Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
AWSTransformApplicationECSDeploymentPolicy
Descripción: Permite a AWS Transform implementar aplicaciones en Amazon Elastic Container Service (ECS) con Fargate. Otorga permisos para aprovisionar, configurar y administrar la infraestructura subyacente necesaria para ejecutar aplicaciones en ECS.
AWSTransformApplicationECSDeploymentPolicy es una política administrada de AWS.
Uso de la política
Puede asociar AWSTransformApplicationECSDeploymentPolicy a los usuarios, grupos y roles.
Información de la política
-
Tipo: política de rol de servicio
-
Hora de creación: 29 de septiembre de 2025 a las 22:49 UTC
-
Hora editada: 21 de noviembre de 2025 a las 23:34 UTC
-
ARN:
arn:aws:iam::aws:policy/service-role/AWSTransformApplicationECSDeploymentPolicy
Versión de la política
Versión de la política: v2 (predeterminada)
La versión predeterminada de la política define qué permisos tendrá. Cuando un usuario o un rol con la política solicita el acceso a un AWS recurso, AWS comprueba la versión predeterminada de la política para determinar si permite la solicitud.
Documento de política JSON
{ "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : "cloudformation:CreateStack", "Resource" : "arn:aws:cloudformation:*:*:stack/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}", "aws:RequestTag/CreatedBy" : "AWSTransform" } } }, { "Effect" : "Allow", "Action" : [ "cloudformation:UpdateStack", "cloudformation:DeleteStack" ], "Resource" : "arn:aws:cloudformation:*:*:stack/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}", "aws:ResourceTag/CreatedBy" : "AWSTransform" } } }, { "Effect" : "Allow", "Action" : [ "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents" ], "Resource" : "arn:aws:cloudformation:*:*:stack/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Effect" : "Allow", "Action" : "ecs:CreateCluster", "Resource" : "arn:aws:ecs:*:*:cluster/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}", "aws:RequestTag/CreatedBy" : "AWSTransform" } } }, { "Effect" : "Allow", "Action" : [ "ecs:UpdateCluster", "ecs:DeleteCluster" ], "Resource" : "arn:aws:ecs:*:*:cluster/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}", "ecs:ResourceTag/CreatedBy" : "AWSTransform" } } }, { "Effect" : "Allow", "Action" : "ecs:RegisterTaskDefinition", "Resource" : "arn:aws:ecs:*:*:task-definition/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}", "aws:RequestTag/CreatedBy" : "AWSTransform" } } }, { "Effect" : "Allow", "Action" : "ecs:RunTask", "Resource" : "arn:aws:ecs:*:*:task-definition/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}", "aws:ResourceTag/CreatedBy" : "AWSTransform" }, "ArnLike" : { "ecs:cluster" : "arn:aws:ecs:*:*:cluster/AWSTransform*" } } }, { "Effect" : "Allow", "Action" : "ecs:ListTasks", "Resource" : "arn:aws:ecs:*:*:container-instance/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" }, "ArnLike" : { "ecs:cluster" : "arn:aws:ecs:*:*:cluster/AWSTransform*" } } }, { "Effect" : "Allow", "Action" : "ecs:DescribeTasks", "Resource" : "arn:aws:ecs:*:*:task/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" }, "ArnLike" : { "ecs:cluster" : "arn:aws:ecs:*:*:cluster/AWSTransform*" } } }, { "Effect" : "Allow", "Action" : "iam:PassRole", "Resource" : [ "arn:aws:iam::*:role/AWSTransform-Deploy-ECS-Task-Role", "arn:aws:iam::*:role/AWSTransform-Deploy-ECS-Execution-Role" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}", "iam:PassedToService" : [ "ecs-tasks.amazonaws.com", "ecs.amazonaws.com" ] } } }, { "Effect" : "Allow", "Action" : [ "iam:GetRole", "iam:GetRolePolicy", "iam:ListRolePolicies", "iam:ListAttachedRolePolicies" ], "Resource" : [ "arn:aws:iam::*:role/AWSTransform-Deploy-ECS-Task-Role", "arn:aws:iam::*:role/AWSTransform-Deploy-ECS-Execution-Role" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Effect" : "Allow", "Action" : "ecs:CreateService", "Resource" : "arn:aws:ecs:*:*:service/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}", "aws:RequestTag/CreatedBy" : "AWSTransform" } } }, { "Effect" : "Allow", "Action" : [ "ecs:UpdateService", "ecs:DeleteService" ], "Resource" : "arn:aws:ecs:*:*:service/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}", "ecs:ResourceTag/CreatedBy" : "AWSTransform" } } }, { "Effect" : "Allow", "Action" : [ "ecs:TagResource", "ecs:UntagResource" ], "Resource" : [ "arn:aws:ecs:*:*:cluster/AWSTransform*", "arn:aws:ecs:*:*:task-definition/AWSTransform*", "arn:aws:ecs:*:*:service/AWSTransform*", "arn:aws:ecs:*:*:task/AWSTransform*" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" }, "ForAllValues:StringEquals" : { "aws:TagKeys" : [ "ResourceName", "CreatedBy", "TransformationType" ] } } }, { "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup", "logs:TagResource" ], "Resource" : "arn:aws:logs:*:*:log-group:/aws/ecs/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}", "aws:RequestTag/CreatedBy" : "AWSTransform" }, "ForAllValues:StringEquals" : { "aws:TagKeys" : [ "ResourceName", "CreatedBy", "TransformationType" ] } } }, { "Effect" : "Allow", "Action" : [ "logs:DeleteLogGroup", "logs:PutRetentionPolicy" ], "Resource" : "arn:aws:logs:*:*:log-group:/aws/ecs/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Effect" : "Allow", "Action" : "logs:UntagResource", "Resource" : "arn:aws:logs:*:*:log-group:/aws/ecs/AWSTransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" }, "ForAllValues:StringEquals" : { "aws:TagKeys" : [ "ResourceName", "CreatedBy", "TransformationType" ] } } }, { "Effect" : "Allow", "Action" : "logs:GetLogEvents", "Resource" : "arn:aws:logs:*:*:log-group:/aws/ecs/AWSTransform*:log-stream:*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Effect" : "Allow", "Action" : [ "ecr:CreateRepository", "ecr:TagResource" ], "Resource" : "arn:aws:ecr:*:*:repository/awstransform*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}", "aws:RequestTag/CreatedBy" : "AWSTransform" }, "ForAllValues:StringEquals" : { "aws:TagKeys" : [ "ResourceName", "CreatedBy", "TransformationType" ] } } }, { "Effect" : "Allow", "Action" : [ "ecs:DescribeClusters", "ecs:DescribeServices", "ec2:DescribeSecurityGroups", "ec2:DescribeNetworkInterfaces", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:ListTagsForResource" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "iam:CreateServiceLinkedRole" ], "Resource" : "arn:aws:iam::*:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", "Condition" : { "StringEquals" : { "iam:AWSServiceName" : "ecs.amazonaws.com" } } }, { "Effect" : "Allow", "Action" : [ "kms:CreateGrant" ], "Resource" : "arn:aws:kms:*:*:key/*", "Condition" : { "Bool" : { "kms:GrantIsForAWSResource" : "true" }, "StringLike" : { "kms:ViaService" : [ "ecr.*.amazonaws.com" ], "kms:EncryptionContext:aws:ecr:arn" : "*" }, "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}", "kms:GrantConstraintType" : "EncryptionContextSubset" }, "ForAllValues:StringEquals" : { "kms:GrantOperations" : [ "Decrypt", "GenerateDataKey" ] } } } ] }
Más información
