AWS cli/boto3- 是否可以知道角色或策略是否对资源具有权限?
AWS cli/boto3- Is it possible to know if a role or policy has permissions over a resource?
我想知道我是否可以检查策略或角色是否可以查看、列出或编辑资源。
可以是任何类型的资源、S3 存储桶、Secrets Manager、EC2 实例等
我也会尝试通过 boto3 来做到这一点。
你可以Test IAM policies with the IAM policy simulator - AWS Identity and Access Management。这允许您指定策略和资源(包括条件)并测试是否允许 API 调用。
如果您希望通过 boto3 执行此操作,您可以使用 simulate_custom_policy():
Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API operations and AWS resources to determine the policies' effective permissions. The policies are provided as strings.
The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations.
If you want to simulate existing policies that are attached to an IAM user, group, or role, use simulate_principal_policy() instead.
我想知道我是否可以检查策略或角色是否可以查看、列出或编辑资源。
可以是任何类型的资源、S3 存储桶、Secrets Manager、EC2 实例等
我也会尝试通过 boto3 来做到这一点。
你可以Test IAM policies with the IAM policy simulator - AWS Identity and Access Management。这允许您指定策略和资源(包括条件)并测试是否允许 API 调用。
如果您希望通过 boto3 执行此操作,您可以使用 simulate_custom_policy():
Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API operations and AWS resources to determine the policies' effective permissions. The policies are provided as strings.
The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations.
If you want to simulate existing policies that are attached to an IAM user, group, or role, use
simulate_principal_policy()instead.