{"Version": "2012-10-17","Statement": {"Effect": "Allow","Action": [ "A list of the permissions the role is allowed to use" ],"Resource": [ "A list of the resources the role is allowed to access" ]}
}
{"Version": "2012-10-17","Statement": {"Sid": "TrustPolicyStatementThatAllowsEC2ServiceToAssumeTheAttachedRole""Effect": "Allow","Principal": { "Service": "ec2.amazonaws.com" },"Action": "sts:AssumeRole"}
}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["iam:GetRole","iam:PassRole"],"Resource": "arn:aws:iam::*:role/EC2-roles-for-XYZ-*"}]
}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["iam:PassRole","iam:ListInstanceProfiles","ec2:*"],"Resource": "*"}]
}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "ec2:RunInstances","Resource": "*"},{"Effect": "Allow","Action": "iam:PassRole","Resource": "arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:role/Get-pics"}]
}
{"Version": "2012-10-17","Statement": {"Effect": "Allow","Action": "iam:CreateUser","Resource": "*"}
}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "iam:GetAccountPasswordPolicy","Resource": "*"},{"Effect": "Allow","Action": "iam:ChangePassword","Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}"}]
}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["iam:*LoginProfile","iam:*AccessKey*","iam:*SSHPublicKey*"],"Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}"},{"Effect": "Allow","Action": ["iam:ListAccount*","iam:GetAccountSummary","iam:GetAccountPasswordPolicy","iam:ListUsers"],"Resource": "*"}]
}
{"Version": "2012-10-17","Statement": {"Effect": "Allow","Action": ["iam:*LoginProfile","iam:*AccessKey*","iam:*SSHPublicKey*"],"Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}"}
}
{"Version": "2012-10-17","Statement": {"Effect": "Allow","Action": ["iam:Get*","iam:List*"],"Resource": "*"}
}
{"Version": "2012-10-17","Statement": {"Effect": "Allow","Action": ["iam:AddUserToGroup","iam:RemoveUserFromGroup","iam:GetGroup"],"Resource": "arn:aws:iam::account-id-without-hyphens:group/MarketingGroup"}
}
{"Version": "2012-10-17","Statement": [{"Sid": "AllowUsersToPerformUserActions","Effect": "Allow","Action": ["iam:CreateUser","iam:ListUsers","iam:GetUser","iam:UpdateUser","iam:DeleteUser","iam:ListGroupsForUser","iam:ListUserPolicies","iam:ListAttachedUserPolicies","iam:DeleteSigningCertificate","iam:DeleteLoginProfile","iam:RemoveUserFromGroup","iam:DetachUserPolicy","iam:DeleteUserPolicy"],"Resource": "*"},{"Sid": "AllowUsersToSeeStatsOnIAMConsoleDashboard","Effect": "Allow","Action": ["iam:GetAccount*","iam:ListAccount*"],"Resource": "*"}]
}
{"Version": "2012-10-17","Statement": {"Effect": "Allow","Action": ["iam:GetAccountPasswordPolicy","iam:UpdateAccountPasswordPolicy"],"Resource": "*"}
}
{"Version": "2012-10-17","Statement": {"Effect": "Allow","Action": ["iam:GenerateCredentialReport","iam:GetCredentialReport"],"Resource": "*"}
}
{"Version": "2012-10-17","Statement": [{"Sid": "AllowUsersToCreateEnableResyncDeleteTheirOwnVirtualMFADevice","Effect": "Allow","Action": ["iam:CreateVirtualMFADevice","iam:EnableMFADevice","iam:ResyncMFADevice","iam:DeleteVirtualMFADevice"],"Resource": ["arn:aws:iam::account-id-without-hyphens:mfa/${aws:username}","arn:aws:iam::account-id-without-hyphens:user/${aws:username}"]},{"Sid": "AllowUsersToDeactivateTheirOwnVirtualMFADevice","Effect": "Allow","Action": ["iam:DeactivateMFADevice"],"Resource": ["arn:aws:iam::account-id-without-hyphens:mfa/${aws:username}","arn:aws:iam::account-id-without-hyphens:user/${aws:username}"],"Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}}},{"Sid": "AllowUsersToListMFADevicesandUsersForConsole","Effect": "Allow","Action": ["iam:ListMFADevices","iam:ListVirtualMFADevices","iam:ListUsers"],"Resource": "*"}]
}
{"Version": "2012-10-17","Statement": {"Effect": "Allow","Action": "s3:ListBucket","Resource": "arn:aws:s3:::example_bucket"}
}
{"Version": "2012-10-17","Id": "S3-Account-Permissions","Statement": [{"Sid": "1","Effect": "Allow","Principal": {"AWS": ["arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:root"]},"Action": "s3:*","Resource": ["arn:aws:s3:::mybucket","arn:aws:s3:::mybucket/*"]}]
