範例政策
本節中的範例政策包含用於完整 IPAM 使用的所有相關 AWS Identity and Access Management (IAM) 動作。視您使用 IPAM 的方式而定,您可能不需要包含所有 IAM 動作。如需使用 IPAM 主控台的完整體驗,您可能需要針對 AWS Organizations、AWS Resource Access Manager (AWS RAM) 和 Amazon CloudWatch 等服務加入其他 IAM 動作。
- JSON
-
-
{ "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AssociateIpamByoasn", "ec2:DeprovisionIpamByoasn", "ec2:DescribeIpamByoasn", "ec2:DisassociateIpamByoasn", "ec2:ProvisionIpamByoasn", "ec2:CreateIpam", "ec2:DescribeIpams", "ec2:ModifyIpam", "ec2:DeleteIpam", "ec2:CreateIpamScope", "ec2:DescribeIpamScopes", "ec2:ModifyIpamScope", "ec2:DeleteIpamScope", "ec2:CreateIpamPool", "ec2:DescribeIpamPools", "ec2:ModifyIpamPool", "ec2:DeleteIpamPool", "ec2:ProvisionIpamPoolCidr", "ec2:GetIpamPoolCidrs", "ec2:DeprovisionIpamPoolCidr", "ec2:AllocateIpamPoolCidr", "ec2:GetIpamPoolAllocations", "ec2:ReleaseIpamPoolAllocation", "ec2:CreateIpamResourceDiscovery", "ec2:DescribeIpamResourceDiscoveries", "ec2:ModifyIpamResourceDiscovery", "ec2:DeleteIpamResourceDiscovery", "ec2:AssociateIpamResourceDiscovery", "ec2:DescribeIpamResourceDiscoveryAssociations", "ec2:DisassociateIpamResourceDiscovery", "ec2:GetIpamResourceCidrs", "ec2:ModifyIpamResourceCidr", "ec2:GetIpamAddressHistory", "ec2:GetIpamDiscoveredResourceCidrs", "ec2:GetIpamDiscoveredAccounts", "ec2:GetIpamDiscoveredPublicAddresses" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/ipam.amazonaws.com/AWSServiceRoleForIPAM", "Condition": { "StringLike": { "iam:AWSServiceName": "ipam.amazonaws.com" } } } ] }
IPAM 的受管政策
配額