Writing IAM Policy
- Refer Here for IAM Policy Grammar
- Prinicipal: This represents user
- Resource: This represents a resoruce (ARN)
- action: This defines the activities that can be done on resource
- effect: Allow or Deny
- Condition: Execute the permission based on some condition
Activity1: Create a custom IAM Policy to Start and Stop EC2 instances
- Lets create a json file
- Version Refer Here
- The minimal IAM Policy structure
{
"Version": "2012-10-17",
"Statement": [
{
"Effect" : "Allow",
"Action": [],
"Resource": []
}
]
}
- Generally to start and stop the ec2 instace it is implicit that user should be able to view/list instnaces
- For Actions, resources, and condition keys for Amazon EC2 Refer Here
- Refer Here for the changes done
Activity2: Create a custom IAM policy to perform any operation on EC2 but not terminate instances
- Refer Here for the changes done
Activity 3: Create a Custom IAM Policy to perform any operation on s3, rds and ec2 but stop users from terminating, stopping ec2 and rds instances and removing s3 buckets
- Refer Here for changeset
