3) IAM Policies- AWS Certified Solutions Architect Associate Course SAA-C02

BySai Charan Paloju

Jul 17, 2022 #aws ec2 iam policy example, #AWS IAM, #AWS IAM authenticator, #AWS IAM commands, #AWS IAM documentation, #AWS IAM interview questions, #AWS IAM login, #AWS iam policy document, #AWS iam policy document terraform, #AWS iam policy evaluation logic, #AWS iam policy examples, #AWS iam policy for s3 bucket, #AWS IAM policy generator, #AWS iam policy s3, #AWS iam policy s3 actions, #AWS iam policy sample, #AWS iam policy simulator, #aws iam policy size, #AWS iam policy size limit, #AWS iam policy ssid, #AWS iam policy sstructure, #AWS iam policy ssyntax, #AWS iam policy statement, #AWS iam policy structure, #AWS iam policy syntax checker, #AWS iam policy terraform, #AWS iam policy vs roles, #AWS iam policy what is sid, #AWS IAM roles, #aws iam user, #AWS IAM user login, #bucket policy vs iam policy precedence, #IAM policies, #iam policies are writtedn using, #IAM policies examples, #iam policies for lambda, #IAM policies for s3, #IAM policies in aws, #IAM policies in gcp, #IAM policies in oci, #IAM policies inheritance, #iam policies types, #IAM policies vs roles, #IAM policy, #iam policy attachment terraform, #iam policy aws, #iam policy document structure, #iam policy document terraform, #iam policy example, #iam policy for s3 bucket, #IAM policy generator, #iam policy grammer, #iam policy json structure, #iam policy simulator, #iam policy structure, #iam policy terraform, #iam role structure, #iam structure, #key policy vs iam policy, #sample aws iam policy, #vpolicy, #what is a policy structure, #what is aws iam policies

3) IAM Policies- AWS Certified Solutions Architect Associate Course SAA-C02- Okay so now lets discuss, IAM policies in depth.

So let’s imagine we have a group of developers,

Alice, Bob and Charles, and we,

attach a policy at the group level.

In that case, the policy will get applied to every single member of the group.

So both Alice, Bob, and Charles

they will all get access and inherit this policy.

Now, if you have a second group with operations with a different policy,

David and Edward will have a different policy than the group of developers.

If Fred is a user,

It has the possibility not to belong to a group.

And we have the possibility to create what’s called an inline policy which has a policy

that’s only attached to a user.

So that user could or could not belong to a group.

you can have inline policies for whatever user you want.

And finally, if Charles and David both belong to the audit team and you attach a policy to the audit team.

and you attach a policy to the audit team as well,

Charles and David will also inherit that policy from the audit team.

So in this case, Charles has a policy from developers and a policy from audit team.

And David has policy from audit team and a policy from Operations Team.

That should make a lot of sense when we get into hands-on.

 

IAM Policies Structure

Now, in terms of the policy structure,

you just need to know at a high level how it works,

as well as how it is named.

So this is named something you will see quite alot in AWS,

so get familiar with this structure.

this is adjacent documents.

And so an IAM Policy structure, consists of a version number, so usually it’s 2012-10-17,

this is the policy language version.

And ID which is how to identify that policy,

this is optional.

And then more statements,

and statements can be one or multiple ones,

and a statement has some very important parts.

So the Sid is a statement ID, which is an identifier

for the statement, which is optional as well,

so on the right hand side is the number one.

the effect of policy itself, so it is whether or not the statement allows or denies access to certain API,

so in the right hand side, this says allow,

but you can see deny as well.

The principle consists of which accounts, user or role which, to which this policy will be applied to.

So in this example, it’s applied to the root accounts of your AWS Accounts.

Action is the list of API calls that will be either denied or allowed based on the effect.

And the resource is a list of resources,

to which the actions will be applied to.

So in this example, it is a bucket,

but it could be many different things.

And finally in, not represented here.

but there’s a condition to which when this statement should be applied or not,

and this is not representative here because it is optional.

So going into the exam, you need to make sure

that you really understand the effect, the principle,

the action and resource, but don’t worry,

you will see those along the way in the course

so you should be confident with them by the end of the course.

That’s it for this lecture, I hope you liked it.

Ans i will see you in the next lecture.

 

 

 

 

 

 

 

 

 

By Sai Charan Paloju

Trained AWS Certified Solutions Architect Associate Course SAA-C02/Content Writer/Creator, Masters Degree- Software Engineering, Bachelors Degree- Computer Science & Engineering, Youtuber- Host/Interviewer/Content Creator/Video Editor, Podcaster- Host/Interviewer/Content Creator/Editor, Technical Writer, Social Media Manager/Influencer Ex-Professional Cricketer mailme@smartcherrysthoughts.com https://smartcherrysthoughts.com/

2 thoughts on “3) IAM Policies- AWS Certified Solutions Architect Associate Course SAA-C02”

Leave a Reply

Your email address will not be published. Required fields are marked *