Reputation: 41
IAM Policy restricted to load balancer
I spent the last 2 hours trying to create a policy that would give all the permissions to an user for a specific load balancer.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "elasticloadbalancing:*",
"Resource": "arn:aws:elasticloadbalancing:eu-west-1:123456789012:loadbalancer/core"
}
]
}
I checked '123456789012' multiple times to be the correct. I took the 'Account Id' attribute from here.
I checked 'core' multiple times and even tried to replace it with '*' but it didn't work.
I also double checked the region to make sure it's the correct one.
On the other hand, if I replace the whole ARN with '*', it works but I don't want this, I want it to be specific to a load balancer.
Thanks, Gabriel
Upvotes: 1
Views: 2918
Answers (1)
Reputation: 41
the name was correct, the problem was about how AWS works. You have to let the user describe the resource before giving him permissions. Here is a policy that works:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:*"
],
"Resource": "arn:aws:elasticloadbalancing:eu-west-1:123456789012:loadbalancer/core"
}
]
}
Thanks
Upvotes: 2
Related Questions
- AWS IAM EC2 policy limited to originating instance
- IAM Policy isn't allowing EC2 access
- AWS service control policy for network access control list
- AWS IAM policy issue
- IAM- Switch role for AWS access and policies limit
- IAM policy variables
- AWS IAM policy issues
- What is Wrong With My AWS Policy?
- Simplest possible IAM Policy is Denied. Why?
- IAM policy not working