本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# AWS Resilience Hub 角色和 IAM 权限参考
您可以使用`AWSResilienceHubAsssessmentExecutionPolicy` AWS 托管策略和以下角色特定策略之一向需要 AWS Resilience Hub 使用的角色授予 IAM 权限。有关 AWS 托管策略的更多信息,请参阅[AWSResilienceHubAsssessmentExecutionPolicy](security-iam-awsmanpol.md#security_iam_aws-assessment-policy)。
**Topics**
+ [基础设施应用程序管理员角色的 IAM 权限](#iam-infra-continuity-manager)
+ [业务连续性经理角色的 IAM 权限](#iam-business-continuity-manager)
+ [应用程序所有者角色的 IAM 权限](#iam-application-owner)
+ [用于授予只读访问权限的 IAM 权限](#iam-read-only-access)
## 基础设施应用程序管理员角色的 IAM 权限
以下策略授予基础设施应用程序管理员角色所需的必要权限。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "InfrastructureApplicationManager",
"Effect": "Allow",
"Action": [
"resiliencehub:AddDraftAppVersionResourceMappings",
"resiliencehub:CreateAppVersionAppComponent",
"resiliencehub:CreateAppVersionResource",
"resiliencehub:CreateRecommendationTemplate",
"resiliencehub:DeleteAppAssessment",
"resiliencehub:DeleteAppInputSource",
"resiliencehub:DeleteAppVersionAppComponent",
"resiliencehub:DeleteAppVersionResource",
"resiliencehub:DeleteRecommendationTemplate",
"resiliencehub:Describe*",
"resiliencehub:List*",
"resiliencehub:PublishAppVersion",
"resiliencehub:PutDraftAppVersionTemplate",
"resiliencehub:RemoveDraftAppVersionResourceMappings",
"resiliencehub:ResolveAppVersionResources",
"resiliencehub:StartAppAssessment",
"resiliencehub:TagResource",
"resiliencehub:UntagResource",
"resiliencehub:UpdateAppVersion",
"resiliencehub:UpdateAppVersionAppComponent",
"resiliencehub:UpdateAppVersionResource"
],
"Resource": "*"
}
]
}
```
------
## 业务连续性经理角色的 IAM 权限
以下策略授予业务连续性经理角色所需的必要权限。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "BusinessContinuityManager",
"Effect": "Allow",
"Action": [
"resiliencehub:CreateResiliencyPolicy",
"resiliencehub:DeleteResiliencyPolicy",
"resiliencehub:Describe*",
"resiliencehub:List*",
"resiliencehub:ResolveAppVersionResources",
"resiliencehub:TagResource",
"resiliencehub:UntagResource",
"resiliencehub:UpdateAppVersion",
"resiliencehub:UpdateAppVersionAppComponent",
"resiliencehub:UpdateAppVersionResource",
"resiliencehub:UpdateResiliencyPolicy"
],
"Resource": "*"
}
]
}
```
------
## 应用程序所有者角色的 IAM 权限
以下策略授予应用程序所有者角色所需的必要权限。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ApplicationOwner",
"Effect": "Allow",
"Action": [
"resiliencehub:AddDraftAppVersionResourceMappings",
"resiliencehub:BatchUpdateRecommendationStatus",
"resiliencehub:CreateApp",
"resiliencehub:CreateAppVersionAppComponent",
"resiliencehub:CreateAppVersionResource",
"resiliencehub:CreateRecommendationTemplate",
"resiliencehub:CreateResiliencyPolicy",
"resiliencehub:DeleteApp",
"resiliencehub:DeleteAppAssessment",
"resiliencehub:DeleteAppInputSource",
"resiliencehub:DeleteAppVersionAppComponent",
"resiliencehub:DeleteAppVersionResource",
"resiliencehub:DeleteRecommendationTemplate",
"resiliencehub:DeleteResiliencyPolicy",
"resiliencehub:Describe*",
"resiliencehub:ImportResourcesToDraftAppVersion",
"resiliencehub:List*",
"resiliencehub:PublishAppVersion",
"resiliencehub:PutDraftAppVersionTemplate",
"resiliencehub:RemoveDraftAppVersionResourceMappings",
"resiliencehub:ResolveAppVersionResources",
"resiliencehub:StartAppAssessment",
"resiliencehub:TagResource",
"resiliencehub:UntagResource",
"resiliencehub:UpdateApp",
"resiliencehub:UpdateAppVersion",
"resiliencehub:UpdateAppVersionAppComponent",
"resiliencehub:UpdateAppVersionResource",
"resiliencehub:UpdateResiliencyPolicy"
],
"Resource": "*"
}
]
}
```
------
## 用于授予只读访问权限的 IAM 权限
以下策略授予只读访问所需的必要权限。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ReadOnly",
"Effect": "Allow",
"Action": [
"resiliencehub:Describe*",
"resiliencehub:List*",
"resiliencehub:ResolveAppVersionResources"
],
"Resource": "*"
}
]
}
```
------