1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
1
The following example IAM policy statement allows the principal to enable and disable KMS keys but only when all aliases of the KMS keys include "Test." This policy statement uses two conditions. The condition with the ForAllValues set operator requires that all aliases associated with the KMS key include "Test". The condition with the ForAnyValue set operator requires that the KMS key have at least one alias with "Test." Without the ForAnyValue condition, this policy statement would have allowed the principal to use KMS keys that had no aliases.
{
"Sid": "AliasBasedIAMPolicy",
"Effect": "Allow",
"Action": [
"kms:EnableKey",
"kms:DisableKey"
],
"Resource": "arn:aws:kms:*:111122223333:key/*",
"Condition": {
"ForAllValues:StringLike": {
"kms:ResourceAliases": [
"alias/*Test*"
]
},
"ForAnyValue:StringLike": {
"kms:ResourceAliases": [
"alias/*Test*"
]
}
}
}
respondido hace 2 años
Contenido relevante
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace un mes
- ¿Cómo puedo resolver el error “Failed to start the job flow due to an internal error” en Amazon EMR?OFICIAL DE AWSActualizada hace un mes
- OFICIAL DE AWSActualizada hace 8 meses