2 Respostas
- Mais recentes
- Mais votos
- Mais comentários
1
You can use the concept of a Token Vending Machine (see here to create dynamic policies for users when you federate it.
For the EC2 Role, see examples here: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html
respondido há 2 anos
0
I was trying to set this up using Google Workspace, so pretty similar. I was hoping that setting a policy either in IAM Identity Center or directly on the secret if needed, using aws:PrincipalTag with a custom SAML attribute would do the trick. So far zero success, because of lack of knowledge I suppose. The solution of TVM is grossly overkill for my use case, is it the only way?
respondido há 7 meses
Conteúdo relevante
- AWS OFICIALAtualizada há 3 anos
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos