- 最新
- 最多得票
- 最多評論
Hello.
The following policy denies domain transfer actions and hosted zone deletion.
All other actions are allowed.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53domains.html
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53.html
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": [
"route53domains:AcceptDomainTransferFromAnotherAwsAccount",
"route53domains:CancelDomainTransferToAnotherAwsAccount",
"route53domains:CheckDomainTransferability",
"route53domains:DisableDomainTransferLock",
"route53domains:EnableDomainTransferLock",
"route53domains:RejectDomainTransferFromAnotherAwsAccount",
"route53domains:TransferDomain",
"route53domains:TransferDomainToAnotherAwsAccount",
"route53:DeleteHostedZone"
],
"Resource": "*"
}
]
}
IAM users cannot cancel their AWS accounts, so No. 2 does not require any action if you are an IAM user.
https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-closing.html#close-account-procedure
Sign in to the AWS Management Console as the root user in the AWS account that you want to close. You can't close an account while signed in as an IAM user or role.
Choose which option in aws to set this at user??
}, { "Effect": "Deny", "Action": [ "route53domains:AcceptDomainTransferFromAnotherAwsAccount", "route53domains:CancelDomainTransferToAnotherAwsAccount", "route53domains:CheckDomainTransferability", "route53domains:DisableDomainTransferLock", "route53domains:EnableDomainTransferLock", "route53domains:RejectDomainTransferFromAnotherAwsAccount", "route53domains:TransferDomain", "route53domains:TransferDomainToAnotherAwsAccount", "route53:DeleteHostedZone" ], "Resource": "*"
I try route53:DeleteDomain , for "deny of delete domain". It show an error.
What is the right code for json to deny of delete domain ??
相關內容
- 已提問 1 年前
- AWS 官方已更新 2 年前
You can create an IAM policy by selecting and pasting "JSON" as shown below. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html
Added "DeleteDomain". https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonroute53domains.html