En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Using Amazon service control policy to restrict Amazon Workspaces with encypted volumes

0

I'm trying to create a service control policy to restrict creating Amazon Workspaces only with encrypted volumes. For example:

{
	"Effect": "Deny",
	"Action": [
		"workspaces:CreateWorkspaces"
	],
	"Condition": {
		"ForAnyValues:Bool": [
		        {"workspaces:UserVolumeEncryptionEnabled": "false"},
	            {"workspaces:RootVolumeEncryptionEnabled": "false"}
	    ]
	},
	"Resource": [
		"*"
	]
}

However, the service control policy editor gives me an error: "The provided policy document does not meet the requirements of the specified policy type." Why is this happening?

Sujets
Informatique des utilisateurs finaux
Balises
Amazon WorkSpaces
Langue
English
Phil_S
demandé il y a 4 ans245 vues
1 réponse
0
Réponse acceptée

Amazon WorkSpaces doesn't have any service level condition keys that you can use with a service control policy. Therefore, specifying the "workspaces:userVolumeEncryptionEnabled" as a condition in your policy will cause an error. For more information, see Specify WorkSpaces resources in an IAM policy.

profile pictureAWS
EXPERT
Dzung_N
répondu il y a 4 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents