本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AmazonDataZone<region>S3Manage--<domainId>
AmazonDataZoneS3Manage-<region>-<domainId>用于亚马逊致 DataZone电 AWS Lake Formation 注册亚马逊简单存储服务 (Amazon S3) 地点。 AWS Lake Formation 在访问该位置的数据时扮演这个角色。有关更多信息,请参阅用于注册位置的角色的要求。
此角色已附加以下内联权限策略。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "LakeFormationDataAccessPermissionsForS3", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceAccount": "{{accountId}}" } } }, { "Sid": "LakeFormationDataAccessPermissionsForS3ListBucket", "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceAccount": "{{accountId}}" } } }, { "Sid": "LakeFormationDataAccessPermissionsForS3ListAllMyBuckets", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": "arn:aws:s3:::*", "Condition": { "StringEquals": { "aws:ResourceAccount": "{{accountId}}" } } }, { "Sid": "LakeFormationExplicitDenyPermissionsForS3", "Effect": "Deny", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::[[BucketNames]]/*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{{accountId}}" } } }, { "Sid": "LakeFormationExplicitDenyPermissionsForS3ListBucket", "Effect": "Deny", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::[[BucketNames]]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{{accountId}}" } } } ] }
AmazonDataZoneS3Manage-<region>-<domainId>附带了以下信任政策:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "TrustLakeFormationForDataLocationRegistration", "Effect": "Allow", "Principal": { "Service": "lakeformation.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{{source_account_id}}" } } } ] }
