1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
1
According the documentation, IAM Identities (users, user groups, and roles), this is not possible.
A user group cannot be identified as a Principal in a resource-based policy.
The role trust policy is a resource-based policy.
You can achieve something similar using a condition in the trust policy that compares the tag on the role to the tag on the user.
"Condition": {
"StringEquals": {"aws:ResourceTag/project": "${aws:PrincipalTag/project}"}
}
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 mesi fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 2 anni fa
Thank you, for the ones who have the same problem, there is a work - around, you can just define multiple users in the role trust policy, adding
"AWS": ["user","user2"]
in the policy. Very strange why AWS would not make it possible to do the same with groups tho.