Chapter 03 of 05
Lessons 21-30
10 lessons20 min readingParts 101-110
- 01List IAM managed policy versionsReview every stored policy version and identify the active default.2 min read2 min read
- 02Delete an old IAM policy versionRemove one non-default managed policy version after verifying it is no longer needed.2 min read2 min read
- 03Create and remove an inline IAM user policyPut, read, and delete a small policy embedded directly in one IAM user.2 min read2 min read
- 04Write a least-privilege S3 read policyCreate an IAM policy that lists one bucket prefix and reads only objects under that prefix.2 min read2 min read
- 05Understand IAM Action wildcardsCompare one exact IAM action with narrow and broad wildcard action patterns.2 min read2 min read
- 06Understand IAM Resource ARNsMatch IAM actions to exact bucket, object, role, and policy resource ARN shapes.2 min read2 min read
- 07Restrict an IAM policy by source IPAdd an aws:SourceIp condition to a policy and validate the document.2 min read2 min read
- 08Prove that explicit IAM Deny winsUse the IAM policy simulator to compare an Allow with a matching explicit Deny.2 min read2 min read
- 09Simulate an IAM principal policyAsk IAM how a named user policy set evaluates selected actions and resources.2 min read2 min read
- 10Create an IAM role with a trust policyCreate a role whose trust policy allows principals in the current account to request assumption.2 min read2 min read