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DownloadDBLogFilePortion", "rds:ListTagsForResource" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "kms:ListKeys", "kms:ListRetirableGrants", "kms:ListAliases", "kms:ListKeyPolicies" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Effect": "Allow", "Resource": [ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", "arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*" ] } ] }
AmazonDoc資料庫 ConsoleFullAccess
使用以下命令授予管理 Amazon 文件資源的完整存 AWS Management Console 取權:
Amazon DocumentDB 許可允許所有 Amazon DocumentDB 和 Amazon DocumentDB 集群操作。
此政策中的某些 Amazon EC2 許可需要驗證 API 請求中傳遞的資源。這是為了確保 Amazon DocumentDB 能夠成功使用資源來佈建和維護叢集。此政策中的其餘 Amazon EC2 許可允許 Amazon DocumentDB 建立所需的 AWS 資源,讓您能夠連線到您的叢集,例如 vPSENdPoint。
AWS KMS 在 API 調用期間使用權限 AWS KMS 來驗證請求中傳遞的資源。Amazon DocumentDB 需要它們才能使用傳遞的金鑰,透過 Amazon DocumentDB 彈性叢集來加密和解密靜態資料。
Amazon DocumentDB 需要 CloudWatch 日誌才能確保日誌傳遞目的地可連接,並且對於稽核和分析日誌使用有效。
需要 Secrets Manager 員權限才能驗證指定的密碼,並使用它為 Amazon DocumentDB 彈性叢集設定管理員使用者。
Amazon 文件資料庫叢集管理動作需要 Amazon RDS 許可。對於某些管理功能,Amazon DocumentDB 會使用與 Amazon RDS 共用的操作技術。
SNS 許可允許主體使用亞馬遜簡單通知服務 (Amazon SNS) 訂閱和主題,以及發佈 Amazon SNS 訊息。
建立指標和記錄發佈所需的服務連結角色時,需要 IAM 許可。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DocdbSids", "Effect": "Allow", "Action": [ "docdb-elastic:CreateCluster", "docdb-elastic:UpdateCluster", "docdb-elastic:GetCluster", "docdb-elastic:DeleteCluster", "docdb-elastic:ListClusters", "docdb-elastic:CreateClusterSnapshot", "docdb-elastic:GetClusterSnapshot", "docdb-elastic:DeleteClusterSnapshot", "docdb-elastic:ListClusterSnapshots", "docdb-elastic:RestoreClusterFromSnapshot", "docdb-elastic:TagResource", "docdb-elastic:UntagResource", "docdb-elastic:ListTagsForResource", "docdb-elastic:CopyClusterSnapshot", "docdb-elastic:StartCluster", "docdb-elastic:StopCluster", "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBCluster", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBInstance", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:CreateGlobalCluster", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DeleteGlobalCluster", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeGlobalClusters", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:ModifyGlobalCluster", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveFromGlobalCluster", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime" ], "Resource": [ "*" ] }, { "Sid": "DependencySids", "Effect": "Allow", "Action": [ "iam:GetRole", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:AllocateAddress", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AssociateRouteTable", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateVpcCidrBlock", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkInterface", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeNatGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "kms:DescribeKey", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Resource": [ "*" ] }, { "Sid": "DocdbSLRSid", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", "Condition": { "StringLike": { "iam:AWSServiceName": "rds.amazonaws.com" } } }, { "Sid": "DocdbElasticSLRSid", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/docdb-elastic.amazonaws.com/AWSServiceRoleForDocDB-Elastic", "Condition": { "StringLike": { "iam:AWSServiceName": "docdb-elastic.amazonaws.com" } } } ] }
AmazonDoc資料庫 ElasticReadOnlyAccess
此政策授予唯讀許可,讓使用者能夠在 Amazon DocumentDB 中檢視彈性叢集資訊。附加此政策的主體無法進行任何更新或刪除現有資源,也無法建立新的 Amazon DocumentDB 資源。例如,具有這些許可的主體可以檢視與其帳戶相關聯的叢集和組態清單,但無法變更任何叢集的組態或設定。此政策中的許可分組如下:
Amazon DocumentDB 彈性叢集許可可讓您列出 Amazon DocumentDB 彈性叢集資源、描述資源,以及取得有關這些資源的資訊。
CloudWatch 權限是用來驗證服務測量結果。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "docdb-elastic:ListClusters", "docdb-elastic:GetCluster", "docdb-elastic:ListClusterSnapshots", "docdb-elastic:GetClusterSnapshot", "docdb-elastic:ListTagsForResource" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics" ], "Resource": "*" } ] }
AmazonDoc資料庫 ElasticFullAccess
此政策授予管理許可,允許主體完整存取 Amazon DocumentDB 彈性叢集的所有 Amazon DocumentDB 動作。
