Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Deny access of read for i am user for instance attribute user data

0

i have an requirement that i want to hide instance user data from any user, like I don't want to allow any iam user/role to read what my instance user data has, I did tried to deny DescribeInstanceAttribute with condition for attribute "UserData"but that didn't worked. i just want to know is it possible to hide this specific instance attribute "userData" from user?

Argomenti
Sicurezza, identità e conformitàComputazionali
Tag
Sicurezza, identità e conformitàAmazon EC2Politiche IAM
Lingua
English
rePost-User-9257957
posta un anno fa254 visualizzazioni
1 Risposta
1

It certainly seemed difficult to narrow it down with the condition key. https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions

It's not a radical solution, but why not store the contents of UserData in S3 and control browsing within S3?

I thought it would be good to unify the EC2 user data by getting, unpacking, and executing the UserData object in S3.

profile picture
takakuni
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente