Amazon web services 允许AWS上的超级用户管理其密码和密钥
我在AWS上创建了具有poweruser策略的用户。政策是Amazon web services 允许AWS上的超级用户管理其密码和密钥,amazon-web-services,amazon-iam,Amazon Web Services,Amazon Iam,我在AWS上创建了具有poweruser策略的用户。政策是 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "NotAction": "iam:*", "Resource": "*" } ] } 现在,在以下文档()中,我创建了允许用户管理自己的密码和密钥的自定义策略: { "Version": "2012-10-17", "Statem
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": "iam:*",
"Resource": "*"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:*LoginProfile",
"iam:*AccessKey *",
"iam:ChangePassword",
"iam:*SSHPublicKey *"
],
"Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}"
},
{
"Effect": "Allow",
"Action": [
"iam:ListAccount*",
"iam:GetAccountSummary",
"iam:GetAccountPasswordPolicy",
"iam:ListUsers"
],
"Resource": "*"
}
]
}
请参见下面的代码,其中显示的
不带连字符的帐户id{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:*LoginProfile",
"iam:*AccessKey *",
"iam:ChangePassword",
"iam:*SSHPublicKey *"
],
"Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}"
},
{
"Effect": "Allow",
"Action": [
"iam:ListAccount*",
"iam:GetAccountSummary",
"iam:GetAccountPasswordPolicy",
"iam:ListUsers"
],
"Resource": "*"
}
]
}
您是否将新策略附加到console中的用户“Student”上?是的,我附加了@错误2007你确认过学生是否是超级用户吗?是的,我确认过。学生是学生组的一部分。该组附加了两个策略:1.允许某些IAM权限的自定义策略。2.PowerUserAccess(问题中附带的两个策略)。按特定顺序列出的策略。我还尝试将自定义策略直接附加到用户,但它也有相同的问题@error2007sI复制了与上面相同的步骤。我也得到了错误。如果我找到了这个问题的任何解决方案,我将深入挖掘并返回。