Example RBAC roles

Last updated 6 months ago

Allow all

{
"version": "2017-05-05",
"statement": [
{
"effect": "allow",
"action": "*",
"resource": "*"
}
]
}

Allow UI login

{
"version": "2017-05-05",
"statement": [
{
"effect": "allow",
"action": "view:user.login",
"resource": "*"
}
]
}

Deny credentials

{
"version": "2017-05-05",
"statement": [
{
"effect": "allow",
"action": "*",
"resource": "*"
},
{
"effect": "deny",
"action": "*:credentials",
"resource": ["AKIAJ7Z8PGXEZTIJOL6IQ"]
}
]
}

Deny list stacks

{
"version": "2017-05-05",
"statement": [
{
"effect": "allow",
"action": "*",
"resource": "*"
},
{
"effect": "deny",
"action": "view:alm.stack",
"resource": "*"
}
]
}

Deny list stacks by resource

{
"version": "2017-05-05",
"statement": [
{
"effect": "allow",
"action": "*",
"resource": "*"
},
{
"effect": "deny",
"action": "view:alm.stack",
"resource": ["mo-590fdb7bad55s-tJZpgRCBs-tk", "mo-590fdb7bad55s-ugMgQQ1TE-tk"]
}
]
}

Deny deleting stacks by resource

{
"version": "2017-05-05",
"statement": [
{
"effect": "allow",
"action": "*",
"resource": "*"
},
{
"effect": "deny",
"action": "delete:alm.stack",
"resource": ["mo-590fdb7bad55s-tJZpgRCBs-tk"]
}
]
}