- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hello.
The following policy denies domain transfer actions and hosted zone deletion.
All other actions are allowed.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53domains.html
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53.html
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": [
"route53domains:AcceptDomainTransferFromAnotherAwsAccount",
"route53domains:CancelDomainTransferToAnotherAwsAccount",
"route53domains:CheckDomainTransferability",
"route53domains:DisableDomainTransferLock",
"route53domains:EnableDomainTransferLock",
"route53domains:RejectDomainTransferFromAnotherAwsAccount",
"route53domains:TransferDomain",
"route53domains:TransferDomainToAnotherAwsAccount",
"route53:DeleteHostedZone"
],
"Resource": "*"
}
]
}
IAM users cannot cancel their AWS accounts, so No. 2 does not require any action if you are an IAM user.
https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-closing.html#close-account-procedure
Sign in to the AWS Management Console as the root user in the AWS account that you want to close. You can't close an account while signed in as an IAM user or role.
Choose which option in aws to set this at user??
}, { "Effect": "Deny", "Action": [ "route53domains:AcceptDomainTransferFromAnotherAwsAccount", "route53domains:CancelDomainTransferToAnotherAwsAccount", "route53domains:CheckDomainTransferability", "route53domains:DisableDomainTransferLock", "route53domains:EnableDomainTransferLock", "route53domains:RejectDomainTransferFromAnotherAwsAccount", "route53domains:TransferDomain", "route53domains:TransferDomainToAnotherAwsAccount", "route53:DeleteHostedZone" ], "Resource": "*"
I try route53:DeleteDomain , for "deny of delete domain". It show an error.
What is the right code for json to deny of delete domain ??
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
You can create an IAM policy by selecting and pasting "JSON" as shown below. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html
Added "DeleteDomain". https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53domains.html