本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS Resilience Hub 角色和 IAM 許可參考
您可以使用 AWS Resilience Hub AWSResilienceHubAsssessmentExecutionPolicy AWS 受管政策和下列其中一個角色特定政策,將 IAM 許可授予使用 所需的角色。如需 AWS 受管政策的詳細資訊,請參閱 AWSResilienceHubAsssessmentExecutionPolicy。
建議的角色政策 AWS Resilience Hub:
基礎設施應用程式管理員角色的 IAM 許可
下列政策會授予 Infrastructure 應用程式管理員角色所需的必要許可。
- JSON
-
-
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "InfrastructureApplicationManager",
"Effect": "Allow",
"Action": [
"resiliencehub:AddDraftAppVersionResourceMappings",
"resiliencehub:CreateAppVersionAppComponent",
"resiliencehub:CreateAppVersionResource",
"resiliencehub:CreateRecommendationTemplate",
"resiliencehub:DeleteAppAssessment",
"resiliencehub:DeleteAppInputSource",
"resiliencehub:DeleteAppVersionAppComponent",
"resiliencehub:DeleteAppVersionResource",
"resiliencehub:DeleteRecommendationTemplate",
"resiliencehub:Describe*",
"resiliencehub:List*",
"resiliencehub:PublishAppVersion",
"resiliencehub:PutDraftAppVersionTemplate",
"resiliencehub:RemoveDraftAppVersionResourceMappings",
"resiliencehub:ResolveAppVersionResources",
"resiliencehub:StartAppAssessment",
"resiliencehub:TagResource",
"resiliencehub:UntagResource",
"resiliencehub:UpdateAppVersion",
"resiliencehub:UpdateAppVersionAppComponent",
"resiliencehub:UpdateAppVersionResource"
],
"Resource": "*"
}
]
}
Business continuity Manager 角色的 IAM 許可
下列政策授予業務持續性管理員角色所需的必要許可。
- JSON
-
-
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "BusinessContinuityManager",
"Effect": "Allow",
"Action": [
"resiliencehub:CreateResiliencyPolicy",
"resiliencehub:DeleteResiliencyPolicy",
"resiliencehub:Describe*",
"resiliencehub:List*",
"resiliencehub:ResolveAppVersionResources",
"resiliencehub:TagResource",
"resiliencehub:UntagResource",
"resiliencehub:UpdateAppVersion",
"resiliencehub:UpdateAppVersionAppComponent",
"resiliencehub:UpdateAppVersionResource",
"resiliencehub:UpdateResiliencyPolicy"
],
"Resource": "*"
}
]
}
應用程式擁有者角色的 IAM 許可
下列政策會授予應用程式擁有者角色所需的必要許可。
- JSON
-
-
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ApplicationOwner",
"Effect": "Allow",
"Action": [
"resiliencehub:AddDraftAppVersionResourceMappings",
"resiliencehub:BatchUpdateRecommendationStatus",
"resiliencehub:CreateApp",
"resiliencehub:CreateAppVersionAppComponent",
"resiliencehub:CreateAppVersionResource",
"resiliencehub:CreateRecommendationTemplate",
"resiliencehub:CreateResiliencyPolicy",
"resiliencehub:DeleteApp",
"resiliencehub:DeleteAppAssessment",
"resiliencehub:DeleteAppInputSource",
"resiliencehub:DeleteAppVersionAppComponent",
"resiliencehub:DeleteAppVersionResource",
"resiliencehub:DeleteRecommendationTemplate",
"resiliencehub:DeleteResiliencyPolicy",
"resiliencehub:Describe*",
"resiliencehub:ImportResourcesToDraftAppVersion",
"resiliencehub:List*",
"resiliencehub:PublishAppVersion",
"resiliencehub:PutDraftAppVersionTemplate",
"resiliencehub:RemoveDraftAppVersionResourceMappings",
"resiliencehub:ResolveAppVersionResources",
"resiliencehub:StartAppAssessment",
"resiliencehub:TagResource",
"resiliencehub:UntagResource",
"resiliencehub:UpdateApp",
"resiliencehub:UpdateAppVersion",
"resiliencehub:UpdateAppVersionAppComponent",
"resiliencehub:UpdateAppVersionResource",
"resiliencehub:UpdateResiliencyPolicy"
],
"Resource": "*"
}
]
}
授予唯讀存取權的 IAM 許可
下列政策會授予唯讀存取所需的必要許可。
- JSON
-
-
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ReadOnly",
"Effect": "Allow",
"Action": [
"resiliencehub:Describe*",
"resiliencehub:List*",
"resiliencehub:ResolveAppVersionResources"
],
"Resource": "*"
}
]
}
