Question

我正在尝试创建一个策略，我可以限制用户访问不同的区域RDS。但是我想让他们只能访问一个区域，即ap-southeast-1。

我已经制定了一些政策，但它们不适用于新加坡地区，只适用于美国东部地区。

为什么这对我们有用 - 但不适用于新加坡？

政策示例：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt----------",
            "Effect": "Allow",
            "Action": [
                "rds:*"
            ],
            "Condition": {
                "StringEquals": {
                    "ec2:Region": "ap-southeast-1"
                }
            },
            "Resource": [
                "*"
            ]
        }
    ]
} 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt----------",
            "Action": [
                "rds:*",
                "cloudwatch:DescribeAlarms",
                "cloudwatch:GetMetricStatistics",
                "ec2:DescribeAccountAttributes",
                "ec2:DescribeAvailabilityZones",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSubnets",
                "ec2:DescribeVpcs",
                "sns:ListSubscriptions",
                "sns:ListTopics",
                "logs:DescribeLogStreams",
                "logs:GetLogEvents"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:rds:ap-southeast-1:*"
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1454649600000",
            "Effect": "Allow",
            "Action": [
                "*"
            ],
            "Resource": [
                "arn:aws:rds:ap-southeast-1:account number:*"
            ]
        }
    ]
}

Answer 1

尝试这个..下面的代码适用于我。

\\n

将RDS用户限制为区域

1 个答案: