1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
ABAC in AWS is implemented using tags on service resources and IAM principals and then referencing these tags in conditions in IAM policies. You can find services that support ABAC here: AWS services that work with IAM. From this doc:
ABAC (authorization based on tags) – To control access based on tags, you provide tag information in the condition element of a policy using the aws:ResourceTag/key-name, aws:RequestTag/key-name, or aws:TagKeys condition keys. If a service supports all three condition keys for every resource type, then the value is Yes for the service. If a service supports all three condition keys for only some resource types, then the value is Partial.
IAM tutorial: Define permissions to access AWS resources based on tags
관련 콘텐츠
- AWS 공식업데이트됨 2년 전