本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # Amazon Chime SDK 訊息的範例 IAM 角色 若要讓使用者存取 Amazon Chime SDK 訊息功能,您必須定義 IAM 角色和政策,以便在使用者登入時提供登入資料。IAM 政策定義使用者可以存取的資源。 本節中的範例提供基本政策,您可以根據需求進行調整。如需政策運作方式的詳細資訊,請參閱 [從 Amazon Chime SDK 訊息的後端服務進行 SDK 呼叫](call-from-backend.md)。 此範例顯示開發人員使用 Amazon Chime SDK 訊息建置應用程式的政策。 ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "chime:CreateAppInstance", "chime:DescribeAppInstance", "chime:ListAppInstances", "chime:UpdateAppInstance", "chime:DeleteAppInstance", "chime:CreateAppInstanceUser", "chime:DeleteAppInstanceUser", "chime:ListAppInstanceUsers", "chime:UpdateAppInstanceUser", "chime:DescribeAppInstanceUser", "chime:CreateAppInstanceAdmin", "chime:DescribeAppInstanceAdmin", "chime:ListAppInstanceAdmins", "chime:DeleteAppInstanceAdmin", "chime:PutAppInstanceRetentionSettings", "chime:GetAppInstanceRetentionSettings", "chime:PutAppInstanceStreamingConfigurations", "chime:GetAppInstanceStreamingConfigurations", "chime:DeleteAppInstanceStreamingConfigurations", "chime:TagResource", "chime:UntagResource", "chime:ListTagsForResource", "chime:CreateChannelFlow", "chime:UpdateChannelFlow", "chime:DescribeChannelFlow", "chime:DeleteChannelFlow", "chime:ListChannelFlows", "chime:ListChannelsAssociatedWithChannelFlow", "chime:ChannelFlowCallback" ], "Effect": "Allow", "Resource": "*" } ] } ``` ------ 此範例顯示允許使用者存取 Amazon Chime SDK 使用者動作的政策。 ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": "chime:GetMessagingSessionEndpoint", "Effect": "Allow", "Resource": "*" }, { "Action": [ "chime:CreateChannel", "chime:DescribeChannel", "chime:DeleteChannel", "chime:UpdateChannel", "chime:ListChannels", "chime:Listsubchannels", "chime:ListChannelMembershipsForAppInstanceUser", "chime:DescribeChannelMembershipForAppInstanceUser", "chime:ListChannelsModeratedByAppInstanceUser", "chime:DescribeChannelModeratedByAppInstanceUser", "chime:UpdateChannelReadMarker", "chime:CreateChannelModerator", "chime:DescribeChannelModerator", "chime:ListChannelModerators", "chime:DeleteChannelModerator", "chime:SendChannelMessage", "chime:GetChannelMessage", "chime:DeleteChannelMessage", "chime:UpdateChannelMessage", "chime:RedactChannelMessage", "chime:ListChannelMessages", "chime:CreateChannelMembership", "chime:DescribeChannelMembership", "chime:DeleteChannelMembership", "chime:ListChannelMemberships", "chime:CreateChannelBan", "chime:DeleteChannelBan", "chime:ListChannelBans", "chime:DescribeChannelBan", "chime:Connect", "chime:AssociateChannelFlow", "chime:DisassociateChannelFlow", "chime:GetChannelMessageStatus" ], "Effect": "Allow", "Resource": [ "arn:aws:chime:{{us-east-1}}:{{123456789012}}:app-instance/{{app_instance_id}}/user/{{app_instance_user_id}}", "arn:aws:chime:{{us-east-1}}:{{123456789012}}:app-instance/{{app_instance_id}}/channel/*" ] } ] } ``` ------ 此範例顯示的政策可讓使用者對 Amazon Chime SDK 使用者動作的存取權降到最低。 ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": "chime:GetMessagingSessionEndpoint", "Effect": "Allow", "Resource": "*" }, { "Action": [ "chime:ListChannels", "chime:DescribeChannel", "chime:ListChannelMembershipsForAppInstanceUser", "chime:DescribeChannelMembershipForAppInstanceUser", "chime:ListChannelsModeratedByAppInstanceUser", "chime:DescribeChannelModeratedByAppInstanceUser", "chime:SendChannelMessage", "chime:GetChannelMessage", "chime:ListChannelMessages", "chime:Connect" ], "Effect": "Allow", "Resource": [ "arn:aws:chime:{{us-east-1}}:{{123456789012}}:app-instance/{{app_instance_id}}/user/{{app_instance_user_id}}", "arn:aws:chime:{{us-east-1}}:{{123456789012}}:app-instance/{{app_instance_id}}/channel/*" ] } ] } ``` ------ 此範例顯示為 建立 WebSocket 連線的政策`AppInstanceUser`。如需 WebSocket 連線的詳細資訊,請參閱 [使用 WebSockets Amazon Chime SDK 訊息中接收訊息](websockets.md)。 ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "chime:Connect" ], "Resource": [ "arn:aws:chime:{{us-east-1}}:{{123456789012}}:app-instance/{{app_instance_id}}/user/{{app_instance_user_id}}" ] } ] } ``` ------