Skip to content
/ aws-iam-enforcing-an-iam-boundary Public

An example on how to enforce an iam boundary is attached to roles updated/created

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

eamonnfaherty/aws-iam-enforcing-an-iam-boundary

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
example.template.yaml
example.template.yaml
 
 

Repository files navigation

What is this?

This is :

  • an example of how to use AWS IAM Permission boundaries in Cloudformation
  • an example of how to enforce users to attach a boundary to IAM Users they create - the same can work for IAM Roles

How does this work?

Within example.template.yaml you can see an AWS IAM managed policy ApprovedIAMActionsPolicy. This is an example white list of actions your users are allowed to perform. The idea here is that this is your allowed actions for your users.

Within example.template.yaml you can see can also see an AWS IAM managed policy BindingUserPolicy. This is to be used as a boundary for an IAM Role or User - as specified in the IAM Role RoleWithBoundary. The noteworthy lines are within the Sid BoundActions. The StringEquals: iam:PermissionsBoundary: !Sub arn:aws:iam::${AWS::AccountId}:policy/ApprovedIAMActionsPolicy is where the magic happens.

Credits

The example (and the know-how) were derived from here

About

An example on how to enforce an iam boundary is attached to roles updated/created

Topics

aws iam iam-policy iam-role iam-users iam-permissions

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published