Control permissions based on access identity (PrincipalTrn)--IAM-Volcengine

Docs

IAM

Policy Example

Control permissions based on access identity (PrincipalTrn)

Scenario: Restrict access to the NAT gateway only through the IAM role sso-admin.
Policy example:

{ 
  "Statement": [ 
    { 
      "Effect": "Allow", 
      "Action": [ 
        "natgateway:*" 
      ], 
      "Resource": [ 
        "*" 
      ], 
      "Condition":{ 
          "StringEquals":{ 
                  "volc:PrincipalTrn":"trn:iam::20000123**:role/sso-admin" 
          } 
      } 
    } 
  ] 
}

For details of the condition key, please refer to the Condition Use Instructions

Last updated: 2025.06.23 19:21:31