本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 资源
## AWS CloudFormation 文档
+ [使用 AWS Identity and Access Management控制访问权限](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html)
+ [AWS 资源和属性类型参考](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html)
+ [设置 AWS CloudFormation 堆栈选项](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-add-tags.html)
+ [AWS CloudFormation 服务角色](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html)
## AWS Identity and Access Management (IAM) 文档
+ [IAM 中的策略和权限](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
+ [IAM JSON 策略元素参考](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html)
+ [策略评估逻辑](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html)
+ [与 IAM 配合使用的AWS 服务](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html)
+ [创建角色以向某人委派权限 AWS 服务](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html)
+ [混淆代理人问题](https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html)
+ [ IAM 安全最佳实操](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
## 其他 AWS 参考文献
+ [AWS 服务的操作、资源和条件键](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html)(服务授权参考)
+ [授予最低权限访问权限](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_permissions_least_privileges.html)(AWS Well-Architected 框架)
+ [编写最低权限 IAM 策略的技巧](https://aws.amazon.com/blogs/security/techniques-for-writing-least-privilege-iam-policies/)(AWS 博客文章)