Skip to content

Instantly share code, notes, and snippets.

@mjenno
Last active August 14, 2022 21:09
  • Star 3 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save mjenno/4366364 to your computer and use it in GitHub Desktop.
Policy for IAM self service
{
"Statement": [
{
"Action": [
"iam:*Password*",
"iam:*AccessKey*",
"iam:*SigningCertificate*",
"iam:*MFADevice*",
"iam:UpdateLoginProfile"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::ACCOUNT#:user/${aws:username}"
]
},
"Action": [
"iam:*MFADevice*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::ACCOUNT#:mfa/${aws:username}"
]
}
]
}
@brandongalbraith
Copy link

Typo at Line 16: Needs a '{' character:

{
    "Statement": [
        {
            "Action": [
                "iam:*Password*",
                "iam:*AccessKey*",
                "iam:*SigningCertificate*",
                "iam:*MFADevice*",
                "iam:UpdateLoginProfile"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:iam::ACCOUNT#:user/${aws:username}"
            ]
        },
        {
            "Action": [
                "iam:*MFADevice*"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:iam::ACCOUNT#:mfa/${aws:username}"
            ]
        }
    ]
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment