AWS Classroomnotes 18/Mar/2023

Writing IAM Policy

  • Refer Here for IAM Policy Grammar
  • Prinicipal: This represents user
  • Resource: This represents a resoruce (ARN)
  • action: This defines the activities that can be done on resource
  • effect: Allow or Deny
  • Condition: Execute the permission based on some condition

Activity1: Create a custom IAM Policy to Start and Stop EC2 instances

  • Lets create a json file
  • Version Refer Here
  • The minimal IAM Policy structure
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect" : "Allow",
            "Action": [],
            "Resource": []
        }
    ]
}
  • Generally to start and stop the ec2 instace it is implicit that user should be able to view/list instnaces
  • For Actions, resources, and condition keys for Amazon EC2 Refer Here
  • Refer Here for the changes done

Activity2: Create a custom IAM policy to perform any operation on EC2 but not terminate instances

Activity 3: Create a Custom IAM Policy to perform any operation on s3, rds and ec2 but stop users from terminating, stopping ec2 and rds instances and removing s3 buckets

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner