AWS Classroomnotes 31/Jul/2023

AWS IAM Policies contd

Scenario -1

  • You are asked to create a policy which will allow the user to do any thing in s3 bucket but not delete them
  • Policy
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        },
        {
            "Effect": "Deny",
            "Action": "s3:Delete*",
            "Resource": "*"

        }
    ]
}
  • As we have tested this works fine

Scenario – 2

  • You are asked to create a policy which will allow the user to only view the s3 bucket but full permissions are supposed to be given on one bucket
  • Create an s3 bucket qt.learning.khaja
  • The policy should allow full permissions only on the above bucket
  • In AWS Every resource created can be identified by unique Resource Name called as ARN (Amazon Resource Name)
  • ARN docs Refer Here
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*",
                "s3-object-lambda:Get*",
                "s3-object-lambda:List*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action" : "*",
            "Resource": [
                "arn:aws:s3:::qt.learning.khaja",
                "arn:aws:s3:::qt.learning.khaja/*"
                ]
        }
    ]
}

  • Exercise: Create a policy to read ec2 instances but permission to start and stop any one particular ec2

Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Wordpress Development Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube