1. 首頁
  2. 問答
  3. 無法將AWS策略應用於組,僅限於用戶

無法將AWS策略應用於組,僅限於用戶

2015-12-10 28 views
0

我正嘗試在CloudSearch域上設置權限。無法將AWS策略應用於組,僅限於用戶

這一政策的工作原理:

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
    { 
     "Effect": "Allow", 
     "Principal": { 
     "AWS": "arn:aws:iam::55555555:user/SearchUser" 
     }, 
     "Action": "cloudsearch:*" 
    } 
    ] 
}

這不:

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
    { 
     "Effect": "Allow", 
     "Principal": { 
     "AWS": "arn:aws:iam::55555555:group/SearchGroup" 
     }, 
     "Action": "cloudsearch:*" 
    } 
    ] 
}

唯一的區別是用戶/ SearchUser對組/ SearchGroup

當我嘗試申請後者只是給我一個錯誤:

Error setting policy: [{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::55555555:group/SearchGroup"},"Action":"cloudsearch:*"}]}]

關於爲什麼政策適用於用戶而不是羣組的任何想法?

來源

2015-12-10 Mark Sowul

回答

3

組不支持。

Specifying a Principal

You specify a principal using the Amazon Resource Name (ARN) of the AWS account, IAM user, IAM role, federated user, or assumed-role user. You cannot specify IAM groups as principals.

http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Principal

來源

2015-12-10 18:35:54 Jason

+0

任何想法如何更好地完成我想 - 我基本上要該組只有該組訪問特定CloudSearch域。我可以將策略附加到該組,但是我認爲CloudSearch對象策略中的「拒絕全部」嗎? –

相關問題

 相關問題