本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
自動計劃執行報告許可
如果您為區域切換計劃設定自動產生報告,可連接以下範例政策。此政策包含將報告寫入 Amazon S3、存取 CloudWatch 警示資料,以及擷取父系計劃子計劃資訊的許可。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::your-bucket-name/*" }, { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmHistory" ], "Resource": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:app-health-primary" "arn:aws:cloudwatch:us-west-2:123456789012:alarm:app-health-secondary" ], }, { "Effect": "Allow", "Action": [ "arc-region-switch:GetPlanExecution", "arc-region-switch:ListPlanExecutionEvents" ], "Resource": [ "arn:aws:arc-region-switch:us-east-1:123456789012:plan/child-plan-1/abcde1", "arn:aws:arc-region-switch:us-west-2:123456789012:plan/child-plan-2/fghij2" ], } ] }
注意:如果您為 Amazon S3 儲存貯體加密設定客戶受管 AWS KMS 金鑰,您還必須為金鑰新增 kms:GenerateDataKey和 kms:Encrypt許可。
