1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
The "Principal" in this context is the AWS Lambda execution role. This role determines what actions the Lambda function can perform on AWS resources. The ${aws:PrincipalTag/home}
condition means the Lambda can only access specific DynamoDB items if the execution role has a matching home
tag value. This setup provides targeted access control based on the execution role's tags. If your Lambda execution role doesn't have that tag it will be denied.
Resources:
関連するコンテンツ
- AWS公式更新しました 2年前