AWS Classroom Series – 21/Nov/2020

Not in IAM Policy

  • In IAM Policy we Have
    • Not Action:
      • All actions apart from mentioned ones in Not Action
    • Not Resource
      • All Resources apart from mentioned ones in Not Resources
    • Refer Here for not action example

Conditions in IAM Policy

  • Give Access to all resources which belong to dev environment to the user
  • All the resources in dev environment will have a tag environment with value dev
  • Refer Here for condition operators
  • Refer Here for sample policy
  • Create a policy in IAM which gives access to the user to all ec2 resources in oregon region and no access in other regions
  • Refer Here for solution
  • Write an IAM Policy which gives access to the user to all vpcs apart from one specific vpc
  • Refer Here for solution
  • Give AWS Administrator access to user at user policy level and give deny s3 access policy at group level
    "Version": "2012-10-17",
    "Statement": [
            "Effect" : "Deny",
            "Action": "s3:*",
            "Resource": "*"


  • Integrate your existing Active Directory Federation Service with AWS IAM
  • Refer Here for official docs
  • Refer Here for blog article
  • Refer Here for Active Directory fundamental videos on youtube.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin