0

我们使用服务帐户,我希望仅在以 . 开头的用户帐户上运行此策略svc_

下面的代码将作用于访问密钥大于 90 的所有用户帐户。

policies:
  - name: iam-user-access-keys-older-than-90days
    description: |
      Retrieve all IAM user accounts whom have active access keys that are 
      older than 90days
    resource: iam-user
    filters:
      - type: access-key
        key: Status
        value: Active
      - type: access-key
        match-operator: and
        key: CreateDate
        value: 90
        op: greater-than
        value_type: age
4

1 回答 1

0

谢谢你。我为服务帐户创建了一个单独的策略,并遵循了您使用类型、值和键的建议。

- name: iam-user-service-access-keys-older-than-90days
  description: |
    Retrieve all IAM user service accounts whom have active access 
    keys that are older than 90days
  resource: iam-user
  filters:
    - type: access-key
      key: Status
      value: Active
    - type: access-key
      match-operator: and
      key: CreateDate
      value: 90
      op: greater-than
      value_type: age
    - type: access-key
      match-operator: and
      key: <enter key name here>
      value: Active
      op: equa
于 2020-09-18T18:20:12.170 回答