本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# Amazon Elastic Kubernetes Service 的操作、资源和条件键
Amazon Elastic Kubernetes Service(服务前缀:`eks`)提供以下服务特定的资源、操作和条件上下文键以在 IAM 权限策略中使用。
参考:
+ 了解如何[配置该服务](https://docs.amazonaws.cn/eks/latest/userguide/)。
+ 查看[适用于该服务的 API 操作列表](https://docs.amazonaws.cn/eks/latest/APIReference/)。
+ 了解如何[使用 IAM](https://docs.amazonaws.cn/eks/latest/userguide/IAM_policies.html) 权限策略保护该服务及其资源。
**Topics**
+ [Amazon Elastic Kubernetes Service 定义的操作](#amazonelastickubernetesservice-actions-as-permissions)
+ [Amazon Elastic Kubernetes Service 定义的资源类型](#amazonelastickubernetesservice-resources-for-iam-policies)
+ [Amazon Elastic Kubernetes Service 的条件键](#amazonelastickubernetesservice-policy-keys)
## Amazon Elastic Kubernetes Service 定义的操作
您可以在 IAM 策略语句的 `Action` 元素中指定以下操作。可以使用策略授予在 Amazon中执行操作的权限。您在策略中使用一项操作时,通常使用相同的名称允许或拒绝对 API 操作或 CLI 命令的访问。但在某些情况下,单一动作可控制对多项操作的访问。还有某些操作需要多种不同的动作。
操作表的**访问级别**列描述如何对操作进行分类(列出、读取、权限管理或标记)。此分类可以帮助您了解当您在策略中使用操作时,相应操作授予的访问级别。有关访问级别的更多信息,请参阅[策略摘要中的访问级别](https://docs.amazonaws.cn/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html)。
操作表的**资源类型**列指示每项操作是否支持资源级权限。如果该列没有任何值,您必须在策略语句的 `Resource` 元素中指定策略应用的所有资源(“\*”)。通过在 IAM policy 中使用条件来筛选访问权限,以控制是否可以在资源或请求中使用特定标签键。如果操作具有一个或多个必需资源,则调用方必须具有使用这些资源来使用该操作的权限。必需资源在表中以星号 (\*) 表示。如果您在 IAM policy 中使用 `Resource` 元素限制资源访问权限,则必须为每种必需的资源类型添加 ARN 或模式。某些操作支持多种资源类型。如果资源类型是可选的(未指示为必需),则可以选择使用一种可选资源类型。
操作表的**条件键**列包括可以在策略语句的 `Condition` 元素中指定的键。有关与服务资源关联的条件键的更多信息,请参阅资源类型表的**条件键**列。
操作表的**依赖操作**列显示成功调用操作可能需要的其他权限。除了操作本身的权限以外,可能还需要这些权限。若某个操作指定依赖操作,则这些依赖关系可能适用于为该操作定义的其他资源,而不仅仅是表中列出的第一个资源。
**注意**
资源条件键在[资源类型](#amazonelastickubernetesservice-resources-for-iam-policies)表中列出。您可以在操作表的**资源类型(\* 为必需)**列中找到应用于某项操作的资源类型的链接。资源类型表中的资源类型包括**条件密钥**列,这是应用于操作表中操作的资源条件键。
有关下表中各列的详细信息,请参阅[操作表](reference_policies_actions-resources-contextkeys.html#actions_table)。
****
- ** [https://docs.amazonaws.cn/eks/latest/userguide/view-workloads.html](https://docs.amazonaws.cn/eks/latest/userguide/view-workloads.html) [仅权限]**
- **描述:** 授予通过 EKS 控制台查看 Kubernetes 对象的权限 Amazon
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_AssociateAccessPolicy.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_AssociateAccessPolicy.html) **
- **描述:** 授予将 Amazon EKS 访问策略与 Amazon EKS 访问条目关联的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-access-entry](#amazonelastickubernetesservice-access-entry) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-eks_policyArn](#amazonelastickubernetesservice-eks_policyArn)
[#amazonelastickubernetesservice-eks_namespaces](#amazonelastickubernetesservice-eks_namespaces)
[#amazonelastickubernetesservice-eks_accessScope](#amazonelastickubernetesservice-eks_accessScope) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_AssociateEncryptionConfig.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_AssociateEncryptionConfig.html) **
- **描述:** 授予权限以将加密配置关联到集群
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-eks_encryptionConfigProviderKeyArns](#amazonelastickubernetesservice-eks_encryptionConfigProviderKeyArns) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_AssociateIdentityProviderConfig.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_AssociateIdentityProviderConfig.html) **
- **描述:** 授予权限以将身份提供商配置关联到集群
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-aws_RequestTag___TagKey_](#amazonelastickubernetesservice-aws_RequestTag___TagKey_)
[#amazonelastickubernetesservice-aws_TagKeys](#amazonelastickubernetesservice-aws_TagKeys)
[#amazonelastickubernetesservice-eks_clientId](#amazonelastickubernetesservice-eks_clientId)
[#amazonelastickubernetesservice-eks_issuerUrl](#amazonelastickubernetesservice-eks_issuerUrl) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateAccessEntry.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateAccessEntry.html) **
- **描述:** 授予创建 Amazon EKS 访问条目的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-aws_RequestTag___TagKey_](#amazonelastickubernetesservice-aws_RequestTag___TagKey_)
[#amazonelastickubernetesservice-aws_TagKeys](#amazonelastickubernetesservice-aws_TagKeys)
[#amazonelastickubernetesservice-eks_principalArn](#amazonelastickubernetesservice-eks_principalArn)
[#amazonelastickubernetesservice-eks_kubernetesGroups](#amazonelastickubernetesservice-eks_kubernetesGroups)
[#amazonelastickubernetesservice-eks_username](#amazonelastickubernetesservice-eks_username)
[#amazonelastickubernetesservice-eks_accessEntryType](#amazonelastickubernetesservice-eks_accessEntryType) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateAddon.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateAddon.html) **
- **描述:** 授予权限以创建 Amazon EKS 附加组件
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-podidentityassociation](#amazonelastickubernetesservice-podidentityassociation) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-aws_RequestTag___TagKey_](#amazonelastickubernetesservice-aws_RequestTag___TagKey_)
[#amazonelastickubernetesservice-aws_TagKeys](#amazonelastickubernetesservice-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateCapability.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateCapability.html) **
- **描述:** 授予为 Amazon EKS 集群创建功能的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-aws_RequestTag___TagKey_](#amazonelastickubernetesservice-aws_RequestTag___TagKey_)
[#amazonelastickubernetesservice-aws_TagKeys](#amazonelastickubernetesservice-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateCluster.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateCluster.html) **
- **描述:** 授予权限以创建 Amazon EKS 集群
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:** [#amazonelastickubernetesservice-aws_RequestTag___TagKey_](#amazonelastickubernetesservice-aws_RequestTag___TagKey_)
[#amazonelastickubernetesservice-aws_TagKeys](#amazonelastickubernetesservice-aws_TagKeys)
[#amazonelastickubernetesservice-eks_bootstrapClusterCreatorAdminPermissions](#amazonelastickubernetesservice-eks_bootstrapClusterCreatorAdminPermissions)
[#amazonelastickubernetesservice-eks_bootstrapSelfManagedAddons](#amazonelastickubernetesservice-eks_bootstrapSelfManagedAddons)
[#amazonelastickubernetesservice-eks_authenticationMode](#amazonelastickubernetesservice-eks_authenticationMode)
[#amazonelastickubernetesservice-eks_supportType](#amazonelastickubernetesservice-eks_supportType)
[#amazonelastickubernetesservice-eks_computeConfigEnabled](#amazonelastickubernetesservice-eks_computeConfigEnabled)
[#amazonelastickubernetesservice-eks_elasticLoadBalancingEnabled](#amazonelastickubernetesservice-eks_elasticLoadBalancingEnabled)
[#amazonelastickubernetesservice-eks_blockStorageEnabled](#amazonelastickubernetesservice-eks_blockStorageEnabled)
[#amazonelastickubernetesservice-eks_loggingType___type_](#amazonelastickubernetesservice-eks_loggingType___type_)
[#amazonelastickubernetesservice-eks_kubernetesVersion](#amazonelastickubernetesservice-eks_kubernetesVersion)
[#amazonelastickubernetesservice-eks_endpointPublicAccess](#amazonelastickubernetesservice-eks_endpointPublicAccess)
[#amazonelastickubernetesservice-eks_endpointPrivateAccess](#amazonelastickubernetesservice-eks_endpointPrivateAccess)
[#amazonelastickubernetesservice-eks_deletionProtection](#amazonelastickubernetesservice-eks_deletionProtection)
[#amazonelastickubernetesservice-eks_controlPlaneScalingTier](#amazonelastickubernetesservice-eks_controlPlaneScalingTier)
[#amazonelastickubernetesservice-eks_encryptionConfigProviderKeyArns](#amazonelastickubernetesservice-eks_encryptionConfigProviderKeyArns)
[#amazonelastickubernetesservice-eks_zonalShiftEnabled](#amazonelastickubernetesservice-eks_zonalShiftEnabled)
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateEksAnywhereSubscription.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateEksAnywhereSubscription.html) **
- **描述:** 授予创建 EKS Anywhere 订阅的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:** [#amazonelastickubernetesservice-aws_RequestTag___TagKey_](#amazonelastickubernetesservice-aws_RequestTag___TagKey_)
[#amazonelastickubernetesservice-aws_TagKeys](#amazonelastickubernetesservice-aws_TagKeys)
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateFargateProfile.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateFargateProfile.html) **
- **描述:** 授予创建 Amazon Fargate 个人资料的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-aws_RequestTag___TagKey_](#amazonelastickubernetesservice-aws_RequestTag___TagKey_)
[#amazonelastickubernetesservice-aws_TagKeys](#amazonelastickubernetesservice-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateNodegroup.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_CreateNodegroup.html) **
- **描述:** 授予权限以创建 Amazon EKS 节点组
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-aws_RequestTag___TagKey_](#amazonelastickubernetesservice-aws_RequestTag___TagKey_)
[#amazonelastickubernetesservice-aws_TagKeys](#amazonelastickubernetesservice-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_CreatePodIdentityAssociation.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_CreatePodIdentityAssociation.html) **
- **描述:** 授予创建 EKS 容器组身份关联的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-aws_RequestTag___TagKey_](#amazonelastickubernetesservice-aws_RequestTag___TagKey_)
[#amazonelastickubernetesservice-aws_TagKeys](#amazonelastickubernetesservice-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteAccessEntry.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteAccessEntry.html) **
- **描述:** 授予删除 Amazon EKS 访问条目的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-access-entry](#amazonelastickubernetesservice-access-entry)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteAddon.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteAddon.html) **
- **描述:** 授予权限以删除 Amazon EKS 附加组件
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-addon](#amazonelastickubernetesservice-addon) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-podidentityassociation](#amazonelastickubernetesservice-podidentityassociation) / **条件键:** / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteCapability.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteCapability.html) **
- **描述:** 授予从 Amazon EKS 集群中删除权能的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-capability](#amazonelastickubernetesservice-capability)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteCluster.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteCluster.html) **
- **描述:** 授予权限以删除 Amazon EKS 集群
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteEksAnywhereSubscription.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteEksAnywhereSubscription.html) **
- **描述:** 授予描述 EKS Anywhere 订阅的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-eks-anywhere-subscription](#amazonelastickubernetesservice-eks-anywhere-subscription)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteFargateProfile.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteFargateProfile.html) **
- **描述:** 授予删除 Amazon Fargate 个人资料的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-fargateprofile](#amazonelastickubernetesservice-fargateprofile)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteNodegroup.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DeleteNodegroup.html) **
- **描述:** 授予权限以删除 Amazon EKS 节点组
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-nodegroup](#amazonelastickubernetesservice-nodegroup)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DeletePodIdentityAssociation.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DeletePodIdentityAssociation.html) **
- **描述:** 授予删除 EKS 容器组身份关联的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-podidentityassociation](#amazonelastickubernetesservice-podidentityassociation)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DeregisterCluster.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DeregisterCluster.html) **
- **描述:** 授予取消注册外部集群的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeAccessEntry.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeAccessEntry.html) **
- **描述:** 授予描述 Amazon EKS 访问条目的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-access-entry](#amazonelastickubernetesservice-access-entry)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeAddon.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeAddon.html) **
- **描述:** 授予权限以检索有关 Amazon EKS 附加组件的描述性信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-addon](#amazonelastickubernetesservice-addon)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeAddonConfiguration.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeAddonConfiguration.html) **
- **描述:** 授予列出有关 Amazon EKS 附加组件的配置选项的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeAddonVersions.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeAddonVersions.html) **
- **描述:** 授予权限以检索有关 Amazon EKS 支持的插件的描述性版本信息 Add-ons
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeCapability.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeCapability.html) **
- **描述:** 授予描述 Amazon EKS 集群功能的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-capability](#amazonelastickubernetesservice-capability)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeCluster.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeCluster.html) **
- **描述:** 授予权限以检索有关 Amazon EKS 集群的描述性信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeClusterVersions.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeClusterVersions.html) **
- **描述:** 授予权限以检索有关 Amazon EKS 集群支持的 Kubernetes 版本的描述性信息
- **访问级别:** 读取
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeEksAnywhereSubscription.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeEksAnywhereSubscription.html) **
- **描述:** 授予描述 EKS Anywhere 订阅的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-eks-anywhere-subscription](#amazonelastickubernetesservice-eks-anywhere-subscription)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeFargateProfile.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeFargateProfile.html) **
- **描述:** 授予检索与集群关联的 Far Amazon gate 配置文件的描述性信息的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-fargateprofile](#amazonelastickubernetesservice-fargateprofile)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeIdentityProviderConfig.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeIdentityProviderConfig.html) **
- **描述:** 授予权限以检索与集群关联的 Idp config 的相关描述性信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-identityproviderconfig](#amazonelastickubernetesservice-identityproviderconfig)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeInsight.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeInsight.html) **
- **描述:** 授予检索指定集群中检测到的见解的描述性信息的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeInsightsRefresh.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeInsightsRefresh.html) **
- **描述:** 授予权限以检索最新的按需集群见解刷新操作的状态
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeNodegroup.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeNodegroup.html) **
- **描述:** 授予权限以检索有关 Amazon EKS 节点组的描述性信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-nodegroup](#amazonelastickubernetesservice-nodegroup)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribePodIdentityAssociation.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribePodIdentityAssociation.html) **
- **描述:** 授予描述 EKS 容器组身份关联的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-podidentityassociation](#amazonelastickubernetesservice-podidentityassociation)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeUpdate.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DescribeUpdate.html) **
- **描述:** 授予权限以检索给定 Amazon EKS cluster/nodegroup /附加组件(在指定或默认区域)的给定更新
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-addon](#amazonelastickubernetesservice-addon) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-capability](#amazonelastickubernetesservice-capability) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-nodegroup](#amazonelastickubernetesservice-nodegroup) / **条件键:** / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DisassociateAccessPolicy.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DisassociateAccessPolicy.html) **
- **描述:** 授予将 Amazon EKS 访问策略与 Amazon EKS 访问条目取消关联的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-access-entry](#amazonelastickubernetesservice-access-entry) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-eks_policyArn](#amazonelastickubernetesservice-eks_policyArn)
[#amazonelastickubernetesservice-eks_namespaces](#amazonelastickubernetesservice-eks_namespaces)
[#amazonelastickubernetesservice-eks_accessScope](#amazonelastickubernetesservice-eks_accessScope) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_DisassociateIdentityProviderConfig.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_DisassociateIdentityProviderConfig.html) **
- **描述:** 授予权限以删除关联的 Idp config
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-identityproviderconfig](#amazonelastickubernetesservice-identityproviderconfig)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListAccessEntries.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListAccessEntries.html) **
- **描述:** 授予列出所有 Amazon EKS 访问条目的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListAccessPolicies.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListAccessPolicies.html) **
- **描述:** 授予列出 Amazon EKS 访问策略的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListAddons.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListAddons.html) **
- **描述:** 授予在您的 Amazon Web Services 账户 (指定或默认区域)列出给定集群的 Amazon EKS 插件的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListAssociatedAccessPolicies.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListAssociatedAccessPolicies.html) **
- **描述:** 授予列出关联访问策略与 Amazon EKS 访问条目的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-access-entry](#amazonelastickubernetesservice-access-entry)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListCapabilities.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListCapabilities.html) **
- **描述:** 授予列出 Amazon EKS 集群功能的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListClusters.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListClusters.html) **
- **描述:** 授予列出您的 Amazon Web Services 账户 (指定或默认区域)中的 Amazon EKS 集群的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListDashboardData.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListDashboardData.html) **
- **描述:** 授予权限以列出控制面板数据。Amazon EKS 控制面板聚合有关跨多个账户和区域的集群资源的信息。控制面板包含有关 EC2 实例和 EKS 集群版本的信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-dashboard](#amazonelastickubernetesservice-dashboard)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListDashboardResources.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListDashboardResources.html) **
- **描述:** 授予权限以列出控制面板资源。Amazon EKS 控制面板聚合有关跨多个账户和区域的集群资源的信息。控制面板包含有关 EC2 实例和 EKS 集群版本的信息
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-dashboard](#amazonelastickubernetesservice-dashboard)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListEksAnywhereSubscriptions.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListEksAnywhereSubscriptions.html) **
- **描述:** 授予列出 EKS Anywhere 订阅的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):**
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListFargateProfiles.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListFargateProfiles.html) **
- **描述:** 授予列出您 Amazon Web Services 账户 (在指定或默认区域)中与给定集群关联的 Amazon Fargate 配置文件的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListIdentityProviderConfigs.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListIdentityProviderConfigs.html) **
- **描述:** 授予列出您 Amazon Web Services 账户 (在指定或默认区域)中与给定集群关联的 Idp 配置的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListInsights.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListInsights.html) **
- **描述:** 授予列出指定集群的所有检测见解的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListNodegroups.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListNodegroups.html) **
- **描述:** 授予权限以列出您的 Amazon Web Services 账户 (在指定或默认区域)连接到给定集群的 Amazon EKS 节点组
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListPodIdentityAssociations.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListPodIdentityAssociations.html) **
- **描述:** 授予列出 EKS 容器组身份关联的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListTagsForResource.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListTagsForResource.html) **
- **描述:** 授予列出指定资源的标签的权限
- **访问级别:** 读取
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-addon](#amazonelastickubernetesservice-addon) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-capability](#amazonelastickubernetesservice-capability) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-dashboard](#amazonelastickubernetesservice-dashboard) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-eks-anywhere-subscription](#amazonelastickubernetesservice-eks-anywhere-subscription) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-fargateprofile](#amazonelastickubernetesservice-fargateprofile) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-identityproviderconfig](#amazonelastickubernetesservice-identityproviderconfig) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-nodegroup](#amazonelastickubernetesservice-nodegroup) / **条件键:** / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_ListUpdates.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_ListUpdates.html) **
- **描述:** 授予列出给定 Amazon EKS cluster/nodegroup /附加组件(在指定或默认区域)更新的权限
- **访问级别:** 列表
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-addon](#amazonelastickubernetesservice-addon) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-capability](#amazonelastickubernetesservice-capability) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-nodegroup](#amazonelastickubernetesservice-nodegroup) / **条件键:** / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/userguide/mutate-workloads.html](https://docs.amazonaws.cn/eks/latest/userguide/mutate-workloads.html) [仅权限]**
- **描述:** 授予通过控制台修改 Kubernetes 对象的权限 Amazon
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:** eks:AccessKubernetesApi
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_RegisterCluster.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_RegisterCluster.html) **
- **描述:** 授予注册外部集群的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):**
- **条件键:** [#amazonelastickubernetesservice-aws_RequestTag___TagKey_](#amazonelastickubernetesservice-aws_RequestTag___TagKey_)
[#amazonelastickubernetesservice-aws_TagKeys](#amazonelastickubernetesservice-aws_TagKeys)
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_StartInsightsRefresh.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_StartInsightsRefresh.html) **
- **描述:** 授予权限以启动按需集群见解刷新操作,以便在标准刷新计划之外获取最新分析
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_TagResource.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_TagResource.html) **
- **描述:** 授予标记指定资源的权限
- **访问级别:** Tagging
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-access-entry](#amazonelastickubernetesservice-access-entry) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-addon](#amazonelastickubernetesservice-addon) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-capability](#amazonelastickubernetesservice-capability) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-dashboard](#amazonelastickubernetesservice-dashboard) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-eks-anywhere-subscription](#amazonelastickubernetesservice-eks-anywhere-subscription) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-fargateprofile](#amazonelastickubernetesservice-fargateprofile) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-identityproviderconfig](#amazonelastickubernetesservice-identityproviderconfig) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-nodegroup](#amazonelastickubernetesservice-nodegroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-podidentityassociation](#amazonelastickubernetesservice-podidentityassociation) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-aws_RequestTag___TagKey_](#amazonelastickubernetesservice-aws_RequestTag___TagKey_)
[#amazonelastickubernetesservice-aws_TagKeys](#amazonelastickubernetesservice-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_UntagResource.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_UntagResource.html) **
- **描述:** 授予取消标记指定资源的权限
- **访问级别:** 标签
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-access-entry](#amazonelastickubernetesservice-access-entry) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-addon](#amazonelastickubernetesservice-addon) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-capability](#amazonelastickubernetesservice-capability) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-dashboard](#amazonelastickubernetesservice-dashboard) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-eks-anywhere-subscription](#amazonelastickubernetesservice-eks-anywhere-subscription) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-fargateprofile](#amazonelastickubernetesservice-fargateprofile) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-identityproviderconfig](#amazonelastickubernetesservice-identityproviderconfig) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-nodegroup](#amazonelastickubernetesservice-nodegroup) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-podidentityassociation](#amazonelastickubernetesservice-podidentityassociation) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-aws_TagKeys](#amazonelastickubernetesservice-aws_TagKeys) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateAccessEntry.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateAccessEntry.html) **
- **描述:** 授予更新 Amazon EKS 访问条目的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-access-entry](#amazonelastickubernetesservice-access-entry)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateAddon.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateAddon.html) **
- **描述:** 授予更新 Amazon EKS 附加组件配置的权限,例如 VPC-CNI 版本
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-addon](#amazonelastickubernetesservice-addon) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-podidentityassociation](#amazonelastickubernetesservice-podidentityassociation) / **条件键:** / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateCapability.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateCapability.html) **
- **描述:** 授予更新 Amazon EKS 集群功能的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-capability](#amazonelastickubernetesservice-capability)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateClusterConfig.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateClusterConfig.html) **
- **描述:** 授予权限以更新 Amazon EKS 集群配置(例如,API 服务器终端节点访问)
- **访问级别:** Write
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-eks_authenticationMode](#amazonelastickubernetesservice-eks_authenticationMode)
[#amazonelastickubernetesservice-eks_supportType](#amazonelastickubernetesservice-eks_supportType)
[#amazonelastickubernetesservice-eks_computeConfigEnabled](#amazonelastickubernetesservice-eks_computeConfigEnabled)
[#amazonelastickubernetesservice-eks_elasticLoadBalancingEnabled](#amazonelastickubernetesservice-eks_elasticLoadBalancingEnabled)
[#amazonelastickubernetesservice-eks_blockStorageEnabled](#amazonelastickubernetesservice-eks_blockStorageEnabled)
[#amazonelastickubernetesservice-eks_loggingType___type_](#amazonelastickubernetesservice-eks_loggingType___type_)
[#amazonelastickubernetesservice-eks_endpointPublicAccess](#amazonelastickubernetesservice-eks_endpointPublicAccess)
[#amazonelastickubernetesservice-eks_endpointPrivateAccess](#amazonelastickubernetesservice-eks_endpointPrivateAccess)
[#amazonelastickubernetesservice-eks_deletionProtection](#amazonelastickubernetesservice-eks_deletionProtection)
[#amazonelastickubernetesservice-eks_controlPlaneScalingTier](#amazonelastickubernetesservice-eks_controlPlaneScalingTier)
[#amazonelastickubernetesservice-eks_zonalShiftEnabled](#amazonelastickubernetesservice-eks_zonalShiftEnabled) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateClusterVersion.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateClusterVersion.html) **
- **描述:** 授予权限以更新 Amazon EKS 集群的 Kubernetes 版本
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-cluster](#amazonelastickubernetesservice-cluster) / **条件键:** / **相关操作:**
- **资源类型(\* 为必需):** / **条件键:** [#amazonelastickubernetesservice-eks_kubernetesVersion](#amazonelastickubernetesservice-eks_kubernetesVersion) / **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateEksAnywhereSubscription.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateEksAnywhereSubscription.html) **
- **描述:** 授予更新 EKS Anywhere 订阅的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-eks-anywhere-subscription](#amazonelastickubernetesservice-eks-anywhere-subscription)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateNodegroupConfig.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateNodegroupConfig.html) **
- **描述:** 授予更新 Amazon EKS 节点组配置的权限(例如: min/max/所需容量或标签)
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-nodegroup](#amazonelastickubernetesservice-nodegroup)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateNodegroupVersion.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdateNodegroupVersion.html) **
- **描述:** 授予权限以更新 Amazon EKS 节点组的 Kubernetes 版本
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-nodegroup](#amazonelastickubernetesservice-nodegroup)
- **条件键:**
- **相关操作:**
- ** [https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdatePodIdentityAssociation.html](https://docs.amazonaws.cn/eks/latest/APIReference/API_UpdatePodIdentityAssociation.html) **
- **描述:** 授予更新 EKS 容器组身份关联的权限
- **访问级别:** 写入
- **资源类型(\* 为必需):** [#amazonelastickubernetesservice-podidentityassociation](#amazonelastickubernetesservice-podidentityassociation)
- **条件键:**
- **相关操作:**
## Amazon Elastic Kubernetes Service 定义的资源类型
以下资源类型是由该服务定义的,可以在 IAM 权限策略语句的 `Resource` 元素中使用这些资源类型。[操作表](#amazonelastickubernetesservice-actions-as-permissions)中的每个操作指定了可以使用该操作指定的资源类型。您也可以在策略中包含条件键,从而定义资源类型。这些键显示在资源类型表的最后一列。有关下表中各列的详细信息,请参阅[资源类型表](reference_policies_actions-resources-contextkeys.html#resources_table)。
****
| 资源类型 | ARN | 条件键 |
| --- | --- | --- |
| [https://docs.amazonaws.cn/eks/latest/userguide/clusters.html](https://docs.amazonaws.cn/eks/latest/userguide/clusters.html) | arn:${Partition}:eks:${Region}:${Account}:cluster/${ClusterName} | [#amazonelastickubernetesservice-aws_ResourceTag___TagKey_](#amazonelastickubernetesservice-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/eks/latest/userguide/managed-node-groups.html](https://docs.amazonaws.cn/eks/latest/userguide/managed-node-groups.html) | arn:${Partition}:eks:${Region}:${Account}:nodegroup/${ClusterName}/${NodegroupName}/${UUID} | [#amazonelastickubernetesservice-aws_ResourceTag___TagKey_](#amazonelastickubernetesservice-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/eks/latest/userguide/eks-add-ons.html](https://docs.amazonaws.cn/eks/latest/userguide/eks-add-ons.html) | arn:${Partition}:eks:${Region}:${Account}:addon/${ClusterName}/${AddonName}/${UUID} | [#amazonelastickubernetesservice-aws_ResourceTag___TagKey_](#amazonelastickubernetesservice-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/eks/latest/userguide/fargate-profile.html](https://docs.amazonaws.cn/eks/latest/userguide/fargate-profile.html) | arn:${Partition}:eks:${Region}:${Account}:fargateprofile/${ClusterName}/${FargateProfileName}/${UUID} | [#amazonelastickubernetesservice-aws_ResourceTag___TagKey_](#amazonelastickubernetesservice-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/eks/latest/userguide/authenticate-oidc-identity-provider.html](https://docs.amazonaws.cn/eks/latest/userguide/authenticate-oidc-identity-provider.html) | arn:${Partition}:eks:${Region}:${Account}:identityproviderconfig/${ClusterName}/${IdentityProviderType}/${IdentityProviderConfigName}/${UUID} | [#amazonelastickubernetesservice-aws_ResourceTag___TagKey_](#amazonelastickubernetesservice-aws_ResourceTag___TagKey_) |
| [https://anywhere.eks.amazonaws.com/docs/clustermgmt/support/cluster-license/](https://anywhere.eks.amazonaws.com/docs/clustermgmt/support/cluster-license/) | arn:${Partition}:eks:${Region}:${Account}:eks-anywhere-subscription/${UUID} | [#amazonelastickubernetesservice-aws_ResourceTag___TagKey_](#amazonelastickubernetesservice-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/eks/latest/userguide/pod-identities.html](https://docs.amazonaws.cn/eks/latest/userguide/pod-identities.html) | arn:${Partition}:eks:${Region}:${Account}:podidentityassociation/${ClusterName}/${UUID} | [#amazonelastickubernetesservice-aws_ResourceTag___TagKey_](#amazonelastickubernetesservice-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/eks/latest/userguide/access-entries.html](https://docs.amazonaws.cn/eks/latest/userguide/access-entries.html) | arn:${Partition}:eks:${Region}:${Account}:access-entry/${ClusterName}/${IamIdentityType}/${IamIdentityAccountID}/${IamIdentityName}/${UUID} | [#amazonelastickubernetesservice-aws_ResourceTag___TagKey_](#amazonelastickubernetesservice-aws_ResourceTag___TagKey_)
[#amazonelastickubernetesservice-eks_accessEntryType](#amazonelastickubernetesservice-eks_accessEntryType)
[#amazonelastickubernetesservice-eks_clusterName](#amazonelastickubernetesservice-eks_clusterName)
[#amazonelastickubernetesservice-eks_kubernetesGroups](#amazonelastickubernetesservice-eks_kubernetesGroups)
[#amazonelastickubernetesservice-eks_principalArn](#amazonelastickubernetesservice-eks_principalArn)
[#amazonelastickubernetesservice-eks_username](#amazonelastickubernetesservice-eks_username) |
| [https://docs.amazonaws.cn/eks/latest/userguide/access-policies.html](https://docs.amazonaws.cn/eks/latest/userguide/access-policies.html) | arn:${Partition}:eks::aws:cluster-access-policy/${AccessPolicyName} | |
| [https://docs.amazonaws.cn/eks/latest/userguide/cluster-dashboard.html](https://docs.amazonaws.cn/eks/latest/userguide/cluster-dashboard.html) | arn:${Partition}:eks:${Region}:${Account}:dashboard/${DashboardName} | [#amazonelastickubernetesservice-aws_ResourceTag___TagKey_](#amazonelastickubernetesservice-aws_ResourceTag___TagKey_) |
| [https://docs.amazonaws.cn/eks/latest/userguide/capabilities.html](https://docs.amazonaws.cn/eks/latest/userguide/capabilities.html) | arn:${Partition}:eks:${Region}:${Account}:capability/${ClusterName}/${CapabilityType}/${CapabilityName}/${UUID} | [#amazonelastickubernetesservice-aws_ResourceTag___TagKey_](#amazonelastickubernetesservice-aws_ResourceTag___TagKey_) |
## Amazon Elastic Kubernetes Service 的条件键
Amazon Elastic Kubernetes Service 定义以下可以在 IAM policy 的 `Condition` 元素中使用的条件键。您可以使用这些键进一步细化应用策略语句的条件。有关下表中各列的详细信息,请参阅[条件键表](reference_policies_actions-resources-contextkeys.html#context_keys_table)。
要查看适用于所有服务的全局条件键,请参阅 [Amazon 全局条件上下文键](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_condition-keys.html)。
****
| 条件键 | 描述 | 类型 |
| --- | --- | --- |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags) | 按用户向 EKS 服务发出的请求中包含的键筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags) | 按标签键值对筛选访问 | 字符串 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-tags) | 按用户向 EKS 服务发出的请求中包含的所有标签键名称的列表筛选访问 | ArrayOfString |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按用户向 EKS 服务发出的访问条目请求中所包含的访问条目类型筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按用户向 EKS 服务发出的关联/取消关联访问策略请求中包含的 accessScope 筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按创建/更新集群请求中所包含的身份验证模式筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按创建/更新集群请求中的块存储启用参数筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按创建集群请求中ClusterCreatorAdminPermissions 存在的引导程序筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按创建集群请求中SelfManagedAddons 存在的引导程序筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 筛选用户向 EKS 服务提出的IdentityProviderConfig 关联请求中存在的 ClientId 的访问权限 | 字符串 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按用户向 EKS 服务发出的访问条目请求中所包含的 clusterName 筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按创建/更新集群请求中的已启用计算配置的参数筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 在创建/更新集群请求中按控制平面扩展层筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按创建/更新集群请求中的删除保护设置筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按创建/更新集群请求中的已启用弹性负载均衡的参数筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 在创建集群/关联加密配置请求中按 KMS 密钥 ARN 筛选访问权限 | ArrayOfARN |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按创建/更新集群请求中的终端节点私有访问权限设置筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按创建/更新集群请求中的终端节点公共访问设置筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按用户向 EKS 服务IdentityProviderConfig 提出的关联请求中存在的 issuerUrl 筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按用户向 EKS 服务发出的访问条目请求中所包含的 kubernetesGroups 筛选访问权限 | ArrayOfString |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 在创建集群/更新集群版本请求中按照 Kubernetes 版本筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按已启用的集群日志记录和创建/更新集群请求中的类型参数筛选访问权限 | 布尔型 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按用户向 EKS 服务发出的关联/取消关联访问策略请求中包含的 namespaces 筛选访问权限 | ArrayOfString |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按用户向 EKS 服务发出的访问条目请求中所包含的 policyArn 筛选访问权限 | 进行筛选 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按用户向 EKS 服务发出的访问条目请求中所包含的 principalArn 筛选访问权限 | 进行筛选 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按创建/更新集群请求中所包含的 supportType 筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按用户向 EKS 服务发出的访问条目请求中所包含的 Kubernetes 用户名筛选访问权限 | 字符串 |
| [https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies](https://docs.amazonaws.cn/eks/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies) | 按创建/更新集群请求中的启用区域偏移设置筛选访问权限 | 布尔型 |