AWScloud~30 mins

IAM policies (JSON structure) in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Create a Basic AWS IAM Policy JSON

📖 Scenario: You are setting up permissions for a new AWS user who needs to read objects from a specific S3 bucket.

🎯 Goal: Build a valid AWS IAM policy in JSON format that allows read-only access to the example-bucket S3 bucket.

📋 What You'll Learn

Create a JSON policy with the correct version

Specify the S3 service in the policy

Allow the action s3:GetObject

Restrict access to the bucket named example-bucket

Use the correct resource ARN format for the bucket objects

💡 Why This Matters

🌍 Real World

IAM policies control who can do what in AWS. Creating correct policies is essential for security and access management.

💼 Career

Cloud engineers and administrators regularly write and manage IAM policies to secure AWS resources.

Progress0 / 4 steps

Create the basic IAM policy structure

Create a variable called policy and assign it a dictionary with the key Version set to the string "2012-10-17".

AWS

# Your code here

Need a hint?

The Version key is required in every IAM policy and usually set to "2012-10-17".

Add the Statement list with one statement

Add a key Statement to the policy dictionary. Set it to a list containing one dictionary with the key Effect set to "Allow".

AWS

policy = {
    "Version": "2012-10-17",
    # Add Statement list with one statement dictionary
    # Your code here
}

Need a hint?

The Statement key holds a list of permission statements. Each statement needs an Effect key.

Specify the Action and Resource in the statement

Inside the statement dictionary in policy["Statement"], add the key Action with the value "s3:GetObject" and the key Resource with the value "arn:aws:s3:::example-bucket/*".

AWS

policy = {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            # Add Action and Resource keys here
            # Your code here
        }
    ]
}

Need a hint?

The Action specifies what is allowed. The Resource specifies which bucket objects are accessible.

Complete the IAM policy JSON structure

Ensure the policy dictionary is a complete valid IAM policy JSON with Version, Statement list containing one statement with Effect, Action, and Resource keys as specified.

AWS

policy = {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::example-bucket/*"
        }
    ]
}
# Finalize the policy structure if needed
# Your code here

Need a hint?

Review the entire policy dictionary to confirm it matches the required structure.