페이지

2022년 12월 11일 일요일

Iltimate AWS Certified(SAA-C03) IAM Policies

 IAM Policies Structure

- Consists of 

* Version: policy language version, always include "2012-10-17"

* Id: an identifier for the policy(optional)

* Statement: one or moere individual statements(required)


- Statements consists of

* Sid: an identifier for the statement(optional)

* Effect: whether the statement allows or denies a access(Allow, Deny)

* Principal:account|user|role to which this policy applied to

* Action: list of actios this policy allows or denies

* Resource: list of resources to which the actions applied to

* Condition: conditions for when this policy is in effect(optional)


{

    "Version" : "2012-10-17",

    "Id" : "S3-Account-Permissions",

    "Statement" : [

        {

            "Sid" : "1",

            "Effect" : "Allow",

            "Principal" : {

                "AWS" : [ "arn:aws:iam::123456789012:root"]

            },

            "Action" : [

                "s3:GetObject",

                "s3:PutObject"

            ],

            "Resource" : ["arn:aws:s3::myubucket|*"]

        }

    ]

}





skk

ss



작성자: 시간: 댓글 없음:

2022년 12월 10일 토요일

Iltimate AWS Certified(SAA-C03) IAM:Permissions

- Users or Groups can be assigned JSON documents called policies

- These policies define the permisssions of the users

- In AWS you apply the least privilege principle: don't give more permissions than a user needs


{

    "Version": "2012-10-17",

    "Statement" : [

        {

            "Effect" : "Allow",

            "Action" : "ec2:Describe*",

            "Resource" : "*"

        },

        {

            "Effect" : "Allow",

            "Action" : "elasticloadbalancing:describe*",

            "Resource" : "*"

        },

        {

            "Effect" : "Allow",

            "Action" : " [

                "cloudwatch:ListMetrics",

                "cloudwatch:GetMetricStatistics",

                "cloudwatch:Describe*"

            ],

            "Resource" : "*"

        }

    ]

}







작성자: 시간: 댓글 없음:

Iltimate AWS Certified(SAA-C03) IAM:Users & Groups

- IAM = Identity and Access Management, Global service

- Root account created b y default, shouldn't be used or shared

- Users are people within your organization, and can be grouped

- Groups only  contain users, not other groups

- Users don't have to belong to a group, and user can belong to multiple groups


작성자: 시간: 댓글 없음:
피드 구독하기: 글 (Atom)