Certified Security - Specialty

Sign Up Free or Log In to participate!

IAM policies 101

what is a power user ? How is a power user created ?

Shaw Ng

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html AWS managed policy name: PowerUserAccess Use case: This user performs application development tasks and can create and configure resources and services that support AWS aware application development. Policy description: The first statement of this policy uses the NotAction element to allow all actions for all AWS services and for all resources except AWS Identity and Access Management and AWS Organizations. The second statement grants IAM permissions to create a service-linked role. This is required by some services that must access resources in another service, such as an Amazon S3 bucket. It also grants Organizations permissions to view information about the user’s organization, including the master account email and organization limitations.

1 Answers

Q1: What is a power user ? A1:  Inside IAM there is a policy called PowerUserAccess. The description is "Provides full access to AWS services and resources, but does not allow management of Users and groups."

Q2: How is a power user created ? A2: You create a PowerUser the same as any other user, while creating the account add them to a group that has the PowerUserAccess Policy

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?