本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 政策摘要的範例
以下範例包括將 JSON 政策加入關聯的[政策摘要](access_policies_understand-policy-summary.md)、[服務摘要](access_policies_understand-service-summary.md)、以及[動作摘要](access_policies_understand-action-summary.md),以協助您了解透過政策提供的許可。
## 政策 1:DenyCustomerBucket
此政策示範對相同服務的允許和拒絕。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "FullAccess",
"Effect": "Allow",
"Action": ["s3:*"],
"Resource": ["*"]
},
{
"Sid": "DenyCustomerBucket",
"Action": ["s3:*"],
"Effect": "Deny",
"Resource": ["arn:aws:s3:::customer", "arn:aws:s3:::customer/*" ]
}
]
}
```
------
***DenyCustomerBucket** 政策摘要:*
![\[政策摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-example1-dialog.png)
***DenyCustomerBucket S3 (明確拒絕)** 服務摘要:*
![\[服務摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-action-example1-dialog.png)
***GetObject (讀取)** 動作摘要:*
![\[動作摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-resource-example1-dialog.png)
## 政策 2:DynamoDbRowCognitoID
此政策根據使用者的 Amazon Cognito ID 提供對 Amazon DynamoDB 的低層級存取權限。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem"
],
"Resource": [
"arn:aws:dynamodb:us-west-1:123456789012:table/myDynamoTable"
],
"Condition": {
"ForAllValues:StringEquals": {
"dynamodb:LeadingKeys": [
"${cognito-identity.amazonaws.com:sub}"
]
}
}
}
]
}
```
------
***DynamoDbRowCognitoID** 政策摘要:*
![\[政策摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-example2-dialog.png)
***DynamoDbRowCognitoID DynamoDB (允許)** 服務摘要:*
![\[服務摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-action-example2-dialog.png)
***GetItem (清單)** 動作摘要:*
![\[動作摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-resource-example2-dialog.png)
## 政策 3:MultipleResourceCondition
此政策包含多個資源和條件。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": ["arn:aws:s3:::Apple_bucket/*"],
"Condition": {"StringEquals": {"s3:x-amz-acl": ["public-read"]}}
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": ["arn:aws:s3:::Orange_bucket/*"],
"Condition": {"StringEquals": {
"s3:x-amz-acl": ["custom"],
"s3:x-amz-grant-full-control": ["1234"]
}}
}
]
}
```
------
***MultipleResourceCondition** 政策摘要:*
![\[政策摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-example3-dialog.png)
***MultipleResourceCondition S3 (允許)** 服務摘要:*
![\[服務摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-action-example3-dialog.png)
***PutObject (寫入)** 動作摘要:*
![\[動作摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-resource-example3-dialog.png)
## 政策 4:EC2\$1troubleshoot
以下政策可讓使用者取得執行中的 Amazon EC2 執行個體螢幕截圖,可協助執行 EC2 故障排除。此政策也允許檢視 Amazon S3 開發人員儲存貯體中項目的相關資訊。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:GetConsoleScreenshot"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::developer"
]
}
]
}
```
------
***EC2\$1Troubleshoot** 政策摘要:*
![\[政策摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-example4-dialog.png)
***EC2\$1Troubleshoot S3 (允許)** 服務摘要:*
![\[服務摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-action-example4-dialog.png)
***ListBucket (清單)** 動作摘要:*
![\[動作摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-resource-example4-dialog.png)
## 政策 5:CodeBuild\$1CodeCommit\$1CodeDeploy
此政策提供對特定 CodeBuild、CodeCommit 以及 CodeDeploy 的存取。由於這些資源對於每個服務來說都是專有的,因此只會在對應服務中顯示。如果您在 `Action` 元素中加入不符合任何服務的資源,那麼資源會顯示在所有動作摘要中。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "Stmt1487980617000",
"Effect": "Allow",
"Action": [
"codebuild:*",
"codecommit:*",
"codedeploy:*"
],
"Resource": [
"arn:aws:codebuild:us-east-2:123456789012:project/my-demo-project",
"arn:aws:codecommit:us-east-2:123456789012:MyDemoRepo",
"arn:aws:codedeploy:us-east-2:123456789012:application:WordPress_App",
"arn:aws:codedeploy:us-east-2:123456789012:instance/AssetTag*"
]
}
]
}
```
------
***CodeBuild\$1CodeCommit\$1CodeDeploy** 政策摘要:*
![\[政策摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-example6-dialog.png)
***CodeBuild\$1CodeCommit\$1CodeDeploy CodeBuild (允許)** 服務摘要:*
![\[服務摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-action-example6-dialog.png)
***CodeBuild\$1CodeCommit\$1CodeDeploy StartBuild (寫入)** 動作摘要:*
![\[動作摘要對話方塊圖片\]](http://docs.aws.amazon.com/zh_tw/IAM/latest/UserGuide/images/policies-summary-resource-example6-dialog.png)