By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

[Amazon Verified Permissions] Can't change "==" to "in" within policy template

0

In Amazon Verified Permissions I have a policy template that contains this: "principal == ?principal"

I want to change it to this: "principal in ?principal"

Seems like I should be allowed to do this, but when I try to make the change it does not allow it and returns: "Template principal cannot change during update."

Is there any way to change the operator in my template policy?

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
Amazon Verified Permissions
Language
English
rePost-User-2323567
asked 3 months ago128 views
1 Answer
0

There isn't currently a way to change this. It's not explicit on the Editing policy templates page, but as of 10-MAR-2024 Editing Amazon Verified Permissions static policies calls out "principal referenced by a static policy" as something that can't change.

You can't change these elements of a static policy:

  • Changing a policy from a static policy to a template-linked policy.
  • Changing the effect of a static policy from permit or forbid.
  • The principal referenced by a static policy.
  • The resource referenced by a static policy.

Verified Permissions can use principal as part of PolicyFilter and these is some backend indexing to support this. You are correct is is not clear that switching from == to in changes the principal. I'll submit documentation feedback on this topic.

profile pictureAWS
hakanson
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content