2 Antworten
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
1
You can use the concept of a Token Vending Machine (see here to create dynamic policies for users when you federate it.
For the EC2 Role, see examples here: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html
beantwortet vor 2 Jahren
0
I was trying to set this up using Google Workspace, so pretty similar. I was hoping that setting a policy either in IAM Identity Center or directly on the secret if needed, using aws:PrincipalTag with a custom SAML attribute would do the trick. So far zero success, because of lack of knowledge I suppose. The solution of TVM is grossly overkill for my use case, is it the only way?
beantwortet vor 8 Monaten
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren