AWS Elastic Beanstalk
开发人员指南
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

Elastic Beanstalk 操作的资源和条件

本部分描述了可在策略语句中用于授予权限的资源和条件,这些权限允许用户对特定的 Elastic Beanstalk 资源执行特定的 Elastic Beanstalk 操作。

条件可让您指定完成此操作所需的资源的权限。例如,当您调用 CreateEnvironment 操作时,还必须指定要部署的应用程序版本及包含此应用程序名称的应用程序。为 CreateEnvironment 操作设置权限时,应使用 InApplicationFromApplicationVersion 条件指定您要执行操作的应用程序和应用程序版本。

此外,还可以使用解决方案堆栈 (FromSolutionStack) 或配置模板 (FromConfigurationTemplate) 指定环境配置。以下策略语句允许 CreateEnvironment 操作,借助 32bit Amazon Linux running Tomcat 7 配置 (FromSolutionStack) 使用应用程序版本 My Version (FromApplicationVersion) 在应用程序 My App(由 InApplication 条件指定)中创建名为 myenv(由 Resource 指定)的环境:

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:CreateEnvironment" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"], "elasticbeanstalk:FromApplicationVersion": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:applicationversion/My App/My Version"], "elasticbeanstalk:FromSolutionStack": ["arn:aws-cn:elasticbeanstalk:us-west-2::solutionstack/32bit Amazon Linux running Tomcat 7"] } } } ] }

注意

本主题中提及的大多数条件键特定于 Elastic Beanstalk,而且其名称包含 elasticbeanstalk: 前缀。为简洁起见,我们会在以下部分中提交条件键名称时从这些名称中忽略此前缀。例如,我们会提及 InApplication 而不是其全名 elasticbeanstalk:InApplication

相反,我们会提及跨 AWS 服务所使用的一些条件键,而且我们包含其 aws: 前缀突出显示异常。

策略示例始终显示完整条件键名称,包括前缀。

Elastic Beanstalk 操作的策略信息

下表列出了所有 Elastic Beanstalk 操作、每项操作针对的资源以及可以使用条件提供的其他上下文信息。

Elastic Beanstalk 操作的策略信息,包括资源、条件、示例和依赖项

资源 条件 示例语句

操作:AbortEnvironmentUpdate

application

environment

不适用

以下策略允许用户在名为 My App 的应用程序中中止有关环境的环境更新操作。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:AbortEnvironmentUpdate" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App" ] } ] }

操作:CheckDNSAvailability

"*"

不适用

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:CheckDNSAvailability" ], "Effect": "Allow", "Resource": "*" } ] }

操作:ComposeEnvironments

application

不适用

以下策略允许用户编写属于名为 My App 的应用程序的环境。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:ComposeEnvironments" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App" ] } ] }

操作:CreateApplication

application

不适用

此示例允许 CreateApplication 操作创建名称以 DivA 开头的应用程序:

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:CreateApplication" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/DivA*" ] } ] }

操作:CreateApplicationVersion

applicationversion

InApplication

此示例允许 CreateApplicationVersion 操作在应用程序 My App 中创建使用任一名称 (*) 的应用程序版本:

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:CreateApplicationVersion" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:applicationversion/My App/*" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"] } } } ] }

操作:CreateConfigurationTemplate

configurationtemplate

InApplication

FromApplication

FromApplicationVersion

FromConfigurationTemplate

FromEnvironment

FromSolutionStack

以下策略允许 CreateConfigurationTemplate 操作在应用程序 My App 中创建名称以 My Template (My Template*) 开头的配置模板:

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:CreateConfigurationTemplate" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:configurationtemplate/My App/My Template*" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"], "elasticbeanstalk:FromSolutionStack": ["arn:aws-cn:elasticbeanstalk:us-west-2::solutionstack/32bit Amazon Linux running Tomcat 7"] } } } ] }

操作:CreateEnvironment

environment

InApplication

FromApplicationVersion

FromConfigurationTemplate

FromSolutionStack

aws:RequestTag/key-name (可选)

aws:TagKeys (可选)

以下策略允许 CreateEnvironment 操作在应用程序 My App 中使用解决方案堆栈 32bit Amazon Linux running Tomcat 7 创建名为 myenv 的环境:

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:CreateEnvironment" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"], "elasticbeanstalk:FromApplicationVersion": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:applicationversion/My App/My Version"], "elasticbeanstalk:FromSolutionStack": ["arn:aws-cn:elasticbeanstalk:us-west-2::solutionstack/32bit Amazon Linux running Tomcat 7"] } } } ] }

操作:CreateStorageLocation

"*"

不适用

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:CreateStorageLocation" ], "Effect": "Allow", "Resource": "*" } ] }

操作:DeleteApplication

application

不适用

以下策略允许 DeleteApplication 操作删除应用程序 My App

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:DeleteApplication" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App" ] } ] }

操作:DeleteApplicationVersion

applicationversion

InApplication

以下策略允许 DeleteApplicationVersion 操作在应用程序 My App 中删除名为 My Version 的应用程序版本:

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:DeleteApplicationVersion" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:applicationversion/My App/My Version" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"] } } } ] }

操作:DeleteConfigurationTemplate

configurationtemplate

InApplication (可选)

以下策略允许 DeleteConfigurationTemplate 操作在应用程序 My App 中删除名为 My Template 的配置模板。将应用程序名称指定为条件 (可选)。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:DeleteConfigurationTemplate" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:configurationtemplate/My App/My Template" ] } ] }

操作:DeleteEnvironmentConfiguration

environment

InApplication (可选)

以下策略允许 DeleteEnvironmentConfiguration 操作在应用程序 My App 中删除环境 myenv 的预配置。将应用程序名称指定为条件 (可选)。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:DeleteEnvironmentConfiguration" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ] } ] }

操作:DescribeApplications

application

不适用

以下策略允许 DescribeApplications 操作描述应用程序“My App”。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:DescribeApplications" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App" ] } ] }

操作:DescribeApplicationVersions

applicationversion

InApplication (可选)

以下策略允许 DescribeApplicationVersions 操作在应用程序 My App 中描述应用程序版本 My Version。将应用程序名称指定为条件 (可选)。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:DescribeApplicationVersions" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:applicationversion/My App/My Version" ] } ] }

操作:DescribeConfigurationOptions

environment

configurationtemplate

solutionstack

InApplication (可选)

以下策略允许 DescribeConfigurationOptions 操作在应用程序 My App 中描述环境 myenv 的配置选项。将应用程序名称指定为条件 (可选)。

{ "Version": "2012-10-17", "Statement": [ { "Action": "elasticbeanstalk:DescribeConfigurationOptions", "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ] } ] }

操作:DescribeConfigurationSettings

environmentconfigurationtemplate

InApplication (可选)

以下策略允许 DescribeConfigurationSettings 操作在应用程序 My App 中描述环境 myenv 的配置设置。将应用程序名称指定为条件 (可选)。

{ "Version": "2012-10-17", "Statement": [ { "Action": "elasticbeanstalk:DescribeConfigurationSettings", "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ] } ] }

操作:DescribeEnvironmentHealth

environment

不适用

以下策略允许使用 DescribeEnvironmentHealth 检索名为 myenv 的环境的运行状况信息。

{ "Version": "2012-10-17", "Statement": [ { "Action": "elasticbeanstalk:DescribeEnvironmentHealth", "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ] } ] }

操作:DescribeEnvironmentResources

environment

InApplication (可选)

以下策略允许 DescribeEnvironmentResources 操作在应用程序 My App 中返回环境 myenv 的 AWS 资源列表。将应用程序名称指定为条件 (可选)。

{ "Version": "2012-10-17", "Statement": [ { "Action": "elasticbeanstalk:DescribeEnvironmentResources", "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ] } ] }

操作:DescribeEnvironments

environment

InApplication (可选)

aws:ResourceTag/key-name (可选)

aws:TagKeys (可选)

以下策略允许 DescribeEnvironments 操作在应用程序 My App 中描述环境 myenvmyotherenv。将应用程序名称指定为条件 (可选)。

{ "Version": "2012-10-17", "Statement": [ { "Action": "elasticbeanstalk:DescribeEnvironments", "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv", "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App2/myotherenv" ] } ] }

操作:DescribeEvents

application

applicationversion

configurationtemplate

environment

InApplication

以下策略允许 DescribeEvents 操作在应用程序 My App 中列出环境 myenv 和应用程序版本 My Version 的事件描述。

{ "Version": "2012-10-17", "Statement": [ { "Action": "elasticbeanstalk:DescribeEvents", "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv", "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:applicationversion/My App/My Version" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"] } } } ] }

操作:DescribeInstancesHealth

environment

不适用

以下策略允许使用 DescribeInstancesHealth 检索名为 myenv 的环境中的实例的运行状况信息。

{ "Version": "2012-10-17", "Statement": [ { "Action": "elasticbeanstalk:DescribeInstancesHealth", "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ] } ] }

操作:ListAvailableSolutionStacks

solutionstack

不适用

以下策略允许 ListAvailableSolutionStacks 操作仅返回解决方案堆栈 32bit Amazon Linux running Tomcat 7

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:ListAvailableSolutionStacks" ], "Effect": "Allow", "Resource": "arn:aws-cn:elasticbeanstalk:us-west-2::solutionstack/32bit Amazon Linux running Tomcat 7" } ] }

操作:ListTagsForResource

environment

aws:ResourceTag/key-name (可选)

aws:TagKeys (可选)

以下策略仅在现有环境具有名为 stage 的带有值 test 的标签时允许 ListTagsForResource 操作列出现有环境的标签。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:ListTagsForResource" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/stage": ["test"] } } } ] }

操作:RebuildEnvironment

environment

InApplication

以下策略允许 RebuildEnvironment 操作在应用程序 My App 中重建环境 myenv

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:RebuildEnvironment" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"] } } } ] }

操作:RequestEnvironmentInfo

environment

InApplication

以下策略允许 RequestEnvironmentInfo 操作在应用程序 My App 中编译有关环境 myenv 的信息。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:RequestEnvironmentInfo" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"] } } } ] }

操作:RestartAppServer

environment

InApplication

以下策略允许 RestartAppServer 操作在应用程序 My App 中重启环境 myenv 的应用程序容器服务器。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:RestartAppServer" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"] } } } ] }

操作:RetrieveEnvironmentInfo

environment

InApplication

以下策略允许 RetrieveEnvironmentInfo 操作在应用程序 My App 中检索环境 myenv 的已编译信息。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:RetrieveEnvironmentInfo" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"] } } } ] }

操作:SwapEnvironmentCNAMEs

environment

InApplication (可选)

FromEnvironment (可选)

以下策略允许 SwapEnvironmentCNAMEs 操作交换环境 mysrcenvmydestenv 的别名记录。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:SwapEnvironmentCNAMEs" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/mysrcenv", "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/mydestenv" ] } ] }

操作:TerminateEnvironment

environment

InApplication

aws:ResourceTag/key-name (可选)

aws:TagKeys (可选)

以下策略允许 TerminateEnvironment 操作在应用程序 My App 中终止环境 myenv

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:TerminateEnvironment" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"] } } } ] }

操作:UpdateApplication

application

不适用

以下策略允许 UpdateApplication 操作更新应用程序 My App 的属性。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:UpdateApplication" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App" ] } ] }

操作:UpdateApplicationVersion

applicationversion

InApplication

以下策略允许 UpdateApplicationVersion 操作在应用程序 My App 中更新应用程序版本 My Version 的属性。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:UpdateApplicationVersion" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:applicationversion/My App/My Version" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"] } } } ] }

操作:UpdateConfigurationTemplate

configurationtemplate

InApplication

以下策略允许 UpdateConfigurationTemplate 操作在应用程序 My App 中更新配置模板 My Template 的属性或选项。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:UpdateConfigurationTemplate" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:configurationtemplate/My App/My Template" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"] } } } ] }

操作:UpdateEnvironment

environment

InApplication

FromApplicationVersion

FromConfigurationTemplate

aws:ResourceTag/key-name (可选)

aws:TagKeys (可选)

以下策略允许 UpdateEnvironment 操作通过部署应用程序版本 My Version 在应用程序 My App 中更新环境 myenv

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:UpdateEnvironment" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"], "elasticbeanstalk:FromApplicationVersion": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:applicationversion/My App/My Version"] } } } ] }

操作: UpdateTagsForResourceAddTags

environment

aws:ResourceTag/key-name (可选)

aws:RequestTag/key-name (可选)

aws:TagKeys (可选)

AddTags 操作是与 UpdateTagsForResource API 关联的两个虚拟操作之一。

以下策略仅在现有环境具有名为 stage 的带有值 test 的标签时允许 AddTags 操作修改现有环境的标签。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:AddTags" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/stage": ["test"] } } } ] }

操作: UpdateTagsForResourceRemoveTags

environment

aws:ResourceTag/key-name (可选)

aws:TagKeys (可选)

RemoveTags 操作是与 UpdateTagsForResource API 关联的两个虚拟操作之一。

以下策略拒绝请求从现有环境中删除名为 stage 的标签的 RemoveTags 操作:

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:RemoveTags" ], "Effect": "Deny", "Resource": "*", "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": ["stage"] } } } ] }

操作:ValidateConfigurationSettings

template

environment

InApplication

以下策略允许 ValidateConfigurationSettings 操作在应用程序 My App 中根据环境 myenv 验证配置设置。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:ValidateConfigurationSettings" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"] } } } ] }

Elastic Beanstalk 操作的条件密钥

键可让您指定用于表达依赖项、限制权限的条件,或指定某一操作的输入参数约束。Elastic Beanstalk 支持以下键。

InApplication

指定相关应用程序,其中包含了供操作运行的资源。

以下示例允许 UpdateApplicationVersion 操作更新应用程序版本 My Version 的属性。InApplication 条件将 My App 指定为 My Version 的容器。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:UpdateApplicationVersion" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:applicationversion/My App/My Version" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"] } } } ] }
FromApplicationVersion

将应用程序版本指定为输入参数的依赖项或约束。

以下示例允许 UpdateEnvironment 操作在应用程序 My App 中更新环境 myenvFromApplicationVersion 条件会限制 VersionLabel 参数,仅允许应用程序版本 My Version 更新此环境。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:UpdateEnvironment" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"], "elasticbeanstalk:FromApplicationVersion": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:applicationversion/My App/My Version"] } } } ] }
FromConfigurationTemplate

将配置模板指定为输入参数的依赖项或约束。

以下示例允许 UpdateEnvironment 操作在应用程序 My App 中更新环境 myenvFromConfigurationTemplate 条件会限制 TemplateName 参数,仅允许配置模板 My Template 更新此环境。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:UpdateEnvironment" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"], "elasticbeanstalk:FromConfigurationTemplate": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:configurationtemplate/My App/My Template"] } } } ] }
FromEnvironment

将环境指定为输入参数的依赖项或约束。

以下示例允许 SwapEnvironmentCNAMEs 操作在 My App 中的名称以 mysrcenvmydestenv 开头的所有环境之间交换别名记录,但这不适用于名称以 mysrcenvPROD*mydestenvPROD* 开头的环境。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:SwapEnvironmentCNAMEs" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/mysrcenv*", "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/mydestenv*" ], "Condition": { "StringNotLike": { "elasticbeanstalk:FromEnvironment": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/mysrcenvPROD*", "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:environment/My App/mydestenvPROD*" ] } } } ] }
FromSolutionStack

将解决方案堆栈指定为输入参数的依赖项或约束。

以下策略允许 CreateConfigurationTemplate 操作在应用程序 My App 中创建名称以 My Template (My Template*) 开头的配置模板。FromSolutionStack 条件会限制 solutionstack 参数,仅允许将解决方案堆栈 32bit Amazon Linux running Tomcat 7 用作该参数的输入值。

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:CreateConfigurationTemplate" ], "Effect": "Allow", "Resource": [ "arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:configurationtemplate/My App/My Template*" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws-cn:elasticbeanstalk:us-west-2:123456789012:application/My App"], "elasticbeanstalk:FromSolutionStack": ["arn:aws-cn:elasticbeanstalk:us-west-2::solutionstack/32bit Amazon Linux running Tomcat 7"] } } } ] }
aws:ResourceTag/key-name
aws:RequestTag/key-name
aws:TagKeys

指定基于标签的条件。有关详细信息,请参阅 使用标签控制对 Elastic Beanstalk 资源的访问