1 Answer
- Newest
- Most votes
- Most comments
0
ABAC in AWS is implemented using tags on service resources and IAM principals and then referencing these tags in conditions in IAM policies. You can find services that support ABAC here: AWS services that work with IAM. From this doc:
ABAC (authorization based on tags) – To control access based on tags, you provide tag information in the condition element of a policy using the aws:ResourceTag/key-name, aws:RequestTag/key-name, or aws:TagKeys condition keys. If a service supports all three condition keys for every resource type, then the value is Yes for the service. If a service supports all three condition keys for only some resource types, then the value is Partial.
IAM tutorial: Define permissions to access AWS resources based on tags
Relevant content
- asked 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago