NotResource results in a shorter policy by listing only a few resources that should not match, rather than including a long list of resources that will match.
what will be the result of wildcard in NotResource?
{
"Effect": "Allow",
"NotAction": [
"iam:*"
],
"NotResource": [
"*"
]
}
CodePudding user response:
A policy statement element with NotResource
applies to any resource that does not match the listed resource(s). *
matches any resource, so NotResource
*
ends up meaning "not any resource". The policy will have no effect since it will match no resources.
I'm not sure AWS will let you create such a policy, but if it's allowed that's the effect it will have.