Contents x
      How to use inline IAM Policy with Wasabi?
      • 19 Dec 2023
      • 1 Minute to read
      • Print
      • PDF
      Contents

      How to use inline IAM Policy with Wasabi?

      • Updated on 19 Dec 2023
      • 1 Minute to read
      • Print
      • PDF
      Article summary

      Wasabi supports the use of inline IAM policies via API/SDKs.  Note that these inline policies cannot be operated/managed/viewed through Wasabi Management Console currently and this is planned to be supported in future releases of the Console.  

      This document demonstrates how an inline IAM policy can be used via API calls to the Wasabi system through a third-party S3 application AWS CLI.  Customers can use any supported API/SDK mechanism to do this based on their requirements.

      Attach an inline Policy to an IAM User Demo (CLI commands & Output screenshots attached):

      For this demo, we are performing these 5 tasks

      1. Create a new IAM user called username-aws-cli-lab-inline-user

      2. Create a new bucket for this task called bucket-aws-cli-lab-inline-bucket

      3. Attach an inline example policy that allows this new user access to this new bucket only 

      4. List this inline policy via AWS CLI

      5. Show the inline policy document via AWS CLI

      1. Create a new IAM user called username-aws-cli-lab-inline-user

      aws iam create-user --user-name username-aws-cli-lab-inline-user --endpoint-url=https://iam.wasabisys.com --profile=
      mceclip6.png

      2. Create a new bucket for this task called bucket-aws-cli-lab-inline-bucket

      aws s3 mb s3://bucket-aws-cli-lab-inline-bucket --endpoint-url=https://s3.wasabisys.com --profile=
      mceclip7.png

       

      3. Attach an inline example policy that allows this new user access to this new bucket only 

      Example Policy created: inline_policy.json file

      {
"Version": "2012-10-17",
"Statement": [{
"Sid": "AllowAll-S3ActionsToOwnBucket",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket-aws-cli-lab-inline-bucket*"
}]
}
      aws iam put-user-policy --user-name username-aws-cli-lab-inline-user --policy-name inline_user_separation --policy-document file://inline_policy.json --endpoint-url=https://iam.wasabisys.com --profile=
      mceclip10.png

      4. List this inline policy via AWS CLI

      aws iam list-user-policies --user-name username-aws-cli-lab-inline-user --endpoint-url=https://iam.wasabisys.com --profile=
      mceclip12.png

      5. Show the inline policy document via AWS CLI

      aws iam get-user-policy --user-name username-aws-cli-lab-inline-user --policy-name inline_user_separation --endpoint-url=https://iam.wasabisys.com --profile=
      mceclip13.png

       

      What's Next
      Copyright © 2024 by Wasabi Technologies LLC
      75 Arlington Street, Suite 810, Boston, MA 02116 USA
      All Rights Reserved
      Visit us at https://wasabi.com.
      WASABI and the WASABI logo are trademarks of Wasabi Technologies LLC and may not be used without permission of Wasabi Technologies. All other names are used for identification purposes only and are trademarks or registered trademarks of their respective companies.

      Information presented herein is subject to change without notice. Companies, names, and data used in examples are fictitious unless otherwise noted. No part of this information may be reproduced or transmitted in any form by means electronic or mechanical, for any purpose, without express written permission of Wasabi Technologies.