source-dest-check- Indicates whether the network interface performs source/destination checking. A value oftruemeans checking is enabled, andfalsemeans checking is disabled. The value must befalsefor the network interface to perform network address translation (NAT) in your VP...
由于“万能 BFF”使用了 serverless,因此只需要在serverless.yml文件中添加如下内容: iamRoleStatements:-Effect:AllowAction:-"ec2:CreateNetworkInterface"-"ec2:DescribeNetworkInterfaces"-"ec2:DeleteNetworkInterface"Resource:"*" 详见提交:https://github.com/Jeff-Tian/serverless-space/commit/753f7aae3e59872dc14c...
ec2:CreateNetworkInterface ec2:DescribeNetworkInterfaces ec2:DeleteNetworkInterface 这些权限(permission)已经包含在AWS managed policy “AWSLambdaVPCAccessExecutionRole”中。 当我们在创建或者修改Lambda函数,如果需要对VPC配置进行修改,那么我们的AWS用户需要有以下权限(Lambda服务使用我们的AWS用户权限对函数的VPC配置进行...
定义安全组 “SAP” 对 SAP S/4 HANA进行隔离保护,即只允许来自安全组 “SAP Proxy” 的 Lambda 函数访问 OData API。 必须为 VPC 中的 Lambda 函数分配网络接口即 ENI (Elastic Network Interfaces) ,因此,需要定义 AWS IAM 权限策略,授予 Lambda 函数管理 ENI 的权限。 在Amazon CloudWatch Logs 创建Flow L...
DescribeAddresses", "ec2:CreateTags", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAvailabilityZones" ], "Resource": "*", "Effect": "Allow", AWS ParallelCluster 实例和用户策略示例 54 AWS ParallelCluster "Sid": "EC2Describe" }, { "Action": [ "ec2:CreateVpc", "ec2:ModifyVpcAttribute", ...
ec2:DescribeNetworkInterfaces ec2:DescribeVpcs ec2:DeleteNetworkInterface ec2:DescribeSubnets ec2:DescribeSecurityGroups By default, Lambda does not perform the required or optional actions for a self-managed Kafka cluster. You need to define the requirements in an identity and access management (IAM)tru...
DescribeVolumes", "ec2:ModifyVolumeAttribute", "ec2:CreateSecurityGroup", "ec2:DescribeSecurityGroups", "ec2:RevokeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:RevokeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces",...
[ "logs:CreateLogStream", "cloudwatch:", "s3:", "ec2:AssociateRouteTable", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DescribeRouteTables", "ec2:DescribeVpcs", "ec2:ReplaceRoute", "ec2:DescribeRegions", "ec2:DescribeNetwork...
AttachNetworkInterface" "ec2:AssignPrivateIpAddresses" "ec2:UnassignPrivateIpAddresses" "ec2:CreateNetworkInterface" "ec2:DescribeNetworkInterfaces" "ec2:DetachNetworkInterface" "ec2:DeleteNetworkInterface" "ec2:ModifyNetworkInterfaceAttribute" "ec2:DescribeInstanceTypes" "ec2:DescribeVpcs" "ec2:DescribeVpcPeering...
Used to configure the MTU size for pod virtual interfaces. The valid range for IPv4 is from576to9001, while the valid range for IPv6 is from1280to9001. WARM_ENI_TARGET Type: Integer as a String Default:1 Specifies the number of free elastic network interfaces (and all of their available...