Jump to content
Sign in to follow this  
soujanya

AWS - custom deny message

Recommended Posts

Sometime AWS policies evaluate to an authorization deny message, however, our employees don't always understand the reason why. In that cases, displaying a custom message would help a lot.
For example, I have a policy for technical support users which AWS Technical gives them the ability to attach policies to other users, except policies that allow the users to act on EC2 production instances. What I want to do is to display a message like "Assigning permissions to operate upon EC2 instances is not allowed, please contact XXX if you need to do that anyway".

Is that possible?

Edited by soujanya

Share this post


Link to post
Share on other sites

AWS doesn't allow you to perform or push custom messages at IAM level. If a user has access to any of the services then he will be authorised to enter otherwise user cannot enter and a message will be thrown which is built in. There are some limitations with this. Even we had same kind of issues with lambda and other Systems manager. The only thing that you can do is to educate them in those scenarios.

Let me know if you need any help. 🙂

~Krishna

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×