本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # Elastic Beanstalk 操作的资源和条件 本部分描述了可在策略语句中用于授予权限的资源和条件,这些权限允许用户对特定的 Elastic Beanstalk 资源执行特定的 Elastic Beanstalk 操作。 条件可让您指定完成此操作所需的资源的权限。例如,当您调用 `CreateEnvironment` 操作时,还必须指定要部署的应用程序版本及包含此应用程序名称的应用程序。为 `CreateEnvironment` 操作设置权限时,应使用 `InApplication` 和 `FromApplicationVersion` 条件指定您要执行操作的应用程序和应用程序版本。 此外,还可以使用解决方案堆栈(`FromSolutionStack`)或配置模板(`FromConfigurationTemplate`)指定环境配置。以下策略语句允许 `CreateEnvironment` 操作,借助 **myenv** 配置(`Resource`)使用应用程序版本 **My App**(`InApplication`)在应用程序 **My Version**(由 `FromApplicationVersion` 条件指定)中创建名为 **32bit Amazon Linux running Tomcat 7**(由 `FromSolutionStack` 指定)的环境: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:CreateEnvironment" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:application/My App"], "elasticbeanstalk:FromApplicationVersion": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:applicationversion/My App/My Version"], "elasticbeanstalk:FromSolutionStack": ["arn:aws:elasticbeanstalk:us-east-2::solutionstack/32bit Amazon Linux running Tomcat 7"] } } } ] } ``` ------ **注意** 本主题中提及的大多数条件键特定于 Elastic Beanstalk,而且其名称包含 `elasticbeanstalk:` 前缀。为简洁起见,我们会在以下部分中提交条件键名称时从这些名称中忽略此前缀。例如,我们会提及 `InApplication` 而不是其全名 `elasticbeanstalk:InApplication`。 相比之下,我们提到了一些跨 Amazon 服务使用的条件键,并添加了它们`aws:`的前缀以突出显示异常。 策略示例始终显示完整条件键名称,包括前缀。 **Topics** + [Elastic Beanstalk 操作的策略信息](#AWSHowTo.iam.policies.actions.table) + [Elastic Beanstalk 操作的条件键](#AWSHowTo.iam.policies.conditions) ## Elastic Beanstalk 操作的策略信息 下表列出了所有 Elastic Beanstalk 操作、每项操作针对的资源以及可以使用条件提供的其他上下文信息。 **Elastic Beanstalk 操作的策略信息,包括资源、条件、示例和依赖项**
资源Conditions示例语句
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_AbortEnvironmentUpdate.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_AbortEnvironmentUpdate.html)
`application`
`environment`		`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许用户在名为 `My App` 的应用程序中中止有关环境的环境更新操作。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CheckDNSAvailability.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CheckDNSAvailability.html)
`"*"`不适用 [See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_ComposeEnvironments.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_ComposeEnvironments.html)
`application``aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许用户编写属于名为 `My App` 的应用程序的环境。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CreateApplication.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CreateApplication.html)
`application``aws:RequestTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		此示例允许 `CreateApplication` 操作创建名称以 **DivA** 开头的应用程序:[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CreateApplicationVersion.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CreateApplicationVersion.html)
`applicationversion``InApplication`
`aws:RequestTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		此示例允许 `CreateApplicationVersion` 操作在应用程序 **\*** 中创建使用任一名称(**My App**)的应用程序版本:[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CreateConfigurationTemplate.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CreateConfigurationTemplate.html)
`configurationtemplate``InApplication`
`FromApplication`
`FromApplicationVersion`
`FromConfigurationTemplate`
`FromEnvironment`
`FromSolutionStack`
`aws:RequestTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `CreateConfigurationTemplate` 操作在应用程序 **My Template** 中创建名称以 `My Template*`(**My App**)开头的配置模板:[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CreateEnvironment.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CreateEnvironment.html)
`environment``InApplication`
`FromApplicationVersion`
`FromConfigurationTemplate`
`FromSolutionStack`
`aws:RequestTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `CreateEnvironment` 操作在应用程序 **My App** 中使用解决方案堆栈 **32bit Amazon Linux running Tomcat 7** 创建名为 **myenv** 的环境:[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CreatePlatformVersion.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CreatePlatformVersion.html)
`platform``aws:RequestTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		此示例允许 `CreatePlatformVersion` 操作创建以 `us-east-2` 区域为目标的平台版本,其名称以 **us-east-2\_** 开头:[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CreateStorageLocation.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_CreateStorageLocation.html)
`"*"`不适用 [See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DeleteApplication.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DeleteApplication.html)
`application``aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `DeleteApplication` 操作删除应用程序 **My App**:[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DeleteApplicationVersion.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DeleteApplicationVersion.html)
`applicationversion``InApplication`
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `DeleteApplicationVersion` 操作在应用程序 **My App** 中删除名为 **My Version** 的应用程序版本:[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DeleteConfigurationTemplate.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DeleteConfigurationTemplate.html)
`configurationtemplate``InApplication`(可选)
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `DeleteConfigurationTemplate` 操作在应用程序 **My App** 中删除名为 **My Template** 的配置模板。将应用程序名称指定为条件(可选)。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DeleteEnvironmentConfiguration.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DeleteEnvironmentConfiguration.html)
`environment``InApplication`(可选)以下策略允许 `DeleteEnvironmentConfiguration` 操作在应用程序 **My App** 中删除环境 **myenv** 的预配置。将应用程序名称指定为条件(可选)。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DeletePlatformVersion.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DeletePlatformVersion.html)
`platform``aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `DeletePlatformVersion` 操作删除以 `us-east-2` 区域为目标的平台版本,其名称以 **us-east-2\_** 开头:[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeApplications.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeApplications.html)
`application``aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `DescribeApplications` 操作描述应用程序“My App”。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeApplicationVersions.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeApplicationVersions.html)
`applicationversion``InApplication`(可选)
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `DescribeApplicationVersions` 操作在应用程序 **My App** 中描述应用程序版本 **My Version**。将应用程序名称指定为条件(可选)。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeConfigurationOptions.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeConfigurationOptions.html)
`environment`
`configurationtemplate`
`solutionstack`		`InApplication`(可选)
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `DescribeConfigurationOptions` 操作在应用程序 **My App** 中描述环境 **myenv** 的配置选项。将应用程序名称指定为条件(可选)。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeConfigurationSettings.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeConfigurationSettings.html)
`environment`
`configurationtemplate`		`InApplication`(可选)
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `DescribeConfigurationSettings` 操作在应用程序 **My App** 中描述环境 **myenv** 的配置设置。将应用程序名称指定为条件(可选)。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeEnvironmentHealth.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeEnvironmentHealth.html)
`environment``aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许使用 `DescribeEnvironmentHealth` 检索名为 **myenv** 的环境的运行状况信息。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeEnvironmentResources.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeEnvironmentResources.html)
`environment``InApplication`(可选)
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许`DescribeEnvironmentResources`操作返回应用程序**myenv**中环境的 Amazon 资源列表**My App**。将应用程序名称指定为条件(可选)。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeEnvironments.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeEnvironments.html)
`environment``InApplication`(可选)
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `DescribeEnvironments` 操作在应用程序 **My App** 中描述环境 **myenv** 和 **myotherenv**。将应用程序名称指定为条件(可选)。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeEvents.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeEvents.html)
`application`
`applicationversion`
`configurationtemplate`
`environment`		`InApplication`
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `DescribeEvents` 操作在应用程序 **My App** 中列出环境 **myenv** 和应用程序版本 **My Version** 的事件描述。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeInstancesHealth.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribeInstancesHealth.html)
`environment`不适用以下策略允许使用 `DescribeInstancesHealth` 检索名为 **myenv** 的环境中的实例的运行状况信息。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribePlatformVersion.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_DescribePlatformVersion.html)
`platform``aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `DescribePlatformVersion` 操作描述以 `us-east-2` 区域为目标的平台版本,其名称以 **us-east-2\_** 开头:[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_ListAvailableSolutionStacks.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_ListAvailableSolutionStacks.html)
`solutionstack`不适用以下策略允许 `ListAvailableSolutionStacks` 操作仅返回解决方案堆栈 **32bit Amazon Linux running Tomcat 7**。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_ListPlatformVersions.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_ListPlatformVersions.html)
`platform``aws:RequestTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		此示例允许 `CreatePlatformVersion` 操作创建以 `us-east-2` 区域为目标的平台版本,其名称以 **us-east-2\_** 开头:[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_ListTagsForResource.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_ListTagsForResource.html)
`application`
`applicationversion`
`configurationtemplate`
`environment`
`platform`		`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略仅在现有资源具有名为 `stage` 的带有值 `test` 的标签时允许 `ListTagsForResource` 操作列出现有资源的标签。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_RebuildEnvironment.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_RebuildEnvironment.html)
`environment``InApplication`
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `RebuildEnvironment` 操作在应用程序 **My App** 中重建环境 **myenv**。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_RequestEnvironmentInfo.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_RequestEnvironmentInfo.html)
`environment``InApplication`
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `RequestEnvironmentInfo` 操作在应用程序 **My App** 中编译有关环境 **myenv** 的信息。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_RestartAppServer.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_RestartAppServer.html)
`environment``InApplication`以下策略允许 `RestartAppServer` 操作在应用程序 **My App** 中重启环境 **myenv** 的应用程序容器服务器。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_RetrieveEnvironmentInfo.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_RetrieveEnvironmentInfo.html)
`environment``InApplication`
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `RetrieveEnvironmentInfo` 操作在应用程序 **My App** 中检索环境 **myenv** 的已编译信息。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_SwapEnvironmentCNAMEs.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_SwapEnvironmentCNAMEs.html)
`environment``InApplication`(可选)
`FromEnvironment`(可选)		以下策略允许`SwapEnvironmentCNAMEs`操作交换环境**mysrcenv**和**mydestenv**。 CNAMEs [See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_TerminateEnvironment.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_TerminateEnvironment.html)
`environment``InApplication`
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `TerminateEnvironment` 操作在应用程序 **My App** 中终止环境 **myenv**。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[UpdateApplication](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateApplication.html)
`application``aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `UpdateApplication` 操作更新应用程序 **My App** 的属性。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[UpdateApplicationResourceLifecycle](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateApplicationResourceLifecycle.html)
`application``aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `UpdateApplicationResourceLifecycle` 操作更新应用程序 **My App** 的生命周期设置。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateApplicationVersion.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateApplicationVersion.html)
`applicationversion``InApplication`
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `UpdateApplicationVersion` 操作在应用程序 **My App** 中更新应用程序版本 **My Version** 的属性。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateConfigurationTemplate.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateConfigurationTemplate.html)
`configurationtemplate``InApplication`
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `UpdateConfigurationTemplate` 操作在应用程序 **My App** 中更新配置模板 **My Template** 的属性或选项。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateEnvironment.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateEnvironment.html)
`environment``InApplication`
`FromApplicationVersion`
`FromConfigurationTemplate`
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `UpdateEnvironment` 操作通过部署应用程序版本 **My Version** 在应用程序 **My App** 中更新环境 **myenv**。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html) – `AddTags`
`application`
`applicationversion`
`configurationtemplate`
`environment`
`platform`		`aws:ResourceTag/{{key-name}}`(可选)
`aws:RequestTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		`AddTags` 操作是与 [https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html) API 关联的两个虚拟操作之一。
以下策略仅在现有资源具有名为 `stage` 的带有值 `test` 的标签时允许 `AddTags` 操作修改现有资源的标签。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html) – `RemoveTags`
`application`
`applicationversion`
`configurationtemplate`
`environment`
`platform`		`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		`RemoveTags` 操作是与 [https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_UpdateTagsForResource.html) API 关联的两个虚拟操作之一。
以下策略拒绝请求从现有资源中删除名为 `stage` 的标签的 `RemoveTags` 操作:[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
**操作:**[https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_ValidateConfigurationSettings.html](https://docs.amazonaws.cn/elasticbeanstalk/latest/api/API_ValidateConfigurationSettings.html)
`template`
`environment`		`InApplication`
`aws:ResourceTag/{{key-name}}`(可选)
`aws:TagKeys`(可选)		以下策略允许 `ValidateConfigurationSettings` 操作在应用程序 **My App** 中根据环境 **myenv** 验证配置设置。[See the AWS documentation website for more details](http://docs.amazonaws.cn/elasticbeanstalk/latest/dg/AWSHowTo.iam.policies.actions.html)
## Elastic Beanstalk 操作的条件键 密钥可让您指定用于表达依赖项、限制权限的条件,或指定某一操作的输入参数约束。Elastic Beanstalk 支持以下键。 `InApplication` 指定相关应用程序,其中包含了供操作运行的资源。 以下示例允许 `UpdateApplicationVersion` 操作更新应用程序版本 **My Version** 的属性。`InApplication` 条件将 **My App** 指定为 **My Version** 的容器。 **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:UpdateApplicationVersion" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:applicationversion/My App/My Version" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:application/My App"] } } } ] } ``` `FromApplicationVersion` 将应用程序版本指定为输入参数的依赖项或约束。 以下示例允许 `UpdateEnvironment` 操作在应用程序 **My App** 中更新环境 **myenv**。`FromApplicationVersion` 条件会限制 `VersionLabel` 参数,仅允许应用程序版本 **My Version** 更新此环境。 **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:UpdateEnvironment" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:application/My App"], "elasticbeanstalk:FromApplicationVersion": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:applicationversion/My App/My Version"] } } } ] } ``` `FromConfigurationTemplate` 将配置模板指定为输入参数的依赖项或约束。 以下示例允许 `UpdateEnvironment` 操作在应用程序 **My App** 中更新环境 **myenv**。`FromConfigurationTemplate` 条件会限制 `TemplateName` 参数,仅允许配置模板 **My Template** 更新此环境。 **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:UpdateEnvironment" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/myenv" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:application/My App"], "elasticbeanstalk:FromConfigurationTemplate": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:configurationtemplate/My App/My Template"] } } } ] } ``` `FromEnvironment` 将环境指定为输入参数的依赖项或约束。 以下示例允许`SwapEnvironmentCNAMEs`操作交换名称以和开头的所有环境,**mydestenv**但不能交换名称以**mysrcenv**和开头的**mysrcenvPROD\***环境**mydestenvPROD\***。 CNAMEs **My App** **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:SwapEnvironmentCNAMEs" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/mysrcenv*", "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/mydestenv*" ], "Condition": { "ArnNotLike": { "elasticbeanstalk:FromEnvironment": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/mysrcenvPROD*", "arn:aws:elasticbeanstalk:us-east-2:123456789012:environment/My App/mydestenvPROD*" ] } } } ] } ``` `FromSolutionStack` 将解决方案堆栈指定为输入参数的依赖项或约束。 以下策略允许 `CreateConfigurationTemplate` 操作在应用程序 **My Template** 中创建名称以 `My Template*`(**My App**)开头的配置模板。`FromSolutionStack` 条件会限制 `solutionstack` 参数,仅允许将解决方案堆栈 **32bit Amazon Linux running Tomcat 7** 用作该参数的输入值。 **** ``` { "Version":"2012-10-17", "Statement": [ { "Action": [ "elasticbeanstalk:CreateConfigurationTemplate" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:us-east-2:123456789012:configurationtemplate/My App/My Template*" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:application/My App"], "elasticbeanstalk:FromSolutionStack": ["arn:aws:elasticbeanstalk:us-east-2::solutionstack/32bit Amazon Linux running Tomcat 7"] } } } ] } ``` `aws:ResourceTag/{{key-name}}``aws:RequestTag/{{key-name}}``aws:TagKeys` 指定基于标签的条件。有关详细信息,请参阅[使用标签控制对 Elastic Beanstalk 资源的访问策略中的标签条件示例](AWSHowTo.iam.policies.access-tags.md)。