Arnaud's links

Links per page: 20 50 100

page 1 / 1

8 results tagged policy x

jtblin/kube2iam: kube2iam provides different AWS IAM roles for pods running on Kubernetes
March 6, 2019 at 9:54:26 AM GMT+1 - permalink - - https://github.com/jtblin/kube2iam

eks iam k8s policy role
How Do I Create a Lifecycle Policy for an S3 Bucket? - Amazon Simple Storage Service

To apply this lifecycle rule to all objects in the bucket, choose Next.

That's why wildcard was not working :D
September 22, 2017 at 10:14:20 AM GMT+2 - permalink - - http://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-lifecycle.html

aws policy s3
IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources) | AWS Security Blog

Easy one?
Not even close
March 24, 2017 at 12:24:51 PM GMT+1 - permalink - - https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/

iam policy s3
Writing IAM Policies: How to Grant Access to an Amazon S3 Bucket | AWS Security Blog

Don't give s3 full access policy to your app user
Prefer to allow access only for specific bucket

I wonder what's the best choice : create managed policy or simply use inline policy. I got a 1 to 1 relationship between my app-users and bucket so... inline policy looks good here
March 15, 2017 at 11:00:52 AM GMT+1 - permalink - - https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/

aws policy s3
GitHub - capitalone/cloud-custodian: Rules engine for AWS management, DSL in yaml for query, filter, and actions on resources
March 7, 2017 at 10:30:37 PM GMT+1 - permalink - - https://github.com/capitalone/cloud-custodian

aws policy
Note: How to know which policy contains a specific action?

Warning : this loop does a lot of call to aws api, use it with caution

To know that I needed to list all policies and associated statements (for the default policy version)

#!/bin/bash
IFS=$'\n'
for line in $(aws iam list-policies|jq '.Policies|.[]|[ .PolicyName, .Arn, .DefaultVersionId ]| @csv' -r|sed 's/","/ /g'|sed 's/"//g'); do
name=$(echo $line|cut -d' ' -f1);
arn=$(echo $line|cut -d' ' -f2);
version=$(echo $line|cut -d' ' -f3);
echo "$name"
aws iam get-policy-version --policy-arn $arn --version-id $version
done

Put this in a script, redirect output to a file and go get grep!

February 22, 2017 at 4:16:06 PM GMT+1 - permalink - - https:///?bERNcg

aws iam policy
Note sur les Policy IAM

Une policy IAM est constituée de statement, ce sont des règles (des blocs de codes)

{
"Statement":[{
"Effect":"effect",
"Action":"action",
"Resource":"arn",
"Condition":{
"condition":{
"key":"value"
}
}
}
]
}

Chaque règle dans sa forme la plus simple est composée de 3 choses :

Effect : allow ou deny

Action : quelle action concerne la règle

Resource : la resource concernée

Chaque service Amazon (EC2, ECR, etc...) expose une liste d'action, on peut trouver cette liste dans la doc (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Action)

Et chaque resource peut être identifiée par un arn (une manière simple de retrouver un ARN est d'afficher la resources dans l'interface web AWS, il y a souvent l'arn)
December 12, 2016 at 12:59:10 PM GMT+1 - permalink - - https:///?3KOHAQ

aws iam policy
Managed Policies and Inline Policies - AWS Identity and Access Management

AWS Managed VS Customer Manageg VS Inline
September 22, 2016 at 11:08:16 AM GMT+2 - permalink - - http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html

iam policy

Links per page: 20 50 100

page 1 / 1