}
{"Version": "2012-10-17","Statement": {"Effect": "Allow","Action": ["iam:CreatePolicy","iam:CreatePolicyVersion","iam:DeletePolicy","iam:DeletePolicyVersion","iam:GetPolicy","iam:GetPolicyVersion","iam:ListPolicies","iam:ListPolicyVersions","iam:SetDefaultPolicyVersion"],"Resource": "*"}
}
{"Version": "2012-10-17","Statement": {"Effect": "Allow","Action": ["iam:DeletePolicyVersion","iam:SetDefaultPolicyVersion"],"Resource": "arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:policy/TEAM-A/*"}
}
{"Version": "2012-10-17","Statement": {"Effect": "Allow","Action": ["iam:AttachGroupPolicy","iam:AttachRolePolicy"],"Resource": ["arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:group/TEAM-A/*","arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:role/TEAM-A/*"]}
}
{"Version": "2012-10-17","Statement": [{"Sid": "FullAccess","Effect": "Allow","Action": ["s3:*"],"Resource": ["*"]},{"Sid": "DenyCustomerBucket","Action": ["s3:*"],"Effect": "Deny","Resource": ["arn:aws:s3:::customer", "arn:aws:s3:::customer/*" ]}]
}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["dynamodb:DeleteItem","dynamodb:GetItem","dynamodb:PutItem","dynamodb:Query","dynamodb:UpdateItem"],"Resource": ["arn:aws:dynamodb:us-west-1:123456789012:table/myDynamoTable"],"Condition": {"ForAllValues:StringEquals": {"dynamodb:LeadingKeys": ["${cognito-identity.amazonaws.com:sub}"]}}}]
}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["s3:PutObject", "s3:PutObjectAcl"],"Resource": ["arn:aws:s3:::Apple_bucket/*"],"Condition": {"StringEquals": {"s3:x-amz-acl": ["public-read"]}}}, {"Effect": "Allow","Action": ["s3:PutObject", "s3:PutObjectAcl"],"Resource": ["arn:aws:s3:::Orange_bucket/*"],"Condition": {"StringEquals": {"s3:prefix": ["custom", "other"]}}}]
}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "s3:ListAllMyBuckets","Resource": "arn:aws:s3:::*"},{"Effect": "Allow","Action": ["s3:ListBucket","s3:GetBucketLocation"],"Resource": "arn:aws:s3:::EXAMPLE-BUCKET-NAME"},{"Effect": "Allow","Action": ["s3:PutObject","s3:GetObject","s3:DeleteObject"],"Resource": "arn:aws:s3:::EXAMPLE-BUCKET-NAME/*"}]
}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["s3:ListAllMyBuckets","s3:GetBucketLocation"],"Resource": "arn:aws:s3:::*"},{"Effect": "Allow","Action": "s3:ListBucket","Resource": "arn:aws:s3:::BUCKET-NAME","Condition": {"StringLike": {"s3:prefix": ["","home/","home/${aws:username}/*"]}}},{"Effect": "Allow","Action": "s3:*","Resource": ["arn:aws:s3:::BUCKET-NAME/home/${aws:username}","arn:aws:s3:::BUCKET-NAME/home/${aws:username}/*"]}]
}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["s3:ListBucket"],"Resource": ["arn:aws:s3:::EXAMPLE-BUCKET-NAME"],"Condition": {"StringLike": {"s3:prefix": ["cognito/mynumbersgame/"]}}},{"Effect": "Allow","Action": ["s3:GetObject","s3:PutObject","s3:DeleteObject"],"Resource": ["arn:aws:s3:::EXAMPLE-BUCKET-NAME/cognito/mynumbersgame/${cognito-identity.amazonaws.com:sub}","arn:aws:s3:::EXAMPLE-BUCKET-NAME/cognito/mynumbersgame/${cognito-identity.amazonaws.com:sub}/*"]}]
}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "dynamodb:*","Resource": "arn:aws:dynamodb:AWS-REGION-IDENTIFIER:ACCOUNT-ID-WITHOUT-HYPHENS:table/${aws:username}"}]
}
{"Version": "2012-10-17","Statement": {"Effect": "Deny","Action": "*","Resource": "*","Condition": {"NotIpAddress": {"aws:SourceIp": ["192.0.2.0/24","203.0.113.0/24"]}}}
}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["s3:ListBucket"],"Resource": ["arn:aws:s3:::test"]},{"Effect": "Allow","Action": ["s3:PutObject","s3:GetObject","s3:DeleteObject"],"Resource": ["arn:aws:s3:::test/*"]}]
}
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["s3:GetBucketLocation","s3:ListAllMyBuckets"],"Resource": "arn:aws:s3:::*"},{"Effect": "Allow","Action": ["s3:ListBucket"],"Resource": ["arn:aws:s3:::test"]},{"Effect": "Allow","Action": ["s3:PutObject","s3:GetObject","s3:DeleteObject"],"Resource": ["arn:aws:s3:::test/*"]}]
}
版权声明:本站所有资料均为网友推荐收集整理而来,仅供学习和研究交流使用。
工作时间:8:00-18:00
客服电话
电子邮件
admin@qq.com
扫码二维码
获取最新动态