By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

IAM policy for specific user on r,w,e permissions of a specific environment

0

I have 3 environment dev stage and prod. I want a specific user policy which gives a user permission to env like this below. dev- read only Stage- read write Prod -r,w

Topics
DevOpsAWS Well-Architected FrameworkSecurity, Identity, & Compliance
Tags
DevOpsSecurityIAM PoliciesAWS Academy
Language
English
Hitesh
asked a year ago293 views
1 Answer
0

You can create IAM roles and when user groups. User groups will act as parents while the users that you add in the user groups would act like child. User groups will have IAM role associate to it and the same role would be applied to the user present in the user groups

For Example, User X - Belongs to Dev Environment User Y - Belongs to Stage Environment User Z - Belongs to Prod Environment User X can be in a User Group Dev which has IAM role READ ONLY User Y can be in a User Group Stage which has IAM role READ and WRITE ONLY User Z can be in a User Group Prod which has IAM role READ and WRITE ONLY

You can even allow different perimeter role policies for an example, user x present in the group dev environment can read all the resources but not the S3 resources or user y present in the group stage environment can read/write all the resources but cannot write the resources in the S3 bucket.

AWS has very well architected the IAM roles and permissions, would be good to understand if my explanation helps you. Let me know in case you have any other questions.

himanshustallongmailcom
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content