Last active
January 1, 2016 05:29
-
-
Save cmawhorter/75de02722be47058c922 to your computer and use it in GitHub Desktop.
AWS IAM inline policy for a user that gives them access to a specific region. Definitely not complete but good enough for me, for now for dev.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I'm no expert here so there may be better ways, but this attempts to give a user complete access to a specific region only. | |
The first statement covers all resources with ARNs that have the region included. (Everything except S3 and IAM?) | |
And the second statement specifically handles s3 and gives complete access to all buckets that end in the target region. | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": "*", | |
"Resource": "*", | |
"Condition": { | |
"StringLike": { | |
"aws:SourceArn": "arn:aws:*:us-west-2:*" | |
} | |
} | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": "s3:*", | |
"Resource": [ | |
"arn:aws:s3:::*-us-west-2", | |
"arn:aws:s3:::*-us-west-2/*" | |
] | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
quick update. this doesn't seem to be completely working after all