本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。 # 使用自定义 IAM 策略管理对 Amazon Connect 控制台的访问权限所需的权限如果您使用自定义 [IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) 策略来管理对 Amazon Connect 控制台的访问权限，则您的用户需要本文中列出的部分或全部权限，具体取决于他们需要执行的任务。 **注意** 在自定义 IAM 策略中使用 `connect:*` 可以向您的用户授予本文中列出的所有 Amazon Connect 权限。 **注意** Amazon Connect 控制台上的某些页面（例如[任务](#tasks-page)和[客户资料](#customer-profiles-page)）要求您为内联策略添加权限。 **Topics** + [AmazonConnect\_ FullAccess 政策](#amazonconnectfullaccesspolicy) + [AmazonConnectReadOnlyAccess 政策](#amazonconnectreadonlyaccesspolicy) + [主页](#console-home-page-permissions) + [详细信息页面](#detail-pages) + [“概述”页面](#overview-page) + [“电话”页面](#telephony-page) + [“数据存储”页面](#data-storage-page) + [“数据流式处理”页面](#data-streaming-page) + [“流”页面](#contact-flows-page) + [Contact Lens 连接器页面](#contactlensconnectors-page) + [语音转接集成页面](#voice-transfer-integrations-page) + [“应用程序集成”页面](#application-integration-page) + [“客户资料”页面](#customer-profiles-page) + [“任务”页面](#tasks-page) + [电子邮件页面](#email-page) + [“案例”页面](#cases-page) + [客户身份验证页面](#customer-authentication-page) + [出站活动页面](#outbound-campaigns-page) + [Connect 人工智能代理页面](#wisdom-page) + [“Voice ID”页面](#voiceid-page) + [“预测、容量规划和调度”页面](#forecasting-page) + [联合身份验证](#federations) ## AWS 托管策略: AmazonConnect\_ FullAccess 策略要允许完全 read/write 访问 Amazon Connect，您必须为用户、群组或角色附加两项策略。附加 `AmazonConnect_FullAccess` 策略和包含以下内容的自定义策略： ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "AttachAnyPolicyToAmazonConnectRole", "Effect": "Allow", "Action": "iam:PutRolePolicy", "Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*" } ] } ``` ------ 要允许用户创建实例，请确保他们具有 `AmazonConnect_FullAccess` 策略授予的权限。当您使用 `AmazonConnect_FullAccess` 策略时，请注意以下几点： + 要使用您选择的名称创建 Amazon S3 存储桶，或者在 Connect Customer 管理网站上创建或更新实例时使用现有存储桶，则需要额外的权限。如果您为通话录音、聊天转录、电子邮件内容、附件、通话转录和其它数据选择默认存储位置，则系统会在这些对象前加上 `"amazon-connect-"`。 + `aws/connect` KMS 密钥可用作默认加密选项。要使用自定义加密密钥，请为用户分配其他 KMS 权限。 + 为用户分配额外权限，以便将 Amazon Polly、直播媒体流、数据流和 Lex 机器人等其他 AWS 资源附加到他们的 Amazon Connect 实例。 ## AWS 托管策略: AmazonConnectReadOnlyAccess 策略要允许只读访问，您只需附加 `AmazonConnectReadOnlyAccess` 策略。 ## Amazon Connect 控制台主页下图显示了一个 Amazon Connect 控制台主页示例，其中一个箭头指向实例别名。选择实例别名可导航到详细的实例页面。 ![Amazon Connect 虚拟联系中心实例页面，实例别名。](http://docs.aws.amazon.com/zh_cn/connect/latest/adminguide/images/instance.png) 使用下表中列出的权限来管理对此页面的访问。 | 操作/使用案例 | 所需权限 | | --- | --- | | 列出实例 | `connect:ListInstances`
`ds:DescribeDirectories` | | 描述实例：查看实例/当前设置的详细信息 | `connect:DescribeInstance`
`connect:ListLambdaFunctions`
`connect:ListLexBots`
`connect:ListInstanceStorageConfigs`
`connect:ListApprovedOrigins`
`connect:ListSecurityKeys`
`connect:DescribeInstanceAttributes`
`connect:DescribeInstanceStorageConfig`
`ds:DescribeDirectories` | | 创建实例 | `connect:AssociateCustomerProfilesDomain`
`connect:CreateInstance`
`connect:DescribeInstance`
`connect:ListInstances`
`connect:AssociateInstanceStorageConfig`
`connect:UpdateInstanceAttribute`
`ds:CheckAlias`
`ds:CreateAlias`
`ds:AuthorizeApplication`
`ds:UnauthorizeApplication`
`ds:CreateIdentityPoolDirectory`
`ds:DescribeDirectories`
`iam:CreateServiceLinkedRole`
`iam:PutRolePolicy`
`kms:CreateGrant`
`kms:DescribeKey`
`kms:ListAliases`
`kms:RetireGrant`
`logs:CreateLogGroup`
`s3:CreateBucket`
`s3:GetBucketLocation`
`s3:ListAllMyBuckets`
`servicequotas:GetServiceQuota`
`profile:CreateDomain`
`profile:GetDomain`
`profile:GetProfileObjectType`
`profile:ListAccountIntegrations`
`profile:ListDomains`
`profile:ListProfileObjectTypeTemplates`
`profile:PutIntegration` | | 删除实例 | `connect:DescribeInstance`
`connect:DeleteInstance`
`connect:ListInstances`
`ds:DescribeDirectories`
`ds:DeleteDirectory`
`ds:UnauthorizeApplication` | ## 详细的实例页面下图显示了您用于访问每个详细实例页面的导航菜单。 ![Amazon Connect 实例页面上的导航菜单。](http://docs.aws.amazon.com/zh_cn/connect/latest/adminguide/images/iam-custom-permissions-admin-console-telephony-page.png) 要访问详细的实例页面，您需要访问 Amazon Connect 控制台主页的权限（描述/列出）。或者，使用 `AmazonConnectReadOnlyAccess` 策略。下表列出了每个详细实例页面的精细权限。 **注意** 要执行 `Edit` 操作，用户还需要 `List` 和 `Describe` 权限。 ## “概述”页面 | 操作/用例 | 所需权限 | | --- | --- | | 创建服务相关角色 | `connect:DescribeInstance`
`connect:ListInstances`
`connect:DescribeInstanceAttribute`
`connect:UpdateInstanceAttribute`
`connect:ListIntegrationAssociations`
`profile:ListAccountIntegrations`
`ds:DescribeDirectories`
`iam:CreateServiceLinkedRole`
`iam:PutRolePolicy` | ## “电话”页面 | 操作/用例 | 所需权限 | | --- | --- | | 查看电话选项 | `connect:DescribeInstance` | | 启用/禁用电话选项 | `connect:UpdateInstanceAttribute` | | 查看出站活动 | `connect-campaigns:GetConnectInstanceConfig`
`connect-campaigns:GetInstanceOnboardingJobStatus`
`connect:DescribeInstance`
`connect:DescribeInstanceAttribute`
`kms:DescribeKey` | | 启用/禁用出站活动 | `connect-campaigns:GetConnectInstanceConfig`
`connect-campaigns:GetInstanceOnboardingJobStatus`
`connect-campaigns:StartInstanceOnboardingJob`
`connect-campaigns:DeleteInstanceOnboardingJob`
`connect-campaigns:DeleteConnectInstanceConfig`
`connect:DescribeInstance`
`connect:DescribeInstanceAttribute`
`connect:UpdateInstanceAttribute`
`iam:CreateServiceLinkedRole`
`iam:DeleteServiceLinkedRole`
`iam:AttachRolePolicy`
`iam:PutRolePolicy`
`iam:DeleteRolePolicy`
`events:PutRule`
`events:PutTargets`
`events:DeleteRule`
`events:RemoveTargets`
`events:DescribeRule`
`events:ListTargetsByRule`
`ds:DescribeDirectories`
`kms:DescribeKey`
`kms:ListKeys`
`kms:CreateGrant`
`kms:RetireGrant` | ## “数据存储”页面 ### “通话录音”部分 | 操作/用例 | 所需权限 | | --- | --- | | 查看通话录音 | `connect:DescribeInstance`
`connect:ListInstanceStorageConfigs`
`connect:DescribeInstanceStorageConfig` | | 编辑通话录音 | `connect:AssociateInstanceStorageConfig`
`connect:UpdateInstanceStorageConfig`
`connect:DisassociateInstanceStorageConfig`
`s3:ListAllMyBuckets`
`s3:GetBucketLocation`
`s3:GetBucketAcl`
`s3:CreateBucket`
`kms:CreateGrant`
`kms:DescribeKey`
`kms:ListAliases`
`kms:RetireGrant`
`iam:PutRolePolicy` | ### “屏幕录制”部分 | 操作/用例 | 所需权限 | | --- | --- | | 查看屏幕录制 | `connect:DescribeInstance`
`connect:ListInstanceStorageConfigs`
`connect:DescribeInstanceStorageConfig` | | 编辑屏幕录制 | `connect:AssociateInstanceStorageConfig`
