AWS Classroom Series – 14/Apr/2021

AWS IAM Policies and Permissions

  • A policy is an object in AWS when associated wiht an identity or resource defines their permissions.
  • Policies are stored in AWS as JSON documents
  • AWS has different types of policies
    • Identity based policies:
      • These policies are attached to IAM identities (users, groups or roles)
      • These policies grant permissions to an indentity
    • Resource based policies
      • These policies are attached to resources.
      • Examples: S3 bucket policy and IAM role trust policy
    • Permission boundaries:
      • This policy defines the maximum permissions that the identity based policies can grant to an entity
    • Organization SCP:
      • AWS Organization Service Control Policy is used to define the maximum permissions for account members of organization or Organization Unit (OU)
    • Access Control lists (ACL):
      • ACLs are used to control which principals in other accounts can acess the resource to which the ACL is attached
    • Session Policies

Identity based policies

  • This is a json document that control what actions an identity can perform.
  • Identity policies can be further categorized as
    • Managed Policies: Can be used to attach to multiple users, groups or roles in your AWS account
      • AWS Managed policies
      • Customer Managed policies
    • Inline policies: Policies that we add directly to a single user/group/role. Inline policies maintain strict one-to-one relationship

Terminology

  • aws account root user:
    • This is user who created aws account and will have complete access to all AWS services and resources in the account. This identity is called as AWS account root user
  • IAM user: This is entity we create in AWS. The IAM user represents the person or service who used the IAM user to interact with AWS. Preview

Managed Policies

  • Screenshot of aws managed and customer managed policies Preview
  • Lets view any aws managed policy Preview Preview
  • To learn about json and yaml file formats Refer Here
  • Creating IAM Policies:
    • using the AWS Console and UI policy builder (Not a recommended practice) Preview Preview Preview Preview Preview Preview
    • The best approach is build the json file using IAM policy grammar Refer Here
  • IAM Policy is the following written in json format
    • version block:
      • This is optional
    • id block
      • This is also optional
    • statement block
      • This required

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Widget by Acurax Small Business Website Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube