Resource Based Policy

0

Hi Team,

I transferred a snapshot of database from AWS account A to Account B which is encrypted by kms. Now the encrypted snapshot is in account B's s3 bucket and I wanted to create Glue tables using Crawler in account B.

The KMS key is in AWS account A. I gave KMS decrypt permission on account A KMS key to the glue crawler IAM role in account B but did not give any resource based policy in account A . Now the crawler is able to create Glue tables in account B.

How is this possible when I did not give any resource based policy in account A?

主题

安全、身份和合规性分析

标签

AWS 智能钥匙管理服务 AWS Glue IAM 策略

语言

English

Dipesh Chaudhary

已提问 6 个月前145 查看次数

1 回答

最新
投票最多
评论最多

这些答案有用吗？为正确答案投票，以帮助社区从您的知识中受益。

0

"*Now the encrypted snapshot is in account B", inside the same account if a role has s3 read permission and the bucket doesn't have a explicitly policy, by default you have access.

专家

Gonzalo Herreros

已回答 6 个月前

相关内容

Claude 3 Sonnet - Your account is not authorized to invoke this API operation.
Raylen
已提问 1 个月前
如何为流量镜像配置 VPC 路由表达成同时送往两个不同的目标于不同 AWS Account ?
专家
rePost Polyglot
已提问 5 个月前
c5a.2xlarge服务器带宽。
专家
rePost Polyglot
已提问 1 个月前
The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access (Query Id: b2c74c7e-21ed-4375-8712-cd1579eab9a7)
专家
rePost Polyglot
已提问 5 个月前
当我尝试删除 Amazon EBS 快照时，为什么收到了“The snapshot is currently in use by an AMI”错误？
AWS 官方已更新 4 个月前
为什么我尝试加入组织时，会收到错误：“You can only join an organization whose Seller of Record is same as your account”？
AWS 官方已更新 2 年前
如何解决 Lambda 中的“The final policy size is bigger than the limit”错误？
AWS 官方已更新 2 年前
为什么当我尝试重新创建存储桶时，会从 Amazon S3 收到 "A conflicting conditional operation is currently in progress against this resource"（当前正在对此资源进行冲突的条件操作）错误？
AWS 官方已更新 2 年前
保留不健康的 Auto Scaling 实例 -- 分离不健康的 ASG 实例而不是终止
支持工程师
Tim
已发布 7 天前
通过自定义终止策略，让AWS自动伸缩组（ASG）始终终止最旧的实例
支持工程师
Tim
已发布 7 天前