本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# AWS Security Token Service 的動作、資源和條件索引鍵
AWS Security Token Service (服務字首:`sts`) 提供下列服務特定的資源、動作和條件內容索引鍵,可用於 IAM 許可政策。
參考資料:
+ 了解如何[設定此服務](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html)。
+ 檢視[可供此服務使用的 API 操作](https://docs.aws.amazon.com/STS/latest/APIReference/)清單。
+ 了解如何[使用 IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_permissions.html) 許可政策來保護此服務及其資源。
**Topics**
+ [AWS Security Token Service 定義的動作](#awssecuritytokenservice-actions-as-permissions)
+ [AWS Security Token Service 定義的資源類型](#awssecuritytokenservice-resources-for-iam-policies)
+ [AWS Security Token Service 的條件索引鍵](#awssecuritytokenservice-policy-keys)
## AWS Security Token Service 定義的動作
您可在 IAM 政策陳述式的 `Action` 元素中指定以下動作。使用政策來授予在 AWS中執行操作的許可。在政策中使用動作時,通常會允許或拒絕存取相同名稱的 API 操作或 CLI 命令。不過,在某些情況下,單一動作可控制對多個操作的存取。或者,某些操作需要多種不同的動作。
動作資料表的**存取層級**欄說明動作的分類方式 (列出、讀取、許可管理或標記)。此分類可協助您了解在政策中使用某動作時,該動作授予您的存取層級。如需存取層級的詳細資訊,請參閱[政策摘要中的存取層級](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html)。
「動作」資料表的**資源類型**欄會指出每個動作是否支援資源層級的許可。如果此欄沒有值,您必須在政策陳述式的 `Resource` 元素中指定政策適用的所有資源 ("\*")。如果資料欄包含資源類型,則您可以在具有該動作的陳述式中指定該類型的 ARN。如果動作具有一或多個必要資源,呼叫者必須具有對這些資源使用動作的許可。表格中的必要資源會以星號 (\*) 表示。如果您使用 IAM 政策中的 `Resource` 元素限制資源存取,則每種必要的資源類型必須要有 ARN 或模式。某些動作支援多種資源類型。如果資源類型是選用 (未顯示為必要),則您可以選擇使用其中一種選用資源類型。
「動作」資料表的**條件索引鍵**欄包含您可以在政策陳述式的 `Condition` 元素中指定的索引鍵。如需有關與服務資源相關聯之條件索引鍵的詳細資訊,請參閱「資源類型」資料表的**條件索引鍵**欄。
動作資料表的**相依動作**欄會顯示成功呼叫動作所需的其他許可。除了 動作本身的許可之外,還可能需要這些許可。當動作指定相依動作時,這些相依性可能適用於針對該動作定義的其他資源,而不只是資料表中列出的第一個資源。
**注意**
資源條件索引鍵會列在[資源類型](#awssecuritytokenservice-resources-for-iam-policies)資料表中。您可以在「動作」資料表的**資源類型 (\*必填) **欄中找到適用於動作的資源類型連結。「資源類型」資料表中的資源類型包括**條件索引鍵**欄,其中包含套用至「動作」資料表中動作的資源條件索引鍵。
如需下表各欄的詳細資訊,請參閱[動作資料表](reference_policies_actions-resources-contextkeys.html#actions_table)。
****
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html) **
- **描述:** 准許取得一組臨時安全登入資料,您可以使用這些登入資料來存取您通常無法存取 AWS 的資源
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awssecuritytokenservice-role](#awssecuritytokenservice-role) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_)
[#awssecuritytokenservice-sts_TransitiveTagKeys](#awssecuritytokenservice-sts_TransitiveTagKeys)
[#awssecuritytokenservice-sts_ExternalId](#awssecuritytokenservice-sts_ExternalId)
[#awssecuritytokenservice-sts_RoleSessionName](#awssecuritytokenservice-sts_RoleSessionName)
[#awssecuritytokenservice-iam_ResourceTag___TagKey_](#awssecuritytokenservice-iam_ResourceTag___TagKey_)
[#awssecuritytokenservice-sts_SourceIdentity](#awssecuritytokenservice-sts_SourceIdentity)
[#awssecuritytokenservice-cognito-identity.amazonaws.com_amr](#awssecuritytokenservice-cognito-identity.amazonaws.com_amr)
[#awssecuritytokenservice-cognito-identity.amazonaws.com_aud](#awssecuritytokenservice-cognito-identity.amazonaws.com_aud)
[#awssecuritytokenservice-cognito-identity.amazonaws.com_sub](#awssecuritytokenservice-cognito-identity.amazonaws.com_sub)
[#awssecuritytokenservice-www.amazon.com_app_id](#awssecuritytokenservice-www.amazon.com_app_id)
[#awssecuritytokenservice-www.amazon.com_user_id](#awssecuritytokenservice-www.amazon.com_user_id)
[#awssecuritytokenservice-graph.facebook.com_app_id](#awssecuritytokenservice-graph.facebook.com_app_id)
[#awssecuritytokenservice-graph.facebook.com_id](#awssecuritytokenservice-graph.facebook.com_id)
[#awssecuritytokenservice-accounts.google.com_aud](#awssecuritytokenservice-accounts.google.com_aud)
[#awssecuritytokenservice-accounts.google.com_sub](#awssecuritytokenservice-accounts.google.com_sub)
[#awssecuritytokenservice-saml_namequalifier](#awssecuritytokenservice-saml_namequalifier)
[#awssecuritytokenservice-saml_sub](#awssecuritytokenservice-saml_sub)
[#awssecuritytokenservice-saml_sub_type](#awssecuritytokenservice-saml_sub_type) / **相依動作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html) **
- **描述:** 准許透過 SAML 驗證回應,為已驗證過的使用者取得一組臨時安全憑證
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awssecuritytokenservice-role](#awssecuritytokenservice-role) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awssecuritytokenservice-saml_namequalifier](#awssecuritytokenservice-saml_namequalifier)
[#awssecuritytokenservice-saml_sub](#awssecuritytokenservice-saml_sub)
[#awssecuritytokenservice-saml_sub_type](#awssecuritytokenservice-saml_sub_type)
[#awssecuritytokenservice-saml_aud](#awssecuritytokenservice-saml_aud)
[#awssecuritytokenservice-saml_iss](#awssecuritytokenservice-saml_iss)
[#awssecuritytokenservice-saml_doc](#awssecuritytokenservice-saml_doc)
[#awssecuritytokenservice-saml_cn](#awssecuritytokenservice-saml_cn)
[#awssecuritytokenservice-saml_commonName](#awssecuritytokenservice-saml_commonName)
[#awssecuritytokenservice-saml_eduorghomepageuri](#awssecuritytokenservice-saml_eduorghomepageuri)
[#awssecuritytokenservice-saml_eduorgidentityauthnpolicyuri](#awssecuritytokenservice-saml_eduorgidentityauthnpolicyuri)
[#awssecuritytokenservice-saml_eduorglegalname](#awssecuritytokenservice-saml_eduorglegalname)
[#awssecuritytokenservice-saml_eduorgsuperioruri](#awssecuritytokenservice-saml_eduorgsuperioruri)
[#awssecuritytokenservice-saml_eduorgwhitepagesuri](#awssecuritytokenservice-saml_eduorgwhitepagesuri)
[#awssecuritytokenservice-saml_edupersonaffiliation](#awssecuritytokenservice-saml_edupersonaffiliation)
[#awssecuritytokenservice-saml_edupersonassurance](#awssecuritytokenservice-saml_edupersonassurance)
[#awssecuritytokenservice-saml_edupersonentitlement](#awssecuritytokenservice-saml_edupersonentitlement)
[#awssecuritytokenservice-saml_edupersonnickname](#awssecuritytokenservice-saml_edupersonnickname)
[#awssecuritytokenservice-saml_edupersonorgdn](#awssecuritytokenservice-saml_edupersonorgdn)
[#awssecuritytokenservice-saml_edupersonorgunitdn](#awssecuritytokenservice-saml_edupersonorgunitdn)
[#awssecuritytokenservice-saml_edupersonprimaryaffiliation](#awssecuritytokenservice-saml_edupersonprimaryaffiliation)
[#awssecuritytokenservice-saml_edupersonprimaryorgunitdn](#awssecuritytokenservice-saml_edupersonprimaryorgunitdn)
[#awssecuritytokenservice-saml_edupersonprincipalname](#awssecuritytokenservice-saml_edupersonprincipalname)
[#awssecuritytokenservice-saml_edupersonscopedaffiliation](#awssecuritytokenservice-saml_edupersonscopedaffiliation)
[#awssecuritytokenservice-saml_edupersontargetedid](#awssecuritytokenservice-saml_edupersontargetedid)
[#awssecuritytokenservice-saml_givenName](#awssecuritytokenservice-saml_givenName)
[#awssecuritytokenservice-saml_mail](#awssecuritytokenservice-saml_mail)
[#awssecuritytokenservice-saml_name](#awssecuritytokenservice-saml_name)
[#awssecuritytokenservice-saml_organizationStatus](#awssecuritytokenservice-saml_organizationStatus)
[#awssecuritytokenservice-saml_primaryGroupSID](#awssecuritytokenservice-saml_primaryGroupSID)
[#awssecuritytokenservice-saml_surname](#awssecuritytokenservice-saml_surname)
[#awssecuritytokenservice-saml_uid](#awssecuritytokenservice-saml_uid)
[#awssecuritytokenservice-saml_x500UniqueIdentifier](#awssecuritytokenservice-saml_x500UniqueIdentifier)
[#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_)
[#awssecuritytokenservice-sts_TransitiveTagKeys](#awssecuritytokenservice-sts_TransitiveTagKeys)
[#awssecuritytokenservice-sts_SourceIdentity](#awssecuritytokenservice-sts_SourceIdentity)
[#awssecuritytokenservice-sts_RoleSessionName](#awssecuritytokenservice-sts_RoleSessionName) / **相依動作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html) **
- **描述:** 准許為在行動或 Web 應用程式中,透過 Web 身分提供者驗證的使用者取得一組臨時安全憑證
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awssecuritytokenservice-role](#awssecuritytokenservice-role) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awssecuritytokenservice-cognito-identity.amazonaws.com_amr](#awssecuritytokenservice-cognito-identity.amazonaws.com_amr)
[#awssecuritytokenservice-cognito-identity.amazonaws.com_aud](#awssecuritytokenservice-cognito-identity.amazonaws.com_aud)
[#awssecuritytokenservice-cognito-identity.amazonaws.com_sub](#awssecuritytokenservice-cognito-identity.amazonaws.com_sub)
[#awssecuritytokenservice-www.amazon.com_app_id](#awssecuritytokenservice-www.amazon.com_app_id)
[#awssecuritytokenservice-www.amazon.com_user_id](#awssecuritytokenservice-www.amazon.com_user_id)
[#awssecuritytokenservice-graph.facebook.com_app_id](#awssecuritytokenservice-graph.facebook.com_app_id)
[#awssecuritytokenservice-graph.facebook.com_id](#awssecuritytokenservice-graph.facebook.com_id)
[#awssecuritytokenservice-accounts.google.com_aud](#awssecuritytokenservice-accounts.google.com_aud)
[#awssecuritytokenservice-accounts.google.com_oaud](#awssecuritytokenservice-accounts.google.com_oaud)
[#awssecuritytokenservice-accounts.google.com_sub](#awssecuritytokenservice-accounts.google.com_sub)
[#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_)
[#awssecuritytokenservice-sts_TransitiveTagKeys](#awssecuritytokenservice-sts_TransitiveTagKeys)
[#awssecuritytokenservice-sts_SourceIdentity](#awssecuritytokenservice-sts_SourceIdentity)
[#awssecuritytokenservice-sts_RoleSessionName](#awssecuritytokenservice-sts_RoleSessionName) / **相依動作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html) **
- **描述:** 准許取得一組臨時安全登入資料,可用於在組織中的成員帳戶中執行特權任務
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awssecuritytokenservice-root-user](#awssecuritytokenservice-root-user) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awssecuritytokenservice-sts_TaskPolicyArn](#awssecuritytokenservice-sts_TaskPolicyArn) / **相依動作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_DecodeAuthorizationMessage.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_DecodeAuthorizationMessage.html) **
- **描述:** 准許從回應請求而傳回的編碼訊息解碼 AWS 請求授權狀態的其他資訊
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_GetAccessKeyInfo.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetAccessKeyInfo.html) **
- **描述:** 准許取得以參數形式傳遞至請求的存取金鑰 ID 相關詳細資訊
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html) **
- **描述:** 准許取得 IAM 身分的詳細資訊,該身分的憑證會用來呼叫 API
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_GetDelegatedAccessToken.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetDelegatedAccessToken.html) **
- **描述:** 傳回臨時安全登入資料,以便在臨時委派請求核准 AWS 帳戶 後存取 。此 API 要求在請求委派核准時提供的 tradeInToken,僅供 Amazon 或 AWS 合作夥伴使用
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html) **
- **描述:** 准許為聯合身分使用者取得一組臨時安全憑證 (包括存取金鑰 ID、私密存取金鑰和安全字符)
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awssecuritytokenservice-federated-user](#awssecuritytokenservice-federated-user) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_) / **相依動作:**
- ** [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bearer.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bearer.html) [僅限許可]**
- **描述:** 准許取得 AWS 根使用者、IAM 角色或 IAM 使用者的 STS 承載字符
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:** [#awssecuritytokenservice-sts_AWSServiceName](#awssecuritytokenservice-sts_AWSServiceName)
[#awssecuritytokenservice-sts_DurationSeconds](#awssecuritytokenservice-sts_DurationSeconds)
- **相依動作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html) **
- **描述:** 准許取得 AWS 帳戶 或 IAM 使用者的一組臨時安全登入資料 (包含存取金鑰 ID、私密存取金鑰和安全字符)
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_GetWebIdentityToken.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetWebIdentityToken.html) **
- **描述:** 准許取得代表呼叫 IAM 主體身分的短期、可公開驗證的 JSON Web Token (JWT)
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:** [#awssecuritytokenservice-sts_DurationSeconds](#awssecuritytokenservice-sts_DurationSeconds)
[#awssecuritytokenservice-sts_IdentityTokenAudience](#awssecuritytokenservice-sts_IdentityTokenAudience)
[#awssecuritytokenservice-sts_SigningAlgorithm](#awssecuritytokenservice-sts_SigningAlgorithm)
[#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_)
- **相依動作:**
- ** [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts) [僅限許可]**
- **描述:** 准許在 STS 工作階段上設定內容索引鍵
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awssecuritytokenservice-role](#awssecuritytokenservice-role) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** [#awssecuritytokenservice-self-session](#awssecuritytokenservice-self-session) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awssecuritytokenservice-sts_RequestContext___ContextKey_](#awssecuritytokenservice-sts_RequestContext___ContextKey_)
[#awssecuritytokenservice-sts_RequestContextProviders](#awssecuritytokenservice-sts_RequestContextProviders) / **相依動作:**
- ** [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html#id_credentials_temp_control-access_monitor-perms](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html#id_credentials_temp_control-access_monitor-perms) [僅限許可]**
- **描述:** 准許在 STS 工作階段上設定來源身分
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awssecuritytokenservice-role](#awssecuritytokenservice-role) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awssecuritytokenservice-sts_SourceIdentity](#awssecuritytokenservice-sts_SourceIdentity) / **相依動作:**
- ** [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_web_identity_token_tags.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_web_identity_token_tags.html) [僅限許可]**
- **描述:** 准許將標籤新增至 GetWebIdentityToken API 產生的 JSON Web Token (JWT)
- **存取層級:** 標記
- **資源類型 (\*必填項目):**
- **條件索引鍵:** [#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_)
- **相依動作:**
- ** [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) [僅限許可]**
- **描述:** 准許將標籤新增至 STS 工作階段
- **存取層級:** 標記
- **資源類型 (\*必填項目):** [#awssecuritytokenservice-role](#awssecuritytokenservice-role) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_)
[#awssecuritytokenservice-sts_TransitiveTagKeys](#awssecuritytokenservice-sts_TransitiveTagKeys)
[#awssecuritytokenservice-saml_aud](#awssecuritytokenservice-saml_aud) / **相依動作:**
## AWS Security Token Service 定義的資源類型
此服務會定義下列資源類型,並可用在 IAM 許可政策陳述式的 `Resource` 元素中。[動作表格](#awssecuritytokenservice-actions-as-permissions)中的每個動作都代表可使用該動作指定的資源類型。資源類型也能定義您可以在政策中包含哪些條件索引鍵。這些索引鍵都會顯示在「資源類型」資料表的最後一欄。如需下表各欄的詳細資訊,請參閱[資源類型資料表](reference_policies_actions-resources-contextkeys.html#resources_table)。
****
| 資源類型 | ARN | 條件索引鍵 |
| --- | --- | --- |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) | arn:${Partition}:iam::${Account}:role/${RoleNameWithPath} | [#awssecuritytokenservice-aws_ResourceTag___TagKey_](#awssecuritytokenservice-aws_ResourceTag___TagKey_)
[#awssecuritytokenservice-iam_ResourceTag___TagKey_](#awssecuritytokenservice-iam_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html) | arn:${Partition}:iam::${Account}:root | |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) | arn:${Partition}:sts::${Account}:self | |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) | arn:${Partition}:iam::aws:contextProvider/${ContextProviderName} | |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) | arn:${Partition}:sts::${Account}:federated-user/${FederatedUserName} | |
## AWS Security Token Service 的條件索引鍵
AWS Security Token Service 定義了下列條件索引鍵,可用於 IAM 政策的 `Condition`元素。您可以使用這些索引鍵來縮小套用政策陳述式的條件。如需下表各欄的詳細資訊,請參閱[條件索引鍵表](reference_policies_actions-resources-contextkeys.html#context_keys_table)。
若要檢視所有 服務可用的全域條件索引鍵,請參閱[AWS 全域條件內容索引鍵](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html)。
****
| 條件索引鍵 | 描述 | Type |
| --- | --- | --- |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud) | 依 Google 應用程式 ID 篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_oaud](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_oaud) | 依 Google 對象篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub) | 依宣告主旨 (Google 使用者 ID) 篩選存取權 | String |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag) | 依要求中傳遞的標籤來篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag) | 依與資源關聯的標籤來篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys) | 依要求中傳遞的標籤索引鍵來篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_amr](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_amr) | 依 Amazon Cognito 登入資訊篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud) | 依 Amazon Cognito 身分集區 ID 篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub) | 依宣告主旨 (Amazon Cognito 使用者 ID) 篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id) | 依 Facebook 應用程式 ID 篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id) | 依 Facebook 使用者 ID 篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_ResourceTag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_ResourceTag) | 依連接至擔任角色的標籤篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud) | 依顯示 SAML 宣告的端點 URL 篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_cn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_cn) | 依 eduOrg 屬性篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_commonname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_commonname) | 依 commonName 屬性篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_doc](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_doc) | 依用來擔任角色的委託人篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorghomepageuri](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorghomepageuri) | 依 eduOrg 屬性篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud) | 依 eduOrg 屬性篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorglegalname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorglegalname) | 依 eduOrg 屬性篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorgsuperioruri](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorgsuperioruri) | 依 eduOrg 屬性篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorgwhitepagesuri](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorgwhitepagesuri) | 依 eduOrg 屬性篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonaffiliation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonaffiliation) | 依 eduPerson 屬性篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonassurance](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonassurance) | 依 eduPerson 屬性篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonentitlement](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonentitlement) | 依 eduPerson 屬性篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonnickname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonnickname) | 依 eduPerson 