本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AmazonECSInfrastructureRoleforExpressGatewayServices
描述:这些权限使 Amazon ECS 能够自动配置和管理 Express Gateway 服务所需的基础设施组件,包括负载平衡、安全组、SSL 证书和自动扩展配置。
AmazonECSInfrastructureRoleforExpressGatewayServices 是一项 AWS 托管式策略。
使用此策略
您可以将 AmazonECSInfrastructureRoleforExpressGatewayServices 附加到您的用户、组和角色。
策略详细信息
-
类型:服务角色策略
-
创建时间:世界标准时间 2025 年 11 月 12 日 20:34
-
编辑时间:世界标准时间 2025 年 11 月 15 日 19:34
-
ARN:
arn:aws:iam::aws:policy/service-role/AmazonECSInfrastructureRoleforExpressGatewayServices
策略版本
策略版本:v2(默认)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时, AWS 会检查策略的默认版本以确定是否允许该请求。
JSON 策略文档
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "ServiceLinkedRoleCreateOperations", "Effect" : "Allow", "Action" : "iam:CreateServiceLinkedRole", "Resource" : "*", "Condition" : { "StringEquals" : { "iam:AWSServiceName" : [ "ecs.application-autoscaling.amazonaws.com", "elasticloadbalancing.amazonaws.com" ] } } }, { "Sid" : "ELBOperations", "Effect" : "Allow", "Action" : [ "elasticloadbalancing:CreateListener", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:CreateRule", "elasticloadbalancing:CreateTargetGroup", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:ModifyRule", "elasticloadbalancing:AddListenerCertificates", "elasticloadbalancing:RemoveListenerCertificates", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeleteRule", "elasticloadbalancing:DeleteListener" ], "Resource" : [ "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*/*", "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/AmazonECSManaged" : "true" } } }, { "Sid" : "TagOnCreateELBResources", "Effect" : "Allow", "Action" : "elasticloadbalancing:AddTags", "Resource" : [ "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*/*", "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" ], "Condition" : { "StringEquals" : { "elasticloadbalancing:CreateAction" : [ "CreateLoadBalancer", "CreateListener", "CreateRule", "CreateTargetGroup" ] } } }, { "Sid" : "BlanketAllowCreateSecurityGroupsInVPCs", "Effect" : "Allow", "Action" : "ec2:CreateSecurityGroup", "Resource" : "arn:aws:ec2:*:*:vpc/*" }, { "Sid" : "CreateSecurityGroupResourcesWithTags", "Effect" : "Allow", "Action" : [ "ec2:CreateSecurityGroup", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress" ], "Resource" : [ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:security-group-rule/*", "arn:aws:ec2:*:*:vpc/*" ], "Condition" : { "StringEquals" : { "aws:RequestTag/AmazonECSManaged" : "true" } } }, { "Sid" : "ModifySecurityGroupOperations", "Effect" : "Allow", "Action" : [ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Resource" : [ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:vpc/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/AmazonECSManaged" : "true" } } }, { "Sid" : "TagOnCreateEC2Resources", "Effect" : "Allow", "Action" : "ec2:CreateTags", "Resource" : [ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:security-group-rule/*" ], "Condition" : { "StringEquals" : { "ec2:CreateAction" : [ "CreateSecurityGroup", "AuthorizeSecurityGroupIngress", "AuthorizeSecurityGroupEgress" ] } } }, { "Sid" : "CertificateOperations", "Effect" : "Allow", "Action" : [ "acm:RequestCertificate", "acm:AddTagsToCertificate", "acm:DeleteCertificate", "acm:DescribeCertificate" ], "Resource" : [ "arn:aws:acm:*:*:certificate/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/AmazonECSManaged" : "true" } } }, { "Sid" : "ApplicationAutoscalingCreateOperations", "Effect" : "Allow", "Action" : [ "application-autoscaling:RegisterScalableTarget", "application-autoscaling:TagResource", "application-autoscaling:DeregisterScalableTarget" ], "Resource" : [ "arn:aws:application-autoscaling:*:*:scalable-target/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/AmazonECSManaged" : "true" } } }, { "Sid" : "ApplicationAutoscalingPolicyOperations", "Effect" : "Allow", "Action" : [ "application-autoscaling:PutScalingPolicy", "application-autoscaling:DeleteScalingPolicy" ], "Resource" : [ "arn:aws:application-autoscaling:*:*:scalable-target/*" ], "Condition" : { "StringEquals" : { "application-autoscaling:service-namespace" : "ecs" } } }, { "Sid" : "ApplicationAutoscalingReadOperations", "Effect" : "Allow", "Action" : [ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScalingActivities" ], "Resource" : [ "arn:aws:application-autoscaling:*:*:scalable-target/*" ] }, { "Sid" : "CloudWatchAlarmCreateOperations", "Effect" : "Allow", "Action" : [ "cloudwatch:PutMetricAlarm", "cloudwatch:TagResource" ], "Resource" : [ "arn:aws:cloudwatch:*:*:alarm:*" ], "Condition" : { "StringEquals" : { "aws:RequestTag/AmazonECSManaged" : "true" } } }, { "Sid" : "CloudWatchAlarmOperations", "Effect" : "Allow", "Action" : [ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms" ], "Resource" : [ "arn:aws:cloudwatch:*:*:alarm:*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/AmazonECSManaged" : "true" } } }, { "Sid" : "ELBReadOperations", "Effect" : "Allow", "Action" : [ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeRules" ], "Resource" : "*" }, { "Sid" : "VPCReadOperations", "Effect" : "Allow", "Action" : [ "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeRouteTables", "ec2:DescribeVpcs" ], "Resource" : "*" }, { "Sid" : "CloudWatchLogsCreateOperations", "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup", "logs:TagResource" ], "Resource" : "arn:aws:logs:*:*:log-group:*", "Condition" : { "StringEquals" : { "aws:RequestTag/AmazonECSManaged" : "true" } } }, { "Sid" : "CloudWatchLogsReadOperations", "Effect" : "Allow", "Action" : [ "logs:DescribeLogGroups" ], "Resource" : "*" } ] }
了解更多
