NeptuneGraphReadOnlyAccess 使用 AWS 受管政策授予 - Amazon Neptune

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

NeptuneGraphReadOnlyAccess 使用 AWS 受管政策授予

以下 NeptuneGraphReadOnlyAccess 受管政策提供對所有 Amazon Neptune Analytics 資源的唯讀許可,以及相依服務的唯讀許可。

此政策包含執行以下動作的許可:

  • 對於 Amazon EC2 — 擷取 VPC、子網路、安全群組和可用區域的相關資訊。

  • 對於 AWS KMS – 擷取 KMS 金鑰和別名的相關資訊。

  • 對於 CloudWatch — 擷取有關 CloudWatch 指標的資訊。

  • 對於 CloudWatch Logs — 擷取有關 CloudWatch 日誌串流和事件的資訊。

注意

這項政策已於 2023-11-29 發布。

JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowReadOnlyPermissionsForNeptuneGraph",
      "Effect": "Allow",
      "Action": [
        "neptune-graph:Get*",
        "neptune-graph:List*",
        "neptune-graph:Read*"
      ],
      "Resource": "*"
    },
    {
      "Sid": "AllowReadOnlyPermissionsForEC2",
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeVpcEndpoints",
        "ec2:DescribeVpcAttribute",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeSubnets",
        "ec2:DescribeVpcs",
        "ec2:DescribeAvailabilityZones"
      ],
      "Resource": "*"
    },
    {
      "Sid": "AllowReadOnlyPermissionsForKMS",
      "Effect": "Allow",
      "Action": [
        "kms:ListKeys",
        "kms:ListAliases"
      ],
      "Resource": "*"
    },
    {
      "Sid": "AllowReadOnlyPermissionsForCloudwatch",
      "Effect": "Allow",
      "Action": [
        "cloudwatch:GetMetricData",
        "cloudwatch:ListMetrics",
        "cloudwatch:GetMetricStatistics"
      ],
      "Resource": "*"
    },
    {
      "Sid": "AllowReadOnlyPermissionsForLogs",
      "Effect": "Allow",
      "Action": [
        "logs:DescribeLogStreams",
        "logs:GetLogEvents"
      ],
      "Resource": [
        "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*"
      ]
    }
  ]
}