En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Prevent function deletion

0

Hello, I was looking to prevent certain functions from being deleted unless the user is in a specific group. Would some form of an SCP or IAM policy be best here?

Sujets
Sans serveurCalcul
Balises
AWS Lambda
Langue
English
branney
demandé il y a 9 mois249 vues
1 réponse
1

Hello.
As you recognize, the guardrails at SCP are effective.
You can limit Lambda deletion by configuring SCP to allow only specific IAM users, groups, roles, and SSO permission sets.
For example, the following condition would allow only a specific set of SSO permissions to operate.

      "Condition": {
        "ArnNotLike": {
          "aws:PrincipalArn": [
            "arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/ap-northeast-1/AWSReservedSSO_Access permission set_*"
          ]
        }
      }
profile picture
EXPERT
Riku_Kobayashi
répondu il y a 9 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents