Serge Ivanov Reloaded 3.0

[AWS] Restricted Elastic Beanstalk deployment policy: Part 2

6th February, 2018 · serge

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "EC2EnvironmentInstances",
            "Effect": "Allow",
            "Action": [
                "ec2:*"
            ],
            "Resource": [
                "arn:aws:ec2:AWS_REGION:AWS_ACCOUNT:instance/*"
            ],
            "Condition": {
                "StringEquals": {
                    "ec2:ResourceTag/elasticbeanstalk:environment-name": [
                        "ENVIRONMENT_NAME"
                    ]
                }
            }
        }
    ]
}

[AWS] IAM Policy to allow users change passwords and do user management of their own account

6th February, 2018 · serge

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:*LoginProfile",
                "iam:*AccessKey*",
                "iam:ListServiceSpecificCredentials",
                "iam:ListGroupsForUser",
                "iam:ListAttachedUserPolicies",
                "iam:ListUserPolicies",
                "iam:*SSHPublicKey*",
                "iam:ChangePassword"
            ],
            "Resource": "arn:aws:iam::AWS_ACCOUNT:user/${aws:username}"
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:ListAccount*",
                "iam:GetAccountSummary",
                "iam:GetAccountPasswordPolicy",
                "iam:ListUsers"
            ],
            "Resource": "arn:aws:iam::AWS_ACCOUNT:user/*"
        }
    ]
}

[AWS] S3 bucket policy to allow ELB logs

18th December, 2017 · serge

S3 bucket policy to limit access by a source IP address:

{
"Version": "2012-10-17"
"Id": "S3Policy-ID",
"Statement": [
{
"Sid": "Stmt1513164693849",
"Effect": "Allow",
"Principal": "AWS": "arn:aws:iam::BUCKET_ACCOUNT:root",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bucket_name/*/AWSLogs/IAM_ACCOUNT/*"
}
]
}

[AWS] How to limit S3 bucket access by IP address

14th September, 2017 · serge

S3 bucket policy to limit access by a source IP address:

{
"Version": "2012-10-17"
"Id": "S3Policy-ID",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::BUCKET_NAME/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"x.x.x.x",
"y.y.y.y"
]
}
}
}
]
}

Serge Ivanov Reloaded 3.0

Tag Archives: IAM

[AWS] Restricted Elastic Beanstalk deployment policy: Part 2

[AWS] IAM Policy to allow users change passwords and do user management of their own account

[AWS] S3 bucket policy to allow ELB logs

[AWS] How to limit S3 bucket access by IP address

Pages

Archives

Categories

WordPress

Subscribe