本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # AWS Data Exchange API 許可:動作和資源參考 當您設定[存取控制](access-control.md)和撰寫可連接到 AWS Identity and Access Management (IAM) 身分 (身分型政策) 的許可政策時,請使用下表做為參考。下表列出每個 AWS Data Exchange API 操作、您可以授予執行動作許可的動作,以及您可以授予許可 AWS 的資源。您可以在政策的 `Action` 欄位中指定動作。您在政策的 `Resource` 欄位中指定資源值。 **注意** 若要指定動作,請使用後接 API 操作名稱的 `dataexchange:` 字首 (例如,`dataexchange:CreateDataSet`)。 **AWS Data Exchange 動作的 API 和必要許可** | AWS Data Exchange API 操作 | 所需許可 (API 動作) | Resources | 條件 | | --- | --- | --- | --- | | CreateDataSet | dataexchange:CreateDataSet | N/A | `aws:TagKeys` `aws:RequestTag` | | GetDataSet | dataexchange:GetDataSet | 資料集 | aws:RequestTag | | UpdateDataSet | dataexchange:UpdateDataSet | 資料集 | aws:RequestTag | | PublishDataSet | dataexchange:PublishDataSet | 資料集 | aws:RequestTag | | DeleteDataSet | dataexchange:DeleteDataSet | 資料集 | aws:RequestTag | | ListDataSets | dataexchange:ListDataSets | N/A | N/A | | CreateRevision | dataexchange:CreateRevision | 資料集 | `aws:TagKeys` `aws:RequestTag` | | GetRevision | dataexchange:GetRevision | 修訂 | aws:RequestTag | | DeleteRevision | dataexchange:DeleteRevision | 修訂 | aws:RequestTag | | ListDataSetRevisions | dataexchange:ListDataSetRevisions | 資料集 | aws:RequestTag | | ListRevisionAssets | dataexchange:ListRevisionAssets | 修訂 | aws:RequestTag | | CreateEventAction | dataexchange:CreateEventAction | N/A | N/A | | UpdateEventAction | dataexchange:UpdateEventAction | EventAction | N/A | | GetEventAction | dataexchange:GetEventAction | EventAction | N/A | | ListEventActions | dataexchange:ListEventActions | N/A | N/A | | DeleteEventAction | dataexchange:DeleteEventAction | EventAction | N/A | | CreateJob | dataexchange:CreateJob | N/A | dataexchange:JobType | | GetJob | dataexchange:GetJob | 任務 | dataexchange:JobType | | StartJob\$1\$1 | dataexchange:StartJob | 任務 | dataexchange:JobType | | CancelJob | dataexchange:CancelJob | 任務 | dataexchange:JobType | | ListJobs | dataexchange:ListJobs | N/A | N/A | | ListTagsForResource | dataexchange:ListTagsForResource | 修訂 | aws:RequestTag | | TagResource | dataexchange:TagResource | 修訂 | `aws:TagKeys` `aws:RequestTag` | | UnTagResource | dataexchange:UnTagResource | 修訂 | `aws:TagKeys` `aws:RequestTag` | | UpdateRevision | dataexchange:UpdateRevision | 修訂 | aws:RequestTag | | DeleteAsset | dataexchange:DeleteAsset | 資產 | N/A | | GetAsset | dataexchange:GetAsset | 資產 | N/A | | UpdateAsset | dataexchange:UpdateAsset | 資產 | N/A | | SendApiAsset | dataexchange:SendApiAsset | 資產 | N/A | **\$1\$1** 視您啟動的任務類型而定,可能需要其他 IAM 許可。如需任務類型和相關聯的其他 IAM 許可, AWS Data Exchange 請參閱下表。如需任務的詳細資訊,請參閱[中的任務 AWS Data Exchange](jobs.md)。 **注意** 目前,下列 SDKs 不支援 `SendApiAsset`操作: 適用於 .NET 的 SDK 適用於 C\$1\$1 的 AWS SDK 適用於 Java 2.x 的 SDK **AWS Data Exchange 的任務類型許可 `StartJob`** | 任務類型 | 所需的其他 IAM 許可 | | --- | --- | | IMPORT\$1ASSETS\$1FROM\$1S3 | dataexchange:CreateAsset | | IMPORT\$1ASSET\$1FROM\$1SIGNED\$1URL | dataexchange:CreateAsset | | IMPORT\$1ASSETS\$1FROM\$1API\$1GATEWAY\$1API | dataexchange:CreateAsset | | IMPORT\$1ASSETS\$1FROM\$1REDSHIFT\$1DATA\$1SHARES | dataexchange:CreateAsset, redshift:AuthorizeDataShare | | EXPORT\$1ASSETS\$1TO\$1S3 | dataexchange:GetAsset | | EXPORT\$1ASSETS\$1TO\$1SIGNED\$1URL | dataexchange:GetAsset | | EXPORT\$1REVISIONS\$1TO\$1S3 | dataexchange:GetRevision dataexchange:GetDataSet `dataexchange:GetDataSet` 只有在您使用 `DataSet.Name`做為`EXPORT_REVISIONS_TO_S3`任務類型的動態參考時,才需要 IAM 許可。 | 您可以透過使用萬用字元,將資料集動作範圍限定為修訂或資產層級,如下列範例所示。 ``` arn:aws:dataexchange:us-east-1:123456789012:data-sets/99EXAMPLE23c7c272897cf1EXAMPLE7a/revisions/*/assets/* ``` 有些 AWS Data Exchange 動作只能在 AWS Data Exchange 主控台上執行。這些動作已與 AWS Marketplace 功能整合。動作需要下表所示的 AWS Marketplace 許可。 **AWS Data Exchange 訂閱者的僅限主控台動作** | 主控台動作 | IAM 許可 | | --- | --- | | 訂閱產品 | `aws-marketplace:Subscribe` `aws-marketplace:CreateAgreementRequest` `aws-marketplace:AcceptAgreementRequest` | | 傳送訂閱驗證請求 | `aws-marketplace:Subscribe` `aws-marketplace:CreateAgreementRequest` `aws-marketplace:AcceptAgreementRequest` | | 啟用訂閱自動續約 | `aws-marketplace:Subscribe` `aws-marketplace:CreateAgreementRequest` `aws-marketplace:AcceptAgreementRequest` | | 檢視訂閱的自動續約狀態 | `aws-marketplace:ListEntitlementDetails` `aws-marketplace:ViewSubscriptions` `aws-marketplace:GetAgreementTerms` | | 停用訂閱自動續約 | `aws-marketplace:Subscribe` `aws-marketplace:CreateAgreementRequest` `aws-marketplace:AcceptAgreementRequest` | | 列出作用中訂閱 | `aws-marketplace:ViewSubscriptions` `aws-marketplace:SearchAgreements` `aws-marketplace:GetAgreementTerms` | | 檢視訂閱 | `aws-marketplace:ViewSubscriptions` `aws-marketplace:SearchAgreements` `aws-marketplace:GetAgreementTerms` `aws-marketplace:DescribeAgreement` | | 列出訂閱驗證請求 | `aws-marketplace:ListAgreementRequests` | | 檢視訂閱驗證請求 | `aws-marketplace:GetAgreementRequest` | | 取消訂閱驗證請求 | `aws-marketplace:CancelAgreementRequest` | | 檢視所有以帳戶為目標的優惠 | `aws-marketplace:ListPrivateListings` | | 檢視特定優惠的詳細資訊 | `aws-marketplace:GetPrivateListing` | **AWS Data Exchange 供應商的主控台限定動作** | 主控台動作 | IAM 許可 | | --- | --- | | 標記產品 | `aws-marketplace:TagResource` `aws-marketplace:UntagResource` `aws-marketplace:ListTagsForResource` | | 標籤優惠 | `aws-marketplace:TagResource` `aws-marketplace:UntagResource` `aws-marketplace:ListTagsForResource` | | 發佈產品 | `aws-marketplace:StartChangeSet` `aws-marketplace:DescribeChangeSet` `dataexchange:PublishDataSet` | | 取消發佈產品 | `aws-marketplace:StartChangeSet` `aws-marketplace:DescribeChangeSet` | | 編輯產品 | `aws-marketplace:StartChangeSet` `aws-marketplace:DescribeChangeSet` | | 建立自訂優惠 | `aws-marketplace:StartChangeSet` `aws-marketplace:DescribeChangeSet` | | 編輯自訂優惠 | `aws-marketplace:StartChangeSet` `aws-marketplace:DescribeChangeSet` | | 檢視產品詳細資訊 | `aws-marketplace:DescribeEntity` `aws-marketplace:ListEntities` | | 檢視產品的自訂優惠 | aws-marketplace:DescribeEntity | | 檢視產品儀表板 | `aws-marketplace:ListEntities` `aws-marketplace:DescribeEntity` | | 列出已發佈資料集或修訂的產品 | `aws-marketplace:ListEntities` `aws-marketplace:DescribeEntity` | | 列出訂閱驗證請求 | `aws-marketplace:ListAgreementApprovalRequests` `aws-marketplace:GetAgreementApprovalRequest` | | 核准訂閱驗證請求 | `aws-marketplace:AcceptAgreementApprovalRequest` | | 拒絕訂閱驗證請求 | `aws-marketplace:RejectAgreementApprovalRequest` | | 從訂閱驗證請求刪除資訊 | `aws-marketplace:UpdateAgreementApprovalRequest` | | 檢視訂閱詳細資訊 | `aws-marketplace:SearchAgreements` `aws-marketplace:GetAgreementTerms` |