MultiCloud Classroom notes 05/Mar/2025

Json

• Syntax of name value

"<name>": <value>

• simple forms:
  • text
  • number
  • boolean
• Text

'course': 'Multicloud'
"course": "Multicloud"

• Number

'version': 16.1
'age': 18

• boolean

"enabled": true
"enabled": false

• Complex types
• array or list
• map or object
• Array:

"colors": ["black", "white"]

• Map/Object:

"AWS": {
    "company": "Amazon",
    "year": 2015,
    "services": [ "ec2", "s3" ]
}

• Resume in Json

{
    "name": "xyz",
    "objective": "..............",
    "work-experience": [
        {
            "company": "abc",
            "start": "10-2022",
            "end": "03-2025",
            "projects": {
                "xyz-infoystems": {

                }
            }
        }
    ]
}

• Generally when we use json for tools we need to follow schema by the provider.

IAM Policy Grammar

• Refer Here for structure
• Policy

{
     <version_block?>
     <id_block?>
     <statement_block>
}

• <version_block?>

"Version" : ("2008-10-17" | "2012-10-17")

• <id_block?>

"Id" : <policy_id_string>

• <statement_block>

{ 
    <sid_block?>,
    <principal_block?>,
    <effect_block>,
    <action_block>,
    <resource_block>,
    <condition_block?>
}

<sid_block> = "Sid" : <sid_string>

<effect_block> = "Effect" : ("Allow" | "Deny")  

<principal_block> = ("Principal" | "NotPrincipal") : ("*" | <principal_map>)

<principal_map> = { <principal_map_entry>, <principal_map_entry>, ... }

<principal_map_entry> = ("AWS" | "Federated" | "Service" | "CanonicalUser") :   
    [<principal_id_string>, <principal_id_string>, ...]

<action_block> = ("Action" | "NotAction") : 
    ("*" | [<action_string>, <action_string>, ...])

<resource_block> = ("Resource" | "NotResource") : 
    : ("*" | <resource_string> | [<resource_string>, <resource_string>, ...])

<condition_block> = "Condition" : { <condition_map> }
<condition_map> = { 
  <condition_type_string> : { <condition_key_string> : <condition_value_list> },
  <condition_type_string> : { <condition_key_string> : <condition_value_list> }, ...
}  
<condition_value_list> = [<condition_value>, <condition_value>, ...]
<condition_value> = (<condition_value_string> | <condition_value_string> | <condition_value_string>)

Semantics (meaning)

• Version
• Id
• Statement

Bare minimum policy

{
    "Version": "2012-10-17",
    "Id" : "myfirstpolicy",
    "Statement": [
        {
            "Effect" : "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

To write effective policies

• We need to understand/list of all actions, resources and conditions for every aws service. Refer Here for the list published by AWS

Activity 1:

• Purpose: Create a policy which gives user readonly access to ec2 and permission to start and stop ec2 instances
• ARN Format
• EC2 actions, conditions and resources
• First Version

{
    "Version": "2012-10-17",
    "Id" : "activity1_march2025",
    "Statement": [
        {
            "Effect" : "Allow",
            "Action": ["ec2:Describe*", "ec2:Get*", "ec2:List*"],
            "Resource": "*"
        }
    ]
}

• Now to test lets attach this policy to captain
• After testing this is our working version

{
    "Version": "2012-10-17",
    "Id": "activity1_march2025",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*",
                "ec2:Get*",
                "ec2:List*",
                "ec2:StartInstances",
                "ec2:StopInstances"

            ],
            "Resource": "*"
        }
    ]
}

• Exercise: Write a policy to give readonly permission on s3 and ec2 and also permission to create and delete buckets in s3