Saturday, February 11, 2023

AWS INLINE POLICY

 ESTABLISHING AN AWS INLINE POLICY




With IAM, you can manage your resources using  IAM API, AWS CLI, AWS MANAGEMENT CONSOLE

INLINE POLICIES: This is a way to vary fine-grained access to  specific identities( users, group, role). Inline policy is embedded in AWS and its define the policy in JSON format. 

LET'S ESTABLISH AN INLINE POLICY:

STEP 1:

Login into your console as a user 

STEP 2:

Click on IAM

STEP 3:

Click on user groups and create group



STEP 4:
Create a user groups for example "Junior-SA-groups"



STEP 5:

Attach permission policies for example "AmazonS3ReadOnlyAccess","AmazonS3fullAccess" and create.


STEP 6: 

To view the policy, click the + sign to view S3 read only permission policy.

{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*",
"s3-object-lambda:Get*",
"s3-object-lambda:List*"
],
"Resource": "*"
}
]
}


STEP 7:
We established  a " Junior-SA-group", Click on "User" we will assign a user to that group you created.




STEP 7:
Click "Add users"



STEP 8:
Specify User details, give programmatic access to generate credentials (secret key ID and access key) or custom password. Click next 



STEP 9:

We set permissions to the "user group" we established and select the "Junior-SA-group" and next



STEP 10:
Download  .csv file of your credential "users"



STEP 11:
The user "Junior_SA_Users"  has an Amazons3ReadonlyAccess permission policy attached which is managed by AWS. Click add permission and navigate to inline policy. 



STEP 12: 
We create a policy and "choose a  service"and select s3.



STEP 14:

The policy created is the  "Visual Editor". We specified what permission this user has. Are we giving it a read , write or list access. With write permission we gave two actions ( DeleteObject and putObject). Also your click resources.



STEP 15:
Select all resources and review policy (s3 ,write ) , give it a name and create policy



STEP 16: 

Create a policy


STEP 17:

Click the user "Junior_SA_user" you should be able to see the "inline policy" or "customer inline policy" in this case the policy created bears the name "Limit_Junior_SA_groups". And this user is limited  "write"


STEP 18:
We have successfully created an inline policy to groups and users. Congratulations ! happy hands-on.😊


                WHY DO YOU NEED AN INLINE POLICY

There are several reason why clients would prefer inline policy :

  • This policy helps to reduce configuration risk 
  • It help to avoid any unauthorized changes within the resources.
  • It allows a smooth operation in code separation and the intent to govern resources.  

               WHO IMPLEMENT AN INLINE POLICY

  • At the level of enterprise inline policy are uses by large organization to enforce security across all infrastructure.
  • AWS allow users to attach inline policy to resources within the cloud environment.
  • Software developers can set up a policy to control resources and data within the applications. 

               CHALLENGES OF  INLINE POLICY

  • With Inline policy its difficult to roll back changes if one encounter an error.
  • When you delete an IAM role the policies associated are also deleted which makes it challenging to manage for a long-time. 
  • The management manages the policies and resources as it increases.


Work through on how to  establish an inline policies for beginners. Next slide, I will share interview questions on IAM 

Reference:  AWS - https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html

                   AWS: I do own the right to this console  images - AWS Console images 

                  Christian Tchito - My instructor

                  Melissa Monique - My instructor           











at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

GRC

  How confident are you in your security program (Tools, systems, controls etc)? In the context of information security , the terms valida...