By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

discrepancies between the policies applied in the AWS CLI and the AWS Management Console

0

My IAM user has role admin. I created secret in secret manager to test resource-based policy. In that policy, I simply deny update and delete the secret for user admin, myself. In secret manger console, I see that I can update the secret without any issue, I currently do not test the delete but I think the result is same. Then I issued cli command and saw that I was denied, which mean policy is successful. I only have identity-based policy and resource-based policy, no permission boundary or something like that. What is the reason for that discrepancy ?

Topics
Security, Identity, & Compliance
Tags
AWS Secrets Manager
Language
English
Thanh
asked a month ago75 views
1 Answer
1
Accepted Answer

Sometimes, there might be a slight delay in policy propagation and enforcement, especially in the console where the user interface might cache certain permissions or states.

Check AWS CloudTrail logs for denied actions to confirm that the policy is being evaluated as expected. CloudTrail provides detailed logs of API calls made to AWS services.

profile picture
EXPERT
Oleksii Bebych
answered a month ago
profile picture
EXPERT
Adeleke Adebowale J
reviewed a month ago
profile picture
EXPERT
Gary Mclean
reviewed a month ago

Relevant content