Home > Net >  IAM PassRole restrictions
IAM PassRole restrictions

Time:04-06

I need the permissions to pass an execution role to a Lambda when I create a CF. So I have given the role used for creating the CF this:

Effect: Allow
Action:
  - iam:PassRole
Resource:
  - "myexecutionrole"

So now my CF role can pass the execution role to any resource. I want to restrict this. I want it only to be able to pass the role to the Lambda function it is for. So I have been looking into policy conditions, put here I only find solution for restricting the source of the call not the target. Is that I want possible and how?

CodePudding user response:

You could use iam:AssociatedResourceArn. From docs:

Specifies the ARN of the resource to which this role will be associated at the destination service.

Page link:https//www.codepudding.com/net/362427.html

Prev:Split value from a total row to multiple other rows until the sum reaches the value of the total row
Next:How to allow @throws for case classes in Scala?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding