Easiest way to list all the permissions you need in IAM for a specific task?

Question

I work in an organization where the IAM is managed by a team and I have to ask them to add specific permissions for me to be able to perform a work. And they will never give anyone full access for a specific service, and I fully agree with that stance. What I have often faced is that I have to make multiple requests at multiple iteration. Because as I get a permission error and get that fixed, I face more permission issues. What is the easiest way to know which permissions I will need beforehand?

Answer 1

It depends on what you are trying to achieve with any specific service.

To know what permissions, you need you need to understand what operations you are planning to perform for the said resource by given Principal.

for e.g. for below policy you are only allowing the PutObjectand PutObjectAcl for given Resource (i.e. awsexamplebucket1 s3 bucket) and its given to Principal (i.e. IAM user Dave).

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "statement1",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::12345678901:user/Dave"
        },
        "Action": [
        "s3:PutObject",
        "s3:PutObjectAcl"
        ],
        "Resource": "arn:aws:s3:::awsexamplebucket1/*"
    }
]

}

follow the PARC model for any service access (Principal, Action, Resource, Condition).

Read more about this at policies and permissions