如何列出假定的AWS IAM角色的可用策略
[英]How to list available policies for an assumed AWS IAM role
问题描述
I am using python and boto to assume an AWS IAM role. 
我正在使用python和boto担任AWS IAM角色。 I want to see what policies are attached to the role so i can loop through them and determine what actions are available for the role. 我想查看该角色附加了哪些策略,以便我可以遍历它们并确定对该角色可用的操作。 I want to do this so I can know if some actions are available instead of doing this by calling them and checking if i get an error. 我想这样做,这样我就可以知道是否有一些可用的动作,而不是通过调用它们并检查是否收到错误来做到这一点。 However I cannot find a way to list the policies for the role after assuming it as the role is not authorised to perform IAM actions. 但是,在假定角色无权执行IAM操作之后,我找不到找到列出角色策略的方法。
Is there anyone who knows how this is done or is this perhaps something i should not be doing. 有谁知道这是怎么做的,或者这也许是我不应该做的事情。
1 个解决方案
解决方案1
1 2018-08-31 23:08:19
To obtain policies, your AWS credentials require permissions to retrieve the policies. 要获取策略,您的AWS凭证需要权限来检索策略。
If such permissions are not associated with the assumed role, you could use another set of credentials to retrieve the permissions (but those credentials would need appropriate IAM permissions). 如果此类权限与假定角色没有关联,则可以使用另一组凭据来检索权限(但是这些凭据将需要适当的IAM权限)。
There is no way to ask "What policies do I have?" 无法询问“我有什么政策?” without having the necessary permissions. 没有必要的权限。 This is an intentional part of AWS security because seeing policies can reveal some security information (eg "Oh, why am I specifically denied access to the Top-Secret-XYZ S3 bucket?"). 这是AWS安全性的故意组成部分,因为看到策略可以泄露一些安全性信息(例如“哦,为什么我特地拒绝访问Top-Secret-XYZ S3存储桶?”)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.