本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AmazonRedshiftAllCommandsFullAccess
描述:此策略包括运行 SQL 命令以复制、加载、卸载、查询和分析 Amazon Redshift 上的数据的权限。该策略还授予为相关服务(例如 Amazon S3、Amazon CloudWatch 日志、Amazon 或 AWS Glue)运行精选语句的权限。 SageMaker
AmazonRedshiftAllCommandsFullAccess 是一项 AWS 托管式策略。
使用此策略
您可以将 AmazonRedshiftAllCommandsFullAccess 附加到您的用户、组和角色。
策略详细信息
-
类型: AWS 托管策略
-
创建时间:2021 年 11 月 4 日 00:48 UTC
-
编辑时间:2021 年 11 月 25 日 02:27 UTC
-
ARN:
arn:aws:iam::aws:policy/AmazonRedshiftAllCommandsFullAccess
策略版本
策略版本:v2 (默认值)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时, AWS 会检查策略的默认版本以确定是否允许该请求。
JSON 策略文档
{ "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : [ "sagemaker:CreateTrainingJob", "sagemaker:CreateAutoMLJob", "sagemaker:CreateCompilationJob", "sagemaker:CreateEndpoint", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeCompilationJob", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeTransformJob", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:StopAutoMLJob", "sagemaker:StopCompilationJob", "sagemaker:StopTrainingJob", "sagemaker:DescribeEndpoint", "sagemaker:InvokeEndpoint", "sagemaker:StopProcessingJob", "sagemaker:CreateModel", "sagemaker:CreateProcessingJob" ], "Resource" : [ "arn:aws:sagemaker:*:*:model/*redshift*", "arn:aws:sagemaker:*:*:training-job/*redshift*", "arn:aws:sagemaker:*:*:automl-job/*redshift*", "arn:aws:sagemaker:*:*:compilation-job/*redshift*", "arn:aws:sagemaker:*:*:processing-job/*redshift*", "arn:aws:sagemaker:*:*:transform-job/*redshift*", "arn:aws:sagemaker:*:*:endpoint/*redshift*" ] }, { "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource" : [ "arn:aws:logs:*:*:log-group:/aws/sagemaker/Endpoints/*redshift*", "arn:aws:logs:*:*:log-group:/aws/sagemaker/ProcessingJobs/*redshift*", "arn:aws:logs:*:*:log-group:/aws/sagemaker/TrainingJobs/*redshift*", "arn:aws:logs:*:*:log-group:/aws/sagemaker/TransformJobs/*redshift*" ] }, { "Effect" : "Allow", "Action" : [ "cloudwatch:PutMetricData" ], "Resource" : "*", "Condition" : { "StringEquals" : { "cloudwatch:namespace" : [ "SageMaker", "/aws/sagemaker/Endpoints", "/aws/sagemaker/ProcessingJobs", "/aws/sagemaker/TrainingJobs", "/aws/sagemaker/TransformJobs" ] } } }, { "Effect" : "Allow", "Action" : [ "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "s3:GetObject", "s3:GetBucketAcl", "s3:GetBucketCors", "s3:GetEncryptionConfiguration", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:ListMultipartUploadParts", "s3:ListBucketMultipartUploads", "s3:PutObject", "s3:PutBucketAcl", "s3:PutBucketCors", "s3:DeleteObject", "s3:AbortMultipartUpload", "s3:CreateBucket" ], "Resource" : [ "arn:aws:s3:::redshift-downloads", "arn:aws:s3:::redshift-downloads/*", "arn:aws:s3:::*redshift*", "arn:aws:s3:::*redshift*/*" ] }, { "Effect" : "Allow", "Action" : [ "s3:GetObject" ], "Resource" : "*", "Condition" : { "StringEqualsIgnoreCase" : { "s3:ExistingObjectTag/Redshift" : "true" } } }, { "Effect" : "Allow", "Action" : [ "dynamodb:Scan", "dynamodb:DescribeTable", "dynamodb:Getitem" ], "Resource" : [ "arn:aws:dynamodb:*:*:table/*redshift*", "arn:aws:dynamodb:*:*:table/*redshift*/index/*" ] }, { "Effect" : "Allow", "Action" : [ "elasticmapreduce:ListInstances" ], "Resource" : [ "arn:aws:elasticmapreduce:*:*:cluster/*redshift*" ] }, { "Effect" : "Allow", "Action" : [ "elasticmapreduce:ListInstances" ], "Resource" : "*", "Condition" : { "StringEqualsIgnoreCase" : { "elasticmapreduce:ResourceTag/Redshift" : "true" } } }, { "Effect" : "Allow", "Action" : [ "lambda:InvokeFunction" ], "Resource" : "arn:aws:lambda:*:*:function:*redshift*" }, { "Effect" : "Allow", "Action" : [ "glue:CreateDatabase", "glue:DeleteDatabase", "glue:GetDatabase", "glue:GetDatabases", "glue:UpdateDatabase", "glue:CreateTable", "glue:DeleteTable", "glue:BatchDeleteTable", "glue:UpdateTable", "glue:GetTable", "glue:GetTables", "glue:BatchCreatePartition", "glue:CreatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:UpdatePartition", "glue:GetPartition", "glue:GetPartitions", "glue:BatchGetPartition" ], "Resource" : [ "arn:aws:glue:*:*:table/*redshift*/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*redshift*" ] }, { "Effect" : "Allow", "Action" : [ "secretsmanager:GetResourcePolicy", "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:ListSecretVersionIds" ], "Resource" : [ "arn:aws:secretsmanager:*:*:secret:*redshift*" ] }, { "Effect" : "Allow", "Action" : [ "secretsmanager:GetRandomPassword", "secretsmanager:ListSecrets" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : "arn:aws:iam::*:role/*", "Condition" : { "StringEquals" : { "iam:PassedToService" : [ "redshift.amazonaws.com", "glue.amazonaws.com", "sagemaker.amazonaws.com", "athena.amazonaws.com" ] } } } ] }
了解更多信息
