This page provides examples of RAM (Resource Access Management) policies that can be used in various scenarios. These examples are designed to help you understand how to create policies to control access to AWS resources.

Examples

  • Example 1: Allow access to a specific S3 bucket

    • action: s3:GetObject
    • resource: arn:aws:s3:::my-bucket/*
    • This policy allows users to access any object within the specified S3 bucket.

  • Example 2: Deny access to a specific EC2 instance

    • action: ec2:DescribeInstances
    • resource: arn:aws:ec2:region:account-id:instance/i-1234567890abcdef0
    • This policy denies access to the specified EC2 instance.

  • Example 3: Allow access to a specific DynamoDB table for specific users

    • action: dynamodb:GetItem
    • resource: arn:aws:dynamodb:region:account-id:table/my-table/*
    • condition: StringEquals("user", "user@example.com")
    • This policy allows the specified user to access the specified DynamoDB table.

More Information

For more information on RAM policies, please visit the RAM documentation.

RAM Policy Example