From the course: AWS for Architects: Advanced Security

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

IAM policies

IAM policies - Amazon Web Services (AWS) Tutorial

From the course: AWS for Architects: Advanced Security

Start my 1-month free trial

IAM policies

- [Instructor] Now let's work through an example that I showed earlier in terms of how the principal of least privilege is implemented through restricted policies. You'll remember from the previous movie that we have three aspects to think about. The who or which is the principal or the resource, and it's an object name plus an ARN or Amazon Resource Number. The what, which is an action, and that's specific to the service, so you'll remember I talked about creating instances for EC2 or listing buckets for S3, and you also can specify a when condition. This is quite advanced, but I have had this in some situations, in financial customers for example, where they have made some actions available in a specific date and time range. Another reason to use conditions is what's called whitelisting where you can make certain services available for a select list of IP addresses. Let's now look at how we implemented the billing administrator who was able to access the console and look at billing,…

Contents