tigris-iam
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseTigris IAM (Identity and Access Management)
Tigris IAM (身份与访问管理)
Policies
策略
Policies define permissions for access keys using AWS IAM-compatible JSON documents.
策略使用兼容AWS IAM的JSON文档为访问密钥定义权限。
tigris iam policies list
(alias: l
)
tigris iam policies listltigris iam policies list
(别名:l
)
tigris iam policies listlList all policies in the current organization.
bash
tigris iam policies list
tigris iam policies list --json| Flag | Alias | Description | Default |
|---|---|---|---|
| | Output format ( | |
| Output as JSON |
列出当前组织中的所有策略。
bash
tigris iam policies list
tigris iam policies list --json| 标志 | 别名 | 描述 | 默认值 |
|---|---|---|---|
| | 输出格式( | |
| 以JSON格式输出 |
tigris iam policies get [arn]
(alias: g
)
tigris iam policies get [arn]gtigris iam policies get [arn]
(别名:g
)
tigris iam policies get [arn]gShow details for a policy including its document and attached users. If no ARN is provided, shows interactive selection.
bash
tigris iam policies get
tigris iam policies get arn:aws:iam::org_id:policy/my-policy
tigris iam policies get --json| Flag | Alias | Description | Default |
|---|---|---|---|
| | Output format ( | |
| Output as JSON |
显示策略的详细信息,包括其文档和关联的用户。如果未提供ARN,则显示交互式选择界面。
bash
tigris iam policies get
tigris iam policies get arn:aws:iam::org_id:policy/my-policy
tigris iam policies get --json| 标志 | 别名 | 描述 | 默认值 |
|---|---|---|---|
| | 输出格式( | |
| 以JSON格式输出 |
tigris iam policies create <name>
(alias: c
)
tigris iam policies create <name>ctigris iam policies create <name>
(别名:c
)
tigris iam policies create <name>cCreate a new policy with a name and policy document. The document can be provided via file path, inline JSON, or stdin.
bash
tigris iam policies create my-policy --document policy.json
tigris iam policies create my-policy --document '{"Version":"2012-10-17","Statement":[...]}'
cat policy.json | tigris iam policies create my-policy| Flag | Alias | Description |
|---|---|---|
| | Policy document (JSON file path or inline JSON). Reads from stdin if omitted |
| Policy description |
创建一个带有名称和策略文档的新策略。文档可以通过文件路径、内联JSON或标准输入提供。
bash
tigris iam policies create my-policy --document policy.json
tigris iam policies create my-policy --document '{"Version":"2012-10-17","Statement":[...]}'
cat policy.json | tigris iam policies create my-policy| 标志 | 别名 | 描述 |
|---|---|---|
| | 策略文档(JSON文件路径或内联JSON)。如果省略则从标准输入读取 |
| 策略描述 |
tigris iam policies edit [arn]
(alias: e
)
tigris iam policies edit [arn]etigris iam policies edit [arn]
(别名:e
)
tigris iam policies edit [arn]eUpdate an existing policy's document. If no ARN is provided, shows interactive selection.
bash
tigris iam policies edit --document policy.json
tigris iam policies edit arn:aws:iam::org_id:policy/my-policy --document policy.json
cat policy.json | tigris iam policies edit arn:aws:iam::org_id:policy/my-policy| Flag | Alias | Description |
|---|---|---|
| | New policy document (JSON file path or inline JSON). Reads from stdin if omitted |
| Update policy description |
更新现有策略的文档。如果未提供ARN,则显示交互式选择界面。
bash
tigris iam policies edit --document policy.json
tigris iam policies edit arn:aws:iam::org_id:policy/my-policy --document policy.json
cat policy.json | tigris iam policies edit arn:aws:iam::org_id:policy/my-policy| 标志 | 别名 | 描述 |
|---|---|---|
| | 新的策略文档(JSON文件路径或内联JSON)。如果省略则从标准输入读取 |
| 更新策略描述 |
tigris iam policies delete [arn]
(alias: d
)
tigris iam policies delete [arn]dtigris iam policies delete [arn]
(别名:d
)
tigris iam policies delete [arn]dDelete a policy. If no ARN is provided, shows interactive selection.
bash
tigris iam policies delete
tigris iam policies delete arn:aws:iam::org_id:policy/my-policy --force| Flag | Description |
|---|---|
| Skip confirmation prompt |
删除策略。如果未提供ARN,则显示交互式选择界面。
bash
tigris iam policies delete
tigris iam policies delete arn:aws:iam::org_id:policy/my-policy --force| 标志 | 描述 |
|---|---|
| 跳过确认提示 |
Policy Document Format
策略文档格式
Policies use AWS IAM JSON format:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject"],
"Resource": ["arn:aws:s3:::my-bucket/*"]
}
]
}策略使用AWS IAM JSON格式:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject"],
"Resource": ["arn:aws:s3:::my-bucket/*"]
}
]
}Example Policies
示例策略
Read-only access to a bucket:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:ListBucket"],
"Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
}
]
}Write to a specific prefix:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:PutObject"],
"Resource": ["arn:aws:s3:::my-bucket/uploads/*"]
}
]
}Full bucket admin:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:*"],
"Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
}
]
}对存储桶的只读访问权限:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:ListBucket"],
"Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
}
]
}写入特定前缀:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:PutObject"],
"Resource": ["arn:aws:s3:::my-bucket/uploads/*"]
}
]
}存储桶完全管理员权限:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:*"],
"Resource": ["arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*"]
}
]
}Users
用户
Manage organization members and invitations.
管理组织成员和邀请。
tigris iam users list
(alias: l
)
tigris iam users listltigris iam users list
(别名:l
)
tigris iam users listlList all users and pending invitations in the organization.
bash
tigris iam users list
tigris iam users list --json| Flag | Alias | Description | Default |
|---|---|---|---|
| | Output format ( | |
| Output as JSON |
列出组织中的所有用户和待处理的邀请。
bash
tigris iam users list
tigris iam users list --json| 标志 | 别名 | 描述 | 默认值 |
|---|---|---|---|
| | 输出格式( | |
| 以JSON格式输出 |
tigris iam users invite <email>
(alias: i
)
tigris iam users invite <email>itigris iam users invite <email>
(别名:i
)
tigris iam users invite <email>iInvite users to the organization by email. Comma-separate for bulk invitations.
bash
tigris iam users invite user@example.com
tigris iam users invite user@example.com --role admin
tigris iam users invite user1@example.com,user2@example.com| Flag | Alias | Description | Default |
|---|---|---|---|
| | Role to assign ( | |
通过电子邮件邀请用户加入组织。使用逗号分隔可批量邀请。
bash
tigris iam users invite user@example.com
tigris iam users invite user@example.com --role admin
tigris iam users invite user1@example.com,user2@example.com| 标志 | 别名 | 描述 | 默认值 |
|---|---|---|---|
| | 分配的角色( | |
tigris iam users revoke-invitation [id]
(alias: ri
)
tigris iam users revoke-invitation [id]ritigris iam users revoke-invitation [id]
(别名:ri
)
tigris iam users revoke-invitation [id]riRevoke pending invitations. If no invitation ID is provided, shows interactive selection. Comma-separate for multiple.
bash
tigris iam users revoke-invitation
tigris iam users revoke-invitation invitation_id --force
tigris iam users revoke-invitation id1,id2,id3 --force| Flag | Description |
|---|---|
| Skip confirmation prompt |
撤销待处理的邀请。如果未提供邀请ID,则显示交互式选择界面。使用逗号分隔可撤销多个邀请。
bash
tigris iam users revoke-invitation
tigris iam users revoke-invitation invitation_id --force
tigris iam users revoke-invitation id1,id2,id3 --force| 标志 | 描述 |
|---|---|
| 跳过确认提示 |
tigris iam users update-role [id]
(alias: ur
)
tigris iam users update-role [id]urtigris iam users update-role [id]
(别名:ur
)
tigris iam users update-role [id]urUpdate user roles in the organization. If no user ID is provided, shows interactive selection. Comma-separate for multiple users.
bash
tigris iam users update-role --role admin
tigris iam users update-role user_id --role member
tigris iam users update-role id1,id2 --role admin
tigris iam users update-role id1,id2 --role admin,member| Flag | Alias | Description |
|---|---|---|
| | Role(s) to assign ( |
更新组织中的用户角色。如果未提供用户ID,则显示交互式选择界面。使用逗号分隔可批量更新多个用户。
bash
tigris iam users update-role --role admin
tigris iam users update-role user_id --role member
tigris iam users update-role id1,id2 --role admin
tigris iam users update-role id1,id2 --role admin,member| 标志 | 别名 | 描述 |
|---|---|---|
| | 分配的角色( |
tigris iam users remove [id]
(alias: rm
)
tigris iam users remove [id]rmtigris iam users remove [id]
(别名:rm
)
tigris iam users remove [id]rmRemove users from the organization. If no user ID is provided, shows interactive selection. Comma-separate for multiple.
bash
tigris iam users remove
tigris iam users remove user@example.com --force
tigris iam users remove user@example.com,user@example.net --force| Flag | Description |
|---|---|
| Skip confirmation prompt |
将用户从组织中移除。如果未提供用户ID,则显示交互式选择界面。使用逗号分隔可批量移除多个用户。
bash
tigris iam users remove
tigris iam users remove user@example.com --force
tigris iam users remove user@example.com,user@example.net --force| 标志 | 描述 |
|---|---|
| 跳过确认提示 |
Roles
角色
| Role | Description |
|---|---|
| Full access to all organization resources and settings |
| Limited access — can use buckets and objects but cannot manage organization settings |
| 角色 | 描述 |
|---|---|
| 拥有组织所有资源和设置的完全访问权限 |
| 有限访问权限——可以使用存储桶和对象,但无法管理组织设置 |