Score:0

How to assign an IAM role having the same permission set as the IPs have?

cn flag

How to update the IAM policy below so that the IAM role, arn:aws:iam::7574333677569:role/dev-abc-webserver, also have permissions?

{
    "Version": "2012-10-17",
    "Id": "Policy1517260196123",
    "Statement": [
        {
            "Sid": "Stmt1432661968133",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::pdf.abc.com/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": [
                        "24.237.272.151/32",
                        "42.69.252.185/32",
                    ]
                }
            }
        }
    ]
}

The issue I faced is that The IAM role doesn't have permission with it currently, I want the IAM role to have the same permission set as the IPs have.

We don't need to change the policy , We need to expand what it already grants access to the provided IAM role. So ""Condition": {" needs to be expanded so we are checking for our IPs or the IAM role.

I am not able to figure out how to provide access via the IAM role yet. I did check some aws documentation but not able to figure it out . https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html

Could anyone Help me with this issue, any help should be appreciated?

Tim avatar
gp flag
Tim
I'm finding your question quite confusing. If that's a policy you can simply add it to a role. Otherwise you can create a policy and attach that to the role.
sam23 avatar
cn flag
@Tim, I want that the IAM role to have the same permission set as the IPs we have. want to expand the policy what it already grants access to the provided IAM role .
Tim avatar
gp flag
Tim
You're using terminology in very unusual ways making it difficult to answer this question. Are you trying to give an IAM role full S3 permissions? If that's what you're trying to do you simply attached a policy with full S3 permissions to the role. The existing AWS policy arn:aws:iam::aws:policy/AmazonS3FullAccess may be suitable.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.