AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約
AWS re:Postre:Post

Cloudwatchfullaccessv2

0

As cloudwatchfullaccess policy is deprecating we have two usergroups attached for this policy and no iam roles, iam users were attached. Can I directly go ahead and detach this policy and attach cloudwatchfullaccessv2 to these user groups? How can I do testing to make sure this new policy is working fine?

トピック
セキュリティ、アイデンティティ、コンプライアンス
タグ
AWS Identity and Access Management
言語
English
AWSquery
質問済み 7ヶ月前346ビュー
1回答
0

Hello.

I checked the IAM policy diff.
As you can see from the results below, it seems that "autoscaling:Describe*" and "sns:*" are restricted.
Since I had full access to SNS, I think that if I set it to "CloudWatchFullAccessV2", I would not be able to delete anything.
With AutoScaling, "DescribeLifecycleHooks" is removed, so you will no longer be able to see the lifecycle settings from the screen.

diff CloudWatchFullAccess.json CloudWatchFullAccessV2.json
4a5
>             "Sid": "CloudWatchFullAccessPermissions",
7c8,10
<                 "autoscaling:Describe*",
---
>                 "application-autoscaling:DescribeScalingPolicies",
>                 "autoscaling:DescribeAutoScalingGroups",
>                 "autoscaling:DescribePolicies",
10c13,17
<                 "sns:*",
---
>                 "sns:CreateTopic",
>                 "sns:ListSubscriptions",
>                 "sns:ListSubscriptionsByTopic",
>                 "sns:ListTopics",
>                 "sns:Subscribe",
18a26
>             "Sid": "EventsServicePermissions",
28a37
>             "Sid": "OAMReadPermissions",
profile picture
エキスパート
Riku_Kobayashi
回答済み 7ヶ月前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