Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Cloudwatchfullaccessv2

0

As cloudwatchfullaccess policy is deprecating we have two usergroups attached for this policy and no iam roles, iam users were attached. Can I directly go ahead and detach this policy and attach cloudwatchfullaccessv2 to these user groups? How can I do testing to make sure this new policy is working fine?

Themen
Sicherheit, Identität & Konformität
Tags
AWS Identity and Access Management
Sprache
English
AWSquery
gefragt vor 7 Monaten347 Aufrufe
1 Antwort
0

Hello.

I checked the IAM policy diff.
As you can see from the results below, it seems that "autoscaling:Describe*" and "sns:*" are restricted.
Since I had full access to SNS, I think that if I set it to "CloudWatchFullAccessV2", I would not be able to delete anything.
With AutoScaling, "DescribeLifecycleHooks" is removed, so you will no longer be able to see the lifecycle settings from the screen.

diff CloudWatchFullAccess.json CloudWatchFullAccessV2.json
4a5
>             "Sid": "CloudWatchFullAccessPermissions",
7c8,10
<                 "autoscaling:Describe*",
---
>                 "application-autoscaling:DescribeScalingPolicies",
>                 "autoscaling:DescribeAutoScalingGroups",
>                 "autoscaling:DescribePolicies",
10c13,17
<                 "sns:*",
---
>                 "sns:CreateTopic",
>                 "sns:ListSubscriptions",
>                 "sns:ListSubscriptionsByTopic",
>                 "sns:ListTopics",
>                 "sns:Subscribe",
18a26
>             "Sid": "EventsServicePermissions",
28a37
>             "Sid": "OAMReadPermissions",
profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor 7 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt