7 results
tagged
policy x
-
How Do I Create a Lifecycle Policy for an S3 Bucket? - Amazon Simple Storage Service
To apply this lifecycle rule to all objects in the bucket, choose Next.September 22, 2017 at 10:14:20 AM GMT+2 - permalink -
That's why wildcard was not working :D
-
http://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-lifecycle.html
-
IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources) | AWS Security Blog
Easy one?March 24, 2017 at 12:24:51 PM GMT+1 - permalink -
Not even close
-
https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/
-
Writing IAM Policies: How to Grant Access to an Amazon S3 Bucket | AWS Security Blog
Don't give s3 full access policy to your app userMarch 15, 2017 at 11:00:52 AM GMT+1 - permalink -
Prefer to allow access only for specific bucket
I wonder what's the best choice : create managed policy or simply use inline policy. I got a 1 to 1 relationship between my app-users and bucket so... inline policy looks good here
-
https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/
-
Note: How to know which policy contains a specific action?
Warning : this loop does a lot of call to aws api, use it with cautionFebruary 22, 2017 at 4:16:06 PM GMT+1 - permalink -
To know that I needed to list all policies and associated statements (for the default policy version)
#!/bin/bash
IFS=$'\n'
for line in $(aws iam list-policies|jq '.Policies|.[]|[ .PolicyName, .Arn, .DefaultVersionId ]| @csv' -r|sed 's/","/ /g'|sed 's/"//g'); do
name=$(echo $line|cut -d' ' -f1);
arn=$(echo $line|cut -d' ' -f2);
version=$(echo $line|cut -d' ' -f3);
echo "$name"
aws iam get-policy-version --policy-arn $arn --version-id $version
done
Put this in a script, redirect output to a file and go get grep!
-
https:///?bERNcg
-
Note sur les Policy IAM
Une policy IAM est constituée de statement, ce sont des règles (des blocs de codes)December 12, 2016 at 12:59:10 PM GMT+1 - permalink -
{
"Statement":[{
"Effect":"effect",
"Action":"action",
"Resource":"arn",
"Condition":{
"condition":{
"key":"value"
}
}
}
]
}
Chaque règle dans sa forme la plus simple est composée de 3 choses :
Effect : allow ou deny
Action : quelle action concerne la règle
Resource : la resource concernée
Chaque service Amazon (EC2, ECR, etc...) expose une liste d'action, on peut trouver cette liste dans la doc (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Action)
Et chaque resource peut être identifiée par un arn (une manière simple de retrouver un ARN est d'afficher la resources dans l'interface web AWS, il y a souvent l'arn)
-
https:///?3KOHAQ