Sometimes writing AWS IAM policies gets confusing. Especially if our policy authoring is reactive in nature instead of following a proactive permissions strategy.

The fact that IAM policies contain some restrictions doesn’t really help either.

To start off, let’s take a look at what the IAM policy evaluation order looks like:

Wow — this is complicated! Additionally some of the documentation and courseware suggest doing both allow and deny-statements.

What how?

Well the Amazon S3: Limits managing to a specific S3 Bucket example in the IAM User Guide shows the idea.

"Version": "2012-10-17"…

Let’s admit it. We access more and more of the information we need in our daily activities using URLs. These URLs have become longer and more cryptic over time but that’s ok since we simply click on them.

However, sometimes we need to communicate those URLs in a non-internet-native way. For me this has happened during training classes as well as when writing a book. I want the class to download a piece of source code, but the GitHub project file URL is way too long to be correctly retyped by the attendees. …

Johannes Verwijnen

Cloud and AI/ML training and consulting. AWS Champion Authorized Instructor.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store