IAM Policies Structure
- Consists of
* Version: policy language version, always include "2012-10-17"
* Id: an identifier for the policy(optional)
* Statement: one or moere individual statements(required)
- Statements consists of
* Sid: an identifier for the statement(optional)
* Effect: whether the statement allows or denies a access(Allow, Deny)
* Principal:account|user|role to which this policy applied to
* Action: list of actios this policy allows or denies
* Resource: list of resources to which the actions applied to
* Condition: conditions for when this policy is in effect(optional)
{
"Version" : "2012-10-17",
"Id" : "S3-Account-Permissions",
"Statement" : [
{
"Sid" : "1",
"Effect" : "Allow",
"Principal" : {
"AWS" : [ "arn:aws:iam::123456789012:root"]
},
"Action" : [
"s3:GetObject",
"s3:PutObject"
],
"Resource" : ["arn:aws:s3::myubucket|*"]
}
]
}
skk
ss