`connect:UpdateInstanceStorageConfig`
`connect:DisassociateInstanceStorageConfig`
`s3:ListAllMyBuckets`
`s3:GetBucketLocation`
`s3:GetBucketAcl`
`s3:CreateBucket`
`iam:PutRolePolicy`
`kms:CreateGrant`
`kms:DescribeKey`
`kms:ListAliases`
`kms:RetireGrant` | ### “聊天转录”部分 | 操作/用例 | 所需权限 | | --- | --- | | 查看聊天转录 | `connect:DescribeInstance`
`connect:DescribeInstanceStorageConfig`
`connect:ListInstanceStorageConfigs` | | 编辑聊天转录 | `connect:AssociateInstanceStorageConfig`
`connect:UpdateInstanceStorageConfig`
`connect:DisassociateInstanceStorageConfig`
`s3:ListAllMyBuckets`
`s3:GetBucketLocation`
`s3:GetBucketAcl`
`s3:CreateBucket`
`kms:CreateGrant`
`kms:DescribeKey`
`kms:ListAliases`
`kms:RetireGrant`
`iam:PutRolePolicy` | ### “附件”部分 | 操作/用例 | 所需权限 | | --- | --- | | 查看附件 | `connect:DescribeInstance`
`connect:DescribeInstanceStorageConfig`
`connect:ListInstanceStorageConfigs` | | 编辑附件 | `connect:AssociateInstanceStorageConfig`
`connect:UpdateInstanceStorageConfig`
`connect:DisassociateInstanceStorageConfig`
`s3:ListAllMyBuckets`
`s3:GetBucketLocation`
`s3:CreateBucket`
`s3:GetBucketAcl`
`kms:CreateGrant`
`kms:DescribeKey`
`kms:ListAliases`
`kms:RetireGrant`
`iam:PutRolePolicy` | ### “实时媒体流式传输”部分 | 操作/用例 | 所需权限 | | --- | --- | | 查看实时媒体流式传输 | `connect:DescribeInstance`
`connect:ListInstanceStorageConfigs`
`connect:DescribeInstanceStorageConfig` | | 编辑实时媒体流式传输 | `connect:AssociateInstanceStorageConfig`
`connect:UpdateInstanceStorageConfig`
`connect:DisassociateInstanceStorageConfig`
`kms:CreateGrant`
`kms:DescribeKey`
`kms:RetireGrant`
`iam:PutRolePolicy` | ### “导出的报告”部分 | 操作/用例 | 所需权限 | | --- | --- | | 查看导出的报告 | `connect:DescribeInstance`
`connect:ListInstanceStorageConfigs`
`connect:DescribeInstanceStorageConfig` | | 编辑导出的报告 | `connect:AssociateInstanceStorageConfig`
`connect:UpdateInstanceStorageConfig`
`connect: DisassociateInstanceStorageConfig`
`s3:ListAllMyBuckets`
`s3:GetBucketLocation`
`s3:CreateBucket`
`kms:DescribeKey`
`kms:ListAliases`
`kms:RetireGrant`
`kms:CreateGrant`
`iam:PutRolePolicy` | ## “数据流式处理”页面 ### “联系记录”部分 | 操作/用例 | 所需权限 | | --- | --- | | 查看数据流式处理 – 联系记录 | `connect:DescribeInstance`
`connect:ListInstanceStorageConfigs`
`connect:DescribeInstanceStorageConfig` | | 编辑联系记录 | `connect:AssociateInstanceStorageConfig`
`connect:UpdateInstanceStorageConfig`
`connect:DisassociateInstanceStorageConfig`
`firehose:ListDeliveryStreams`
`firehose:DescribeDeliveryStream`
`kinesis:ListStreams`
`kinesis:DescribeStream`
`iam:PutRolePolicy` | ### “座席事件”部分 | 操作/用例 | 所需权限 | | --- | --- | | 查看数据流式处理 – 座席事件 | `connect:DescribeInstance`
`connect:ListInstanceStorageConfigs`
`connect:DescribeInstanceStorageConfig` | | 编辑座席事件 | `connect:AssociateInstanceStorageConfig`
`connect:UpdateInstanceStorageConfig`
`connect:DisassociateInstanceStorageConfig`
`kinesis:ListStreams`
`kinesis: DescribeStream`
`iam:PutRolePolicy` | ## “流”页面 ### “流安全密钥”部分 | 操作/用例 | 所需权限 | | --- | --- | | 查看流安全密钥 | `connect:DescribeInstance`
`connect:ListSecurityKeys` | | 添加/删除流安全密钥 | `connect:AssociateSecurityKey`
`connect:DisassociateSecurityKey` | ### “Lex 自动程序”部分 | 操作/用例 | 所需权限 | | --- | --- | | 查看 Lex 自动程序 | `connect:ListLexBots`
`connect:ListBots` | | 添加/删除 Lex 自动程序 | `lex:GetBots`
`lex:GetBot`
`lex:CreateResourcePolicy`
`lex:DeleteResourcePolicy`
`lex:UpdateResourcePolicy`
`lex:DescribeBotAlias`
`lex:ListBotAliases`
`lex:ListBots`
`connect:AssociateBot`
`connect:DisassociateBot`
`connect:ListBots`
`connect:AssociateLexBot`
`connect:DisassociateLexBot`
`connect:ListLexBots`
`iam:PutRolePolicy` | ### “Lambda 函数”部分 | 操作/用例 | 所需权限 | | --- | --- | | 查看 Lambda 函数 | `connect:ListLambdaFunctions` | | 添加/删除 Lambda 函数 | `connect:ListLambdaFunctions`
`connect:AssociateLambdaFunction`
`connect:DisassociateLambdaFunction`
`iam:PutRolePolicy`
`lambda:ListFunctions`
`lambda:AddPermission`
`lambda:RemovePermission` | ### “流日志”部分 | 操作/用例 | 所需权限 | | --- | --- | | 查看流日志配置 | `connect:DescribeInstance`
`connect:DescribeInstanceAttribute` | | 启用/禁用流日志 | `logs:CreateLogGroup` | ### “Amazon Polly”部分 | 操作/用例 | 所需权限 | | --- | --- | | 查看 Amazon Polly 选项 | `connect:DescribeInstance`
`connect:DescribeInstanceAttribute` | | 更新 Amazon Polly 选项 | `connect:UpdateInstanceAttribute` | ## Contact Lens 连接器页面 | 操作/使用案例 | 所需权限 | | --- | --- | | 查看 Contact Lens 连接器 | `connect:ListIntegrationAssociations`
`chime:GetVoiceConnector`
`chime:GetVoiceConnectorLoggingConfiguration`
`chime:GetVoiceConnectorTermination`
`chime:GetVoiceConnectorTerminationHealth`
`chime:ListVoiceConnectors`
`chime:ListVoiceConnectorTerminationCredentials`
`chime:GetVoiceConnectorExternalSystemsConfiguration` | | Add/Update/RemoveContact Lens连接器 | `chime:CreateVoiceConnector`
`chime:DeleteVoiceConnector`
`chime:DeleteVoiceConnectorTermination`
`chime:DeleteVoiceConnectorTerminationCredentials`
`chime:GetVoiceConnector`
`chime:GetVoiceConnectorLoggingConfiguration`
`chime:GetVoiceConnectorTermination`
`chime:GetVoiceConnectorTerminationHealth`
`chime:ListVoiceConnectors`
`chime:ListVoiceConnectorTerminationCredentials`
`chime:PutVoiceConnectorLoggingConfiguration`
`chime:PutVoiceConnectorTermination`
`chime:PutVoiceConnectorTerminationCredentials`
`chime:UpdateVoiceConnector`
`chime:CreateConnectAnalyticsConnector`
`chime:PutVoiceConnectorExternalSystemsConfiguration`
`chime:GetVoiceConnectorExternalSystemsConfiguration`
`chime:DeleteVoiceConnectorExternalSystemsConfiguration`
`chime:AssociateVoiceConnectorConnect`
`chime:DisassociateVoiceConnectorConnect`
`chime:TagResources`
`chime:UntagResources`
`chime:ListTagsForResource` | ## 语音转接集成页面 | 操作/使用案例 | 所需权限 | | --- | --- | | 查看外部语音转接连接器 | `connect:ListIntegrationAssociations`
`chime:GetVoiceConnector`
`chime:GetVoiceConnectorLoggingConfiguration`
`chime:GetVoiceConnectorTermination`
`chime:GetVoiceConnectorTerminationHealth`
`chime:ListVoiceConnectors`
`chime:ListVoiceConnectorTerminationCredentials`
`chime:GetVoiceConnectorExternalSystemsConfiguration`
`servicequotas:GetServiceQuota` | | Add/Update/Remove外部语音传输连接器 | `connect:CreateIntegrationAssociation`
`connect:DeleteIntegrationAssociation`
`connect:ListIntegrationAssociations`
`chime:CreateConnectCallTransferConnector`
`chime:CreateVoiceConnector`
`chime:DeleteVoiceConnector`
`chime:DeleteVoiceConnectorTermination`
`chime:DeleteVoiceConnectorTerminationCredentials`
`chime:GetVoiceConnector`
`chime:GetVoiceConnectorLoggingConfiguration`
`chime:GetVoiceConnectorOrigination`
`chime:GetVoiceConnectorTermination`
`chime:GetVoiceConnectorTerminationHealth`
`chime:ListVoiceConnectors`
`chime:ListVoiceConnectorTerminationCredentials`
`chime:PutVoiceConnectorLoggingConfiguration`
`chime:PutVoiceConnectorOrigination`
`chime:PutVoiceConnectorTermination`
`chime:PutVoiceConnectorTerminationCredentials`
`chime:UpdateVoiceConnector`
`chime:CreateConnectAnalyticsConnector`
`chime:PutVoiceConnectorExternalSystemsConfiguration`
`chime:GetVoiceConnectorExternalSystemsConfiguration`
`chime:DeleteVoiceConnectorExternalSystemsConfiguration`
`chime:AssociateVoiceConnectorConnect`
`chime:DisassociateVoiceConnectorConnect`
`chime:TagResources`
`chime:UntagResources`
`chime:ListTagsForResource`
`servicequotas:GetServiceQuota` | ## “应用程序集成”页面 | 操作/用例 | 所需权限 | | --- | --- | | 查看批准的源 | `connect:DescribeInstance`
`connect:ListApprovedOrigins` | | 编辑批准的源 | `connect: AssociateApprovedOrigin`
`connect:ListApprovedOrigins`
`connect:DisassociateApprovedOrigin` | ## “客户资料”页面 | 操作/用例 | 所需权限 | | --- | --- | | 查看客户资料 | `app-integrations:ListEventIntegrations`
`appflow:DescribeConnectorEntity`
`appflow:DescribeConnectorProfiles`
`appflow:DescribeFlow`
`appflow:ListFlows`
`appflow:ListConnectorEntities`
`appflow:ListConnectorProfiles`
`cloudwatch:GetMetricData`
`connect:DescribeInstance`
`connect:ListInstances`
`ds:DescribeDirectories`
`iam:ListRoles`
`kinesis:DescribeStreamSummary`
`kms:Decrypt`
`kms:DescribeKey`
`kms:GenerateDataKey`
`kms:ListKeys`
`profile:GetCalculatedAttributeDefinition`
`profile:GetDomain`
`profile:GetEventStream`
`profile:GetIdentityResolutionJob`
`profile:GetIntegration`
`profile:GetProfileObjectType`
`profile:GetProfileObjectTypeTemplate`
`profile:GetWorkflow`
`profile:ListAccountIntegrations`
`profile:ListCalculatedAttributeDefinitions`
`profile:ListDomains`
`profile:ListDomainLayouts`
`profile:ListEventStreams`
`profile:ListIdentityResolutionJobs`
`profile:ListIntegrations`
`profile:ListProfileObjectTypes`
`profile:ListProfileObjectTypeTemplates`
`profile:ListRecommenders`
`profile:ListSegmentDefinitions`
`sqs:ListQueues` | | 编辑客户资料 | `app-integrations:CreateEventIntegration`
`app-integrations:ListEventIntegrations`
`appflow:CreateFlow`
`appflow:CreateConnectorProfile`
`appflow:DescribeFlow`
`appflow:DeleteFlow`
`appflow:DescribeConnectorEntity`
`appflow:DescribeConnectorProfiles`
`appflow:ListFlows`
`appflow:ListConnectorEntities`
`appflow:ListConnectorProfiles`
`appflow:StartFlow`
`cloudwatch:GetMetricData`
`connect:DescribeInstance`
`connect:ListInstances`
`ds:DescribeDirectories`
`events:CreateEventBus`
`events:DescribeEventBus`
`events:DescribeEventSource`
`events:ListEventSources`
`iam:CreateRole`
`iam:CreatePolicy`
`iam:AttachRolePolicy`
`iam:ListRoles`
`iam:PutRolePolicy`
`kinesis:DescribeStreamSummary`
`kinesis:ListStreams`
`kms:CreateGrant`
`kms:Decrypt`
`kms:DescribeKey`
`kms:GenerateDataKey`
`kms:ListAliases`
`kms:ListKeys`
`kms:ListGrants`
`profile:CreateCalculatedAttributeDefinition`
`profile:CreateDomain`
`profile:CreateDomainLayout`
`profile:CreateEventStream`
`profile:CreateIntegrationWorkflow`
`profile:CreateSegmentDefinition`
`profile:DeleteEventStream`
`profile:DeleteIntegration`
`profile:DeleteDomain`
`profile:DeleteProfileObjectType`
`profile:DetectProfileObjectType`
`profile:GetCalculatedAttributeDefinition`
`profile:GetDomain`
`profile:GetEventStream`
`profile:GetIdentityResolutionJob`
`profile:GetIntegration`
`profile:GetProfileObjectType`
`profile:GetProfileObjectTypeTemplate`
`profile:GetWorkflow`
`profile:ListAccountIntegrations`
`profile:ListCalculatedAttributeDefinitions`
`profile:ListDomains`
`profile:ListDomainLayouts`
`profile:ListEventStreams`
`profile:ListIdentityResolutionJobs`
`profile:ListIntegrations`
`profile:ListProfileObjectTypes`
`profile:ListProfileObjectTypeTemplates`
`profile:ListSegmentDefinitions`
`profile:PutIntegration`
`profile:PutProfileObjectType`
`profile:TagResource`
`profile:UntagResource`
`profile:UpdateDomain`
`s3:GetBucketLocation`
`s3:GetBucketPolicy`
`s3:GetObject`
`s3:HeadBucket`
`s3:ListAllMyBuckets`
`s3:ListBucket`
`s3:ListObjectsV2`
`s3:PutBucketPolicy`
`s3:SelectObjectContent`
`sqs:ListQueues` | ## “任务”页面 | 操作/用例 | 所需权限 | | --- | --- | | 查看任务集成 | `app-integrations:GetEventIntegration`
`connect:ListIntegrationAssociations` | | 编辑任务集成 | `app-integrations:CreateEventIntegration`
`app-integrations:GetEventIntegration`
`app-integrations:ListEventIntegrations`
`app-integrations:DeleteEventIntegrationAssociation`
`app-integrations:CreateEventIntegrationAssociation`
`appflow:CreateFlow`
`appflow:CreateConnectorProfile`
`appflow:DescribeFlow`
`appflow:DeleteFlow`
`appflow:DeleteConnectorProfile`
`appflow:DescribeConnectorEntity`
`appflow:ListFlows`
`appflow:ListConnectorEntities`
`appflow:StartFlow`
`connect:ListIntegrationAssociations`
`connect:DeleteIntegrationAssociation`
`connect:ListUseCases`
`connect:DeleteUseCase`
`events:ActivateEventSource`
`events:CreateEventBus`
`events:DescribeEventBus`
`events:DescribeEventSource`
`events:ListEventSources`
`events:ListTargetsByRule`
`events:PutRule`
`events:PutTargets`
`events:DeleteRule`
`events:RemoveTargets`
`kms:CreateGrant`
`kms:DescribeKey`
`kms:ListAliases`
`kms:ListKeys`
`kms:ListGrants` | ## 电子邮件页面 | 操作/使用案例 | 所需权限 | | --- | --- | | 查看电子邮件域和地址 | `ses:GetIdentityVerificationAttributes`
`ses:DescribeReceiptRule`
`ses:DescribeActiveReceiptRuleSet`
`ses:GetEmailIdentity`
`ses:DescribeReceiptRuleSet`
`ses:GetConfigurationSetEventDestinations`
`ses:GetConfigurationSet` | | 编辑电子邮件域和地址 | `ses:CreateReceiptRule`
`ses:UpdateReceiptRule`
`ses:SetActiveReceiptRuleSet`
`ses:CreateReceiptRuleSet`
`ses:CreateEmailIdentity`
`ses:TagResource`
`ses:UntagResource`
`ses:DeleteReceiptRule`
`ses:DeleteReceiptRuleSet`
`ses:CloneReceiptRuleSet`
`ses:CreateConfigurationSet`
`ses:CreateConfigurationSetEventDestination`
`ses:PutEmailIdentityConfigurationSetAttributes`
`ses:CreateEmailIdentityPolicy`
`ses:UpdateEmailIdentityPolicy`
`ses:DeleteEmailIdentityPolicy`
`iam:CreateServiceLinkedRole`
`iam:PassRole`
`iam:CreateRole`
`iam:CreatePolicy` | ## “案例”页面 | 操作/用例 | 所需权限 | | --- | --- | | 查看案例域详细信息 | `connect:ListInstances`
`ds:DescribeDirectories`
`connect:ListIntegrationAssociations`
`cases:GetDomain` | | 加入 Cases | `connect:ListInstances`
`connect:ListIntegrationAssociations`
`cases:GetDomain`
`cases:CreateDomain`
`connect:CreateIntegrationAssociation`
`connect:DescribeInstance`
`iam:PutRolePolicy` | ## 客户身份验证页面 | 操作/使用案例 | 所需权限 | | --- | --- | | 查看客户身份验证 | `connect:ListIntegrationAssociations`
`cognito-idp:ListUserPools`
`cognito-idp:DescribeUserPool` | | 加入客户身份验证 | `connect:CreateIntegrationAssociation`
`connect:DeleteIntegrationAssociation`
`connect:ListIntegrationAssociations`
`cognito-idp:ListUserPools`
`cognito-idp:DescribeUserPool`
`cognito-idp:ListUserPoolClients`
`cognito-idp:TagResource`
`cognito-idp:CreateUserPool` | ## 出站活动页面 | 操作/使用案例 | 所需权限 | | --- | --- | | 查看出站活动 | `connect:ListIntegrationAssociations`
`connect:ListPhoneNumbersV2`
`connect:SearchEmailAddresses`
`connect:DescribeInstance`
`connect:DescribeInstanceAttribute`
`kms:DescribeKey`
`kms:ListKeys`
`profile:ListAccountIntegrations`
`profile:ListIntegrations`
`profile:ListDomains`
`profile:GetDomain`
`wisdom:ListKnowledgeBases`
`wisdom:GetKnowledgeBase`
`connect-campaigns:GetInstanceOnboardingJobStatus`
`connect-campaigns:GetConnectInstanceConfig`
`connect-campaigns:ListConnectInstanceIntegrations` | | 创建出站活动 | `connect-campaigns:StartInstanceOnboardingJob`
`connect-campaigns:DeleteInstanceOnboardingJob`
`connect-campaigns:GetConnectInstanceConfig`
`connect-campaigns:GetInstanceOnboardingJobStatus`
`connect-campaigns:DeleteConnectInstanceConfig`
`connect:DescribeInstance`
`connect:DescribeInstanceAttribute`
`connect:UpdateInstanceAttribute`
`iam:CreateServiceLinkedRole`
`iam:DeleteServiceLinkedRole`
`iam:AttachRolePolicy`
`iam:PutRolePolicy`
`iam:DeleteRolePolicy`
`events:PutRule`
`events:PutTargets`
`events:DeleteRule`
`events:RemoveTargets`
`events:DescribeRule`
`events:ListTargetsByRule`
`ds:DescribeDirectories`
`kms:DescribeKey`
`kms:ListKeys`
`kms:CreateGrant`
`kms:RetireGrant`
`profile:CreateDomain`
`profile:ListAccountIntegrations`
`profile:ListIntegrations`
`profile:PutIntegration`
`profile:PutProfileObjectType`
`connect:CreateIntegrationAssociation`
`connect:ListIntegrationAssociations`
`connect:UpdateInstanceAttribute`
`connect:AssociateCustomerProfilesDomain`
`connect-campaigns:ListConnectInstanceIntegrations`
`connect-campaigns:PutConnectInstanceIntegration`
`wisdom:CreateKnowledgeBase`
`wisdom:ListKnowledgeBases` | ## Connect 人工智能代理页面 | 操作/使用案例 | 所需权限 | | --- | --- | | 查看域和集成 | `wisdom:ListAssistantAssociations`
`appflow:DescribeConnectorProfiles`
