当我在Cloudtrail中查看请求上下文"时,看到列出的记录内容此处.
When I look at a 'Request Context' in Cloudtrail, I see record contents listed here.
请求上下文"记录内容和条件键之间是否存在映射? 还是说在请求上下文"中存在一个条件不是强制性的,而是与该条件相对应的条件键可能仍然可用(AWS魔术),可以在策略中使用该键来评估此请求,这是正确的吗?在所有请求上下文中都可以使用使用前缀aws:的AWS范围内的密钥吗?
Is there a mapping between the 'Request Context' record contents and the Condition keys? Or is it correct to say that it is not mandatory for a condition to be present in the 'Request Context' but a Condition Key corresponding to the condition may still be available (AWS magic) to be used in a policy to evaluate this request? Are AWS‐wide keys that use prefix aws: available in all Request Contexts?
当我在策略中使用条件键时,如何确定条件键出现在请求上下文中? 当然,我可以添加"ifexists"子句来检查条件键的可用性,但这是全部捕获"机制.如何确定在检查策略中的条件时不需要使用"Ifexists"子句?
When I use a Condition Key in a policy, how can I be sure that the Condition key is present in the Request Context? Of course, I can add an "ifexists" clause to check for the availability of a Condition key but that is a 'catch all' mechanism. How can I be certain that I need not use "Ifexists" clause when checking a Condition in a policy?
我也在此处发布了一个不同但相关的问题.
I have posted a different but related question here as well.
推荐答案我认为您正在混淆CT日志事件数据的内容:
I think you are confusing content of CT log event data:
- CloudTrail记录内容
具有CloudTrial的IAM条件密钥:
with IAM condition keys for CloudTrial:
- AWS CloudTrail的条件键
还可以使用检查策略密钥是否存在.IfExists 或空检查.
如果您在策略条件中指定的键不存在于请求上下文中,则这些值不匹配.
If the key that you specify in a policy condition is not present in the request context, the values do not match.
第一个包含有关CT试用中API调用的信息,第二个包含IAM策略中用于授予条件权限的信息.
The first one contains information about API calls in your CT trial, while the second is used in IAM policies to grant conditional permissions.
更多推荐
要使用AWS条件键,是否必须在请求上下文中包含它们?
发布评论