本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# AWS Data Exchange API 許可:動作和資源參考
當您設定[存取控制](access-control.md)和撰寫可連接到 AWS Identity and Access Management (IAM) 身分 (身分型政策) 的許可政策時,請使用下表做為參考。下表列出每個 AWS Data Exchange API 操作、您可以授予執行動作許可的動作,以及您可以授予許可 AWS 的資源。您可以在政策的 `Action` 欄位中指定動作。您在政策的 `Resource` 欄位中指定資源值。
**注意**
若要指定動作,請使用後接 API 操作名稱的 `dataexchange:` 字首 (例如,`dataexchange:CreateDataSet`)。
**AWS Data Exchange 動作的 API 和必要許可**
| AWS Data Exchange API 操作 | 所需許可 (API 動作) | Resources | 條件 |
| --- | --- | --- | --- |
| CreateDataSet | dataexchange:CreateDataSet | N/A | `aws:TagKeys`
`aws:RequestTag` |
| GetDataSet | dataexchange:GetDataSet | 資料集 | aws:RequestTag |
| UpdateDataSet | dataexchange:UpdateDataSet | 資料集 | aws:RequestTag |
| PublishDataSet | dataexchange:PublishDataSet | 資料集 | aws:RequestTag |
| DeleteDataSet | dataexchange:DeleteDataSet | 資料集 | aws:RequestTag |
| ListDataSets | dataexchange:ListDataSets | N/A | N/A |
| CreateRevision | dataexchange:CreateRevision | 資料集 | `aws:TagKeys`
`aws:RequestTag` |
| GetRevision | dataexchange:GetRevision | 修訂 | aws:RequestTag |
| DeleteRevision | dataexchange:DeleteRevision | 修訂 | aws:RequestTag |
| ListDataSetRevisions | dataexchange:ListDataSetRevisions | 資料集 | aws:RequestTag |
| ListRevisionAssets | dataexchange:ListRevisionAssets | 修訂 | aws:RequestTag |
| CreateEventAction | dataexchange:CreateEventAction | N/A | N/A |
| UpdateEventAction | dataexchange:UpdateEventAction | EventAction | N/A |
| GetEventAction | dataexchange:GetEventAction | EventAction | N/A |
| ListEventActions | dataexchange:ListEventActions | N/A | N/A |
| DeleteEventAction | dataexchange:DeleteEventAction | EventAction | N/A |
| CreateJob | dataexchange:CreateJob | N/A | dataexchange:JobType |
| GetJob | dataexchange:GetJob | 任務 | dataexchange:JobType |
| StartJob\*\* | dataexchange:StartJob | 任務 | dataexchange:JobType |
| CancelJob | dataexchange:CancelJob | 任務 | dataexchange:JobType |
| ListJobs | dataexchange:ListJobs | N/A | N/A |
| ListTagsForResource | dataexchange:ListTagsForResource | 修訂 | aws:RequestTag |
| TagResource | dataexchange:TagResource | 修訂 | `aws:TagKeys`
`aws:RequestTag` |
| UnTagResource | dataexchange:UnTagResource | 修訂 | `aws:TagKeys`
`aws:RequestTag` |
| UpdateRevision | dataexchange:UpdateRevision | 修訂 | aws:RequestTag |
| DeleteAsset | dataexchange:DeleteAsset | 資產 | N/A |
| GetAsset | dataexchange:GetAsset | 資產 | N/A |
| UpdateAsset | dataexchange:UpdateAsset | 資產 | N/A |
| SendApiAsset | dataexchange:SendApiAsset | 資產 | N/A |
**\*\*** 視您啟動的任務類型而定,可能需要其他 IAM 許可。如需任務類型和相關聯的其他 IAM 許可, AWS Data Exchange 請參閱下表。如需任務的詳細資訊,請參閱[中的任務 AWS Data Exchange](jobs.md)。
**注意**
目前,下列 SDKs 不支援 `SendApiAsset`操作:
適用於 .NET 的 SDK
適用於 C\+\+ 的 AWS SDK
適用於 Java 2.x 的 SDK
**AWS Data Exchange 的任務類型許可 `StartJob`**
| 任務類型 | 所需的其他 IAM 許可 |
| --- | --- |
| IMPORT\_ASSETS\_FROM\_S3 | dataexchange:CreateAsset |
| IMPORT\_ASSET\_FROM\_SIGNED\_URL | dataexchange:CreateAsset |
| IMPORT\_ASSETS\_FROM\_API\_GATEWAY\_API | dataexchange:CreateAsset |
| IMPORT\_ASSETS\_FROM\_REDSHIFT\_DATA\_SHARES | dataexchange:CreateAsset, redshift:AuthorizeDataShare |
| EXPORT\_ASSETS\_TO\_S3 | dataexchange:GetAsset |
| EXPORT\_ASSETS\_TO\_SIGNED\_URL | dataexchange:GetAsset |
| EXPORT\_REVISIONS\_TO\_S3 | dataexchange:GetRevision dataexchange:GetDataSet `dataexchange:GetDataSet` 只有在您使用 `DataSet.Name`做為`EXPORT_REVISIONS_TO_S3`任務類型的動態參考時,才需要 IAM 許可。 |
您可以透過使用萬用字元,將資料集動作範圍限定為修訂或資產層級,如下列範例所示。
```
arn:aws:dataexchange:us-east-1:{{123456789012}}:data-sets/{{99EXAMPLE23c7c272897cf1EXAMPLE7a}}/revisions/*/assets/*
```
有些 AWS Data Exchange 動作只能在 AWS Data Exchange 主控台上執行。這些動作已與 AWS Marketplace 功能整合。動作需要下表所示的 AWS Marketplace 許可。
**AWS Data Exchange 訂閱者的僅限主控台動作**
| 主控台動作 | IAM 許可 |
| --- | --- |
| 訂閱產品 | `aws-marketplace:Subscribe`
`aws-marketplace:CreateAgreementRequest`
`aws-marketplace:AcceptAgreementRequest` |
| 傳送訂閱驗證請求 | `aws-marketplace:Subscribe`
`aws-marketplace:CreateAgreementRequest`
`aws-marketplace:AcceptAgreementRequest` |
| 啟用訂閱自動續約 | `aws-marketplace:Subscribe`
`aws-marketplace:CreateAgreementRequest`
`aws-marketplace:AcceptAgreementRequest` |
| 檢視訂閱的自動續約狀態 | `aws-marketplace:ListEntitlementDetails`
`aws-marketplace:ViewSubscriptions`
`aws-marketplace:GetAgreementTerms` |
| 停用訂閱自動續約 | `aws-marketplace:Subscribe`
`aws-marketplace:CreateAgreementRequest`
`aws-marketplace:AcceptAgreementRequest` |
| 列出作用中訂閱 | `aws-marketplace:ViewSubscriptions`
`aws-marketplace:SearchAgreements`
`aws-marketplace:GetAgreementTerms` |
| 檢視訂閱 | `aws-marketplace:ViewSubscriptions`
`aws-marketplace:SearchAgreements`
`aws-marketplace:GetAgreementTerms`
`aws-marketplace:DescribeAgreement` |
| 列出訂閱驗證請求 | `aws-marketplace:ListAgreementRequests` |
| 檢視訂閱驗證請求 | `aws-marketplace:GetAgreementRequest` |
| 取消訂閱驗證請求 | `aws-marketplace:CancelAgreementRequest` |
| 檢視所有以帳戶為目標的優惠 | `aws-marketplace:ListPrivateListings` |
| 檢視特定優惠的詳細資訊 | `aws-marketplace:GetPrivateListing` |
**AWS Data Exchange 供應商的主控台限定動作**
| 主控台動作 | IAM 許可 |
| --- | --- |
| 標記產品 | `aws-marketplace:TagResource`
`aws-marketplace:UntagResource`
`aws-marketplace:ListTagsForResource` |
| 標籤優惠 | `aws-marketplace:TagResource`
`aws-marketplace:UntagResource`
`aws-marketplace:ListTagsForResource` |
| 發佈產品 | `aws-marketplace:StartChangeSet`
`aws-marketplace:DescribeChangeSet`
`dataexchange:PublishDataSet` |
| 取消發佈產品 | `aws-marketplace:StartChangeSet`
`aws-marketplace:DescribeChangeSet` |
| 編輯產品 | `aws-marketplace:StartChangeSet`
`aws-marketplace:DescribeChangeSet` |
| 建立自訂優惠 | `aws-marketplace:StartChangeSet`
`aws-marketplace:DescribeChangeSet` |
| 編輯自訂優惠 | `aws-marketplace:StartChangeSet`
`aws-marketplace:DescribeChangeSet` |
| 檢視產品詳細資訊 | `aws-marketplace:DescribeEntity`
`aws-marketplace:ListEntities` |
| 檢視產品的自訂優惠 | aws-marketplace:DescribeEntity |
| 檢視產品儀表板 | `aws-marketplace:ListEntities`
`aws-marketplace:DescribeEntity` |
| 列出已發佈資料集或修訂的產品 | `aws-marketplace:ListEntities`
`aws-marketplace:DescribeEntity` |
| 列出訂閱驗證請求 | `aws-marketplace:ListAgreementApprovalRequests`
`aws-marketplace:GetAgreementApprovalRequest` |
| 核准訂閱驗證請求 | `aws-marketplace:AcceptAgreementApprovalRequest` |
| 拒絕訂閱驗證請求 | `aws-marketplace:RejectAgreementApprovalRequest` |
| 從訂閱驗證請求刪除資訊 | `aws-marketplace:UpdateAgreementApprovalRequest` |
| 檢視訂閱詳細資訊 | `aws-marketplace:SearchAgreements`
`aws-marketplace:GetAgreementTerms` |