DEV Community

AWS Community Builders profile image Abdullah Paracha
Abdullah Paracha for AWS Community Builders

Posted on

Create and Assume Roles in AWS

In this blog the objective in the AWS environment, utilizing policies and roles in the IAM console to restrict access to AWS resources and conclude by assuming a role and ensuring our policies are correct and that we have completed all objectives.

Image description
Image: ACloudGuru

Create the Correct S3 Restricted Policies and Roles

  1. Create the S3RestrictedPolicy IAM policy. Ensure only the appconfig buckets are accessible.
    • Select the S3 service and all S3 actions
    • Select all resources except bucket
    • Add the appconfig bucket names to the policy
  2. Create the S3RestrictedRole IAM role.
    • Set the trusted entity to another AWS account
    • Add your account ID
    • For permissions, select the S3RestrictedPolicy
  3. Revoke the AmazonS3FullAccess access policy from the developergroup.
  4. Attach the S3RestrictedPolicy to the dev1 user.

Configure IAM So the dev3 User Can Assume the Role

  1. Create the AssumeS3Policy IAM policy.
    • Select the STS service
    • Select AssumeRole under the write options
    • Add the S3RestrictedRole
  2. Attach the AssumeS3Policy to the dev3 user.
  3. Assume the S3RestrictedRole as the dev3 user.
    • Log in as the dev3 user
    • Switch roles to the S3RestrictedRole
    • Verify access in S3

Top comments (0)

Read next

sudhakar_george_e6d1f136f profile image

Integrating Stencil Web Components in Angular Project

Sudhakar George -

judith677 profile image

#89 — Calculate Proportion Using the Aggregation Values of the Data from the Same Group

Judith-Excel-Sharing -

shahzaib profile image

Handling Errors and Job Lifecycles in Rails 7.1: Master ActiveJob with `retry_on`, `discard_on`, and `after_discard`

Shah Zaib -

fernilo profile image

MyISAM VS InnoDB

Fernilo -