Skip to content

Latest commit

 

History

History
78 lines (67 loc) · 2.4 KB

README.md

File metadata and controls

78 lines (67 loc) · 2.4 KB

Amazon web services

EC2 (Elastic compute cloud)

References

https://github.com/PacktPublishing/Mastering-AWS-CloudFormation

There are 2 types of policy:

  • Identity based policy: are attached to an IAM identity (user/ group/ role)
  • Resource based policy: are attached to a resource
  • For example,
    • Allowing DescribeTable, Query and Scan to all resource
    {
        "Version": "2012-10-17",
        "statement": [
            {
                "Sid": "ListTables",
                "Effect": "Allow",
                "Action": [
                    "dynamodb:ListTables"
                ],
                "Resource": "*"
            }
        ]
    }
    • Specifically
    {
        "Version": "2012-10-17",
        "Statement": [
            {
            "Sid": "DescribeQueryScanEmployeeTable",
            "Effect": "Allow",
            "Action": [
                "dynamodb:DescribeTable",
                "dynamodb:Query",
                "dynamodb:Scan"
            ],
            "Resource": "arn:aws:dynamodb:us-east-1:account-id:table/employee"
            }
        ]
    }

Terraform

Best practise

Tools