'Restrict AWS Batch TerminateJob action to only to user who created it

Let's imagine a scenario where there are multiple teams with apps using AWS batch in same aws account.

Say TeamA and TeamB.

Teams use AWS SDKs to have a dashboard to manage their jobs.

I need to restrict TeamA from submitting,terminating jobs created by TeamB and vice-versa.

I'm able to restrict actions that rely on job definitions or job queue, by having teams use a prefix while creating the resources they own and having a policy with prefix before a wildcard

But TerminateJob relies on a jobid which is dynamic. How do restrict them from terminating someother teams jobs?

I'm looking for a resource level policy or condition keys that can restrict access. Looked around a lot not finding anything that explains how to do this.

Any advice is much appreciated.

Thanks

amazon-iamaws-batch


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function