Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Logs when the policy is denying access?

0

Related to https://repost.aws/questions/QUukCQO7PLQceXJiDRjqxBbg/iam-resources-requires-region-and-account-id I had an incorrect policy that was accidentally denyting access to write to cloudwatch logs.

I could not see any indication that my policy was wrong or (failed) attempted accesses from Access Advisor. Is that to be expected?

Or is there some way to detect these security events in Cloudtrail?

Temas
Seguridad, identidad y cumplimiento
Etiquetas
AWS Identity and Access Management
Idioma
English
profile picture
hendry
preguntada hace un año232 visualizaciones
1 Respuesta
0

Hi hendry,

You can see Deny events in CloudTrail. In the this document you can see the different ways to troubleshoot IAM permission problems, including a AWS CLI command to filter these events from AWS CloudTrail.

AWS
Pablo Guzman
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante