MultiCloud Classroom notes 02/July/2026

AWS IAM

watch recording and do below activity:

  • create user in aws and provide console access
  • attached managed job policy (admin)
  • login console
  • change password after login
  • create Accesskey & scret key
  • install aws cli

login to aws cli

login aws cli

AWS IAM Policy:

core concepts:

  1. Prinicipal:
  • IAM user
  • IAM groups
  • IAM manage identity (sso, saml…etc )
  • Applications
  1. Resource:
    • AWS resources (s3, ec2, eks,ecs …etc)
    • arn (amazon resource name ) uniqe
    • arn:aws:s3:::aws-qt-demo
    • arn:aws:s3:::*
  2. Action:
    • provide permissions to resource
    • getobject, putobject …etc (read,create, wirte and delete)
  3. Effect:
    • Allow
    • deny

wirte policy in json

Key Elements:

  • version : 2012-10-17
  • statement : list of permissions
  • sid: uniq permission id for policy inside
  • resource, action and effect
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "CrossAccountRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::ACCOUNT-B-ID:role/LambdaExecutionRole"
            },
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::my-secure-bucket",
                "arn:aws:s3:::my-secure-bucket/*"
            ]
        }
    ]
}

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Integration by Acurax Social Media Branding Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube