1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
2 Issues. You were missing a Resource and also you do not specify a Principal on an IAM policy. Principals are only used on resource policies. Confirm the Resource you’re happy with * and this is valid.
However you don’t need the conditions imho as the policy is attached to a role in the same account. There may be some confusion here with IAM policy and a Resource policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "(accountId)"
},
"ArnEquals": {
"aws:SourceArn": "arn:aws:healthlake:(region):(accountId):datastore/fhir/(datastoreId)"
}
}
}
]
}
You may need to create a service role and configure the Trust for healthlake.amazonaws.com and attach the policy above.
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 7 mesi fa