Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Admin access exception of domain delete, transfer and closure of AWS account

0

Will like to check how to grant an admin access without the authorization of

  1. Domain delete or transfer
  2. delete of AWS account

Pls assist urgency

Argomenti
Sicurezza, identità e conformità
Tag
Gestione identità e accesso AWS
Lingua
English
incomecare
posta 2 mesi fa135 visualizzazioni
3 Risposte
0
Risposta accettata

Hello.

The following policy denies domain transfer actions and hosted zone deletion.
All other actions are allowed.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53domains.html
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53.html

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": "*",
          "Resource": "*"
      },
      {
          "Effect": "Deny",
          "Action": [
              "route53domains:AcceptDomainTransferFromAnotherAwsAccount",
              "route53domains:CancelDomainTransferToAnotherAwsAccount",
              "route53domains:CheckDomainTransferability",
              "route53domains:DisableDomainTransferLock",
              "route53domains:EnableDomainTransferLock",
              "route53domains:RejectDomainTransferFromAnotherAwsAccount",
              "route53domains:TransferDomain",
              "route53domains:TransferDomainToAnotherAwsAccount",
              "route53:DeleteHostedZone"
          ],
          "Resource": "*"
      }
  ]
}

IAM users cannot cancel their AWS accounts, so No. 2 does not require any action if you are an IAM user.
https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-closing.html#close-account-procedure

Sign in to the AWS Management Console as the root user in the AWS account that you want to close. You can't close an account while signed in as an IAM user or role.

profile picture
ESPERTO
Riku_Kobayashi
con risposta 2 mesi fa
profile picture
ESPERTO
Steve_M
verificato 2 mesi fa
0

Choose which option in aws to set this at user??

}, { "Effect": "Deny", "Action": [ "route53domains:AcceptDomainTransferFromAnotherAwsAccount", "route53domains:CancelDomainTransferToAnotherAwsAccount", "route53domains:CheckDomainTransferability", "route53domains:DisableDomainTransferLock", "route53domains:EnableDomainTransferLock", "route53domains:RejectDomainTransferFromAnotherAwsAccount", "route53domains:TransferDomain", "route53domains:TransferDomainToAnotherAwsAccount", "route53:DeleteHostedZone" ], "Resource": "*"

incomecare
con risposta 2 mesi fa
0

I try route53:DeleteDomain , for "deny of delete domain". It show an error.

What is the right code for json to deny of delete domain ??

incomecare
con risposta 2 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente