亚马逊 VPC 莱迪思 API 权限 - Amazon VPC Lattice
API 所需的权限

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

亚马逊 VPC 莱迪思 API 权限

您必须授予 IAM 身份(如用户或角色)调用所需 VPC Lattice API 操作的权限,如 VPC Lattice 的策略操作 中所述。此外,对于某些 VPC Lattice 操作,您必须授予 IAM 身份从其他 AWS APIs身份调用特定操作的权限。

API 所需的权限

从 API 调用以下操作时,必须授予 IAM 用户调用指定操作的权限。

CreateResourceConfiguration

  • vpc-lattice:CreateResourceConfiguration

  • ec2:DescribeSubnets

  • rds:DescribeDBInstances

  • rds:DescribeDBClusters

CreateResourceGateway

  • vpc-lattice:CreateResourceGateway

  • ec2:AssignPrivateIpAddresses

  • ec2:AssignIpv6Addresses

  • ec2:CreateNetworkInterface

  • ec2:CreateNetworkInterfacePermission

  • ec2:DeleteNetworkInterface

  • ec2:DescribeNetworkInterfaces

  • ec2:DescribeSecurityGroups

  • ec2:DescribeSubnets

DeleteResourceGateway

  • vpc-lattice:DeleteResourceGateway

  • ec2:DeleteNetworkInterface

UpdateResourceGateway

  • vpc-lattice:UpdateResourceGateway

  • ec2:AssignPrivateIpAddresses

  • ec2:AssignIpv6Addresses

  • ec2:UnassignPrivateIpAddresses

  • ec2:CreateNetworkInterface

  • ec2:CreateNetworkInterfacePermission

  • ec2:DeleteNetworkInterface

  • ec2:DescribeNetworkInterfaces

  • ec2:DescribeSecurityGroups

  • ec2:DescribeSubnets

  • ec2:ModifyNetworkInterfaceAttribute

CreateServiceNetworkResourceAssociation

  • vpc-lattice:CreateServiceNetworkResourceAssociation

  • ec2:AssignIpv6Addresses

  • ec2:CreateNetworkInterface

  • ec2:CreateNetworkInterfacePermission

  • ec2:DescribeNetworkInterfaces

CreateServiceNetworkVpcAssociation

  • vpc-lattice:CreateServiceNetworkVpcAssociation

  • ec2:DescribeVpcs

  • ec2:DescribeSecurityGroups(仅在提供安全组时才需要)

UpdateServiceNetworkVpcAssociation

  • vpc-lattice:UpdateServiceNetworkVpcAssociation

  • ec2:DescribeSecurityGroups(仅在提供安全组时才需要)

CreateTargetGroup

  • vpc-lattice:CreateTargetGroup

  • ec2:DescribeVpcs

RegisterTargets

  • vpc-lattice:RegisterTargets

  • ec2:DescribeInstances(仅当目标组类型为 INSTANCE 时才需要)

  • ec2:DescribeVpcs(仅当目标组类型为 INSTANCEIP 时才需要)

  • ec2:DescribeSubnets(仅当目标组类型为 INSTANCEIP 时才需要)

  • lambda:GetFunction(仅当目标组类型为 LAMBDA 时才需要)

  • lambda:AddPermission(仅当目标组还没有调用指定 Lambda 函数的权限时才需要)

DeregisterTargets

  • vpc-lattice:DeregisterTargets

CreateAccessLogSubscription

  • vpc-lattice:CreateAccessLogSubscription

  • logs:GetLogDelivery

  • logs:CreateLogDelivery

DeleteAccessLogSubscription

  • vpc-lattice:DeleteAccessLogSubscription

  • logs:DeleteLogDelivery

UpdateAccessLogSubscription

  • vpc-lattice:UpdateAccessLogSubscription

  • logs:UpdateLogDelivery