Creating a new IAM policy

See below for creating an IAM policy granting permission to the S3 bucket.

To create an IAM policy

  1. Type "IAM" in the search box of the AWS console.

  2. Select IAM in the search results to display the IAM dashboard.

    images/download/attachments/255088750/image-2023-6-9_15-45-42-version-1-modificationdate-1717495494120-api-v2.png

  3. Select Access management > Policies in the navigation sidebar.

  4. In the content pane, click the name of an existing IAM policy or click Create policy to create a new one.

  5. Click JSON in the Specify permissions form.

    images/download/attachments/255088750/image-2023-6-12_16-11-58-version-1-modificationdate-1717495494092-api-v2.png

  6. Paste the following JSON code in the Policy editor field.

    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Action": [
    "s3:GetBucketLocation",
    "s3:GetObject",
    "s3:ListBucket"
    ],
    "Resource": [
    "arn:aws:s3:::$S3_BUCKET_NAME",
    "arn:aws:s3:::$S3_BUCKET_NAME/*"
    ]
    },
    {
    "Effect": "Allow",
    "Action": [
    "ec2:ModifySnapshotAttribute",
    "ec2:CopySnapshot",
    "ec2:RegisterImage",
    "ec2:Describe*"
    ],
    "Resource": "*"
    }
    ]
    }

  7. In the JSON code, replace $S3_BUCKET_NAME with the name of the S3 bucket selected when Creating an S3 bucket for the PKIaaS Virtual Machine.

  8. Click Next.

  9. Enter a name and an optional description for the new policy.

  10. Click Create policy.