AWS Classroomnotes 11/Apr/2022

IAM Policy Conditions

Activity6: Try to write a policy which will allow user to do anything on ec2 if the region is mumbai and read permissions on other regions

  • As the basic policy is ec2 readonly we can get the defintion from ec2 readonly
  • Now we need to verify if the region is mumbai (ap-south-1)
  • IAM Policy has a conditonal block Refer Here
  • For the conditional operators Refer Here
  • Refer Here for the global conditional keys
  • Refer Here

Activity7: Try to create an IAM Policy which allows the user to start or stop ec2 instances if the availability zone is ap-south-1a and ec2 read permission irrespective of regions

Exercise: Give the permission to user to Create, start, stop ec2 instances if the instance-type is t2.micro and read only permission for the rest of ec2 instances

  • Create a policy json for this.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner