根据特定标签限制对所有AWS资源的访问 [英] Restrict access to all AWS resources based on the specific tag

问题描述

我们是否有解决方案来编写AWS IAM策略，以根据其标签限制对所有AWS组件的访问?

Do we have a solution to write AWS IAM policy to restrict access to all AWS components based on their tag?

现在，我们的AWS资源已经为每个应用程序提供了特定的标签.我们希望让每个应用程序中的开发人员通过分别与已标记到每个资源的标签分开，仅访问其应用程序.

Right now, Our AWS's resources already had a specific tag for each application. We would like to let developers from each application access only their application by separate with the tag, which has been tagged to each resource.

我已经在Google上搜索并找到了此解决方案.该解决方案仅适用于AWS EC2.我们可以将范围扩展到涵盖所有AWS资源吗?

I have googled and found this solution. This solution just suited for AWS EC2. Can we extend the scope to cover all AWS's resources?

谢谢

推荐答案

是的，您可以使用这样的策略.

Yes you can use policy like this.

{
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Action": "<permissions>",
        "Resource": "*",
        "Condition": {"StringLike": {"<service-name>:ResourceTag/<Tag-name>": "<Tag-value"}}
    }]
}

希望这对您有帮助

这篇关于根据特定标签限制对所有AWS资源的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！