AWS Classroom Series – 18/Nov/2020

AWS IAM Terms

  • User:
    • Person who wants to access AWS Resources Preview
    • Authentication to the user is given by creating a IAM user
  • Group
    • Logical grouping of users Preview
  • Role:
    • Permission given to one aws resource to access other aws resources
  • Policy:
    • Authorization i.e. what is allowed to access & what is denied is defined by IAM Policy
    • There are lot of built in IAM Policies and we can create custom IAM Policies Preview Preview

Other Terms

  • Principal: A principal is a person or application that can make a request for an action or operation on AWS Resource.
  • Request: When principal tries to access AWS resource, it sends a request with following information
    • Action or operations
    • Resources
    • Principal
    • Environment Data
    • Resource data

Scenario:

  • Lets give Administrator Access to Avengers and EC2 Readonly Access to Justice league Preview Preview Preview Preview
  • similarly give ec2 read only access for justice league Preview
  • Now lets login with one avenger user and start an ec2 instance Preview
  • Now lets login as a justice league user and stop and ec2 instance Preview
  • We were able to attach group level policies and restrict users
  • But if i want to custom access like
    • Give full permission on one ec2 instance and read permissions on other ec2 instances
    • Give full access to s3 bucket in one region and read only access in other regions
  • Then we need to understand how to create custom IAM Policies
  • Prereqs: Understanding JSON Refer Here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Widget by Acurax Small Business Website Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube