Hey guys,
My question might be funky but it has a real purpose on our end.
I'm trying to create an IAM profile that allow another user to create IAM profile but only for specific kind of resource. I will take the example of SQS service.
We need a news SQS and for that, we will trigger a new deployment on our deployment tool. Our deployment tool must have limited access to avoid any troubles, so that deployment tool needs to have a profile that allow the creation of an SQS, a user and an IAM profile that will allow that user to use that SQS.
The deployment tool should only be able to create an IAM profile that interact with SQS, nothing else. Is this even possible ? I have been able to allow a user to create IAM profile but for any type of service, which is not what I'm looking for
Thank you in advance for you help.
Regards,
Vincent
AWS 官方已更新 3 年前
Hey Greg,
Despite reading the documentation, I still don't see how to create that policy.
Creating the policy to allow the user to create a policy is fine but how to allow that user to create policies that only set permissions for SQS ? Because it's 2 separated item no ?
Regards,
Vincent