AWS IAM
watch recording and do below activity:
- create user in aws and provide console access
- attached managed job policy (admin)
- login console
- change password after login
- create Accesskey & scret key
- install aws cli
login to aws cli

AWS IAM Policy:
core concepts:
- Prinicipal:
- IAM user
- IAM groups
- IAM manage identity (sso, saml…etc )
- Applications
- Resource:
- AWS resources (s3, ec2, eks,ecs …etc)
- arn (amazon resource name ) uniqe
- arn:aws:s3:::aws-qt-demo
- arn:aws:s3:::*
- Action:
- provide permissions to resource
- getobject, putobject …etc (read,create, wirte and delete)
- Effect:
wirte policy in json
Key Elements:
- version : 2012-10-17
- statement : list of permissions
- sid: uniq permission id for policy inside
- resource, action and effect
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CrossAccountRead",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNT-B-ID:role/LambdaExecutionRole"
},
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::my-secure-bucket",
"arn:aws:s3:::my-secure-bucket/*"
]
}
]
}