本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
计划报告的执行角色权限
创建计划报告时,您必须提供一个 IAM 执行角色,该角色授予 AWS 账单和成本管理(Billing and Cost Management)代表您生成和交付报告的权限。执行角色需要以下权限和信任策略。
权限策略
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AwsBcmDashboardsScheduleReportsDataAccess", "Effect": "Allow", "Action": [ "bcm-dashboards:GetDashboard" ], "Resource": [ "arn:aws:bcm-dashboards::*:dashboard/*" ] }, { "Sid": "AwsBcmDashboardsScheduleReportsDataAccessCE", "Effect": "Allow", "Action": [ "ce:GetDimensionValues", "ce:GetCostAndUsageWithResources", "ce:GetCostAndUsage", "ce:GetCostForecast", "ce:GetTags", "ce:GetUsageForecast", "ce:GetCostCategories", "ce:GetSavingsPlansCoverage", "ce:GetReservationUtilization", "ce:GetReservationCoverage", "ce:GetSavingsPlansUtilization", "ce:GetSavingsPlansUtilizationDetails" ], "Resource": "*" } ] }
信任策略
执行角色必须信任bcm-dashboards.amazonaws.com服务主体。<account-id>替换为您的 AWS 账户 ID。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowBcmDashboardScheduledReportAssumeRole", "Effect": "Allow", "Principal": { "Service": "bcm-dashboards.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "<account-id>" }, "StringLike": { "aws:SourceArn": "arn:aws:bcm-dashboards::<account-id>:*" } } } ] }