`app-integrations:GetDataIntegration`
`connect:DescribeInstance`
`connect:DescribeInstanceAttribute`
`connect:ListIntegrationAssociations`
`kms:DescribeKey`
`kms:ListGrants`
`wisdom:GetAssistant`
`wisdom:GetKnowledgeBase`
`wisdom:ListAssistantAssociations` | | 添加或删除域 | `connect:CreateIntegrationAssociation`
`connect:DeleteIntegrationAssociation`
`connect:ListIntegrationAssociations`
`iam:DeleteRolePolicy`
`iam:PutRolePolicy`
`kms:CreateGrant`
`kms:DescribeKey`
`kms:ListAliases`
`wisdom:CreateAssistant`
`wisdom:DeleteAssistant`
`wisdom:GetAssistant`
`wisdom:ListAssistantAssociations`
`wisdom:ListAssistants`
`wisdom:TagResource` | | 添加或删除集成 | `wisdom:ListAssistantAssociations`
`app-integrations:CreateDataIntegration`
`app-integrations:CreateDataIntegrationAssociation`
`app-integrations:DeleteDataIntegrationAssociation`
`app-integrations:GetDataIntegration`
`app-integrations:ListDataIntegrations`
`appflow:CreateConnectorProfile`
`appflow:CreateFlow`
`appflow:DeleteFlow`
`appflow:DescribeConnector`
`appflow:DescribeConnectorEntity`
`appflow:DescribeConnectorProfiles`
`appflow:DescribeConnectors`
`appflow:DescribeFlow`
`appflow:ListConnectorEntities`
`appflow:StartFlow`
`appflow:StopFlow`
`appflow:TagResource`
`appflow:UseConnectorProfile`
`connect:CreateIntegrationAssociation`
`connect:DeleteIntegrationAssociation`
`connect:ListIntegrationAssociations`
`iam:DeleteRolePolicy`
`iam:PutRolePolicy`
`kms:CreateGrant`
`kms:Decrypt`
`kms:DescribeKey`
`kms:GenerateDataKey`
`kms:ListAliases`
`kms:ListGrants`
`secretsmanager:CreateSecret`
`secretsmanager:PutResourcePolicy`
`wisdom:CreateAssistantAssociation`
`wisdom:CreateKnowledgeBase`
`wisdom:DeleteAssistantAssociation`
`wisdom:DeleteKnowledgeBase`
`wisdom:GetAssistant`
`wisdom:GetKnowledgeBase`
`wisdom:ListAssistantAssociations`
`wisdom:ListKnowledgeBases`
`wisdom:TagResource` | ## “Voice ID”页面 | 操作/用例 | 所需权限 | | --- | --- | | 查看 Voice ID 集成 | `voiceid:DescribeDomain`
`voiceid:ListDomains`
`voiceid:RegisterComplianceConsent`
`voiceid:DescribeComplianceConsent`
`connect:ListIntegrationAssociations` | | 编辑 Voice ID 集成 | `voiceid:DescribeDomain`
`voiceid:ListDomains`
`voiceid:RegisterComplianceConsent`
`voiceid:DescribeComplianceConsent`
`voiceid:UpdateDomain`
`voiceid:CreateDomain`
`connect:ListIntegrationAssociations`
`connect:CreateIntegrationAssociation`
`connect:DeleteIntegrationAssociation`
`events:PutRule`
`events:DeleteRule`
`events:PutTargets`
`events:RemoveTargets`
`iam:PutRolePolicy` | ## “预测、容量规划和调度”页面 | 操作/用例 | 所需权限 | | --- | --- | | 查看预测、容量规划和调度 | `connect:DescribeForecastingPlanningSchedulingIntegration` | | 启用预测、容量规划和调度 | `connect:UpdateInstanceAttribute`
`connect:StartForecastingPlanningSchedulingIntegration` | | 禁用预测、容量规划和调度 | `connect:UpdateInstanceAttribute`
`connect:StopForecastingPlanningSchedulingIntegration` | ## 联合身份验证 ### SAML 联合身份验证 | 操作/用例 | 所需权限 | | --- | --- | | SAML 联合身份验证 | `connect:GetFederationToken` | ### 管理员/紧急联合身份验证 | 操作/用例 | 所需权限 | | --- | --- | | 管理员/紧急联合身份验证 | `connect:AdminGetEmergencyAccessToken` |