AWS took a remarkable step by introducing IAM service to manage the AWS. As soon as the team managing the AWS account turns slightly bigger, the team needs named accounts for better identity management. AWS IAM is a comprehensive service who not not helps to create different user accounts but also help in managing them in groups. Not only this the permissions can be of varying level and are completely customizable. This is actually not very difficult if you take up policy via JSON scripts.
JSON policies initially look intimidating, but all we need to know is how to manage and manipulate them.
Here are some sample JSON policies
1. .JSON policy for Multiple components
This policy provides complete access to multiple services in one single policy. As you can see the "Action" suggest the name of service like "ec2:*" representing all services associated with EC2. The "Effect" can be "Allow" or "Deny", and the * in the resource represents "all devices/components" of that type.
2. JSON policy for specific devices of only one service
This is little more complex where the "Effect" is all set to "Allow" while the action is NOT to all the actions but instead specific actions. So rather than giving permission for all actionable items. the receiver can do perform specific actions like "ec2: DescribeInstances".
Also the "Resource" listed here is not all the components but specific devices. This can help the user to restrict control to certain devices only.
3. JSON policy for mix and match
There can be a scenario where, you need a certain user to be provided certain rights for one type of service while different level of rights to other type of service.
This policy is the one which can be closest to reality. This policy allows resources of ELB-Elastic load balancing, while restricting the access to only certain instances listed to be start/stopped. This has been
achieved by mixing and matching the above policies.