I created a User in AWS Account and attached my user Admin access And I created another user with the same Admin access, But i don't want that user to delete my user. Any Solutions
I want to know how to do it
I created a User in AWS Account and attached my user Admin access And I created another user with the same Admin access, But i don't want that user to delete my user. Any Solutions
I want to know how to do it
Copyright © 2021 Jogjafile Inc.
With IAM policies an explicit deny takes precedence over an allow statement. This means you can add a single deny statement for a specific resource but still access other resources. You should be able to use this mechanic with IAM User permissions (but you should create a test user to validate this works as expected!!!)
Create a new policy with below contents and add to the user you want to limit access to delete your user
(change
000000000000
to your aws account number andblah
to the user you wish to prevent being deleted).Depending on your needs there are a bunch of other IAM permissions you might want to deny against this user such as
RemoveUserFromGroup
(if you use groups). (The easiest way of seeing these is in the IAM Console - create a policy and use the Visual Editor. SelectIAM
as service, and look at the permissions available under theWrite
access section).NOTE: if your using the Create Policy Visual Editor you can switch between the JSON view and graphical view to see the actual policy. If you edit the JSON view the Visual Editor view will be updated and vice-versa. There should be no errors or warnings reported by the Visual Editor when you complete your policy