使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

Admin access exception of domain delete, transfer and closure of AWS account

0

Will like to check how to grant an admin access without the authorization of

  1. Domain delete or transfer
  2. delete of AWS account

Pls assist urgency

主题
安全、身份和合规性
标签
AWS 身份和访问权限管理
语言
English
incomecare
已提问 2 个月前134 查看次数
3 回答
0
已接受的回答

Hello.

The following policy denies domain transfer actions and hosted zone deletion.
All other actions are allowed.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53domains.html
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53.html

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": "*",
          "Resource": "*"
      },
      {
          "Effect": "Deny",
          "Action": [
              "route53domains:AcceptDomainTransferFromAnotherAwsAccount",
              "route53domains:CancelDomainTransferToAnotherAwsAccount",
              "route53domains:CheckDomainTransferability",
              "route53domains:DisableDomainTransferLock",
              "route53domains:EnableDomainTransferLock",
              "route53domains:RejectDomainTransferFromAnotherAwsAccount",
              "route53domains:TransferDomain",
              "route53domains:TransferDomainToAnotherAwsAccount",
              "route53:DeleteHostedZone"
          ],
          "Resource": "*"
      }
  ]
}

IAM users cannot cancel their AWS accounts, so No. 2 does not require any action if you are an IAM user.
https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-closing.html#close-account-procedure

Sign in to the AWS Management Console as the root user in the AWS account that you want to close. You can't close an account while signed in as an IAM user or role.

profile picture
专家
Riku_Kobayashi
已回答 2 个月前
profile picture
专家
Steve_M
已审核 2 个月前
0

Choose which option in aws to set this at user??

}, { "Effect": "Deny", "Action": [ "route53domains:AcceptDomainTransferFromAnotherAwsAccount", "route53domains:CancelDomainTransferToAnotherAwsAccount", "route53domains:CheckDomainTransferability", "route53domains:DisableDomainTransferLock", "route53domains:EnableDomainTransferLock", "route53domains:RejectDomainTransferFromAnotherAwsAccount", "route53domains:TransferDomain", "route53domains:TransferDomainToAnotherAwsAccount", "route53:DeleteHostedZone" ], "Resource": "*"

incomecare
已回答 2 个月前
0

I try route53:DeleteDomain , for "deny of delete domain". It show an error.

What is the right code for json to deny of delete domain ??

incomecare
已回答 2 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容