AWS Policy for all resources related to a specific Amplify project

160 Views Asked by mwcwge23 At 20 October 2024 at 03:53

I have an Amplify project, I want to restrict users to be able to modify only resources related to it. I thought to create a new AWS Policy that have permissions to do anything on all resources including a specific string. I got an error: "Failed to save changes to policy . Resource vendor must be fully qualified and cannot contain regexes."

This is what I tried to do:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": [
                "arn:aws:*:*:*:*stringname*"
            ]
        }
    ]
}

I would appreciate if you'll help me to find a solution (even other solution than the one mentioned above).

Thanks

Original Q&A

There are 1 best solutions below

Caldazar On 14 December 2023 at 15:32

You could do this via tags on resources. Something like:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "policy",
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*",
            "Condition": {
                "StringEquals": {"aws:ResourceTag/project": "${aws:PrincipalTag/project}"}
            }
        }]
}

This assumes that you added project tag to resources and to IAM users. You could omit the tag from the users, if instead you set condition as:

"Condition": {
    "StringEquals": {"aws:ResourceTag/project": "projectname"}
            }

AWS Policy for all resources related to a specific Amplify project

There are 1 best solutions below

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AWS-AMPLIFY

Related Questions in AWS-POLICIES

Trending Questions

Popular # Hahtags

Popular Questions