AWS Classroom Series – 10/Mar/2020

Rules

  • If you have same action for which there is allow and there is also deny
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": [
                "s3:*"
            ],
            "Not Resource": ["arn:aws:s3:::khajalearning.com","arn:aws:s3:::khajalearning.com/*"] 
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": ["arn:aws:s3:::khajalearning.com","arn:aws:s3:::khajalearning.com/*"] 
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*"
            ],
            "Resource": "*"
        },
		{
			"Effect": "Allow",
			"Action": ["ec2:StartInstances", "ec2:StopInstances"],
			"Resource": "arn:aws:ec2:us-west-2:798279872530:instance/i-0483025fca106795c"
		}
    ]
}

Conditions in IAM Policies

  • Always refer actions section to understand which conditions can be use.
  • To write condition syntax refer here

Cross-Account IAM Policies

Groups

  • Logically grouping users and assigning policy to group so that it applies to mulitple suers

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin