1. ホーム
  2. 質問と答え
  3. 個別のARNリソースの問題にアクセスするためのロールポリシー

個別のARNリソースの問題にアクセスするためのロールポリシー

2016-03-22 12 views
3

IAMユーザーにアクセスできるポリシーをいくつかのテーブルにのみ追加したいとします。個別のARNリソースの問題にアクセスするためのロールポリシー

フォローthis document

私の方針:私は "Autorizedない" しまった結果

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
     { 
      "Action": [ 
       "cloudwatch:DescribeAlarmHistory", 
       "cloudwatch:DescribeAlarms", 
       "cloudwatch:DescribeAlarmsForMetric", 
       "cloudwatch:GetMetricStatistics", 
       "cloudwatch:ListMetrics", 
       "datapipeline:DescribeObjects", 
       "datapipeline:DescribePipelines", 
       "datapipeline:GetPipelineDefinition", 
       "datapipeline:ListPipelines", 
       "datapipeline:QueryObjects", 
       "dynamodb:BatchGetItem", 
       "dynamodb:DescribeTable", 
       "dynamodb:GetItem", 
       "dynamodb:ListTables", 
       "dynamodb:Query", 
       "dynamodb:Scan", 
       "dynamodb:DescribeReservedCapacity", 
       "dynamodb:DescribeReservedCapacityOfferings", 
       "sns:ListSubscriptionsByTopic", 
       "sns:ListTopics", 
       "lambda:ListFunctions", 
       "lambda:ListEventSourceMappings", 
       "lambda:GetFunctionConfiguration" 
      ], 
      "Effect": "Allow", 
      "Resource": [ 
       "arn:aws:dynamodb:eu-west-1: xxxxxxxxxxxx:table:table/<TableName>", //commented real name 
       "arn:aws:dynamodb:eu-west-1:xxxxxxxxxxxx:table/<TableName>" //commented real name 
      ] 
     } 
    ] 
}

メッセージ

enter image description here

しかし、私はリソースを変更したときに "*" - すべての作品。

なぜ、私は別のテーブルにのみ完全な読み取りアクセスを有効にできませんか?

出典

2016-03-22 gbk

答えて

1 

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
     { 
      "Sid": "ResourceBasedActions", 
      "Action": [ 
       "datapipeline:DescribeObjects", 
       "datapipeline:DescribePipelines", 
       "datapipeline:GetPipelineDefinition", 
       "datapipeline:QueryObjects", 
       "dynamodb:BatchGetItem", 
       "dynamodb:DescribeTable", 
       "dynamodb:GetItem", 
       "dynamodb:Query", 
       "dynamodb:Scan", 
       "lambda:GetFunctionConfiguration" 
      ], 
      "Effect": "Allow", 
      "Resource": [ 
       "arn:aws:dynamodb:eu-west-1: xxxxxxxxxxxx:table:table/<TableName>", 
       "arn:aws:dynamodb:eu-west-1:xxxxxxxxxxxx:table/<TableName>" 
      ] 
     }, 
     { 
      "Sid": "NonResourceBasedActions", 
      "Action": [ 
       "cloudwatch:DescribeAlarmHistory", 
       "cloudwatch:DescribeAlarms", 
       "cloudwatch:DescribeAlarmsForMetric", 
       "cloudwatch:GetMetricStatistics", 
       "cloudwatch:ListMetrics", 
       "datapipeline:ListPipelines", 
       "dynamodb:ListTables", 
       "sns:ListSubscriptionsByTopic", 
       "sns:ListTopics", 
       "lambda:ListFunctions", 
       "lambda:ListEventSourceMappings", 
       "dynamodb:DescribeReservedCapacity", 
       "dynamodb:DescribeReservedCapacityOfferings" 
      ], 
      "Effect": "Allow", 
      "Resource": [ 
       "*" 
      ] 
     } 
    ] 
}
下に記載されている溶液、(アマゾンから) Deepesh S.のおかげで、

出典

2016-03-26 06:50:41 gbk

関連する問題

 関連する問題