You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
IAM policies are the mechanism by which you define what actions are allowed or denied in your AWS environment. They are JSON documents with a specific structure, and mastering them is essential for securing your account.
An IAM policy is a JSON document that defines a set of permissions. You attach policies to IAM identities (users, groups, or roles) or to AWS resources. When a principal makes a request, AWS evaluates all applicable policies to decide whether to allow or deny the request.
Every IAM policy has the following structure:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowS3ReadAccess",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": "203.0.113.0/24"
}
}
}
]
}
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.