How to use inline IAM Policy with Wasabi?

Wasabi supports the use of inline IAM policies via API/SDKs.  Note that these inline policies cannot be operated/managed/viewed through Wasabi Management Console currently and this is planned to be supported in future releases of the Console.  

This document demonstrates how an inline IAM policy can be used via API calls to the Wasabi system through a third-party S3 application AWS CLI.  Customers can use any supported API/SDK mechanism to do this based on their requirements.

Attach an inline Policy to an IAM User Demo (CLI commands & Output screenshots attached):

For this demo, we are performing these 5 tasks

  1. Create a new IAM user called username-aws-cli-lab-inline-user
  2. Create a new bucket for this task called bucket-aws-cli-lab-inline-bucket
  3. Attach an inline example policy that allows this new user access to this new bucket only 
  4. List this inline policy via AWS CLI
  5. Show the inline policy document via AWS CLI

 

1. Create a new IAM user called username-aws-cli-lab-inline-user

aws iam create-user --user-name username-aws-cli-lab-inline-user --endpoint-url=https://iam.wasabisys.com --profile=<profilename>

mceclip6.png

2. Create a new bucket for this task called bucket-aws-cli-lab-inline-bucket

aws s3 mb s3://bucket-aws-cli-lab-inline-bucket --endpoint-url=https://s3.wasabisys.com --profile=<profilename>

mceclip7.png

 

3. Attach an inline example policy that allows this new user access to this new bucket only 

Example Policy created:  inline_policy.json file 

{
"Version": "2012-10-17",
"Statement": [{
"Sid": "AllowAll-S3ActionsToOwnBucket",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket-aws-cli-lab-inline-bucket*"
}]
}

 

aws iam put-user-policy --user-name username-aws-cli-lab-inline-user --policy-name inline_user_separation --policy-document file://inline_policy.json --endpoint-url=https://iam.wasabisys.com --profile=<profiename>

mceclip10.png

 

4. List this inline policy via AWS CLI

aws iam list-user-policies --user-name username-aws-cli-lab-inline-user --endpoint-url=https://iam.wasabisys.com --profile=<profilename>

mceclip12.png

 

5. Show the inline policy document via AWS CLI

aws iam get-user-policy --user-name username-aws-cli-lab-inline-user --policy-name inline_user_separation --endpoint-url=https://iam.wasabisys.com --profile=<profilename>

mceclip13.png



 

Have more questions? Submit a request