Aws IAM Policy for S3 Bucket to put/get/list/delete

{
"Version": "2012-10-17",
"Id": "Policy1470210411143",
"Statement": [
{
"Sid": "Stmt123432456644",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678903:user/amaresh"
},
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::iam.sample.bucket",
"arn:aws:s3:::iam.sample.bucket/*"
]
}
]
}
No comments:

Policy to restrict S3 bucket access to specific IP addresses

http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

http://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html


{
"Id": "Policy1470283588127",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt12345674345788",
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::iam.sample.bucket",
"arn:aws:s3:::iam.sample.bucket/*"
],
"Condition": {
"NotIpAddress": {
"aws:SourceIp": "183.82.101.68/27"
}
},
"Principal": "*"
}
]
}


No comments:

Aws IAM Policy for user to start/stop Ec2 instance


http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.html


{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt14435321355",
"Action": [
"ec2:DescribeInstances"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:StopInstances",
"ec2:StartInstances"
],
"Resource": [
"arn:aws:ec2:us-east-1:1234567890:instance/i-1234567890abcder"
]
f
]
}
Action::
The action is the specific API action for which you are granting or denying permission
http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Operations.html
ec2:DescribeInstances -> allows user to view only instances
ec2:Describe* -> allows user to view all resources
No comments:
Subscribe to: Posts (Atom)