I hereby claim:
- I am alanwill on github.
- I am alanwill (https://keybase.io/alanwill) on keybase.
- I have a public key whose fingerprint is A6F6 A7F1 BDBA 605E A959 031B 8F58 1915 04B3 2B33
To claim this, I am signing this object:
alanwill
/ aws-iam-s3-console-access.json
Created
January 12, 2014 17:34
AWS IAM policy limiting access to named S3 bucket (programmatic and console)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": ["s3:GetBucketLocation", "s3:ListAllMyBuckets"], | |
| "Resource": "arn:aws:s3:::*" | |
| }, | |
| { | |
| "Effect": "Allow", | |
| "Action": ["s3:ListBucket" ], |
alanwill
/ aws-iam-allow-password-changes.json
Last active
September 30, 2024 03:24
AWS IAM policy that allows users to change their own password
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version":"2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": ["iam:ChangePassword"], | |
| "Resource": "arn:aws:iam::<account-number>:user/${aws:username}" | |
| }, | |
| { | |
| "Effect": "Allow", |
alanwill
/ aws-iam-secure-transport.json
Created
February 3, 2014 19:51
AWS IAM policy that allows SSL read only access to a bucket. Good for log buckets.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Statement": [ | |
| { | |
| "Sid": "AllowGetLogs", | |
| "Action": [ | |
| "s3:GetObject" | |
| ], | |
| "Effect": "Allow", | |
| "Resource": "arn:aws:s3:::myloggingbucket/logs/*", | |
| "Condition": { |
alanwill
/ aws-iam-allow-passing-role-to-instance.json
Created
February 24, 2014 00:54
AWS IAM policy that allows an IAM user to pass an IAM role, for example, when creating a new EC2 instance
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "iam:PassRole" | |
| ], | |
| "Resource": [ | |
| "*" |
alanwill
/ aws-cfn-self-referencing-sg.json
Last active
January 18, 2024 17:00
AWS CloudFormation example that allows a security group rule to reference the same security group as the source.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Description": "Create a VPC with a SG which references itself", | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Resources": { | |
| "vpctester": { | |
| "Type": "AWS::EC2::VPC", | |
| "Properties": { | |
| "CidrBlock": "172.16.0.0/23", | |
| "EnableDnsSupport": false, | |
| "EnableDnsHostnames": false, |
alanwill
/ cloudability-app-iam-user.json
Created
March 8, 2014 04:51
Cloudability Application IAM User used to access account data
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "aws-portal:ViewBilling", | |
| "ec2:DescribeInstances", | |
| "ec2:DescribeReservedInstances", | |
| "cloudwatch:GetMetricStatistics" | |
| ], |
alanwill
/ aws-iam-s3-bucket-policy-ip-limit.json
Last active
August 29, 2015 14:02
S3 bucket policy allowing access from a given IP or network
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Id": "S3PolicyId1", | |
| "Statement": [ | |
| { | |
| "Sid": "IPAllow", | |
| "Effect": "Allow", | |
| "Principal": "*", | |
| "Action": "s3:*", | |
| "Resource": "arn:aws:s3:::<S3-bucket-name>/*", |
alanwill
/ aws-cloudtrail-sqs-policy.json
Created
July 6, 2014 08:48
Cloudtrail policy for SQS queue to receive messages from various SNS topics in multiple accounts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2008-10-17", | |
| "Id": "arn:aws:sqs:us-east-1:<core-account-number>:cloudtrail-notifications/SQSDefaultPolicy", | |
| "Statement": [ | |
| { | |
| "Sid": "Sid1385789515788", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": "*" | |
| }, |
alanwill
/ aws-cloudtrail-bucket-policy.json
Created
July 6, 2014 08:51
S3 bucket policy for Cloudtrail logs to receive from multiple accounts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "AWSCloudTrailAclCheck20131101", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": [ | |
| "arn:aws:iam::903692715234:root", | |
| "arn:aws:iam::859597730677:root", |
OlderNewer