Sample Policy for CyberArk Conjur that demonstrates AWS Access Key authorization

department-aws.yml

- !policy
  id: department/aws
  annotations:
    platform: aws
    department: tableau-server-dev
  body:
    - &secrets
      - !variable department/aws/access-key-id
      - !variable department/aws/secret-access-key

    - !group department-aws-key-users

    - !grant
      role: !group department-aws-key-users
      members:
        - !group team-group-1
        - !group team-group-2

    - !permit
      resource: *secrets
      privileges: [ read, execute ]
      role: !group department-aws-key-users

    - !permit
      resource: *secrets
      privileges: [ read, execute, update ]
      role: !group /secops