本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# AWS 身份和访问管理 (IAM) 的操作、资源和条件密钥
AWS Identity and Access Management (IAM)(服务前缀`iam`:)提供以下特定于服务的资源、操作和条件上下文密钥,供在 IAM 权限策略中使用。
参考:
+ 了解如何[配置该服务](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html)。
+ 查看[适用于该服务的 API 操作列表](https://docs.aws.amazon.com/IAM/latest/APIReference/)。
+ 了解如何[使用 IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) 权限策略保护该服务及其资源。
**Topics**
+ [由 AWS 身份和访问管理 (IAM) Access Management 定义的操作](#awsidentityandaccessmanagementiam-actions-as-permissions)
+ [由 AWS 身份与访问管理 (IAM) Access Management 定义的资源类型](#awsidentityandaccessmanagementiam-resources-for-iam-policies)
+ [AWS 身份和访问管理 (IAM) 的条件密钥 Access Management](#awsidentityandaccessmanagementiam-policy-keys)
## 由 AWS 身份和访问管理 (IAM) Access Management 定义的操作
您可以在 IAM 策略语句的 `Action` 元素中指定以下操作。可以使用策略授予在 AWS中执行操作的权限。您在策略中使用一项操作时,通常使用相同的名称允许或拒绝对 API 操作或 CLI 命令的访问。但在某些情况下,单一动作可控制对多项操作的访问。还有某些操作需要多种不同的动作。
操作表的**访问级别**列描述如何对操作进行分类(列出、读取、权限管理或标记)。此分类可以帮助您了解当您在策略中使用操作时,相应操作授予的访问级别。有关访问级别的更多信息,请参阅[策略摘要中的访问级别](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html)。
操作表的**资源类型**列指示每项操作是否支持资源级权限。如果该列没有任何值,您必须在策略语句的 `Resource` 元素中指定策略应用的所有资源(“\*”)。通过在 IAM policy 中使用条件来筛选访问权限,以控制是否可以在资源或请求中使用特定标签键。如果操作具有一个或多个必需资源,则调用方必须具有使用这些资源来使用该操作的权限。必需资源在表中以星号 (\*) 表示。如果您在 IAM policy 中使用 `Resource` 元素限制资源访问权限,则必须为每种必需的资源类型添加 ARN 或模式。某些操作支持多种资源类型。如果资源类型是可选的(未指示为必需),则可以选择使用一种可选资源类型。
操作表的**条件键**列包括可以在策略语句的 `Condition` 元素中指定的键。有关与服务资源关联的条件键的更多信息,请参阅资源类型表的**条件键**列。
操作表的**依赖操作**列显示成功调用操作可能需要的其他权限。除了操作本身的权限以外,可能还需要这些权限。若某个操作指定依赖操作,则这些依赖关系可能适用于为该操作定义的其他资源,而不仅仅是表中列出的第一个资源。
**注意**
资源条件键在[资源类型](#awsidentityandaccessmanagementiam-resources-for-iam-policies)表中列出。您可以在操作表的**资源类型(\* 为必需)**列中找到应用于某项操作的资源类型的链接。资源类型表中的资源类型包括**条件密钥**列,这是应用于操作表中操作的资源条件键。
有关下表中各列的详细信息,请参阅[操作表](reference_policies_actions-resources-contextkeys.html#actions_table)。
****
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_AcceptDelegationRequest.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AcceptDelegationRequest.html) **
- **描述:** 接受委托请求资源,授予所请求的临时访问权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-delegation-request](#awsidentityandaccessmanagementiam-delegation-request)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddClientIDToOpenIDConnectProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddClientIDToOpenIDConnectProvider.html) **
- **描述:** 授予权限以将新客户端 ID(受众)添加到指定 IAM OpenID Connect (OIDC) 提供商资源的注册 ID 列表中
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-oidc-provider](#awsidentityandaccessmanagementiam-oidc-provider)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddRoleToInstanceProfile.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddRoleToInstanceProfile.html) **
- **描述:** 授予权限以将 IAM 角色添加到指定的实例配置文件中
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-instance-profile](#awsidentityandaccessmanagementiam-instance-profile)
- **条件键:**
- **相关操作:** iam:PassRole
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddUserToGroup.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddUserToGroup.html) **
- **描述:** 授予权限以将 IAM 用户添加到指定的 IAM 组中
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_AssociateDelegationRequest.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AssociateDelegationRequest.html) **
- **描述:** 将委托请求资源与主叫身份相关联
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-delegation-request](#awsidentityandaccessmanagementiam-delegation-request)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html) **
- **描述:** 授予权限以将托管策略附加到指定的 IAM 组
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PolicyARN](#awsidentityandaccessmanagementiam-iam_PolicyARN) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html) **
- **描述:** 授予权限以将托管策略附加到指定的 IAM 角色
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PolicyARN](#awsidentityandaccessmanagementiam-iam_PolicyARN)
[#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html) **
- **描述:** 授予权限以将托管策略附加到指定的 IAM 用户
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PolicyARN](#awsidentityandaccessmanagementiam-iam_PolicyARN)
[#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) **
- **描述:** 授予 IAM 用户更改自己密码的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html) **
- **描述:** 授予权限以便为指定 IAM 用户创建访问密钥和秘密访问密钥
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccountAlias.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccountAlias.html) **
- **描述:** 授予为你创建别名的权限 AWS 账户
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateDelegationRequest.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateDelegationRequest.html) **
- **描述:** 为临时访问委派创建 IAM 委托请求资源
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-delegation-request](#awsidentityandaccessmanagementiam-delegation-request) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_DelegationDuration](#awsidentityandaccessmanagementiam-iam_DelegationDuration)
[#awsidentityandaccessmanagementiam-iam_NotificationChannel](#awsidentityandaccessmanagementiam-iam_NotificationChannel)
[#awsidentityandaccessmanagementiam-iam_TemplateArn](#awsidentityandaccessmanagementiam-iam_TemplateArn) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateGroup.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateGroup.html) **
- **描述:** 授予权限以创建新的组
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateInstanceProfile.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateInstanceProfile.html) **
- **描述:** 授予权限以创建新的实例配置文件
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-instance-profile](#awsidentityandaccessmanagementiam-instance-profile) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateLoginProfile.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateLoginProfile.html) **
- **描述:** 授予权限以便为指定的 IAM 用户创建密码
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) **
- **描述:** 授予权限以创建 IAM 资源,它描述支持 OpenID Connect (OIDC) 的身份提供商 (IdP)
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-oidc-provider](#awsidentityandaccessmanagementiam-oidc-provider) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html) **
- **描述:** 授予权限以创建新的托管策略
