AWS Classroom Series – 14/Apr/2021

AWS IAM Policies and Permissions

  • A policy is an object in AWS when associated wiht an identity or resource defines their permissions.
  • Policies are stored in AWS as JSON documents
  • AWS has different types of policies
    • Identity based policies:
      • These policies are attached to IAM identities (users, groups or roles)
      • These policies grant permissions to an indentity
    • Resource based policies
      • These policies are attached to resources.
      • Examples: S3 bucket policy and IAM role trust policy
    • Permission boundaries:
      • This policy defines the maximum permissions that the identity based policies can grant to an entity
    • Organization SCP:
      • AWS Organization Service Control Policy is used to define the maximum permissions for account members of organization or Organization Unit (OU)
    • Access Control lists (ACL):
      • ACLs are used to control which principals in other accounts can acess the resource to which the ACL is attached
    • Session Policies

Identity based policies

  • This is a json document that control what actions an identity can perform.
  • Identity policies can be further categorized as
    • Managed Policies: Can be used to attach to multiple users, groups or roles in your AWS account
      • AWS Managed policies
      • Customer Managed policies
    • Inline policies: Policies that we add directly to a single user/group/role. Inline policies maintain strict one-to-one relationship

Terminology

  • aws account root user:
    • This is user who created aws account and will have complete access to all AWS services and resources in the account. This identity is called as AWS account root user
  • IAM user: This is entity we create in AWS. The IAM user represents the person or service who used the IAM user to interact with AWS. Preview

Managed Policies

  • Screenshot of aws managed and customer managed policies Preview
  • Lets view any aws managed policy Preview Preview
  • To learn about json and yaml file formats Refer Here
  • Creating IAM Policies:
    • using the AWS Console and UI policy builder (Not a recommended practice) Preview Preview Preview Preview Preview Preview
    • The best approach is build the json file using IAM policy grammar Refer Here
  • IAM Policy is the following written in json format
    • version block:
      • This is optional
    • id block
      • This is also optional
    • statement block
      • This required

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin