堆栈内存溢出
  简体   繁体   English

我正在尝试为组织中的AWS用户设置MFA

[英]I am trying to set-up MFA for an AWS user in the organization

 原文  2017-09-25 19:21:06       amazon-web-services/ amazon-iam/ policy

问题描述

       {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1506369084151",
      "Action": [
        "iam:CreateVirtualMFADevice",
        "iam:EnableMFADevice",
        "iam:ListMFADevices",
        "iam:ResyncMFADevice"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:iam::account_#:user/user_name"
    }
  ]
}

I have this above policy which should enable users to set-up MFA by themselves. 我拥有上述上述政策,该政策应使用户可以自行设置MFA。 However, when I test this policy (by logging in as one of the users, I am not able to perform the desired action) 但是,当我测试此策略时(通过以其中一个用户身份登录,我无法执行所需的操作)

What am I missing in the policy snippet? 我在政策摘要中缺少什么?

PS: The policy is attached to the user I try to log-in as. PS:该策略已附加到我尝试以其身份登录的用户上。 So this silly mistake is ruled out. 因此,排除了这种愚蠢的错误。

1 个解决方案

解决方案1
 2 已采纳  2017-09-25 21:58:11

This works for me: 这对我有用: 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowEnableResyncDeleteListMFA",
      "Effect": "Allow",
      "Action": [
        "iam:CreateVirtualMFADevice",
        "iam:EnableMFADevice",
        "iam:ResyncMFADevice",
        "iam:DeleteVirtualMFADevice"
      ],
      "Resource": [
        "arn:aws:iam::AWS_ACCOUNT_ID:mfa/${aws:username}",
        "arn:aws:iam::AWS_ACCOUNT_ID:user/${aws:username}"
      ]
    },
    {
      "Sid": "AllowDeactivateMFA",
      "Effect": "Allow",
      "Action": [
        "iam:DeactivateMFADevice"
      ],
      "Resource": [
        "arn:aws:iam::AWS_ACCOUNT_ID:mfa/${aws:username}",
        "arn:aws:iam::AWS_ACCOUNT_ID:user/${aws:username}"
      ],
      "Condition": {
        "Bool": {
          "aws:MultiFactorAuthPresent": true
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "iam:ListMFADevices",
        "iam:ListVirtualMFADevices",
        "iam:ListUsers"
      ],
      "Resource": "*"
    }
  ]
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS ECS 中的动态端口设置中的运行状况检查失败 - Health check failed in dynamic port set-up in AWS ECS 我正在尝试使用 AWS SES 在我的 React 应用程序中设置联系我们表单,但出现“CredentialsError: Missing credentials in config”错误 - I am trying to set up a Contact Us form in my React App using AWS SES, but error that "CredentialsError: Missing credentials in config" AWS Cognito - 重置用户 MFA - AWS Cognito - reset user MFA 尝试使用 AWS CodeGuru 时出现此错误 - I am getting this error when trying to user AWS CodeGuru 如何正确设置Amazon SES - How to correctly set-up Amazon SES 如何在 WinUI 3 应用程序中获取 AccessToken 或 Session 字符串以启动 AWS Cognito MFA 的设置 - How to get AccessToken or Session string in WinUI 3 application to initiate set up of AWS Cognito MFA 如何为 AWS 中的其他 IAM 用户设置 MFA? - How to setup MFA to other IAM user in AWS? 设置 AWS 凭证以使用 MFA 并能够通过 VScode 中的 AWS Toolkit 将角色作为命名配置文件设置的正确方法是什么? - What is the correct way to set up AWS credentials to work with MFA and be able to assume roles as named profiles via AWS Toolkit in VScode? 如何为 Terraform 配置 AWS MFA? - How do I configure AWS MFA for Terraform? 我正在尝试将Rails git部署上的ruby设置到AWS Elastic Beanstalk; “ eb init”失败 - I'm trying to set up ruby on rails git deployment to AWS Elastic Beanstalk; “eb init” failing
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM