AWS Classroom Series – 18/Nov/2020


  • User:
    • Person who wants to access AWS Resources Preview
    • Authentication to the user is given by creating a IAM user
  • Group
    • Logical grouping of users Preview
  • Role:
    • Permission given to one aws resource to access other aws resources
  • Policy:
    • Authorization i.e. what is allowed to access & what is denied is defined by IAM Policy
    • There are lot of built in IAM Policies and we can create custom IAM Policies Preview Preview

Other Terms

  • Principal: A principal is a person or application that can make a request for an action or operation on AWS Resource.
  • Request: When principal tries to access AWS resource, it sends a request with following information
    • Action or operations
    • Resources
    • Principal
    • Environment Data
    • Resource data


  • Lets give Administrator Access to Avengers and EC2 Readonly Access to Justice league Preview Preview Preview Preview
  • similarly give ec2 read only access for justice league Preview
  • Now lets login with one avenger user and start an ec2 instance Preview
  • Now lets login as a justice league user and stop and ec2 instance Preview
  • We were able to attach group level policies and restrict users
  • But if i want to custom access like
    • Give full permission on one ec2 instance and read permissions on other ec2 instances
    • Give full access to s3 bucket in one region and read only access in other regions
  • Then we need to understand how to create custom IAM Policies
  • Prereqs: Understanding JSON Refer Here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin