AWS - IAM policy tips
Alasta 10 Juillet 2024 aws aws iam policy
Description : Informations sur quelques IAM policies contraintes
IAM policies contraintes :
Restrict the API calls from the client public IP :
"aws:SourceIp": ["203.0.113.0/24"]Restrict to one specific VPC Endpoint
"aws:SourceVpce": "vpce-1a2b3c4d"Restrict to an entire VPC
"aws:SourceVpc": "vpc-111bbb22"Restrict the region to API calls are made to
"aws:RequestedRegion": [ "eu-central-1" ]Restrict based on tags
"ec2:ResourceTag/Project": "DataAnalytics"Deny if MFA not used
"BoolIfExists": {"aws:MultiFactorAuthPresent": false}Restrict to account from an AWS Organization
"aws:PrincipalOrgID":"o-yyyyyyyyyyy"Force the presence of tag
"Condition":
{
"Null":
{"aws:RequestTag/CostCenter":"true"}
}Note: Use a Null condition operator to check if a condition key is absent at the time of authorization. In the policy statement, use either true (the key doesn’t exist — it is null) or false (the key exists and its value is not null).