AWS for Beginners: Create and Attach a policy to an IAM User: Part 11

Read on:

In the AWS cloud, policies help to manage access to the resources. By using policies we can define what access an identity can have for a resource, under specific conditions. In this way, any unauthorized access is restricted and the cloud account is kept safe. There are two types of AWS policies – AWS Managed policy and Customer Managed policy. In case of an AWS-managed policy, the customer will not be able to change any configuration of the policy. Because these policies are managed by AWS and any updates will be automatically taken care of by AWS. Whenever AWS-managed policies do not satisfy the client-specific requirements, then the customer themselves can create a policy document and apply it. In this article, we will look at how to assign AWS-managed policies to identities.

Protect Your Data with BDRSuite

Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!

Learn More

How to find AWS-managed policies?

In this section, we will look at how to search for AWS-managed policies from the AWS console.

1. Login to the AWS console using the URL https://aws.amazon.com/console

2. Search for the IAM service in the search bar and click on IAM from the results.

3. Click on policies on the next page

4. In the next screen, to find all the AWS-managed policies, filter for the policies with Type: AWS managed

How to find Customer managed policies?

1. In the next screen, to find all the Customer managed policies, filter for the policies with Type: Customer managed

Attach an AWS-managed or Customer managed policy to a group

In this example, we will use the example user group named appgroup. This group does not have any policy permissions attached to it for now. We will look at how to attach a policy to the group.

1. Click on the user groups option in the IAM service. This will list all the groups created in IAM and their current permissions.

2. For this example, click on the group appgroup. We can see that the current permissions are showing as Not Defined, which means the group is not attached to any policies yet.

3. If we look at the above output, this group has two users already in it. Now click on the permissions option on the screen.

4. Now click on the Add Permissions button and click on Attach Policies.

5. In the next screen, search for any policy, AWS managed or Customer managed. In this example, we will attach the AWS-managed policy AWSEC2FullAccess and attach it to the group by clicking on the button Add Permissions. This will give the same policy permissions to the users that belong to this group.

Attach an AWS-managed or Customer managed policy to a User

In this example, we will use the example user named appadmin. This user has the policy AmazonEC2FullAccess which is inherited from the group to which the user belongs. We will look at how to attach a policy to the user. In this example, we will attach the policy AmazonS3FullAccess to the user.

1. Click on the user option in the IAM service and select the user of your choice. For this example, we will select the user appadmin.

2. In the next screen, click on Add Permissions

3. In the next screen, click on the option Attach existing policies directly

4. Search for any policy from the list and select the policy. Then click on Review. Here we search for and select the policy AmazonS3FullAccess.

5. In the next screen, review the entries and click on Add Permissions. Now the user will be added with the permissions available through the policy.

Now we can see that there are two policies attached to the user. One policy is attached directly and another policy is attached through the group.

Conclusion:

In this article, we have gone through the various ways of attaching a policy to a user or group. A policy can be attached directly to a user and a group. When a policy is attached to a group, then all the users within that group will inherit those policy permissions. When a policy is attached at the user level, then the management of the user becomes complicated. Managing the policy permissions through groups simplifies the task. Multiple users can be provided policy permissions through groups. Always follow due diligence and follow the principles of least access while providing the permissions.

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

Rate this post