允许用户在中查看自己的权限 AWS IoT Events - AWS IoT Events

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

允许用户在中查看自己的权限 AWS IoT Events

此示例显示您可以如何创建策略,以便允许 用户查看附加到其用户身份的内联和托管策略。允许用户查看自己的IAM权限对于提高安全意识和自助服务功能非常有用。此策略包括在控制台上或使用或以编程方式完成此操作的 AWS CLI 权限。 AWS API

{
       "Version": "2012-10-17",
       "Statement": [
           {
               "Sid": "ViewOwnUserInfo",
               "Effect": "Allow",
               "Action": [
                   "iam:GetUserPolicy",
                   "iam:ListGroupsForUser",
                   "iam:ListAttachedUserPolicies",
                   "iam:ListUserPolicies",
                   "iam:GetUser"
               ],
               "Resource": [
                   "arn:aws:iam::*:user/${aws:username}"
               ]
           },
           {
               "Sid": "NavigateInConsole",
               "Effect": "Allow",
               "Action": [
                   "iam:GetGroupPolicy",
                   "iam:GetPolicyVersion",
                   "iam:GetPolicy",
                   "iam:ListAttachedGroupPolicies",
                   "iam:ListGroupPolicies",
                   "iam:ListPolicyVersions",
                   "iam:ListPolicies",
                   "iam:ListUsers"
               ],
               "Resource": "*"
           }
       ]
   }