View a markdown version of this page

声明式策略的先决条件和权限 AWS Organizations - AWS Organizations
声明性策略的先决条件声明式策略的权限

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

声明式策略的先决条件和权限 AWS Organizations

本页介绍的声明性策略的先决条件和所需权限。 AWS Organizations

声明性策略的先决条件

为组织使用声明式策略需要满足以下条件:

  • 您的组织必须已启用所有功能

  • 您必须登录到组织的管理账户或成为委派管理员。

  • 您的 AWS Identity and Access Management (IAM) 用户或角色必须拥有下一节中列出的权限。

声明式策略的权限

以下示例 IAM 策略提供了在组织中使用声明性策略各个方面的权限。

JSON
{
    "Version":"2012-10-17",
    "Statement": [
        {
            "Sid": "OrganizationPolicies",
            "Effect": "Allow",
            "Action": [
                "organizations:AttachPolicy",
                "organizations:CreatePolicy",
                "organizations:DeletePolicy",
                "organizations:DescribeAccount",
                "organizations:DescribeCreateAccountStatus",
                "organizations:DescribeEffectivePolicy",
                "organizations:DescribeOrganization",
                "organizations:DescribeOrganizationalUnit",
                "organizations:DescribePolicy",
                "organizations:DetachPolicy",
                "organizations:DisableAWSServiceAccess",
                "organizations:DisablePolicyType",
                "organizations:EnableAWSServiceAccess",
                "organizations:EnablePolicyType",
                "organizations:ListAccounts",
                "organizations:ListAccountsForParent",
                "organizations:ListAWSServiceAccessForOrganization",
                "organizations:ListCreateAccountStatus",
                "organizations:ListOrganizationalUnitsForParent",
                "organizations:ListParents",
                "organizations:ListPolicies",
                "organizations:ListPoliciesForTarget",
                "organizations:ListRoots",
                "organizations:ListTargetsForPolicy",
                "organizations:UpdatePolicy"
            ],
            "Resource": "*"
        }
    ]
}

有关 IAM 策略与权限的更多一般信息,请参阅 IAM 用户指南