Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Cloudwatchfullaccessv2

0

As cloudwatchfullaccess policy is deprecating we have two usergroups attached for this policy and no iam roles, iam users were attached. Can I directly go ahead and detach this policy and attach cloudwatchfullaccessv2 to these user groups? How can I do testing to make sure this new policy is working fine?

Temas
Seguridad, identidad y cumplimiento
Etiquetas
AWS Identity and Access Management
Idioma
English
AWSquery
preguntada hace 7 meses334 visualizaciones
1 Respuesta
0

Hello.

I checked the IAM policy diff.
As you can see from the results below, it seems that "autoscaling:Describe*" and "sns:*" are restricted.
Since I had full access to SNS, I think that if I set it to "CloudWatchFullAccessV2", I would not be able to delete anything.
With AutoScaling, "DescribeLifecycleHooks" is removed, so you will no longer be able to see the lifecycle settings from the screen.

diff CloudWatchFullAccess.json CloudWatchFullAccessV2.json
4a5
>             "Sid": "CloudWatchFullAccessPermissions",
7c8,10
<                 "autoscaling:Describe*",
---
>                 "application-autoscaling:DescribeScalingPolicies",
>                 "autoscaling:DescribeAutoScalingGroups",
>                 "autoscaling:DescribePolicies",
10c13,17
<                 "sns:*",
---
>                 "sns:CreateTopic",
>                 "sns:ListSubscriptions",
>                 "sns:ListSubscriptionsByTopic",
>                 "sns:ListTopics",
>                 "sns:Subscribe",
18a26
>             "Sid": "EventsServicePermissions",
28a37
>             "Sid": "OAMReadPermissions",
profile picture
EXPERTO
Riku_Kobayashi
respondido hace 7 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante