本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
範例 政策
本節中的範例政策包含完整 IPAM 用量的所有相關 AWS Identity and Access Management (IAM) 動作。視您使用 IPAM 的方式而定,您可能不需要包含所有 IAM 動作。如需使用 IPAM 主控台的完整體驗,您可能需要為 服務包含其他 IAM 動作 AWS Organizations,例如 AWS Resource Access Manager (AWS RAM) 和 Amazon CloudWatch。
- JSON
-
-
{ "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AssociateIpamByoasn", "ec2:DeprovisionIpamByoasn", "ec2:DescribeIpamByoasn", "ec2:DisassociateIpamByoasn", "ec2:ProvisionIpamByoasn", "ec2:CreateIpam", "ec2:DescribeIpams", "ec2:ModifyIpam", "ec2:DeleteIpam", "ec2:CreateIpamScope", "ec2:DescribeIpamScopes", "ec2:ModifyIpamScope", "ec2:DeleteIpamScope", "ec2:CreateIpamPool", "ec2:DescribeIpamPools", "ec2:ModifyIpamPool", "ec2:DeleteIpamPool", "ec2:ProvisionIpamPoolCidr", "ec2:GetIpamPoolCidrs", "ec2:DeprovisionIpamPoolCidr", "ec2:AllocateIpamPoolCidr", "ec2:GetIpamPoolAllocations", "ec2:ReleaseIpamPoolAllocation", "ec2:CreateIpamResourceDiscovery", "ec2:DescribeIpamResourceDiscoveries", "ec2:ModifyIpamResourceDiscovery", "ec2:DeleteIpamResourceDiscovery", "ec2:AssociateIpamResourceDiscovery", "ec2:DescribeIpamResourceDiscoveryAssociations", "ec2:DisassociateIpamResourceDiscovery", "ec2:GetIpamResourceCidrs", "ec2:ModifyIpamResourceCidr", "ec2:GetIpamAddressHistory", "ec2:GetIpamDiscoveredResourceCidrs", "ec2:GetIpamDiscoveredAccounts", "ec2:GetIpamDiscoveredPublicAddresses" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/ipam.amazonaws.com/AWSServiceRoleForIPAM", "Condition": { "StringLike": { "iam:AWSServiceName": "ipam.amazonaws.com" } } } ] }
IPAM 的受管政策
配額