是否可以限制用户根据区域查看cloudformation中的堆栈列表?或者至少限制它们删除堆栈?
这应该通过IAM政策来实现
更新#1 我试过这个政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1375943389569",
"Action": "cloudformation:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:Region": "us-west-2"
}
}
}
]
}
但是我在cloud-page-page上遇到了一个错误 - west-2:
Error
Unable to list stacks: User: arn:aws:iam::XXXXX:user/dummy is not authorized to perform: cloudformation:ListStacks