Amazon AWS IAM Roles and Policies

When You want to Provide access to Amazon Web Services Console or if you're planning to provide REST API Keys to your Developers of a Third Party Person, Using Providing access to Root Account Console or API Keys is not advisable since they basically will have full level access. Instead we can rely on IAM(Identity and Access Management).

Creating a IAM User :

  1. Login to your root account and then Click on your User name on the Top Right Corner. Select Security Credentials.
  2. Click on Users Option on Left Hand Menu of the Dash Board Page. see here to see the Dashboard
  3. Click on Create User button
  4. Enter the Usernames of accounts to be generate and click on Create.
  5.  you will be offered to Download the REST API keys.
  6. Download it or save them, Note that REST API Keys are only generated only once. If Lost you may have to reset API Keys again.

Generating Password For the User:

  1. Select The user in Users Page and click on User Actions and select Manage Password.
  2. You will be offered Two options
    • Automatic Password with Change on Login checkbox.
    • Custom Password.
  3. After Setting Password, Click on Apply.

Policies:

Policies play an VITAL Role. It is Authorization Part of IAM User. AWS Provides a set of its own policies which restricts or provide access to the User. Most of those Policies are either full Access on Service or Read only Permissions on  Service. None of those restrict a User to have access only on specific sections of the service.(Like only specific Buckets in S3 or few Instances in EC2). Here we can Use Custom Policies. Now we are going to see a example on restricting a user to only a specific Bucket in S3.

Steps to Create a Custom Policy:

  1. Select policies in DashBoard Menu
  2. CLick on Create Policy
  3. select type of Policy. here you can select either copy from amazon policies and customize them(Copy an AWS Managed Policy) or create your policy from Amazon options(using Policy Generator) or create a fully custom Policy(Create Your Own Policy).
  4. Select Create Your Own Policy and copy paste this JSON.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::dinesh_my_bucket",
                "arn:aws:s3:::dinesh_my_bucket/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "arn:aws:s3:::*"
        }
    ]
}

Now Validate and click on save.

Here First Part of JSON gives full access permissions on bucket "micropyramid" to users under policy, Second Part where it says List all Buckets gives access over Console view of S3 to the user.

Now you can assign users this policy, or  generate a Role with Custom Permissions and assign that role to the User

For more on S3 Policies click here

    By Posted On
SENIOR DEVELOPER at MICROPYRAMID

Latest Comments
Related Articles
CORS with Amazon S3 and CloudFront Ashwin Kumar

We struggle to load fonts from CloudFront because of CORS.

CORS - Cross Origin Resource Sharing is a security measure to block macious scripts or ...

Continue Reading...
Creating Elastic Search Cluster (EC2, cloud-aws Plugin) Jagadeesh V

While handling Large amounts of data with elasticsearch, you may run out of server capacity or compute power, Forming a Elasticsearch cluster will reduce the ...

Continue Reading...
How to access EC2 instance even if pem file is lost Dinesh Deshmukh

Accessing the EC2 instance even if you loose the pem file is rather easy.

1. First, create a new instance by creating new access ...

Continue Reading...

Subscribe To our news letter

Subscribe to our news letter to receive latest blog posts into your inbox. Please fill your email address in the below form.
*We don't provide your email contact details to any third parties