Category: aws

AWS Cloud services and usecases

AWS IAM Policy

If you have worked in AWS CLOUD, you must be knowing about IAM (Identity and Access Management) and the policy. IAM policies are also called Identity Based policy . This differs from Resource based policies as applied in S3.

There are many use-case when you apply policies and stuck in understanding of the order, the policy may be executing.

Examples :

  • You want to give all permission except Billing and IAM.
  • You want to allow only EC2 permissions for a IAM user and deny all
  • What will be the allocation if you don’t give any permission

In a bigger picture, AWS IAM policy works in order of,


Implicitly Deny ALL >> Explicitly Allow >> Explicitly Deny

Detail logic of the execution flow as per AWS resource :https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html

Policy Evaluation Logic

Two Most handful resource in policy creation are

Policy Simulator

Example 1: Policy to ” Allow ALL except Billing and IAM permission

{ 
   "Version":"2012-10-17",
   "Statement":[ 
      { 
         "Effect":"Allow",
         "Action":"*",
         "Resource":"*"
      },
      { 
         "Effect":"Deny",
         "Action":"aws-portal:*",
         "Resource":"*"
      },
      { 
         "Effect":"Deny",
         "Action":"iam:*",
         "Resource":"*"
      }
   ]
}

The most common usage in aws beginning is to assign a policy to system engineer to use AWS service but should not able to access billing and Identity Management .

for more : https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html

AWS Fundamentals

AWS Service Status  : https://status.aws.amazon.com/

You can check for the status for All AWS services  from the following page provided by aws :

service status dashboard

In AWS You Pay for : https://awstcocalculator.com/

  • Compute 
  • Storage
  • Data Transfer

Checkout  the AWS Total Cost of Ownership (TCO) Calculator : 

AWS GLOBAL Infra Structure :  https://infrastructure.aws/

  • REGIONS
    • Availability Zone
  • EDGE LOCATIONS [used for caching, CDN]

Below is the global infrastructure interactive page provided by aws to check the services expanded over geo-graphical locations 

AWS Global Infrastructure

AWS FOUNDATION SERVICES  :- https://aws.amazon.com/

  • COMPUTE
  • STORAGE
  • DATABASES
  • NETWORKING

AWS Policy Generator : https://awspolicygen.s3.amazonaws.com/policygen.html

Policy Simulator
https://policysim.aws.amazon.com/

The AWS Policy Generator is a tool that enables you to create policies that control access 

You can create the json from the  interface provided by aws.