Example IAM Policies

Customizable IAM policies across cloud providers to save you authoring time

POLICY

AWS ECR Resource Policy: Block Outside Specific Public IP Ra...

Permits connection from only a specific public IP range

Mar 07, 2022 by Kyler Middleton

0
POLICY

AWS ECR: Permit Cross Account Image Upload

Grant n AWS accounts, any principal, to connect to ECR resource and upload image...

Mar 07, 2022 by Kyler Middleton

0
POLICY

AWS ECR, Permit Cross Account Image Download

Grant n other accounts access to this ECR, account-wide. Use more specific princ...

Feb 16, 2022 by Kyler Middleton

0
POLICY

Principal Policy - Permit Access to Cross-Account Secret and...

Policy for principal (User, Service) to access cross-account secret and KMS CMK...

Feb 16, 2022 by Kyler Middleton

0
POLICY

S3: Permit Only CloudFront Specific Distribution

For public access, permit only specific CloudFront distribution

Feb 14, 2022 by Kyler Middleton

0
POLICY

Assume Role Trust Policy with Conditional to Limit to Specif...

IAM assume role trust policy which permits assuming only from specific role(s)

Feb 02, 2022 by Kyler Middleton

0
POLICY

Assume Role Trust Policy from EC2 Instance

Permit EC2 instance to assume IAM role with this trust policy

Feb 02, 2022 by Kyler Middleton

0
POLICY

Assume Role Policy to Permit ECS Task to Assume IAM Role

Trust policy on an IAM role to permit an ECS task (launched container) to assume...

Feb 02, 2022 by Kyler Middleton

0
POLICY

Allow Principals to Encrypt via KMS but Deny Decrypt via KMS

Secrets decryption is a sensitive operation and should not be done by most human...

Feb 01, 2022 by Daniel Popescu

0
POLICY

(WARNING) Block All S3 Access Except Root

Don't apply this policy - it will block all console and API access, and require...

Feb 01, 2022 by Kyler Middleton

0
POLICY

Limit S3 Web Access to Specific Public IPs

Useful for dev/stage web development, where site is stored in s3. Can use many p...

Jan 24, 2022 by Kyler Middleton

0
POLICY

Secrets Manager Secrets IAM Policy to Permit Multi-Account A...

Share Secrets Manager secret contents between accounts

Jan 21, 2022 by Kyler Middleton

0
POLICY

Allow Cross-Account KMS Key Decryption to Specific IAM Roles

Permits other account IAM roles to decrypt KMS key

Jan 21, 2022 by Kyler Middleton

0
POLICY

Default KMS policy for keys

Default policy which grants access to the root user to this KMS key.

Jan 21, 2022 by Kyler Middleton

0
POLICY

Permit User ARN to read/write Specific Folder in S3 Bucket

Permit an IAM User ARN to read and write to an S3 bucket, works cross-account

Jan 21, 2022 by Kyler Middleton

0
POLICY

Deny non-secure access to S3 files

When non-secure (http) access isn't permitted, secure (https) access can be requ...

Jan 21, 2022 by Kyler Middleton

0
POLICY

Allow Public Users to Read S3 Contents

You want to share many files publicly

Jan 21, 2022 by Kyler Middleton

0
POLICY

Allow Tag Owners Access to Tagged AWS RDS Resources

This policy grants permissions to tag owners to select RDS resources they have t...

Jan 19, 2022 by Ivan Dwyer

0
POLICY

Read Only Access to the AWS Console

This policy allows a principal to perform any Get, List, or Generate action, whi...

Jan 19, 2022 by Ivan Dwyer

0
POLICY

AWS IAM Assume Roles Based on Tags

This policy allows an IAM user to assume a role when a resource tag matches

Jan 19, 2022 by Ivan Dwyer

0
POLICY

Allow AWS Access Based on Date and Time

This policy grants permissions to perform a specific action within a specific da...

Jan 19, 2022 by Ivan Dwyer

0
POLICY

Deny AWS Access Based on Source IP

This policy denies access to all AWS actions in the account when the request com...

Jan 19, 2022 by Ivan Dwyer

0
POLICY

Deny Azure Storage Accounts Not Using HTTPS

This policy specifies that each Azure Storage account must be enabled for HTTPS

Jan 19, 2022 by Ivan Dwyer

0
POLICY

Bind a GCP User to a Role

This policy binds a user in your GCP account to a specific role

Jan 19, 2022 by Ivan Dwyer

0

Publish With Us!

We’re always seeking fresh content from expert practitioners to extend our resource catalog across a wide range of topics. If you’re interested in publishing with us, fill out the form below and we’ll get in touch about the process.

For every member contributed article, we’ll donate $100 to your charity of choice!

Join the beta waitlist

Enter your email to get notified when our product becomes available to try.

Sign Up for the community

Create your member profile to get involved with our content, programs, and events.