Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
AmazonDataZoneProjectRolePermissionsBoundary
Descrizione: Amazon DataZone crea ruoli IAM per i progetti per eseguire azioni di analisi dei dati e utilizza questa policy durante la creazione di questi ruoli per definire i limiti delle loro autorizzazioni.
AmazonDataZoneProjectRolePermissionsBoundaryè una politica AWS gestita.
Utilizzo di questa politica
Puoi collegarti AmazonDataZoneProjectRolePermissionsBoundary ai tuoi utenti, gruppi e ruoli.
Dettagli della politica
-
Tipo: politica AWS gestita
-
Ora di creazione: 21 marzo 2023, 02:51 UTC
-
Ora modificata: 21 marzo 2023, 02:51 UTC
-
ARN:
arn:aws:iam::aws:policy/AmazonDataZoneProjectRolePermissionsBoundary
Versione della politica
Versione della politica: v1 (default) (predefinito)
La versione predefinita della politica è la versione che definisce le autorizzazioni per la politica. Quando un utente o un ruolo con la politica effettua una richiesta di accesso a una AWS risorsa, AWS controlla la versione predefinita della politica per determinare se consentire la richiesta.
Documento di policy JSON
{ "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : [ "s3:List*", "s3:Get*", "s3:DeleteObjectVersion", "s3:RestoreObject", "s3:ReplicateObject", "s3:PutObject", "s3:AbortMultipartUpload", "s3:CreateBucket", "s3:PutBucketPublicAccessBlock", "s3:PutObjectRetention", "s3:DeleteObject" ], "Resource" : "arn:aws:s3:::datazone*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Effect" : "Allow", "Action" : [ "s3:List*", "s3:Get*", "kms:List*", "kms:Get*", "kms:Describe*", "kms:Decrypt" ], "Resource" : "*", "Condition" : { "StringNotEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Effect" : "Allow", "Action" : [ "ec2:Describe*", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "logs:*", "athena:TerminateSession", "athena:CreatePreparedStatement", "athena:StopCalculationExecution", "athena:StartQueryExecution", "athena:UpdatePreparedStatement", "athena:BatchGet*", "athena:List*", "athena:UpdateNotebook", "athena:DeleteNotebook", "athena:DeletePreparedStatement", "athena:UpdateNotebookMetadata", "athena:DeleteNamedQuery", "athena:Get*", "athena:UpdateNamedQuery", "athena:CreateNamedQuery", "athena:ExportNotebook", "athena:StopQueryExecution", "athena:StartCalculationExecution", "athena:StartSession", "athena:CreatePresignedNotebookUrl", "athena:CreateNotebook", "athena:ImportNotebook", "organizations:DescribeOrganization", "organizations:DescribeAccount", "lakeformation:GetDataAccess", "lakeformation:BatchGrantPermissions", "lakeformation:GrantPermissions", "lakeformation:GetDataLakeSettings", "lakeformation:PutDataLakeSettings", "lakeformation:BatchRevokePermissions", "lakeformation:GetResourceLFTags", "lakeformation:ListPermissions", "ram:CreateResourceShare", "ram:UpdateResourceShare", "ram:DeleteResourceShare", "ram:AssociateResourceShare", "ram:DisassociateResourceShare", "ram:AcceptResourceShareInvitation", "ram:Get*", "ram:List*", "redshift:DescribeClusters", "redshift:JoinGroup", "redshift:CreateClusterUser", "redshift:GetClusterCredentials", "redshift-data:*", "redshift:AuthorizeDataShare", "redshift:DescribeDataShares", "redshift:AssociateDataShareConsumer", "tag:GetResources", "iam:ListRoles", "iam:ListUsers", "iam:ListGroups", "iam:ListRolePolicies", "iam:GetRole", "iam:GetRolePolicy", "glue:CreateTable", "glue:BatchCreatePartition", "glue:CreatePartition", "glue:CreatePartitionIndex", "glue:CreateDataQualityRuleset", "glue:CreateBlueprint", "glue:CreateJob", "glue:CreateConnection", "glue:CreateCrawler", "glue:CreateWorkflow", "sqlworkbench:*", "datazone:*" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "ec2:CreateTags", "ec2:DeleteTags" ], "Resource" : [ "arn:aws:ec2:*:*:network-interface/*" ], "Condition" : { "ForAllValues:StringEquals" : { "aws:TagKeys" : [ "aws-glue-service-resource" ] } } }, { "Effect" : "Allow", "Action" : [ "kms:List*", "kms:Get*", "kms:Describe*", "kms:Decrypt", "kms:Encrypt", "kms:ReEncrypt*", "kms:Verify", "kms:Sign", "kms:GenerateDataKey", "glue:*" ], "Resource" : "*", "Condition" : { "Null" : { "aws:ResourceTag/datazone:projectId" : "false" } } }, { "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : [ "arn:aws:iam::*:role/datazone*" ] }, { "Effect" : "Allow", "Action" : [ "glue:BatchGet*", "glue:SearchTables", "glue:List*", "glue:Get*", "glue:CreateDatabase", "glue:UpdateDatabase", "glue:DeleteTable", "glue:BatchDeleteTable", "glue:UpdateTable", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:PutResourcePolicy", "glue:BatchUpdatePartition", "glue:DeleteTableVersion", "glue:DeleteColumnStatisticsForPartition", "glue:DeleteColumnStatisticsForTable", "glue:DeletePartitionIndex", "glue:UpdateColumnStatisticsForPartition", "glue:UpdateColumnStatisticsForTable", "glue:BatchDeleteTableVersion", "glue:UpdatePartition", "glue:NotifyEvent", "glue:DeleteResourcePolicy" ], "Resource" : "*" }, { "Effect" : "Deny", "NotAction" : [ "s3:List*", "s3:Get*", "s3:Describe*", "s3:DeleteObjectVersion", "s3:RestoreObject", "s3:ReplicateObject", "s3:PutObject", "s3:AbortMultipartUpload", "s3:CreateBucket", "s3:PutBucketPublicAccessBlock", "s3:PutObjectRetention", "s3:DeleteObject", "kms:List*", "kms:Get*", "kms:Describe*", "kms:Decrypt", "kms:Encrypt", "kms:ReEncrypt*", "kms:Verify", "kms:Sign", "kms:GenerateDataKey", "ec2:Describe*", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:CreateTags", "ec2:DeleteTags", "logs:*", "athena:*", "glue:BatchGet*", "glue:Get*", "glue:SearchTables", "glue:List*", "glue:CreateDatabase", "glue:UpdateDatabase", "glue:CreateTable", "glue:DeleteTable", "glue:BatchDeleteTable", "glue:UpdateTable", "glue:BatchCreatePartition", "glue:CreatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:PutResourcePolicy", "glue:CreatePartitionIndex", "glue:BatchUpdatePartition", "glue:DeleteTableVersion", "glue:DeleteColumnStatisticsForPartition", "glue:DeleteColumnStatisticsForTable", "glue:DeletePartitionIndex", "glue:UpdateColumnStatisticsForPartition", "glue:UpdateColumnStatisticsForTable", "glue:BatchDeleteTableVersion", "glue:UpdatePartition", "glue:NotifyEvent", "glue:StartBlueprintRun", "glue:PutWorkflowRunProperties", "glue:StopCrawler", "glue:DeleteJob", "glue:DeleteWorkflow", "glue:UpdateCrawler", "glue:DeleteBlueprint", "glue:UpdateWorkflow", "glue:StartCrawler", "glue:ResetJobBookmark", "glue:UpdateJob", "glue:StartWorkflowRun", "glue:StopCrawlerSchedule", "glue:ResumeWorkflowRun", "glue:DeleteCrawler", "glue:UpdateBlueprint", "glue:BatchStopJobRun", "glue:StopWorkflowRun", "glue:UpdateCrawlerSchedule", "glue:DeleteConnection", "glue:UpdateConnection", "glue:BatchDeleteConnection", "glue:StartCrawlerSchedule", "glue:StartJobRun", "glue:CreateWorkflow", "glue:*DataQuality*", "glue:CreateBlueprint", "glue:CreateJob", "glue:CreateConnection", "glue:CreateCrawler", "glue:DeleteResourcePolicy", "organizations:DescribeOrganization", "organizations:DescribeAccount", "lakeformation:GetDataAccess", "lakeformation:BatchGrantPermissions", "lakeformation:GrantPermissions", "lakeformation:GetDataLakeSettings", "lakeformation:PutDataLakeSettings", "lakeformation:BatchRevokePermissions", "lakeformation:GetResourceLFTags", "lakeformation:ListPermissions", "ram:*", "redshift:*", "redshift-data:*", "tag:GetResources", "iam:List*", "iam:GetRole", "iam:GetRolePolicy", "iam:PassRole", "sqlworkbench:*", "datazone:*" ], "Resource" : [ "*" ] } ] }
Ulteriori informazioni
