By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Custom IAM policy with custom IAM Actions

0

I want to create a Custom I AM policy with custom IAM Actions.

something like below: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "myCustomService:MyCustomAction", "myCustomService1:MyCustomAction1", ], "Resource": "*" } ] }

I need this to control clients/ users/ clientApplication access to my application running in EKS cluster.

thanks in advance.

Topics
Security, Identity, & Compliance
Tags
Security, Identity, & ComplianceAWS Identity and Access ManagementIAM Policies
Language
English
shankar s
asked a year ago324 views
1 Answer
0

i have added the following example please modify accordingly

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "eks:DescribeCluster",
                "eks:ListFargateProfiles",
                "eks:ListUpdates",
                "eks:UpdateClusterVersion"
            ],
            "Resource": "arn:aws:eks:us-west-2:123456789012:cluster/my-cluster",
            "Condition": {
                "StringEquals": {
                    "aws:userid": [
                        "user1",
                        "user2"
                    ],
                    "sourceArn": [
                        "arn:aws:execute-api:us-west-2:123456789012:abcdefghij/*/GET/resource1",
                        "arn:aws:execute-api:us-west-2:123456789012:abcdefghij/*/GET/resource2"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "ecr:BatchGetImage",
                "ecr:DescribeRepositories",
                "ecr:ListImages",
                "ecr:ListTagsForResource",
                "ecr:PutImage"
            ],
            "Resource": "arn:aws:ecr:us-west-2:123456789012:repository/my-repo",
            "Condition": {
                "StringEquals": {
                    "aws:userid": [
                        "user1",
                        "user2"
                    ],
                    "sourceArn": [
                        "arn:aws:execute-api:us-west-2:123456789012:abcdefghij/*/POST/resource3",
                        "arn:aws:execute-api:us-west-2:123456789012:abcdefghij/*/POST/resource4"
                    ]
                }
            }
        }
    ]
}
profile picture
EXPERT
Sedat Salman
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content