1 Answer
- Newest
- Most votes
- Most comments
0
【以下的回答经过翻译处理】 根据文档IAM身份(用户、用户组和角色),这是不可能的。
A user group cannot be identified as a Principal in a resource-based policy.
角色信任策略是一种基于资源的策略。 您可以使用信任策略中的条件,将角色标签与用户标签进行比较,从而实现类似的功能。
"Condition": {
"StringEquals": {"aws:ResourceTag/project": "${aws:PrincipalTag/project}"}
}
Relevant content
- asked a year ago
- Accepted Answerasked 10 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 years ago