AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Isolate access to lambda, buckets & DynamoDB tables based on names

0

Hi, I need to provide access to 2 sets of users to 2 sets of lambdas, S3 buckets, DynamoDB tables within the same region and account. i.e. Within the us-east-1, i have 2 sets of users and have 2 sets of lambda, s3 buckets & DynamoDB tables which are named differently - one set has names starting with xx-aa.... and another set has names starting with xx-bb.... I was checking on how to configure 2 IAM roles based on resource ARNs. But according to https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html the following ARNs are not used - arn:aws:s3::123456789012:xx-aa* arn:aws:s3::123456789012:xx-bb*

Please let me know how I can create a IAM role to isolate the 2 sets of users to their respective set of lambdas, buckets and DynamoDB tables based on the names.

Thanks in advance.

주제
보안, 신원 및 규정 준수
태그
AWS 자격 증명 및 액세스 관리IAM 정책
언어
English
Ed
질문됨 10달 전209회 조회
1개 답변
0

Hi Thanks for your answer Based on the IAM Condition Keys, one way to achieve this is to have an iam:ResourceTag and match it with the tag of each resource. But there does not seem to be a way to match the resource name or ARN. Please clarify if that is what you meant.

Thanks again.

Ed
답변함 10달 전
  • Andrew Langford
    10달 전

    Hello, deleted the original answer as I misread your original question. Can you elaborate a little more on what you are attempting to achieve? is there a reason you wouldn't want to be explicit when adding the ARNs to your policy rather than using a wild card?

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