json
15 lines · 1 tab
Kai Nakamura
Apr 2026
1 tab
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject"],
"Resource": ["arn:aws:s3:::codesnips-assets-production/*"]
},
{
"Effect": "Allow",
"Action": ["kms:Decrypt"],
"Resource": ["arn:aws:kms:us-east-1:123456789012:key/abcd-1234"]
}
]
}
1 file · json
Explain with highlit
Cloud IAM mistakes become high-impact quickly, so I keep policies narrow and resource-scoped. Wildcards are convenient until they become an incident report. The baseline question is always the same: what exact actions on what exact resources does this workload need right now.
Share this code
Here's the card — post it anywhere.