Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

IAM Policy to restrict other user action within a policy

0

Is it possible to configure an IAM policy that allow another "user/service account" to create a policy that allow another user to use/consume a particular service only and no other resources. Is there a way to achieve this goal ?

Example: User XYZ creates a policy to allow other user ABC to create a policy to allow managing SQS resources within the policy created by User ABC

Temas
Seguridad, identidad y cumplimientoAWS Well-Architected Framework
Etiquetas
AWS Identity and Access ManagementSeguridadPolíticas de IAM
Idioma
English
AWS
YagyaVir_S
preguntada hace un año403 visualizaciones
1 Respuesta
1

I think you're looking for IAM Permissions Boundaries - this allows you to restrict what permissions someone can give to other entities. For example, it can stop someone who has the ability to create an IAM role from exceeding the permissions for that new role that you want them to have.

profile pictureAWS
EXPERTO
Brettski-AWS
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante