本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
使用 IAM 条件键生成 AWS Artifact 报告
您可以使用 IAM 条件密钥根据特定的报告类别和系列提供对 AWS Artifact报告的精细访问权限。
以下示例策略演示了您可以根据特定的报告类别和系列向 IAM 用户分配的权限。
例管理 AWS 报告读取权限的策略示例
AWS Artifact 报告由 IAM 资源表示。report
以下政策授予阅读该Certifications and Attestations类别下所有 AWS Artifact 报告的权限。
-
{ "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport" ], "Resource": "*", "Condition": { "StringEquals": { "artifact:ReportCategory": "Certifications and Attestations" } } } ] }
以下政策允许您授予阅读该SOC系列下所有 AWS Artifact 报告的权限。
-
{ "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports" ], "Resource": "*" },{ "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "artifact:ReportSeries": "SOC", "artifact:ReportCategory": "Certifications and Attestations" } } } ] }
以下政策允许您授予阅读该Certifications and Attestations类别和SOC系列下所有 AWS Artifact 报告的权限。
-
{ "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "artifact:ListReports" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport" ], "Resource": "*", "Condition": { "StringEquals": { "artifact:ReportSeries": "SOC", "artifact:ReportCategory": "Certifications and Attestations" } } } ] }
