セスキーに紐づくIAMユーザにアタッチ • 拒否アクションが列挙された IAMポリシー { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1538161409", "Effect": "Deny", "Action": [ "iam:UpdateUser", "iam:AttachUserPolicy", "lightsail:GetInstanceAccessDetails", "organizations:InviteAccountToOrganization", "iam:AttachRolePolicy", "ec2:StartInstances", "lightsail:Delete*", "iam:CreateInstanceProfile", "iam:UpdateAccessKey", "iam:PutUserPolicy", "iam:DeleteUserPolicy", "iam:AttachGroupPolicy", "lambda:CreateFunction", "iam:CreateLoginProfile", "lightsail:Start*", "iam:CreateUser", "ec2:RunInstances", "lightsail:Create*", "lightsail:Update*", "iam:PutUserPermissionsBoundary", "iam:ChangePassword", "iam:DetachUserPolicy", "organizations:CreateAccount", "iam:PutGroupPolicy", "organizations:CreateOrganization", "iam:UpdateAccountPasswordPolicy", "iam:CreateAccessKey", "iam:CreateRole", "lightsail:DownloadDefaultKeyPair", "ec2:RequestSpotInstances" ], "Resource": [ "*" ] } ] }