本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# `CreatePolicy`与 AWS SDK 或 CLI 配合使用
以下代码示例演示如何使用 `CreatePolicy`。
------
#### [ .NET ]
**适用于 .NET 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/Organizations#code-examples)中查找完整示例,了解如何进行设置和运行。
```
using System;
using System.Threading.Tasks;
using Amazon.Organizations;
using Amazon.Organizations.Model;
///
/// Creates a new AWS Organizations Policy.
///
public class CreatePolicy
{
///
/// Initializes the AWS Organizations client object, uses it to
/// create a new Organizations Policy, and then displays information
/// about the newly created Policy.
///
public static async Task Main()
{
IAmazonOrganizations client = new AmazonOrganizationsClient();
var policyContent = "{" +
" \"Version\": \"2012-10-17\"," +
" \"Statement\" : [{" +
" \"Action\" : [\"s3:*\"]," +
" \"Effect\" : \"Allow\"," +
" \"Resource\" : \"*\"" +
"}]" +
"}";
try
{
var response = await client.CreatePolicyAsync(new CreatePolicyRequest
{
Content = policyContent,
Description = "Enables admins of attached accounts to delegate all Amazon S3 permissions",
Name = "AllowAllS3Actions",
Type = "SERVICE_CONTROL_POLICY",
});
Policy policy = response.Policy;
Console.WriteLine($"{policy.PolicySummary.Name} has the following content: {policy.Content}");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
```
+ 有关 API 的详细信息,请参阅 *适用于 .NET 的 AWS SDK API 参考[CreatePolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/organizations-2016-11-28/CreatePolicy)*中的。
------
#### [ CLI ]
**AWS CLI**
**示例 1:使用 JSON 策略的文本源文件创建策略**
以下示例演示如何创建名为 `AllowAllS3Actions` 的服务控制策略(SCP)。策略内容取自本地计算机上名为 `policy.json` 的文件。
```
aws organizations create-policy --content file://policy.json --name AllowAllS3Actions, --type SERVICE_CONTROL_POLICY --description "Allows delegation of all S3 actions"
```
输出包括一个策略对象,其中包含有关新策略的详细信息:
```
{
"Policy": {
"Content": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"s3:*\"],\"Resource\":[\"*\"]}]}",
"PolicySummary": {
"Arn": "arn:aws:organizations::o-exampleorgid:policy/service_control_policy/p-examplepolicyid111",
"Description": "Allows delegation of all S3 actions",
"Name": "AllowAllS3Actions",
"Type":"SERVICE_CONTROL_POLICY"
}
}
}
```
**示例 2:创建以 JSON 策略作为参数的策略**
以下示例演示了如何创建相同的 SCP,这次是将策略内容作为 JSON 字符串嵌入到参数中。字符串必须在双引号前使用反斜杠进行转义,以确保在参数中将其视为文本,参数本身用双引号引起来:
```
aws organizations create-policy --content "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"s3:*\"],\"Resource\":[\"*\"]}]}" --name AllowAllS3Actions --type SERVICE_CONTROL_POLICY --description "Allows delegation of all S3 actions"
```
有关在组织中创建和使用策略的更多信息,请参阅《AWS Organizations 用户指南》**中的“管理组织策略”。
+ 有关 API 的详细信息,请参阅*AWS CLI 命令参考[CreatePolicy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/organizations/create-policy.html)*中的。
------
#### [ Python ]
**适用于 Python 的 SDK(Boto3)**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/organizations#code-examples)中查找完整示例,了解如何进行设置和运行。
```
def create_policy(name, description, content, policy_type, orgs_client):
"""
Creates a policy.
:param name: The name of the policy.
:param description: The description of the policy.
:param content: The policy content as a dict. This is converted to JSON before
it is sent to AWS. The specific format depends on the policy type.
:param policy_type: The type of the policy.
:param orgs_client: The Boto3 Organizations client.
:return: The newly created policy.
"""
try:
response = orgs_client.create_policy(
Name=name,
Description=description,
Content=json.dumps(content),
Type=policy_type,
)
policy = response["Policy"]
logger.info("Created policy %s.", name)
except ClientError:
logger.exception("Couldn't create policy %s.", name)
raise
else:
return policy
```
+ 有关 API 的详细信息,请参阅适用[CreatePolicy](https://docs.aws.amazon.com/goto/boto3/organizations-2016-11-28/CreatePolicy)于 *Python 的AWS SDK (Boto3) API 参考*。
------
#### [ SAP ABAP ]
**适用于 SAP ABAP 的 SDK**
还有更多相关信息 GitHub。在 [AWS 代码示例存储库](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/org#code-examples)中查找完整示例,了解如何进行设置和运行。
```
TRY.
oo_result = lo_org->createpolicy( " oo_result is returned for testing purposes. "
iv_name = iv_policy_name
iv_description = iv_policy_description
iv_content = iv_policy_content
iv_type = iv_policy_type ).
MESSAGE 'Policy created.' TYPE 'I'.
CATCH /aws1/cx_orgaccessdeniedex.
MESSAGE 'You do not have permission to create a policy.' TYPE 'E'.
CATCH /aws1/cx_orgduplicatepolicyex.
MESSAGE 'A policy with this name already exists.' TYPE 'E'.
CATCH /aws1/cx_orgmalformedplydocex.
MESSAGE 'The policy content is malformed.' TYPE 'E'.
ENDTRY.
```
+ 有关 API 的详细信息,请参阅适用[CreatePolicy](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)于 S *AP 的AWS SDK ABAP API 参考*。
------
有关 S AWS DK 开发者指南和代码示例的完整列表,请参阅[AWS Organizations 与 AWS SDK 一起使用](sdk-general-information-section.md)。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。