要编辑静态策略,请按以下步骤操作:
您可以使用UpdatePolicy操作编辑静态策略。以下示例编辑了一个简单的静态策略。
该示例使用 definition.txt 文件来包含策略定义。
{
"static": {
"description": "Grant everyone of janeFriends UserGroup access to the vacationFolder Album",
"statement": "permit(principal in UserGroup::\"janeFriends\", action, resource in Album::\"vacationFolder\" );"
}
}
以下命令引用了该文件。
$ aws verifiedpermissions create-policy \
--definition file://definition.txt \
--policy-store-id PSEXAMPLEabcdefg111111
{
"createdDate": "2023-06-12T20:33:37.382907+00:00",
"lastUpdatedDate": "2023-06-12T20:33:37.382907+00:00",
"policyId": "SPEXAMPLEabcdefg111111",
"policyStoreId": "PSEXAMPLEabcdefg111111",
"policyType": "STATIC",
"principal": {
"entityId": "janeFriends",
"entityType": "UserGroup"
},
"resource": {
"entityId": "vacationFolder",
"entityType": "Album"
}
}
更新策略的名称
更新策略时,您可以设置或更新策略名称。对于策略存储区内的所有策略,该名称必须是唯一的,并以name/此为前缀。如果您未在更新请求中包含姓名字段,则现有名称将保持不变。要删除名称,请将其设置为空字符串。
$ aws verifiedpermissions update-policy \
--policy-id SPEXAMPLEabcdefg111111 \
--policy-store-id PSEXAMPLEabcdefg111111 \
--definition file://definition.txt \
--name name/example-policy
{
"createdDate": "2023-06-12T20:33:37.382907+00:00",
"lastUpdatedDate": "2023-06-12T20:47:42.804511+00:00",
"policyId": "SPEXAMPLEabcdefg111111",
"policyStoreId": "PSEXAMPLEabcdefg111111",
"policyType": "STATIC",
"principal": {
"entityId": "janeFriends",
"entityType": "UserGroup"
},
"resource": {
"entityId": "vacationFolder",
"entityType": "Album"
}
}
