Wasabi supports the use of inline IAM policies via API/SDKs. These inline policies cannot be operated, managed, or viewed using the Wasabi Console. This article describes how an inline IAM policy can be used via API calls to the Wasabi system through a third-party S3 application AWS CLI. You can use any supported API/SDK mechanism to do this based on your requirements.
To attach an inline policy to an IAM user:
Create a new IAM user called username-aws-cli-lab-inline-user:
aws iam create-user --user-name username-aws-cli-lab-inline-user --endpoint-url=https://iam.wasabisys.com --profile=
Create a new bucket for this task called bucket-aws-cli-lab-inline-bucket:
aws s3 mb s3://bucket-aws-cli-lab-inline-bucket --endpoint-url=https://s3.wasabisys.com --profile=
Attach an inline example policy that allows this new user access to the new bucket only.
The example policy created is the inline_policy.json file.
{ "Version": "2012-10-17", "Statement": [{ "Sid": "AllowAll-S3ActionsToOwnBucket", "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::bucket-aws-cli-lab-inline-bucket*" }] }aws iam put-user-policy --user-name username-aws-cli-lab-inline-user --policy-name inline_user_separation --policy-document file://inline_policy.json --endpoint-url=https://iam.wasabisys.com --profile=
List the inline policy via the AWS CLI:
aws iam list-user-policies --user-name username-aws-cli-lab-inline-user --endpoint-url=https://iam.wasabisys.com --profile=
Show the inline policy document via the AWS CLI:
aws iam get-user-policy --user-name username-aws-cli-lab-inline-user --policy-name inline_user_separation --endpoint-url=https://iam.wasabisys.com --profile=