AWS Data Pipeline:拒绝用户访问他人创建的 DataPipeline 管道 - AWS Identity and Access Management

AWS Data Pipeline:拒绝用户访问他人创建的 DataPipeline 管道

此示例说明如何创建 IAM 策略以拒绝对用户未创建的管道的访问。如果 PipelineCreator 字段的值与 IAM 用户名匹配,则指定的操作不会被拒绝。此策略授予的权限仅适用于有计划地通过 AWS API 或 AWS CLI 完成这些操作。

重要

该策略不允许进行任何操作。可将此策略与允许特定操作的其他策略结合使用。

{ "Version": "2012-10-17", "Statement": [ { "Sid": "ExplicitDenyIfNotTheOwner", "Effect": "Deny", "Action": [ "datapipeline:ActivatePipeline", "datapipeline:AddTags", "datapipeline:DeactivatePipeline", "datapipeline:DeletePipeline", "datapipeline:DescribeObjects", "datapipeline:EvaluateExpression", "datapipeline:GetPipelineDefinition", "datapipeline:PollForTask", "datapipeline:PutPipelineDefinition", "datapipeline:QueryObjects", "datapipeline:RemoveTags", "datapipeline:ReportTaskProgress", "datapipeline:ReportTaskRunnerHeartbeat", "datapipeline:SetStatus", "datapipeline:SetTaskStatus", "datapipeline:ValidatePipelineDefinition" ], "Resource": ["*"], "Condition": { "StringNotEquals": {"datapipeline:PipelineCreator": "${aws:userid}"} } } ] }