本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
自动计划执行报告权限
以下是您为区域切换计划配置自动生成报告时要附加的示例策略。此政策包括向 Amazon S3 撰写报告、访问 CloudWatch 警报数据以及检索家长计划的子计划信息的权限。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::your-bucket-name/*" }, { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmHistory" ], "Resource": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:app-health-primary" "arn:aws:cloudwatch:us-west-2:123456789012:alarm:app-health-secondary" ], }, { "Effect": "Allow", "Action": [ "arc-region-switch:GetPlanExecution", "arc-region-switch:ListPlanExecutionEvents" ], "Resource": [ "arn:aws:arc-region-switch:us-east-1:123456789012:plan/child-plan-1/abcde1", "arn:aws:arc-region-switch:us-west-2:123456789012:plan/child-plan-2/fghij2" ], } ] }
注意:如果您为 Amazon S3 存储桶加密配置客户托管密 Amazon KMS 钥,则还必须为该密钥添加kms:GenerateDataKey和kms:Encrypt权限。