1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Hello.
I checked the IAM policy diff.
As you can see from the results below, it seems that "autoscaling:Describe*" and "sns:*" are restricted.
Since I had full access to SNS, I think that if I set it to "CloudWatchFullAccessV2", I would not be able to delete anything.
With AutoScaling, "DescribeLifecycleHooks" is removed, so you will no longer be able to see the lifecycle settings from the screen.
diff CloudWatchFullAccess.json CloudWatchFullAccessV2.json
4a5
> "Sid": "CloudWatchFullAccessPermissions",
7c8,10
< "autoscaling:Describe*",
---
> "application-autoscaling:DescribeScalingPolicies",
> "autoscaling:DescribeAutoScalingGroups",
> "autoscaling:DescribePolicies",
10c13,17
< "sns:*",
---
> "sns:CreateTopic",
> "sns:ListSubscriptions",
> "sns:ListSubscriptionsByTopic",
> "sns:ListTopics",
> "sns:Subscribe",
18a26
> "Sid": "EventsServicePermissions",
28a37
> "Sid": "OAMReadPermissions",
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 3 anni fa
- Come posso risolvere gli errori relativi alle autorizzazioni sulle risorse AWS in Amazon QuickSight?AWS UFFICIALEAggiornata 2 anni fa