En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Can I use IAM condition keys for iam:*ServiceSpecificCredential to only allow creation of CodeCommit credentials?

1

I am looking to allow people to create service specific credentials but want to restrict them to only being able to create credentials for the CodeCommit service. I see the "Resource": "arn:aws:iam::*:user/${aws:username}" restriction in many of the example policies, and in the sample response I see the <ServiceName> constraint in the JSON return. What I can't find though is if there's a way in the IAM policy granting permission to restrict authorization to just allowing CodeCommit credentials, as opposed to Amazon Keyspaces.

Is there a condition available to restrict this access? Thank you.

Sujets
Outils de développementSécurité, identité et conformité
Balises
AWS CodeCommitGestion des identités et des accès AWSPolitiques IAM
Langue
English
mikewest82
demandé il y a un an228 vues
1 réponse
0

Unfortunately the documentation doesn't list any Conditions supported by that API method, which suggests you cannot limit it to just CodeCommit credentials (and not Keyspaces).

Depending on if you actually use Keyspaces, could you potentially deny the users access to Keyspaces in the same policy, so that any created credentials would be useless?

profile picture
rowanu
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents