1 個回答
- 最新
- 最多得票
- 最多評論
0
Hello.
I checked the IAM policy diff.
As you can see from the results below, it seems that "autoscaling:Describe*" and "sns:*" are restricted.
Since I had full access to SNS, I think that if I set it to "CloudWatchFullAccessV2", I would not be able to delete anything.
With AutoScaling, "DescribeLifecycleHooks" is removed, so you will no longer be able to see the lifecycle settings from the screen.
diff CloudWatchFullAccess.json CloudWatchFullAccessV2.json
4a5
> "Sid": "CloudWatchFullAccessPermissions",
7c8,10
< "autoscaling:Describe*",
---
> "application-autoscaling:DescribeScalingPolicies",
> "autoscaling:DescribeAutoScalingGroups",
> "autoscaling:DescribePolicies",
10c13,17
< "sns:*",
---
> "sns:CreateTopic",
> "sns:ListSubscriptions",
> "sns:ListSubscriptionsByTopic",
> "sns:ListTopics",
> "sns:Subscribe",
18a26
> "Sid": "EventsServicePermissions",
28a37
> "Sid": "OAMReadPermissions",
相關內容
- 已提問 1 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前