I'm looking to create an IAM policy that allows access only during certain times of the day or specific days of the week or month. I've seen `aws:CurrentTime` being used, but it seems like the condition expressions only support basic operations like greater than or less than. Is there a way to implement a cron-style policy for AWS IAM?
4 Answers
Thanks for all the insightful responses!
Unfortunately, that's not straightforward in AWS. Our setup uses an on-call rotation synchronized with groups. When someone new goes on-call, automation adds them to a group and removes the previous on-call person. The group has permissions to assume specific roles. If you're not working with humans, you could modify roles and trust policies, adding and removing permissions based on the time needs.
If you're looking to allow access between certain dates, you can definitely set up a policy for that. For example, you can use a condition like 'DateGreaterThan' and 'DateLessThan' in your IAM policy. However, if you want to restrict access during specific hours, automation will be necessary.
You might need some automation to refresh your policy regularly. Fortunately, the replication lag for these policies is pretty short, so you can set things up fairly quickly.

Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures