1

我正在尝试设置 SQS 访问策略,组织中的每个人都希望我无法访问 SQS。以下是我要设置的政策

 "Statement": 
   {
        "Sid": "DenyEveryone",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "SQS:*",
        "Resource": "arn:aws:sqs:us-east-1:{accountnumber}:name-of-sqs",
        "Condition": {
            "StringNotEquals": {
            "aws:arn": "arn:aws:sts::{accountnumber}:assumed-role/{Developer_AWS_Role}/{my_employee_id}"
            }
        }
    }

当我尝试这样做时,出现以下错误

Failed to save changes to the policy document. Reason: com.amazonaws.services.sqs.model.AmazonSQSException: 
Value aws:arn for parameter Condition is invalid. 
Reason: Conditions must be from Global context key list 
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html. 
(Service: AmazonSQS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: {request_id})

有谁知道为什么我不能这样做?谢谢

4

0 回答 0