1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
1
Hello.
I think the policy would probably be something like this:
When you look at the document table for "iot:CreateKeysAndCertificate", the resource is blank, so you cannot set anything other than "*".
"iot:CreatePolicyVersion" allows you to specify "aws:ResourceTag" when the resource is "policy*", so I thought it would be as follows.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html
{
"Version": "20212-10-17",
"Statement": [
{
"Sid": "IOTPermissions",
"Effect": "Allow",
"Action": [
"iot:CreateKeysAndCertificate"
],
"Resource": "*"
},
{
"Sid": "test",
"Effect": "Allow",
"Action": [
"iot:CreatePolicyVersion"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Department": "FinanceTeam"
}
}
}
]
}
Contenido relevante
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace un año