IAM Policy to restrict other user action within a policy
0
Is it possible to configure an IAM policy that allow another "user/service account" to create a policy that allow another user to use/consume a particular service only and no other resources. Is there a way to achieve this goal ?
Example: User XYZ creates a policy to allow other user ABC to create a policy to allow managing SQS resources within the policy created by User ABC
已提問 1 年前檢視次數 403 次
1 個回答
- 最新
- 最多得票
- 最多評論
1
I think you're looking for IAM Permissions Boundaries - this allows you to restrict what permissions someone can give to other entities. For example, it can stop someone who has the ability to create an IAM role from exceeding the permissions for that new role that you want them to have.
相關內容
- 已提問 6 個月前
AWS 官方已更新 2 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前