- Mais recentes
- Mais votos
- Mais comentários
One way of generating policies is to use AWS's policy generator based off activity: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_generate-policy.html. With this, IAM Access Analyzer reviews AWS CloudTrail for API calls and generates a policy template that contains the permissions that the entity used over a specified data range.
There are other 3rd party tools that do something like this as well.
I also recommend using AWS Policy Sim: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html
You can search for the service role in IAM Roles and see which policies are applied to it. Then create another role that you can assume or create an IAM user with the same policies that are applied to the server role. After you are done you can remove the role/user that you created.
that's what i thought i would do, but i can't even create roles for that too.
Conteúdo relevante
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 4 anos
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 3 meses
thanks, i've been reading about the policy generation, and i'm not sure about a few things, i'm assuming i need to use my current developer role, but OTOH , i don't want to give my actuall role, as i maybe doing other aws stuff while the activity is running, not mention my IDE will as well, so i would need to create an additional role similar to my own, by my current role is actually SAML based, so how do i create a "developer like" role i can configure in aws CLI to assume that role?