本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
S3 Vectors 身分型政策範例
IAM 身分型政策,是您連接到 IAM 使用者、群組或角色的 JSON 文件,可用於定義可以在 S3 Vectors 資源上執行的動作。這些政策會在提出請求的身分內容中進行評估,並提供集中方式來管理整個 AWS 環境的許可。身分型政策提供清楚的稽核軌跡,說明誰擁有哪些許可權,而且可以隨著您的存取要求演變而輕鬆修改。
為 S3 Vectors 設計身分型政策時,請考慮將與您的向量資料互動的不同類型的使用者和應用程式。常見模式包括需要查詢向量的資料科學家、需要載入和管理向量資料的資料工程師、需要完全控制儲存貯體組態的管理員,以及需要特定讀取或寫入權限以存取特定向量索引的應用程式。
政策範例
管理存取政策
此政策提供 S3 Vectors 資源的完整管理存取權,適用於平台管理員或 DevOps 團隊:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowAdministrativeAccess", "Effect": "Allow", "Action": [ "s3vectors:CreateVectorBucket", "s3vectors:PutVectorBucketPolicy", "s3vectors:DeleteVectorBucket", "s3vectors:DeleteVectorBucketPolicy", "s3vectors:GetVectorBucket", "s3vectors:GetVectorBucketPolicy", "s3vectors:ListVectorBuckets", "s3vectors:CreateIndex", "s3vectors:DeleteIndex", "s3vectors:GetIndex", "s3vectors:ListIndexes", "s3vectors:DeleteVectors", "s3vectors:GetVectors", "s3vectors:ListVectors", "s3vectors:PutVectors", "s3vectors:QueryVectors" ], "Resource": "*" } ] }
特定應用程式存取政策
此政策專為需要對指定向量索引執行特定操作的應用程式而設計:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowApplicationVectorAccess", "Effect": "Allow", "Action": [ "s3vectors:QueryVectors", "s3vectors:GetVectors", "s3vectors:PutVectors", "s3vectors:ListVectors" ], "Resource": [ "arn:aws:s3vectors::aws-region123456789012:bucket/amzn-s3-demo-vector-bucket/index/product-recommendations", "arn:aws:s3vectors::aws-region123456789012:bucket/amzn-s3-demo-vector-bucket/index/content-similarity" ] }, { "Sid": "AllowGetIndex", "Effect": "Allow", "Action": "s3vectors:GetIndex", "Resource": "arn:aws:s3vectors::aws-region123456789012:bucket/amzn-s3-demo-vector-bucket/index/*" }, { "Sid": "AllowIndexInspection", "Effect": "Allow", "Action": "s3vectors:ListIndexes", "Resource": "arn:aws:s3vectors::aws-region123456789012:bucket/amzn-s3-demo-vector-bucket" } ] }
