-
AWS SSM Parameter Store IAM Policy for restricting by Path and Tag
I wanted to restrict access to some parameters based on the path and tag. Say, I have a key:/production/Param1=Value1with a tag:Application1=One I was expecting a policy like this: { “Version”: “2012-10-17”, “Statement”: [ { “Sid”: “VisualEditor0”, “Effect”: “Allow”, “Action”: [ “ssm:GetParameterHistory”, “ssm:ListTagsForResource”, “ssm:GetParametersByPath”, “ssm:GetParameters”, “ssm:GetParameter” ], “Resource”: “arn:aws:ssm:::parameter/production/*”, “Condition”: { “StringEquals”: { “ssm:resourceTag/Application1”: “One” }…