AWS Classroomnotes 19/Aug/2022

JSON

  • Sample JSON
{
    "title": "Avengers End Game",
    "superheros": [ 
        "IronMan", 
        "Thor", 
        "Captain America", 
        "Hulk", 
        "SpiderMan",
        "Black Panther",
        "Wanda",
        "Vision",
        "Black Widow"
    ],
    "technical department" : {
            "directors": "Russo Brothers",
            "Production" : "Marvel"
    }
}
  • One more sample
{
    "course": "AWS",
    "topics": {
        "compute": {
            "Virtual Machines": "EC2",
            "Containers": "ECS",
            "Serverless": "Lambda",
            "K8s": "EKS",
            "Batch": "AWS Batch"
        },
        "storage" : {
            "disk": ["EBS", "Instance-store" ],
            "fileshare": "EFS",
            "blob": "S3",
            "Archive": "Glacier"

        }

    }
}
  • Try to write a JSON file which describes your schooling
{
    "nursery": {
        "schoolname": "",
        "location": "",
        "year": 
    },
    "primary": [
        {
            "schoolname": "",
            "standard": {
                "from": "LKG",
                "to": "V"
            }, 
            "location": ""
        }
    ],
    "highschool": [
        {
            "schoolname": "",
            "standard": {
                "from": "VI",
                "to": "X"
            }, 
            "location": ""
        }
    ]
}

AWS IAM Policy

  • AWS IAM policies are defined in a JSON with a structure defined by AWS which is referred as Grammar of IAM Policy Refer Here
policy  = {
     <version_block?>
     <id_block?>
     <statement_block>
}

<version_block> = "Version" : ("2008-10-17" | "2012-10-17")

<id_block> = "Id" : <policy_id_string>

<statement_block> = "Statement" : [ <statement>, <statement>, ... ]

<statement> = { 
    <sid_block?>,
    <principal_block?>,
    <effect_block>,
    <action_block>,
    <resource_block>,
    <condition_block?>
}

<sid_block> = "Sid" : <sid_string>

<effect_block> = "Effect" : ("Allow" | "Deny")  

<principal_block> = ("Principal" | "NotPrincipal") : ("*" | <principal_map>)

<principal_map> = { <principal_map_entry>, <principal_map_entry>, ... }

<principal_map_entry> = ("AWS" | "Federated" | "Service" | "CanonicalUser") :   
    [<principal_id_string>, <principal_id_string>, ...]

<action_block> = ("Action" | "NotAction") : 
    ("*" | [<action_string>, <action_string>, ...])

<resource_block> = ("Resource" | "NotResource") : 
    ("*" | [<resource_string>, <resource_string>, ...])

<condition_block> = "Condition" : { <condition_map> }
<condition_map> = { 
  <condition_type_string> : { <condition_key_string> : <condition_value_list> },
  <condition_type_string> : { <condition_key_string> : <condition_value_list> }, ...
}  
<condition_value_list> = [<condition_value>, <condition_value>, ...]
<condition_value> = ("string" | "number" | "Boolean")
  • To be effective with AWS IAM Custom policies, we should know the different
    • resources
    • actions provided by individual resources
  • Refer Here for the actions, resources and conditonal keys from aws

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner