1 個回答
- 最新
- 最多得票
- 最多評論
0
You will need permission in ACM to create a certificate for sub.domain.com. You will also need permissions in CloudFront to add the certificate to the distribution and add alternate domain of sub.domain.com to the distribution. See: Using alternate domain names and HTTPS.
In response to the comment below: There are a couple of AWS Manage policies that they could assign to you. See: CloudFrontFullAccess and AWSCertificateManagerFullAccess.
Those two policies are not least privileged but they could start with these and add Resources and Conditions to restrict you to your specific task by creating a customer-managed policy.
相關內容
- 已提問 7 個月前
AWS 官方已更新 3 年前- AWS 官方已更新 2 年前
Hello, may I bother you a little bit more?
It seems like my client is still having trouble setting it up themselves, and also in providing permissions to other users.
I once had an ECS account, but that was more than a decade ago. I haven't used AWS since then, so I'm quite unfamiliar with it.
My client gave me 'database admin' permission. I have a feeling, that the permissions you mentioned can't be set-up in the same easy way as setting up that 'database admin' permission?
If that's the case, could you suggest a simpler way for my client to provide me with the necessary permissions? Perhaps an easy to set-up, broader permission, that doesn't include access to billing, etc.?
Thanks in advance!