IAM Condition Keys Implemented in Eucalyptus

Follow

Eucalyptus Versions: 3.3.0 and Greater

Eucalyptus IAM Condition Keys Implemented in Eucalyptus

This article covers the IAM condition keys supported and implemented in Eucalyptus.  Just as in AWS IAM [1], the Condition element in Eucalyptus IAM lets users specify conditions for when a policy takes effect.  Out of the available keys for conditions defined by AWS, Eucalyptus supports the following:

Examples to use these conditions are as follows: 

aws:CurrentTime

{
  "Statement": [
    {
      "Sid": "Stmt1390773200371",
      "Action": "iam:*",
      "Effect": "Allow",
      "Resource": "arn:aws:iam::961915002812:user/*",
      "Condition": {
        "DateLessThan": {
          "aws:CurrentTime": "2014-06-30T00:00:00Z"
        }
      }
    }
  ]
}

aws:SourceIp

{
  "Statement": [
    {
      "Sid": "Stmt1390773615817",
      "Action": "iam:*",
      "Effect": "Allow",
      "Resource": "arn:aws:iam::961915002812:user/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "203.0.113.0/24"
        }
      }
    }
  ]
}

Just as in AWS, these policies can be generated using the AWS Policy Generator [2].  For additional information regarding IAM policy elements, please refer to the AWS IAM Policy Elements Reference section [3] in the AWS IAM User's Guide.

References 

[1] AWS IAM Policy Element Reference - Condition
[2] AWS Policy Generator
[3] AWS IAM Policy Element Reference

Have more questions? Submit a request

Comments

Powered by Zendesk