AWS Classroom Series – 07/Mar/2020

AWS IAM Policies

  • Policy defines authorization.
  • Policy is a JSON document

AWS IAM Policy Grammar

{
    "Version" : ("2008-10-17" | "2012-10-17"),
    "Id" : <policy_id_string>,
    "Statement" : [ 
            { 
                "Sid" : <sid_string>,
                ("Principal" | "NotPrincipal") : ("*" | <principal_map>),
                "Effect" : ("Allow" | "Deny"),
                ("Action" | "NotAction") :  ("*" | [<action_string>, <action_string>, ...]),
                ("Resource" | "NotResource") : ("*" | [<resource_string>, resource_string>, ..]),
                "Condition" : { <condition_map> }
            }
        ]
}
  • Sample Policies Managed by AWS
# Administrator
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

# S3: Full access

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Widget by Acurax Small Business Website Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube