AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门。
Amazon Elastic Container Service/AWS Fargate
These example templates show how AWS Step Functions generates IAM policies based on the resources in your state machine definition. For more information, see:
由于在提交任务之前 TaskId 的值始终未知,因此 Step Functions 会创建具有更高特权的 "Resource": "*" 策略。
注意
尽管采用了 "*" IAM 策略,您仍然可以停止 Step Functions 启动的 Amazon ECS 任务。
- Synchronous
-
静态资源
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:RunTask" ], "Resource": [ "arn:aws:ecs:[[region]]:[[accountId]]:task-definition/[[taskDefinition]]" ] }, { "Effect": "Allow", "Action": [ "ecs:StopTask", "ecs:DescribeTasks" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "events:PutTargets", "events:PutRule", "events:DescribeRule" ], "Resource": [ "arn:aws:events:[[region]]:[[accountId]]:rule/StepFunctionsGetEventsForECSTaskRule" ] } ] }动态资源
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:RunTask", "ecs:StopTask", "ecs:DescribeTasks" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "events:PutTargets", "events:PutRule", "events:DescribeRule" ], "Resource": [ "arn:aws:events:[[region]]:[[accountId]]:rule/StepFunctionsGetEventsForECSTaskRule" ] } ] } - Asynchronous
-
静态资源
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:RunTask" ], "Resource": [ "arn:aws:ecs:[[region]]:[[accountId]]:task-definition/[[taskDefinition]]" ] } ] }动态资源
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:RunTask" ], "Resource": "*" } ] }