Terms in IAM

• Principal: A principal is a person or application that makes a request for an action or operation on AWS resources.
• Request: Principal send a request to AWS & request includes the following information
  • Actions or operations
  • Resources
  • Prinicipal
  • Resource Data
  • Environmenta data

IAM Policy

• IAM Policy is a JSON file and it can also be created from visual editor.

• Lets look into couple of AWS Managed policies

• note: Creating ec2 Refer Here

• Generally all the IAM policies managed by AWS will be for all resources

• In your enterprise,

  • We might need to give resource specific access also

• Lets understand how to create custom IAM Policies

  • Prerequisites: JSON
  • AWS describes the structure to be used to create IAM Policy as IAM Policy Grammar Refer Here

• Sample Json policies

  • Admin:
  • EC2 Readonly

  {
      "Version": "2012-10-17",
      "Statement": [
          {
              "Effect": "Allow",
              "Action": "ec2:Describe*",
              "Resource": "*"
          },
          {
              "Effect": "Allow",
              "Action": "elasticloadbalancing:Describe*",
              "Resource": "*"
          },
          {
              "Effect": "Allow",
              "Action": [
                  "cloudwatch:ListMetrics",
                  "cloudwatch:GetMetricStatistics",
                  "cloudwatch:Describe*"
              ],
              "Resource": "*"
          },
          {
              "Effect": "Allow",
              "Action": "autoscaling:Describe*",
              "Resource": "*"
          }
      ]
  }