TechQA.

AWS IAM policy based on PermissionSet mapping

30 views Asked by At

How can I create AWS SCP conditions which restrict the scope of the policy only to AzureAD users which are members of AD group associated with a specific PermissionSet?

For example, let's assume I have AD user [email protected], member of "NoEC2Access" AD Group. This AD Group is mapped to "noEC2" PermissionSet.

I want to create and SCP, to be applied to some OUs, that will deny all the "ec2:*" actions to all users that are members of a group which has "noEC2" PermissionSet mapped to it.

{
   "Version": "2012-10-17",
   "Statement": [
      {
        "Effect": "Deny",
        "Action": ["ec2:*"],
        "Resource": "*"
      },
      "Condition": {
            <HERE THE CONDITION>
      }
    ]
}

Thanks

amazon-web-services amazon-iam aws-iam-policy aws-scp
Original Q&A
0

There are 0 answers

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-IAM

Related Questions in AWS-IAM-POLICY

Related Questions in AWS-SCP

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions