生成“所有操作”AWS 策略存根?

生成“所有操作”AWS 策略存根?

众所周知,点击下拉框很烦人。我一直在尝试获取通用策略存根(包含所有内容而Actions不仅仅是全局变量的存根),以便我可以快速浏览并允许/拒绝我们的组策略。

我查看了 CLI 命令,但没有看到任何内容,我也查看了策略生成器,但它要么点击所有内容,要么*:*是坏的......

有没有办法生成完整的存根,或者网上有人生成了完整的策略存根供我使用?结果应该是这样的……

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1496337889000",
            "Effect": "Allow",
            "Action": [
                "discovery:CreateTags",
                "discovery:DeleteTags",
                "discovery:DescribeAgents",
                "discovery:DescribeConfigurations",
                "discovery:DescribeExportConfigurations",
                "discovery:DescribeTags",
                "discovery:ExportConfigurations",
                "discovery:ListConfigurations",
                "discovery:StartDataCollectionByAgentIds",
                "discovery:StopDataCollectionByAgentIds"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1496337865000",
            "Effect": "Allow",
            "Action": [
                "batch:CancelJob",
                "batch:CreateComputeEnvironment",
                "batch:CreateJobQueue",
                "batch:DeleteComputeEnvironment",
                "batch:DeleteJobQueue",
                "batch:DeregisterJobDefinition",
                "batch:DescribeComputeEnvironments",
                "batch:DescribeJobDefinitions",
                "batch:DescribeJobQueues",
                "batch:DescribeJobs",
                "batch:ListJobs",
                "batch:RegisterJobDefinition",
                "batch:SubmitJob",
                "batch:TerminateJob",
                "batch:UpdateComputeEnvironment",
                "batch:UpdateJobQueue"
            ],
            "Resource": [
                "*"
            ]
        },

        .... etc ....

    ]
}

答案1

就 IAM 而言,您必须记住,每个 API 操作都存在隐式拒绝。如果您希望用户/组具有访问权限,则需要明确允许该操作。

http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html

IAM 政策评估

答案2

虽然没有一份以编程方式提供的列表,列出所有政策的所有操作,但似乎有一个一站式站点,其中记录了所有服务的所有可用政策操作及其可用的条件键。每页一个服务,但所有链接都在这里:

用于 IAM 策略的 AWS 服务操作和条件上下文键

相关内容