本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # Elastic Beanstalk 動作的資源與條件 本章節說明您可於政策陳述式內使用的資源與條件,以授予能夠對特定 Elastic Beanstalk 資源執行特定 Elastic Beanstalk 動作的許可。 條件可讓您指定完成動作所需資源的許可。例如,當您可以呼叫 `CreateEnvironment` 動作,必須也指定欲部署的應用程式版本及內含應用程式名稱的應用程式。當您設定 `CreateEnvironment` 動作的許可,應使用 `InApplication` 和 `FromApplicationVersion` 條件,指定欲執行動作的應用程式及應用程式版本。 此外,您可使用解決方案堆疊 (`FromSolutionStack`) 或組態範本 (`FromConfigurationTemplate`) 來指定環境資訊。下列政策陳述式允許 `CreateEnvironment` 動作,透過搭配 **myenv** 組態 (`Resource`) 的應用程式版本 **My App** (`InApplication`) 的方式,在應用程式 **My Version** (由 `FromApplicationVersion` 條件指定) 內建立名為 **32bit Amazon Linux running Tomcat 7** (由 `FromSolutionStack` 指定) 的環境: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:CreateEnvironment" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:application/My App"], "elasticbeanstalk:FromApplicationVersion": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:applicationversion/My App/My Version"], "elasticbeanstalk:FromSolutionStack": ["arn:aws:elasticbeanstalk:us-east-2::solutionstack/32bit Amazon Linux running Tomcat 7"] } } } ] } ``` ------ **注意** 本主題內提及的大多數條件索引鍵都是專屬於 Elastic Beanstalk,其名稱包含 `elasticbeanstalk:` 字首。為了簡潔起見,以下幾節提到這類條件鍵時,會省略名稱中的字首。舉例來說,會使用 `InApplication` 而非其全名 `elasticbeanstalk:InApplication`。 相反地,我們提到一些跨 AWS 服務使用的條件索引鍵,並包含其`aws:`字首來強調例外狀況。 政策範例中一律會顯示完整的條件鍵名稱,包括字首。 **Topics** + [Elastic Beanstalk 動作的政策資訊](#AWSHowTo.iam.policies.actions.table) + [Elastic Beanstalk 動作的條件金鑰](#AWSHowTo.iam.policies.conditions) ## Elastic Beanstalk 動作的政策資訊 下表列出所有 Elastic Beanstalk 動作、每個動作針對的資源,以及可透過條件提供的其他情境資訊。 **Elastic Beanstalk 動作的政策資訊,包括資源、條件、範例和依存項目**
資源條件範例陳述式
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_AbortEnvironmentUpdate.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_AbortEnvironmentUpdate.html)
`application`
`environment`		`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許使用者在名為 `My App` 的應用程式中的環境內中止環境更新操作。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CheckDNSAvailability.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CheckDNSAvailability.html)
`"*"`N/A [See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_ComposeEnvironments.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_ComposeEnvironments.html)
`application``aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許使用者撰寫屬於名為 `My App` 應用程式的環境。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CreateApplication.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CreateApplication.html)
`application``aws:RequestTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		此範例允許 `CreateApplication` 動作建立名稱開頭為 **DivA** 的應用程式:[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CreateApplicationVersion.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CreateApplicationVersion.html)
`applicationversion``InApplication`
`aws:RequestTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		此範例允許 `CreateApplicationVersion` 動作在應用程式 **My App** 中建立任意名稱 (**\***) 的應用程式版本:[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CreateConfigurationTemplate.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CreateConfigurationTemplate.html)
`configurationtemplate``InApplication`
`FromApplication`
`FromApplicationVersion`
`FromConfigurationTemplate`
`FromEnvironment`
`FromSolutionStack`
`aws:RequestTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `CreateConfigurationTemplate` 動作在應用程式 **My App** 中建立名稱開頭為 **My Template** (`My Template*`) 的組態範本:[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CreateEnvironment.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CreateEnvironment.html)
`environment``InApplication`
`FromApplicationVersion`
`FromConfigurationTemplate`
`FromSolutionStack`
`aws:RequestTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `CreateEnvironment` 動作在應用程式 **My App** 中,使用解決方案堆疊 **32bit Amazon Linux running Tomcat 7** 來建立名為 **myenv** 的環境:[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CreatePlatformVersion.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CreatePlatformVersion.html)
`platform``aws:RequestTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		此範例允許 `CreatePlatformVersion` 動作建立以 `us-east-2` 區域為目標的平台版本,其中的名稱開頭為 **us-east-2\_**:[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CreateStorageLocation.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_CreateStorageLocation.html)
