When You want to Provide access to Amazon Web Services Console or if you're planning to provide REST API Keys to your Developers of a Third Party Person, Using Providing access to Root Account Console or API Keys is not advisable since they basically will have full level access. Instead, we can rely on IAM(Identity and Access Management). Require any support regarding AWS IAM Roles and Policies then contact development services to know more
Policies play a VITAL Role. It is Authorization Part of IAM User. AWS Provides a set of its own policies which restricts or provide access to the User. Most of those Policies are either full Access on Service or Read only Permissions on Service. None of those restrict a User to have access only to specific sections of the service.(Like only specific Buckets in S3 or few Instances in EC2). Here we can Use Custom Policies. Now we are going to see an example on restricting a user to only a specific Bucket in S3.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::dinesh_my_bucket", "arn:aws:s3:::dinesh_my_bucket/*" ] }, { "Effect": "Allow", "Action": "s3:ListAllMyBuckets", "Resource": "arn:aws:s3:::*" } ] }
Now Validate and click on save.
Here First Part of JSON gives full access permissions on bucket "micropyramid" to users under the policy, Second Part where it says List all Buckets gives access over Console view of S3 to the user.
Now you can assign users this policy, or generate a Role with Custom Permissions and assign that role to the User
For more on S3 Policies click here
Micropyramid is a software development and cloud consulting partner for enterprise businesses across the world. We work on python, Django, Salesforce, Angular, Reactjs, React Native, MySQL, PostgreSQL, Docker, Linux, Ansible, git, amazon web services. We are Amazon and salesforce consulting partner with 5 years of cloud architect experience. We develop e-commerce, retail, banking, machine learning, CMS, CRM web and mobile applications.
Django-CRM :Customer relationship management based on Django
Django-blog-it : django blog with complete customization and ready to use with one click installer Edit
Django-webpacker : A django compressor tool
Django-MFA : Multi Factor Authentication
Docker-box : Web Interface to manage full blown docker containers and images
More...