1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hello.
I checked the IAM policy diff.
As you can see from the results below, it seems that "autoscaling:Describe*" and "sns:*" are restricted.
Since I had full access to SNS, I think that if I set it to "CloudWatchFullAccessV2", I would not be able to delete anything.
With AutoScaling, "DescribeLifecycleHooks" is removed, so you will no longer be able to see the lifecycle settings from the screen.
diff CloudWatchFullAccess.json CloudWatchFullAccessV2.json
4a5
> "Sid": "CloudWatchFullAccessPermissions",
7c8,10
< "autoscaling:Describe*",
---
> "application-autoscaling:DescribeScalingPolicies",
> "autoscaling:DescribeAutoScalingGroups",
> "autoscaling:DescribePolicies",
10c13,17
< "sns:*",
---
> "sns:CreateTopic",
> "sns:ListSubscriptions",
> "sns:ListSubscriptionsByTopic",
> "sns:ListTopics",
> "sns:Subscribe",
18a26
> "Sid": "EventsServicePermissions",
28a37
> "Sid": "OAMReadPermissions",
Contenus pertinents
- demandé il y a 9 mois
- demandé il y a un an
- Réponse acceptéedemandé il y a 8 mois
- demandé il y a 3 mois
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans