您在此處：建立保護資料的計劃 > 如何建立 Virtual Standby 至 AWS EC2 計劃 > 檢閱先決條件與注意事項 > 對具有 VSB 至 EC2 的 IAM 使用者配置 IAM 細微權限

對具有 VSB 至 EC2 的 IAM 使用者配置 IAM 細微權限

本節說明在 Amazon EC2 網頁服務內的 VSB 雲端 Proxy 上安裝 Arcserve UDP 代理程式所需的步驟和 API 權限原則。這些權限可協助您執行資料傳輸與 Virtual Standby 至 AWS EC2 雲端所需的動作。

您可以使用程序，協助 Amazon IAM 使用者取得控制以及與 AWS API 的互動。權限原則不只直接套用到使用者，也套用到 Amazon 網頁服務內 IAM 安全性介面內的角色和群組。

請採取以下步驟：

以管理員身分登入 Amazon 網頁服務。

選取 [我的安全性憑證]、按一下左側的 [使用者]，然後按一下 [建立新的使用者] 按鈕。

輸入所需的使用者名稱。
附註：驗證是否已選取 [產生每個使用者的存取金鑰] 的選項。
按一下 [建立] 按鈕。
按一下 [下載憑證]。
憑證包含您的存取金鑰以及稍後您在 UDP 主控台內需要的密碼。
從 [使用者] 檢視中，選取使用者清單中的使用者，然後按一下底端的 [權限] 索引標籤。
從 [自訂原則] 選項中，建立使用者的內部自訂原則。

輸入原則的名稱，然後在原則文件中貼上下列內容。
{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "Stmt1477881304097",

"Action": [

"ec2:AssignPrivateIpAddresses",

"ec2:AssociateAddress",

"ec2:AttachNetworkInterface",

"ec2:AttachVolume",

"ec2:AuthorizeSecurityGroupEgress",

"ec2:AuthorizeSecurityGroupIngress",

"ec2:CreateNetworkInterface",

"ec2:CreateSnapshot",

"ec2:CreateTags",

"ec2:CreateVolume",

"ec2:DeleteNetworkInterface",

"ec2:DeleteSnapshot",

"ec2:DeleteTags",

"ec2:DeleteVolume",

"ec2:DescribeAccountAttributes",

"ec2:DescribeAddresses",

"ec2:DescribeAvailabilityZones",

"ec2:DescribeBundleTasks",

"ec2:DescribeClassicLinkInstances",

"ec2:DescribeConversionTasks",

"ec2:DescribeCustomerGateways",

"ec2:DescribeDhcpOptions",

"ec2:DescribeExportTasks",

"ec2:DescribeFlowLogs",

"ec2:DescribeHosts",

"ec2:DescribeHostReservations",

"ec2:DescribeHostReservationOfferings",

"ec2:DescribeIdentityIdFormat",

"ec2:DescribeIdFormat",

"ec2:DescribeImageAttribute",

"ec2:DescribeImages",

"ec2:DescribeImportImageTasks",

"ec2:DescribeImportSnapshotTasks",

"ec2:DescribeInstanceAttribute",

"ec2:DescribeInstanceStatus",

"ec2:DescribeInstances",

"ec2:DescribeInternetGateways",

"ec2:DescribeKeyPairs",

"ec2:DescribeMovingAddresses",

"ec2:DescribeNatGateways",

"ec2:DescribeNetworkAcls",

"ec2:DescribeNetworkInterfaceAttribute",

"ec2:DescribeNetworkInterfaces",

"ec2:DescribePlacementGroups",

"ec2:DescribePrefixLists",

"ec2:DescribeRegions",

"ec2:DescribeReservedInstances",

"ec2:DescribeReservedInstancesListings",

"ec2:DescribeReservedInstancesModifications",

"ec2:DescribeReservedInstancesOfferings",

"ec2:DescribeRouteTables",

"ec2:DescribeSecurityGroups",

"ec2:DescribeSnapshotAttribute",

"ec2:DescribeSnapshots",

"ec2:DescribeSpotDatafeedSubscription",

"ec2:DescribeSpotFleetInstances",

"ec2:DescribeSpotFleetRequestHistory",

"ec2:DescribeSpotFleetRequests",

"ec2:DescribeSpotInstanceRequests",

"ec2:DescribeSpotPriceHistory",

"ec2:DescribeStaleSecurityGroups",

"ec2:DescribeSubnets",

"ec2:DescribeTags",

"ec2:DescribeVolumeAttribute",

"ec2:DescribeVolumeStatus",

"ec2:DescribeVolumes",

"ec2:DescribeVpcAttribute",

"ec2:DescribeVpcClassicLink",

"ec2:DescribeVpcEndpointServices",

"ec2:DescribeVpcEndpoints",

"ec2:DescribeVpcPeeringConnections",

"ec2:DescribeVpcs",

"ec2:DescribeVpnConnections",

"ec2:DescribeVpnGateways",

"ec2:DetachClassicLinkVpc",

"ec2:DetachInternetGateway",

"ec2:DetachNetworkInterface",

"ec2:DetachVolume",

"ec2:DetachVpnGateway",

"ec2:DisableVgwRoutePropagation",

"ec2:DisableVpcClassicLink",

"ec2:DisableVpcClassicLinkDnsSupport",

"ec2:DescribeVpcClassicLinkDnsSupport",

"ec2:DetachNetworkInterface",

"ec2:DetachVolume",

"ec2:DisassociateAddress",

"ec2:ModifyInstanceAttribute",

"ec2:ModifyNetworkInterfaceAttribute",

"ec2:ModifySnapshotAttribute",

"ec2:ModifySubnetAttribute",

"ec2:ModifyVolumeAttribute",

"ec2:RevokeSecurityGroupEgress",

"ec2:RevokeSecurityGroupIngress",

"ec2:RunInstances",

"ec2:StartInstances",

"ec2:StopInstances",

"ec2:TerminateInstances"

"Effect": "Allow",

"Resource": [

"*"

]

{

"Sid": "Stmt1477880716900",

"Action": [

"s3:CreateBucket",

"s3:DeleteBucket",

"s3:DeleteObject",

"s3:GetObject",

"s3:ListBucket",

"s3:PutObject"

"Effect": "Allow",

"Resource": [

"*"

]

{

"Sid": "Stmt1477883239716",

"Action": [

"iam:GetUser"

"Effect": "Allow",

"Resource": [

"*"

]

}

]

}

按一下 [套用原則]。

在 UDP 主控台中，使用此 IAM 使用者的存取金鑰與安全性存取金鑰，來建立 VSB 至 EC2 計劃。