How to update the IAM policy below so that the IAM role, arn:aws:iam::7574333677569:role/dev-abc-webserver
, also have permissions?
{
"Version": "2012-10-17",
"Id": "Policy1517260196123",
"Statement": [
{
"Sid": "Stmt1432661968133",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::pdf.abc.com/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"24.237.272.151/32",
"42.69.252.185/32",
]
}
}
}
]
}
The issue I faced is that The IAM role doesn't have permission with it currently, I want the IAM role to have the same permission set as the IPs have.
We don't need to change the policy , We need to expand what it already grants access to the provided IAM role. So ""Condition": {" needs to be expanded so we are checking for our IPs or the IAM role.
I am not able to figure out how to provide access via the IAM role yet. I did check some aws documentation but not able to figure it out . https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html
Could anyone Help me with this issue, any help should be appreciated?