本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
与 Amazon SDK或CreatePolicy
一起使用 CLI
以下代码示例演示如何使用 CreatePolicy
。
- .NET
-
- Amazon SDK for .NET
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 Amazon 代码示例存储库
中进行设置和运行。 using System; using System.Threading.Tasks; using Amazon.Organizations; using Amazon.Organizations.Model; /// <summary> /// Creates a new AWS Organizations Policy. /// </summary> public class CreatePolicy { /// <summary> /// Initializes the AWS Organizations client object, uses it to /// create a new Organizations Policy, and then displays information /// about the newly created Policy. /// </summary> public static async Task Main() { IAmazonOrganizations client = new AmazonOrganizationsClient(); var policyContent = "{" + " \"Version\": \"2012-10-17\"," + " \"Statement\" : [{" + " \"Action\" : [\"s3:*\"]," + " \"Effect\" : \"Allow\"," + " \"Resource\" : \"*\"" + "}]" + "}"; try { var response = await client.CreatePolicyAsync(new CreatePolicyRequest { Content = policyContent, Description = "Enables admins of attached accounts to delegate all Amazon S3 permissions", Name = "AllowAllS3Actions", Type = "SERVICE_CONTROL_POLICY", }); Policy policy = response.Policy; Console.WriteLine($"{policy.PolicySummary.Name} has the following content: {policy.Content}"); } catch (Exception ex) { Console.WriteLine(ex.Message); } } }
-
有关API详细信息,请参阅 “Amazon SDK for .NET API参考 CreatePolicy” 中的。
-
- CLI
-
- Amazon CLI
-
示例 1:使用策略的文本源文件创建JSON策略
以下示例说明如何创建名为的服务控制策略 (SCP)
AllowAllS3Actions
。策略内容取自本地计算机上名为policy.json
的文件。aws organizations create-policy --content
file://policy.json
--nameAllowAllS3Actions,
--typeSERVICE_CONTROL_POLICY
--description"Allows delegation of all S3 actions"
输出包括一个策略对象,其中包含有关新策略的详细信息:
{ "Policy": { "Content": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"s3:*\"],\"Resource\":[\"*\"]}]}", "PolicySummary": { "Arn": "arn:aws:organizations::o-exampleorgid:policy/service_control_policy/p-examplepolicyid111", "Description": "Allows delegation of all S3 actions", "Name": "AllowAllS3Actions", "Type":"SERVICE_CONTROL_POLICY" } } }
示例 2:创建以JSON策略为参数的策略
以下示例向您展示了如何创建相同的策略SCP,这次是将策略内容作为JSON字符串嵌入到参数中。字符串必须在双引号前使用反斜杠进行转义,以确保在参数中将其视为文本,参数本身用双引号引起来:
aws organizations create-policy --content "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"s3:*\"],\"Resource\":[\"*\"]}]}" --name
AllowAllS3Actions
--typeSERVICE_CONTROL_POLICY
--description"Allows delegation of all S3 actions"
有关在组织中创建和使用策略的更多信息,请参阅《Amazon Organizations 用户指南》中的“管理组织策略”。
-
有关API详细信息,请参阅Amazon CLI 命令参考CreatePolicy
中的。
-
- Python
-
- SDK适用于 Python (Boto3)
-
注意
还有更多相关信息 GitHub。查找完整示例,学习如何在 Amazon 代码示例存储库
中进行设置和运行。 def create_policy(name, description, content, policy_type, orgs_client): """ Creates a policy. :param name: The name of the policy. :param description: The description of the policy. :param content: The policy content as a dict. This is converted to JSON before it is sent to AWS. The specific format depends on the policy type. :param policy_type: The type of the policy. :param orgs_client: The Boto3 Organizations client. :return: The newly created policy. """ try: response = orgs_client.create_policy( Name=name, Description=description, Content=json.dumps(content), Type=policy_type, ) policy = response["Policy"] logger.info("Created policy %s.", name) except ClientError: logger.exception("Couldn't create policy %s.", name) raise else: return policy
-
有关API详细信息,请参阅CreatePolicy中的 Amazon SDKPython (Boto3) API 参考。
-
有关 Amazon SDK开发者指南和代码示例的完整列表,请参阅使用 Amazon Organizations 用一个 Amazon SDK。本主题还包括有关入门的信息以及有关先前SDK版本的详细信息。
CreateOrganizationalUnit
DeleteOrganization