To restrict access to source servers associated with a given AWS vCenter client, use the condition element
mgn:VcenterClientId
condition key.
The following example demonstrates a policy that allows an AWS vCenter client to call the
mgn:UpdateAgentSourcePropertiesForMgn
action only on a source server associated with the calling AWS vCenter client.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "mgn:UpdateAgentSourcePropertiesForMgn",
"Resource": "arn:aws:mgn:*:*:source-server/*",
"Condition": {
"StringEquals": {
"mgn:VcenterClientId": "${aws:SourceIdentity}"
}
}
}
]
}