本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# AWS 受管政策：AWSMSKReplicatorExecutionRole
<a name="security-iam-awsmanpol-AWSMSKReplicatorExecutionRole"></a>

此`AWSMSKReplicatorExecutionRole`政策授予許可給 Amazon MSK 複寫器，以在 MSK 叢集之間複寫資料。此政策中的許可分組如下：
+ **`cluster`** – 授予 Amazon MSK Replicator 使用 IAM 身分驗證連線至叢集的許可。同時授予描述和更改叢集的許可。
+ **`topic`** – 准許 Amazon MSK Replicator 描述、建立和更改主題，以及更改主題的動態組態。
+ **`consumer group`** – 授予 Amazon MSK Replicator 許可，以描述和變更取用者群組、從 MSK 叢集讀取和寫入日期，以及刪除複寫器建立的內部主題。

------
#### [ JSON ]

****  

```
{
	"Version":"2012-10-17",		 	 	 
	"Statement": [
		{
			"Sid": "ClusterPermissions",
			"Effect": "Allow",
			"Action": [
				"kafka-cluster:Connect",
				"kafka-cluster:DescribeCluster",
				"kafka-cluster:AlterCluster",
				"kafka-cluster:DescribeTopic",
				"kafka-cluster:CreateTopic",
				"kafka-cluster:AlterTopic",
				"kafka-cluster:WriteData",
				"kafka-cluster:ReadData",
				"kafka-cluster:AlterGroup",
				"kafka-cluster:DescribeGroup",
				"kafka-cluster:DescribeTopicDynamicConfiguration",
				"kafka-cluster:AlterTopicDynamicConfiguration",
				"kafka-cluster:WriteDataIdempotently"
			],
			"Resource": [
				"arn:aws:kafka:*:*:cluster/*"
			]
		},
		{
			"Sid": "TopicPermissions",
			"Effect": "Allow",
			"Action": [
				"kafka-cluster:DescribeTopic",
				"kafka-cluster:CreateTopic",
				"kafka-cluster:AlterTopic",
				"kafka-cluster:WriteData",
				"kafka-cluster:ReadData",
				"kafka-cluster:DescribeTopicDynamicConfiguration",
				"kafka-cluster:AlterTopicDynamicConfiguration",
				"kafka-cluster:AlterCluster"
			],
			"Resource": [
				"arn:aws:kafka:*:*:topic/*/*"
			]
		},
		{
			"Sid": "GroupPermissions",
			"Effect": "Allow",
			"Action": [
				"kafka-cluster:AlterGroup",
				"kafka-cluster:DescribeGroup"
			],
			"Resource": [
				"arn:aws:kafka:*:*:group/*/*"
			]
		}
	]
}
```

------