Creating Custom IAM Policy Lab Guide
- Log in to the AWS Management Console with your root account credentials.
- Navigate to the IAM console by clicking on “Services” in the top navigation bar, selecting “IAM” from the dropdown menu.
- Click on “Policies” in the left navigation pane, and then click on the “Create policy” button.
- Select the “Create Your Own Policy” option and click on the “Select” button.
- Enter a name for the policy, such as “S3-Bucket-Access”, and optionally add a description.
- Under the “Policy Document” section, click on the “Edit” button.
- Select the “Visual editor” tab to create the policy using the console UI.
- Click on the “Add Statement” button to add a new statement to the policy.
- Under the “Effect” dropdown menu, select “Allow” to grant access.
- Under the “Actions” section, click on the “Add action” button and select “S3” from the dropdown menu.
- In the next dropdown menu, select the specific S3 actions that you want to grant access to, such as “GetObject”, “PutObject”, or “DeleteObject”.
- Under the “Resources” section, click on the “Add ARN” button.
- Enter the ARN for the S3 bucket that you want to grant access to in the following format:
arn:aws:s3:::bucket-name/* - Replace “bucket-name” with the name of the S3 bucket that you want to grant access to.
- Click on the “Add” button to add the resource.
- Click on the “Review policy” button to review the policy details.
- If everything looks correct, click on the “Create policy” button to create the custom policy.
