1 Answer
- Newest
- Most votes
- Most comments
0
【以下的回答经过翻译处理】 看起来您只是输错了,缺少了拒绝条件块的资源。
您的策略应该更改为:
{
"Sid": "ExplicitDenyEncryptDecryptAccess",
"Effect": "Deny",
"Principal": "*",
"Action": [
"kms:Encrypt",
"kms:Decrypt"
],
"Resource": "*" ,
"Condition": {
"StringNotLike": {
"aws:userid": [
"12345",
"AROAADMINROLE",
"AROAADMINROLE:*",
"AIDALAMBDAROLE:*",
"AIDALAMBDAROLE",
"AIDAMYIAMUSER:*",
"AIDAMYIAMUSER"
]
}
}
},
希望能帮助您!
Relevant content
- asked a year ago
- Accepted Answerasked 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago