1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
Unfortunately, Systems Manager does not seem to allow a Document to be specified for the Condition Key.
How about the following IAM policy?
SessionDocumentAccessCheck can be used to enforce the use of AWS-StartSSHSession.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": [
"ssm:*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ssm:StartSession",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ssm:*:*:document/AWS-StartSSHSession"
],
"Condition": {
"BoolIfExists": {
"ssm:SessionDocumentAccessCheck": "true"
}
}
}
]
}
répondu il y a 2 ans
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
Works as i wanted, thank you very much.