Home > Mobile >  How to deny action for Administrator user in AWS
How to deny action for Administrator user in AWS

Time:05-25

I want deny "sqs:CreateQueue" permission to Administrator user in AWS. is that possible ?. The user is having the below admin permission

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "", "Resource": "" } ] }

CodePudding user response:

The recommended way to restrict a user from being able to perform a particular action is to use a permission boundary.

Add a permission boundary for the user with the following content:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "iam:DeleteUserPermissionsBoundary",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        },
        {
            "Effect": "Deny",
            "Action": "sqs:CreateQueue",
            "Resource": "*"
        }
    ]
}

this will prevent the user from being able to create an SQS queue and from being able to remove the permission boundary you applied, while giving him permissions to perform all other actions.

  • Related