IAM Policy
Activity 4 Create an IAM Policy to do any thing in ec2 but not delete ec2 instances or vpcs.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect" : "Allow",
"Action": ["ec2:*", "elasticloadbalancing:*", "autoscaling:*"],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": ["ec2:DeleteVpc", "ec2:TerminateInstances"],
"Resource" : "*"
}
]
}
Activity 5:
- Description: Give full access to the user to do any thing in ec2 when the region is
us-east-1 and full s3 permissions every where
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*"
],
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"aws:RequestedRegion": [
"us-east-1"
]
}
}
},
{
"Action": "s3:*",
"Resource": "*",
"Effect": "Allow"
}
]
}
Exercises
- Create an IAM Policy fo the following
- to start, stop ec2 instances and read everything
- to terminate ec2 instances if they belong to
us-east-1 (seperate statement)
Activity 6
- Give access to any thing in AWS as long as there is a tag with Name
project and value learning
- Need to understand further about attribute based access control (ABAC)
Like this:
Like Loading...
