本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 的操作、资源和条件键 AWS 安全令牌服务
AWS 安全令牌服务(服务前缀:`sts`)提供以下特定于服务的资源、操作和条件上下文密钥,供在 IAM 权限策略中使用。
参考:
+ 了解如何[配置该服务](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html)。
+ 查看[适用于该服务的 API 操作列表](https://docs.aws.amazon.com/STS/latest/APIReference/)。
+ 了解如何[使用 IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_permissions.html) 权限策略保护该服务及其资源。
**Topics**
+ [操作定义为 AWS 安全令牌服务](#awssecuritytokenservice-actions-as-permissions)
+ [由定义的资源类型 AWS 安全令牌服务](#awssecuritytokenservice-resources-for-iam-policies)
+ [的条件密钥 AWS 安全令牌服务](#awssecuritytokenservice-policy-keys)
## 操作定义为 AWS 安全令牌服务
您可以在 IAM 策略语句的 `Action` 元素中指定以下操作。可以使用策略授予在 AWS中执行操作的权限。您在策略中使用一项操作时,通常使用相同的名称允许或拒绝对 API 操作或 CLI 命令的访问。但在某些情况下,单一动作可控制对多项操作的访问。还有某些操作需要多种不同的动作。
操作表的**访问级别**列描述如何对操作进行分类(列出、读取、权限管理或标记)。此分类可以帮助您了解当您在策略中使用操作时,相应操作授予的访问级别。有关访问级别的更多信息,请参阅[策略摘要中的访问级别](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html)。
操作表的**资源类型**列指示每项操作是否支持资源级权限。如果该列没有任何值,您必须在策略语句的 `Resource` 元素中指定策略应用的所有资源(“\*”)。通过在 IAM policy 中使用条件来筛选访问权限,以控制是否可以在资源或请求中使用特定标签键。如果操作具有一个或多个必需资源,则调用方必须具有使用这些资源来使用该操作的权限。必需资源在表中以星号 (\*) 表示。如果您在 IAM policy 中使用 `Resource` 元素限制资源访问权限,则必须为每种必需的资源类型添加 ARN 或模式。某些操作支持多种资源类型。如果资源类型是可选的(未指示为必需),则可以选择使用一种可选资源类型。
操作表的**条件键**列包括可以在策略语句的 `Condition` 元素中指定的键。有关与服务资源关联的条件键的更多信息,请参阅资源类型表的**条件键**列。
操作表的**依赖操作**列显示成功调用操作可能需要的其他权限。除了操作本身的权限以外,可能还需要这些权限。若某个操作指定依赖操作,则这些依赖关系可能适用于为该操作定义的其他资源,而不仅仅是表中列出的第一个资源。
**注意**
资源条件键在[资源类型](#awssecuritytokenservice-resources-for-iam-policies)表中列出。您可以在操作表的**资源类型(\* 为必需)**列中找到应用于某项操作的资源类型的链接。资源类型表中的资源类型包括**条件密钥**列,这是应用于操作表中操作的资源条件键。
有关下表中各列的详细信息,请参阅[操作表](reference_policies_actions-resources-contextkeys.html#actions_table)。
****
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html) **
- **描述:** 授予获取一组临时安全证书的权限,您可以使用这些证书来访问通常可能无法访问的 AWS 资源
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awssecuritytokenservice-role](#awssecuritytokenservice-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_)
[#awssecuritytokenservice-sts_TransitiveTagKeys](#awssecuritytokenservice-sts_TransitiveTagKeys)
[#awssecuritytokenservice-sts_ExternalId](#awssecuritytokenservice-sts_ExternalId)
[#awssecuritytokenservice-sts_RoleSessionName](#awssecuritytokenservice-sts_RoleSessionName)
[#awssecuritytokenservice-iam_ResourceTag___TagKey_](#awssecuritytokenservice-iam_ResourceTag___TagKey_)
[#awssecuritytokenservice-sts_SourceIdentity](#awssecuritytokenservice-sts_SourceIdentity)
[#awssecuritytokenservice-cognito-identity.amazonaws.com_amr](#awssecuritytokenservice-cognito-identity.amazonaws.com_amr)
[#awssecuritytokenservice-cognito-identity.amazonaws.com_aud](#awssecuritytokenservice-cognito-identity.amazonaws.com_aud)
[#awssecuritytokenservice-cognito-identity.amazonaws.com_sub](#awssecuritytokenservice-cognito-identity.amazonaws.com_sub)
[#awssecuritytokenservice-www.amazon.com_app_id](#awssecuritytokenservice-www.amazon.com_app_id)
[#awssecuritytokenservice-www.amazon.com_user_id](#awssecuritytokenservice-www.amazon.com_user_id)
[#awssecuritytokenservice-graph.facebook.com_app_id](#awssecuritytokenservice-graph.facebook.com_app_id)
[#awssecuritytokenservice-graph.facebook.com_id](#awssecuritytokenservice-graph.facebook.com_id)
[#awssecuritytokenservice-accounts.google.com_aud](#awssecuritytokenservice-accounts.google.com_aud)
[#awssecuritytokenservice-accounts.google.com_sub](#awssecuritytokenservice-accounts.google.com_sub)
[#awssecuritytokenservice-saml_namequalifier](#awssecuritytokenservice-saml_namequalifier)
[#awssecuritytokenservice-saml_sub](#awssecuritytokenservice-saml_sub)
[#awssecuritytokenservice-saml_sub_type](#awssecuritytokenservice-saml_sub_type) / **相关操作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html) **
- **描述:** 授予权限以获取为已通过 SAML 身份验证响应进行身份验证的用户获取一组临时安全凭证
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awssecuritytokenservice-role](#awssecuritytokenservice-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awssecuritytokenservice-saml_namequalifier](#awssecuritytokenservice-saml_namequalifier)
[#awssecuritytokenservice-saml_sub](#awssecuritytokenservice-saml_sub)
[#awssecuritytokenservice-saml_sub_type](#awssecuritytokenservice-saml_sub_type)
[#awssecuritytokenservice-saml_aud](#awssecuritytokenservice-saml_aud)
[#awssecuritytokenservice-saml_iss](#awssecuritytokenservice-saml_iss)
[#awssecuritytokenservice-saml_doc](#awssecuritytokenservice-saml_doc)
[#awssecuritytokenservice-saml_cn](#awssecuritytokenservice-saml_cn)
[#awssecuritytokenservice-saml_commonName](#awssecuritytokenservice-saml_commonName)
[#awssecuritytokenservice-saml_eduorghomepageuri](#awssecuritytokenservice-saml_eduorghomepageuri)
[#awssecuritytokenservice-saml_eduorgidentityauthnpolicyuri](#awssecuritytokenservice-saml_eduorgidentityauthnpolicyuri)
[#awssecuritytokenservice-saml_eduorglegalname](#awssecuritytokenservice-saml_eduorglegalname)
[#awssecuritytokenservice-saml_eduorgsuperioruri](#awssecuritytokenservice-saml_eduorgsuperioruri)
[#awssecuritytokenservice-saml_eduorgwhitepagesuri](#awssecuritytokenservice-saml_eduorgwhitepagesuri)
[#awssecuritytokenservice-saml_edupersonaffiliation](#awssecuritytokenservice-saml_edupersonaffiliation)
[#awssecuritytokenservice-saml_edupersonassurance](#awssecuritytokenservice-saml_edupersonassurance)
[#awssecuritytokenservice-saml_edupersonentitlement](#awssecuritytokenservice-saml_edupersonentitlement)
[#awssecuritytokenservice-saml_edupersonnickname](#awssecuritytokenservice-saml_edupersonnickname)
[#awssecuritytokenservice-saml_edupersonorgdn](#awssecuritytokenservice-saml_edupersonorgdn)
[#awssecuritytokenservice-saml_edupersonorgunitdn](#awssecuritytokenservice-saml_edupersonorgunitdn)
[#awssecuritytokenservice-saml_edupersonprimaryaffiliation](#awssecuritytokenservice-saml_edupersonprimaryaffiliation)
[#awssecuritytokenservice-saml_edupersonprimaryorgunitdn](#awssecuritytokenservice-saml_edupersonprimaryorgunitdn)
[#awssecuritytokenservice-saml_edupersonprincipalname](#awssecuritytokenservice-saml_edupersonprincipalname)
[#awssecuritytokenservice-saml_edupersonscopedaffiliation](#awssecuritytokenservice-saml_edupersonscopedaffiliation)
[#awssecuritytokenservice-saml_edupersontargetedid](#awssecuritytokenservice-saml_edupersontargetedid)
[#awssecuritytokenservice-saml_givenName](#awssecuritytokenservice-saml_givenName)
[#awssecuritytokenservice-saml_mail](#awssecuritytokenservice-saml_mail)
[#awssecuritytokenservice-saml_name](#awssecuritytokenservice-saml_name)
[#awssecuritytokenservice-saml_organizationStatus](#awssecuritytokenservice-saml_organizationStatus)
[#awssecuritytokenservice-saml_primaryGroupSID](#awssecuritytokenservice-saml_primaryGroupSID)
[#awssecuritytokenservice-saml_surname](#awssecuritytokenservice-saml_surname)
[#awssecuritytokenservice-saml_uid](#awssecuritytokenservice-saml_uid)
[#awssecuritytokenservice-saml_x500UniqueIdentifier](#awssecuritytokenservice-saml_x500UniqueIdentifier)
[#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_)
[#awssecuritytokenservice-sts_TransitiveTagKeys](#awssecuritytokenservice-sts_TransitiveTagKeys)
[#awssecuritytokenservice-sts_SourceIdentity](#awssecuritytokenservice-sts_SourceIdentity)
[#awssecuritytokenservice-sts_RoleSessionName](#awssecuritytokenservice-sts_RoleSessionName) / **相关操作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html) **
- **描述:** 授予权限为已在移动或 Web 应用程序中使用 Web 身份提供商进行身份验证的用户获取一组临时安全凭证
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awssecuritytokenservice-role](#awssecuritytokenservice-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awssecuritytokenservice-cognito-identity.amazonaws.com_amr](#awssecuritytokenservice-cognito-identity.amazonaws.com_amr)
[#awssecuritytokenservice-cognito-identity.amazonaws.com_aud](#awssecuritytokenservice-cognito-identity.amazonaws.com_aud)
[#awssecuritytokenservice-cognito-identity.amazonaws.com_sub](#awssecuritytokenservice-cognito-identity.amazonaws.com_sub)
[#awssecuritytokenservice-www.amazon.com_app_id](#awssecuritytokenservice-www.amazon.com_app_id)
[#awssecuritytokenservice-www.amazon.com_user_id](#awssecuritytokenservice-www.amazon.com_user_id)
[#awssecuritytokenservice-graph.facebook.com_app_id](#awssecuritytokenservice-graph.facebook.com_app_id)
[#awssecuritytokenservice-graph.facebook.com_id](#awssecuritytokenservice-graph.facebook.com_id)
[#awssecuritytokenservice-accounts.google.com_aud](#awssecuritytokenservice-accounts.google.com_aud)
[#awssecuritytokenservice-accounts.google.com_oaud](#awssecuritytokenservice-accounts.google.com_oaud)
[#awssecuritytokenservice-accounts.google.com_sub](#awssecuritytokenservice-accounts.google.com_sub)
[#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_)
[#awssecuritytokenservice-sts_TransitiveTagKeys](#awssecuritytokenservice-sts_TransitiveTagKeys)
[#awssecuritytokenservice-sts_SourceIdentity](#awssecuritytokenservice-sts_SourceIdentity)
[#awssecuritytokenservice-sts_RoleSessionName](#awssecuritytokenservice-sts_RoleSessionName) / **相关操作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoot.html) **
