Customizing access to Amazon Neptune resources using IAM condition context keys
You can specify conditions in IAM policies that control access to Neptune management actions and resources. The policy statement then takes effect only when the conditions are true.
For example, you might want a policy statement to take effect only after a specific date, or allow access only when a specific value is present in the API request.
To express conditions, you use predefined condition keys in the Condition
element of a policy statement, together with IAM
condition policy operators such as equals or less than.
If you specify multiple Condition
elements in a statement, or
multiple keys in a single Condition
element, AWS evaluates them using
a logical AND
operation. If you specify multiple values for a single
condition key, AWS evaluates the condition using a logical OR
operation. All of the conditions must be met before the statement's permissions are
granted.
You can also use placeholder variables when you specify conditions. For example, you can grant an IAM user permission to access a resource only if it is tagged with their IAM user name. For more information, see IAM Policy Elements: Variables and Tags in the IAM User Guide.
The data type of a condition key determines which condition operators you can use to compare values in the request with the values in the policy statement. If you use a condition operator that is not compatible with that data type, the match always fails and the policy statement never applies.
IAM condition keys for Neptune administrative policy statements
Global condition keys – You can use most AWS global condition keys in Neptune administrative policy statements.
Service-specific condition keys – These are keys that are defined for specific AWS services. The ones that Neptune supports for administrative policy statements are listed in IAM condition keys for administering Amazon Neptune.
IAM condition keys for Neptune data-access policy statements
Global condition keys – The subset of these keys that Neptune supports in data-access policy statements is listed in AWS global condition context keys supported by Neptune in data-access policy statements.
Service-specific condition keys that Neptune defines for data-access policy statements are listed in Condition Keys.