IAM Policy Reference
- Refer Here
-
Refer Here for specific structure
-
In IAM Policy, The JSON Elements to understand are
- Principal
- Action: What action do you want to give or deny permission
- Effect: Allow or Deny
-
Resource: This is the cloud resource on which you want to give permission
-
How do i know the resource ?
- Amazon gives a unique name to every resource created which is called as ARN (Amazon Resource Name). ARN’s have some patterns
- How do i know the actions?
- Refer Here for Actions, Conditions and resources for AWS Services
Activity 1 lets write our first policy to give permission on every thing
{
"Version": "2012-10-17",
"Id": "july25_activity1",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
Activity 2
- Give the user permission to view vpcs nothing else
{
"Version": "2012-10-17",
"Id": "july25_activity1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"internetmonitor:ListMonitors"
],
"Resource": "*"
}
]
}
- Exercise: Write an IAM policy which allows user to view all ec2 info and also start and stop existing instance but not create instance.
