Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
Menyiapkan izin
| IAM Role | Diperlukan? | Tujuan | ||
|---|---|---|---|---|
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "pods.eks.amazonaws.com" }, "Action": [ "sts:AssumeRole", "sts:TagSession" ], "Condition": { "StringEquals": { "aws:SourceAccount": "{{accountId}}", "aws:SourceArn": "arn:aws:eks:{{region}}:{{accountId}}:cluster/{{eksClusterName}}" } } } ] }
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "pods.eks.amazonaws.com" }, "Action": [ "sts:AssumeRole", "sts:TagSession" ], "Condition": { "StringEquals": { "aws:SourceAccount": "{{accountId}}", "aws:SourceArn": "arn:aws:eks:{{region}}:{{accountId}}:cluster/{{eksClusterName}}" } } } ] }
{ "Version": "2012-10-17", "Statement": [ { "Sid": "KMSDescribeKey", "Effect": "Allow", "Action": [ "kms:DescribeKey" ], "Resource": "arn:aws:kms:{{region}}:{{accountId}}:key/{{kmsKeyId}}" }, { "Sid": "KMSKeyOperations", "Effect": "Allow", "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "arn:aws:kms:{{region}}:{{accountId}}:key/{{kmsKeyId}}", "Condition": { "StringEquals": { "kms:EncryptionContext:sagemaker:component": "amazon-sagemaker-spaces", "kms:EncryptionContext:sagemaker:eks-cluster-arn": "${aws:PrincipalTag/eks-cluster-arn}" } } } ] }
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ssm.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{{account}}" }, "ArnEquals": { "aws:SourceArn": "arn:aws:ssm:{{region}}:{{account}}:*" } } } ] }
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:DescribeAssociation" ], "Resource": [ "arn:aws:ssm:{{region}}:{{account}}:association/*", "arn:aws:ssm:{{region}}:{{account}}:document/*", "arn:aws:ec2:{{region}}:{{account}}:instance/*", "arn:aws:ssm:{{region}}:{{account}}:managed-instance/*" ] }, { "Effect": "Allow", "Action": [ "ssm:GetDocument", "ssm:DescribeDocument" ], "Resource": "arn:aws:ssm:{{region}}:{{account}}:document/*" }, { "Effect": "Allow", "Action": [ "ssm:GetParameter", "ssm:GetParameters" ], "Resource": "arn:aws:ssm:{{region}}:{{account}}:parameter/*" }, { "Effect": "Allow", "Action": [ "ssm:ListInstanceAssociations" ], "Resource": [ "arn:aws:ec2:{{region}}:{{account}}:instance/*", "arn:aws:ssm:{{region}}:{{account}}:managed-instance/*" ] }, { "Effect": "Allow", "Action": [ "ssm:PutComplianceItems" ], "Resource": [ "arn:aws:ec2:{{region}}:{{account}}:instance/*", "arn:aws:ssm:{{region}}:{{account}}:managed-instance/*" ] }, { "Effect": "Allow", "Action": [ "ssm:UpdateAssociationStatus" ], "Resource": [ "arn:aws:ssm:{{region}}:{{account}}:document/*", "arn:aws:ec2:{{region}}:{{account}}:instance/*", "arn:aws:ssm:{{region}}:{{account}}:managed-instance/*" ] }, { "Effect": "Allow", "Action": [ "ssm:UpdateInstanceAssociationStatus" ], "Resource": [ "arn:aws:ssm:{{region}}:{{account}}:association/*", "arn:aws:ec2:{{region}}:{{account}}:instance/*", "arn:aws:ssm:{{region}}:{{account}}:managed-instance/*" ] }, { "Effect": "Allow", "Action": [ "ssm:UpdateInstanceInformation" ], "Resource": [ "arn:aws:ec2:{{region}}:{{account}}:instance/*", "arn:aws:ssm:{{region}}:{{account}}:managed-instance/*" ] }, { "Effect": "Allow", "Action": [ "ssm:GetDeployablePatchSnapshotForInstance", "ssm:GetManifest", "ssm:ListAssociations", "ssm:PutInventory", "ssm:PutConfigurePackageResult" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2messages:AcknowledgeMessage", "ec2messages:DeleteMessage", "ec2messages:FailMessage", "ec2messages:GetEndpoint" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2messages:GetMessages", "ec2messages:SendReply" ], "Resource": "*", "Condition": { "ArnLike": { "ssm:SourceInstanceARN": "arn:aws:ssm:{{region}}:{{account}}:managed-instance/*" } } } ] }
{ "Version": "2012-10-17", "Statement": [ { "Sid": "SageMakerListClusters", "Effect": "Allow", "Action": "sagemaker:ListClusters", "Resource": "*" }, { "Sid": "SageMakerDescribeCluster", "Effect": "Allow", "Action": "sagemaker:DescribeCluster", "Resource": "arn:aws:sagemaker:{{region}}:{{account}}:cluster/cluster-name" }, { "Sid": "EksDescribeCluster", "Effect": "Allow", "Action": "eks:DescribeCluster", "Resource": "arn:aws:eks:{{region}}:{{account}}:cluster/cluster-name" }, { "Sid": "EksGetToken", "Effect": "Allow", "Action": "eks:GetToken", "Resource": "*" } ] }