此原則會在條件範圍內使用 AWS 標籤 (https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html) 來限定資源的存取範圍。如果您使用的是密碼,則必須使用標籤鍵DocDBElasticFullAccess和標籤值來標記密碼。如果您使用的是客戶管理的金鑰,則必須使用標籤金鑰DocDBElasticFullAccess和標籤值加上標籤。
此政策中的許可分組如下:
Amazon DocumentDB 彈性群集許可允許所有 Amazon DocumentDB 操作。
此政策中的某些 Amazon EC2 許可需要驗證 API 請求中傳遞的資源。這是為了確保 Amazon DocumentDB 能夠成功使用資源來佈建和維護叢集。此政策中的其餘 Amazon EC2 許可允許 Amazon DocumentDB 建立所需的 AWS 資源,讓您可以像虛擬私人雲端端點一樣連接到叢集。
AWS KMS Amazon DocumentDB 需要許可才能使用傳遞的金鑰來加密和解密 Amazon DocumentDB 彈性叢集中的靜態資料。
注意
客戶管理的金鑰必須具有包含金鑰
DocDBElasticFullAccess和標籤值的標籤。SecretsManager 需要許可才能驗證指定的密碼,並使用它為 Amazon DocumentDB 彈性叢集設定管理員使用者。
注意
使用的密碼必須有一個帶有密鑰
DocDBElasticFullAccess和標籤值的標籤。建立指標和記錄發佈所需的服務連結角色時,需要 IAM 許可。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DocdbElasticSid", "Effect": "Allow", "Action": [ "docdb-elastic:CreateCluster", "docdb-elastic:UpdateCluster", "docdb-elastic:GetCluster", "docdb-elastic:DeleteCluster", "docdb-elastic:ListClusters", "docdb-elastic:CreateClusterSnapshot", "docdb-elastic:GetClusterSnapshot", "docdb-elastic:DeleteClusterSnapshot", "docdb-elastic:ListClusterSnapshots", "docdb-elastic:RestoreClusterFromSnapshot", "docdb-elastic:TagResource", "docdb-elastic:UntagResource", "docdb-elastic:ListTagsForResource", "docdb-elastic:CopyClusterSnapshot", "docdb-elastic:StartCluster", "docdb-elastic:StopCluster" ], "Resource": [ "*" ] }, { "Sid": "EC2Sid", "Effect": "Allow", "Action": [ "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "ec2:DeleteVpcEndpoints", "ec2:ModifyVpcEndpoint", "ec2:DescribeVpcAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeAvailabilityZones", "secretsmanager:ListSecrets" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "aws:CalledViaFirst": "docdb-elastic.amazonaws.com" } } }, { "Sid": "KMSSid", "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "StringLike": { "kms:ViaService": [ "docdb-elastic.*.amazonaws.com" ], "aws:ResourceTag/DocDBElasticFullAccess": "*" } } }, { "Sid": "KMSGrantSid", "Effect": "Allow", "Action": [ "kms:CreateGrant" ], "Resource": "*", "Condition": { "StringLike": { "aws:ResourceTag/DocDBElasticFullAccess": "*", "kms:ViaService": [ "docdb-elastic.*.amazonaws.com" ] }, "Bool": { "kms:GrantIsForAWSResource": true } } }, { "Sid": "SecretManagerSid", "Effect": "Allow", "Action": [ "secretsmanager:ListSecretVersionIds", "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:GetResourcePolicy" ], "Resource": "*", "Condition": { "StringLike": { "secretsmanager:ResourceTag/DocDBElasticFullAccess": "*" }, "StringEquals": { "aws:CalledViaFirst": "docdb-elastic.amazonaws.com" } } }, { "Sid": "CloudwatchSid", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics" ], "Resource": [ "*" ] }, { "Sid": "SLRSid", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/docdb-elastic.amazonaws.com/AWSServiceRoleForDocDB-Elastic", "Condition": { "StringLike": { "iam:AWSServiceName": "docdb-elastic.amazonaws.com" } } } ] }
AmazonDoc資料庫 ElasticServiceRolePolicy
您無法附加AmazonDocDBElasticServiceRolePolicy至您的 AWS Identity and Access Management 實體。此政策附加至服務連結角色,可讓 Amazon DocumentDB 代表您執行動作。如需詳細資訊,請參閱 彈性叢集中的服務連結角色。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData" ], "Resource": "*", "Condition": { "StringEquals": { "cloudwatch:namespace": [ "AWS/DocDB-Elastic" ] } } } ] }
Amazon DocumentDB 更新受 AWS 管政策
| 變更 | 描述 | 日期 |
|---|---|---|
| AmazonDoc資料庫 ElasticFullAccess,AmazonDoc資料庫 ConsoleFullAccess-變更 | 已更新原則以新增啟動/停止叢集和複製叢集快照動作。 | 2/21/2024 |
| AmazonDoc資料庫 ElasticReadOnlyAccess,AmazonDoc資料庫 ElasticFullAccess-變更 | 已更新原則以新增cloudwatch:GetMetricData動作。 |
6/21/2023 |
| AmazonDoc資料庫 ElasticReadOnlyAccess – 新政策 | 適用於 Amazon 文件資料庫彈性叢集的新受管政策 | 6/8/2023 |
| AmazonDoc資料庫 ElasticFullAccess – 新政策 | 適用於 Amazon 文件資料庫彈性叢集的新受管政策 | 6/5/2023 |
| AmazonDoc資料庫 ElasticServiceRolePolicy – 新政策 | Amazon DocumentDB 為 Amazon DocumentDB 彈性集群創建一個新的 AWS ServiceRoleForDoc DB 彈性服務鏈接角色 | 11/30/2022 |
| AmazonDoc資料庫 ConsoleFullAccess-變更 | 政策已更新以新增 Amazon DocumentDB 全域和彈性叢集許可 | 11/30/2022 |
| AmazonDoc資料庫 ConsoleFullAccess,AmazonDoc資料庫 FullAccess, AmazonDoc資料庫 ReadOnlyAccess-新政策 | 服務啟動 | 1/19/2017 |
