AWS Classroomnotes 18/Mar/2023

Writing IAM Policy

Refer Here for IAM Policy Grammar
Prinicipal: This represents user
Resource: This represents a resoruce (ARN)
action: This defines the activities that can be done on resource
effect: Allow or Deny
Condition: Execute the permission based on some condition

Activity1: Create a custom IAM Policy to Start and Stop EC2 instances

Lets create a json file
Version Refer Here
The minimal IAM Policy structure

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect" : "Allow",
            "Action": [],
            "Resource": []
        }
    ]
}

Generally to start and stop the ec2 instace it is implicit that user should be able to view/list instnaces
For Actions, resources, and condition keys for Amazon EC2 Refer Here
Refer Here for the changes done

Activity2: Create a custom IAM policy to perform any operation on EC2 but not terminate instances

Refer Here for the changes done

Activity 3: Create a Custom IAM Policy to perform any operation on s3, rds and ec2 but stop users from terminating, stopping ec2 and rds instances and removing s3 buckets

Refer Here for changeset

AWS Classroomnotes 18/Mar/2023

Writing IAM Policy

Activity1: Create a custom IAM Policy to Start and Stop EC2 instances

Activity2: Create a custom IAM policy to perform any operation on EC2 but not terminate instances

Activity 3: Create a Custom IAM Policy to perform any operation on s3, rds and ec2 but stop users from terminating, stopping ec2 and rds instances and removing s3 buckets

Like this: