IAM Policies

Breaking down a Policy:

https://start.jcolemorrison.com/aws-iam-policies-in-a-nutshell/

E.g.

Version: just use "Version": "2012-10-17"

Statement: the meat of the Policy

 

The Statement contains:

Effect: Allow or Deny

Principal: Who

Notes:

  • if we’re attaching Policies to IAM users, groups or roles then Principal┬áisn’t needed as the policy assumes the user, group or role is the Principal
  • differences between attaching a policy to an IAM user vs a resource (e.g. S3 or EC2):
    • if it’s with the user, we check the policy and are done
    • if it’s with the resource then we need to have a Principal to make sure who’s allowed this resource

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *