AWS IAM Policies
- Policy defines authorization.
- Policy is a JSON document
AWS IAM Policy Grammar
{
"Version" : ("2008-10-17" | "2012-10-17"),
"Id" : <policy_id_string>,
"Statement" : [
{
"Sid" : <sid_string>,
("Principal" | "NotPrincipal") : ("*" | <principal_map>),
"Effect" : ("Allow" | "Deny"),
("Action" | "NotAction") : ("*" | [<action_string>, <action_string>, ...]),
("Resource" | "NotResource") : ("*" | [<resource_string>, resource_string>, ..]),
"Condition" : { <condition_map> }
}
]
}
- Sample Policies Managed by AWS
# Administrator
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
# S3: Full access
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}
]
}
Like this:
Like Loading...