https://github.com/yogeshnile/aws-iam-policies

Here I and contributors update all condition-wise iam policy of aws.
https://github.com/yogeshnile/aws-iam-policies

aws aws-iam iam-policy security

Last synced: 3 months ago
JSON representation

Here I and contributors update all condition-wise iam policy of aws.

• Host: GitHub
• URL: https://github.com/yogeshnile/aws-iam-policies
• Owner: yogeshnile
• License: gpl-3.0
• Created: 2021-03-11T18:06:27.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2021-03-27T16:15:30.000Z (over 4 years ago)
• Last Synced: 2025-02-27T03:26:35.295Z (7 months ago)
• Topics: aws, aws-iam, iam-policy, security
• Homepage:
• Size: 19.5 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# aws iam policies

## Table of Contents

 - [Grant Access To Only One S3 Bucket](#grant-access-to-only-one-s3-bucket)

 - [Allows full EC2 access within a specific Region](#allows-full-ec2-access-within-a-specific-region)

 - [Describe all instances, and stop, start, and terminate only particular instances](#describe-all-instances-and-stop-start-and-terminate-only-particular-instances)

 - [Granting permissions for using AWS Resource Groups and Tag Editor](#granting-permissions-for-using-aws-resource-groups-and-tag-editor)

# Grant Access To Only One S3 Bucket

 - Grant full access to only one S3 Bucket and list all Buckets for users

 ```json

 {

    "Version": "2012-10-17",

    "Statement": [

        {

            "Effect": "Allow",

            "Action": [

                        "s3:GetBucketLocation",

                        "s3:ListAllMyBuckets"

                      ],

            "Resource": "arn:aws:s3:::*"

        },

        {

            "Effect": "Allow",

            "Action": "s3:*",

            "Resource": [

                "arn:aws:s3:::YOUR-BUCKET",

                "arn:aws:s3:::YOUR-BUCKET/*"

            ]

        }

    ]

}

 ```

 

# Allows full EC2 access within a specific Region

 - allows full EC2 access within a specific Region

 ```json

 {

  "Version": "2012-10-17",

  "Statement": [

    {

      "Action": "ec2:*",

      "Resource": "*",

      "Effect": "Allow",

      "Condition": {

        "StringEquals": {

          "ec2:Region": "REGION-CODE"

        }

      }

    }

  ]

}

 ```

# Describe all instances, and stop, start, and terminate only particular instances

 - Describe all instances, and stop, start, and terminate only particular instances

 ```json

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Effect": "Allow",

      "Action": "ec2:DescribeInstances",

      "Resource": "*"

    },

    {

      "Effect": "Allow",

      "Action": [

        "ec2:StopInstances",

        "ec2:StartInstances",

        "ec2:TerminateInstances"

      ],

      "Resource": [

        "arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0",

        "arn:aws:ec2:us-east-1:123456789012:instance/i-0598c7d356eba48d7"

      ]

    }

  ]

}

 ```

# Granting permissions for using AWS Resource Groups and Tag Editor

```json

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Effect": "Allow",

      "Action": [

        "resource-groups:*",

        "cloudformation:DescribeStacks",

        "cloudformation:ListStackResources",

        "tag:GetResources",

        "tag:TagResources",

        "tag:UntagResources",

        "tag:getTagKeys",

        "tag:getTagValues",

        "resource-explorer:*"

      ],

      "Resource": "*"

    }

  ]

}

```