As described in the documentation both AttachThingPrincipal and DetachThingPricipal accept only the wildcard
* as resource.
You can verify the same by creating an new Policy in the IAM console including the above mentioned actions.
However, you can restrict the policy to a specific region using the
aws;RequestedRegion condition key. This workshop explains how to use it in a policy: https://www.wellarchitectedlabs.com/cost/200_labs/200_2_cost_and_usage_governance/2_ec2_restrict_region/
Similarly you can restrict access to only resources in an account by using
aws:ResourceAccount global condition key
- asked 2 months ago
- Accepted Answerasked 4 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- EXPERTpublished 10 months ago