使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Cloudwatchfullaccessv2

0

As cloudwatchfullaccess policy is deprecating we have two usergroups attached for this policy and no iam roles, iam users were attached. Can I directly go ahead and detach this policy and attach cloudwatchfullaccessv2 to these user groups? How can I do testing to make sure this new policy is working fine?

主題
安全性、身分識別與合規
標籤
AWS Identity and Access Management
語言
English
AWSquery
已提問 7 個月前檢視次數 334 次
1 個回答
0

Hello.

I checked the IAM policy diff.
As you can see from the results below, it seems that "autoscaling:Describe*" and "sns:*" are restricted.
Since I had full access to SNS, I think that if I set it to "CloudWatchFullAccessV2", I would not be able to delete anything.
With AutoScaling, "DescribeLifecycleHooks" is removed, so you will no longer be able to see the lifecycle settings from the screen.

diff CloudWatchFullAccess.json CloudWatchFullAccessV2.json
4a5
>             "Sid": "CloudWatchFullAccessPermissions",
7c8,10
<                 "autoscaling:Describe*",
---
>                 "application-autoscaling:DescribeScalingPolicies",
>                 "autoscaling:DescribeAutoScalingGroups",
>                 "autoscaling:DescribePolicies",
10c13,17
<                 "sns:*",
---
>                 "sns:CreateTopic",
>                 "sns:ListSubscriptions",
>                 "sns:ListSubscriptionsByTopic",
>                 "sns:ListTopics",
>                 "sns:Subscribe",
18a26
>             "Sid": "EventsServicePermissions",
28a37
>             "Sid": "OAMReadPermissions",
profile picture
專家
Riku_Kobayashi
已回答 7 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容