允许用户查看他们自己的权限
该示例说明了您如何创建策略,以允许用户查看附加到其用户身份的内联和托管式策略。此策略包括在控制台上完成此操作或者以编程方式使用 Amazon CLI 或 Amazon API 所需的权限。
{ "Version":"2012-10-17", "Statement":[ { "Sid":"ViewOwnUserInfo", "Effect":"Allow", "Action":[ "iam:GetUser", "iam:GetUserPolicy", "iam:ListAttachedUserPolicies", "iam:ListGroupsForUser", "iam:ListUserPolicies" ], "Resource":[ "arn:aws:iam:::user/${aws:username}" ] }, { "Sid":"NavigateInConsole", "Effect":"Allow", "Action":[ "iam:GetGroupPolicy", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:ListAttachedGroupPolicies", "iam:ListGroupPolicies", "iam:ListGroups", "iam:ListPolicies", "iam:ListPolicyVersions", "iam:ListUsers" ], "Resource":"" } ] }