1. 首頁
  2. 問答
  3. 更新和部署Elastic Beanstalk應用程序所需的最低策略是什麼?

更新和部署Elastic Beanstalk應用程序所需的最低策略是什麼?

2016-02-19 15 views

回答

0

這IAM策略提供了所有必要的權限執行「上傳和部署」功能:在指定的彈性魔豆環境

  • 一個新的應用程序版本

替換以下:

  • 替換$地區與特定區域,例如:美國東1
  • 替換$帳戶的帳號(不含破折號),例如: 123456789012
  • 用特定應用替換$ APPLICATION,例如:我的豆杆應用
  • 用特定環境替換$ ENVIRONMENT,例如:My Beanstalk環境

節點:如果您將日誌推送到CloudWatch,則需要額外的策略。

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
    { 
     "Sid": "AllowAutoscalingSuspendAndResumeProcesses", 
     "Action": [ 
     "autoscaling:SuspendProcesses", 
     "autoscaling:ResumeProcesses" 
     ], 
     "Effect": "Allow", 
     "Resource": [ 
     "*" 
     ] 
    }, 
    { 
     "Sid": "AllowElasticBeanstalkValidateConfigurationSettings", 
     "Action": [ 
     "elasticbeanstalk:ValidateConfigurationSettings" 
     ], 
     "Effect": "Allow", 
     "Resource": [ 
     "arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:environment/$APPLICATION/$ENVIRONMENT" 
     ], 
     "Condition": { 
     "StringEquals": { 
      "elasticbeanstalk:InApplication": [ 
      "arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:application/$APPLICATION" 
      ] 
     } 
     } 
    }, 
    { 
     "Sid": "AllowS3PutAndDeleteObjectInProperBucket", 
     "Action": [ 
     "s3:Put*", 
     "s3:Delete*" 
     ], 
     "Effect": "Allow", 
     "Resource": [ 
     "arn:aws:s3:::elasticbeanstalk-$REGION-$ACCOUNT/*" 
     ] 
    }, 
    { 
     "Sid": "AllowElasticBeanstalkCreateStorageLocation", 
     "Action": [ 
     "elasticbeanstalk:CreateStorageLocation" 
     ], 
     "Effect": "Allow", 
     "Resource": "*" 
    }, 
    { 
     "Sid": "AllowElasticBeanstalkCreateApplicationVersion", 
     "Action": [ 
     "elasticbeanstalk:CreateApplicationVersion" 
     ], 
     "Effect": "Allow", 
     "Resource": [ 
     "arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:applicationversion/$APPLICATION/*" 
     ], 
     "Condition": { 
     "StringEquals": { 
      "elasticbeanstalk:InApplication": [ 
      "arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:application/$APPLICATION" 
      ] 
     } 
     } 
    }, 
    { 
     "Sid": "AllowElasticBeanstalkUpdateEnvironment", 
     "Action": [ 
     "elasticbeanstalk:UpdateEnvironment" 
     ], 
     "Effect": "Allow", 
     "Resource": [ 
     "arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:environment/$APPLICATION/$ENVIRONMENT" 
     ], 
     "Condition": { 
     "StringEquals": { 
      "elasticbeanstalk:InApplication": [ 
      "arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:application/$APPLICATION" 
      ] 
     }, 
     "StringLike": { 
      "elasticbeanstalk:FromApplicationVersion": [ 
      "arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:applicationversion/$APPLICATION/*" 
      ] 
     } 
     } 
    }, 
    { 
     "Sid": "AllowElasticBeanstalkReadOnlyAccess", 
     "Effect": "Allow", 
     "Action": [ 
     "elasticbeanstalk:Check*", 
     "elasticbeanstalk:Describe*", 
     "elasticbeanstalk:List*", 
     "elasticbeanstalk:RequestEnvironmentInfo", 
     "elasticbeanstalk:RetrieveEnvironmentInfo", 
     "ec2:Describe*", 
     "elasticloadbalancing:Describe*", 
     "autoscaling:Describe*", 
     "cloudwatch:Describe*", 
     "cloudwatch:List*", 
     "cloudwatch:Get*", 
     "s3:Get*", 
     "s3:List*", 
     "sns:Get*", 
     "sns:List*", 
     "cloudformation:Describe*", 
     "cloudformation:Get*", 
     "cloudformation:List*", 
     "cloudformation:Validate*", 
     "cloudformation:Estimate*", 
     "rds:Describe*", 
     "sqs:Get*", 
     "sqs:List*" 
     ], 
     "Resource": "*" 
    } 
    ] 
}

來源

2016-02-19 13:33:15

相關問題

 相關問題