AWS Classroom Series – 31/Jul/2020

Now lets focus on Actions

  • Lets create an IAM Policy which gives access to the user on all s3 buckets and all actions
{
    "Version": "2012-10-17",
    "Id": "ce568c94-883b-4165-9aee-732fce32d081",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ]
        }
    ]

}
  • Create an IAM policy which gives access to all resources of aws apart from s3
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "NotAction": "s3:*",
            "Resource": "*"
        }

    ]
}

Preview Preview

  • Create an IAM Policy to give access to specific s3 bucket (create one s3 bucket) & rest of everything denied
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": ["arn:aws:s3:::khajaiampolicytesting"]
        },
        {
            "Effect": "Allow",
            "Action": ["s3:Get*", "s3:List*"],
            "Resource": "*"

        }
    ]
}
  • Create two policies s3 full access and deny s3 and assign both the policies to the same user
{
    "Version": "2012-10-17",
    "Id": "ce568c94-883b-4165-9aee-732fce32d081",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ]
        }
    ]

}
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "s3:*",
            "Resource": "*"
        }

    ]
}
  • Assigning ALLOW and Deny simultaneously in the same user or user and group combination, Deny is always the winner Preview

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin