# ポリシーの例 このセクションのポリシーの例には、IPAM をフルに使用するための関連する AWS Identity and Access Management (IAM) アクションがすべて含まれています。IPAM の使用方法によっては、すべての IAM アクションを含める必要はない場合があります。IPAM コンソールを十分に活用するには、AWS Organizations、AWS Resource Access Manager (AWS RAM)、Amazon CloudWatch などのサービスに追加の IAM アクションを含める必要がある場合があります。 ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AssociateIpamByoasn", "ec2:DeprovisionIpamByoasn", "ec2:DescribeIpamByoasn", "ec2:DisassociateIpamByoasn", "ec2:ProvisionIpamByoasn", "ec2:CreateIpam", "ec2:DescribeIpams", "ec2:ModifyIpam", "ec2:DeleteIpam", "ec2:CreateIpamScope", "ec2:DescribeIpamScopes", "ec2:ModifyIpamScope", "ec2:DeleteIpamScope", "ec2:CreateIpamPool", "ec2:DescribeIpamPools", "ec2:ModifyIpamPool", "ec2:DeleteIpamPool", "ec2:ProvisionIpamPoolCidr", "ec2:GetIpamPoolCidrs", "ec2:DeprovisionIpamPoolCidr", "ec2:AllocateIpamPoolCidr", "ec2:GetIpamPoolAllocations", "ec2:ReleaseIpamPoolAllocation", "ec2:CreateIpamResourceDiscovery", "ec2:DescribeIpamResourceDiscoveries", "ec2:ModifyIpamResourceDiscovery", "ec2:DeleteIpamResourceDiscovery", "ec2:AssociateIpamResourceDiscovery", "ec2:DescribeIpamResourceDiscoveryAssociations", "ec2:DisassociateIpamResourceDiscovery", "ec2:GetIpamResourceCidrs", "ec2:ModifyIpamResourceCidr", "ec2:GetIpamAddressHistory", "ec2:GetIpamDiscoveredResourceCidrs", "ec2:GetIpamDiscoveredAccounts", "ec2:GetIpamDiscoveredPublicAddresses" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/ipam.amazonaws.com/AWSServiceRoleForIPAM", "Condition": { "StringLike": { "iam:AWSServiceName": "ipam.amazonaws.com" } } } ] } ``` ------