的管理策略的先决条件和权限 AWS Organizations - AWS Organizations
管理策略的先决条件管理策略的权限

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

的管理策略的先决条件和权限 AWS Organizations

本页介绍了 AWS Organizations管理策略的先决条件和所需权限。

管理策略的先决条件

要使用组织的管理策略,需要满足以下条件:

  • 您的组织必须已启用所有功能

  • 您必须登录到组织的管理账户或成为委派管理员。

  • 您的 AWS Identity and Access Management (IAM) 用户或角色必须拥有下一节中列出的权限。

管理策略的权限

以下示例 IAM 策略提供了在组织中使用管理策略的各个方面所需的权限。

JSON
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "OrganizationPolicies",
            "Effect": "Allow",
            "Action": [
                "organizations:AttachPolicy",
                "organizations:CreatePolicy",
                "organizations:DeletePolicy",
                "organizations:DescribeAccount",
                "organizations:DescribeCreateAccountStatus",
                "organizations:DescribeEffectivePolicy",
                "organizations:DescribeOrganization",
                "organizations:DescribeOrganizationalUnit",
                "organizations:DescribePolicy",
                "organizations:DetachPolicy",
                "organizations:DisableAWSServiceAccess",
                "organizations:DisablePolicyType",
                "organizations:EnableAWSServiceAccess",
                "organizations:EnablePolicyType",
                "organizations:ListAccounts",
                "organizations:ListAccountsForParent",
                "organizations:ListAWSServiceAccessForOrganization",
                "organizations:ListCreateAccountStatus",
                "organizations:ListOrganizationalUnitsForParent",
                "organizations:ListParents",
                "organizations:ListPolicies",
                "organizations:ListPoliciesForTarget",
                "organizations:ListRoots",
                "organizations:ListTargetsForPolicy",
                "organizations:UpdatePolicy"
            ],
            "Resource": "*"
        }
    ]
}

有关 IAM 策略与权限的更多一般信息,请参阅 IAM 用户指南