1 Answer
- Newest
- Most votes
- Most comments
1
Hello.
I think the policy would probably be something like this:
When you look at the document table for "iot:CreateKeysAndCertificate", the resource is blank, so you cannot set anything other than "*".
"iot:CreatePolicyVersion" allows you to specify "aws:ResourceTag" when the resource is "policy*", so I thought it would be as follows.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html
{
"Version": "20212-10-17",
"Statement": [
{
"Sid": "IOTPermissions",
"Effect": "Allow",
"Action": [
"iot:CreateKeysAndCertificate"
],
"Resource": "*"
},
{
"Sid": "test",
"Effect": "Allow",
"Action": [
"iot:CreatePolicyVersion"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Department": "FinanceTeam"
}
}
}
]
}
Relevant content
- Accepted Answerasked 2 years ago
- asked 2 years ago
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago