I have an Amplify project, I want to restrict users to be able to modify only resources related to it. I thought to create a new AWS Policy that have permissions to do anything on all resources including a specific string. I got an error: "Failed to save changes to policy . Resource vendor must be fully qualified and cannot contain regexes."
This is what I tried to do:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": [
"arn:aws:*:*:*:*stringname*"
]
}
]
}
I would appreciate if you'll help me to find a solution (even other solution than the one mentioned above).
Thanks
You could do this via tags on resources. Something like:
This assumes that you added
project
tag to resources and to IAM users. You could omit the tag from the users, if instead you set condition as: