How to use inline IAM Policy with Wasabi?
    • 19 Dec 2023
    • 1 Minute to read
    • PDF

    How to use inline IAM Policy with Wasabi?

    • PDF

    Article summary

    Wasabi supports the use of inline IAM policies via API/SDKs.  Note that these inline policies cannot be operated/managed/viewed through Wasabi Management Console currently and this is planned to be supported in future releases of the Console.  

    This document demonstrates how an inline IAM policy can be used via API calls to the Wasabi system through a third-party S3 application AWS CLI.  Customers can use any supported API/SDK mechanism to do this based on their requirements.

    Attach an inline Policy to an IAM User Demo (CLI commands & Output screenshots attached):

    For this demo, we are performing these 5 tasks

    1. Create a new IAM user called username-aws-cli-lab-inline-user

    2. Create a new bucket for this task called bucket-aws-cli-lab-inline-bucket

    3. Attach an inline example policy that allows this new user access to this new bucket only 

    4. List this inline policy via AWS CLI

    5. Show the inline policy document via AWS CLI

    1. Create a new IAM user called username-aws-cli-lab-inline-user

    aws iam create-user --user-name username-aws-cli-lab-inline-user --endpoint-url=https://iam.wasabisys.com --profile=
    mceclip6.png

    2. Create a new bucket for this task called bucket-aws-cli-lab-inline-bucket

    aws s3 mb s3://bucket-aws-cli-lab-inline-bucket --endpoint-url=https://s3.wasabisys.com --profile=
    mceclip7.png

     

    3. Attach an inline example policy that allows this new user access to this new bucket only 

    Example Policy created: inline_policy.json file

    {
    "Version": "2012-10-17",
    "Statement": [{
    "Sid": "AllowAll-S3ActionsToOwnBucket",
    "Effect": "Allow",
    "Action": "s3:*",
    "Resource": "arn:aws:s3:::bucket-aws-cli-lab-inline-bucket*"
    }]
    }
    aws iam put-user-policy --user-name username-aws-cli-lab-inline-user --policy-name inline_user_separation --policy-document file://inline_policy.json --endpoint-url=https://iam.wasabisys.com --profile=
    mceclip10.png

    4. List this inline policy via AWS CLI

    aws iam list-user-policies --user-name username-aws-cli-lab-inline-user --endpoint-url=https://iam.wasabisys.com --profile=
    mceclip12.png

    5. Show the inline policy document via AWS CLI

    aws iam get-user-policy --user-name username-aws-cli-lab-inline-user --policy-name inline_user_separation --endpoint-url=https://iam.wasabisys.com --profile=
    mceclip13.png

     


    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence