1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Hi,
I understand that you want to write a resource policy to give least privilege policy to federated users.
Creating IAM Policies that grant least privilege is one of the best security practices[1] to create IAM role refer[2]. You can view the condition operators for Amazon Resource Name (ARN) on attached document[3]. The condition operator that you can use in a policy depends on the condition key you choose.
Please see the attached document [4] for reference identifiers.
I hope this helps
Resources:-
[1] https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege
[2] https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html
[4] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
con risposta 2 anni fa
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
thanks @Asisipho, I guess the problem here is that the policy will end up looking like this. With 50 odd users to add to the condition will make it tedious exercise.
Is there any other/better way to address OP's question. I am also looking for something similar.