AWS Systems Manager Incident Manager 不再開放給新客戶。現有客戶可以繼續正常使用該服務。如需詳細資訊，請參閱[AWS Systems Manager Incident Manager 可用性變更](https://docs.aws.amazon.com/incident-manager/latest/userguide/incident-manager-availability-change.html)。

本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# 的資源型政策範例 AWS Systems Manager Incident Manager
<a name="security_iam_resource-based-policy-examples"></a>

AWS Systems Manager Incident Manager 支援 Incident Manager 回應計劃和聯絡人的資源型許可政策。

Incident Manager 不支援拒絕存取使用 共用資源的資源型政策 AWS RAM。

若要了解如何建立回應計畫或聯絡人，請參閱 [在 Incident Manager 中建立和設定回應計劃](response-plans.md)和 [在 Incident Manager 中建立和設定聯絡人](contacts.md)。

## 依組織限制 Incident Manager 回應計劃存取
<a name="security_iam_resource-based-policy-examples-restrict-response-plan-by-org"></a>

下列範例使用組織 ID 將許可授予組織中的使用者： `o-abc123def45` 以回應使用回應計畫 建立的事件`myplan`。

`Condition` 區塊使用 `StringEquals`條件和 `aws:PrincipalOrgID` 條件索引鍵，這是 AWS Organizations 特定的條件索引鍵。如需有關這些條件索引鍵的詳細資訊，請參閱「[在政策中指定條件](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-policy-keys.html)」。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Sid": "OrganizationAccess",
            "Effect": "Allow",
            "Principal": "*",
            "Condition": {
                "StringEquals": {
                    "aws:PrincipalOrgID": "o-abc123def45"
                }
            },
            "Action": [
                "ssm-incidents:GetResponsePlan",
                "ssm-incidents:StartIncident",
                "ssm-incidents:UpdateIncidentRecord",
                "ssm-incidents:GetIncidentRecord",
                "ssm-incidents:CreateTimelineEvent",
                "ssm-incidents:UpdateTimelineEvent",
                "ssm-incidents:GetTimelineEvent",
                "ssm-incidents:ListTimelineEvents",
                "ssm-incidents:UpdateRelatedItems",
                "ssm-incidents:ListRelatedItems"
            ],
            "Resource": [
                "arn:aws:ssm-incidents:*:111122223333:response-plan/myplan",
                "arn:aws:ssm-incidents:*:111122223333:incident-record/myplan/*"
            ]
        }
    ]
}
```

------

## 提供 Incident Manager 聯絡人存取權給委託人
<a name="security_iam_resource-based-policy-examples-provide-contact-access-to-principal"></a>

下列範例使用 ARN 將許可授予委託人`arn:aws:iam::999988887777:root`，以建立聯絡 的參與`mycontact`。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Sid": "PrincipalAccess",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::999988887777:root"
            },
            "Action": [
                "ssm-contacts:GetContact",
                "ssm-contacts:StartEngagement",
                "ssm-contacts:DescribeEngagement",
                "ssm-contacts:ListPagesByContact"
            ],
            "Resource": [
                "arn:aws:ssm-contacts:*:111122223333:contact/mycontact",
                "arn:aws:ssm-contacts:*:111122223333:engagement/mycontact/*"
            ]
        }
    ]
}
```

------