secretsmanager:ResourceTag/environment 不适用于 *(star)
secretsmanager:ResourceTag/environment doesn't work with *(star)
我正在尝试缩小对具有 "environment" 密钥的机密的访问范围。但它不允许我这样做。当使用像 "secretsmanager:ResourceTag/environment": "development" 这样的特定环境名称时,它会起作用。但是通配符值不起作用。
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetRandomPassword",
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds",
"secretsmanager:ListSecrets"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"secretsmanager:ResourceTag/environment": "*"
}
}
}
StringEquals 进行区分大小写的精确匹配。请尝试 StringLike,例如:
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetRandomPassword",
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds",
"secretsmanager:ListSecrets"
],
"Resource": "*",
"Condition": {
"StringLike": {
"secretsmanager:ResourceTag/environment": "*"
}
}
}
我正在尝试缩小对具有 "environment" 密钥的机密的访问范围。但它不允许我这样做。当使用像 "secretsmanager:ResourceTag/environment": "development" 这样的特定环境名称时,它会起作用。但是通配符值不起作用。
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetRandomPassword",
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds",
"secretsmanager:ListSecrets"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"secretsmanager:ResourceTag/environment": "*"
}
}
}
StringEquals 进行区分大小写的精确匹配。请尝试 StringLike,例如:
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetRandomPassword",
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds",
"secretsmanager:ListSecrets"
],
"Resource": "*",
"Condition": {
"StringLike": {
"secretsmanager:ResourceTag/environment": "*"
}
}
}