AWScloud~30 mins

Security pillar principles in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Understanding AWS Security Pillar Principles

📖 Scenario: You are starting a new cloud project on AWS. To keep your project safe, you need to understand the basic security principles AWS recommends. These principles help protect your data and control who can access your resources.

🎯 Goal: Build a simple AWS IAM policy document that follows the core security pillar principles: least privilege, strong identity management, and data protection.

📋 What You'll Learn

Create a JSON IAM policy with specific permissions

Add a condition to restrict access by IP address

Use a variable to define allowed actions

Complete the policy with a version and statement structure

💡 Why This Matters

🌍 Real World

AWS IAM policies control who can do what in your cloud environment. Understanding how to write them helps keep your cloud resources safe.

💼 Career

Cloud security roles require knowledge of IAM policies to enforce secure access and protect data.

Progress0 / 4 steps

Create the base IAM policy structure

Create a variable called policy and assign it a dictionary with the key Version set to "2012-10-17" and an empty list for the key Statement.

AWS

# Create the base IAM policy structure
# Your code here

Need a hint?

Start by making a dictionary with keys Version and Statement. The version is a fixed date string. The statement is an empty list for now.

Define allowed actions for least privilege

Create a list called allowed_actions with the exact strings "s3:GetObject" and "s3:PutObject" to limit permissions to only these actions.

AWS

policy = {
    "Version": "2012-10-17",
    "Statement": []
}
# Define allowed actions for least privilege
# Your code here

Need a hint?

Make a list named allowed_actions with exactly these two strings to follow least privilege.

Add a statement with conditions to the policy

Add a dictionary to policy["Statement"] with keys: Effect set to "Allow", Action set to allowed_actions, Resource set to "arn:aws:s3:::example-bucket/*", and Condition that restricts access to IP addresses starting with "203.0.113." using "IpAddress" and "aws:SourceIp".

AWS

policy = {
    "Version": "2012-10-17",
    "Statement": []
}
allowed_actions = ["s3:GetObject", "s3:PutObject"]
# Add a statement with conditions to the policy
# Your code here

Need a hint?

Use append to add a statement dictionary with the keys and values exactly as described. The condition limits access by IP range.

Complete the IAM policy with version and statement

Ensure the policy dictionary includes the Version key set to "2012-10-17" and the Statement list with the permission statement you added. This completes the valid IAM policy document.

AWS

policy = {
    "Version": "2012-10-17",
    "Statement": []
}
allowed_actions = ["s3:GetObject", "s3:PutObject"]
policy["Statement"].append({
    "Effect": "Allow",
    "Action": allowed_actions,
    "Resource": "arn:aws:s3:::example-bucket/*",
    "Condition": {
        "IpAddress": {
            "aws:SourceIp": "203.0.113.0/24"
        }
    }
})
# Finalize the policy document
# Your code here

Need a hint?

Check that the policy dictionary has the correct version and the statement list with your permission statement.