Implemented AWS IAM policies to enforce least privilege access between development and production EC2 environments using resource tags.
AWS Cloud Security with IAM
This project demonstrates how AWS IAM can be used to control access to cloud resources using least privilege principles. I created 2 separate production and development EC2 environments and restricted user access using IAM policies with resource based conditions.
• AWS Identity and Access Management (IAM)
• Amazon EC2
• IAM Policies (JSON)
• IAM Users & User Groups
• Resource Tagging
• Separate production and development environments
• Restrict intern access to development resources only
• Prevent accidental changes to production infrastructure
• Practice real-world cloud security controls
• Two EC2 instances:
• Production EC2 (Env = production)
• Development EC2 (Env = development)
• Custom IAM policy using tag based conditions
• IAM user group for interns
• IAM user assigned to intern group
• AWS account alias for simplified login
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:*",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Env": "development"
}
}
},
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": [
"ec2:DeleteTags",
"ec2:CreateTags"
],
"Resource": "*"
}
]
}
• Logged in as IAM intern user
• Attempted to stop production EC2 instance → ❌ Access denied
• Successfully stopped development EC2 instance → ✅ Allowed
• Verified IAM permissions worked as intended
• Least privilege access
• Environment isolation (dev vs prod)
• Tag-based access control
• IAM user & group management
• Policy testing and validation