Volume 3: IAM3/5
  1. 01Lessons 1-10
  2. 02Lessons 11-20
  3. 03Lessons 21-30
  4. 04Lessons 31-40
  5. 05Lessons 41-45

Chapter 03 of 05

Lessons 21-30

10 lessons20 min readingParts 101-110
  1. 01List IAM managed policy versionsReview every stored policy version and identify the active default.2 min read
  2. 02Delete an old IAM policy versionRemove one non-default managed policy version after verifying it is no longer needed.2 min read
  3. 03Create and remove an inline IAM user policyPut, read, and delete a small policy embedded directly in one IAM user.2 min read
  4. 04Write a least-privilege S3 read policyCreate an IAM policy that lists one bucket prefix and reads only objects under that prefix.2 min read
  5. 05Understand IAM Action wildcardsCompare one exact IAM action with narrow and broad wildcard action patterns.2 min read
  6. 06Understand IAM Resource ARNsMatch IAM actions to exact bucket, object, role, and policy resource ARN shapes.2 min read
  7. 07Restrict an IAM policy by source IPAdd an aws:SourceIp condition to a policy and validate the document.2 min read
  8. 08Prove that explicit IAM Deny winsUse the IAM policy simulator to compare an Allow with a matching explicit Deny.2 min read
  9. 09Simulate an IAM principal policyAsk IAM how a named user policy set evaluates selected actions and resources.2 min read
  10. 10Create an IAM role with a trust policyCreate a role whose trust policy allows principals in the current account to request assumption.2 min read