Amazon Web Services Bootcamp
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Creating a policy version

The following command creates a new policy version for a specific customer-managed policy:

    aws iam create-policy-version ^
    --policy-arn "arn:aws:iam::123456789012:policy/AmazonS3FullAccess" ^
    --policy-document file://NewPolicyDocument.json ^
    --set-as-default

The following is the policy document used to create a policy version named NewPolicyDocument.json:

{ 
  "Version": "2012-10-17", 
  "Statement": [{ 
    "Effect": "Allow", 
    "Action": [ 
      "s3:*" 
    ], 
    "Resource": "arn:aws:s3:::my-bucket-2" 
  }] 
}

The following are the options, which can be used with create-policy-version:

Parameters

Optional

Description

--policy-arn

False

This is the customer-managed policy ARN to which a new version needs to be created

--policy-document

False

This is the policy JSON document, which contains AWS services and actions allowed on it

--set-as-default

or

--no-set-as-default

True

This specifies whether a new policy version is set as default
上一章目录下一章