本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# AWSCompromisedKeyQuarantineV2
**描述**:拒絕存取特定動作,如果 IAM 使用者的登入資料遭到洩漏或公開,則由 AWS 團隊套用。請勿移除此政策。相反地,請遵循為您建立的有關此事件的支援案例中指定的說明。
`AWSCompromisedKeyQuarantineV2` 是 [AWS 受管政策](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies)。
## 使用此政策
您可以將 `AWSCompromisedKeyQuarantineV2` 連接至使用者、群組與角色。
## 政策詳細資訊
+ **類型**: AWS 受管政策
+ **建立時間**:2021 年 4 月 21 日,UTC 22:30
+ **編輯時間:**2024 年 10 月 2 日 16:41 UTC
+ **ARN**: `arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantineV2`
## 政策版本
**政策版本:** v5 (預設)
政策的預設版本是定義政策許可的版本。當具有 政策的使用者或角色提出存取 AWS 資源的請求時, 會 AWS 檢查政策的預設版本,以決定是否允許請求。
## JSON 政策文件
```
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Deny",
"Action" : [
"cloudtrail:LookupEvents",
"ec2:RequestSpotInstances",
"ec2:RunInstances",
"ec2:StartInstances",
"iam:AddUserToGroup",
"iam:AttachGroupPolicy",
"iam:AttachRolePolicy",
"iam:AttachUserPolicy",
"iam:ChangePassword",
"iam:CreateAccessKey",
"iam:CreateInstanceProfile",
"iam:CreateLoginProfile",
"iam:CreatePolicyVersion",
"iam:CreateRole",
"iam:CreateUser",
"iam:DetachUserPolicy",
"iam:PassRole",
"iam:PutGroupPolicy",
"iam:PutRolePolicy",
"iam:PutUserPermissionsBoundary",
"iam:PutUserPolicy",
"iam:SetDefaultPolicyVersion",
"iam:UpdateAccessKey",
"iam:UpdateAccountPasswordPolicy",
"iam:UpdateAssumeRolePolicy",
"iam:UpdateLoginProfile",
"iam:UpdateUser",
"lambda:AddLayerVersionPermission",
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:GetPolicy",
"lambda:ListTags",
"lambda:PutProvisionedConcurrencyConfig",
"lambda:TagResource",
"lambda:UntagResource",
"lambda:UpdateFunctionCode",
"lightsail:Create*",
"lightsail:Delete*",
"lightsail:DownloadDefaultKeyPair",
"lightsail:GetInstanceAccessDetails",
"lightsail:Start*",
"lightsail:Update*",
"organizations:CreateAccount",
"organizations:CreateOrganization",
"organizations:InviteAccountToOrganization",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutLifecycleConfiguration",
"s3:PutBucketAcl",
"s3:PutBucketOwnershipControls",
"s3:DeleteBucketPolicy",
"s3:ObjectOwnerOverrideToBucketOwner",
"s3:PutAccountPublicAccessBlock",
"s3:PutBucketPolicy",
"s3:ListAllMyBuckets",
"ec2:PurchaseReservedInstancesOffering",
"ec2:AcceptReservedInstancesExchangeQuote",
"ec2:CreateReservedInstancesListing",
"savingsplans:CreateSavingsPlan",
"ecs:CreateService",
"ecs:CreateCluster",
"ecs:RegisterTaskDefinition",
"ecr:GetAuthorizationToken",
"bedrock:CreateModelInvocationJob",
"bedrock:InvokeModelWithResponseStream",
"bedrock:CreateFoundationModelAgreement",
"bedrock:PutFoundationModelEntitlement",
"bedrock:InvokeModel",
"s3:CreateBucket",
"s3:PutBucketCors",
"s3:GetObject",
"s3:ListBucket",
"sagemaker:CreateEndpointConfig",
"sagemaker:CreateProcessingJob",
"ses:GetSendQuota",
"ses:ListIdentities",
"sts:GetSessionToken",
"sts:GetFederationToken",
"amplify:CreateDeployment",
"amplify:CreateBackendEnvironment",
"codebuild:CreateProject",
"glue:CreateJob",
"iam:DeleteRole",
"iam:DeleteAccessKey",
"iam:ListUsers",
"lambda:GetEventSourceMapping",
"sns:GetSMSAttributes",
"mediapackagev2:CreateChannel"
],
"Resource" : [
"*"
]
}
]
}
```
## 進一步了解
+ [在 IAM Identity Center 中使用 AWS 受管政策建立許可集](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtocreatepermissionset.html)
+ [新增和移除 IAM 身分許可](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html)
+ [了解 IAM 政策的版本控制](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies_managed-versioning.html)
+ [開始使用 AWS 受管政策,並邁向最低權限許可](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html#bp-use-aws-defined-policies)