本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
的資源型政策範例 AWS Systems Manager Incident Manager
AWS Systems Manager Incident Manager 支援 Incident Manager 回應計劃和聯絡人的資源型許可政策。
Incident Manager 不支援拒絕存取使用 共用資源的資源型政策 AWS RAM。
若要了解如何建立回應計畫或聯絡人,請參閱 在 Incident Manager 中建立和設定回應計畫和 在 Incident Manager 中建立和設定聯絡人。
依組織限制 Incident Manager 回應計劃存取
下列範例使用組織 ID 將許可授予組織中的使用者: o-abc123def45 以回應使用回應計畫 建立的事件myplan。
Condition 區塊使用 StringEquals條件和 aws:PrincipalOrgID 條件索引鍵,這是 AWS Organizations 特定的條件索引鍵。如需有關這些條件索引鍵的詳細資訊,請參閱「在政策中指定條件」。
- JSON
-
-
{
"Version": "2012-10-17" ,
"Statement": [
{
"Sid": "OrganizationAccess",
"Effect": "Allow",
"Principal": "*",
"Condition": {
"StringEquals": {
"aws:PrincipalOrgID": "o-abc123def45"
}
},
"Action": [
"ssm-incidents:GetResponsePlan",
"ssm-incidents:StartIncident",
"ssm-incidents:UpdateIncidentRecord",
"ssm-incidents:GetIncidentRecord",
"ssm-incidents:CreateTimelineEvent",
"ssm-incidents:UpdateTimelineEvent",
"ssm-incidents:GetTimelineEvent",
"ssm-incidents:ListTimelineEvents",
"ssm-incidents:UpdateRelatedItems",
"ssm-incidents:ListRelatedItems"
],
"Resource": [
"arn:aws:ssm-incidents:*:111122223333:response-plan/myplan",
"arn:aws:ssm-incidents:*:111122223333:incident-record/myplan/*"
]
}
]
}
下列範例使用 ARN 將許可授予委託人arn:aws:iam::999988887777:root,以建立聯絡 的參與mycontact。
- JSON
-
-
{
"Version": "2012-10-17" ,
"Statement": [
{
"Sid": "PrincipalAccess",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::999988887777:root"
},
"Action": [
"ssm-contacts:GetContact",
"ssm-contacts:StartEngagement",
"ssm-contacts:DescribeEngagement",
"ssm-contacts:ListPagesByContact"
],
"Resource": [
"arn:aws:ssm-contacts:*:111122223333:contact/mycontact",
"arn:aws:ssm-contacts:*:111122223333:engagement/mycontact/*"
]
}
]
}