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-policy](#awsidentityandaccessmanagementiam-policy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicyVersion.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicyVersion.html) **
- **描述:** 授予权限以创建指定托管策略的新版本
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-policy](#awsidentityandaccessmanagementiam-policy)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) **
- **描述:** 授予权限以创建新的角色
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary)
[#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateSAMLProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateSAMLProvider.html) **
- **描述:** 授予权限以创建 IAM 资源,它描述支持 SAML 2.0 的身份提供商 (IdP)
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-saml-provider](#awsidentityandaccessmanagementiam-saml-provider) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceLinkedRole.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceLinkedRole.html) **
- **描述:** 授予创建 IAM 角色的权限,该角色允许 AWS 服务代表您执行操作
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_AWSServiceName](#awsidentityandaccessmanagementiam-iam_AWSServiceName) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceSpecificCredential.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceSpecificCredential.html) **
- **描述:** 授予权限以便为 IAM 用户创建新的服务特定凭证
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_ServiceSpecificCredentialAgeDays](#awsidentityandaccessmanagementiam-iam_ServiceSpecificCredentialAgeDays)
[#awsidentityandaccessmanagementiam-iam_ServiceSpecificCredentialServiceName](#awsidentityandaccessmanagementiam-iam_ServiceSpecificCredentialServiceName) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateUser.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateUser.html) **
- **描述:** 授予权限以创建新的 IAM 用户
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary)
[#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateVirtualMFADevice.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateVirtualMFADevice.html) **
- **描述:** 授予权限以创建新的虚拟 MFA 设备
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-mfa](#awsidentityandaccessmanagementiam-mfa) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html) **
- **描述:** 授予权限以停用指定的 MFA 设备,并删除最初启用了该设备的 IAM 用户与其之间的关联
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html) **
- **描述:** 授予权限以删除与指定 IAM 用户关联的访问密钥对
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountAlias.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountAlias.html) **
- **描述:** 授予删除指定 AWS 账户 别名的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountPasswordPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountPasswordPolicy.html) **
- **描述:** 授予删除密码策略的权限 AWS 账户
- **访问级别:** 权限管理
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html) **
- **描述:** 授予删除现有 CloudFront 公钥的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroup.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroup.html) **
- **描述:** 授予权限以删除指定的 IAM 组
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroupPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroupPolicy.html) **
- **描述:** 授予权限以将指定的内联策略从其组中删除
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteInstanceProfile.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteInstanceProfile.html) **
- **描述:** 授予权限以删除指定的实例配置文件
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-instance-profile](#awsidentityandaccessmanagementiam-instance-profile)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteLoginProfile.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteLoginProfile.html) **
- **描述:** 授予权限以删除指定 IAM 用户的密码
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteOpenIDConnectProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteOpenIDConnectProvider.html) **
- **描述:** 授予权限以在 IAM 中删除 OpenID Connect 身份提供商 (IdP) 资源对象
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-oidc-provider](#awsidentityandaccessmanagementiam-oidc-provider)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html) **
- **描述:** 授予权限以删除指定的托管策略,并将其从附加到的任何 IAM 实体(用户、组或角色)中删除
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-policy](#awsidentityandaccessmanagementiam-policy)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html) **
- **描述:** 授予权限以从指定的托管策略中删除版本
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-policy](#awsidentityandaccessmanagementiam-policy)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRole.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRole.html) **
- **描述:** 授予权限以删除指定的角色
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePermissionsBoundary.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePermissionsBoundary.html) **
- **描述:** 授予权限以从角色中删除权限边界
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html) **
- **描述:** 授予权限以从指定的角色中删除指定的内联策略
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSAMLProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSAMLProvider.html) **
- **描述:** 授予权限以在 IAM 中删除 SAML 提供程序资源
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-saml-provider](#awsidentityandaccessmanagementiam-saml-provider)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSSHPublicKey.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSSHPublicKey.html) **
- **描述:** 授予权限以删除指定的 SSH 公有密钥
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServerCertificate.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServerCertificate.html) **
- **描述:** 授予权限以删除指定的服务器证书
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-server-certificate](#awsidentityandaccessmanagementiam-server-certificate)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceLinkedRole.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceLinkedRole.html) **
- **描述:** 如果该服务已停止使用 IAM 角色,则授予删除与该 AWS 服务关联的 IAM 角色的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceSpecificCredential.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceSpecificCredential.html) **
- **描述:** 授予权限以删除 IAM 用户的指定服务特定凭证
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_ServiceSpecificCredentialServiceName](#awsidentityandaccessmanagementiam-iam_ServiceSpecificCredentialServiceName) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSigningCertificate.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSigningCertificate.html) **
- **描述:** 授予权限以删除与指定 IAM 用户关联的签名证书
