本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
设置前提权限
创建包含以下必需资源组操作的自定义策略:
-
resource-groups:CreateGroup
-
resource-groups:DeleteGroup
-
resource-groups:GetGroupQuery
-
resource-groups:ListGroupResources
-
resource-groups:Tag
-
tag:GetResources
有关如何添加内联策略的说明,请参阅添加 IAM 身份权限(控制台)。选择策略格式时,请选择 JSON 格式并添加以下策略:
- JSON
-
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"resource-groups:ListGroupResources"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"resource-groups:GetGroupQuery"
],
"Resource": "arn:aws:resource-groups:*:*:group/*"
},
{
"Effect": "Allow",
"Action": [
"resource-groups:CreateGroup",
"resource-groups:Tag"
],
"Resource": "arn:aws:resource-groups:*:*:group/*",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:TagKeys": "sagemaker:collection"
}
}
},
{
"Effect": "Allow",
"Action": "resource-groups:DeleteGroup",
"Resource": "arn:aws:resource-groups:*:*:group/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/sagemaker:collection": "true"
}
}
},
{
"Effect": "Allow",
"Action": "tag:GetResources",
"Resource": "*"
}
]
}