Amazon Web Services policies to modify security groups

Intro

In order for a feature in AWS to edit other feature's security groups we need to define a new policy within IAM option.

There are three different "Actions" we want to allow our feature tu use:

• AuthorizeSecurityGroupIngress
• RevokeSecurityGroupIngress
• DescribeSecurityGroups

For the first two Actions we can define a "Resource" where the policy can only take place. For describing there's no resource level limitation. This way we limit the activity of our feature increasing security.

Code

First create a new policy with the name: CanDo_SecurityGroup

Within the policy paste the following piece of code:

As you can see in the snippet above, with the "Condition" module we can define our own restrictions. In this case our feature will only create or remove security groups with a particular tag value ("yourSecurityGroupTagValue").