What is policy?
A policy is an entity that, when attached to an identity or resource, defines their permissions. You can use the AWS Management Console, AWS CLI, or AWS API to create customer managed policies in IAM. Customer managed policies are standalone policies that you administer in your own AWS account. You can then attach the policies to identities (users, groups, and roles) in your AWS account.
Policy is Nothing but JSON document which contains below parameters to provide permissions to the users/groups/roles.
- Version: policy language version
- Id: an identifier for the policy(optional)
- statement: one or more statement(required) statement consists of below parameters:-
- Sid: an identifier for the statement(optional)
- Effect: whether the statement policy allows or denies the access(Allow,Deny)
- Principal: specifies to which account/user/role this policy applied to
- Action: list of actions this policy allows or denies
- Resource: list of resources to which the actions applied to
- Condition: Conditions for when this policy is in effect(optional)
Existing policy structure can be defined below.
We can create our own policies in two ways.
- Visual editor: where we can select services, actions, permissions and automatically editor will create the JSON for it.
- JSON:- where can we implement our own policy.
MFA:-(Mukti Factor Authentication)
MFA=password you know+security device you own
MFA device options in AWS:
- google authenticator(phone only)
- Authy(multi-device)
- Yuikey(3rd party)
we can remain the default IAM policy or can change the password policy by navigating through Account settings as per below
To add MFA to our account have to navigate to security credentials and we can hit on assign MFA. there we can see different devices of MFA as per below.
From the devices we can select one and MFA will be added to our account. After MFA whenever we try to login it will be asked for password and code of device which we chose in MFA setup.
Top comments (0)