我检查了一个解决方案,以定义一个只接受两个IP地址中的一个作为源IP的策略"OR";源VPC(私有IP地址池(-PSB
根据定义;"与";在相同条件下的键之间(https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_multi-value-conditions.html)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": [
"11.11.11.11/32",
"22.22.22.22/32"
]
},
"Bool": {
"aws:ViaAWSService": "false"
},
"StringNotEquals": {
"aws:SourceVpc": [
"vpc-00222222222222"
]
}
}
}
]
}
感谢
您必须为OR重复您的语句。我知道这是代码复制;漂亮";,但它是这样做的(我不确定你想用你的Bool做什么(:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": [
"11.11.11.11/32",
"22.22.22.22/32"
]
},
"Bool": {
"aws:ViaAWSService": "false"
}
}
},
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"Bool": {
"aws:ViaAWSService": "false"
},
"StringNotEquals": {
"aws:SourceVpc": [
"vpc-00222222222222"
]
}
}
},
]
}