Devops Blog posts

 1. Policy to get access to billing, ec2 and cloudwatch. in this first we need to login with admin account →  1.   Click on Profile à Go to account 2.   Go to IAM user and role access to Billing information section And edit then enable access to billing info 3.   Select user then go to permissions 4.   Click on add permissions 5.   Select attach policy directly 6. Select below Permissions policies                       Billing , AmazonEC2FullAccess , CloudWatchFullAccess                       then click on next

  1. Create a resource based policy and attach to S3_B16 Bucket & only sunny user can able to access that bucket 1.      Go to S3 service 2.      Select bucket S3_B16 -->  select Permissions tab 3.      Go to Bucket policy section 4.      Click on edit and copy paste the below Jason code and save make changes “YOUR_ACCOUNT_ID” with you aws account id and bucket name {     "Version": "2012-10-17",     "Statement": [         {             "Effect": "Allow",             "Principal": {                 "AWS": "arn:aws:iam::YOUR_ACCOUNT_ID:user/sunny"             }, ...

Policy Create policy to create the user only and can attach policy to them 1)      Create IAM user à abc 2)      Select abc user then go to permissions 3)      Click on add permissions and click create inline policy 4)      Select a service  -->  service  -->  IAM 5)     In actions allowed  -->  effect – select allow select Actions  -->   AttachUserPolicy, CreateUser, GetAccountPasswordPolicy, ListUsers, ListPolicies, GetUser 6)      Enter policy name -->  click on create pol

  Policy Create a policy to place the user in a group only. 1)   Create IAM user -->  abc 2)   Select abc user then go to permissions 3)   Click on add permissions and click create inline policy ( or you can create policy separately and then attach to user) 4)   Select a service -->  service  -->  IAM 5)  In actions allowed --> effect – select allow select Actions  -->   ListUsers, AddUserToGroup, GetUser, ListGroups, GetGroup 6) Enter policy name -->  click on create policy

  Policy   Create a policy to deny the access of Specific bucket. 1)      Create IAM user -->  abc 2)      Select abc user then go to permissions 3)     Click on add permissions and add AmazonS3FullAccess then again create inline policy for deny the access of Specific bucket 4)     Select a service  -->  service  -->   S3 5)     In actions allowed  -->  effect – select deny select Actions PutObject , ListBucket, GetObject 6)     In Resources  -->  select specific In Bucket  -->  click Add ARNs  -->  "arn:aws:s3:::your-bucket-name" In Object  -->  click Add ARNs  -->  "arn:aws:s3:::your-bucket-name/*" ( * bcoz to apply for all objects) 7)     Enter policy name...

  Policy Create a policy to access only 2 objects in a specific bucket. 1)      Create IAM user -->  abc 2)      Select abc user then go to permissions 3)     Click on add permissions and click create inline policy 4)     Select a service  -->  service  -->   S3 5)     In actions allowed  -->  effect – select allow select Actions GetBucketLocation, ListAllMyBuckets, ListBucket, GetObject 6)     In Resources  -->  select specific In Bucket  -->  click Add ARNs  -->  then add bucket arn no. In Object  -->  click Add ARNs  -->  then add objects arn no. 7)     Enter policy name  -->  click on create policy