1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
You can create a custom IAM policy named "all-users" with the following JSON policy document to achieve the requirements:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:ListMFADevices",
"iam:ListVirtualMFADevices"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"iam:CreateVirtualMFADevice",
"iam:EnableMFADevice",
"iam:DeactivateMFADevice"
],
"Resource": "arn:aws:iam::*:user/${aws:username}"
},
{
"Effect": "Allow",
"Action": "iam:DeleteVirtualMFADevice",
"Resource": "arn:aws:iam::*:mfa/${aws:username}",
"Condition": {
"BoolIfExists": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}
This policy will allow users to create and list MFA devices and tags, enable and deactivate their own MFA devices, and delete their own virtual MFA devices if MFA is enabled.
Contenus pertinents
- demandé il y a 2 mois
- demandé il y a 7 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
Why don't you post what you think should work, and what goes wrong? Then we can suggest adjustments.