-
Kontrol akses berbasis tanda

Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

Contoh berikut menggunakan CreateSpace.

JSON
{
    "Version":"2012-10-17",		 	 	 		 	 	 
    "Statement": [
        {
            "Sid": "DenyCreateSpaceRemoteAccessEnabled",
            "Effect": "Deny",
            "Action": [
                "sagemaker:CreateSpace",
                "sagemaker:UpdateSpace"
            ],
            "Resource": "arn:aws:sagemaker:*:*:space/*",
            "Condition": {
                "StringEquals": {
                    "sagemaker:RemoteAccess": [
                        "ENABLED"
                    ]
                }
            }
        },
        {
            "Sid": "AllowCreateSpace",
            "Effect": "Allow",
            "Action": [
                "sagemaker:CreateSpace",
                "sagemaker:UpdateSpace"
            ],
            "Resource": "arn:aws:sagemaker:*:*:space/*"
        }
    ]
}

Kontrol akses berbasis tanda

{ "Team": "ML", "Environment": "Production", "CostCenter": "12345" }

JSON
{
    "Version":"2012-10-17",		 	 	 		 	 	 
    "Statement": [
        {
            "Sid": "RestrictStartSessionOnTaggedSpacesInDomain",
            "Effect": "Allow",
            "Action": [
                "sagemaker:StartSession"
            ],
            "Resource": [
                "arn:aws:sagemaker:us-east-1:111122223333:space/domain-id/*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:ResourceTag/Team": "${aws:PrincipalTag/Team}",
                    "aws:ResourceTag/Environment": "${aws:PrincipalTag/Environment}",
                    "aws:ResourceTag/CostCenter": "${aws:PrincipalTag/CostCenter}",
                    "aws:ResourceTag/IDC_UserName": "${aws:PrincipalTag/IDC_UserName}"
                }
            }
        }
    ]
}