1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hi,
I understand that you want to write a resource policy to give least privilege policy to federated users.
Creating IAM Policies that grant least privilege is one of the best security practices[1] to create IAM role refer[2]. You can view the condition operators for Amazon Resource Name (ARN) on attached document[3]. The condition operator that you can use in a policy depends on the condition key you choose.
Please see the attached document [4] for reference identifiers.
I hope this helps
Resources:-
[1] https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege
[2] https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html
[4] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
답변함 2년 전
관련 콘텐츠
- AWS 공식업데이트됨 일 년 전
thanks @Asisipho, I guess the problem here is that the policy will end up looking like this. With 50 odd users to add to the condition will make it tedious exercise.
Is there any other/better way to address OP's question. I am also looking for something similar.