amazon web services - AWS IAM applicable policies and attached entities -


after asking this question did digging , found couple of policies with:

{   "effect":"allow",   "action":"*",   "resource":"*" }

in them.

reading through policies evaluation logic page again second step stands out me:

  1. evaluate applicable policies.

the first part of question is: how aws determine policies applicable? understanding done looking @ principle and/or resource keys.

but: in iam these policies have attached entities understanding same principles. gets second part of question: what attached entity policy? far understand tell aws policy applicable role, not understand how works "resource":"*" in policy.

so:

  1. how aws determine policies applicable?
  2. what attached entity policy?
  3. makes "resource":"*" policy applicable?

1> while making request (either using access keys or console), passing username/role name. let's accessing api using iam user. so, aws check policy attached user, policy attached iam group (if any). also, checks if there resource based policy e.g. s3 bucket policy, sns topic policy determined resource in request.

2> policy nothing if don't attach iam entity or resources (for resource based policy). attached entity (i think referring iam entities) used decide principal , in turns tells check permission (whether iam user, check iam group membership etc.).

3> resource:* means policy gives permission aws resources. policy have mentioned translate: allow ("effect":"allow") every action ("action":"") on every resources ("resource":"").

hope helps..


Comments

Post a Comment

Popular posts from this blog

python Tkinter Capturing keyboard events save as one single string -

is possible store keyboard events 1 string? code below stores 1 char , prints it. card reader or bar code reader, contains collection of character/ string not 1 character @ time. goal save char pressed text variable. from tkinter import * root = tk() def key(event): text= event.char text+= event.char print ("pressed", text) def callback(event): frame.focus_set() print ("clicked at", event.x, event.y) frame = frame(root, width=100, height=100) frame.bind("<key>", key) frame.bind("<button-1>", callback) frame.pack() root.mainloop() currently, creating text variable , everytime key() function gets called, , text stores last character typed. you can define text module level variable , , use module level text inside key function - text = '' def key(event): global text text+= event.char print("pressed", text)
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m
Read more

javascript - Z-index in d3.js -

i have map , when hover effect on region of map below yellow line , circle, last ones disappear. how can solve problem? http://jsfiddle.net/ot21n9qx/ var arc = g.append("path") .style("fill", "none") .style("stroke", "yellow") .style("stroke-width", 2) .attr("d", "m" + pathorigin[0] + "," + pathorigin[1] + " q" + svgpoint[0] + "," + pathorigin[1] + " " + svgpoint[0] + "," + svgpoint[1]); var circlesize = d3.scale.linear() .domain([0, 0.5, 1]) .range([4, 10, 4]); svg not have z order draws objects in order created. need create path , circle after create highlight regions. here forked fiddle: http://jsfiddle.net/o00fzgaf/1/
Read more