takenoko-str/create_iam_policy.json

## create_iam_policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Deny",
            "Action": "elasticloadbalancing:*",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "elasticloadbalancing:ResourceTag/environment": "production"
                }
            }
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Deny",
            "Action": "ec2:*",
            "Resource": "*",
            "Condition": {
                "StringEqualsIfExists": {
                    "ec2:ResourceTag/environment": "production"
                }
            }
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Deny",
            "Action": "rds:*",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:ResourceTag/environment": "production"
                }
            }
        }
    ]
}

## gistfile1.txt
よく分かる説明 | grep "${aws:PrincipalTag/team}"
https://www.infoq.com/jp/news/2019/03/iam-tags-attribute-based-access/
練習問題 | grep ${aws:PrincipalTag/project}
https://www.slideshare.net/AmazonWebServices/become-an-iam-policy-master-in-60-minutes-or-less-sec316r1-aws-reinvent-2018pdf
S3応用問題 | grep ${aws:username}
https://aws.amazon.com/jp/premiumsupport/knowledge-center/iam-s3-user-specific-folder/
その他よくある質問集 | grep IAM
https://aws.amazon.com/jp/premiumsupport/knowledge-center/
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "VisualEditor0",
	"Effect": "Deny",
	"Action": "elasticloadbalancing:*",
	"Resource": "*",
	"Condition": {
	"StringEquals": {
	"elasticloadbalancing:ResourceTag/environment": "production"
	}
	}
	},
	{
	"Sid": "VisualEditor1",
	"Effect": "Deny",
	"Action": "ec2:*",
	"Resource": "*",
	"Condition": {
	"StringEqualsIfExists": {
	"ec2:ResourceTag/environment": "production"
	}
	}
	},
	{
	"Sid": "VisualEditor2",
	"Effect": "Deny",
	"Action": "rds:*",
	"Resource": "*",
	"Condition": {
	"StringEquals": {
	"aws:ResourceTag/environment": "production"
	}
	}
	}
	]
	}
	よく分かる説明 \| grep "${aws:PrincipalTag/team}"
	https://www.infoq.com/jp/news/2019/03/iam-tags-attribute-based-access/
	練習問題 \| grep ${aws:PrincipalTag/project}
	https://www.slideshare.net/AmazonWebServices/become-an-iam-policy-master-in-60-minutes-or-less-sec316r1-aws-reinvent-2018pdf
	S3応用問題 \| grep ${aws:username}
	https://aws.amazon.com/jp/premiumsupport/knowledge-center/iam-s3-user-specific-folder/
	その他よくある質問集 \| grep IAM
	https://aws.amazon.com/jp/premiumsupport/knowledge-center/