Amazon VPC Lattice API 許可 - Amazon VPC Lattice
API 的必要許可

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

Amazon VPC Lattice API 許可

您必須授予 IAM 身分 (例如使用者或角色) 許可來呼叫他們所需的 VPC Lattice API 動作,如中所述VPC Lattice 的政策動作。此外,對於某些 VPC Lattice 動作,您必須授予 IAM 身分從其他 AWS APIs許可。

API 的必要許可

從 API 呼叫下列動作時,您必須授予 IAM 使用者呼叫指定動作的許可。

CreateResourceConfiguration

  • vpc-lattice:CreateResourceConfiguration

  • ec2:DescribeSubnets

  • rds:DescribeDBInstances

  • rds:DescribeDBClusters

CreateResourceGateway

  • vpc-lattice:CreateResourceGateway

  • ec2:AssignPrivateIpAddresses

  • ec2:AssignIpv6Addresses

  • ec2:CreateNetworkInterface

  • ec2:CreateNetworkInterfacePermission

  • ec2:DeleteNetworkInterface

  • ec2:DescribeNetworkInterfaces

  • ec2:DescribeSecurityGroups

  • ec2:DescribeSubnets

DeleteResourceGateway

  • vpc-lattice:DeleteResourceGateway

  • ec2:DeleteNetworkInterface

UpdateResourceGateway

  • vpc-lattice:UpdateResourceGateway

  • ec2:AssignPrivateIpAddresses

  • ec2:AssignIpv6Addresses

  • ec2:UnassignPrivateIpAddresses

  • ec2:CreateNetworkInterface

  • ec2:CreateNetworkInterfacePermission

  • ec2:DeleteNetworkInterface

  • ec2:DescribeNetworkInterfaces

  • ec2:DescribeSecurityGroups

  • ec2:DescribeSubnets

  • ec2:ModifyNetworkInterfaceAttribute

CreateServiceNetworkResourceAssociation

  • vpc-lattice:CreateServiceNetworkResourceAssociation

  • ec2:AssignIpv6Addresses

  • ec2:CreateNetworkInterface

  • ec2:CreateNetworkInterfacePermission

  • ec2:DescribeNetworkInterfaces

CreateServiceNetworkVpcAssociation

  • vpc-lattice:CreateServiceNetworkVpcAssociation

  • ec2:DescribeVpcs

  • ec2:DescribeSecurityGroups (只有在提供安全群組時才需要)

UpdateServiceNetworkVpcAssociation

  • vpc-lattice:UpdateServiceNetworkVpcAssociation

  • ec2:DescribeSecurityGroups (只有在提供安全群組時才需要)

CreateTargetGroup

  • vpc-lattice:CreateTargetGroup

  • ec2:DescribeVpcs

RegisterTargets

  • vpc-lattice:RegisterTargets

  • ec2:DescribeInstances (只有在 INSTANCE是目標群組類型時才需要)

  • ec2:DescribeVpcs (只有在 INSTANCEIP為目標群組類型時才需要)

  • ec2:DescribeSubnets (只有在 INSTANCEIP為目標群組類型時才需要)

  • lambda:GetFunction (只有在 LAMBDA是目標群組類型時才需要)

  • lambda:AddPermission (只有在目標群組尚未擁有叫用指定 Lambda 函數的許可時,才需要)

DeregisterTargets

  • vpc-lattice:DeregisterTargets

CreateAccessLogSubscription

  • vpc-lattice:CreateAccessLogSubscription

  • logs:GetLogDelivery

  • logs:CreateLogDelivery

DeleteAccessLogSubscription

  • vpc-lattice:DeleteAccessLogSubscription

  • logs:DeleteLogDelivery

UpdateAccessLogSubscription

  • vpc-lattice:UpdateAccessLogSubscription

  • logs:UpdateLogDelivery