翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
AWSElasticBeanstalkManagedUpdatesServiceRolePolicy
説明: マネージド更新に制限されたアクセス許可を付与する AWS Elastic Beanstalk サービスロールポリシー。
AWSElasticBeanstalkManagedUpdatesServiceRolePolicy は AWS マネージドポリシーです。
このポリシーを使用すると
このポリシーは、ユーザーに代わってサービスがアクションを実行することを許可する、サービスリンクロールにアタッチされます。ユーザー、グループおよびロールにこのポリシーはアタッチできません。
ポリシーの詳細
- 
                タイプ: サービスリンクロールポリシー 
- 
                作成日時: 2019 年 11 月 21 日 22:35 UTC 
- 
                編集日時: 2024 年 4 月 29 日 23:11 UTC 
- 
                ARN: arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkManagedUpdatesServiceRolePolicy
ポリシーのバージョン
ポリシーのバージョン: v9 (デフォルト)
ポリシーのデフォルトバージョンは、ポリシーのアクセス許可を定義するバージョンです。ポリシーを持つユーザーまたはロールが AWS リソースへのアクセスをリクエストすると、 はポリシーのデフォルトバージョン AWS をチェックして、リクエストを許可するかどうかを決定します。
JSON ポリシードキュメント
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AllowPassRoleToElasticBeanstalkAndDownstreamServices", "Effect" : "Allow", "Action" : "iam:PassRole", "Resource" : "*", "Condition" : { "StringLikeIfExists" : { "iam:PassedToService" : [ "elasticbeanstalk.amazonaws.com", "ec2.amazonaws.com", "autoscaling.amazonaws.com", "elasticloadbalancing.amazonaws.com", "ecs.amazonaws.com", "cloudformation.amazonaws.com" ] } } }, { "Sid" : "SingleInstanceAPIs", "Effect" : "Allow", "Action" : [ "ec2:releaseAddress", "ec2:allocateAddress", "ec2:DisassociateAddress", "ec2:AssociateAddress" ], "Resource" : "*" }, { "Sid" : "ECS", "Effect" : "Allow", "Action" : [ "ecs:RegisterTaskDefinition", "ecs:DeRegisterTaskDefinition", "ecs:List*", "ecs:Describe*" ], "Resource" : "*" }, { "Sid" : "ElasticBeanstalkAPIs", "Effect" : "Allow", "Action" : [ "elasticbeanstalk:*" ], "Resource" : "*" }, { "Sid" : "ReadOnlyAPIs", "Effect" : "Allow", "Action" : [ "cloudformation:Describe*", "cloudformation:List*", "ec2:Describe*", "autoscaling:Describe*", "elasticloadbalancing:Describe*", "logs:DescribeLogGroups", "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances" ], "Resource" : "*" }, { "Sid" : "ASG", "Effect" : "Allow", "Action" : [ "autoscaling:AttachInstances", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteScheduledAction", "autoscaling:DetachInstances", "autoscaling:PutNotificationConfiguration", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:ResumeProcesses", "autoscaling:SuspendProcesses", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup" ], "Resource" : [ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" ] }, { "Sid" : "CFN", "Effect" : "Allow", "Action" : [ "cloudformation:CreateStack", "cloudformation:CancelUpdateStack", "cloudformation:DeleteStack", "cloudformation:GetTemplate", "cloudformation:UpdateStack", "cloudformation:TagResource", "cloudformation:UntagResource" ], "Resource" : [ "arn:aws:cloudformation:*:*:stack/awseb-e-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] }, { "Sid" : "EC2", "Effect" : "Allow", "Action" : [ "ec2:TerminateInstances" ], "Resource" : "arn:aws:ec2:*:*:instance/*", "Condition" : { "StringLike" : { "ec2:ResourceTag/aws:cloudformation:stack-id" : [ "arn:aws:cloudformation:*:*:stack/awseb-e-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] } } }, { "Sid" : "S3Obj", "Effect" : "Allow", "Action" : [ "s3:DeleteObject", "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectVersionAcl" ], "Resource" : "arn:aws:s3:::elasticbeanstalk-*/*" }, { "Sid" : "S3Bucket", "Effect" : "Allow", "Action" : [ "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:ListBucket", "s3:PutBucketPolicy" ], "Resource" : "arn:aws:s3:::elasticbeanstalk-*" }, { "Sid" : "CWL", "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:PutRetentionPolicy" ], "Resource" : "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*" }, { "Sid" : "ELB", "Effect" : "Allow", "Action" : [ "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeRegisterTargets", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:RegisterInstancesWithLoadBalancer" ], "Resource" : [ "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-e-*", "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*" ] }, { "Sid" : "SNS", "Effect" : "Allow", "Action" : [ "sns:CreateTopic" ], "Resource" : "arn:aws:sns:*:*:ElasticBeanstalkNotifications-Environment-*" }, { "Sid" : "EC2LaunchTemplate", "Effect" : "Allow", "Action" : [ "ec2:CreateLaunchTemplate", "ec2:DeleteLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:DeleteLaunchTemplateVersions" ], "Resource" : "arn:aws:ec2:*:*:launch-template/*" }, { "Sid" : "AllowLaunchTemplateRunInstances", "Effect" : "Allow", "Action" : "ec2:RunInstances", "Resource" : "*", "Condition" : { "ArnLike" : { "ec2:LaunchTemplate" : "arn:aws:ec2:*:*:launch-template/*" } } }, { "Sid" : "AllowECSTagResource", "Effect" : "Allow", "Action" : [ "ecs:TagResource" ], "Resource" : "*", "Condition" : { "StringEquals" : { "ecs:CreateAction" : [ "RegisterTaskDefinition" ] } } } ] }