Logs when the policy is denying access?
0
Related to https://repost.aws/questions/QUukCQO7PLQceXJiDRjqxBbg/iam-resources-requires-region-and-account-id I had an incorrect policy that was accidentally denyting access to write to cloudwatch logs.
I could not see any indication that my policy was wrong or (failed) attempted accesses from Access Advisor. Is that to be expected?
Or is there some way to detect these security events in Cloudtrail?
demandé il y a un an232 vues
1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hi hendry,
You can see Deny events in CloudTrail. In the this document you can see the different ways to troubleshoot IAM permission problems, including a AWS CLI command to filter these events from AWS CloudTrail.
répondu il y a un an
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a un an
AWS OFFICIELA mis à jour il y a un an- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
