IAM
- User
- Group
- Policy: There are aws managed policies, These policies are very generic but not specific
- They cover service level permissions
Policies covering service level permissions
- I have a user1 to whom i want to give full permissions on s3,ec2 and readonly permission on rds
What Policy is
- Policy is a Json Document which has the following structure Refer Here
- Principal: Refers to entity to which you are giving access
- Resource:
- Actions
- Effect: Allow or deny
- Every resource created in Amazon has an unique ARN (Amazon Resource Name)
- Refer Here for actions, resources and conditions tables
Conflict between user and group
- If there is conflict between allow or deny, deny always wins
- If a particular resource or particular action is not mentioned in the policy, then it means it doesnot have access
- To give specific access then we need to know arn
- For additional conditions we need to deal with conditions block
Exercise:
- Try all the checks i have done in the class
- Try a json tutorial
