AWS Classroom Series – 31/Jul/2020

Now lets focus on Actions

  • Lets create an IAM Policy which gives access to the user on all s3 buckets and all actions
{
    "Version": "2012-10-17",
    "Id": "ce568c94-883b-4165-9aee-732fce32d081",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ]
        }
    ]

}
  • Create an IAM policy which gives access to all resources of aws apart from s3
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "NotAction": "s3:*",
            "Resource": "*"
        }

    ]
}

Preview Preview

  • Create an IAM Policy to give access to specific s3 bucket (create one s3 bucket) & rest of everything denied
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": ["arn:aws:s3:::khajaiampolicytesting"]
        },
        {
            "Effect": "Allow",
            "Action": ["s3:Get*", "s3:List*"],
            "Resource": "*"

        }
    ]
}
  • Create two policies s3 full access and deny s3 and assign both the policies to the same user
{
    "Version": "2012-10-17",
    "Id": "ce568c94-883b-4165-9aee-732fce32d081",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ]
        }
    ]

}
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "s3:*",
            "Resource": "*"
        }

    ]
}
  • Assigning ALLOW and Deny simultaneously in the same user or user and group combination, Deny is always the winner Preview

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Widget by Acurax Small Business Website Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube