1
我模板的高級用戶策略和加入MFA狀態,導致MFA-高級用戶像下面AWS高級用戶與MFA(IAM策略)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": "iam:*",
"Resource": "*",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}
中的描述和意圖是:
Provides full access to AWS services and resources, but does not allow management of Users and groups. MFA needed by login.
使用政策模擬器在EC2上進行測試所有EC2操作都被拒絕,原因是
implicitly denied (no matching statement)
。應該將環境變量MultiFactorAuthPresent放入模擬器中 –