如何为AWS Aurora提供粒度IAM控制?

时间:2016-01-15 14:48:41

标签: amazon-rds aws-sdk amazon-iam amazon-rds-aurora aws-rds

我想给予最小特权IAM策略来控制AWS Aurora实例的创建和删除。数据库实例的权限正常,但无法删除数据库集群对象:

User xxxxxxx is not authorized to perform: rds:DeleteDBCluster

以下是我想要的权利:

{
  "Sid": "313",
  "Effect": "Allow",
  "Action": [
    "rds:ModifyDBCluster",
    "rds:DeleteDBCluster"
  ],
  "Resource": "arn:aws:rds:eu-west-1:123456789101:cluster:*",
  "Condition": {
    "StringEquals": {
      "rds:cluster-tag/author": "qa"
    }
  }
}

但据我测试,只有这个有效:

{
  "Sid": "313",
  "Effect": "Allow",
  "Action": [
    "rds:ModifyDBCluster",
    "rds:DeleteDBCluster"
  ],
  "Resource": "*"
}

0 个答案:

没有答案
相关问题
最新问题