Is it possible to restrict who can deregister an AMI via IAM? The criteria I want to use is a tag attached to the image resource. The Tag is "ReleaseStage" and the values are "Beta", "RC" and "GA"... IAM users that are in the Developer group should not be allowed to deregister a "GA" tagged AMI.
Is this possible and if so what kind of IAM policy document would I need to achieve this?
Aucun commentaire:
Enregistrer un commentaire