En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Need to restrict IAM user

1

We have production and UAT environment in same AWS account now my requirement is to restrict IAM user A can manage all activities related to only UAT instances like an admin access and same way IAM user B can manage Production instances only. Is it possible within same AWS account?

Sujets
Sécurité, identité et conformitéGestion et gouvernance
Balises
Sécurité, identité et conformitéGestion des identités et des accès AWSAWS Account ManagementPolitiques IAM
Langue
English
AWS-User-6176623
demandé il y a 2 ans326 vues
2 réponses
1

You should check the Attribute-Based Access Control (ABAC) model. This approach works with resource tags and IAM principal tags to determine who has access to what. This blog post shows an example that uses AWS Systems Manager (SSM) to access EC2 instances based on this approach. In that blog post, the author relies on AWS IAM Identity Center (successor to AWS SSO), but you can apply the same principle to IAM users/roles.

profile pictureAWS
EXPERT
Tasio
répondu il y a 2 ans
0

Hello,

This can be done using the tags an attribute based access policy. You can attach tags to IAM resources, including IAM entities (users or roles) and to AWS resources. You can define policies that use tag condition keys to grant permissions to your principals based on their tags. For more information, please have a look at the below link:

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html

profile pictureAWS
Gautam Kumar
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents