AWS IAM Roles with additive permissions?

0

We'd have an IAM role that allows users to view specific operational cloudwatch logs with sensitive information.

This works, but since the role only grants access to the logs, the user cant perform other tasks while they have assumed the role.

Is there a way to make a role additive, i.e. it grants access to view cloudwatch logs, AND have all the permissions the user has through their groups?

feita há um ano229 visualizações
1 Resposta
0

Afraid that this is the limitation of assuming roles. You’d have to build a role with all the permissions required via a combination of multiple or a singular policy.

profile picture
ESPECIALISTA
respondido há um ano

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas