Home > database >  How to limit access of an AWS IAM Group to access a AWS Secret Manager?
How to limit access of an AWS IAM Group to access a AWS Secret Manager?

Time:10-09

I want to create an IAM Policy of my Secret Manager in AWS, to limit access to an Admin group. But in IAM Policy, I can't create a condition for an IAM group to have single access. I can limit to specific users, to a role, but not a group.

I found that you can limit to a role, and then the Admin can create a temporary link that the user can temporarily attach the role permission by one hour. Link: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html. But I don't think this is the best process for me.

CodePudding user response:

So the answer is that you are putting your IAM policy in the wrong place.

With IAM Groups you assign Identity policies to the group, which then filter to all the users within said group.

With Resources (such as Secret Manager) you assign Resource Policies which can limit access to that resource (or grant specific allowances beyond other policies to specific other resources)

In effect, you want to create a Policy that gives Secret Manager permissions, then attach that policy to your group, rather than create a policy on Secret Manager that will give access to admins.

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html

Page link:https//www.codepudding.com/database/145503.html

Prev:PLAYWRIGHT testing - How to skip to the next action if a click on a button is not possible (is not p
Next:Heroku Redis Connect to v6 for PHP Session
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding