问题描述
我创建了一个策略并附加到IAM用户,以允许他使用标签“ department = dev”访问AWS中的所有ECR存储库。以下是json政策:
{
"Version": "2012-10-17","Statement": [
{
"Sid": "VisualEditor0","Effect": "Allow","Action": [
"ecr:DescribeImageScanFindings","ecr:GetLifecyclePolicyPreview","ecr:GetDownloadUrlForLayer","ecr:BatchGetimage","ecr:DescribeImages","ecr:GetAuthorizationToken","ecr:DescribeRepositories","ecr:ListTagsForResource","ecr:Listimages","ecr:BatchCheckLayerAvailability","ecr:GetRepositoryPolicy","ecr:GetLifecyclePolicy"
],"Resource": "*","Condition": {
"StringEquals": {
"ecr:ResourceTag/department": "dev"
}
}
}
]
}
如果删除指定资源标签的条件,则用户可以看到所有存储库。但是我需要用户只能看到部门为“开发”的存储库。 TIA。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)