Attaching IAM policies to an existing user

You must attach policies to the dedicated IAM user in order to grant specific permissions, which will allow AnyNet IRIS to function.

For detailed information about each policy, see Required IAM Managed Policies.

1. Ensure you remain signed into AWS as the root user.

2. Navigate to IAM Services using the following URL:

   https://console.aws.amazon.com/iam/

3. In the left-hand navigation menu, select Users.

   

   The AnyNet IRIS user you created is listed.

4. Select the AnyNet IRIS IAM user name.

   For example, select anynetuser. The IAM user Summary appears.

5. On the Permissions tab, select Add permissions.
6. Under Grant permissions, select Attach existing policies directly.
7. Using the Search box, search for: AmazonEC2ReadOnlyAccess.

8. Select the check box alongside the returned result.

   

9. Search for each of the following policies in turn, ensuring you select the check box alongside each returned listing:

   • AmazonEventBridgeFullAccess
   • AmazonS3FullAccess
   • AWSCloudFormationFullAccess
   • AWSCloudTrail_FullAccess
   • AWSIoTFullAccess
   • AWSIoTLogging
   • IAMFullAccess

   If you select the wrong policy, clear the check mark alongside it.

10. Select Next: Review.

    The selected policies are displayed.

    

11. Select Add permissions.

    The updated Summary page appears.

12. Select Add inline policy.

    

13. On the JSON tab, replace the existing text with the following JSON script:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "AllowCrossAccountAccess",
                "Action": [
                    "sts:AssumeRole"
                ],
                "Effect": "Allow",
                "Resource": "arn:aws:iam::001813207414:role/AnyNetSecure@<customer_id>"
            },
            {
                "Sid": "DenyAllUserAndOrganizationRelatedActions",
                "Action": [
                    "iam:AddUserToGroup",
                    "iam:AttachUserPolicy",
                    "iam:CreateUser",
                    "iam:DeleteUser",
                    "iam:DeleteUserPermissionsBoundary",
                    "iam:DeleteUserPolicy",
                    "iam:DetachUserPolicy",
                    "iam:PutUserPermissionsBoundary",
                    "iam:PutUserPolicy",
                    "iam:RemoveUserFromGroup",
                    "iam:TagUser",
                    "iam:UntagUser",
                    "iam:UpdateUser",
                    "organizations:*"
                ],
                "Effect": "Deny",
                "Resource": "*"
            }
        ]
    }		

14. In the JSON text, replace <customer_id> with your AnyNet Cellular Connectivity for AWS IoT Customer ID.

    If you cannot remember your Customer ID, see Viewing the AnyNet IRIS Welcome page.

15. Select Review policy.

    The Review policy page appears.

    

16. In the Name field, type a name for the policy, for example: AnyNetSecurePolicy.

17. Select Create policy.

    The IAM user account Permissions policies updates to include the inline policy.