1 個回答
- 最新
- 最多得票
- 最多評論
0
Hello there! I understand that it is not possible to use wildcard like arn:aws:sts::000000000000:assumed-role/event-service/* or "arn:aws:iam::000000000000:role/event-service/*" in the principal section of the role trust policy.
Instead , you can make the use of AWS global conditions :userid1 as below:
{ "Sid": "Statement1", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::{Account}:root" }, "Action": "sts:AssumeRole", "Condition": { "StringLike": { "aws:userid ": "role-id:caller-specified-role-name" } } }
Here, userid is role-id:caller-specified-role-name 2
You can get the value of role-id using: A)role-id=aws iam get-role --role-name <ROLE-NAME>3 B)You can set the caller-specified-role-name value as *
相關內容
- 已提問 6 個月前
- AWS 官方已更新 2 年前