AWS Identity and Access Management (IAM) is a powerful mechanism for granting and controlling access when using the public AWS cloud. Policy management can easily become a complex task. AWS provides an IAM Policy Simulator to help you understand and test the effects of a policy without implementing them in a real AWS environment.

Learning how to use the AWS IAM Policy Simulator will help you craft IAM policies that follow best practices, such as the principle of least privilege.

In this hands-on lab, you will use the web-based IAM Policy Simulator to simulate a policy, and you will use the AWS CLI to simulate IAM policies.

Learning objectives

Upon completion of this intermediate-level lab, you will be able to:

• Use the web-based IAM Policy Simulator to test controlling access to an Amazon S3 bucket by AWS region
• Use the AWS CLI to simulate a policy that controls access through an AWS Organization
• Use the AWS CLI to simulate policies that control access using tags

Intended audience

• Candidates for the AWS Certified Security Specialty certification
• Cloud Architects
• Data Engineers
• DevOps Engineers
• Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• AWS Identity and Access Management (IAM)
• AWS Organizations
• Tagging in AWS

The following content can be used to fulfill the prerequisites:

• Authorization Controls in AWS
• Securing AWS Organizations with Service Control Policies (SCPs)
• AWS Cost Management: Tagging