将 Portal for ArcGIS 内容目录存储在 S3 存储段中

要将 Portal for ArcGIS 内容目录存储在 Amazon Simple Storage Service (S3) 存储段中，您需要一个具有以下 IAM 策略的 IAM 用户或角色：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "<statement-id>",
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:PutObject",
                "s3:ListBucket",
                "s3:CreateBucket",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::<portal-content-bucket-name>/*",
                "arn:aws:s3:::<portal-content-bucket-name>"
            ]
        }
    ]
}

将 ArcGIS Server 配置存储存储在 S3 和 DynamoDB 中

要使用 AWS 服务存储 ArcGIS Server 配置存储，您需要一个具有以下 IAM 策略的 IAM 用户或角色：

{  
   "Version":"2012-10-17",
   "Statement":[  
      {  
         "Sid":"<statement-id1>",
         "Action":[  
            "s3:ListBucket",
            "s3: ListMultipartUploadParts",
            "s3:GetBucketAct",
            "s3:GetBucketLocation",
            "s3:GetBucketPolicy",
            "s3:GetObject",
            "s3:GetLifecycleConfiguration",
            "s3:DeleteObjectTagging",
            "s3:PutBucketTagging",
            "s3:PutObjectTagging",
            "s3:CreateBucket",
            "s3:DeleteBucket",
            "s3:DeleteObject",
            "s3:PutObject",
            "s3:PutLifecycleConfiguration"
         ],
         "Effect":"Allow",
         "Resource":[  
            "arn:aws:s3:::arcgis-config-store-*",
            "arn:aws:s3:::arcgis-config-store-*/*"
         ]
      },
      {  
         "Sid":"<statement-id2>",
         "Action":[  
            "dynamodb:DescribeTable",
            "dynamodb:GetItem",
            "dynamodb:GetRecords",
            "dynamodb:Query",
            "dynamodb:CreateTable",
            "dynamodb:DeleteItem",
            "dynamodb:DeleteTable",
            "dynamodb:ListTables",
            "dynamodb:PutItem",
            "dynamodb:Scan",
            "dynamodb:UpdateItem",
            "dynamodb:UpdateTable",
            "dynamodb:TagResource",
            "dynamodb:UntagResource"
         ],
         "Effect":"Allow",
         "Resource":[
            "arn:aws:dynamodb:*:*:table/*"
         ]
      },
   ]
}

将 S3 存储段用作对象存储

要将 S3 存储段注册为 ArcGIS Enterprise 部署的系统对象存储，您的 IAM 用户或角色至少需要具有以下 IAM 策略：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "<statement-id>",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:ListMultipartUploadParts",
                "s3:GetBucketAcl",
                "s3:GetBucketLocation",
                "s3:GetBucketPolicy",
                "s3:GetObject",
                "S3:GetLifecycleConfiguration",
                "s3:DeleteObjectTagging",
                "s3:PutBucketTagging",
                "s3:PutObjectTagging",
                "s3:CreateBucket",
                "s3:DeleteBucket",
                "s3:DeleteObject",
                "s3:PutObject",
                "S3:PutLifecycleConfiguration"
            ],
            "Resource": [
                "arn:aws:s3:::<object-bucket-name>/*",
                "arn:aws:s3:::<object-bucket-name>"
            ]
        }
    ]
}

将缓存存储在 S3 存储段中

要将 S3 存储段注册为云存储以用于存储和访问地图和图像缓存，您的 IAM 用户或角色至少需要具有以下 IAM 策略：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "<statement-id>",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:ListMultipartUploadParts",
                "s3:GetBucketAcl",
                "s3:GetObjectVersion",
                "s3:GetLifecycleConfiguration",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::<cache-bucket-name>/*",
                "arn:aws:s3:::<cache-bucket-name>"
            ]
        }
    ]
}

将 S3 存储段用作栅格存储

要将 S3 存储段注册为栅格存储，您的 IAM 用户或角色至少需要具有以下 IAM 策略：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "<statement-id>",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:GetBucketAcl",
                "s3:GetObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::<raster-store-bucket-name>/*",
                "arn:aws:s3:::<raster-store-bucket-name>"
            ]
        }
    ]
}

为 webgisdr 实用程序生成的备份使用 S3 存储段。

如果您使用随 Portal for ArcGIS 安装的 webgisdr 实用程序在 AWS 上的 S3 存储段中创建备份，则您的 IAM 用户或角色需要用于创建备份文件的策略和用于从这些备份文件恢复部署的策略。

以下是使用 webgisdr 实用程序在 S3 存储段中创建备份所需的最低策略设置：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "<statement-id>",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:GetBucketAcl",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::<webgisdr-bucket-name>",
                "arn:aws:s3:::<portal-content-backup-bucket-name>",
                "arn:aws:s3:::<webgisdr-bucket-name>/*",
                "arn:aws:s3:::<portal-content-backup-bucket-name>/*"
            ]
        }
    ]
}

以下是使用 webgisdr 实用程序从存储在 S3 存储段中的备份文件恢复部署所需的最低策略设置：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "<statement-id>",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket",
                "s3:GetBucketAcl",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::<webgisdr-bucket-name>",
                "arn:aws:s3:::<portal-content-backup-bucket-name>",
                "arn:aws:s3:::<webgisdr-bucket-name>/*",
                "arn:aws:s3:::<portal-content-backup-bucket-name>/*"
            ]
        }
    ]
}