Now lets focus on Actions
- Lets create an IAM Policy which gives access to the user on all s3 buckets and all actions
{
"Version": "2012-10-17",
"Id": "ce568c94-883b-4165-9aee-732fce32d081",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
]
}
]
}
- Create an IAM policy which gives access to all resources of aws apart from s3
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": "s3:*",
"Resource": "*"
}
]
}
- Create an IAM Policy to give access to specific s3 bucket (create one s3 bucket) & rest of everything denied
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": ["arn:aws:s3:::khajaiampolicytesting"]
},
{
"Effect": "Allow",
"Action": ["s3:Get*", "s3:List*"],
"Resource": "*"
}
]
}
- Create two policies s3 full access and deny s3 and assign both the policies to the same user
{
"Version": "2012-10-17",
"Id": "ce568c94-883b-4165-9aee-732fce32d081",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
]
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": "*"
}
]
}
- Assigning ALLOW and Deny simultaneously in the same user or user and group combination, Deny is always the winner
