1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
According the documentation, IAM Identities (users, user groups, and roles), this is not possible.
A user group cannot be identified as a Principal in a resource-based policy.
The role trust policy is a resource-based policy.
You can achieve something similar using a condition in the trust policy that compares the tag on the role to the tag on the user.
"Condition": {
"StringEquals": {"aws:ResourceTag/project": "${aws:PrincipalTag/project}"}
}
Contenus pertinents
- demandé il y a un an
- demandé il y a un mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 3 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
Thank you, for the ones who have the same problem, there is a work - around, you can just define multiple users in the role trust policy, adding
"AWS": ["user","user2"]
in the policy. Very strange why AWS would not make it possible to do the same with groups tho.