AWS IAM Roles with additive permissions?

0

We'd have an IAM role that allows users to view specific operational cloudwatch logs with sensitive information.

This works, but since the role only grants access to the logs, the user cant perform other tasks while they have assumed the role.

Is there a way to make a role additive, i.e. it grants access to view cloudwatch logs, AND have all the permissions the user has through their groups?

preguntada hace un año229 visualizaciones
1 Respuesta
0

Afraid that this is the limitation of assuming roles. You’d have to build a role with all the permissions required via a combination of multiple or a singular policy.

profile picture
EXPERTO
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas