🔥 3️⃣ Fine-grained IAM

📌 문제 해석

• “최소 권한”
• “특정 버킷만 접근”

👉 IAM 문제

🧠 아키텍처

EC2 → IAM Role → S3

✅ Terraform 코드

resource "aws_iam_role" "role" {
  name = "fine-role"

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Effect = "Allow"
      Principal = { Service = "ec2.amazonaws.com" }
      Action = "sts:AssumeRole"
    }]
  })
}

resource "aws_iam_policy" "policy" {
  name = "fine-policy"

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Effect = "Allow"
      Action = ["s3:GetObject"]
      Resource = "arn:aws:s3:::my-bucket/*"
    }]
  })
}

resource "aws_iam_role_policy_attachment" "attach" {
  role       = aws_iam_role.role.name
  policy_arn = aws_iam_policy.policy.arn
}

🚨 시험 포인트

• s3:* ❌
• 반드시 리소스 제한