Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Amazon Data Pipeline: Denies access to
DataPipeline pipelines that a user did not create
This example shows how you might create an identity-based policy that denies access to pipelines that a user did not create. If the value
of the PipelineCreator field matches the IAM user name, then the specified
actions are not denied. This policy grants the permissions necessary to complete this action programmatically from the Amazon API or Amazon CLI.
This policy does not allow any actions. Use this policy in combination with other policies
that allow specific actions.
- JSON
-
-
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ExplicitDenyIfNotTheOwner",
"Effect": "Deny",
"Action": [
"datapipeline:ActivatePipeline",
"datapipeline:AddTags",
"datapipeline:DeactivatePipeline",
"datapipeline:DeletePipeline",
"datapipeline:DescribeObjects",
"datapipeline:EvaluateExpression",
"datapipeline:GetPipelineDefinition",
"datapipeline:PollForTask",
"datapipeline:PutPipelineDefinition",
"datapipeline:QueryObjects",
"datapipeline:RemoveTags",
"datapipeline:ReportTaskProgress",
"datapipeline:ReportTaskRunnerHeartbeat",
"datapipeline:SetStatus",
"datapipeline:SetTaskStatus",
"datapipeline:ValidatePipelineDefinition"
],
"Resource": ["*"],
"Condition": {
"StringNotEquals": {"datapipeline:PipelineCreator": "${aws:userid}"}
}
}
]
}