2.4. 最低需要的服务控制策略 (SCP)
服务控制策略 (SCP) 管理由客户自己负责。这些策略在 AWS 机构中维护,并控制附加的 AWS 帐户中可用服务。
| 必需/可选 | 服务 | Actions | 效果 |
|---|---|---|---|
| 必需 | Amazon EC2 | All | Allow |
| Amazon EC2 自动扩展 | All | Allow | |
| Amazon S3 | All | Allow | |
| 身份和访问管理 | All | Allow | |
| Elastic Load Balancing | All | Allow | |
| Elastic Load Balancing V2 | All | Allow | |
| Amazon CloudWatch | All | Allow | |
| Amazon CloudWatch Events | All | Allow | |
| Amazon CloudWatch Logs | All | Allow | |
| AWS Support | All | Allow | |
| AWS 密钥管理服务 | All | Allow | |
| AWS 安全令牌服务 | All | Allow | |
| AWS Resource Tagging | All | Allow | |
| AWS Route53 DNS | All | Allow | |
| AWS Service Quotas | ListServices GetRequestedServiceQuotaChange GetServiceQuota RequestServiceQuotaIncrease ListServiceQuotas | Allow | |
| 选填 | AWS Billing | ViewAccount Viewbilling ViewUsage | Allow |
| AWS 成本和使用量报告 | All | Allow | |
| AWS Cost Explorer Services | All | Allow |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"autoscaling:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"cloudwatch:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"events:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"logs:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"support:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"kms:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"sts:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"tag:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"servicequotas:ListServices",
"servicequotas:GetRequestedServiceQuotaChange",
"servicequotas:GetServiceQuota",
"servicequotas:RequestServiceQuotaIncrease",
"servicequotas:ListServiceQuotas"
],
"Resource": [
"*"
]
}
]
}