AWS IAM

Manage identity and access in AWS.

IAM Policies

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::my-bucket/*" }] }

Create Role

Create role with trust policy

aws iam create-role
--role-name EC2AppRole
--assume-role-policy-document '{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"Service": "ec2.amazonaws.com"}, "Action": "sts:AssumeRole" }] }'

Attach policy

aws iam attach-role-policy
--role-name EC2AppRole
--policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

Service-Linked Roles

For services like ECS, RDS

aws iam create-service-linked-role
--aws-service-name ecs.amazonaws.com

Best Practices

security_practices:

Use roles, not long-term credentials
Implement least privilege
Enable MFA
Regular access reviews
Use IAM Access Analyzer
Implement SCPs for organizations

Policy Conditions

{ "Condition": { "StringEquals": { "aws:RequestedRegion": "us-east-1" }, "Bool": { "aws:MultiFactorAuthPresent": "true" } } }

Best Practices

Follow least privilege
Use IAM roles for applications
Enable CloudTrail for auditing
Regular credential rotation
Use permission boundaries

Related Skills

terraform-aws - IaC deployment
access-review - Access auditing

aws-iam

Safety Notice

Copy this and send it to your AI assistant to learn

Create role with trust policy

Attach policy

For services like ECS, RDS

Source Transparency

Related Skills

sops-encryption

linux-administration

linux-hardening