AWS IAM Permission Boundaries

AWS IAM Permission Boundaries
AWS IAM Permission Boundaries

CLOUD LABS



AWS IAM Permission Boundaries

In this lab, we will thoroughly explore permissions boundaries for AWS IAM entities. We will also understand the effective permissions in the presence of identity policies, resource-based policies, and permissions boundaries.

13 Tasks

intermediate

3hr

Certificate of Completion

Desktop OnlyDevice is not compatible.
No Setup Required
Amazon Web Services

Learning Objectives

A thorough understanding of permissions boundaries and resource-based policy
The ability to set up permissions boundary and resource-based policy
Hands-on experience with effective permissions in presence of identity-based policy and permissions boundary and resource-based policy

Technologies
IAM logoIAM
S3 logoS3
Cloud Lab Overview

Whenever an AWS IAM entity requests to perform an action, the request context is checked for policies that apply to the request. There are different types of policies that determine whether a certain request is authorized or not. These policies include identity-based policies, resource-based policies, and permissions boundaries. The identity-based policies and permissions boundaries apply to IAM entities. However, resource-based policies apply to resources, defining which entities can access the resource.

In this Cloud Lab, you’ll create an IAM user and attach an identity-based policy to it. You’ll test the effective permissions of the new user by creating an S3 bucket and uploading and deleting files in it through the new user. You’ll then add different permissions boundaries to the new user and test the effective permissions with the same process.

 Lastly, you’ll conclude the Cloud Lab by adding a resource-based policy to the S3 bucket we created through the new user and test the effective permissions again through a similar process.

The following is the high-level architecture diagram of the infrastructure you’ll create in this Cloud Lab:

The architecture diagram
The architecture diagram

Cloud Lab Tasks
1.Introduction
Getting Started
2. Identity-Based Policy
Create an IAM Identity-Based Policy
Create an IAM User
Effective Permissions
3.Permissions Boundaries
Introduction to Permissions Boundary
Permissions Boundary as a Superset of Identity-Based Policy
Permissions Boundary as a Subset of Identity-Based Policy
Overlapping Permissions Boundary and Identity-Based Policy
Add a Denial Effect
4.Resouce-Based Polices
Use a Resource-Based Policy
Put It All Together
5.Conclusion
Clean Up
Wrap Up
Labs Rules Apply
Stay within resource usage requirements.
Do not engage in cryptocurrency mining.
Do not engage in or encourage activity that is illegal.
Hear what others have to say
Join 1.4 million developers working at companies like