aws iam create-user --user-name s3ReadUser --tags Key=createdFor,Value=masterclass --profile securitymaster
aws iam attach-user-policy --user-name s3ReadUser --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --profile securitymaster
To learn these commands use following help context in Powershell , aws iam attach-user-policy help | Select-String "EXAMPLES" -Context 15
aws iam create-user --user-name EC2DescribeOnlyUser --tags Key=createdFor,Value=masterclass --profile securitymaster
aws iam attach-user-policy --user-name EC2DescribeOnlyUser --policy-arn arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess --profile securitymaster
aws iam create-group --group-name EC2ManagementUsers --profile securitymaster
aws iam attach-group-policy --group-name EC2ManagementUsers --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --profile securitymaster
aws iam add-user-to-group --user-name EC2DescribeOnlyUser --group-name EC2ManagementUsers --profile securitymaster
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Save the file as trust-policy.json in the folder where you are running your PowerShell command.
From PowerShell in the same folder, run:
aws iam create-role --role-name EC2RDSReadRole --assume-role-policy-document file://trust-policy.json --tags Key=createdFor,Value=masterclass --profile securitymaster
file:// tells the AWS CLI to read the policy from a local file.aws iam attach-role-policy --role-name EC2RDSReadRole --policy-arn arn:aws:iam::aws:policy/AmazonRDSFullAccess --profile securitymaster
aws iam attach-role-policy --role-name EC2RDSReadRole --policy-arn arn:aws:iam::aws:policy/IAMFullAccess --profile securitymaster
aws iam attach-role-policy --role-name EC2RDSReadRole --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --profile securitymaster
If you want to check the history of the above activity use the below cloud trail command