How to Provide Read-only Access to the AWS Console

Image for post
Image for post
www.datanextsolutions.com

Often there is a case when you have to provide read-only access to a user on your AWS account for security, training, or auditing purposes.

In this post, I will show you how we can provide read-only access to the AWS console to any user.

Create a Group

This step is optional, but I would suggest it as a best practice. Groups allow you to easily manage users and policies.

In this example, I am creating a group called auditors

Attach an IAM Policy to Group

On the next screen, while creating a group, you have an option to attach a policy to the group, search and select “ReadOnlyAccess” predefined AWS policy as shown in the following slide

Select the Required policy from the list
Attached Policies are listed under the Permissions tabs in the Group details

The AWS managed policy ReadOnlyAccess has already defined a long list of services to provide read-only access

Policy details

Create a new User

Create a new and assign the group to the user, this will automatically assign the ReadOnlyAccess policy to the user. In our example, we have a user called the audit-user.

Create a new user in IAM
Assign newly created group auditors

Verify the account

Login with the newly created user, as you can see in the following slides, we can access the AWS console and list all S3 buckets and VPC details, however, we cannot do any changes or launch any instances.

A read-only view of AWS console
We can list all S3 buckets
We can see all VPC configurations
Listing all Routing tables
Error while creating a new Routing table with our example audit-user with read-only access

Conclusion

So to conclude it is pretty straightforward to grant read-only access to AWS console to trainees, auditors, or any other security staff. AWS Managed Policy made it easier for us.

I hope you like this post.

@IamZeeshanBaig

About DataNext

DataNext Solutions is a US-based system integrator, specialized in Cloud, Security, and DevOps technologies. As a registered AWS partner, our services comprise of any Cloud Migration, Cost optimization, Integration, Security, and Managed Services. Click here and Book a Free assessment call with our experts today or visit our website www.datanextsolutions.com for more info.

Written by

Cloud Security Expert & CEO of DataNext Solutions, helping people every day with the latest tech. Connect @LinkedIn http://bit.ly/zb-linkedin

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store