AWS 受管政策:AmazonWorkSpacesWebServiceRolePolicy - Amazon WorkSpaces 安全瀏覽器

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

AWS 受管政策:AmazonWorkSpacesWebServiceRolePolicy

您無法將 AmazonWorkSpacesWebServiceRolePolicy 政策附加至 IAM 實體。此政策會連接到服務連結角色,允許 WorkSpaces Secure Browser 代表您執行動作。如需詳細資訊,請參閱使用 Amazon WorkSpaces 安全瀏覽器的服務連結角色

此政策授予管理許可,允許存取 WorkSpaces Secure Browser 使用或管理 AWS 的服務和資源。

許可詳細資訊

此政策包含以下許可:

  • workspaces-web – 允許存取 WorkSpaces Secure Browser 使用或管理 AWS 的服務和資源。

  • ec2 – 允許主體描述 VPC、子網路和可用區域;建立、標記、描述和刪除網路介面;關聯或取消關聯地址;以及描述路由表、安全群組和 VPC 端點。

  • CloudWatch – 允許主體放置指標資料。

  • Kinesis - 允許主體描述 Kinesis 資料串流的摘要,並將紀錄放入 Kinesis 資料串流中以供使用者存取日誌記錄。如需詳細資訊,請參閱在 Amazon WorkSpaces 安全瀏覽器中設定使用者存取記錄

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaces", "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcEndpoints" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface" ], "Resource": [ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface" ], "Resource": "arn:aws:ec2:*:*:network-interface/*", "Condition": { "StringEquals": { "aws:RequestTag/WorkSpacesWebManaged": "true" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:*:*:network-interface/*", "Condition": { "StringEquals": { "ec2:CreateAction": "CreateNetworkInterface" }, "ForAllValues:StringEquals": { "aws:TagKeys": [ "WorkSpacesWebManaged" ] } } }, { "Effect": "Allow", "Action": [ "ec2:DeleteNetworkInterface" ], "Resource": "arn:aws:ec2:*:*:network-interface/*", "Condition": { "StringEquals": { "aws:ResourceTag/WorkSpacesWebManaged": "true" } } }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData" ], "Resource": "*", "Condition": { "StringEquals": { "cloudwatch:namespace": [ "AWS/WorkSpacesWeb", "AWS/Usage" ] } } }, { "Effect": "Allow", "Action": [ "kinesis:PutRecord", "kinesis:PutRecords", "kinesis:DescribeStreamSummary" ], "Resource": "arn:aws:kinesis:*:*:stream/amazon-workspaces-web-*" } ] }