Please tell me how to make the aws policy.

Asked 2 years ago, Updated 2 years ago, 64 views 

{
  "Version": "2012-10-11",
  "Id": "Policy 1503119012324",
  "Statement": [{
    "Sid": "Stmt15031190096534",
    "Effect": "Deny",
    "Principal": "*",
    "Action": "*",
    "Resource": "arn:aws:s3::mybucket/*",
    "Condition": {
      I want to make an exception to certain IAM users here
    }
  }]
}

aws amazon-s3

2022-09-30 19:55

1 Answers

You can use NotPrincipal to specify the IAM user's ARN.
The ARN is in the format "arn:aws:iam::AWS account ID:user/IAM username".

{
  "Id": "Policy 3 IamUserAccessControl",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "mybucket01",
      "Action": "s3:*",
      "Effect": "Deny",
      "Resource": ["arn:aws:s3::mybucket",
      "NotPrincipal": {
        "AWS": [
          "arn:aws:iam::123456789012:user/take88" <- Exception IAM User
        ]
      }
    }
  ]
}

2022-09-30 19:55

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

549 PHP ssh2_scp_send fails to send files as intended

542 Unable to install versioned in Google Colab

980 In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

546 Understanding How to Configure Google API Key

642 /usr/bin/google-chrome:symbol lookup error:/usr/bin/google-chrome: undefined symbol:gbm_bo_get_modifier

© 2024 OneMinuteCode. All rights reserved.