BQRoster | AWS Journey
Contact

Common AWS IAM Policies

#awsiam
#aws
#awsjourney

Published Feb 8, 2025

Common AWS Policies

Policies define the permissions granted to IAM users, groups, or roles. These can be either AWS managed policies or custom policies.

Common AWS Managed Policies:

AdministratorAccess
Provides full access to all AWS services and resources.

PowerUserAccess
Grants access to most AWS services, but denies IAM actions (doesn't allow managing IAM users or roles).

ReadOnlyAccess
Grants read-only access to all AWS resources.

AmazonS3FullAccess
Provides full access to Amazon S3 resources, allowing management of buckets and objects.

AmazonEC2FullAccess
Grants full access to Amazon EC2 instances, including management and monitoring of EC2 instances.

AWSSupportAccess
Grants permission to access AWS support features, including managing support cases.

AWSLambda_FullAccess
Provides full access to AWS Lambda resources, allowing the creation and management of functions.

AWSCodeBuildAdminAccess
Grants administrative access to AWS CodeBuild, allowing users to create and manage build projects.

AWSCloudTrailReadOnlyAccess
Grants read-only access to CloudTrail, useful for security auditing and compliance monitoring.

AmazonDynamoDBFullAccess
Grants full access to DynamoDB tables and streams.

IAMReadOnlyAccess
Grants read-only access to IAM resources (useful for auditing IAM configurations without changing them).

Best Practices for IAM Groups and Policies:

  • Follow the principle of least privilege: Grant users only the permissions they absolutely need to perform their tasks.
  • Use managed policies when possible: AWS-managed policies are frequently updated and maintained, which helps reduce administrative overhead.
  • Use groups for easier permission management: Instead of assigning permissions directly to users, use IAM groups and attach policies to those groups.
  • Regularly review and audit policies: Ensure that users’ permissions are always appropriate as their roles and responsibilities change.
    Use MFA (Multi-Factor Authentication): Enforce MFA on privileged accounts (e.g., administrators, root user) to add an additional layer of security.

By organizing IAM groups and policies effectively, you can secure your AWS environment while ensuring the right people have the right access.

Jose Burgos | Full Stack Dev | AWS Embracing Journey

Jose Burgos

Full Stack Developer

Onboard Journey to Amazon Web Services