IAM-How to give access only north Virginia

How to give access only north Virginia
  1. Go to IAM service
  2. Go to access management --> Policies --> Create policy


  3. Select Json


  4. Copy and paste the below Json Code in Policy editor and click next

  5. {

        "Version": "2012-10-17",

        "Statement": [

            {

                "Action": "ec2:*",

                "Effect": "Allow",

                "Resource": "*",

                "Condition": {

                    "StringEquals": {

                        "aws:RequestedRegion": "us-east-1"

                    }

                }

            },

            {

                "Effect": "Allow",

                "Action": "elasticloadbalancing:*",

                "Resource": "*",

                "Condition": {

                    "StringEquals": {

                        "aws:RequestedRegion": "us-east-1"

                    }

                }

            },

            {

                "Effect": "Allow",

                "Action": "cloudwatch:*",

                "Resource": "*",

                "Condition": {

                    "StringEquals": {

                        "aws:RequestedRegion": "us-east-1"

                    }

                }

            },

            {

                "Effect": "Allow",

                "Action": "autoscaling:*",

                "Resource": "*",

                "Condition": {

                    "StringEquals": {

                        "aws:RequestedRegion": "us-east-1"

                    }

                }

            },

            {

                "Effect": "Allow",

                "Action": "iam:CreateServiceLinkedRole",

                "Resource": "*",

                "Condition": {

                    "StringEquals": {

                        "iam:AWSServiceName": [

                            "autoscaling.amazonaws.com",

                            "ec2scheduled.amazonaws.com",

                            "elasticloadbalancing.amazonaws.com",

                            "spot.amazonaws.com",

                            "spotfleet.amazonaws.com",

                            "transitgateway.amazonaws.com"

                        ]

                    }

                }

            },

            {

                "Effect": "Allow",

                "Action": "s3:*",

                "Resource": "*",

                "Condition": {

                    "StringEquals": {

                        "aws:RequestedRegion": "ap-south-1"

                    }

                }

            }

        ]

    }
     
  6. Enter Policy name and click create policy


  7. Go to IAM service --> Users --> Select user --> Add Permissions --> Add permissions


  8. Click on Add permissions


Comments

Post a Comment

Popular posts from this blog

IAM-Create a policy to place the user in a group only.

Image
  Policy Create a policy to place the user in a group only. 1)   Create IAM user -->  abc 2)   Select abc user then go to permissions 3)   Click on add permissions and click create inline policy ( or you can create policy separately and then attach to user) 4)   Select a service -->  service  -->  IAM 5)  In actions allowed --> effect – select allow select Actions  -->   ListUsers, AddUserToGroup, GetUser, ListGroups, GetGroup 6) Enter policy name -->  click on create policy
Read more

IAM-Create a policy to deny the access of Specific bucket.

Image
  Policy   Create a policy to deny the access of Specific bucket. 1)      Create IAM user -->  abc 2)      Select abc user then go to permissions 3)     Click on add permissions and add AmazonS3FullAccess then again create inline policy for deny the access of Specific bucket 4)     Select a service  -->  service  -->   S3 5)     In actions allowed  -->  effect – select deny select Actions PutObject , ListBucket, GetObject 6)     In Resources  -->  select specific In Bucket  -->  click Add ARNs  -->  "arn:aws:s3:::your-bucket-name" In Object  -->  click Add ARNs  -->  "arn:aws:s3:::your-bucket-name/*" ( * bcoz to apply for all objects) 7)     Enter policy name...
Read more