JWConsult Docs

Appearance

Policies

Create an IAM Policy

  1. Navigate to the IAM service in the AWS Management Console.
  2. In the IAM console, choose "Policies" from the left-hand navigation pane.
  3. Click on the "Create policy" button.
  4. In the "Create policy" window, choose the policy type as JSON
  5. Add the below policy to the content
json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "compute-optimizer:GetEnrollmentStatus",
                "iam:List*",
                "iam:Get*",
                "iam:AttachRolePolicy",
                "iam:CreateRole",
                "iam:CreatePolicy",
                "iam:PutRolePolicy",
                "iam:CreateAccessKey",
                "iam:DeleteAccessKey",
                "ec2-instance-connect:*",
                "ec2:*",
                "cloudshell:*",
                "lambda:*",
                "dynamodb:*",
                "freetier:*",
                "s3:*",
                "cloudwatch:*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": [
                "arn:aws:iam::*:role/*"
            ]
        },
        {
            "Effect": "Deny",
            "Action": [
                "ec2:RunInstances",
                "ec2:StartInstances"
            ],
            "Resource": [
                "arn:aws:ec2:ap-south-1:*:instance/*"
            ],
            "Condition": {
                "StringNotEquals": {
                    "ec2:InstanceType": "t2.micro"
                }
            }
        },
        {
            "Effect": "Deny",
            "NotAction": [
                "iam:*",
                "freetier:*",
                "cloudwatch:*"
            ],
            "Resource": "*",
            "Condition": {
                "StringNotEquals": {
                    "aws:RequestedRegion": "ap-south-1"
                }
            }
        }
    ]
}
  1. Provide a unique name for the policy. my-policy
  2. Click on "Review". Review the policy details, including the policy name and type, as well as the policy document or selected AWS-managed policy.
  3. Click on "Create policy".

The newly created policy will appear in the list of policies. This policy can be used to create resources required for this workshop.

Assigning the policy to User

  1. Navigate to the IAM service in the AWS Management Console.
  2. In the IAM console, choose "Users" from the left-hand navigation pane.
  3. Select the user you have create myuser
  4. Click Add Permission and select the policy you have created before my-policy

policies

  1. This user is now restrcited to the policy you have created + Read Only role on all AWS services.
  2. Goto IAM Dashboard page and identify the URL specific for your aws account.

url

  1. Open an incognito window in your browser and try logging in with your myuser account

Note

For the upcoming activities and other exploration use this user myuser to login to the aws console.

Released under the MIT License. Some of the contents are generated using Gen AI

Copyright © 2024 JWConsult. Powered by VitePress