1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
2
The AppStream 2.0 console doesn't currently support restricting what a user can see based on tags or other resource boundary. For example, the Stacks page calls the AppStream 2.0 API "DescribeStacks" without specifying any boundaries or tags. You can use tags to prevent a user from updating an AppStream 2.0 resource without specify a specific tag - for example, if a user/role should only be able to modify resources with a tag key of "Stage" and value of "NonProd", you can specify that as a condition.
Contenuto pertinente
AWS UFFICIALEAggiornata un anno fa
thanks for your answer MuraliAtAWS. So a policy with these controls (see example) is not possible?
"Resource": [ "arn:aws:appstream:eu-central-1:123.....:image-builder/imagebuilder01" "arn:aws:appstream:eu-central-1:123.....:stack/stack01", "arn:aws:appstream:eu-central-1:123.....:app-block/", "arn:aws:appstream:eu-central-1:123.....:fleet/fleet1", "arn:aws:appstream:eu-central-1:123.....:application/", "arn:aws:appstream:eu-central-1:123.....:image/image01" ], "Condition": { "StringEqualsIfExists": { "aws:username": "user01" } }