1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hello.
I checked the IAM policy diff.
As you can see from the results below, it seems that "autoscaling:Describe*" and "sns:*" are restricted.
Since I had full access to SNS, I think that if I set it to "CloudWatchFullAccessV2", I would not be able to delete anything.
With AutoScaling, "DescribeLifecycleHooks" is removed, so you will no longer be able to see the lifecycle settings from the screen.
diff CloudWatchFullAccess.json CloudWatchFullAccessV2.json
4a5
> "Sid": "CloudWatchFullAccessPermissions",
7c8,10
< "autoscaling:Describe*",
---
> "application-autoscaling:DescribeScalingPolicies",
> "autoscaling:DescribeAutoScalingGroups",
> "autoscaling:DescribePolicies",
10c13,17
< "sns:*",
---
> "sns:CreateTopic",
> "sns:ListSubscriptions",
> "sns:ListSubscriptionsByTopic",
> "sns:ListTopics",
> "sns:Subscribe",
18a26
> "Sid": "EventsServicePermissions",
28a37
> "Sid": "OAMReadPermissions",
관련 콘텐츠
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전