翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
# AWS Artifact での の IAM ポリシーの例 AWS GovCloud (US) Regions
これらのポリシーは にのみ適用されます AWS GovCloud (US) Regions。commercial AWS [Regions](https://docs.aws.amazon.com/glossary/latest/reference/glos-chap.html?icmpid=docs_homepage_addtlrcs#region) に適用されるポリシーについては、[「商用 AWS リージョン AWS Artifact での の IAM ポリシーの例](https://docs.aws.amazon.com/artifact/latest/ug/example-iam-policies.html)」を参照してください。
IAM ユーザーにアクセス許可を付与するアクセス許可ポリシーを作成できます。 AWS Artifact レポートへのアクセス権をユーザーに付与し、単一のアカウントまたは組織に代わって契約を受諾およびダウンロードすることができます。
次のサンプルポリシーは、必要なアクセスレベルに基づいて IAM ユーザーに割り当てることができるアクセス許可を示します。
+ [AWS レポートを管理するポリシーの例](#example-policy-manage-reports-govcloud)
+ [契約を管理するポリシーの例](#example-policy-manage-agreements-govcloud)
+ [と統合するポリシーの例 AWS Organizations](#example-policy-integrate-with-organizations-govcloud)
+ [管理アカウントの契約を管理するポリシーの例](#example-policy-agreements-master-govcloud)
+ [組織的な契約を管理するポリシーの例](#example-policy-organizational-agreements-govcloud)
**Example レポートを管理するポリシーの例**
次のポリシーは、すべてのレポートをダウンロードするアクセス許可を付与します。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"artifact:ListReports",
"artifact:GetReportMetadata",
"artifact:GetReport",
"artifact:GetTermForReport",
"artifact:ListReportVersions"
],
"Resource": "*"
}
]
}
```
次のポリシーは、SOC、PCI、および ISO レポートのみをダウンロードするアクセス許可を付与します。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"artifact:ListReports"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"artifact:GetReportMetadata",
"artifact:GetReport",
"artifact:GetTermForReport",
"artifact:ListReportVersions"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"artifact:ReportSeries": [
"SOC",
"PCI",
"ISO"
],
"artifact:ReportCategory": [
"Certifications and Attestations"
]
}
}
}
]
}
```
**Example 契約を管理するポリシーの例**
次のポリシーは、すべての契約をダウンロードするアクセス許可を付与します。IAM ユーザーが契約を受諾するには、このアクセス許可も必要です。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"artifact:ListAgreements",
"artifact:ListCustomerAgreements"
],
"Resource": [
"*"
]
},
{
"Sid": "AWSAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:GetAgreement",
"artifact:AcceptNdaForAgreement",
"artifact:GetNdaForAgreement"
],
"Resource": "arn:aws-us-gov:artifact:::agreement/*"
},
{
"Sid": "CustomerAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:GetCustomerAgreement"
],
"Resource": "arn:aws-us-gov:artifact::*:customer-agreement/*"
}
]
}
```
次のポリシーは、すべての契約を受諾するアクセス許可を付与します。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"artifact:ListAgreements"
],
"Resource": [
"*"
]
},
{
"Sid": "AWSAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:GetAgreement",
"artifact:AcceptNdaForAgreement",
"artifact:GetNdaForAgreement",
"artifact:AcceptAgreement"
],
"Resource": "arn:aws-us-gov:artifact:::agreement/*"
}
]
}
```
次のポリシーは、すべての契約を終了するアクセス許可を付与します。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ListAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:ListAgreements",
"artifact:ListCustomerAgreements"
],
"Resource": "*"
},
{
"Sid": "CustomerAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:GetCustomerAgreement",
"artifact:TerminateAgreement"
],
"Resource": "arn:aws-us-gov:artifact::*:customer-agreement/*"
}
]
}
```
次のポリシーは、アカウントレベルアグリーメントを表示および実行するアクセス許可を付与します。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ListAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:ListAgreements",
"artifact:ListCustomerAgreements"
],
"Resource": "*"
},
{
"Sid": "AWSAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:GetAgreement",
"artifact:AcceptNdaForAgreement",
"artifact:GetNdaForAgreement",
"artifact:AcceptAgreement"
],
"Resource": "arn:aws-us-gov:artifact:::agreement/*"
},
{
"Sid": "CustomerAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:GetCustomerAgreement",
"artifact:TerminateAgreement"
],
"Resource": "arn:aws-us-gov:artifact::*:customer-agreement/*"
}
]
}
```
**Example と統合するポリシーの例 AWS Organizations**
次のポリシーは、 AWS Artifact が統合に使用する IAM ロールを作成するアクセス許可を付与します AWS Organizations。組織的な契約を開始するには、組織の管理アカウントにこれらのアクセス許可が必要です。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "CreateServiceLinkedRoleForOrganizationsIntegration",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole",
"iam:GetRole"
],
"Resource": "arn:aws-us-gov:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"artifact.amazonaws.com"
]
}
}
}
]
}
```
次のポリシーは、 を使用するアクセス許可を付与するアクセス許可を付与 AWS Artifact します AWS Organizations。組織的な契約を開始するには、組織の管理アカウントにこれらのアクセス許可が必要です。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"organizations:DescribeOrganization",
"organizations:ListAWSServiceAccessForOrganization"
],
"Resource": "*"
},
{
"Sid": "EnableServiceTrustForArtifact",
"Effect": "Allow",
"Action": [
"organizations:EnableAWSServiceAccess"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"organizations:ServicePrincipal": [
"aws-artifact-account-sync.amazonaws.com"
]
}
}
}
]
}
```
**Example 管理アカウントの契約を管理するポリシーの例**
次のポリシーは、管理アカウントの契約を管理するアクセス許可を付与します。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ListAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:ListAgreements",
"artifact:ListCustomerAgreements"
],
"Resource": "*"
},
{
"Sid": "AWSAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:GetAgreement",
"artifact:AcceptNdaForAgreement",
"artifact:GetNdaForAgreement",
"artifact:AcceptAgreement"
],
"Resource": "arn:aws-us-gov:artifact:::agreement/*"
},
{
"Sid": "CustomerAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:GetCustomerAgreement",
"artifact:TerminateAgreement"
],
"Resource": "arn:aws-us-gov:artifact::*:customer-agreement/*"
},
{
"Sid": "CreateServiceLinkedRoleForOrganizationsIntegration",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole",
"iam:GetRole"
],
"Resource": "arn:aws-us-gov:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"artifact.amazonaws.com"
]
}
}
},
{
"Sid": "EnableServiceTrust",
"Effect": "Allow",
"Action": [
"organizations:ListAWSServiceAccessForOrganization",
"organizations:DescribeOrganization"
],
"Resource": "*"
},
{
"Sid": "EnableServiceTrustForArtifact",
"Effect": "Allow",
"Action": [
"organizations:EnableAWSServiceAccess"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"organizations:ServicePrincipal": [
"aws-artifact-account-sync.amazonaws.com"
]
}
}
}
]
}
```
**Example 組織的な契約を管理するポリシーの例**
次のポリシーは、組織的な契約を管理するアクセス許可を付与します。必要な権限を持つ別のユーザーが組織的な契約を設定する必要があります。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ListAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:ListAgreements",
"artifact:ListCustomerAgreements"
],
"Resource": "*"
},
{
"Sid": "AWSAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:GetAgreement",
"artifact:AcceptNdaForAgreement",
"artifact:GetNdaForAgreement",
"artifact:AcceptAgreement"
],
"Resource": "arn:aws-us-gov:artifact:::agreement/*"
},
{
"Sid": "CustomerAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:GetCustomerAgreement",
"artifact:TerminateAgreement"
],
"Resource": "arn:aws-us-gov:artifact::*:customer-agreement/*"
},
{
"Effect": "Allow",
"Action": [
"organizations:DescribeOrganization"
],
"Resource": "*"
}
]
}
```
次のポリシーは、組織的な契約を表示するアクセス許可を付与します。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ListAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:ListAgreements",
"artifact:ListCustomerAgreements"
],
"Resource": "*"
},
{
"Sid": "AWSAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:GetAgreement",
"artifact:AcceptNdaForAgreement",
"artifact:GetNdaForAgreement"
],
"Resource": "arn:aws-us-gov:artifact:::agreement/*"
},
{
"Sid": "CustomerAgreementActions",
"Effect": "Allow",
"Action": [
"artifact:GetCustomerAgreement"
],
"Resource": "arn:aws-us-gov:artifact::*:customer-agreement/*"
},
{
"Effect": "Allow",
"Action": [
"organizations:DescribeOrganization"
],
"Resource": "*"
}
]
}
```