kerlant
Reputation: 23
AWS IAM policy restriction based on Tags not giving me any access
So I followed this AWS tutorial and created this IAM policy that should give access to any dynamodb action that has these keys. But as you can see in the image attached, it tells me I do not have any permission. Also it does happen to other services, so not only dynamodb, and also I tried to hardcode the 'access-project' tag in the policy as done with the 'access-environment as you can see.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllActionsSameProjectEnvironment",
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/access-project": "${aws:PrincipalTag/access-project}",
"aws:ResourceTag/access-environment": "pre"
},
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"access-project",
"access-environment",
"Name",
"OwnedBy"
]
},
"StringEqualsIfExists": {
"aws:RequestTag/access-project": "${aws:PrincipalTag/access-project}",
"aws:RequestTag/access-environment": "pre"
}
}
}
]
}
Any idea why is this happening? Thanks!
Upvotes: 1
Views: 530
Answers (1)
Related Questions
- EC2 IAM Policy not working with ResourceTag
- IAM Policy isn't allowing EC2 access
- IAM policy and aws:RequestTag behaves differently as (to what I) expected
- AWS - Granting access to all resources with specific tags
- Use tags inside IAM policy resource
- IAM Policy with `aws:ResourceTag` not supported
- IAM policy to restrict EC2 access based on tag
- IAM Policy using Condition ec2:ResourceTag not working
- IAM, apply policy only to tagged instances
- Error in IAM custom policy to restrict a user on the basis of tag