The project offers hands-on exercises focused on writing AWS IAM policies. Each exercise introduces different aspects of IAM policies that participants need to familiarize themselves with in order to tackle the challenges effectively. This approach ensures that individuals gain a solid understanding of the topics before advancing to the subsequent challenges.
This project utilizes a custom-made policy detection engine that closely adheres to the reference documentation provided by AWS. However, it is important to note that it is not 100% compatible with the original engine and may produce incorrect evaluations in certain instances. Nevertheless, it proves to be sufficiently effective for implementing this educational challenges, allowing participants to gain hands-on experience while learning about AWS IAM policies.
The engine itself was created as an exercise to gain a deeper understanding of the various options available in AWS IAM policies and how they interact with one another. What better way to explore a subject than by actively implementing a working clone? Once the engine performed well, it would have been a shame to let it languish among the forgotten pet projects. Thus, a new journey began—one focused on gathering intriguing examples that would address different topics in each exercise, building upon one another along the way.
This project now offers a variety of exercises designed to guide anyone interested in AWS IAM policies. These activities will help users create functional policies while minimizing the risk of making mistakes along the way.
- How IAM works
- Why AWS IAM is so hard to use
- Policy summary (list of services)
- IAM JSON policy element reference
- 🔥 Actions, resources, and condition keys for AWS services
- IAM JSON policy elements: Condition operators
- Example IAM identity-based policies
- ARN Structure
- AWS Service to prefix mapping table
- Identity-based policies vs Resource-based policies
- Grammar of the IAM JSON policy language
- How to use trust policies with IAM roles
- AWS IAM Policy Condition Operators Explained
- Policies and permissions in AWS Identity and Access Management
- cloud-copilot/iam-data
- @uiw/react-codemirror
- AWS IAM Policies in a Nutshell
- AWS IAM and other permission gotchas
- Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations [SEC302] | 2017
- AWS re:Invent 2018: [REPEAT 1] Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1)
- AWS re:Invent 2016: IAM Best Practices to Live By (SAC317)
- IAM Policy Evaluation Series: AWS IAM policy language explained | Amazon Web Services | 2023
- IAM Policy Evaluation Series: policy evaluation chains | Amazon Web Services | 2023
- IAM Expand
- Access Analyzer policy check reference
- permissions.cloud
- asecure.cloud