本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # 將 Amazon S3 VPC 端點用於 WorkSpaces 應用程式功能 當您在堆疊上啟用應用程式設定持續性或主資料夾時,WorkSpaces 應用程式會使用您為機群指定的 VPC 來提供對 Amazon Simple Storage Service (Amazon S3) 儲存貯體的存取。對於彈性機群,WorkSpaces 應用程式將使用 VPC 存取 Amazon S3 儲存貯體,其中包含指派給機群應用程式區塊的應用程式。若要啟用 WorkSpaces 應用程式存取私有 S3 端點,請將下列自訂政策連接至 Amazon S3 的 VPC 端點。如需有關私有 Amazon S3 端點的詳細資訊,請參閱《Amazon VPC 使用者指南》**中的 [VPC 端點](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html)和 [Amazon S3 的端點](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html)。 ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "Allow-AppStream-to-access-S3-buckets", "Effect": "Allow", "Principal": { "AWS": "arn:aws:sts::111122223333:assumed-role/AmazonAppStreamServiceAccess/AppStream2.0" }, "Action": [ "s3:ListBucket", "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:GetObjectVersion", "s3:DeleteObjectVersion" ], "Resource": [ "arn:aws:s3:::appstream2-36fb080bb8-*", "arn:aws:s3:::appstream-app-settings-*", "arn:aws:s3:::appstream-logs-*" ] }, { "Sid": "Allow-AppStream-ElasticFleetstoRetrieveObjects", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::bucket-with-application-or-app-block-objects/*", "Condition": { "StringEquals": { "aws:PrincipalServiceName": "appstream.amazonaws.com" } } } ] } ``` ------