We recently posted this article that describes how to generate Amazon EC2 read-only credentials for third-party providers. Amazon released a little helper tool this week, a Policy Generator, that facilitates building quite complex policies. The AWS blog very well describes the necessary steps to produce a policy in this post.
Example
Following our example, the result would look like
{
"Id":"Policy1294332686329",
"Statement":[{
"Sid":"Stmt1294332597167",
"Action":["cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect":"Allow",
"Resource":"*"
},
{
"Sid":"Stmt1294332680637",
"Action":["ec2:DescribeInstanceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeSecurityGroups"
],
"Effect":"Allow",
"Resource":"*"
}
]
}
This code must be copy/pasted into a file (e.g. policy_file.txt) and then applied by the following command:
-f policy_file.txt
Outlook
I hope that the AWS Policy Generator will be extended to allow also the generation of credentials linked to a policy. That way, the most embarrassing part for many people would disappear: the download and installation part of the command line tools.
Filed under: AWS, AWS Policy Generator, IAM
Matthias Jung
Sergio Loureiro
Frederic Donnat
Cloudy_Scripts:
Elastic Detector
Recent Comments