How To Allow AWS IAM Users EBS Snapshot Create And Delete Access

Author: erics, July 29th, 2021

SUMMARY: Needed to create an AWS IAM Policy to allow a user access to create and delete EBS snapshots. This script also needed to be able to list volumes:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:DeleteSnapshot",
                "ec2:ModifySnapshotAttribute",
                "ec2:CreateSnapshots",
                "ec2:ResetSnapshotAttribute",
                "ec2:CreateSnapshot"
            ],
            "Resource": [
                "arn:aws:ec2:*:ACCOUNT_ID_HERE:volume/*",
                "arn:aws:ec2:*:ACCOUNT_ID_HERE:snapshot/*",
                "arn:aws:ec2:*:ACCOUNT_ID_HERE:instance/*"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeSnapshotAttribute",
                "ec2:DescribeVolumes",
                "ec2:DescribeSnapshots"
            ],
            "Resource": "*"
        }
    ]
}

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "VisualEditor0",

"Effect": "Allow",

"Action": [

"ec2:DeleteSnapshot",

"ec2:ModifySnapshotAttribute",

"ec2:CreateSnapshots",

"ec2:ResetSnapshotAttribute",

"ec2:CreateSnapshot"

"Resource": [

"arn:aws:ec2:*:ACCOUNT_ID_HERE:volume/*",

"arn:aws:ec2:*:ACCOUNT_ID_HERE:snapshot/*",

"arn:aws:ec2:*:ACCOUNT_ID_HERE:instance/*"

]

{

"Sid": "VisualEditor1",

"Effect": "Allow",

"Action": [

"ec2:DescribeSnapshotAttribute",

"ec2:DescribeVolumes",

"ec2:DescribeSnapshots"

"Resource": "*"

}

]

}

Categories: How-To's, Technology Tags: Amazon, AWS, Create, Delete, howto, IAM, JSON, Policy, Snapshot, tips, User, volume | No comments

How To Allow IAM Users AWS CDN Read/Write Access For W3 Total Cache

Author: erics, July 28th, 2021

SUMMARY: Needed to create an AWS IAM Policy to allow a user access to two buckets and their associated CDN’s in WordPress W3 Total Cache

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::wyzaerd-demo-prod"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::wyzaerd-demo-prod/*"
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::wyzaerd-demo-dev"
        },
        {
            "Sid": "VisualEditor3",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::wyzaerd-demo-dev/*"
        },
        {
            "Sid": "VisualEditor4",
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "cloudfront:ListDistributions"
            ],
            "Resource": "*"
        }
    ]
}

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "VisualEditor0",

"Effect": "Allow",

"Action": "s3:ListBucket",

"Resource": "arn:aws:s3:::wyzaerd-demo-prod"

{

"Sid": "VisualEditor1",

"Effect": "Allow",

"Action": [

"s3:PutObject",

"s3:GetObject",

"s3:DeleteObject",

"s3:PutObjectAcl"

"Resource": "arn:aws:s3:::wyzaerd-demo-prod/*"

{

"Sid": "VisualEditor2",

"Effect": "Allow",

"Action": "s3:ListBucket",

"Resource": "arn:aws:s3:::wyzaerd-demo-dev"

{

"Sid": "VisualEditor3",

"Effect": "Allow",

"Action": [

"s3:PutObject",

"s3:GetObject",

"s3:DeleteObject",

"s3:PutObjectAcl"

"Resource": "arn:aws:s3:::wyzaerd-demo-dev/*"

{

"Sid": "VisualEditor4",

"Effect": "Allow",

"Action": [

"s3:ListAllMyBuckets",

"cloudfront:ListDistributions"

"Resource": "*"

}

]

}

Categories: How-To's, Technology Tags: Amazon, AWS, Bucket, CDN, CloudFront, howto, IAM, JSON, Policy, S3, tips, User, W3 Total Cache | No comments

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

How To Allow AWS IAM Users EBS Snapshot Create And Delete Access

How To Allow IAM Users AWS CDN Read/Write Access For W3 Total Cache

Our Link Network

Business

Client Websites

Fine Dining

Friends & Family

Galleries

Health

Resources

Technology

Travel

The Archives

Latest Ramblings…

Various Topics of No Interest