Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

create a read-only IAM user in AWS

I am new to AWS. I tried to create a read-only IAM user in AWS console. I am not able to find the right permission. What permission I should grant? Please advise.

like image 287
Eric Avatar asked Jun 23 '18 06:06

Eric


People also ask

What is read-only access in AWS?

You can use the AWS managed policy named ReadOnlyAccess: the ReadOnlyAccess AWS managed policy provides read-only access to all AWS services and resources. When a service launches a new feature, AWS adds read-only permissions for new operations and resources.

Can I restrict the access of IAM users to specific Amazon EC2 resources?

Most essential Amazon EC2 actions don't support resource-level permissions or conditions, and isolating IAM users or groups of user's access to Amazon EC2 resources by any criteria other than AWS Region doesn't fit most use cases. Instead, consider linking multiple different AWS accounts through AWS Organizations.


1 Answers

There is an IAM Policy called ReadOnlyAccess that will (mostly) grant read-only access to all services. (I say 'mostly' because people might have different concepts of what is read-only.)

Individual services also have their own policies, such as CloudSearchReadOnlyAccess and AmazonPollyReadOnlyAccess.

To grant a user these permissions:

  • Open the user in the IAM console
  • Click Add Permissions
  • Click Attach existing policies directly
  • Select the desired policy
  • Save the permissions
like image 124
John Rotenstein Avatar answered Nov 15 '22 06:11

John Rotenstein