Control Access to Amazon SWF Domains Using IAM Tags - Amazon Simple Workflow Service

Control Access to Amazon SWF Domains Using IAM Tags

You can control access to Amazon Simple Workflow Service domains by referencing tags associated with Amazon SWF domains in IAM. For instance, you could restrict Amazon SWF domains that include a tag with the key environment and the value production:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": "swf:*", "Resource": "arn:aws:swf:*:123456789012:/domain/*", "Condition": { "StringEquals": {"aws:ResourceTag/environment": "production"} } } ] }

This policy will Deny the access to any domain that has been tagged as environment/production.

For more information, see: