AWS Policy Generator

We recently posted this article that describes how to generate Amazon EC2 read-only credentials for third-party providers. Amazon released a little helper tool this week, a Policy Generator, that facilitates building quite complex policies. The AWS blog very well describes the necessary steps to produce a policy in this post.

Example

Following our example, the result would look like

{
"Id":"Policy1294332686329",
"Statement":[{
"Sid":"Stmt1294332597167",
"Action":["cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect":"Allow",
"Resource":"*"
},
{
"Sid":"Stmt1294332680637",
"Action":["ec2:DescribeInstanceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeSecurityGroups"
],
"Effect":"Allow",
"Resource":"*"
}
]
}

This code must be copy/pasted into a file (e.g. policy_file.txt) and then applied by the following command:

iam-groupuploadpolicy -g ExternalProviders -p ReadOnly
-f policy_file.txt

Outlook

I hope that the AWS Policy Generator will be extended to allow also the generation of credentials linked to a policy. That way, the most embarrassing part for many people would disappear: the download and installation part of the command line tools.

One thought on “AWS Policy Generator

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s