- **描述:** 授予权限以获取一组可用来对组织中的成员账户执行特权任务的临时安全凭证
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awssecuritytokenservice-root-user](#awssecuritytokenservice-root-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awssecuritytokenservice-sts_TaskPolicyArn](#awssecuritytokenservice-sts_TaskPolicyArn) / **相关操作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_DecodeAuthorizationMessage.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_DecodeAuthorizationMessage.html) **
- **描述:** 授予从响应请求时返回的编码消息中解码有关请求授权状态的其他信息的权限 AWS
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_GetAccessKeyInfo.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetAccessKeyInfo.html) **
- **描述:** 授予权限以获取有关作为参数传递给请求的访问密钥 ID 的详细信息
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html) **
- **描述:** 授予权限以获取有关其凭证用于调用 API 的 IAM 身份的详细信息
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_GetDelegatedAccessToken.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetDelegatedAccessToken.html) **
- **描述:** 返回用于访问临时授权请求批准 AWS 账户 后的临时安全证书。此 API 需要在请求授权批准后InToken 提供的交易,并且仅供亚马逊或 AWS 合作伙伴使用
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html) **
- **描述:** 授予权限以为联合身份用户获取一组临时安全凭证(由访问密钥 ID、秘密访问密钥和安全令牌组成)
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#awssecuritytokenservice-federated-user](#awssecuritytokenservice-federated-user) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bearer.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bearer.html) [仅权限]**
- **描述:** 为 AWS 根用户、IAM 角色或 IAM 用户授予获取 STS 持有者令牌的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:** [#awssecuritytokenservice-sts_AWSServiceName](#awssecuritytokenservice-sts_AWSServiceName)
[#awssecuritytokenservice-sts_DurationSeconds](#awssecuritytokenservice-sts_DurationSeconds)
- **相关操作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html) **
- **描述:** 授予权限以获取 AWS 账户 或 IAM 用户的一组临时安全证书(包括访问密钥 ID、私有访问密钥和安全令牌)
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.aws.amazon.com/STS/latest/APIReference/API_GetWebIdentityToken.html](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetWebIdentityToken.html) **
- **描述:** 授予获取代表调用 IAM 委托人身份的短期、可公开验证的 JSON Web 令牌 (JWT) 的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:** [#awssecuritytokenservice-sts_DurationSeconds](#awssecuritytokenservice-sts_DurationSeconds)
[#awssecuritytokenservice-sts_IdentityTokenAudience](#awssecuritytokenservice-sts_IdentityTokenAudience)
[#awssecuritytokenservice-sts_SigningAlgorithm](#awssecuritytokenservice-sts_SigningAlgorithm)
[#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_)
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts) [仅权限]**
- **描述:** 授予为 STS 会话设置上下文键的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#awssecuritytokenservice-role](#awssecuritytokenservice-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#awssecuritytokenservice-self-session](#awssecuritytokenservice-self-session) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awssecuritytokenservice-sts_RequestContext___ContextKey_](#awssecuritytokenservice-sts_RequestContext___ContextKey_)
[#awssecuritytokenservice-sts_RequestContextProviders](#awssecuritytokenservice-sts_RequestContextProviders) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html#id_credentials_temp_control-access_monitor-perms](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html#id_credentials_temp_control-access_monitor-perms) [仅权限]**
- **描述:** 授予在 STS 会话上设置源身份的权限
- **访问级别:** Write
- **资源类型(\* 为必需):** [#awssecuritytokenservice-role](#awssecuritytokenservice-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awssecuritytokenservice-sts_SourceIdentity](#awssecuritytokenservice-sts_SourceIdentity) / **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_web_identity_token_tags.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_web_identity_token_tags.html) [仅权限]**
- **描述:** 授予向 API 生成的 JSON 网络令牌 (JWT) 添加标签的 GetWebIdentityToken 权限
- **访问级别:** 标签
- **资源类型(\* 为必需):**
- **条件键:** [#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_)
- **相关操作:**
- ** [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) [仅权限]**
- **描述:** 授予权限以将标签添加至 STS 会话
- **访问级别:** 标签
- **资源类型(\* 为必需):** [#awssecuritytokenservice-role](#awssecuritytokenservice-role) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#awssecuritytokenservice-aws_TagKeys](#awssecuritytokenservice-aws_TagKeys)
[#awssecuritytokenservice-aws_RequestTag___TagKey_](#awssecuritytokenservice-aws_RequestTag___TagKey_)
[#awssecuritytokenservice-sts_TransitiveTagKeys](#awssecuritytokenservice-sts_TransitiveTagKeys)
[#awssecuritytokenservice-saml_aud](#awssecuritytokenservice-saml_aud) / **相关操作:**
## 由定义的资源类型 AWS 安全令牌服务
以下资源类型是由该服务定义的,可以在 IAM 权限策略语句的 `Resource` 元素中使用这些资源类型。[操作表](#awssecuritytokenservice-actions-as-permissions)中的每个操作指定了可以使用该操作指定的资源类型。您也可以在策略中包含条件键,从而定义资源类型。这些键显示在资源类型表的最后一列。有关下表中各列的详细信息,请参阅[资源类型表](reference_policies_actions-resources-contextkeys.html#resources_table)。
****
| 资源类型 | ARN | 条件键 |
| --- | --- | --- |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) | arn:${Partition}:iam::${Account}:role/${RoleNameWithPath} | [#awssecuritytokenservice-aws_ResourceTag___TagKey_](#awssecuritytokenservice-aws_ResourceTag___TagKey_)
[#awssecuritytokenservice-iam_ResourceTag___TagKey_](#awssecuritytokenservice-iam_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html) | arn:${Partition}:iam::${Account}:root | |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) | arn:${Partition}:sts::${Account}:self | |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) | arn:${Partition}:iam::aws:contextProvider/${ContextProviderName} | |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) | arn:${Partition}:sts::${Account}:federated-user/${FederatedUserName} | |
## 的条件密钥 AWS 安全令牌服务
AWS 安全令牌服务定义了以下条件密钥,这些密钥可用于 IAM 策略的`Condition`元素。您可以使用这些键进一步细化应用策略语句的条件。有关下表中各列的详细信息,请参阅[条件键表](reference_policies_actions-resources-contextkeys.html#context_keys_table)。
要查看适用于所有服务的全局条件键,请参阅 [AWS 全局条件上下文键](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html)。
****
| 条件键 | 描述 | Type |
| --- | --- | --- |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud) | 按 Google 应用程序 ID 筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_oaud](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_oaud) | 按 Google 受众筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub) | 按声明的主体(Google 用户 ID)筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag) | 按请求中传递的标签筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag) | 按与资源关联的标签筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys) | 按请求中传递的标签键筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_amr](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_amr) | 按 Amazon Cognito 的登录信息筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud) | 按 Amazon Cognito 身份池 ID 筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub) | 按声明的主体(Amazon Cognito 用户 ID)筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id) | 按 Facebook 应用程序 ID 筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id) | 按 Facebook 用户 ID 筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_ResourceTag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_ResourceTag) | 按附加到所要代入角色的标签筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud) | 按向其提供 SAML 断言的终端节点 URL 筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_cn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_cn) | 按 eduOrg 属性筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_commonname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_commonname) | 按 commonName 属性筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_doc](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_doc) | 按用于担任角色的主体筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorghomepageuri](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorghomepageuri) | 按 eduOrg 属性筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_aud) | 按 eduOrg 属性筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorglegalname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorglegalname) | 按 eduOrg 属性筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorgsuperioruri](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorgsuperioruri) | 按 eduOrg 属性筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorgwhitepagesuri](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_eduorgwhitepagesuri) | 按 eduOrg 属性筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonaffiliation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonaffiliation) | 按 eduPerson 属性筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonassurance](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonassurance) | 按 eduPerson 属性筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonentitlement](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonentitlement) | 按 eduPerson 属性筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonnickname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonnickname) | 按 eduPerson 属性筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonorgdn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonorgdn) | 按 eduPerson 属性筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonorgunitdn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonorgunitdn) | 按 eduPerson 属性筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprimaryaffiliation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprimaryaffiliation) | 按 eduPerson 属性筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprimaryorgunitdn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprimaryorgunitdn) | 按 eduPerson 属性筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprincipalname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonprincipalname) | 按 eduPerson 属性筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonscopedaffiliation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersonscopedaffiliation) | 按 eduPerson 属性筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersontargetedid](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_edupersontargetedid) | 按 eduPerson 属性筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_givenname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_givenname) | 按 givenName 属性筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_iss](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_iss) | 按发布者(由 URN 表示)筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_mail](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_mail) | 按邮件属性筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_name](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_name) | 按名称属性筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_namequalifier](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_namequalifier) | 按发布者、账户 ID 和友好名称的哈希值筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_organizationstatus](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_organizationstatus) | 按 organizationStatus 属性筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_primarygroupsid](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_primarygroupsid) | 按 primaryGroupSID 属性筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sub) | 按声明的主体(SAML 用户 ID)筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_subtype](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_subtype) | 按值持久性、瞬态或完整格式 URI 筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_surname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_surname) | 按姓氏属性筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_uid](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_uid) | 按 uid 属性筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_x500uniqueidentifier](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_x500uniqueidentifier) | 按 uid 属性筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_awsservicename](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_awsservicename) | 按正在获取持有者令牌的服务筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_durationseconds](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_durationseconds) | 从 API 获取持有者令牌或 JSON Web 令牌 (JWT) 时,按持续时间(以秒为单位)筛选访问权限 GetWebIdentityToken | 数值 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_externalid](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_externalid) | 按您代入另一个账户中的角色时所需的唯一标识符筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_identitytokenaudience](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_identitytokenaudience) | 筛选请求中传递的受众的访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts) | 按从可信上下文提供者检索的已签名上下文断言中嵌入的会话上下文键值对筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts) | 按上下文提供者 ARN 筛选访问权限 | ArrayOfARN |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname) | 按您代入角色时所需的角色会话名称筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_signingalgorithm](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_signingalgorithm) | 通过请求中传递的签名算法筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sourceidentity](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sourceidentity) | 按照在请求中传递的源身份筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-sts) | 按 TaskPolicy ARN 筛选访问权限 | 进行筛选 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_TransitiveTagKeys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_TransitiveTagKeys) | 按照在请求中传递的可传递标签键筛选访问权限 | ArrayOfString |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id) | 按照“Login with Amazon”应用程序 ID 筛选访问权限 | 字符串 |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_id) | 按照“Login with Amazon”用户 ID 筛选访问权限 | 字符串 |