Amazon web services 控制调用API的访问
我有一个定义了大量资源的API网关。访问此API的授权是AWS_IAM 我想创建一个只能执行两个端点的用户Amazon web services 控制调用API的访问,amazon-web-services,amazon-iam,Amazon Web Services,Amazon Iam,我有一个定义了大量资源的API网关。访问此API的授权是AWS_IAM 我想创建一个只能执行两个端点的用户 DELETE /a1/{id}/b1/{uid} POST /c1/{id} 我已经创建了一个具有以下权限的用户,但它不起作用 { "Version": "2012-10-17", "Statement": [ { "Action": [ "execute-api:Invoke",
DELETE /a1/{id}/b1/{uid}
POST /c1/{id}
我已经创建了一个具有以下权限的用户,但它不起作用
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"execute-api:Invoke",
"execute-api:ManageConnections"
],
"Resource": [
"arn:aws:execute-api:us-east-1:*:XXXXXXX/*/POST/c1/{id}",
"arn:aws:execute-api:us-east-1:*:XXXXXXX/*/DELETE/a1/{id}/b1/{uid}"
],
"Effect": "Allow"
}
]
}
有人能帮我理解如何在策略中处理这些动态资源路径吗?您好,如果您想支持动态路径,请用*
{
“版本”:“2012-10-17”,
“声明”:[
{
“行动”:[
“执行api:Invoke”,
“执行api:ManageConnections”
],
“资源”:[
“arn:aws:execute api:us-east-1:::XXXXXXX/*/POST/c1/*”,
“arn:aws:execute api:us-east-1:::XXXXXXX/*/DELETE/a1/*/b1/*”
],
“效果”:“允许”
}
]
}