Scribd Logo
Upload

Welcome to Scribd!

  • Aws Policy Conditions

    Uploaded by

    joshcane
    5 views3 pages
    basic elements of policy conditions

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    basic elements of policy conditions

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views3 pages

    Aws Policy Conditions

    Uploaded by

    joshcane
    basic elements of policy conditions

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    There are five elements that are within the scope of the policy

    language used to grant or deny access to buckets, and their


    objects within. These five elements are: Resources, Actions,
    Effect, Principle and Condition. In your policy you can assign
    the ARN to identify the resource. For a complete list of AWS
    resources, see:
    https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-
    format.html
    For each Resource your accessing you have an Action. You identify resource

    operations that you will allow (or deny) by using action keywords. For a complete

    list of Actions: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-

    actions.html

    Each Action has an Effect which is either an Allow or Deny. You

    must explicitly grant access to (allow) a resource, or access to that resource

    is implicitly denied. You can also explicitly deny access to a resource,

    when you want to make sure that a user can't access the resources.

    The Principle is the Account or User that has access to the actions and resources

    in the Statement. See: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-

    bucket-user-policy-specifying-principal-intro.html

    Conditions: You can use AWS-wide and AWS-specific-keys to set the Conditions for

    when a policy is in effect. See:

    https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html

    This is an example from AWS Documentation pages on Policies of a bucket policy

    and its elements:


    The following example bucket policy shows the preceding policy elements. The

    policy allows Dave, a user in account Account-

    ID, s3:GetObject, s3:GetBucketLocation, and s3:ListBucket Amazon S3 permissions

    on the examplebucket bucket.

    {
    "Version": "2012-10-17",
    "Id": "ExamplePolicy01",
    "Statement": [
    {
    "Sid": "ExampleStatement01",
    "Effect": "Allow",
    "Principal": {
    "AWS": "arn:aws:iam::Account-ID:user/Dave"
    },
    "Action": [
    "s3:GetObject",
    "s3:GetBucketLocation",
    "s3:ListBucket"
    ],
    "Resource": [
    "arn:aws:s3:::examplebucket/*",
    "arn:aws:s3:::examplebucket"
    ]
    }
    ]
    }

    For complete policy language information, see Policies and

    Permissions and IAM JSON Policy Reference in the IAM User Guide.

    Condition wide and Condition specific keys, are much more in depth enabling you

    to specify conditions when granting permissions.


    See: https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-

    s3-policy-keys.html#object-keys-in-amazon-s3-policies

    You might also like