Hi,
I need to provide access to 2 sets of users to 2 sets of lambdas, S3 buckets, DynamoDB tables within the same region and account.
i.e. Within the us-east-1, i have 2 sets of users and have 2 sets of lambda, s3 buckets & DynamoDB tables which are named differently - one set has names starting with xx-aa.... and another set has names starting with xx-bb....
I was checking on how to configure 2 IAM roles based on resource ARNs. But according to https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html the following ARNs are not used -
arn:aws:s3::123456789012:xx-aa*
arn:aws:s3::123456789012:xx-bb*
Please let me know how I can create a IAM role to isolate the 2 sets of users to their respective set of lambdas, buckets and DynamoDB tables based on the names.
Thanks in advance.
Hello, deleted the original answer as I misread your original question. Can you elaborate a little more on what you are attempting to achieve? is there a reason you wouldn't want to be explicit when adding the ARNs to your policy rather than using a wild card?