{ “Version”: “2012-10-17”, “Statement”: [ { “Sid”: “EC2EnvironmentInstances”, “Effect”: “Allow”, “Action”: [ “ec2:*” ], “Resource”: [ “arn:aws:ec2:AWS_REGION:AWS_ACCOUNT:instance/*” ], “Condition”: { “StringEquals”: { “ec2:ResourceTag/elasticbeanstalk:environment-name”: [ “ENVIRONMENT_NAME” ] } } } ] }
Tag Archives: IAM
[AWS] IAM Policy to allow users change passwords and do user management of their own account
{ “Version”: “2012-10-17”, “Statement”: [ { “Effect”: “Allow”, “Action”: [ “iam:*LoginProfile”, “iam:*AccessKey*”, “iam:ListServiceSpecificCredentials”, “iam:ListGroupsForUser”, “iam:ListAttachedUserPolicies”, “iam:ListUserPolicies”, “iam:*SSHPublicKey*”, “iam:ChangePassword” ], “Resource”: “arn:aws:iam::AWS_ACCOUNT:user/${aws:username}” }, { “Effect”: “Allow”, “Action”: [ “iam:ListAccount*”, “iam:GetAccountSummary”, “iam:GetAccountPasswordPolicy”, “iam:ListUsers” ], “Resource”: “arn:aws:iam::AWS_ACCOUNT:user/*” } ] }
[AWS] S3 bucket policy to allow ELB logs
S3 bucket policy to limit access by a source IP address: { “Version”: “2012-10-17” “Id”: “S3Policy-ID”, “Statement”: [ { “Sid”: “Stmt1513164693849”, “Effect”: “Allow”, “Principal”: “AWS”: “arn:aws:iam::BUCKET_ACCOUNT:root”, “Action”: “s3:PutObject”, “Resource”: “arn:aws:s3:::bucket_name/*/AWSLogs/IAM_ACCOUNT/*” } ] }
[AWS] How to limit S3 bucket access by IP address
S3 bucket policy to limit access by a source IP address: { “Version”: “2012-10-17” “Id”: “S3Policy-ID”, “Statement”: [ { “Sid”: “IPAllow”, “Effect”: “Allow”, “Principal”: “*”, “Action”: “s3:*”, “Resource”: “arn:aws:s3:::BUCKET_NAME/*”, “Condition”: { “IpAddress”: { “aws:SourceIp”: [ “x.x.x.x”, “y.y.y.y” ] } } } ] }