{"id":27602,"date":"2017-05-22T21:27:49","date_gmt":"2017-05-22T19:27:49","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=27602"},"modified":"2017-05-22T21:27:49","modified_gmt":"2017-05-22T19:27:49","slug":"aws-iam-policies-in-a-nutshell","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2017\/05\/22\/aws-iam-policies-in-a-nutshell\/","title":{"rendered":"AWS IAM Policies in a Nutshell"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p><a href=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/05\/aws-aim.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"27603\" data-permalink=\"https:\/\/mamchenkov.net\/wordpress\/2017\/05\/22\/aws-iam-policies-in-a-nutshell\/aws-aim\/\" data-orig-file=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/05\/aws-aim.png?fit=640%2C256&amp;ssl=1\" data-orig-size=\"640,256\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"aws aim\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/05\/aws-aim.png?fit=640%2C256&amp;ssl=1\" class=\"aligncenter size-medium wp-image-27603\" src=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/05\/aws-aim-500x200.png?resize=500%2C200&#038;ssl=1\" alt=\"\" width=\"500\" height=\"200\" srcset=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/05\/aws-aim.png?resize=500%2C200&amp;ssl=1 500w, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/05\/aws-aim.png?w=640&amp;ssl=1 640w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/p>\n<p><a href=\"http:\/\/start.jcolemorrison.com\/\">J Cole Morrison<\/a> wrote an <a href=\"http:\/\/start.jcolemorrison.com\/aws-iam-policies-in-a-nutshell\/\">excellent guide into AWS IAM policies<\/a>. It&#8217;s super useful for anyone who have tried implementing IAM policies and failed (or even barely succeeded).<\/p>\n<blockquote><p>What is an AWS IAM Policy?<\/p>\n<p><strong>A set of rules that, under the correct <code>conditions<\/code>, define what <code>actions<\/code> the policy <code>principal<\/code> or holder can take to specified AWS <code>resources<\/code>.<\/strong><\/p>\n<p>That still sounds a bit stiff. How about:<\/p>\n<p><strong>Who can do what to which resources. When do we care?<\/strong><\/p>\n<p>There we go. Let&#8217;s break down the simple statement even more&#8230;<\/p><\/blockquote>\n<p>Compared to all the AWS documentation one has to dive through, this one is a giant time saver!<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>J Cole Morrison wrote an excellent guide into AWS IAM policies. It&#8217;s super useful for anyone who have tried implementing IAM policies and failed (or even barely succeeded). What is an AWS IAM Policy? A set of rules that, under the correct conditions, define what actions the policy principal or holder can take to specified &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2017\/05\/22\/aws-iam-policies-in-a-nutshell\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">AWS IAM Policies in a Nutshell<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"AWS IAM Policies in a Nutshell #AWS #IAM #security #guides #SysAdmin #cloud","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,133,62,1334],"tags":[3270,3457,2366,200,2289],"keyring_services":[],"class_list":["post-27602","post","type-post","status-publish","format-standard","hentry","category-general","category-sysadmin","category-technology","category-web-work","tag-amazon-aws","tag-amazon-iam","tag-cloud-computing","tag-security","tag-web-hosting"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":36094,"url":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/25\/how-to-build-a-serverless-ci-cd-pipeline-on-aws\/","url_meta":{"origin":27602,"position":0},"title":"How To Build a Serverless CI\/CD Pipeline On AWS","author":"Leonid Mamchenkov","date":"February 25, 2019","format":false,"excerpt":"\"How To Build a Serverless CI\/CD Pipeline On AWS\" is a nice guide to some of the newer Amazon AWS services, targeted at developers and DevOps. It shows how to tie together the following: Amazon EC2 (server instances)Docker (containers)Amazon ECR (Elastic Container Registry)Amazon S3 (storage)Amazon IAM (Identity and Access Management)Amazon\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":37373,"url":"https:\/\/mamchenkov.net\/wordpress\/2019\/03\/07\/cloud-irregular-iam-is-the-real-cloud-lock-in\/","url_meta":{"origin":27602,"position":1},"title":"Cloud Irregular: IAM Is The Real Cloud Lock-In","author":"Leonid Mamchenkov","date":"March 7, 2019","format":false,"excerpt":"Vendor lock-in is an old and well discussed issue. Some people don't care about it all, jump right in. Others avoid it like a plague. And then there are those who allow it, with some very careful considerations. I have always been on the side of avoiding vendor lock-in by\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":26999,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/11\/28\/s3-static-site-with-ssl\/","url_meta":{"origin":27602,"position":2},"title":"S3 static site with SSL","author":"Leonid Mamchenkov","date":"November 28, 2016","format":false,"excerpt":"\"S3 static site with SSL and automatic deploys using Travis\" is a goldmine of all those simple technologies tied into a single knot for an impressive result. \u00a0It has a bit of everything: Jekyll - simple, blog-aware, static sites engine, for managing content. GitHub - for version control of the\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"s3-static-site","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/11\/s3-static-site-479x500.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":26696,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/09\/19\/top-13-amazon-virtual-private-cloud-vpc-best-practices\/","url_meta":{"origin":27602,"position":3},"title":"Top 13 Amazon Virtual Private Cloud (VPC) Best Practices","author":"Leonid Mamchenkov","date":"September 19, 2016","format":false,"excerpt":"Cloud Academy Blog goes over top 13 Amazon VPC best practices - particularly good for those just starting up with the platform. \u00a0The article discusses the following: Choosing the Proper VPC Configuration for Your Organization\u2019s Needs Choosing a CIDR Block for Your VPC Implementation Isolating Your VPC Environments Securing Your\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":34997,"url":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/18\/aws-cloudformation-sample-templates\/","url_meta":{"origin":27602,"position":4},"title":"AWS CloudFormation Sample Templates","author":"Leonid Mamchenkov","date":"February 18, 2019","format":false,"excerpt":"awslabs\/aws-cloudformation-templates is an extensive collection of Amazon AWS CloudFormation templates for a wide range of resources and services. Some of these can be used as is for deploying production infrastructure, others are good starting points for those of us who are still learning.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":24022,"url":"https:\/\/mamchenkov.net\/wordpress\/2015\/04\/30\/amazon-efs-preview\/","url_meta":{"origin":27602,"position":5},"title":"Amazon EFS preview","author":"Leonid Mamchenkov","date":"April 30, 2015","format":false,"excerpt":"Amazon Elastic File System, or EFS for short, is the missing piece of the cloud puzzle. \u00a0With all those EC2 instances, elastic load balances and IAM roles, one would often need a shared file system. \u00a0Until now, you'd either be using either an S3-based solution, which scales well in terms\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"Amazon EFS","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2015\/04\/pdp_banner_efs-500x88.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/27602","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=27602"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/27602\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=27602"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=27602"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=27602"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=27602"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}