1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
Instead of granting these powerful IAM permissions why don't you manually create the IAM Role that will be used by the Firehose and then select that role in the AWS Console during creation. https://docs.aws.amazon.com/ses/latest/dg/event-publishing-kinesis-analytics-firehose-stream.html
You can refer to this page in in the documentation when determining which permissions should be included in your IAM Role. https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html
I hope this helps you!
That implies that the user has permission to create any kind of IAM roles/policies. The point here is that he should be restricted to doing only what is absolutely necessary
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 7 Monaten
- AWS OFFICIALAktualisiert vor 7 Monaten
- AWS OFFICIALAktualisiert vor 3 Jahren
Hi, side note: you should obfuscate your account number in the quote above.