💡💡💡 10 IAM Policies to simplify your AWS journey — Part 1💡💡💡
✅ There are many AWS services that work; one such powerful service is AWS IAM. One aspect of IAM is policies that enforce your access by evaluating the AWS request and the policies you defined and returning either a yes or no answer.
1️⃣ Allow access to only specific services(EC2 and S3)
✅ Problem: You have been given a task where in your organization, users can only access these two services, EC2 and S3. The rest of the services are denied by default.
✅ Solution: You can achieve this using a Service Control Policy(SCP) and deny all service control policies.
✅GitHub Link: https://github.com/100daysofdevops/100daysofdevops/blob/master/iam_policies/1-1-allow-access-to-EC2-S3.json
2️⃣ Restrict IAM users to specific regions(us-west-2 and us-west-1)
✅ Problem: You learned from your business team that your customer base is on US west coast and the only approved region. Now your task is to create the policy that your users can only create resources in the approved region, which is us-west-2(Oregon) and us-west-1(North California)
✅ Solution: You can achieve this using a Service Control Policy(SCP) and use condition aws:RequestedRegion. This will work for most of the services that are region specific, except global services like IAM.
✅GitHub Link: https://github.com/100daysofdevops/100daysofdevops/blob/master/iam_policies/2-1-allow-access-to-approved-regions.json
3️⃣ User can only create a certain instance type t2.micro
✅ Problem: You want to save cost in the Dev environment and only want the user to create an instance of a specific type
✅ Solution: You can achieve this using a Service Control Policy(SCP) and using condition ec2:InstanceType
✅GitHub Link: https://github.com/100daysofdevops/100daysofdevops/blob/master/iam_policies/3-1-create-only-specific-type-instance.json
4️⃣ Give user access to Specific EC2 instance
✅ Problem: Sometimes, you have a requirement you want to give the user access to a specific EC2 instance.
✅ Solution: You can achieve this with the help of the AWS Permission policy
✅GitHub Link: https://github.com/100daysofdevops/100daysofdevops/blob/master/iam_policies/4-1-allowed-access-to-specific-ec2-instance.json
5️⃣ You want to limit the user to escalate its privileges
✅ Problem: You want to delegate a user IAM Admin permission, but at the same time, you don’t want the user to escalate its privileges. Users should create IAM users or roles but cannot exceed their permission.
✅ Solution: This can be achieved with the help of permission boundaries
📖 To view the complete course https://lnkd.in/gjeGAPd2
➡️ You can contact me via https://lnkd.in/dePjvNDw
#aws #awscloud #awscertified #awscommunity #awsdevops Amazon Web Services (AWS)#awscertification #awstraining #awssolutionsarchitect #awsblog #iam