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUser.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUser.html) **
- **描述:** 授予权限以删除指定的 IAM 用户
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPermissionsBoundary.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPermissionsBoundary.html) **
- **描述:** 授予权限以从指定的 IAM 用户中删除权限边界
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html) **
- **描述:** 授予权限以从 IAM 用户中删除指定的内联策略
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteVirtualMFADevice.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteVirtualMFADevice.html) **
- **描述:** 授予权限以删除虚拟 MFA 设备
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-mfa](#awsidentityandaccessmanagementiam-mfa) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-sms-mfa](#awsidentityandaccessmanagementiam-sms-mfa) / **条件键:** / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html) **
- **描述:** 授予权限以将托管策略从指定的 IAM 组中分离
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PolicyARN](#awsidentityandaccessmanagementiam-iam_PolicyARN) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html) **
- **描述:** 授予权限以将托管策略从指定的角色中分离
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PolicyARN](#awsidentityandaccessmanagementiam-iam_PolicyARN)
[#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html) **
- **描述:** 授予权限以将托管策略从指定的 IAM 用户中分离
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PolicyARN](#awsidentityandaccessmanagementiam-iam_PolicyARN)
[#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DisableOrganizationsRootCredentialsManagement.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DisableOrganizationsRootCredentialsManagement.html) **
- **描述:** 授予权限以禁用当前账户下管理的组织的成员账户根用户凭证的管理
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_DisableOrganizationsRootSessions.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DisableOrganizationsRootSessions.html) **
- **描述:** 授予权限以禁用当前账户下管理的组织的成员账户中的特权根操作
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddClientIDToOpenIDConnectProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddClientIDToOpenIDConnectProvider.html) **
- **描述:** 禁用来电者账户的出站身份联合功能
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html) **
- **描述:** 授予权限以启用 MFA 设备,并将其与指定的 IAM 用户相关联
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_RegisterSecurityKey](#awsidentityandaccessmanagementiam-iam_RegisterSecurityKey)
[#awsidentityandaccessmanagementiam-iam_FIDO-FIPS-140-2-certification](#awsidentityandaccessmanagementiam-iam_FIDO-FIPS-140-2-certification)
[#awsidentityandaccessmanagementiam-iam_FIDO-FIPS-140-3-certification](#awsidentityandaccessmanagementiam-iam_FIDO-FIPS-140-3-certification)
[#awsidentityandaccessmanagementiam-iam_FIDO-certification](#awsidentityandaccessmanagementiam-iam_FIDO-certification) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableOrganizationsRootCredentialsManagement.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableOrganizationsRootCredentialsManagement.html) **
- **描述:** 授予权限以启用当前账户下管理的组织的成员账户根用户凭证的管理
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableOrganizationsRootSessions.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableOrganizationsRootSessions.html) **
- **描述:** 授予权限以启用当前账户下管理的组织的成员账户中的特权根操作
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableOutboundWebIdentityFederation.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableOutboundWebIdentityFederation.html) **
- **描述:** 为来电者账户启用出站身份联合功能
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateCredentialReport.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateCredentialReport.html) **
- **描述:** 授予生成证书报告的权限 AWS 账户
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html) **
- **描述:** 授予为 Organizations 实体生成访问报告的权限 AWS
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-access-report](#awsidentityandaccessmanagementiam-access-report) / **条件键:** / **相关操作:** organizations:DescribePolicy
organizations:ListChildren
organizations:ListParents
organizations:ListPoliciesForTarget
organizations:ListRoots
organizations:ListTargetsForPolicy
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_OrganizationsPolicyId](#awsidentityandaccessmanagementiam-iam_OrganizationsPolicyId) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateServiceLastAccessedDetails.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateServiceLastAccessedDetails.html) **
- **描述:** 授予权限以便为 IAM 资源生成上次访问的服务数据报告
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-policy](#awsidentityandaccessmanagementiam-policy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccessKeyLastUsed.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccessKeyLastUsed.html) **
- **描述:** 授予权限以检索有关上次使用指定访问密钥的时间的信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountAuthorizationDetails.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountAuthorizationDetails.html) **
- **描述:** 授予权限以检索有关您的所有 IAM 用户、群组、角色和策略的信息 AWS 账户,包括他们之间的关系
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html) **
- **描述:** 授予检索与账户关联的电子邮件地址的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html) **
- **描述:** 授予检索与账户关联的账户名称的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountPasswordPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountPasswordPolicy.html) **
- **描述:** 授予检索密码策略的权限 AWS 账户
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html) **
- **描述:** 授予在中检索有关 IAM 实体使用情况和 IAM 配额信息的权限 AWS 账户
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html) **
- **描述:** 授予检索有关指定 CloudFront 公钥信息的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html) **
- **描述:** 授予权限以检索指定策略中引用的所有上下文键的列表
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html) **
- **描述:** 授予权限以检索附加到指定 IAM 身份(用户、组或角色)的所有 IAM policy 中引用的所有上下文键的列表
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetCredentialReport.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetCredentialReport.html) **
- **描述:** 授予检索证书报告的权限 AWS 账户
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetDelegationRequest.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetDelegationRequest.html) **
- **描述:** 检索有关特定委托请求的信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-delegation-request](#awsidentityandaccessmanagementiam-delegation-request)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroup.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroup.html) **
- **描述:** 授予权限以检索指定 IAM 组中的 IAM 用户列表
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html) **
- **描述:** 授予权限以检索嵌入在指定 IAM 组中的内联策略文档
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetHumanReadableSummary.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetHumanReadableSummary.html) **
- **描述:** 检索给定实体的人类可读摘要。目前,仅支持委托请求
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-delegation-request](#awsidentityandaccessmanagementiam-delegation-request)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetInstanceProfile.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetInstanceProfile.html) **
- **描述:** 授予权限以检索有关指定实例配置文件的信息,包括实例配置文件的路径、GUID、ARN 和角色
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-instance-profile](#awsidentityandaccessmanagementiam-instance-profile)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetLoginProfile.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetLoginProfile.html) **
- **描述:** 授予权限以检索指定 IAM 用户的用户名和密码创建日期
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetMFADevice.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetMFADevice.html) **
- **描述:** 授予检索指定的用户 MFA 设备相关信息的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOpenIDConnectProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOpenIDConnectProvider.html) **
- **描述:** 授予权限以在 IAM 中检索有关指定 OpenID Connect (OIDC) 提供商资源的信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-oidc-provider](#awsidentityandaccessmanagementiam-oidc-provider)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOrganizationsAccessReport.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOrganizationsAccessReport.html) **
- **描述:** 授予检索 Organizati AWS ons 访问报告的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOutboundWebIdentityFederationInfo.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOutboundWebIdentityFederationInfo.html) **
- **描述:** 检索来电者账户的出站身份联合功能的配置信息
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html) **
- **描述:** 授予权限以检索有关指定托管策略的信息,包括策略的默认版本以及策略附加到的身份总数
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-policy](#awsidentityandaccessmanagementiam-policy)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html) **
- **描述:** 授予权限以检索有关指定托管策略的版本的信息,包括策略文档
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-policy](#awsidentityandaccessmanagementiam-policy)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html) **
- **描述:** 授予权限以检索有关指定角色的信息,包括角色的路径、GUID、ARN 和角色的信任策略
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html) **
- **描述:** 授予权限以检索嵌入在指定 IAM 角色中的内联策略文档
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSAMLProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSAMLProvider.html) **
- **描述:** 授予权限以检索在创建或更新 IAM SAML 提供商资源时上传的 SAML 提供商元文档
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-saml-provider](#awsidentityandaccessmanagementiam-saml-provider)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSSHPublicKey.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSSHPublicKey.html) **
- **描述:** 授予权限以检索指定的 SSH 公有密钥,包括有关密钥的元数据
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServerCertificate.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServerCertificate.html) **
- **描述:** 授予权限以检索有关 IAM 中存储的指定服务器证书的信息
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-server-certificate](#awsidentityandaccessmanagementiam-server-certificate)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetails.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetails.html) **
- **描述:** 授予权限以检索有关上次访问的服务数据报告的信息
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetailsWithEntities.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetailsWithEntities.html) **
- **描述:** 授予权限以从上次访问的服务数据报告中检索有关实体的信息
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLinkedRoleDeletionStatus.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLinkedRoleDeletionStatus.html) **
- **描述:** 授予权限以检索 IAM 服务相关角色删除状态
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html) **
- **描述:** 授予权限以检索有关指定 IAM 用户的信息,包括用户的创建日期、路径、唯一 ID 和 ARN
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html) **
- **描述:** 授予权限以检索嵌入在指定 IAM 用户中的内联策略文档
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html) **
- **描述:** 授予权限以列出有关与指定 IAM 用户关联的访问密钥 ID 的信息
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html) **
- **描述:** 授予列出与关联的账户别名的权限 AWS 账户
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html) **
- **描述:** 授予权限以列出附加到指定 IAM 组的所有托管策略
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html) **
- **描述:** 授予权限以列出附加到指定 IAM 角色的所有托管策略
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html) **
- **描述:** 授予权限以列出附加到指定 IAM 用户的所有托管策略
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html) **
- **描述:** 授予列出该账户所有当前 CloudFront 公钥的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListDelegationRequests.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListDelegationRequests.html) **
- **描述:** 根据指定标准列出委托请求
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:** [#awsidentityandaccessmanagementiam-iam_DelegationRequestOwner](#awsidentityandaccessmanagementiam-iam_DelegationRequestOwner)
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html) **
- **描述:** 授予权限以列出指定托管策略附加到的所有 IAM 身份
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-policy](#awsidentityandaccessmanagementiam-policy)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html) **
- **描述:** 授予权限以列出嵌入在指定 IAM 组中的内联策略的名称
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroups.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroups.html) **
- **描述:** 授予权限以列出具有指定路径前缀的 IAM 组
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupsForUser.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupsForUser.html) **
- **描述:** 授予权限以列出指定 IAM 用户所属的 IAM 组
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfileTags.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfileTags.html) **
- **描述:** 授予权限以列出附加到指定实例配置文件的标签
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-instance-profile](#awsidentityandaccessmanagementiam-instance-profile)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfiles.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfiles.html) **
- **描述:** 授予权限以列出具有指定路径前缀的实例配置文件
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfilesForRole.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfilesForRole.html) **
- **描述:** 授予权限以列出具有指定的关联 IAM 角色的实例配置文件
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADeviceTags.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADeviceTags.html) **
- **描述:** 授予权限以列出附加到指定虚拟 MFA 设备的标签
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-mfa](#awsidentityandaccessmanagementiam-mfa)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADevices.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADevices.html) **
- **描述:** 授予权限以列出 IAM 用户的 MFA 设备
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviderTags.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviderTags.html) **
- **描述:** 授予权限以列出附加到指定 OpenID Connect 提供商的标签
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-oidc-provider](#awsidentityandaccessmanagementiam-oidc-provider)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html) **
- **描述:** 授予列出有关在 IAM OpenID Connect (OIDC) 提供商资源对象中定义的信息的权限 AWS 账户
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOrganizationsFeatures.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOrganizationsFeatures.html) **
- **描述:** 授予权限以列出为组织启用的集中式根访问权限功能
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html) **
- **描述:** 授予权限以列出所有托管策略
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPoliciesGrantingServiceAccess.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPoliciesGrantingServiceAccess.html) **
- **描述:** 授予权限以列出有关为实体授予特定服务的访问权限的策略的信息
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyTags.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyTags.html) **
- **描述:** 授予权限以列出附加到指定托管策略的标签
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-policy](#awsidentityandaccessmanagementiam-policy)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html) **
- **描述:** 授予权限以列出有关指定托管策略的版本的信息,包括当前设置为策略默认版本的版本
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-policy](#awsidentityandaccessmanagementiam-policy)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html) **
- **描述:** 授予权限以列出嵌入在指定 IAM 角色中的内联策略的名称
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoleTags.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoleTags.html) **
- **描述:** 授予权限以列出附加到指定 IAM 角色的标签
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoles.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoles.html) **
- **描述:** 授予权限以列出具有指定路径前缀的 IAM 角色
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviderTags.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviderTags.html) **
- **描述:** 授予权限以列出附加到指定 SAML 提供商的标签
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-saml-provider](#awsidentityandaccessmanagementiam-saml-provider)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviders.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviders.html) **
- **描述:** 授予权限以列出 IAM 中的 SAML 提供商资源
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSSHPublicKeys.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSSHPublicKeys.html) **
- **描述:** 授予权限以列出有关与指定 IAM 用户关联的 SSH 公有密钥的信息
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) **
- **描述:** 授予列出所有活动 STS 区域端点状态的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificateTags.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificateTags.html) **
- **描述:** 授予权限以列出附加到指定服务器证书的标签
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-server-certificate](#awsidentityandaccessmanagementiam-server-certificate)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificates.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificates.html) **
- **描述:** 授予权限以列出具有指定路径前缀的服务器证书
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServiceSpecificCredentials.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServiceSpecificCredentials.html) **
- **描述:** 授予权限以列出与指定 IAM 用户关联的服务特定凭证
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSigningCertificates.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSigningCertificates.html) **
- **描述:** 授予权限以列出有关与指定 IAM 用户关联的签名证书的信息
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserPolicies.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserPolicies.html) **
- **描述:** 授予权限以列出嵌入在指定 IAM 用户中的内联策略的名称
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserTags.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserTags.html) **
- **描述:** 授予权限以列出附加到指定 IAM 用户的标签
- **访问级别:** List
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUsers.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUsers.html) **
- **描述:** 授予权限以列出具有指定路径前缀的 IAM 用户
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListVirtualMFADevices.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListVirtualMFADevices.html) **
- **描述:** 授予权限以按分配状态列出虚拟 MFA 设备
- **访问级别:** List
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html) [仅权限]**
- **描述:** 授予权限以将角色传递给服务
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_AssociatedResourceArn](#awsidentityandaccessmanagementiam-iam_AssociatedResourceArn)
[#awsidentityandaccessmanagementiam-iam_PassedToService](#awsidentityandaccessmanagementiam-iam_PassedToService) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html) **
- **描述:** 授予权限以创建或更新嵌入在指定 IAM 组中的内联策略文档
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePermissionsBoundary.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePermissionsBoundary.html) **
- **描述:** 授予权限以将托管策略设置为角色的权限边界
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html) **
- **描述:** 授予权限以创建或更新嵌入在指定 IAM 角色中的内联策略文档
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPermissionsBoundary.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPermissionsBoundary.html) **
- **描述:** 授予权限以将托管策略设置为 IAM 用户的权限边界
- **访问级别:** Permissions management
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html) **
- **描述:** 授予权限以创建或更新嵌入在指定 IAM 用户中的内联策略文档
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_RejectDelegationRequest.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_RejectDelegationRequest.html) **
- **描述:** 拒绝委托请求,拒绝请求的临时访问权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-delegation-request](#awsidentityandaccessmanagementiam-delegation-request)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveClientIDFromOpenIDConnectProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveClientIDFromOpenIDConnectProvider.html) **
- **描述:** 授予权限以从指定 IAM OpenID Connect (OIDC) 提供商资源的客户端 ID 列表中删除客户端 ID(受众)
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-oidc-provider](#awsidentityandaccessmanagementiam-oidc-provider)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveRoleFromInstanceProfile.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveRoleFromInstanceProfile.html) **
- **描述:** 授予权限以从指定的 EC2 实例配置文件中删除 IAM 角色
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-instance-profile](#awsidentityandaccessmanagementiam-instance-profile)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveUserFromGroup.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveUserFromGroup.html) **
- **描述:** 授予权限以从指定的组中删除 IAM 用户
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html) **
- **描述:** 授予权限以重置 IAM 用户的现有服务特定凭证的密码
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_ServiceSpecificCredentialServiceName](#awsidentityandaccessmanagementiam-iam_ServiceSpecificCredentialServiceName) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResyncMFADevice.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResyncMFADevice.html) **
- **描述:** 授予权限以将指定的 MFA 设备与其 IAM 实体(用户或角色)同步
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_SendDelegationToken.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_SendDelegationToken.html) **
- **描述:** 为已接受的委托请求发送交换令牌
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-delegation-request](#awsidentityandaccessmanagementiam-delegation-request)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetDefaultPolicyVersion.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetDefaultPolicyVersion.html) **
- **描述:** 授予权限以将指定策略的版本设置为策略的默认版本
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-policy](#awsidentityandaccessmanagementiam-policy)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) **
- **描述:** 授予激活或停用 STS 区域端点的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetSecurityTokenServicePreferences.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetSecurityTokenServicePreferences.html) **
- **描述:** 授予权限以设置 STS 全局终端节点令牌版本
- **访问级别:** Write
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html) **
- **描述:** 授予权限以模拟基于身份的策略或基于资源的策略是否为特定 API 操作和资源提供权限
- **访问级别:** Read
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html) **
- **描述:** 授予权限以模拟附加到指定 IAM 实体(用户或角色)的基于身份的策略是否为特定 API 操作和资源提供权限
- **访问级别:** Read
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagInstanceProfile.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagInstanceProfile.html) **
- **描述:** 授予权限以将标签添加到实例配置文件
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-instance-profile](#awsidentityandaccessmanagementiam-instance-profile) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagMFADevice.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagMFADevice.html) **
- **描述:** 授予权限以将标签添加到虚拟 MFA 设备
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-mfa](#awsidentityandaccessmanagementiam-mfa) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagOpenIDConnectProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagOpenIDConnectProvider.html) **
- **描述:** 授予权限以将标签添加到 OpenID Connect 提供商
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-oidc-provider](#awsidentityandaccessmanagementiam-oidc-provider) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagPolicy.html) **
- **描述:** 授予权限以将标签添加到托管策略
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-policy](#awsidentityandaccessmanagementiam-policy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagRole.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagRole.html) **
- **描述:** 授予权限以将标签添加到 IAM 角色
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagSAMLProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagSAMLProvider.html) **
- **描述:** 授予权限以将标签添加到 SAML 提供商
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-saml-provider](#awsidentityandaccessmanagementiam-saml-provider) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagServerCertificate.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagServerCertificate.html) **
- **描述:** 授予权限以将标签添加到服务器证书
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-server-certificate](#awsidentityandaccessmanagementiam-server-certificate) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagUser.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagUser.html) **
- **描述:** 授予权限以将标签添加到 IAM 用户
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagInstanceProfile.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagInstanceProfile.html) **
- **描述:** 授予权限以从实例配置文件中删除指定的标签
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-instance-profile](#awsidentityandaccessmanagementiam-instance-profile) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagMFADevice.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagMFADevice.html) **
- **描述:** 授予权限以从虚拟 MFA 设备中删除指定的标签
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-mfa](#awsidentityandaccessmanagementiam-mfa) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagOpenIDConnectProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagOpenIDConnectProvider.html) **
- **描述:** 授予权限以从 OpenID Connect 提供商中删除指定的标签
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-oidc-provider](#awsidentityandaccessmanagementiam-oidc-provider) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagPolicy.html) **
- **描述:** 授予权限以从托管策略中删除指定的标签
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-policy](#awsidentityandaccessmanagementiam-policy) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagRole.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagRole.html) **
- **描述:** 授予权限以从角色中删除指定的标签
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagSAMLProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagSAMLProvider.html) **
- **描述:** 授予权限以从 SAML 提供商中删除指定的标签
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-saml-provider](#awsidentityandaccessmanagementiam-saml-provider) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagServerCertificate.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagServerCertificate.html) **
- **描述:** 授予权限以从服务器证书中删除指定的标签
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-server-certificate](#awsidentityandaccessmanagementiam-server-certificate) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagUser.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagUser.html) **
- **描述:** 授予权限以从用户中删除指定的标签
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html) **
- **描述:** 授予权限以将指定访问密钥的状态更新为活动或非活动状态
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html) **
- **描述:** 授予更新与账户关联的电子邮件地址的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html) **
- **描述:** 授予更新与账户关联的账户名称的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccountPasswordPolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccountPasswordPolicy.html) **
- **描述:** 授予更新密码策略设置的权限 AWS 账户
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html) **
- **描述:** 授予权限以更新为 IAM 实体授予权限以担任角色的策略
- **访问级别:** 权限管理
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html) **
- **描述:** 授予更新现有 CloudFront 公钥的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateGroup.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateGroup.html) **
- **描述:** 授予权限以更新指定 IAM 组的名称或路径
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-group](#awsidentityandaccessmanagementiam-group)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateLoginProfile.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateLoginProfile.html) **
- **描述:** 授予权限以更改指定 IAM 用户的密码
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateOpenIDConnectProviderThumbprint.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateOpenIDConnectProviderThumbprint.html) **
- **描述:** 授予权限以更新与 OpenID Connect (OIDC) 提供商资源关联的服务器证书指纹的完整列表
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-oidc-provider](#awsidentityandaccessmanagementiam-oidc-provider)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateRole.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateRole.html) **
- **描述:** 授予权限以更新角色的描述或最大会话持续时间设置
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateRoleDescription.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateRoleDescription.html) **
- **描述:** 授予权限以仅更新角色描述
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-role](#awsidentityandaccessmanagementiam-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_PermissionsBoundary](#awsidentityandaccessmanagementiam-iam_PermissionsBoundary) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSAMLProvider.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSAMLProvider.html) **
- **描述:** 授予权限以更新现有 SAML 提供商资源的元数据文档
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-saml-provider](#awsidentityandaccessmanagementiam-saml-provider)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSSHPublicKey.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSSHPublicKey.html) **
- **描述:** 授予权限以将 IAM 用户的 SSH 公有密钥状态更新为活动或非活动状态
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateServerCertificate.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateServerCertificate.html) **
- **描述:** 授予权限以更新 IAM 中存储的指定服务器证书的名称或路径
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-server-certificate](#awsidentityandaccessmanagementiam-server-certificate)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateServiceSpecificCredential.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateServiceSpecificCredential.html) **
- **描述:** 授予权限以将 IAM 用户的服务特定凭证状态更新为活动或非活动状态
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-iam_ServiceSpecificCredentialServiceName](#awsidentityandaccessmanagementiam-iam_ServiceSpecificCredentialServiceName) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSigningCertificate.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSigningCertificate.html) **
- **描述:** 授予权限以将指定用户签名证书的状态更新为活动或已禁用状态
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateUser.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateUser.html) **
- **描述:** 授予权限以更新指定 IAM 用户的名称或路径
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html) **
- **描述:** 授予上传 CloudFront 公钥的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadSSHPublicKey.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadSSHPublicKey.html) **
- **描述:** 授予权限以上传 SSH 公有密钥,并将其与指定的 IAM 用户相关联
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadServerCertificate.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadServerCertificate.html) **
- **描述:** 授予上传服务器证书实体的权限 AWS 账户
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-server-certificate](#awsidentityandaccessmanagementiam-server-certificate) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awsidentityandaccessmanagementiam-aws_TagKeys](#awsidentityandaccessmanagementiam-aws_TagKeys)
[#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_](#awsidentityandaccessmanagementiam-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadSigningCertificate.html](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadSigningCertificate.html) **
- **描述:** 授予上传 X.509 签名证书并将其与指定的 IAM 用户关联的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awsidentityandaccessmanagementiam-user](#awsidentityandaccessmanagementiam-user)
- **条件键:**
- **相关操作:**
## 由 AWS 身份与访问管理 (IAM) Access Management 定义的资源类型
以下资源类型是由该服务定义的,可以在 IAM 权限策略语句的 `Resource` 元素中使用这些资源类型。[操作表](#awsidentityandaccessmanagementiam-actions-as-permissions)中的每个操作指定了可以使用该操作指定的资源类型。您也可以在策略中包含条件键,从而定义资源类型。这些键显示在资源类型表的最后一列。有关下表中各列的详细信息,请参阅[资源类型表](reference_policies_actions-resources-contextkeys.html#resources_table)。
****
| 资源类型 | ARN | 条件键 |
