Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

IAM Policy Conditions

0

Hi,

Just like to know in general, does IAM allow conditions where the value is a concatenation of > 1 variable? Eg. Specifically:

"Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "${www.amazon.com:user_id}${aws:PrincipalTag/myCustomTag}" ]

The above is for DynamoDB, but in general is concatenation allowed?

Thank you

Topics
DatabaseSecurity, Identity, & Compliance
Tags
IAM PoliciesAmazon DynamoDB
Language
English
asked 4 years ago756 views
1 Answer
0

Thank you for your reply. Further to your question, since the IAM policies are just a matching mechanism, all I was interested was whether IAM allows substitutions of more than 1 variable in a conditional evaluation. What I had there was just an example: "${www.amazon.com:user_id}${aws:PrincipalTag/myCustomTag}". So if www.amazon.com:user_id="JOHN", and aws:PrincipalTag/myCustomTag="NEW YORK", will IAM concatenate this to "JOHNNEW WORK" and evaluate this?

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content