您必須在 Amazon AWS 中設定具有 vRealize Automation 所需權限的認證,才能管理您的環境。

vRealize Automation 需要端點認證的存取金鑰,並且不支援使用者名稱和密碼。

  • Amazon Web Services 中的角色和權限授權

    AWS 中的進階使用者角色可為 AWS Directory Service 使用者或群組提供 AWS 服務和資源的完整存取權 (並非必要)。還支援具有較低權限的使用者角色。符合 vRealize Automation 功能需求的 AWS 安全性原則為:

    {
       "Version": "2012-10-17",
       "Statement": [{
          "Effect": "Allow",
          "Action": [
                    "ec2:DescribeInstances",
                    "ec2:DescribeImages",
                    "ec2:DescribeKeyPairs",
                    "ec2:DescribeVpcs",
                    "ec2:DescribeSubnets",
                    "ec2:DescribeSecurityGroups",
                    "ec2:DescribeVolumes",
                   
                    "ec2:DescribeVpcAttribute",
                    "ec2:DescribeAddresses",
                    "ec2:DescribeAvailabilityZones",
                    "ec2:DescribeImageAttribute",
                    "ec2:DescribeInstanceAttribute",
                    "ec2:DescribeVolumeStatus",
                    "ec2:DescribeVpnConnections",
                    "ec2:DescribeRegions",
                    "ec2:DescribeTags",
                    "ec2:DescribeVolumeAttribute",
                    "ec2:DescribeNetworkInterfaces",
                    "ec2:DescribeNetworkInterfaceAttribute",
    
                    "ec2:DisassociateAddress",
                    "ec2:GetPasswordData",
    
                    "ec2:ImportKeyPair",
                    "ec2:ImportVolume",
    
                    "ec2:CreateVolume",
                    "ec2:DeleteVolume",
                    "ec2:AttachVolume",
                    "ec2:ModifyVolumeAttribute",
                    "ec2:DetachVolume",
    
                    "ec2:AssignPrivateIpAddresses",
                    "ec2:UnassignPrivateIpAddresses",
    
                    "ec2:CreateKeyPair",
                    "ec2:DeleteKeyPair",
    
                    "ec2:CreateTags",
                    "ec2:AssociateAddress",
                    "ec2:ReportInstanceStatus",
                    "ec2:StartInstances",
                    "ec2:StopInstances",
                    "ec2:ModifyInstanceAttribute",
                    "ec2:MonitorInstances",
                    "ec2:RebootInstances",
                    "ec2:RunInstances",
                    "ec2:TerminateInstances",
                   
                    "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
                    "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
                    "elasticloadbalancing:DescribeLoadBalancerAttributes",
                    "elasticloadbalancing:DescribeLoadBalancers",
                    "elasticloadbalancing:DescribeInstanceHealth"
          ],
          "Resource": "*"
        }
    ]}

  • Amazon Web Services 中的驗證認證

    若要管理 Amazon Identity and Access Management (IAM) 使用者和群組,您必須以 AWS 完整存取管理員認證加以設定。

當您在 vRA 中建立 AWS 端點時,系統會提示您輸入金鑰和秘密金鑰。若要取得建立 Amazon 端點所需的存取金鑰,管理員必須從擁有 AWS 完整存取管理員認證的使用者處申請金鑰,或者另外使用 AWS 完整存取管理員原則加以設定。請參閱建立 Amazon 端點

如需啟用原則和角色的相關資訊,請參閱 Amazon Web Services 產品說明文件的<AWS Identity and Access Management (IAM)>一節。