`"*"`N/A [See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DeleteApplication.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DeleteApplication.html)
`application``aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `DeleteApplication` 動作刪除應用程式 **My App**:[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DeleteApplicationVersion.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DeleteApplicationVersion.html)
`applicationversion``InApplication`
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `DeleteApplicationVersion` 動作在應用程式 **My App** 中刪除名為 **My Version** 的應用程式版本:[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DeleteConfigurationTemplate.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DeleteConfigurationTemplate.html)
`configurationtemplate``InApplication` (選用)
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `DeleteConfigurationTemplate` 動作在應用程式 **My App** 中刪除名為 **My Template** 的組態範本。將應用程式名稱指定為條件為選用。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DeleteEnvironmentConfiguration.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DeleteEnvironmentConfiguration.html)
`environment``InApplication` (選用)下列政策允許 `DeleteEnvironmentConfiguration` 動作在應用程式 **My App** 中刪除環境 **myenv** 的草稿組態。將應用程式名稱指定為條件為選用。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DeletePlatformVersion.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DeletePlatformVersion.html)
`platform``aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		以下政策允許 `DeletePlatformVersion` 動作刪除以 `us-east-2` 區域為目標的平台版本,其中的名稱開頭為 **us-east-2\_**:[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeApplications.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeApplications.html)
`application``aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `DescribeApplications` 動作描述應用程式 My App。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeApplicationVersions.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeApplicationVersions.html)
`applicationversion``InApplication` (選用)
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `DescribeApplicationVersions` 動作在應用程式 **My App** 中描述應用程式版本 **My Version**。將應用程式名稱指定為條件為選用。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeConfigurationOptions.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeConfigurationOptions.html)
`environment`
`configurationtemplate`
`solutionstack`		`InApplication` (選用)
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `DescribeConfigurationOptions` 動作在應用程式 **My App** 中描述環境 **myenv** 的組態選項。將應用程式名稱指定為條件為選用。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeConfigurationSettings.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeConfigurationSettings.html)
`environment`
`configurationtemplate`		`InApplication` (選用)
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `DescribeConfigurationSettings` 動作在應用程式 **My App** 中描述環境 **myenv** 的組態設定。將應用程式名稱指定為條件為選用。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironmentHealth.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironmentHealth.html)
`environment``aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許使用 `DescribeEnvironmentHealth` 來擷取名為 **myenv** 之環境的運作狀態資訊。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironmentResources.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironmentResources.html)
`environment``InApplication` (選用)
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `DescribeEnvironmentResources`動作傳回應用程式 **myenv**中環境 AWS 的資源清單**My App**。將應用程式名稱指定為條件為選用。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironments.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironments.html)
`environment``InApplication` (選用)
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `DescribeEnvironments` 動作在應用程式 **My App** 中描述環境 **myenv** 和 **myotherenv**。將應用程式名稱指定為條件為選用。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEvents.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEvents.html)
`application`
`applicationversion`
`configurationtemplate`
`environment`		`InApplication`
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `DescribeEvents` 動作列出應用程式 **My App** 中環境 **myenv** 及應用程式版本 **My Version** 的事件描述。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeInstancesHealth.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeInstancesHealth.html)
`environment`N/A下列政策允許使用 `DescribeInstancesHealth` 來擷取名為 **myenv** 之環境內的執行個體運作狀態資訊。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribePlatformVersion.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribePlatformVersion.html)
`platform``aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		以下政策允許 `DescribePlatformVersion` 動作描述以 `us-east-2` 區域為目標的平台版本,其中的名稱開頭為 **us-east-2\_**:[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_ListAvailableSolutionStacks.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_ListAvailableSolutionStacks.html)
`solutionstack`N/A以下政策僅允許 `ListAvailableSolutionStacks` 動作傳回解決方案堆疊 **32bit Amazon Linux running Tomcat 7**。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_ListPlatformVersions.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_ListPlatformVersions.html)
`platform``aws:RequestTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		此範例允許 `CreatePlatformVersion` 動作建立以 `us-east-2` 區域為目標的平台版本,其中的名稱開頭為 **us-east-2\_**:[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_ListTagsForResource.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_ListTagsForResource.html)
`application`
`applicationversion`
`configurationtemplate`
`environment`
`platform`		`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		以下政策僅允許 `ListTagsForResource` 動作列出現有資源的標籤,且僅限具有名為 `stage` 且含有 `test` 此值之標籤的資源:[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_RebuildEnvironment.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_RebuildEnvironment.html)
`environment``InApplication`
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `RebuildEnvironment` 動作在應用程式 **My App** 中重建環境 **myenv**。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_RequestEnvironmentInfo.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_RequestEnvironmentInfo.html)
`environment``InApplication`
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `RequestEnvironmentInfo` 動作在應用程式 **My App** 中編譯環境 **myenv** 的資訊。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_RestartAppServer.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_RestartAppServer.html)
`environment``InApplication`下列政策允許 `RestartAppServer` 動作在應用程式 **My App** 中重新啟動環境 **myenv** 的應用程式容器伺服器。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_RetrieveEnvironmentInfo.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_RetrieveEnvironmentInfo.html)
`environment``InApplication`
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `RetrieveEnvironmentInfo` 動作在應用程式 **My App** 中擷取環境 **myenv** 的編譯資訊。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_SwapEnvironmentCNAMEs.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_SwapEnvironmentCNAMEs.html)
`environment``InApplication` (選用)
`FromEnvironment` (選用)		下列政策允許 `SwapEnvironmentCNAMEs` 動作交換環境 **mysrcenv** 及 **mydestenv** 的 CNAME。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_TerminateEnvironment.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_TerminateEnvironment.html)
`environment``InApplication`
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `TerminateEnvironment` 動作在應用程式 **My App** 中終止環境 **myenv**。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[UpdateApplication](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateApplication.html)
`application``aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `UpdateApplication` 動作更新應用程式 **My App** 的屬性。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[UpdateApplicationResourceLifecycle](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateApplicationResourceLifecycle.html)
`application``aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		以下政策會允許 `UpdateApplicationResourceLifecycle` 動作來更新應用程式 **My App** 的生命週期設定。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateApplicationVersion.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateApplicationVersion.html)
`applicationversion``InApplication`
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `UpdateApplicationVersion` 動作在應用程式 **My App** 中更新應用程式版本 **My Version** 的屬性。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateConfigurationTemplate.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateConfigurationTemplate.html)
`configurationtemplate``InApplication`
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `UpdateConfigurationTemplate` 動作在應用程式 **My App** 中更新組態範本 **My Template** 的屬性或選項。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateEnvironment.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateEnvironment.html)
`environment``InApplication`
`FromApplicationVersion`
`FromConfigurationTemplate`
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `UpdateEnvironment` 動作部署應用程式版本 **My Version**,藉此在應用程式 **My App** 中更新環境 **myenv**。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html) - `AddTags`
`application`
`applicationversion`
`configurationtemplate`
`environment`
`platform`		`aws:ResourceTag/{{key-name}}` (選用)
`aws:RequestTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		`AddTags` 動作是與 [https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html) API 相關聯的兩個虛擬動作之一。
以下政策僅允許 `AddTags` 動作修改現有資源的標籤,且僅限具有名為 `stage` 且含有 `test` 此值之標籤的資源:[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html) - `RemoveTags`
`application`
`applicationversion`
`configurationtemplate`
`environment`
`platform`		`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		`RemoveTags` 動作是與 [https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html) API 相關聯的兩個虛擬動作之一。
以下政策拒絕 `RemoveTags` 動作請求移除現有環境中名為 `stage` 的標籤:[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**動作:**[https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_ValidateConfigurationSettings.html](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_ValidateConfigurationSettings.html)
`template`
`environment`		`InApplication`
`aws:ResourceTag/{{key-name}}` (選用)
`aws:TagKeys` (選用)		下列政策允許 `ValidateConfigurationSettings` 動作在應用程式 **My App** 中根據環境 **myenv** 驗證組態設定。[See the AWS documentation website for more details](http://docs.aws.amazon.com/zh_tw/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
## Elastic Beanstalk 動作的條件金鑰 金鑰可讓您指定條件以表達依存項目、限制許可或指定動作輸入參數的限制。Elastic Beanstalk 支援下列金鑰。 `InApplication` 指定內含動作執行針對之資源的應用程式。 下列範例允許 `UpdateApplicationVersion` 動作更新應用程式版本 **My Version** 的屬性。`InApplication` 條件將 **My App** 指定為 **My Version** 的容器。 **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:UpdateApplicationVersion" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:applicationversion/My App/My Version" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:application/My App"] } } } ] } ``` `FromApplicationVersion` 將應用程式版本指定為依存項目或輸入參數的限制。 下列範例允許 `UpdateEnvironment` 動作在應用程式 **My App** 中更新環境 **myenv**。`FromApplicationVersion` 條件會限制 `VersionLabel` 參數,僅允許應用程式版本 **My Version** 更新環境。 **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:UpdateEnvironment" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:application/My App"], "elasticbeanstalk:FromApplicationVersion": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:applicationversion/My App/My Version"] } } } ] } ``` `FromConfigurationTemplate` 將組態範本指定為依存項目或輸入參數的限制。 下列範例允許 `UpdateEnvironment` 動作在應用程式 **My App** 中更新環境 **myenv**。`FromConfigurationTemplate` 條件會限制 `TemplateName` 參數,僅允許組態範本 **My Template** 更新環境。 **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:UpdateEnvironment" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:application/My App"], "elasticbeanstalk:FromConfigurationTemplate": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:configurationtemplate/My App/My Template"] } } } ] } ``` `FromEnvironment` 將環境指定為依存項目或輸入參數的限制。 下列範例允許 `SwapEnvironmentCNAMEs` 動作交換所有環境內 **My App** 內名稱開頭為 **mysrcenv** 和 **mydestenv** 之環境的 CNAME,但不適用名稱開頭為 **mysrcenvPROD\*** 和 **mydestenvPROD\*** 的環境。 **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:SwapEnvironmentCNAMEs" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/mysrcenv*", "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/mydestenv*" ], "Condition": { "ArnNotLike": { "elasticbeanstalk:FromEnvironment": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/mysrcenvPROD*", "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/mydestenvPROD*" ] } } } ] } ``` `FromSolutionStack` 將解決方案堆疊指定為依存項目或輸入參數的限制。 下列政策允許 `CreateConfigurationTemplate` 動作在應用程式 **My App** 中建立名稱開頭為 **My Template** (`My Template*`) 的組態範本。`FromSolutionStack` 條件會限制 `solutionstack` 參數,該參數僅能以解決方案堆疊 **32bit Amazon Linux running Tomcat 7** 做為輸入值。 **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:CreateConfigurationTemplate" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:configurationtemplate/My App/My Template*" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:application/My App"], "elasticbeanstalk:FromSolutionStack": ["arn:aws:elasticbeanstalk:us-east-2::solutionstack/32bit Amazon Linux running Tomcat 7"] } } } ] } ``` `aws:ResourceTag/{{key-name}}``aws:RequestTag/{{key-name}}``aws:TagKeys` 指定標記型條件。如需詳細資訊,請參閱[使用標籤來控制對 Elastic Beanstalk 資源的存取政策中的標籤條件範例](AWSHowTo.iam.policies.access-tags.md)。