基于标签的 AWS IAM 策略限制不给我任何访问权限
AWS IAM policy restriction based on Tags not giving me any access
所以我按照 this AWS 教程创建了这个 IAM 策略,该策略应该允许访问任何具有这些密钥的 dynamodb 操作。但是正如您在所附图片中看到的那样,它告诉我我没有任何许可。它也确实发生在其他服务上,所以不仅是 dynamodb,而且我还尝试在策略中硬编码 'access-project' 标记,正如您所看到的那样,使用 'access-environment 完成的。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllActionsSameProjectEnvironment",
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/access-project": "${aws:PrincipalTag/access-project}",
"aws:ResourceTag/access-environment": "pre"
},
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"access-project",
"access-environment",
"Name",
"OwnedBy"
]
},
"StringEqualsIfExists": {
"aws:RequestTag/access-project": "${aws:PrincipalTag/access-project}",
"aws:RequestTag/access-environment": "pre"
}
}
}
]
}
error image
知道为什么会这样吗?谢谢!
DynamoDB 不支持 Authorization based on tags the docs.
所以我按照 this AWS 教程创建了这个 IAM 策略,该策略应该允许访问任何具有这些密钥的 dynamodb 操作。但是正如您在所附图片中看到的那样,它告诉我我没有任何许可。它也确实发生在其他服务上,所以不仅是 dynamodb,而且我还尝试在策略中硬编码 'access-project' 标记,正如您所看到的那样,使用 'access-environment 完成的。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllActionsSameProjectEnvironment",
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/access-project": "${aws:PrincipalTag/access-project}",
"aws:ResourceTag/access-environment": "pre"
},
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"access-project",
"access-environment",
"Name",
"OwnedBy"
]
},
"StringEqualsIfExists": {
"aws:RequestTag/access-project": "${aws:PrincipalTag/access-project}",
"aws:RequestTag/access-environment": "pre"
}
}
}
]
}
error image
知道为什么会这样吗?谢谢!
DynamoDB 不支持 Authorization based on tags the docs.