How to Provide Read-only Access to the AWS Console

Zeeshan Baig
Oct 6, 2020 · 3 min read
Image for post
Image for post
www.datanextsolutions.com

Often there is a case when you have to provide read-only access to a user on your AWS account for security, training, or auditing purposes.

In this post, I will show you how we can provide read-only access to the AWS console to any user.

Create a Group

This step is optional, but I would suggest it as a best practice. Groups allow you to easily manage users and policies.

In this example, I am creating a group called auditors

Image for post
Image for post

Attach an IAM Policy to Group

On the next screen, while creating a group, you have an option to attach a policy to the group, search and select “ReadOnlyAccess” predefined AWS policy as shown in the following slide

Select the Required policy from the list
Image for post
Image for post
Attached Policies are listed under the Permissions tabs in the Group details

The AWS managed policy ReadOnlyAccess has already defined a long list of services to provide read-only access

Image for post
Image for post
Policy details

Create a new User

Create a new and assign the group to the user, this will automatically assign the ReadOnlyAccess policy to the user. In our example, we have a user called the audit-user.

Image for post
Image for post
Create a new user in IAM
Image for post
Image for post
Assign newly created group auditors

Verify the account

Login with the newly created user, as you can see in the following slides, we can access the AWS console and list all S3 buckets and VPC details, however, we cannot do any changes or launch any instances.

Image for post
Image for post
A read-only view of AWS console
Image for post
Image for post
We can list all S3 buckets
Image for post
Image for post
We can see all VPC configurations
Image for post
Image for post
Listing all Routing tables
Image for post
Image for post
Error while creating a new Routing table with our example audit-user with read-only access

Conclusion

So to conclude it is pretty straightforward to grant read-only access to AWS console to trainees, auditors, or any other security staff. AWS Managed Policy made it easier for us.

I hope you like this post.

@IamZeeshanBaig

About DataNext

DataNext Solutions is a US-based system integrator, specialized in Cloud, Security, and DevOps technologies. As a registered AWS partner, our services comprise of any Cloud Migration, Cost optimization, Integration, Security, and Managed Services. Click here and Book a Free assessment call with our experts today or visit our website www.datanextsolutions.com for more info.

DataNext Solutions

Cloud | Security | DevOps | Big Data

Zeeshan Baig

Written by

Cloud Security Expert & CEO of DataNext Solutions, helping people every day with the latest tech. Connect @LinkedIn http://bit.ly/zb-linkedin

DataNext Solutions

DataNext Solutions is a US based system integrator, specialized in Cloud, Big Data, DevOps technologies. As a registered AWS partner, our services comprise any Cloud Migration, Cost optimization, Integration, Security and Managed Services.

Zeeshan Baig

Written by

Cloud Security Expert & CEO of DataNext Solutions, helping people every day with the latest tech. Connect @LinkedIn http://bit.ly/zb-linkedin

DataNext Solutions

DataNext Solutions is a US based system integrator, specialized in Cloud, Big Data, DevOps technologies. As a registered AWS partner, our services comprise any Cloud Migration, Cost optimization, Integration, Security and Managed Services.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store