{"id":20136132,"url":"https://github.com/zkfmapf123/aws_iam_study","last_synced_at":"2026-02-24T10:04:26.373Z","repository":{"id":199725567,"uuid":"703589702","full_name":"zkfmapf123/aws_iam_study","owner":"zkfmapf123","description":"aws_iam_study","archived":false,"fork":false,"pushed_at":"2023-10-11T16:14:03.000Z","size":2,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-24T05:55:17.522Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zkfmapf123.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-11T14:22:17.000Z","updated_at":"2023-10-11T16:14:06.000Z","dependencies_parsed_at":null,"dependency_job_id":"50cd6f22-2765-4c26-9786-f6aa5a6721a1","html_url":"https://github.com/zkfmapf123/aws_iam_study","commit_stats":null,"previous_names":["zkfmapf123/aws_iam_study"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zkfmapf123/aws_iam_study","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zkfmapf123%2Faws_iam_study","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zkfmapf123%2Faws_iam_study/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zkfmapf123%2Faws_iam_study/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zkfmapf123%2Faws_iam_study/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zkfmapf123","download_url":"https://codeload.github.com/zkfmapf123/aws_iam_study/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zkfmapf123%2Faws_iam_study/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29779262,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-24T04:54:30.205Z","status":"ssl_error","status_checked_at":"2026-02-24T04:53:58.628Z","response_time":75,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T21:17:49.236Z","updated_at":"2026-02-24T10:04:26.357Z","avatar_url":"https://github.com/zkfmapf123.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IAM + Policy Study\n\n## Why?\n\n- ISMS 해보니까... 정책은 만들어야겠더라...\n- 유저를 만들어서 관리를 해보니, 유저당 모든 권한을 줄수는 없다.\n- 필요한 권한을 줘야한다\n- Resource \"\\*\"는 재앙임...\n\n## Policy Form\n\n```json\n{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"Statement1\",\n      \"Effect\": \"Allow\",\n      \"Action\": [],\n      \"Resource\": [],\n      \"Condition\": {}\n    }\n  ]\n}\n```\n\n\u003e Version\n\n- 사용하고자 하는 정책언어의 버전\n- 최신버전을 사용해야 함 (Require) =\u003e 2012-10-17 추후 바뀔수는 있음\n- \u003ca href=\"https://docs.aws.amazon.com/ko_kr/IAM/latest/UserGuide/reference_policies_elements_version.html\"\u003e 정책 version \u003c/a\u003e\n\n\u003e Sid (Optional)\n\n- 설명문\n- 왠만하면 작성하자\n\n\u003e Effect\n\n- Allow || Deny\n- Policy내에서는 Allow, Deny 외에는 존재하지 않음\n- 액세를 허용하는지, 거부하는지의 대한 여부를 뜻함\n\n\u003e Principal (일부상황에서만 필요) \\*\\*\\*\n\n- 리소스 기반 정책을 사용하는 경우, 액세스를 허용하거나 거부할계정 사용자, 역할 및 사용자를 표시해야 한다.\n- IAM 권한 정책은 이 요소를 포함할 수 없음\n\n\u003e Action\n\n- 정책이 허용하거나 거부하는 작업목록\n- AWS Action\n\n\u003e Resource\n\n- 해당 Action이 적용되는 자원의 종류\n- \"\\*\" 를 잘 사용하면 좋음\n- \"\\*\" 너무 남발하면 얻어맞음\n\n\u003e Condition\n\n- 정책에서 권한을 부여하는 상황을 지정함\n\n## Policy Terraform\n\n- readonly-policy.tf\n- only-ip.tf\n- only-access-s3.tf\n\n## Reference\n\n- \u003ca href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-policy-keys.html\"\u003e S3 Bucket Policy Example \u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzkfmapf123%2Faws_iam_study","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzkfmapf123%2Faws_iam_study","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzkfmapf123%2Faws_iam_study/lists"}