- Newest
- Most votes
- Most comments
You should check the Attribute-Based Access Control (ABAC) model. This approach works with resource tags and IAM principal tags to determine who has access to what. This blog post shows an example that uses AWS Systems Manager (SSM) to access EC2 instances based on this approach. In that blog post, the author relies on AWS IAM Identity Center (successor to AWS SSO), but you can apply the same principle to IAM users/roles.
Hello,
This can be done using the tags an attribute based access policy. You can attach tags to IAM resources, including IAM entities (users or roles) and to AWS resources. You can define policies that use tag condition keys to grant permissions to your principals based on their tags. For more information, please have a look at the below link:
https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
Relevant content
- asked 2 months ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 2 years ago