1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
0
Hello.
I checked the IAM policy diff.
As you can see from the results below, it seems that "autoscaling:Describe*" and "sns:*" are restricted.
Since I had full access to SNS, I think that if I set it to "CloudWatchFullAccessV2", I would not be able to delete anything.
With AutoScaling, "DescribeLifecycleHooks" is removed, so you will no longer be able to see the lifecycle settings from the screen.
diff CloudWatchFullAccess.json CloudWatchFullAccessV2.json
4a5
> "Sid": "CloudWatchFullAccessPermissions",
7c8,10
< "autoscaling:Describe*",
---
> "application-autoscaling:DescribeScalingPolicies",
> "autoscaling:DescribeAutoScalingGroups",
> "autoscaling:DescribePolicies",
10c13,17
< "sns:*",
---
> "sns:CreateTopic",
> "sns:ListSubscriptions",
> "sns:ListSubscriptionsByTopic",
> "sns:ListTopics",
> "sns:Subscribe",
18a26
> "Sid": "EventsServicePermissions",
28a37
> "Sid": "OAMReadPermissions",
Contenido relevante
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años