使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

How to group IAM policies/roles?

1

I need 3 AWS IAM roles, one per environment. All of these roles have a few common policies, plus one custom per-environment policy. Is there a smart way to configure it (like group or hierarchy) instead of using this:

  • Role1=Policy1+Policy2+Policy3+CustomPolicy1
  • Role2=Policy1+Policy2+Policy3+CustomPolicy2
  • Role3=Policy1+Policy2+Policy3+CustomPolicy3 I.e. is there a way to group (Policy1+Policy2+Policy3)?

TIA, Vitaly

主題
安全性、身分識別與合規
標籤
IAM 政策
語言
English
vitaly_il
已提問 1 年前檢視次數 283 次
1 個回答
1

Hello Vitaly,

You can merge the Policy1+Policy2+Policy3 to a single larger policy. The larger policy needs to be deployed in all the environment along with the custom policy. However, Please keep in mind the complexity after merge as it can become an overhead later if need to troubleshoot any issues.

Thanks, Gautam

profile pictureAWS
Gautam Kumar
已回答 1 年前
  • vitaly_il
    1 年前

    Gautam, thank you! But agree with you - it's not elegant.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容