AWS Classroom Series – 07/Mar/2020

AWS IAM Policies

  • Policy defines authorization.
  • Policy is a JSON document

AWS IAM Policy Grammar

{
    "Version" : ("2008-10-17" | "2012-10-17"),
    "Id" : <policy_id_string>,
    "Statement" : [ 
            { 
                "Sid" : <sid_string>,
                ("Principal" | "NotPrincipal") : ("*" | <principal_map>),
                "Effect" : ("Allow" | "Deny"),
                ("Action" | "NotAction") :  ("*" | [<action_string>, <action_string>, ...]),
                ("Resource" | "NotResource") : ("*" | [<resource_string>, resource_string>, ..]),
                "Condition" : { <condition_map> }
            }
        ]
}
  • Sample Policies Managed by AWS
# Administrator
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

# S3: Full access

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin