Terms in IAM
- Principal: A principal is a person or application that makes a request for an action or operation on AWS resources.
- Request: Principal send a request to AWS & request includes the following information
- Actions or operations
- Resources
- Prinicipal
- Resource Data
- Environmenta data
IAM Policy
-
IAM Policy is a JSON file and it can also be created from visual editor.
-
Lets look into couple of AWS Managed policies
-
note: Creating ec2 Refer Here
-
Generally all the IAM policies managed by AWS will be for all resources
-
In your enterprise,
- We might need to give resource specific access also
-
Lets understand how to create custom IAM Policies
- Prerequisites: JSON
- AWS describes the structure to be used to create IAM Policy as IAM Policy Grammar Refer Here
-
Sample Json policies
- Admin:
- EC2 Readonly
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": "elasticloadbalancing:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics", "cloudwatch:Describe*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "autoscaling:Describe*", "Resource": "*" } ] }