Amazon AWS IAM Roles and Policies

Creating an IAM User:

  1. Login to your root account and then Click on your Username on the Top Right Corner. Select Security Credentials.
  2. Click on Users Option on Left Hand Menu of the Dash Board Page. see here to see the Dashboard
  3. Click on Create User button
  4. Enter the Usernames of accounts to generate and click on Create.
  5. you will be offered to Download the REST API keys.
  6. Download it or save them, Note that REST API Keys are only generated only once. If Lost you may have to reset API Keys again.

Generating Password For the User:

  1. Select The user in Users Page and click on User Actions and select Manage Password.
  2. You will be offered Two options
  • Automatic Password with Change on Login checkbox.
  • Custom Password.

Policies:

Policies play a VITAL Role. It is Authorization Part of IAM User. AWS Provides a set of its own policies which restricts or provide access to the User. Most of those Policies are either full Access on Service or Read only Permissions on Service. None of those restrict a User to have access only to specific sections of the service.(Like only specific Buckets in S3 or few Instances in EC2). Here we can Use Custom Policies. Now we are going to see an example on restricting a user to only a specific Bucket in S3.

  1. Select policies in DashBoard Menu
  2. Click on Create Policy
  3. select type of Policy. here you can select either copy from amazon policies and customize them(Copy an AWS Managed Policy) or create your policy from Amazon options(using Policy Generator) or create a fully custom Policy(Create Your Own Policy).
  4. Select Create Your Own Policy and copy paste this JSON.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::dinesh_my_bucket",
"arn:aws:s3:::dinesh_my_bucket/*"
]
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
}
]
}

The article was originally published at MicroPyramid blog.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
MicroPyramid

MicroPyramid

999 Followers

Python, Django, Android and IOS, reactjs, react-native, AWS, Salesforce consulting & development company