本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
NeptuneConsoleFullAccessAmazon 托管策略
以下NeptuneConsoleFullAccess
注意
本策略已于 2023 年 11 月 29 日更新,增加了与 Neptune Analytics 图交互所需的权限。
它已于 2022 年 7 月 21 日更新,以包括对全球数据库操作的权限。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowNeptuneCreate", "Effect": "Allow", "Action": [ "rds:CreateDBCluster", "rds:CreateDBInstance" ], "Resource": [ "arn:aws:rds:*:*:*" ], "Condition": { "StringEquals": { "rds:DatabaseEngine": [ "graphdb", "neptune" ] } } }, { "Sid": "AllowManagementPermissionsForRDS", "Action": [ "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Sid": "AllowOtherDepedentPermissions", "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:AllocateAddress", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AssociateRouteTable", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateVpcCidrBlock", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkInterface", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpoint", "ec2:DescribeAccountAttributes", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeNatGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "iam:ListRoles", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Sid": "AllowPassRoleForNeptune", "Action": "iam:PassRole", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "iam:passedToService": "rds.amazonaws.com" } } }, { "Sid": "AllowCreateSLRForNeptune", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", "Condition": { "StringLike": { "iam:AWSServiceName": "rds.amazonaws.com" } } }, { "Sid": "AllowManagementPermissionsForNeptuneAnalytics", "Effect": "Allow", "Action": [ "neptune-graph:CreateGraph", "neptune-graph:DeleteGraph", "neptune-graph:GetGraph", "neptune-graph:ListGraphs", "neptune-graph:UpdateGraph", "neptune-graph:ResetGraph", "neptune-graph:CreateGraphSnapshot", "neptune-graph:DeleteGraphSnapshot", "neptune-graph:GetGraphSnapshot", "neptune-graph:ListGraphSnapshots", "neptune-graph:RestoreGraphFromSnapshot", "neptune-graph:CreatePrivateGraphEndpoint", "neptune-graph:GetPrivateGraphEndpoint", "neptune-graph:ListPrivateGraphEndpoints", "neptune-graph:DeletePrivateGraphEndpoint", "neptune-graph:CreateGraphUsingImportTask", "neptune-graph:GetImportTask", "neptune-graph:ListImportTasks", "neptune-graph:CancelImportTask" ], "Resource": [ "arn:aws:neptune-graph:*:*:*" ] }, { "Sid": "AllowPassRoleForNeptuneAnalytics", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:passedToService": "neptune-graph.amazonaws.com" } } }, { "Sid": "AllowCreateSLRForNeptuneAnalytics", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/neptune-graph.amazonaws.com/AWSServiceRoleForNeptuneGraph", "Condition": { "StringLike": { "iam:AWSServiceName": "neptune-graph.amazonaws.com" } } } ] }