1 Answer
- Newest
- Most votes
- Most comments
0
The IAM docs have a decent walkthrough involving ABAC that meets your use-case. It leverages a single policy that is applied to multiple principals which have tags that define their access level and provides condition access only when the tags applied to the principal (user or role) match with tags associated with the resource (or passed in the request to create/modify) the resource. The caveat being that you must plan out your tagging strategy and apply tags to your resources and principals that can be evaluated during authorization.
Step 2 of the following tutorial shows an example of a policy that may be helpful for you. https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
Relevant content
- asked 9 months ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- What's the difference between Lambda function execution role permissions and invocation permissions?AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago