IAM

From cwhite's wiki
Jump to: navigation, search

The policy syntax is described in detail here.
A good blog I found is here.

{
  "Statement":[{
    "Effect":"effect",
    "Action":"action",
    "Resource":"arn",
    "Condition":{
      "condition":{
        "key":"value"
        }
      }
    }
  ]
}


Examples

Only allow users to manage EC2 instances in a particular region

This will allow users to fully manage EC2 instances in the region(s) you specify. The below policy allows fully access to EC2 in the us-west-1 region.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ec2:*",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "ec2:Region": "us-west-1"
                }
            }
        }
    ]
}