AmazonDataZoneRedshiftAccess-<region>-<domainId> - Amazon DataZone

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

AmazonDataZoneRedshiftAccess-<region>-<domainId>

AmazonDataZoneRedshiftAccess-<region>-<domainId> 角色已AmazonDataZoneRedshiftManageAccessRolePolicy連接 。此角色授予 Amazon DataZone 將 Amazon Redshift 資料發佈至目錄的許可。它還授予 Amazon DataZone 許可,以授予對 目錄中 Amazon Redshift 或 Amazon Redshift Serverless 發佈資產的存取權或撤銷存取權。

預設AmazonDataZoneRedshiftAccess-<region>-<domainId>角色已連接下列內嵌許可政策:

JSON


{
   "Version":"2012-10-17"		 	 	 ,
   "Statement":[
      {
         "Sid": "RedshiftSecretStatement",
         "Effect":"Allow",
         "Action":"secretsmanager:GetSecretValue",
         "Resource":"*",
         "Condition":{
            "StringEquals":{
               "secretsmanager:ResourceTag/AmazonDataZoneDomain":"{{domainId}}"
            }
         }
      }
   ]
}

預設值AmazonDataZoneRedshiftManageAccessRole<timestamp>已連接下列信任政策:

JSON

{
  "Version": "2012-10-17"		 	 	 ,
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "datazone.amazonaws.com"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
            "StringEquals": {
            "aws:SourceAccount": "111122223333"
            },
            "ArnEquals": {
            "aws:SourceArn": "arn:aws:datazone:us-east-1:111122223333:domain/dzd-12345"
            }
        }
    }
  ]
}