本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
NeptuneGraphReadOnlyAccess
使用 AWS 受管政策授予
以下 NeptuneGraphReadOnlyAccess 受管政策提供對所有 Amazon Neptune Analytics 資源的唯讀許可,以及相依服務的唯讀許可。
此政策包含執行以下動作的許可:
對於 Amazon EC2 — 擷取 VPC、子網路、安全群組和可用區域的相關資訊。
對於 AWS KMS – 擷取 KMS 金鑰和別名的相關資訊。
對於 CloudWatch — 擷取有關 CloudWatch 指標的資訊。
對於 CloudWatch Logs — 擷取有關 CloudWatch 日誌串流和事件的資訊。
- JSON
-
-
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowReadOnlyPermissionsForNeptuneGraph",
"Effect": "Allow",
"Action": [
"neptune-graph:Get*",
"neptune-graph:List*",
"neptune-graph:Read*"
],
"Resource": "*"
},
{
"Sid": "AllowReadOnlyPermissionsForEC2",
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcAttribute",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
},
{
"Sid": "AllowReadOnlyPermissionsForKMS",
"Effect": "Allow",
"Action": [
"kms:ListKeys",
"kms:ListAliases"
],
"Resource": "*"
},
{
"Sid": "AllowReadOnlyPermissionsForCloudwatch",
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics"
],
"Resource": "*"
},
{
"Sid": "AllowReadOnlyPermissionsForLogs",
"Effect": "Allow",
"Action": [
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*"
]
}
]
}