屬性篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonorgdn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonorgdn) | 依 eduPerson 屬性篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonorgunitdn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonorgunitdn) | 依 eduPerson 屬性篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprimaryaffiliation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprimaryaffiliation) | 依 eduPerson 屬性篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprimaryorgunitdn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprimaryorgunitdn) | 依 eduPerson 屬性篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprincipalname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprincipalname) | 依 eduPerson 屬性篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonscopedaffiliation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonscopedaffiliation) | 依 eduPerson 屬性篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersontargetedid](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersontargetedid) | 依 eduPerson 屬性篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_givenname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_givenname) | 依 givenName 屬性篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_iss](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_iss) | 依發行者 (由 URN 代表) 篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_mail](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_mail) | 依 mail 屬性篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_name](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_name) | 依 name 屬性篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_namequalifier](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_namequalifier) | 依發行者的雜湊值、帳戶 ID 和易記名稱篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_organizationstatus](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_organizationstatus) | 依 organizationStatus 屬性篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_primarygroupsid](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_primarygroupsid) | 依 primaryGroupSID 屬性篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub) | 依宣告主旨 (SAML 使用者 ID) 篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_subtype](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_subtype) | 依值的持續性、暫時性或完整格式的 URI 篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_surname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_surname) | 依 surname 屬性篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_uid](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_uid) | 依 uid 屬性篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_x500uniqueidentifier](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_x500uniqueidentifier) | 依 uid 屬性篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_awsservicename](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_awsservicename) | 依取得承載字符的服務篩選存取權 | String |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_durationseconds](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_durationseconds) | 從 GetWebIdentityToken API 取得承載字符或 JSON Web 字符 (JWT) 時,依秒數篩選存取權 | 數值 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_externalid](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_externalid) | 依您在另一個帳戶中擔任角色時所需的唯一識別符篩選存取權 | String |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_identitytokenaudience](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_identitytokenaudience) | 依請求中傳遞的對象篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts) | 依從受信任內容提供者擷取的簽署內容聲明中的內嵌工作階段鍵/值對來篩選存取權 | String |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts) | 依內容提供者 ARN 篩選存取權 | ArrayOfARN |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname) | 依您擔任角色時所需的角色工作階段名稱篩選存取權 | String |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_signingalgorithm](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_signingalgorithm) | 依請求中傳遞的簽署演算法篩選存取權 | String |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sourceidentity](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sourceidentity) | 依請求中傳遞的來源身分篩選存取權 | String |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts) | 依 TaskPolicyARN 篩選存取權 | ARN |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_TransitiveTagKeys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_TransitiveTagKeys) | 依請求中傳遞的轉移標籤索引鍵篩選存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id) | 依 Login with Amazon 應用程式 ID 篩選存取權 | 字串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id) | 依 Login with Amazon 使用者 ID 篩選存取權 | String |