AWS:策略条件语句被忽略

时间:2020-05-10 16:39:50

标签: amazon-web-services aws-policies

因此,我试图运行策略,但是在将条件设置为true和false时从未调用它,这很可能会丢失某些内容,但是当我一起省略条件语句时,就会得到所需的策略执行。

选项1:条件语句为假

    {
            "Condition": {
                "Bool": {
                    "aws:MultiFactorAuthPresent": "true"
                }
            },
            "Resource": "*",
            "Effect": "Deny",
            "NotAction": [
                "iam:CreateVirtualMFADevice",
                "iam:DeleteVirtualMFADevice",
                "iam:ListVirtualMFADevices",
                "iam:EnableMFADevice",
                "iam:ResyncMFADevice",
                "iam:ListAccountAliases",
                "iam:ListUsers",
                "iam:ListSSHPublicKeys",
                "iam:ListAccessKeys",
                "iam:ListServiceSpecificCredentials",
                "iam:ListMFADevices",
                "iam:GetAccountSummary",
                "sts:GetSessionToken"
            ]
        }

选项1:条件语句为假

    {
            "Condition": {
                "Bool": {
                    "aws:MultiFactorAuthPresent": "false"
                }
            },
            "Resource": "*",
            "Effect": "Deny",
            "NotAction": [
                "iam:CreateVirtualMFADevice",
                "iam:DeleteVirtualMFADevice",
                "iam:ListVirtualMFADevices",
                "iam:EnableMFADevice",
                "iam:ResyncMFADevice",
                "iam:ListAccountAliases",
                "iam:ListUsers",
                "iam:ListSSHPublicKeys",
                "iam:ListAccessKeys",
                "iam:ListServiceSpecificCredentials",
                "iam:ListMFADevices",
                "iam:GetAccountSummary",
                "sts:GetSessionToken"
            ]
        }

1 个答案:

答案 0 :(得分:0)

使用长期凭证(例如用户访问密钥对)调用API或CLI命令时,aws:MultiFactorAuthPresent密钥不存在。因此,我们建议您在检查此键时使用... IfExists版本的条件运算符。

相关问题
最新问题