We have a use case: Update the IAM policy as new bucket is created.
New bucket is created using cloudformation template.
Is it possible to update the current IAM policy eg add a new Resource value using cloudformation ?
You have to configure the SNS topic to your cloudformation, the cloudformation will publish to the SNS topic. Configure the SNS to invoke the Lambda function that will update your IAM policy.
Provide the required permissions to your
CloudFormation -> to send notification to SNS
SNS -> to Invoke your lambda
Lambda Function -> To Update IAM Policy
或者,您可以创建一个有权访问所有S3存储桶的组或角色,然后为每个S3存储桶创建一个新的IAM策略,并使用AWS::IAM::Policy
的Groups
或Roles
属性分配给该组或角色AWS::IAM::Policy
资源。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.