IAM Policies Contd
Activity 1: Lets create an IAM Policy for full access on s3
- Steps:
- Lets create an IAM Policy which gives full access to all the s3 actions
- Lets create a user with name of your choice and attach the created policy to the user
- Solution:
- Lets create the basic policy structure
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "",
"Action": "",
"Resource": ""
}
]
}
- Now we need to know the list of actions and resources (condition keys) for the AWS Services. For this Refer Here
- Since the above policy is about s3 Refer Here for the actions of s3
- Refer Here for the policy created in the class.
- Now lets try to create a custom iam policy
- Now lets create an IAM User with console access
- Now login as the qtdevops user in the different browser/incognito mode
- Lets try to access anything apart from s3 (ec2)
- Now lets access s3
- Lets create some bucket
Activity 2: Lets change the IAM Policy for full access on s3
- In the above activity we have create a full access for s3 bucket, now i want to add full access to ec2 as well
- Make changes in the json to do this
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": "*"
}
]
}
- Refer Here for the changes
- User qtdevops is already attached to same policy, so he should get ec2 access now.
Activity 3: Lets change the IAM Policy for full access on s3
- I want to change the policy in such a way that user attached to this policy should not be able to
- delete s3 buckets
- terminate ec2 instances.
