Often there is a case when you have to provide read-only access to a user on your AWS account for security, training, or auditing purposes.
In this post, I will show you how we can provide read-only access to the AWS console to any user.
Create a Group
This step is optional, but I would suggest it as a best practice. Groups allow you to easily manage users and policies.
In this example, I am creating a group called auditors
Attach an IAM Policy to Group
On the next screen, while creating a group, you have an option to attach a policy to the group, search and select “ReadOnlyAccess” predefined AWS policy as shown in the following slide
The AWS managed policy ReadOnlyAccess has already defined a long list of services to provide read-only access
Create a new User
Create a new and assign the group to the user, this will automatically assign the ReadOnlyAccess policy to the user. In our example, we have a user called the audit-user.
Verify the account
Login with the newly created user, as you can see in the following slides, we can access the AWS console and list all S3 buckets and VPC details, however, we cannot do any changes or launch any instances.
So to conclude it is pretty straightforward to grant read-only access to AWS console to trainees, auditors, or any other security staff. AWS Managed Policy made it easier for us.
I hope you like this post.
DataNext Solutions is a US-based system integrator, specialized in Cloud, Security, and DevOps technologies. As a registered AWS partner, our services comprise of any Cloud Migration, Cost optimization, Integration, Security, and Managed Services. Click here and Book a Free assessment call with our experts today or visit our website www.datanextsolutions.com for more info.