2 Antworten
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
Answer shortly yes :)
You can create an IAM policy that grants specific temporary permissions to a user or role allowing them to send an SMS with restricted parameters.
Aws pinpoint example
{
"Version": "2023-03-26",
"Statement": [
{
"Effect": "Allow",
"Action": "mobiletargeting:SendMessages",
"Resource": "*",
"Condition": {
"StringEquals": {
"mobiletargeting:channels": "SMS"
},
"StringLike": {
"mobiletargeting:originationNumber": "SENDER_ID",
"mobiletargeting:messageBody": "APPROVED_TEMPLATE*"
}
}
}
]
}
Aws sns example
IAM policy - since sns does not support policy templates attach this one to the user
{
"Version": "2023-03-26",
"Statement": [
{
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "*",
"Condition": {
"StringLike": {
"sns:Message": "APPROVED_TEMPLATE*",
"sns:SenderID": "SENDER_ID"
}
}
}
]
}
0
IAM policy for AWS Pinpoint with the correct condition keys and version:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "mobiletargeting:SendMessages",
"Resource": "*",
"Condition": {
"ForAllValues:StringEquals": {
"aws:RequestTag/sms_channel": "true"
},
"StringLike": {
"aws:RequestTag/origination_number": "SENDER_ID",
"aws:RequestTag/message_body": "APPROVED_TEMPLATE*"
}
}
}
]
}
As far as I'm aware, the aws:RequestTag is used to specify that a certain tag must be attached to a resource while creating/updating it. It's not used for the SendMessages action at all. Check out: https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonpinpoint.html
Relevanter Inhalt
AWS OFFICIALAktualisiert vor 2 Jahren- AWS OFFICIALAktualisiert vor 2 Jahren
Hi! Thanks for the quick reply. I've been test it out but it isn't working for me.
Firstly, I get an error about the Version, so I changed it to "2012-10-17". Then, once I've changed that, I get errors like, "The condition key sns:Message does not exist in the service sns". It looks like they are not valid condition keys. Where did you get them from?