问题描述
我们使用服务帐户,我希望仅对以svc_开头的用户帐户执行此政策。
policies:
- name: iam-user-access-keys-older-than-90days
description: |
Retrieve all IAM user accounts whom have active access keys that are
older than 90days
resource: iam-user
filters:
- type: access-key
key: Status
value: Active
- type: access-key
match-operator: and
key: CreateDate
value: 90
op: greater-than
value_type: age
解决方法
谢谢。我为服务帐户创建了一个单独的策略,并按照您的建议使用类型,值和密钥。
- name: iam-user-service-access-keys-older-than-90days
description: |
Retrieve all IAM user service accounts whom have active access
keys that are older than 90days
resource: iam-user
filters:
- type: access-key
key: Status
value: Active
- type: access-key
match-operator: and
key: CreateDate
value: 90
op: greater-than
value_type: age
- type: access-key
match-operator: and
key: <enter key name here>
value: Active
op: equa