Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
AWSNetworkFirewallFullAccess
Deskripsi: Memberikan akses penuh ke layanan AWS Network Firewall, termasuk izin untuk membuat, mengonfigurasi, mengelola, dan menghapus sumber daya firewall, kebijakan, dan grup aturan. Selain itu mencakup izin untuk memodifikasi titik akhir VPC, kebijakan bucket S3, konfigurasi Log CloudWatch , dan membuat peran terkait layanan untuk Network Firewall dan layanan pengiriman log
AWSNetworkFirewallFullAccessadalah kebijakan yang AWS dikelola.
Menggunakan kebijakan ini
Anda dapat melampirkan AWSNetworkFirewallFullAccess ke pengguna, grup, dan peran Anda.
Rincian kebijakan
-
Jenis: kebijakan AWS terkelola
-
Waktu pembuatan: 10 Juni 2025, 21:52 UTC
-
Waktu yang telah diedit: 10 Juni 2025, 21:52 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSNetworkFirewallFullAccess
Versi kebijakan
Versi kebijakan: v1 (default)
Versi default kebijakan adalah versi yang menentukan izin untuk kebijakan tersebut. Saat pengguna atau peran dengan kebijakan membuat permintaan untuk mengakses AWS sumber daya, AWS periksa versi default kebijakan untuk menentukan apakah akan mengizinkan permintaan tersebut.
Dokumen kebijakan JSON
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "NetworkFirewall", "Effect" : "Allow", "Action" : [ "network-firewall:ListAnalysisReports", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "network-firewall:ListFlowOperations", "network-firewall:ListRuleGroups", "network-firewall:ListTagsForResource", "network-firewall:ListTLSInspectionConfigurations", "network-firewall:DescribeFirewall", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeFlowOperation", "network-firewall:DescribeLoggingConfiguration", "network-firewall:DescribeResourcePolicy", "network-firewall:DescribeRuleGroup", "network-firewall:DescribeRuleGroupMetadata", "network-firewall:DescribeTLSInspectionConfiguration", "network-firewall:GetAnalysisReportResults", "network-firewall:ListFlowOperationResults", "network-firewall:TagResource", "network-firewall:UntagResource", "network-firewall:AssociateFirewallPolicy", "network-firewall:AssociateSubnets", "network-firewall:CreateFirewall", "network-firewall:CreateFirewallPolicy", "network-firewall:CreateRuleGroup", "network-firewall:CreateTLSInspectionConfiguration", "network-firewall:DeleteFirewall", "network-firewall:DeleteFirewallPolicy", "network-firewall:DeleteResourcePolicy", "network-firewall:DeleteRuleGroup", "network-firewall:DeleteTLSInspectionConfiguration", "network-firewall:DisassociateSubnets", "network-firewall:PutResourcePolicy", "network-firewall:StartAnalysisReport", "network-firewall:StartFlowCapture", "network-firewall:StartFlowFlush", "network-firewall:UpdateFirewallAnalysisSettings", "network-firewall:UpdateFirewallDeleteProtection", "network-firewall:UpdateFirewallDescription", "network-firewall:UpdateFirewallEncryptionConfiguration", "network-firewall:UpdateFirewallPolicy", "network-firewall:UpdateFirewallPolicyChangeProtection", "network-firewall:UpdateLoggingConfiguration", "network-firewall:UpdateRuleGroup", "network-firewall:UpdateSubnetChangeProtection", "network-firewall:UpdateTLSInspectionConfiguration" ], "Resource" : [ "arn:aws:network-firewall:*:*:*" ] }, { "Sid" : "NetworkFirewallEC2", "Effect" : "Allow", "Action" : [ "ec2:DescribeRouteTables", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:GetManagedPrefixListEntries" ], "Resource" : "*" }, { "Sid" : "NetworkFirewallCreateVpcEndpoint", "Effect" : "Allow", "Action" : [ "ec2:CreateVpcEndpoint" ], "Resource" : "arn:aws:ec2:*:*:*", "Condition" : { "StringEquals" : { "aws:RequestTag/AWSNetworkFirewallManaged" : "true" } } }, { "Sid" : "NetworkFirewallDeleteVpcEndpoints", "Effect" : "Allow", "Action" : [ "ec2:DeleteVpcEndpoints" ], "Resource" : "arn:aws:ec2:*:*:*", "Condition" : { "StringEquals" : { "aws:ResourceTag/AWSNetworkFirewallManaged" : "true" } } }, { "Sid" : "NetworkFirewallLogging", "Effect" : "Allow", "Action" : [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", "logs:GetLogDelivery", "logs:ListLogDeliveries", "logs:UpdateLogDelivery" ], "Resource" : "*" }, { "Sid" : "NetworkFirewallLoggingCWL", "Effect" : "Allow", "Action" : [ "logs:DescribeLogGroups", "logs:DescribeResourcePolicies", "logs:PutResourcePolicy" ], "Resource" : "arn:aws:logs:*:*:*" }, { "Sid" : "NetworkFirewallLoggingS3", "Effect" : "Allow", "Action" : [ "s3:GetBucketPolicy", "s3:PutBucketPolicy" ], "Resource" : "arn:aws:s3:::*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "NetworkFirewallLoggingFirehose", "Effect" : "Allow", "Action" : "firehose:TagDeliveryStream", "Resource" : "arn:aws:firehose:*:*:*" }, { "Sid" : "NetworkFirewallSLR", "Effect" : "Allow", "Action" : "iam:CreateServiceLinkedRole", "Resource" : [ "arn:aws:iam::*:role/aws-service-role/network-firewall.amazonaws.com/AWSServiceRoleForNetworkFirewall" ], "Condition" : { "StringEquals" : { "iam:AWSServiceName" : "network-firewall.amazonaws.com" } } }, { "Sid" : "NetworkFirewallLogDeliverySLR", "Effect" : "Allow", "Action" : [ "iam:CreateServiceLinkedRole" ], "Resource" : [ "arn:aws:iam::*:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery" ] } ] }
Pelajari selengkapnya