| --- | --- | --- |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor-view-data-orgs.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor-view-data-orgs.html) | arn:${Partition}:iam::${Account}:access-report/${EntityPath} | |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) | arn:${Partition}:iam::${Account}:assumed-role/${RoleName}/${RoleSessionName} | |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) | arn:${Partition}:iam::${Account}:federated-user/${UserName} | |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) | arn:${Partition}:iam::${Account}:group/${GroupNameWithPath} | |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) | arn:${Partition}:iam::${Account}:instance-profile/${InstanceProfileNameWithPath} | [#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_](#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html) | arn:${Partition}:iam::${Account}:mfa/${MfaTokenIdWithPath} | [#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_](#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html) | arn:${Partition}:iam::${Account}:oidc-provider/${OidcProviderName} | [#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_](#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) | arn:${Partition}:iam::${Account}:policy/${PolicyNameWithPath} | [#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_](#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) | arn:${Partition}:iam::${Account}:role/${RoleNameWithPath} | [#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_](#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_)
[#awsidentityandaccessmanagementiam-iam_ResourceTag___TagKey_](#awsidentityandaccessmanagementiam-iam_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) | arn:${Partition}:iam::${Account}:saml-provider/${SamlProviderName} | [#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_](#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) | arn:${Partition}:iam::${Account}:server-certificate/${CertificateNameWithPath} | [#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_](#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html) | arn:${Partition}:iam::${Account}:sms-mfa/${MfaTokenIdWithPath} | |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html) | arn:${Partition}:iam::${Account}:user/${UserNameWithPath} | [#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_](#awsidentityandaccessmanagementiam-aws_ResourceTag___TagKey_)
[#awsidentityandaccessmanagementiam-iam_ResourceTag___TagKey_](#awsidentityandaccessmanagementiam-iam_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-temporary-delegation.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-temporary-delegation.html) | arn:${Partition}:iam::${Account}:delegation-request/${DelegationRequestId} | [#awsidentityandaccessmanagementiam-iam_DelegationRequestOwner](#awsidentityandaccessmanagementiam-iam_DelegationRequestOwner) |
## AWS 身份和访问管理 (IAM) 的条件密钥 Access Management
AWS 身份和访问管理 (IAM) 定义了以下条件密钥,这些条件密钥可用于 IAM 策略`Condition`的元素。您可以使用这些键进一步细化应用策略语句的条件。有关下表中各列的详细信息,请参阅[条件键表](reference_policies_actions-resources-contextkeys.html#context_keys_table)。
要查看适用于所有服务的全局条件键,请参阅 [AWS 全局条件上下文键](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html)。
****
| 条件键 | 描述 | 类型 |
| --- | --- | --- |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag) | 根据在请求中传递的标签筛选访问 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag) | 根据与资源关联的标签筛选访问 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys) | 根据在请求中传递的标签键筛选访问 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_AWSServiceName](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_AWSServiceName) | 筛选该角色所属 AWS 服务的访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_AssociatedResourceArn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_AssociatedResourceArn) | 按将代表使用的角色的资源筛选访问权限 | 进行筛选 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_DelegationDuration](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_DelegationDuration) | 根据请求的委托持续时间筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_DelegationRequestOwner](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_DelegationRequestOwner) | 根据委托请求所有者筛选访问权限 | 进行筛选 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_FIDO-FIPS-140-2-certification](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_FIDO-FIPS-140-2-certification) | 在注册 FIDO 安全密钥时,按 MFA 设备 FIPS-140-2 验证认证级别筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_FIDO-FIPS-140-3-certification](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_FIDO-FIPS-140-3-certification) | 在注册 FIDO 安全密钥时,按 MFA 设备 FIPS-140-3 验证认证级别筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_FIDO-certification](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_FIDO-certification) | 按注册 FIDO 安全密钥时的 MFA 设备 FIDO 认证级别筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_NotificationChannel](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_NotificationChannel) | 根据请求的通知渠道筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_OrganizationsPolicyId](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_OrganizationsPolicyId) | 按 Organizations 策略的 AWS ID 筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_PassedToService](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_PassedToService) | 筛选传递此角色的 AWS 服务的访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_PermissionsBoundary](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_PermissionsBoundary) | 根据指定策略设置是否为 IAM 实体(用户或角色)上的权限边界以筛选访问 | 进行筛选 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_PolicyARN](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_PolicyARN) | 按 IAM policy 的 ARN 筛选访问 | 进行筛选 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_RegisterSecurityKey](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_RegisterSecurityKey) | 按当前 MFA 设备启用状态筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_ResourceTag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_ResourceTag) | 按附加到 IAM 实体(用户或角色)的标签筛选访问 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_ServiceSpecificCredentialAgeDays](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_ServiceSpecificCredentialAgeDays) | 按凭证到期前的持续时间筛选访问权限 | 数值 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_ServiceSpecificCredentialServiceName](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_ServiceSpecificCredentialServiceName) | 按与凭证关联的服务筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_TemplateArn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_TemplateArn) | 根据请求的模板 ARN 筛选访问权限 | 进行筛选 |