本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AmazonDetectiveInvestigatorAccess
描述:为调查人员提供对 Amazon Detective 服务的访问权限并限定对控制台 UI 依赖项的访问权限。该策略允许出于调查目的深入探究 Detective,并允许对 Guardduty 的有限写入权限。
AmazonDetectiveInvestigatorAccess
是一项 AWS 托管式策略。
使用此策略
您可以将 AmazonDetectiveInvestigatorAccess
附加到您的用户、组和角色。
策略详细信息
-
类型: AWS 托管策略
-
创建时间:2023 年 1 月 17 日 15:24 UTC
-
编辑时间:2023 年 11 月 27 日 03:13 UTC
-
ARN:
arn:aws:iam::aws:policy/AmazonDetectiveInvestigatorAccess
策略版本
策略版本:v3 (默认值)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时, AWS 会检查策略的默认版本以确定是否允许该请求。
JSON 策略文档
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "DetectivePermissions", "Effect" : "Allow", "Action" : [ "detective:BatchGetGraphMemberDatasources", "detective:BatchGetMembershipDatasources", "detective:DescribeOrganizationConfiguration", "detective:GetFreeTrialEligibility", "detective:GetGraphIngestState", "detective:GetMembers", "detective:GetPricingInformation", "detective:GetUsageInformation", "detective:ListDatasourcePackages", "detective:ListGraphs", "detective:ListHighDegreeEntities", "detective:ListInvitations", "detective:ListMembers", "detective:ListOrganizationAdminAccount", "detective:ListTagsForResource", "detective:SearchGraph", "detective:StartInvestigation", "detective:GetInvestigation", "detective:ListInvestigations", "detective:UpdateInvestigationState", "detective:ListIndicators", "detective:InvokeAssistant" ], "Resource" : "*" }, { "Sid" : "OrganizationsPermissions", "Effect" : "Allow", "Action" : [ "organizations:DescribeOrganization", "organizations:ListAccounts" ], "Resource" : "*" }, { "Sid" : "GuardDutyPermissions", "Effect" : "Allow", "Action" : [ "guardduty:ArchiveFindings", "guardduty:GetFindings", "guardduty:ListDetectors" ], "Resource" : "*" }, { "Sid" : "SecurityHubPermissions", "Effect" : "Allow", "Action" : [ "securityHub:GetFindings" ], "Resource" : "*" } ] }