本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWSIAMIdentityCenterAllowListForIdentityContext
描述:提供允许在 IAM Identity Center 身份上下文中担任的角色执行的操作列表。 AWS 安全令牌服务 (AWS STS) 会自动将此策略附加到代入的角色。身份上下文作为 ProvidedContext 传递。
AWSIAMIdentityCenterAllowListForIdentityContext 是一项 AWS 托管式策略。
使用此策略
您可以将 AWSIAMIdentityCenterAllowListForIdentityContext 附加到您的用户、组和角色。
策略详细信息
- 
                类型: AWS 托管策略 
- 
                创建时间:2023 年 11 月 8 日 15:21 UTC 
- 
                编辑时间:2024 年 10 月 1 日 14:19 UTC 
- 
                ARN: arn:aws:iam::aws:policy/AWSIAMIdentityCenterAllowListForIdentityContext
策略版本
策略版本:v12 (默认值)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时, AWS 会检查策略的默认版本以确定是否允许该请求。
JSON 策略文档
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "TrustedIdentityPropagation", "Effect" : "Deny", "NotAction" : [ "aoss:APIAccessAll", "athena:BatchGetNamedQuery", "athena:BatchGetPreparedStatement", "athena:BatchGetQueryExecution", "athena:CreateNamedQuery", "athena:CreatePreparedStatement", "athena:DeleteNamedQuery", "athena:DeletePreparedStatement", "athena:GetNamedQuery", "athena:GetPreparedStatement", "athena:GetQueryExecution", "athena:GetQueryResults", "athena:GetQueryResultsStream", "athena:GetQueryRuntimeStatistics", "athena:GetWorkGroup", "athena:ListNamedQueries", "athena:ListPreparedStatements", "athena:ListQueryExecutions", "athena:StartQueryExecution", "athena:StopQueryExecution", "athena:UpdateNamedQuery", "athena:UpdatePreparedStatement", "athena:GetDatabase", "athena:GetDataCatalog", "athena:GetTableMetadata", "athena:ListDatabases", "athena:ListDataCatalogs", "athena:ListTableMetadata", "athena:ListWorkGroups", "elasticmapreduce:GetClusterSessionCredentials", "elasticmapreduce:AddJobFlowSteps", "elasticmapreduce:DescribeCluster", "elasticmapreduce:CancelSteps", "elasticmapreduce:DescribeStep", "elasticmapreduce:ListSteps", "es:ESHttpHead", "es:ESHttpPost", "es:ESHttpGet", "es:ESHttpPatch", "es:ESHttpDelete", "es:ESHttpPut", "glue:GetDatabase", "glue:GetDatabases", "glue:GetTable", "glue:GetTables", "glue:GetTableVersions", "glue:GetPartition", "glue:GetPartitions", "glue:BatchGetPartition", "glue:GetColumnStatisticsForPartition", "glue:GetColumnStatisticsForTable", "glue:SearchTables", "glue:CreateDatabase", "glue:UpdateDatabase", "glue:DeleteDatabase", "glue:CreateTable", "glue:DeleteTable", "glue:BatchDeleteTable", "glue:UpdateTable", "glue:BatchCreatePartition", "glue:CreatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:UpdatePartition", "glue:BatchUpdatePartition", "glue:DeleteColumnStatisticsForPartition", "glue:DeleteColumnStatisticsForTable", "glue:UpdateColumnStatisticsForPartition", "glue:UpdateColumnStatisticsForTable", "lakeformation:GetDataAccess", "s3:GetAccessGrantsInstanceForPrefix", "s3:GetDataAccess", "s3:ListCallerAccessGrants", "q:StartConversation", "q:SendMessage", "q:ListConversations", "q:GetConversation", "q:StartTroubleshootingAnalysis", "q:GetTroubleshootingResults", "q:StartTroubleshootingResolutionExplanation", "q:UpdateTroubleshootingCommandResult", "qapps:CreateQApp", "qapps:PredictProblemStatementFromConversation", "qapps:PredictQAppFromProblemStatement", "qapps:CopyQApp", "qapps:GetQApp", "qapps:ListQApps", "qapps:UpdateQApp", "qapps:DeleteQApp", "qapps:AssociateQAppWithUser", "qapps:DisassociateQAppFromUser", "qapps:ImportDocumentToQApp", "qapps:ImportDocumentToQAppSession", "qapps:CreateLibraryItem", "qapps:GetLibraryItem", "qapps:UpdateLibraryItem", "qapps:CreateLibraryItemReview", "qapps:ListLibraryItems", "qapps:CreateSubscriptionToken", "qapps:StartQAppSession", "qapps:StopQAppSession", "qapps:PredictQApp", "qapps:ImportDocument", "qapps:AssociateLibraryItemReview", "qapps:DisassociateLibraryItemReview", "qapps:GetQAppSession", "qapps:UpdateQAppSession", "qapps:GetQAppSessionMetadata", "qapps:UpdateQAppSessionMetadata", "qapps:TagResource", "qapps:ListQAppSessionData", "qapps:ExportQAppSessionData", "qbusiness:Chat", "qbusiness:ChatSync", "qbusiness:ListConversations", "qbusiness:ListMessages", "qbusiness:DeleteConversation", "qbusiness:PutFeedback", "sts:SetContext" ], "Resource" : "*" } ] }