Restricting Access to the Snow Role Policy - Amazon Snowball Edge Developer Guide
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Restricting Access to the Snow Role Policy

You can restrict access to the selected role based on the customer account number and source arn.

  1. In the navigation pane of the IAM console, choose Roles. The console displays the roles for your account.

  2. Choose the name of the role that you want to modify, and select the Trust relationships tab on the details page.

  3. Choose Edit trust relationships. Update the trust policy to one of the following:

    To restrict access by customer account number:

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "importexport.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition":{ "StringEquals":{ "aws:SourceAccount":"111122223333" } } } ] }

    To restrict access by source arn:

    { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": "importexport.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws-cn:snowball:REGION:555555555555:RESOURCE_ID" } } }] }

    To restrict access by both customer account number and source arn:

    { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": "importexport.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "111122223333" }, "ArnLike": { "aws:SourceArn": "arn:aws-cn:snowball:REGION:111122223333:RESOURCE_ID" } } }] }