2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
I could be wrong but, if you write a permission boundary with a DENY statement to block the one thing you don’t want that user/role to do, you would still need an ALLOW * statement or they can’t do anything.
0
The actions for
sso:CreatePermissionSet
and
sso:CreateAccountAssignmentare
separate actions and don't have a permission boundary property since the Permission Boundary attachment is a separate action:
PutPermissionBoundaryToPermissionSet
i have checked the IAM policies and its current landscape. iam:PermissionsBoundary does not impact anything on the overall effects and actions in cases sso: related activities
con risposta un anno fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 mesi fa
- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata 2 anni fa