示例:AppStream 2.0 实例集机器角色跨服务混淆代理问题预防
例 aws:SourceAccount 条件:
- JSON
-
-
{ "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "appstream.amazonaws.com" ] }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "your AWS 账户 ID" } } } ] }
例 aws:SourceArn 条件:
注意
如果要将一个 IAM 角色用于多个实例集,我们建议使用带通配符(*)的 aws:SourceArn 全局条件上下文键来匹配多个 AppStream 2.0 实例集资源。
- JSON
-
-
{ "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "appstream.amazonaws.com" ] }, "Action": "sts:AssumeRole", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:appstream:us-east-1:111122223333:fleet/your-fleet-name" } } } ] }
示例:AppStream 2.0 服务角色跨服务混淆代理问题防范
示例:AppStream 2.0 弹性实例集会话脚本 Amazon S3 存储桶策略跨服务混淆代理问题防范