Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
# AmazonVPCNetworkAccessAnalyzerFullAccessPolicy
**Descrizione**: fornisce le autorizzazioni per descrivere AWS le risorse, eseguire Network Access Analyzer e creare o eliminare tag su Network Insights Access Scope e Network Insights Access Scope Analysis.
`AmazonVPCNetworkAccessAnalyzerFullAccessPolicy`è una politica [AWS gestita](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies).
## Utilizzo di questa politica
È possibile associare la policy `AmazonVPCNetworkAccessAnalyzerFullAccessPolicy` a utenti, gruppi e ruoli.
## Dettagli della policy
+ **Tipo**: politica AWS gestita
+ **Ora di creazione**: 15 giugno 2023, 22:56 UTC
+ **Ora modificata:** 15 maggio 2024, 21:40 UTC
+ **ARN**: `arn:aws:iam::aws:policy/AmazonVPCNetworkAccessAnalyzerFullAccessPolicy`
## Versione della politica
**Versione della politica:** v3 (predefinita)
La versione predefinita della politica è la versione che definisce le autorizzazioni per la politica. Quando un utente o un ruolo con la politica effettua una richiesta di accesso a una AWS risorsa, AWS controlla la versione predefinita della politica per determinare se consentire la richiesta.
## Documento di policy JSON
```
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "DirectconnectPermissions",
"Effect" : "Allow",
"Action" : [
"directconnect:DescribeConnections",
"directconnect:DescribeDirectConnectGatewayAssociations",
"directconnect:DescribeDirectConnectGatewayAttachments",
"directconnect:DescribeDirectConnectGateways",
"directconnect:DescribeVirtualGateways",
"directconnect:DescribeVirtualInterfaces"
],
"Resource" : "*"
},
{
"Sid" : "EC2Permissions",
"Effect" : "Allow",
"Action" : [
"ec2:CreateNetworkInsightsAccessScope",
"ec2:DeleteNetworkInsightsAccessScope",
"ec2:DeleteNetworkInsightsAccessScopeAnalysis",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCustomerGateways",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeManagedPrefixLists",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInsightsAccessScopeAnalyses",
"ec2:DescribeNetworkInsightsAccessScopes",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTransitGatewayAttachments",
"ec2:DescribeTransitGatewayConnects",
"ec2:DescribeTransitGatewayPeeringAttachments",
"ec2:DescribeTransitGatewayRouteTables",
"ec2:DescribeTransitGateways",
"ec2:DescribeTransitGatewayVpcAttachments",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServiceConfigurations",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:GetManagedPrefixListEntries",
"ec2:GetNetworkInsightsAccessScopeAnalysisFindings",
"ec2:GetNetworkInsightsAccessScopeContent",
"ec2:GetTransitGatewayRouteTablePropagations",
"ec2:SearchTransitGatewayRoutes",
"ec2:StartNetworkInsightsAccessScopeAnalysis"
],
"Resource" : "*"
},
{
"Sid" : "EC2TagsPermissions",
"Effect" : "Allow",
"Action" : [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Resource" : [
"arn:*:ec2:*:*:network-insights-access-scope/*",
"arn:*:ec2:*:*:network-insights-access-scope-analysis/*"
]
},
{
"Sid" : "ElasticloadbalancingPermissions",
"Effect" : "Allow",
"Action" : [
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth"
],
"Resource" : "*"
},
{
"Sid" : "GlobalacceleratorPermissions",
"Effect" : "Allow",
"Action" : [
"globalaccelerator:ListAccelerators",
"globalaccelerator:ListCustomRoutingAccelerators",
"globalaccelerator:ListCustomRoutingEndpointGroups",
"globalaccelerator:ListCustomRoutingListeners",
"globalaccelerator:ListCustomRoutingPortMappings",
"globalaccelerator:ListEndpointGroups",
"globalaccelerator:ListListeners"
],
"Resource" : "*"
},
{
"Sid" : "NetworkFirewallPermissions",
"Effect" : "Allow",
"Action" : [
"network-firewall:DescribeFirewall",
"network-firewall:DescribeFirewallPolicy",
"network-firewall:DescribeResourcePolicy",
"network-firewall:DescribeRuleGroup",
"network-firewall:ListFirewallPolicies",
"network-firewall:ListFirewalls",
"network-firewall:ListRuleGroups"
],
"Resource" : "*"
},
{
"Sid" : "ResourceGroupsPermissions",
"Effect" : "Allow",
"Action" : [
"resource-groups:ListGroupResources"
],
"Resource" : "*"
},
{
"Sid" : "TagsPermissions",
"Effect" : "Allow",
"Action" : [
"tag:GetResources"
],
"Resource" : "*"
},
{
"Sid" : "TirosPermissions",
"Effect" : "Allow",
"Action" : [
"tiros:CreateQuery",
"tiros:GetQueryAnswer"
],
"Resource" : "*"
}
]
}
```
## Ulteriori informazioni
+ [Crea un set di autorizzazioni utilizzando policy AWS gestite in IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtocreatepermissionset.html)
+ [Aggiungere e rimuovere i permessi di identità IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html)
+ [Comprendi il controllo delle versioni per le politiche IAM](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies_managed-versioning.html)
+ [Inizia con le policy AWS gestite e passa alle autorizzazioni con privilegi minimi](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html#bp-use-aws-defined-policies)