1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
ABAC in AWS is implemented using tags on service resources and IAM principals and then referencing these tags in conditions in IAM policies. You can find services that support ABAC here: AWS services that work with IAM. From this doc:
ABAC (authorization based on tags) – To control access based on tags, you provide tag information in the condition element of a policy using the aws:ResourceTag/key-name, aws:RequestTag/key-name, or aws:TagKeys condition keys. If a service supports all three condition keys for every resource type, then the value is Yes for the service. If a service supports all three condition keys for only some resource types, then the value is Partial.
IAM tutorial: Define permissions to access AWS resources based on tags