本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AmazonDataZoneS3Manage-< 区域 >-< 域名 >
AmazonDataZoneS3Manage<region>-<domainId>用于亚马逊致 DataZone电 AWS Lake Formation 注册亚马逊简单存储服务 (Amazon S3) Simple Service 分店时。 AWS Lake Formation 在访问该位置的数据时扮演这个角色。有关更多信息,请参阅用于注册位置的角色的要求。
此角色已附加以下内联权限策略。
- JSON
-
-
{ "Version":"2012-10-17", "Statement": [ { "Sid": "LakeFormationDataAccessPermissionsForS3", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceAccount": "{{accountId}}" } } }, { "Sid": "LakeFormationDataAccessPermissionsForS3ListBucket", "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceAccount": "{{accountId}}" } } }, { "Sid": "LakeFormationDataAccessPermissionsForS3ListAllMyBuckets", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": "arn:aws:s3:::*", "Condition": { "StringEquals": { "aws:ResourceAccount": "{{accountId}}" } } }, { "Sid": "LakeFormationExplicitDenyPermissionsForS3", "Effect": "Deny", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::[[BucketNames]]/*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{{accountId}}" } } }, { "Sid": "LakeFormationExplicitDenyPermissionsForS3ListBucket", "Effect": "Deny", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::[[BucketNames]]" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "{{accountId}}" } } } ] }
AmazonDataZoneS3Manage-<region>-<domainId>附有以下信任策略:
- JSON
-
-
{ "Version":"2012-10-17", "Statement": [ { "Sid": "TrustLakeFormationForDataLocationRegistration", "Effect": "Allow", "Principal": { "Service": "lakeformation.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{{source_account_id}}" } } } ] }
AmazonDataZoneRedshiftAccess-< 区域 >-< 域名 >
AmazonDataZoneSageMakerManageAccessRole-< 区域 >-< 域名 >