IAM Policies

Length: 00:25:18

Lesson Summary:

IAM policies are used extensivly throughout AWS products and services. Being able to understand and create secure IAM policies that are flexible and provide the minimum rights required for a task is essential. As a security engineer you will be solely responsible for creating and evaluating policies and so in this lesson I discuss their architecture in addition to some advanced functionality.

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_dynamodb_columns.html https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html

Example Policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": ["s3:ListBucket"],
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::la-homefolders"],
      "Condition": {"StringLike": {"s3:prefix": ["${aws:username}/*"]}}
    },
    {
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::la-homefolders/${aws:username}/*"]
    }
  ]
}


This lesson is only available to Linux Academy members.

Sign Up To View This Lesson
Or Log In

Looking For Team Training?

Learn More