1. 首页
  2. 问答
  3. 无法将AWS策略应用于组,仅限于用户

无法将AWS策略应用于组,仅限于用户

2015-12-10 32 views
0

我正尝试在CloudSearch域上设置权限。无法将AWS策略应用于组,仅限于用户

这一政策的工作原理:

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
    { 
     "Effect": "Allow", 
     "Principal": { 
     "AWS": "arn:aws:iam::55555555:user/SearchUser" 
     }, 
     "Action": "cloudsearch:*" 
    } 
    ] 
}

这不:

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
    { 
     "Effect": "Allow", 
     "Principal": { 
     "AWS": "arn:aws:iam::55555555:group/SearchGroup" 
     }, 
     "Action": "cloudsearch:*" 
    } 
    ] 
}

唯一的区别是用户/ SearchUser对组/ SearchGroup

当我尝试申请后者只是给我一个错误:

Error setting policy: [{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::55555555:group/SearchGroup"},"Action":"cloudsearch:*"}]}]

关于为什么政策适用于用户而不是群组的任何想法?

来源

2015-12-10 Mark Sowul

回答

3

组不支持。

Specifying a Principal

You specify a principal using the Amazon Resource Name (ARN) of the AWS account, IAM user, IAM role, federated user, or assumed-role user. You cannot specify IAM groups as principals.

http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Principal

来源

2015-12-10 18:35:54 Jason

+0

任何想法如何更好地完成我想 - 我基本上要该组只有该组访问特定CloudSearch域。我可以将策略附加到该组,但是我认为CloudSearch对象策略中的“拒绝全部”吗? –

相关问题

 相关问题