Sample IAM Ploicy for multiple

{
“Version”: “2012-10-17”,
“Statement”: [ {
“Sid”: “Read access through console”,
“Effect”: “Allow”,
“Action”: [
“datapipeline:ListPipelines”,
“datapipeline:GetAccountLimits”,
“cloudwatch:*”,
“dynamodb:DescribeTable”,
“elasticmapreduce:AddJobFlowSteps”,
“elasticmapreduce:ListInstance*”,
“iam:AddRoleToInstanceProfile”,
“iam:CreateInstanceProfile”,
“iam:GetInstanceProfile”,
“iam:GetRole”,
“iam:ListInstanceProfiles”,
“iam:ListInstanceProfilesForRole”,
“iam:ListRoles”,
“iam:PassRole”,
“rds:DescribeDBInstances”,
“rds:DescribeDBSecurityGroups”,
“redshift:DescribeClusters”,
“redshift:DescribeClusterSecurityGroups”,
“s3:List*”,
“sns:ListTopics”
],
“Resource”: [
“*”
]
},
{
“Sid”: “Write access to user’s own DataPipelines”,
“Effect”: “Allow”,
“Action”: [
“datapipeline:*”
],
“Resource”: [
“*”
],
“Condition”: {
“StringEquals”: {
“datapipeline:PipelineCreator”: “${aws:userid}”
}
}
}
]
}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s