By using AWS re:Post, you agree to the AWS re:Post Terms of Use

AWS Roles or policies required for Admin

0

Hi

If I need to create IAM standard user account with PowerUser or limited Admin privileges to allow the user to create/modify/manage RDS instances, create subnet groups, security groups, RDS IAM roles, policy, S3 bucket, S3 Integration, what AWS roles or policies do you grant for this account? Is there a list of all AWS roles/policies and description of the permissions that come with those?

Thanks,

1 Answer
2
Accepted Answer

Hi,

AWS provides list of managed policies, which you can attach to the role and eventually that role would inherit all the permissions from managed policy.

However you can also create your own custom policies and attach to the role, which would be more specific to use case and tailored one.

Here is the AWS Documentation which has all the AWS Managed Policies, which you would find already created in AWS account. If you click any of these AWS managed policy, you'll see detailed description of each of those.

Example: Suppose, you want to create an administrator role, you will create a role by attaching AdministratorAccess managed policy to the role. Similarly, you can attach one or many such AWS managed policies to a role for specific use case. This AdministratorAccessPolicy is also AWS managed policy and listed in above mentioned document.

Based on the permission sets of these AWS managed policy and description, you can create your custom policies which can be attached to role.

Note that, there are three type of policies:

AWS Managed Policies -> AWS provisioned, can't be edited

Customer Managed Polices -> Customer managed policy, we create, can be edited and also can be attached to multiple roles.

Inline policies --> Same as Customer Managed Policy with one difference that, it is specifically be attached to a role and can't be reused. Often used for a specific use case and by attaching it to a role.

Here at this Documentation, you can find detailed description of managed and inline policies.

Hope you find it useful.

Abhishek

profile pictureAWS
EXPERT
answered a year ago
profile picture
EXPERT
reviewed a year ago
  • Do you have any further questions, happy to help.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions