无法将 AWS 策略应用于组,只能应用于用户
Cannot apply AWS policy to group, only to user
我正在尝试在 CloudSearch 域上设置权限。
此政策有效:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::55555555:user/SearchUser"
},
"Action": "cloudsearch:*"
}
]
}
这不是:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::55555555:group/SearchGroup"
},
"Action": "cloudsearch:*"
}
]
}
唯一的区别是 user/SearchUser 与 group/SearchGroup
当我尝试应用后者时,它只是给我一个错误:
Error setting policy: [{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::55555555:group/SearchGroup"},"Action":"cloudsearch:*"}]}]
关于为什么该策略适用于用户而不适用于组的任何想法?
不支持群组。
Specifying a Principal
You specify a principal using the Amazon Resource Name (ARN) of the AWS account, IAM user, IAM role, federated user, or assumed-role user. You cannot specify IAM groups as principals.
http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Principal