本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
內嵌政策
內嵌政策是您建立和管理的政策。您可以直接將內嵌政策內嵌至使用者、群組或角色。下列政策範例示範如何指派執行 AWS re:Post Private 動作的許可。如需內嵌政策的一般資訊,請參閱《AWS IAM 使用者指南》中的管理 IAM 政策。 您可以使用 AWS Management Console、 AWS Command Line Interface (AWS CLI) 或 AWS Identity and Access Management API 來建立和內嵌內嵌政策。
re:Post Private 的唯讀存取權
下列政策會將讀取存取權授予 IAM Identity Center 和 re:Post Private 主控台的使用者。此政策允許使用者執行僅供讀取的 re:Post Private 動作。
- JSON
-
-
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"organizations:DescribeOrganization",
"organizations:DescribeAccount",
"sso:DescribeRegisteredRegions",
"sso:ListDirectoryAssociations",
"sso:GetSSOStatus",
"sso:GetManagedApplicationInstance",
"sso:ListProfiles",
"sso:GetProfile",
"sso:ListProfileAssociations",
"sso-directory:DescribeDirectory",
"sso-directory:SearchUsers",
"sso-directory:SearchGroups",
"repostspace:GetSpace",
"repostspace:ListSpaces",
"repostspace:ListTagsForResource"
],
"Resource": "*"
}
]
}
完整存取 re:Post Private
下列政策會將完整存取權授予 IAM Identity Center 和 re:Post Private 主控台的使用者。此政策允許使用者執行所有 re:Post Private 動作。
- JSON
-
-
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"organizations:DescribeOrganization",
"organizations:DescribeAccount",
"sso:DescribeRegisteredRegions",
"sso:ListDirectoryAssociations",
"sso:GetSSOStatus",
"sso:GetManagedApplicationInstance",
"sso:ListProfiles",
"sso:GetProfile",
"sso:ListProfileAssociations",
"sso:CreateManagedApplicationInstance",
"sso:DeleteManagedApplicationInstance",
"sso:AssociateProfile",
"sso:DisassociateProfile",
"sso-directory:DescribeDirectory",
"sso-directory:SearchUsers",
"sso-directory:SearchGroups",
"kms:ListAliases",
"kms:DescribeKey",
"kms:CreateGrant",
"kms:RetireGrant",
"repostspace:*"
],
"Resource": "*"
}
]
}
