AWS Classroom Series – 02/Aug/2020

IAM Policy Conditions

  • Refer Here for conditions
  • Refer Here for actions, resources and conditions table
  • Refer Condition operators from here
  • Lets create an IAM Policy for a user to have access only on mumbai region
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "account:EnableRegion",
                "account:DisableRegion"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals" : {
                    "account:TargetRegion": "ap-south-1"
                }
            }
        }
    ]
}
  • Conditions will always have a link to actions
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ec2:*instance*",
            "Resource": "*",
            "Condition": {
                "StringEquals" : {
                    "ec2:InstanceType": "t2.micro"
                }
            }
        }

    ]
}

  • Always test your policies with IAM Policy simulator Refer Here
  • In the IAM Policy, we can specify Resource and Not Resource where we mention access to specific resources using ARNs.

Enabling Multifactor Authentication in AWS

Preview Preview Preview

Identity Providers and Federation

  • If your organization already manages identities outside AWS, we can use IAM identity providers instead of creating IAM users.
  • You can create IAM identity provider and establish a trust relationship with AWS account.
  • AWS supports Identity Providers compatible with
  • Other important use case is connecting existing Active Directory/LDAP users/groups into AWS Preview

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin