4243 links
  • Arnaud's links
  • Home
  • Login
  • RSS Feed
  • ATOM Feed
  • Tag cloud
  • Picture wall
  • Daily
Links per page: 20 50 100
page 1 / 1
10 results tagged policy x
  • thumbnail
    Amazon CloudFront Announces Cache and Origin Request Policies | Networking & Content Delivery
    January 4, 2022 at 4:18:00 PM GMT+1 - permalink - archive.org - https://aws.amazon.com/blogs/networking-and-content-delivery/amazon-cloudfront-announces-cache-and-origin-request-policies/
    cloudfront policy
  • thumbnail
    jtblin/kube2iam: kube2iam provides different AWS IAM roles for pods running on Kubernetes
    March 6, 2019 at 9:54:26 AM GMT+1 - permalink - archive.org - https://github.com/jtblin/kube2iam
    eks iam k8s policy role
  • How Do I Create a Lifecycle Policy for an S3 Bucket? - Amazon Simple Storage Service

    To apply this lifecycle rule to all objects in the bucket, choose Next.

    That's why wildcard was not working :D

    September 22, 2017 at 10:14:20 AM GMT+2 - permalink - archive.org - http://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-lifecycle.html
    aws policy s3
  • Example 2: Bucket Owner Granting Cross-Account Bucket Permissions - Amazon Simple Storage Service
    Donc pour autoriser un compte externe, on va lier une bucker policy sur notre bucket pour autoriser "id_du_compte:root" (on est obligé d'autoriser 'root', en fait ça veut dire qu'on autorise le compte en face mais on ne peut pas être plus précis à ce niveau là)

    C'est le compte en face qui va décider qui a le droit de venir sur notre bucket avec des user policy standard (quand on est dans le contexte du compte en face, c'est comme si le bucket nous appartenait)

    Exemple bucket policy à mettre sur le BUCKET de l'account A pour autoriser l'account xxx en RW


    {
        "Version": "2012-10-17",
        "Statement": [





            {
                "Sid": "Allow account_xx on aws account xxx RW",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::OTHER_ACCOUNT_ID:root"
                },
                "Action": ["s3:GetBucketLocation", "s3:ListBucket"],
                "Resource": "arn:aws:s3:::BUCKET"
            },
            {
                "Sid": "Allow account_xx on aws account xxx RW",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::OTHER_ACCOUNT_ID:root"
                },
                "Action": [
                    "s3:*"
                ],
                "Resource": "arn:aws:s3:::BUCKET/*"
            }




        ]
    }

    Pour Read only, remplacer action du deuxieme bloc par "Action": ["s3:Get*","s3:List*"],
    June 12, 2017 at 8:48:42 AM GMT+2 * - permalink - archive.org - http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example2.html
    aws cross iam policy s3
  • thumbnail
    IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources) | AWS Security Blog

    Easy one?
    Not even close

    March 24, 2017 at 12:24:51 PM GMT+1 - permalink - archive.org - https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/
    iam policy s3
  • thumbnail
    Writing IAM Policies: How to Grant Access to an Amazon S3 Bucket | AWS Security Blog

    Don't give s3 full access policy to your app user
    Prefer to allow access only for specific bucket

    I wonder what's the best choice : create managed policy or simply use inline policy. I got a 1 to 1 relationship between my app-users and bucket so... inline policy looks good here

    March 15, 2017 at 11:00:52 AM GMT+1 - permalink - archive.org - https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/
    aws policy s3
  • GitHub - capitalone/cloud-custodian: Rules engine for AWS management, DSL in yaml for query, filter, and actions on resources
    March 7, 2017 at 10:30:37 PM GMT+1 - permalink - archive.org - https://github.com/capitalone/cloud-custodian
    aws policy
  • Note: How to know which policy contains a specific action?
    Warning : this loop does a lot of call to aws api, use it with caution

    To know that I needed to list all policies and associated statements (for the default policy version)

    #!/bin/bash
    IFS=$'\n'
    for line in $(aws iam list-policies|jq '.Policies|.[]|[ .PolicyName, .Arn, .DefaultVersionId ]| @csv' -r|sed 's/","/ /g'|sed 's/"//g'); do
        name=$(echo $line|cut -d' ' -f1);
        arn=$(echo $line|cut -d' ' -f2);
        version=$(echo $line|cut -d' ' -f3);
        echo "$name"
        aws iam get-policy-version --policy-arn $arn --version-id $version
    done


    Put this in a script, redirect output to a file and go get grep!
    February 22, 2017 at 4:16:06 PM GMT+1 * - permalink - archive.org - https:///?bERNcg
    aws bash for foreach iam policy separator
  • Note sur les Policy IAM

    Une policy IAM est constituée de statement, ce sont des règles (des blocs de codes)

    {
    "Statement":[{
    "Effect":"effect",
    "Action":"action",
    "Resource":"arn",
    "Condition":{
    "condition":{
    "key":"value"
    }
    }
    }
    ]
    }

    Chaque règle dans sa forme la plus simple est composée de 3 choses :

    Effect : allow ou deny

    Action : quelle action concerne la règle

    Resource : la resource concernée

    Chaque service Amazon (EC2, ECR, etc...) expose une liste d'action, on peut trouver cette liste dans la doc (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Action)

    Et chaque resource peut être identifiée par un arn (une manière simple de retrouver un ARN est d'afficher la resources dans l'interface web AWS, il y a souvent l'arn)

    December 12, 2016 at 12:59:10 PM GMT+1 - permalink - archive.org - https:///?3KOHAQ
    aws iam policy
  • Managed Policies and Inline Policies - AWS Identity and Access Management

    AWS Managed VS Customer Manageg VS Inline

    September 22, 2016 at 11:08:16 AM GMT+2 - permalink - archive.org - http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
    iam policy
Links per page: 20 50 100
page 1 / 1
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Help/documentation