1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
Hello.
I think the policy would probably be something like this:
When you look at the document table for "iot:CreateKeysAndCertificate", the resource is blank, so you cannot set anything other than "*".
"iot:CreatePolicyVersion" allows you to specify "aws:ResourceTag" when the resource is "policy*", so I thought it would be as follows.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html
{
"Version": "20212-10-17",
"Statement": [
{
"Sid": "IOTPermissions",
"Effect": "Allow",
"Action": [
"iot:CreateKeysAndCertificate"
],
"Resource": "*"
},
{
"Sid": "test",
"Effect": "Allow",
"Action": [
"iot:CreatePolicyVersion"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Department": "FinanceTeam"
}
}
}
]
}
Contenus pertinents
- demandé il y a 5 mois
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans