Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Prevent function deletion

0

Hello, I was looking to prevent certain functions from being deleted unless the user is in a specific group. Would some form of an SCP or IAM policy be best here?

Temas
Sin servidorCálculo
Etiquetas
AWS Lambda
Idioma
English
branney
preguntada hace 9 meses249 visualizaciones
1 Respuesta
1

Hello.
As you recognize, the guardrails at SCP are effective.
You can limit Lambda deletion by configuring SCP to allow only specific IAM users, groups, roles, and SSO permission sets.
For example, the following condition would allow only a specific set of SSO permissions to operate.

      "Condition": {
        "ArnNotLike": {
          "aws:PrincipalArn": [
            "arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/ap-northeast-1/AWSReservedSSO_Access permission set_*"
          ]
        }
      }
profile picture
EXPERTO
Riku_Kobayashi
respondido hace 9 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante