Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

IAM Statement for adding/managing tags on resources

0

Hello! I'm trying to add IAM permissions so that I can manage tags for some resources, but some have an error (Invalid Action, the action doesn't exist), such as ELB, CloudWatch log groups and Route53. I tried the following IAM:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
              "elasticloadbalancing: AddTags",
              "elasticloadbalancing: RemoveTags",
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
              "logs: TagLogGroup",
              "logs: UntagLogGroup",
               "logs: TagResource",
               "logs: UntagResource",
      ],
      "Resource": "*"
    },
   {
      "Effect": "Allow",
      "Action": [
              "route53:ChangeTagsForResource",
              "route53:ListTagsForResource",
              "route53:DeleteTagsForDomain",
              "route53:ListTagsForDomain",
              "route53:TagResource",
              "route53:UntagResource",
      ],
      "Resource": "*"
    }

I saw that for Load Balancer I can't add tags if I don't have permission to create target group (CreateTargetGroup) and load balancer (CreateLoadBalancer). Do I need these two permissions or is just CreateTargetGroup enough? What would the log groups and route 53 statement look like? Thanks!

Themen
Sicherheit, Identität & KonformitätVernetzung & Bereitstellung von InhaltenManagement & Unternehmensführung
Tags
AWS Identity and Access ManagementElastic Load BalancingAmazon Route 53IAM-RichtlinienLog-Gruppen
Sprache
English
natte
gefragt vor 5 Monaten223 Aufrufe
1 Antwort
0

There are some format errors here. the action names should not have spaces between the service namespace and the action name. Remove the spaces between "elasticloadbalancing:" and "AddTags"/"RemoveTags" for the ELB-related actions. Also, ensure that there is a comma between each action within the list, but no comma at the end of array.

I took another another look and I found there are no actions of types:

"route53:DeleteTagsForDomain",

"route53:ListTagsForDomain",

"route53:TagResource",

"route53:UntagResource"

I corrected the policy. Try it and let me know

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticloadbalancing:AddTags",
                "elasticloadbalancing:RemoveTags"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "logs: TagLogGroup",
                "logs: UntagLogGroup",
                "logs:TagResource",
                "logs:UntagResource"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "route53:ChangeTagsForResource",
                "route53:ListTagsForResource",
                "route53domains:UpdateTagsForDomain",
                "route53domains:ListTagsForDomain",
                "route53domains:DeleteTagsForDomain"
            ],
            "Resource": "*"
        }
    ]
}
profile pictureAWS
AmerO
beantwortet vor 5 Monaten
profile picture
EXPERTE
Gary Mclean
überprüft vor 5 Monaten
profile picture
EXPERTE
Kallu
überprüft vor 5 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt