AWScloud~15 mins

Least privilege principle in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Implementing Least Privilege Principle with AWS IAM Policy

📖 Scenario: You are working as a cloud administrator for a company. Your task is to create an AWS IAM policy that follows the least privilege principle. This means the policy should grant only the minimum permissions necessary for a user to list objects in a specific S3 bucket.

🎯 Goal: Create an AWS IAM policy JSON that allows listing objects only in the bucket named example-bucket. The policy should not allow any other actions or access to other buckets.

📋 What You'll Learn

Create a JSON dictionary named policy with the version set to 2012-10-17.

Add a statement list with one statement object.

The statement must have Effect set to Allow.

The statement must allow the action s3:ListBucket.

The statement must restrict the resource to the ARN of example-bucket only.

💡 Why This Matters

🌍 Real World

IAM policies are used to control access to AWS resources securely. Following the least privilege principle helps protect resources from accidental or malicious misuse.

💼 Career

Cloud administrators and security engineers regularly create and audit IAM policies to ensure users and services have only the permissions they need.

Progress0 / 4 steps

Create the base policy dictionary

Create a dictionary called policy with the key Version set to the string "2012-10-17".

AWS

# Create the base policy dictionary with Version key
# Your code here

Need a hint?

The policy dictionary must have a key named Version with value "2012-10-17".

Add the statement list with one statement

Add a key Statement to the policy dictionary. Set it to a list containing one dictionary.

AWS

policy = {
    "Version": "2012-10-17"
}
# Add Statement key with a list containing one dictionary
# Your code here

Need a hint?

The Statement key must be a list with one empty dictionary inside.

Define the statement with Effect, Action, and Resource

Inside the first dictionary in the Statement list, add the keys Effect, Action, and Resource. Set Effect to "Allow", Action to "s3:ListBucket", and Resource to the ARN string "arn:aws:s3:::example-bucket".

AWS

policy = {
    "Version": "2012-10-17",
    "Statement": [
        {}
    ]
}
# Add Effect, Action, and Resource keys inside the statement dictionary
# Your code here

Need a hint?

Make sure the statement dictionary has exactly these keys and values to grant minimal permission.

Complete the policy with least privilege principle

Ensure the policy dictionary is complete and correctly formatted as a valid AWS IAM policy JSON that grants only s3:ListBucket permission on example-bucket.

AWS

policy = {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::example-bucket"
        }
    ]
}
# Finalize the policy dictionary
# Your code here

Need a hint?

Review the entire policy dictionary to confirm it grants only the required permission.