本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# 用于在 Amazon Neptune 中访问数据的 IAM 条件键
<a name="iam-data-condition-keys"></a>

[使用条件键](security-iam-access-manage.md#iam-using-condition-keys)，您可以在 IAM policy 语句中指定条件，这样该语句仅在条件为 true 时才生效。

您可以在 Neptune 数据访问策略语句中使用的条件键分为以下几类：
+ [全局条件键](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html) [-下面列出了 Neptune 在数据访问策略声明中支持的 AWS 全局条件键的子集。](#iam-data-global-condition-keys)
+ [特定于服务的条件键](#iam-neptune-condition-keys) – 这些键由 Neptune 定义，专门用于数据访问策略语句中。目前只有一个 ne [ptune-db: QueryLanguage](#neptune-db-query-language)，它只有在使用特定的查询语言时才授予访问权限。

## AWS Neptune 在数据访问策略声明中支持的全局条件上下文密钥
<a name="iam-data-global-condition-keys"></a>

下表列出了 Amazon Neptune 支持在数据访问策略语句中使用的 [AWS 全局条件上下文键](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html)的子集：


**可在数据访问策略语句中使用的全局条件键**  

| 条件键 | 描述 | Type | 
| --- | --- | --- | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-currenttime](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-currenttime) | 按请求的当前日期和时间筛选访问。 | String | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-epochtime](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-epochtime) | 按请求的日期和时间（以 UNIX 纪元值表示）筛选访问。 | Numeric | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principalaccount](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principalaccount) | 按发出请求的主体所属的账户筛选访问。 | String | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principalarn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principalarn) | 按发出请求的主体的 ARN 筛选访问。 | String | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principalisawsservice](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principalisawsservice) | 仅当呼叫由 AWS 服务主体直接拨打时才允许访问。 | Boolean | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principalorgid](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principalorgid) | 根据请求委托人所属的 Organizations 中的 AWS 组织标识符筛选访问权限。 | String | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principalorgpaths](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principalorgpaths) | 按 AWS Organizations 路径筛选提出请求的委托人的访问权限。 | String | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principaltag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principaltag) | 按附加到发出请求的主体的标签筛选访问。 | String | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principaltype](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principaltype) | 按发出请求的主体的类型筛选访问。 | String | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requestedregion](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requestedregion) | 按请求中调用的 AWS 区域筛选访问权限。 | String | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-securetransport](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-securetransport) | 仅当使用 SSL 发送请求时才允许访问。 | Boolean | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceip](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceip) | 按请求者的 IP 地址筛选访问。 | String | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tokenissuetime](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tokenissuetime) | 按颁发临时安全凭证的日期和时间筛选访问。 | String | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-useragent](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-useragent) | 按请求者的客户端应用程序筛选访问。 | String | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-userid](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-userid) | 按请求者的主体标识符筛选访问。 | String | 
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-viaawsservice](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-viaawsservice) | 仅当 AWS 服务代表您提出请求时才允许访问。 | Boolean | 

## Neptune 特定于服务的条件键
<a name="iam-neptune-condition-keys"></a>

Neptune 针对 IAM policy 支持以下特定于服务的条件键：


**Neptune 特定于服务的条件键**  

| 条件键 | 描述 | Type | 
| --- | --- | --- | 
| neptune-db:QueryLanguage |  按所使用的查询语言筛选数据访问权限。 有效值包括 `Gremlin`、`OpenCypher` 和 `Sparql`。 支持的操作为 `ReadDataViaQuery`、`WriteDataViaQuery`、`DeleteDataViaQuery`、`GetQueryStatus` 和 `CancelQuery`。  | String |