1 回答
- 最新
- 投票最多
- 评论最多
2
The AppStream 2.0 console doesn't currently support restricting what a user can see based on tags or other resource boundary. For example, the Stacks page calls the AppStream 2.0 API "DescribeStacks" without specifying any boundaries or tags. You can use tags to prevent a user from updating an AppStream 2.0 resource without specify a specific tag - for example, if a user/role should only be able to modify resources with a tag key of "Stage" and value of "NonProd", you can specify that as a condition.
thanks for your answer MuraliAtAWS. So a policy with these controls (see example) is not possible?
"Resource": [ "arn:aws:appstream:eu-central-1:123.....:image-builder/imagebuilder01" "arn:aws:appstream:eu-central-1:123.....:stack/stack01", "arn:aws:appstream:eu-central-1:123.....:app-block/", "arn:aws:appstream:eu-central-1:123.....:fleet/fleet1", "arn:aws:appstream:eu-central-1:123.....:application/", "arn:aws:appstream:eu-central-1:123.....:image/image01" ], "Condition": { "StringEqualsIfExists": { "aws:username": "user01" } }