本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 工作流监视器入门
以下步骤提供了首次使用工作流监视器的基本概述。
1. 为管理员和操作员级别角色设置工作流监视器 IAM 权限:[工作流监视器 IAM 策略](monitor-with-workflow-monitor-configure-getting-started-IAM.md)
1. 构建警报模板或导入由 AWS以下用户创建的预定义模板:[CloudWatch 警报](monitor-with-workflow-monitor-configure-alarms.md)
1. 生成将由 EventBridge以下人员发送的通知事件:[EventBridge 规则 ](monitor-with-workflow-monitor-configure-notifications.md)
1. 使用你现有的 AWS 元素资源探索信号地图:[信号地图 ](monitor-with-workflow-monitor-configure-signal-maps.md)
1. 将警报模板和通知规则附加到您的信号地图上:[附加模板](monitor-with-workflow-monitor-configure-signal-maps-attach.md)
1. 部署模板以开始监控信号地图:[部署监控模板](monitor-with-workflow-monitor-configure-deploy.md)
1. 使用 AWS 控制台的概览部分,监控和查看您的工作流监视器资源:[概述](monitor-with-workflow-monitor-operate-overview.md)
![\[设置工作流监视器的各个步骤。首先创建 IAM 角色。接着,为警报和事件创建模板。接下来,发现信号地图并将您的模板附加到图上。信号地图附加模板后,必须要部署模板。最后一步是使用模板和概览资源进行监控。\]](http://docs.aws.amazon.com/zh_cn/mediapackage/latest/ug/images/workflowmonitor-overview-steps.png)
# 工作流监视器 IAM 策略
工作流监视器与多个 AWS 服务交互以创建信号地图、构建 CloudWatch 和 EventBridge 资源以及 CloudFormation 模板。由于工作流监控器与各种服务交互,因此必须为这些服务分配特定 AWS Identity and Access Management (IAM) 策略。以下示例说明了管理员和操作员 IAM 角色所必需的 IAM 策略。
## 管理员 IAM 策略
以下示例策略适用于管理员级别的工作流监视器 IAM 策略。通过此角色可以创建和管理工作流监视器资源,以及与工作流监视器交互的受支持服务资源。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:List*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:PutAnomalyDetector",
"cloudwatch:PutMetricData",
"cloudwatch:PutMetricAlarm",
"cloudwatch:PutCompositeAlarm",
"cloudwatch:PutDashboard",
"cloudwatch:DeleteAlarms",
"cloudwatch:DeleteAnomalyDetector",
"cloudwatch:DeleteDashboards",
"cloudwatch:TagResource",
"cloudwatch:UntagResource"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudformation:List*",
"cloudformation:Describe*",
"cloudformation:CreateStack",
"cloudformation:UpdateStack",
"cloudformation:DeleteStack",
"cloudformation:TagResource",
"cloudformation:UntagResource"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudfront:List*",
"cloudfront:Get*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeNetworkInterfaces"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"events:List*",
"events:Describe*",
"events:CreateEventBus",
"events:PutRule",
"events:PutTargets",
"events:EnableRule",
"events:DisableRule",
"events:DeleteRule",
"events:RemoveTargets",
"events:TagResource",
"events:UntagResource"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"logs:Describe*",
"logs:Get*",
"logs:TagLogGroup",
"logs:TagResource",
"logs:UntagLogGroup",
"logs:UntagResource"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mediaconnect:List*",
"mediaconnect:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"medialive:*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mediapackage:List*",
"mediapackage:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mediapackagev2:List*",
"mediapackagev2:Get*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mediapackage-vod:List*",
"mediapackage-vod:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mediatailor:List*",
"mediatailor:Describe*",
"mediatailor:Get*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"resource-groups:ListGroups",
"resource-groups:GetGroup",
"resource-groups:GetTags",
"resource-groups:GetGroupQuery",
"resource-groups:GetGroupConfiguration",
"resource-groups:CreateGroup",
"resource-groups:UngroupResources",
"resource-groups:GroupResources",
"resource-groups:DeleteGroup",
"resource-groups:UpdateGroupQuery",
"resource-groups:UpdateGroup",
"resource-groups:Tag",
"resource-groups:Untag"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": "arn:aws:s3:::workflow-monitor-templates*"
},
{
"Effect": "Allow",
"Action": [
"sns:TagResource",
"sns:UntagResource"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"tag:Get*",
"tag:Describe*",
"tag:TagResources",
"tag:UntagResources"
],
"Resource": "*"
}
]
}
```
------
## 操作员 IAM 策略
以下示例策略适用于操作员级别的工作流监视器 IAM 策略。此角色可以对工作流监视器资源以及与之交互的受支持服务资源进行有限的只读访问。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:List*",
"cloudwatch:Describe*",
"cloudwatch:Get*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudformation:List*",
"cloudformation:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudfront:List*",
"cloudfront:Get*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeNetworkInterfaces"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"events:List*",
"events:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"logs:Describe*",
"logs:Get*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mediaconnect:List*",
"mediaconnect:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"medialive:List*",
"medialive:Get*",
"medialive:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mediapackage:List*",
"mediapackage:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mediapackagev2:List*",
"mediapackagev2:Get*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mediapackage-vod:List*",
"mediapackage-vod:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"mediatailor:List*",
"mediatailor:Describe*",
"mediatailor:Get*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": "arn:aws:s3:::workflow-monitor-templates*"
},
{
"Effect": "Allow",
"Action": [
"tag:Get*",
"tag:Describe*"
],
"Resource": "*"
}
]
}
```
------