Skip to content
English
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

How to Use IAM Actions in Impossible Cloud via CLI

Overview

Impossible Cloud supports IAM (Identity and Access Management) API actions, in addition to available S3 commands. This allows you to manage access control directly via AWS IAM CLI commands.

What You Can Do

With IAM actions, you can now:

  • Create and manage IAM users and groups.
  • Attach or detach managed and inline policies.
  • Control access permissions with fine-grained policy rules.
  • List, update, and delete IAM-related resources.
  • Tag IAM resources for organization or automation.

Example Use Case: Create a Managed Policy

1. Configure AWS CLI (if not already)

aws configure --profile your-profile-name

Make sure you’re using credentials tied to your Impossible Cloud account. You can learn how to do it here.

2. Create a Custom Policy

Please note that in this guide you will create and attach a policy with CLI. You can also create a policy directly in the Impossible Cloud Storage Console as a root user following the guide here.

Start by creating a .JSON file with the appropriate permissions in it, for example “my_impossible_cloud_policy.json” that looks like this:

Example: my_impossible_cloud_policy.json

{
  "Statement": [
    {
      "Action": [
        "s3:ListAllMyBuckets",
        "s3:PutObject",
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::my-impossible-cloud-bucket",
        "arn:aws:s3:::my-impossible-cloud-bucket/*"
      ],
      "Sid": "AllowCommonS3Actions"
    }
  ],
  "Version": "2012-10-17"
}

Then proceed to create the policy on the CLI and name it “MyICPolicy” like this:

aws iam create-policy \
  --policy-name MyICPolicy \
  --policy-document file://my-impossible-cloud-policy.json \
  --endpoint-url https://iam.impossibleapi.net \
  --profile your-profile-name

3. Use IAM Actions to Create a User and Attach the policy to it

You can now run commands like:

aws iam create-user \
  --user-name "user-name@yourdomain.com" \
  --endpoint-url https://iam.eu.impossibleapi.net/ \
  --profile your-profile-name

aws iam attach-user-policy \
  --user-name "user-name@yourdomain.com" \
  --policy-arn arn:aws:iam::123456789012:policy/MyICPolicy \
  --endpoint-url https://iam.impossibleapi.net/ 
  --profile your-profile-name

Note: Remember the ARN for a custom policy you created follows a specific format:
arn:aws:iam::<Your_account_id>:policy/<Your_custom_policy_name>

Example Use Case: Create an Inline Policy

1. Add the Inline Policy to the User

aws iam put-user-policy \
  --user-name "user-name@yourdomain.com" \
  --policy-name CustomInlinePolicy \
  --policy-document file://my-impossible-cloud-policy.json \
  --endpoint-url https://iam.impossibleapi.net/ \
  --profile your-profile-name