AWS INLINE POLICY

 ESTABLISHING AN AWS INLINE POLICY

With IAM, you can manage your resources using  IAM API, AWS CLI, AWS MANAGEMENT CONSOLE

INLINE POLICIES: This is a way to vary fine-grained access to  specific identities( users, group, role). Inline policy is embedded in AWS and its define the policy in JSON format. 

LET'S ESTABLISH AN INLINE POLICY:

STEP 1:

Login into your console as a user 

STEP 2:

Click on IAM

STEP 3:

Click on user groups and create group

STEP 4:

Create a user groups for example "Junior-SA-groups"

STEP 5:

Attach permission policies for example "AmazonS3ReadOnlyAccess","AmazonS3fullAccess" and create.

STEP 6: 

To view the policy, click the + sign to view S3 read only permission policy.

{

"Effect": "Allow",

"Action": [

"s3:Get*",

"s3:List*",

"s3-object-lambda:Get*",

"s3-object-lambda:List*"

],

"Resource": "*"

}

]

}

STEP 7:

We established  a " Junior-SA-group", Click on "User" we will assign a user to that group you created.

STEP 7:
Click "Add users"

STEP 8:

Specify User details, give programmatic access to generate credentials (secret key ID and access key) or custom password. Click next 

STEP 9:

We set permissions to the "user group" we established and select the "Junior-SA-group" and next

STEP 10:

Download  .csv file of your credential "users"

STEP 11:

The user "Junior_SA_Users"  has an Amazons3ReadonlyAccess permission policy attached which is managed by AWS. Click add permission and navigate to inline policy. 

STEP 12: 

We create a policy and "choose a  service"and select s3.

STEP 14:

The policy created is the  "Visual Editor". We specified what permission this user has. Are we giving it a read , write or list access. With write permission we gave two actions ( DeleteObject and putObject). Also your click resources.

STEP 15:

Select all resources and review policy (s3 ,write ) , give it a name and create policy

STEP 16: 

Create a policy

STEP 17:

Click the user "Junior_SA_user" you should be able to see the "inline policy" or "customer inline policy" in this case the policy created bears the name "Limit_Junior_SA_groups". And this user is limited  "write"

STEP 18:

We have successfully created an inline policy to groups and users. Congratulations ! happy hands-on.😊

                WHY DO YOU NEED AN INLINE POLICY

There are several reason why clients would prefer inline policy :

• This policy helps to reduce configuration risk 

• It help to avoid any unauthorized changes within the resources.

• It allows a smooth operation in code separation and the intent to govern resources.  

               WHO IMPLEMENT AN INLINE POLICY

• At the level of enterprise inline policy are uses by large organization to enforce security across all infrastructure.

• AWS allow users to attach inline policy to resources within the cloud environment.

• Software developers can set up a policy to control resources and data within the applications. 

               CHALLENGES OF  INLINE POLICY

• With Inline policy its difficult to roll back changes if one encounter an error.

• When you delete an IAM role the policies associated are also deleted which makes it challenging to manage for a long-time. 

• The management manages the policies and resources as it increases.

Work through on how to  establish an inline policies for beginners. Next slide, I will share interview questions on IAM 

Reference:  AWS - https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html

                   AWS: I do own the right to this console  images - AWS Console images 

                  Christian Tchito - My instructor

                  Melissa Monique - My instructor