本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
從 建立IAM受管政策 JSON
此範例示範如何使用 AWS SDK for .NET ,從 中的指定政策文件建立IAM受管政策JSON。應用程式會建立IAM用戶端物件、從 檔案讀取政策文件,然後建立政策。
注意
如需 中的政策文件範例JSON,請參閱本主題結尾的其他考量事項。
下列各節提供此範例的程式碼片段。範例的完整程式碼在此之後顯示,並且可以像原樣建置和執行。
建立 政策
下列程式碼片段會建立具有指定名稱和政策文件的IAM受管政策。
本主題結尾的範例顯示此程式碼片段正在使用中。
// // Method to create an IAM policy from a JSON file private static async Task<CreatePolicyResponse> CreateManagedPolicy( IAmazonIdentityManagementService iamClient, string policyName, string jsonFilename) { return await iamClient.CreatePolicyAsync(new CreatePolicyRequest{ PolicyName = policyName, PolicyDocument = File.ReadAllText(jsonFilename)}); }
完成程式碼
本節顯示此範例的相關參考和完整程式碼。
NuGet 套件:
程式設計元素:
using System; using System.Collections.Generic; using System.IO; using System.Threading.Tasks; using Amazon.IdentityManagement; using Amazon.IdentityManagement.Model; namespace IamCreatePolicyFromJson { // = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = // Class to create an IAM policy with a given policy document class Program { private const int MaxArgs = 2; static async Task Main(string[] args) { // Parse the command line and show help if necessary var parsedArgs = CommandLine.Parse(args); if((parsedArgs.Count == 0) || (parsedArgs.Count > MaxArgs)) { PrintHelp(); return; } // Get the application arguments from the parsed list string policyName = CommandLine.GetArgument(parsedArgs, null, "-p", "--policy-name"); string policyFilename = CommandLine.GetArgument(parsedArgs, null, "-j", "--json-filename"); if( string.IsNullOrEmpty(policyName) || (string.IsNullOrEmpty(policyFilename) || !policyFilename.EndsWith(".json"))) CommandLine.ErrorExit( "\nOne or more of the required arguments is missing or incorrect." + "\nRun the command with no arguments to see help."); // Create an IAM service client var iamClient = new AmazonIdentityManagementServiceClient(); // Create the new policy var response = await CreateManagedPolicy(iamClient, policyName, policyFilename); Console.WriteLine($"\nPolicy {response.Policy.PolicyName} has been created."); Console.WriteLine($" Arn: {response.Policy.Arn}"); } // // Method to create an IAM policy from a JSON file private static async Task<CreatePolicyResponse> CreateManagedPolicy( IAmazonIdentityManagementService iamClient, string policyName, string jsonFilename) { return await iamClient.CreatePolicyAsync(new CreatePolicyRequest{ PolicyName = policyName, PolicyDocument = File.ReadAllText(jsonFilename)}); } // // Command-line help private static void PrintHelp() { Console.WriteLine( "\nUsage: IamCreatePolicyFromJson -p <policy-name> -j <json-filename>" + "\n -p, --policy-name: The name you want the new policy to have." + "\n -j, --json-filename: The name of the JSON file with the policy document."); } } // = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = // Class that represents a command line on the console or terminal. // (This is the same for all examples. When you have seen it once, you can ignore it.) static class CommandLine { // // Method to parse a command line of the form: "--key value" or "-k value". // // Parameters: // - args: The command-line arguments passed into the application by the system. // // Returns: // A Dictionary with string Keys and Values. // // If a key is found without a matching value, Dictionary.Value is set to the key // (including the dashes). // If a value is found without a matching key, Dictionary.Key is set to "--NoKeyN", // where "N" represents sequential numbers. public static Dictionary<string,string> Parse(string[] args) { var parsedArgs = new Dictionary<string,string>(); int i = 0, n = 0; while(i < args.Length) { // If the first argument in this iteration starts with a dash it's an option. if(args[i].StartsWith("-")) { var key = args[i++]; var value = key; // Check to see if there's a value that goes with this option? if((i < args.Length) && (!args[i].StartsWith("-"))) value = args[i++]; parsedArgs.Add(key, value); } // If the first argument in this iteration doesn't start with a dash, it's a value else { parsedArgs.Add("--NoKey" + n.ToString(), args[i++]); n++; } } return parsedArgs; } // // Method to get an argument from the parsed command-line arguments // // Parameters: // - parsedArgs: The Dictionary object returned from the Parse() method (shown above). // - defaultValue: The default string to return if the specified key isn't in parsedArgs. // - keys: An array of keys to look for in parsedArgs. public static string GetArgument( Dictionary<string,string> parsedArgs, string defaultReturn, params string[] keys) { string retval = null; foreach(var key in keys) if(parsedArgs.TryGetValue(key, out retval)) break; return retval ?? defaultReturn; } // // Method to exit the application with an error. public static void ErrorExit(string msg, int code=1) { Console.WriteLine("\nError"); Console.WriteLine(msg); Environment.Exit(code); } } }
其他考量
-
以下是您可以複製到 JSON 檔案並用作此應用程式輸入的範例政策文件:
{ "Version" : "2012-10-17", "Id" : "DotnetTutorialPolicy", "Statement" : [ { "Sid" : "DotnetTutorialPolicyS3", "Effect" : "Allow", "Action" : [ "s3:Get*", "s3:List*" ], "Resource" : "*" }, { "Sid" : "DotnetTutorialPolicyPolly", "Effect": "Allow", "Action": [ "polly:DescribeVoices", "polly:SynthesizeSpeech" ], "Resource": "*" } ] }
-
您可以在IAM主控台
中查看政策是否已建立。在篩選政策下拉式清單中,選取客戶受管 。當您不再需要政策時,請將其刪除。
-
如需政策建立的詳細資訊,請參閱 IAM 使用者指南中的建立IAM政策和IAMJSON政策參考
