简体繁体中英

What does it mean for a resource type to be required in an AWS IAM policy

原文 2021-09-28 09:01:39 5 1 amazon-web-services/ amazon-iam

With reference to this page of the IAM documentation:

When does it matter that a resource type is required?

At first I thought that if a resource type is required and you specify the wildcard resource ("*") the statement won't apply. But I've tested that this is not the case (think of the implication on the star star managed Admin policy).

Then I thought that it might mean that some condition keys are only available when you qualify the arn up to or past a type, but I have found counter examples for that as well.

It gets stranger though, because some actions have multiple required resource types, and others still have multiple non-required resource types. Some have required resource types, but have condition keys listed next to no type.

I'm beginning to believe that the resource type column is of no practical use.

So when does it matter?

1 answers

It matters for every policy. For example, if you are specifying permissions to take the action apigateway:Invoke and give a resource arn for a DynamoDB table, you won't get very far, for the resource type required is an execute api resource.

What are the required AWS IAM policy permissions to provision EC2 Instances from the CLI?

Using aws:ResourceTag in conditions on an IAM policy for lambda functions does not work

What is the meaning of aws_iam_role and aws_iam_role_policy?

When creating an encrypted kinesis stream in AWS, what does %FIREHOSE_POLICY_TEMPLATE_PLACEHOLDER% mean?

Adding a resource based policy vs IAM policy

AWS custom IAM policy issue

Terraform aws_iam_policy_document: Inappropriate value for attribute "resources": element 0: string required

AWS IAM S3 download policy

AWS IAM Inline policy for Password Expiration

AWS IAM Policy Assistance with Lambda Permissions for SMTP

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What are the required AWS IAM policy permissions to provision EC2 Instances from the CLI? Using aws:ResourceTag in conditions on an IAM policy for lambda functions does not work What is the meaning of aws_iam_role and aws_iam_role_policy? When creating an encrypted kinesis stream in AWS, what does %FIREHOSE_POLICY_TEMPLATE_PLACEHOLDER% mean? Adding a resource based policy vs IAM policy AWS custom IAM policy issue Terraform aws_iam_policy_document: Inappropriate value for attribute "resources": element 0: string required AWS IAM S3 download policy AWS IAM Inline policy for Password Expiration AWS IAM Policy Assistance with Lambda Permissions for SMTP

Related Tags

What does it mean for a resource type to be required in an AWS IAM policy

Question

1 answers

solution1 0 2021-09-28 09:10:15

solution1
0 2021-09-28 09:10:15