Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Can I use IAM condition keys for iam:*ServiceSpecificCredential to only allow creation of CodeCommit credentials?

1

I am looking to allow people to create service specific credentials but want to restrict them to only being able to create credentials for the CodeCommit service. I see the "Resource": "arn:aws:iam::*:user/${aws:username}" restriction in many of the example policies, and in the sample response I see the <ServiceName> constraint in the JSON return. What I can't find though is if there's a way in the IAM policy granting permission to restrict authorization to just allowing CodeCommit credentials, as opposed to Amazon Keyspaces.

Is there a condition available to restrict this access? Thank you.

Argomenti
Strumenti per sviluppatoriSicurezza, identità e conformità
Tag
AWS CodeCommitGestione identità e accesso AWSPolitiche IAM
Lingua
English
mikewest82
posta un anno fa228 visualizzazioni
1 Risposta
0

Unfortunately the documentation doesn't list any Conditions supported by that API method, which suggests you cannot limit it to just CodeCommit credentials (and not Keyspaces).

Depending on if you actually use Keyspaces, could you potentially deny the users access to Keyspaces in the same policy, so that any created credentials would be useless?

profile picture
rowanu
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente