大量作業先決條 - AWS IoT SiteWise
IAM 許可

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

大量作業先決條

本節說明大量作業先決條件,包括在 AWS 服務 與本機電腦之間交換資源的 AWS Identity and Access Management (IAM) 許可。開始大量作業之前,請完成下列先決條件:

  • 建立 Amazon S3 儲存貯體來存放資源。如需使用 Amazon S3 的詳細資訊,請參閱什麼是 Amazon S3?

IAM 許可

若要執行大量操作,您必須建立具有允許 Amazon S3 和本機電腦之間交換 AWS 資源的許可的 AWS Identity and Access Management (IAM) 政策。 AWS IoT SiteWise如需建立自訂 IAM 政策的詳細資訊,請參閱建立 IAM 政策

若要執行批次處理作業,您需要下列原則。

此原則允許存取批次處理作業所需的 AWS IoT SiteWise API 動作:

{
    "Sid": "SiteWiseApiAccess",
    "Effect": "Allow",
    "Action": [
        "iotsitewise:CreateAsset",
        "iotsitewise:CreateAssetModel",
        "iotsitewise:UpdateAsset",
        "iotsitewise:UpdateAssetModel",
        "iotsitewise:UpdateAssetProperty",
        "iotsitewise:ListAssets",
        "iotsitewise:ListAssetModels",
        "iotsitewise:ListAssetProperties",
        "iotsitewise:ListAssetModelProperties",
        "iotsitewise:ListAssociatedAssets",
        "iotsitewise:DescribeAsset",
        "iotsitewise:DescribeAssetModel",
        "iotsitewise:DescribeAssetProperty",
        "iotsitewise:AssociateAssets",
        "iotsitewise:DisassociateAssets",
        "iotsitewise:AssociateTimeSeriesToAssetProperty",
        "iotsitewise:DisassociateTimeSeriesFromAssetProperty",
        "iotsitewise:BatchPutAssetPropertyValue",
        "iotsitewise:BatchGetAssetPropertyValue",
        "iotsitewise:TagResource",
        "iotsitewise:UntagResource",
        "iotsitewise:ListTagsForResource",
        "iotsitewise:CreateAssetModelCompositeModel",
        "iotsitewise:UpdateAssetModelCompositeModel",
        "iotsitewise:DescribeAssetModelCompositeModel",
        "iotsitewise:DeleteAssetModelCompositeModel",
        "iotsitewise:ListAssetModelCompositeModels",
        "iotsitewise:ListCompositionRelationships",
        "iotsitewise:DescribeAssetCompositeModel"
    ],
    "Resource": "*"
}

此原則允許存取您用來處理大量作業的 AWS IoT TwinMaker API 作業:

{
    "Sid": "MetadataTransferJobApiAccess",
    "Effect": "Allow",
    "Action": [
        "iottwinmaker:CreateMetadataTransferJob",
        "iottwinmaker:CancelMetadataTransferJob",
        "iottwinmaker:GetMetadataTransferJob",
        "iottwinmaker:ListMetadataTransferJobs"
    ],
    "Resource": "*"
}

此政策提供 Amazon S3 儲存貯體的存取權,以傳輸大量操作的中繼資料。

For a specific Amazon S3 bucket

如果您使用一個特定值區來處理大量作業中繼資料,則此原則會提供該值區的存取權:

{
    "Effect": "Allow",
    "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:AbortMultipartUpload",
        "s3:ListBucketMultipartUploads",
        "s3:ListMultipartUploadParts"
    ],
    "Resource": [
        "arn:aws:s3:::bucket name",
        "arn:aws:s3:::bucket name/*"
    ]
}
To allow any Amazon S3 bucket

如果您將使用許多不同的值區來處理大量作業中繼資料,則此原則會提供任何值區的存取權:

{
    "Effect": "Allow",
    "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:AbortMultipartUpload",
        "s3:ListBucketMultipartUploads",
        "s3:ListMultipartUploadParts"
    ],
    "Resource": "*"
}

如需有關疑難排解匯入和匯出作業的資訊,請參閱大量匯入和匯出疑難排解