AWS Classroom Series – 07/Mar/2020

AWS IAM Policies

  • Policy defines authorization.
  • Policy is a JSON document

AWS IAM Policy Grammar

{
    "Version" : ("2008-10-17" | "2012-10-17"),
    "Id" : <policy_id_string>,
    "Statement" : [ 
            { 
                "Sid" : <sid_string>,
                ("Principal" | "NotPrincipal") : ("*" | <principal_map>),
                "Effect" : ("Allow" | "Deny"),
                ("Action" | "NotAction") :  ("*" | [<action_string>, <action_string>, ...]),
                ("Resource" | "NotResource") : ("*" | [<resource_string>, resource_string>, ..]),
                "Condition" : { <condition_map> }
            }
        ]
}
  • Sample Policies Managed by AWS
# Administrator
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

# S3: Full access

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Responsive Web Designing Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Exit mobile version
%%footer%%