![]() ![]() You can create and attach multiple identity-based policies to your IAM principals, and you can reuse them across your AWS accounts. In this blog, I only give examples for identity-based policies that attach to IAM principals to grant permissions to an identity. In AWS, there are different types of policies that are used for different reasons. These identities start with no permissions and you add permissions using a policy. In AWS, an IAM principal can be a user, role, or group. This blog post will focus on demonstrating how you can use IAM policies to grant restrictive permissions to IAM principals to meet least privilege standards. There are a number of ways to grant access to different types of resources, as some resources support both resource-based policies and IAM policies. For example, if you have an Amazon Elastic Compute Cloud (Amazon EC2) instance that needs to access an Amazon Simple Storage Service (Amazon S3) bucket to get configuration data, you should only allow read access to the specific S3 bucket that contains the relevant data. Least privilege is also one of many Amazon Web Services (AWS) Well-Architected best practices that can help you build securely in the cloud. Least privilege is a principle of granting only the permissions required to complete a task. If you’re not familiar with IAM policy structure, I highly recommend you read understanding how IAM works and policies and permissions. In this post, I’m going to share two techniques I’ve used to write least privilege AWS Identity and Access Management (IAM) policies. December 4, 2020: We’ve updated this post to use s3:CreateBucket to simplify the intro example, replaced figure 8 removing the IfExists reference, and clarified qualifier information in the example.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |